Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Cloudflare Provider
  3. API Docs
  4. ZeroTrustAccessGroup
Cloudflare v5.49.1 published on Tuesday, Feb 18, 2025 by Pulumi
pulumi/pulumi-cloudflare

cloudflare.ZeroTrustAccessGroup

Explore with Pulumi AI

Cloudflare v5.49.1 published on Tuesday, Feb 18, 2025 by Pulumi
pulumi/pulumi-cloudflare

Provides a Cloudflare Access Group resource. Access Groups are used in conjunction with Access Policies to restrict access to a particular resource based on group membership.

It’s required that an account_id or zone_id is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use the zone_id argument.

Create ZeroTrustAccessGroup Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ZeroTrustAccessGroup(name: string, args: ZeroTrustAccessGroupArgs, opts?: CustomResourceOptions);
@overload
def ZeroTrustAccessGroup(resource_name: str,
                         args: ZeroTrustAccessGroupArgs,
                         opts: Optional[ResourceOptions] = None)

@overload
def ZeroTrustAccessGroup(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         includes: Optional[Sequence[ZeroTrustAccessGroupIncludeArgs]] = None,
                         name: Optional[str] = None,
                         account_id: Optional[str] = None,
                         excludes: Optional[Sequence[ZeroTrustAccessGroupExcludeArgs]] = None,
                         requires: Optional[Sequence[ZeroTrustAccessGroupRequireArgs]] = None,
                         zone_id: Optional[str] = None)
func NewZeroTrustAccessGroup(ctx *Context, name string, args ZeroTrustAccessGroupArgs, opts ...ResourceOption) (*ZeroTrustAccessGroup, error)
public ZeroTrustAccessGroup(string name, ZeroTrustAccessGroupArgs args, CustomResourceOptions? opts = null)
public ZeroTrustAccessGroup(String name, ZeroTrustAccessGroupArgs args)
public ZeroTrustAccessGroup(String name, ZeroTrustAccessGroupArgs args, CustomResourceOptions options)

type: cloudflare:ZeroTrustAccessGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. ZeroTrustAccessGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. ZeroTrustAccessGroupArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. ZeroTrustAccessGroupArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. ZeroTrustAccessGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. ZeroTrustAccessGroupArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var zeroTrustAccessGroupResource = new Cloudflare.ZeroTrustAccessGroup("zeroTrustAccessGroupResource", new()
{
    Includes = new[]
    {
        new Cloudflare.Inputs.ZeroTrustAccessGroupIncludeArgs
        {
            AnyValidServiceToken = false,
            AuthContexts = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupIncludeAuthContextArgs
                {
                    AcId = "string",
                    Id = "string",
                    IdentityProviderId = "string",
                },
            },
            AuthMethod = "string",
            Azures = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupIncludeAzureArgs
                {
                    IdentityProviderId = "string",
                    Ids = new[]
                    {
                        "string",
                    },
                },
            },
            Certificate = false,
            CommonName = "string",
            CommonNames = new[]
            {
                "string",
            },
            DevicePostures = new[]
            {
                "string",
            },
            EmailDomains = new[]
            {
                "string",
            },
            EmailLists = new[]
            {
                "string",
            },
            Emails = new[]
            {
                "string",
            },
            Everyone = false,
            ExternalEvaluations = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupIncludeExternalEvaluationArgs
                {
                    EvaluateUrl = "string",
                    KeysUrl = "string",
                },
            },
            Geos = new[]
            {
                "string",
            },
            Githubs = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupIncludeGithubArgs
                {
                    IdentityProviderId = "string",
                    Name = "string",
                    Teams = new[]
                    {
                        "string",
                    },
                },
            },
            Groups = new[]
            {
                "string",
            },
            Gsuites = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupIncludeGsuiteArgs
                {
                    Emails = new[]
                    {
                        "string",
                    },
                    IdentityProviderId = "string",
                },
            },
            IpLists = new[]
            {
                "string",
            },
            Ips = new[]
            {
                "string",
            },
            LoginMethods = new[]
            {
                "string",
            },
            Oktas = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupIncludeOktaArgs
                {
                    IdentityProviderId = "string",
                    Names = new[]
                    {
                        "string",
                    },
                },
            },
            Samls = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupIncludeSamlArgs
                {
                    AttributeName = "string",
                    AttributeValue = "string",
                    IdentityProviderId = "string",
                },
            },
            ServiceTokens = new[]
            {
                "string",
            },
        },
    },
    Name = "string",
    AccountId = "string",
    Excludes = new[]
    {
        new Cloudflare.Inputs.ZeroTrustAccessGroupExcludeArgs
        {
            AnyValidServiceToken = false,
            AuthContexts = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupExcludeAuthContextArgs
                {
                    AcId = "string",
                    Id = "string",
                    IdentityProviderId = "string",
                },
            },
            AuthMethod = "string",
            Azures = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupExcludeAzureArgs
                {
                    IdentityProviderId = "string",
                    Ids = new[]
                    {
                        "string",
                    },
                },
            },
            Certificate = false,
            CommonName = "string",
            CommonNames = new[]
            {
                "string",
            },
            DevicePostures = new[]
            {
                "string",
            },
            EmailDomains = new[]
            {
                "string",
            },
            EmailLists = new[]
            {
                "string",
            },
            Emails = new[]
            {
                "string",
            },
            Everyone = false,
            ExternalEvaluations = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupExcludeExternalEvaluationArgs
                {
                    EvaluateUrl = "string",
                    KeysUrl = "string",
                },
            },
            Geos = new[]
            {
                "string",
            },
            Githubs = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupExcludeGithubArgs
                {
                    IdentityProviderId = "string",
                    Name = "string",
                    Teams = new[]
                    {
                        "string",
                    },
                },
            },
            Groups = new[]
            {
                "string",
            },
            Gsuites = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupExcludeGsuiteArgs
                {
                    Emails = new[]
                    {
                        "string",
                    },
                    IdentityProviderId = "string",
                },
            },
            IpLists = new[]
            {
                "string",
            },
            Ips = new[]
            {
                "string",
            },
            LoginMethods = new[]
            {
                "string",
            },
            Oktas = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupExcludeOktaArgs
                {
                    IdentityProviderId = "string",
                    Names = new[]
                    {
                        "string",
                    },
                },
            },
            Samls = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupExcludeSamlArgs
                {
                    AttributeName = "string",
                    AttributeValue = "string",
                    IdentityProviderId = "string",
                },
            },
            ServiceTokens = new[]
            {
                "string",
            },
        },
    },
    Requires = new[]
    {
        new Cloudflare.Inputs.ZeroTrustAccessGroupRequireArgs
        {
            AnyValidServiceToken = false,
            AuthContexts = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupRequireAuthContextArgs
                {
                    AcId = "string",
                    Id = "string",
                    IdentityProviderId = "string",
                },
            },
            AuthMethod = "string",
            Azures = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupRequireAzureArgs
                {
                    IdentityProviderId = "string",
                    Ids = new[]
                    {
                        "string",
                    },
                },
            },
            Certificate = false,
            CommonName = "string",
            CommonNames = new[]
            {
                "string",
            },
            DevicePostures = new[]
            {
                "string",
            },
            EmailDomains = new[]
            {
                "string",
            },
            EmailLists = new[]
            {
                "string",
            },
            Emails = new[]
            {
                "string",
            },
            Everyone = false,
            ExternalEvaluations = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupRequireExternalEvaluationArgs
                {
                    EvaluateUrl = "string",
                    KeysUrl = "string",
                },
            },
            Geos = new[]
            {
                "string",
            },
            Githubs = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupRequireGithubArgs
                {
                    IdentityProviderId = "string",
                    Name = "string",
                    Teams = new[]
                    {
                        "string",
                    },
                },
            },
            Groups = new[]
            {
                "string",
            },
            Gsuites = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupRequireGsuiteArgs
                {
                    Emails = new[]
                    {
                        "string",
                    },
                    IdentityProviderId = "string",
                },
            },
            IpLists = new[]
            {
                "string",
            },
            Ips = new[]
            {
                "string",
            },
            LoginMethods = new[]
            {
                "string",
            },
            Oktas = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupRequireOktaArgs
                {
                    IdentityProviderId = "string",
                    Names = new[]
                    {
                        "string",
                    },
                },
            },
            Samls = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessGroupRequireSamlArgs
                {
                    AttributeName = "string",
                    AttributeValue = "string",
                    IdentityProviderId = "string",
                },
            },
            ServiceTokens = new[]
            {
                "string",
            },
        },
    },
    ZoneId = "string",
});
Copy
example, err := cloudflare.NewZeroTrustAccessGroup(ctx, "zeroTrustAccessGroupResource", &cloudflare.ZeroTrustAccessGroupArgs{
	Includes: cloudflare.ZeroTrustAccessGroupIncludeArray{
		&cloudflare.ZeroTrustAccessGroupIncludeArgs{
			AnyValidServiceToken: pulumi.Bool(false),
			AuthContexts: cloudflare.ZeroTrustAccessGroupIncludeAuthContextArray{
				&cloudflare.ZeroTrustAccessGroupIncludeAuthContextArgs{
					AcId:               pulumi.String("string"),
					Id:                 pulumi.String("string"),
					IdentityProviderId: pulumi.String("string"),
				},
			},
			AuthMethod: pulumi.String("string"),
			Azures: cloudflare.ZeroTrustAccessGroupIncludeAzureArray{
				&cloudflare.ZeroTrustAccessGroupIncludeAzureArgs{
					IdentityProviderId: pulumi.String("string"),
					Ids: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Certificate: pulumi.Bool(false),
			CommonName:  pulumi.String("string"),
			CommonNames: pulumi.StringArray{
				pulumi.String("string"),
			},
			DevicePostures: pulumi.StringArray{
				pulumi.String("string"),
			},
			EmailDomains: pulumi.StringArray{
				pulumi.String("string"),
			},
			EmailLists: pulumi.StringArray{
				pulumi.String("string"),
			},
			Emails: pulumi.StringArray{
				pulumi.String("string"),
			},
			Everyone: pulumi.Bool(false),
			ExternalEvaluations: cloudflare.ZeroTrustAccessGroupIncludeExternalEvaluationArray{
				&cloudflare.ZeroTrustAccessGroupIncludeExternalEvaluationArgs{
					EvaluateUrl: pulumi.String("string"),
					KeysUrl:     pulumi.String("string"),
				},
			},
			Geos: pulumi.StringArray{
				pulumi.String("string"),
			},
			Githubs: cloudflare.ZeroTrustAccessGroupIncludeGithubArray{
				&cloudflare.ZeroTrustAccessGroupIncludeGithubArgs{
					IdentityProviderId: pulumi.String("string"),
					Name:               pulumi.String("string"),
					Teams: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Groups: pulumi.StringArray{
				pulumi.String("string"),
			},
			Gsuites: cloudflare.ZeroTrustAccessGroupIncludeGsuiteArray{
				&cloudflare.ZeroTrustAccessGroupIncludeGsuiteArgs{
					Emails: pulumi.StringArray{
						pulumi.String("string"),
					},
					IdentityProviderId: pulumi.String("string"),
				},
			},
			IpLists: pulumi.StringArray{
				pulumi.String("string"),
			},
			Ips: pulumi.StringArray{
				pulumi.String("string"),
			},
			LoginMethods: pulumi.StringArray{
				pulumi.String("string"),
			},
			Oktas: cloudflare.ZeroTrustAccessGroupIncludeOktaArray{
				&cloudflare.ZeroTrustAccessGroupIncludeOktaArgs{
					IdentityProviderId: pulumi.String("string"),
					Names: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Samls: cloudflare.ZeroTrustAccessGroupIncludeSamlArray{
				&cloudflare.ZeroTrustAccessGroupIncludeSamlArgs{
					AttributeName:      pulumi.String("string"),
					AttributeValue:     pulumi.String("string"),
					IdentityProviderId: pulumi.String("string"),
				},
			},
			ServiceTokens: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	Name:      pulumi.String("string"),
	AccountId: pulumi.String("string"),
	Excludes: cloudflare.ZeroTrustAccessGroupExcludeArray{
		&cloudflare.ZeroTrustAccessGroupExcludeArgs{
			AnyValidServiceToken: pulumi.Bool(false),
			AuthContexts: cloudflare.ZeroTrustAccessGroupExcludeAuthContextArray{
				&cloudflare.ZeroTrustAccessGroupExcludeAuthContextArgs{
					AcId:               pulumi.String("string"),
					Id:                 pulumi.String("string"),
					IdentityProviderId: pulumi.String("string"),
				},
			},
			AuthMethod: pulumi.String("string"),
			Azures: cloudflare.ZeroTrustAccessGroupExcludeAzureArray{
				&cloudflare.ZeroTrustAccessGroupExcludeAzureArgs{
					IdentityProviderId: pulumi.String("string"),
					Ids: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Certificate: pulumi.Bool(false),
			CommonName:  pulumi.String("string"),
			CommonNames: pulumi.StringArray{
				pulumi.String("string"),
			},
			DevicePostures: pulumi.StringArray{
				pulumi.String("string"),
			},
			EmailDomains: pulumi.StringArray{
				pulumi.String("string"),
			},
			EmailLists: pulumi.StringArray{
				pulumi.String("string"),
			},
			Emails: pulumi.StringArray{
				pulumi.String("string"),
			},
			Everyone: pulumi.Bool(false),
			ExternalEvaluations: cloudflare.ZeroTrustAccessGroupExcludeExternalEvaluationArray{
				&cloudflare.ZeroTrustAccessGroupExcludeExternalEvaluationArgs{
					EvaluateUrl: pulumi.String("string"),
					KeysUrl:     pulumi.String("string"),
				},
			},
			Geos: pulumi.StringArray{
				pulumi.String("string"),
			},
			Githubs: cloudflare.ZeroTrustAccessGroupExcludeGithubArray{
				&cloudflare.ZeroTrustAccessGroupExcludeGithubArgs{
					IdentityProviderId: pulumi.String("string"),
					Name:               pulumi.String("string"),
					Teams: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Groups: pulumi.StringArray{
				pulumi.String("string"),
			},
			Gsuites: cloudflare.ZeroTrustAccessGroupExcludeGsuiteArray{
				&cloudflare.ZeroTrustAccessGroupExcludeGsuiteArgs{
					Emails: pulumi.StringArray{
						pulumi.String("string"),
					},
					IdentityProviderId: pulumi.String("string"),
				},
			},
			IpLists: pulumi.StringArray{
				pulumi.String("string"),
			},
			Ips: pulumi.StringArray{
				pulumi.String("string"),
			},
			LoginMethods: pulumi.StringArray{
				pulumi.String("string"),
			},
			Oktas: cloudflare.ZeroTrustAccessGroupExcludeOktaArray{
				&cloudflare.ZeroTrustAccessGroupExcludeOktaArgs{
					IdentityProviderId: pulumi.String("string"),
					Names: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Samls: cloudflare.ZeroTrustAccessGroupExcludeSamlArray{
				&cloudflare.ZeroTrustAccessGroupExcludeSamlArgs{
					AttributeName:      pulumi.String("string"),
					AttributeValue:     pulumi.String("string"),
					IdentityProviderId: pulumi.String("string"),
				},
			},
			ServiceTokens: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	Requires: cloudflare.ZeroTrustAccessGroupRequireArray{
		&cloudflare.ZeroTrustAccessGroupRequireArgs{
			AnyValidServiceToken: pulumi.Bool(false),
			AuthContexts: cloudflare.ZeroTrustAccessGroupRequireAuthContextArray{
				&cloudflare.ZeroTrustAccessGroupRequireAuthContextArgs{
					AcId:               pulumi.String("string"),
					Id:                 pulumi.String("string"),
					IdentityProviderId: pulumi.String("string"),
				},
			},
			AuthMethod: pulumi.String("string"),
			Azures: cloudflare.ZeroTrustAccessGroupRequireAzureArray{
				&cloudflare.ZeroTrustAccessGroupRequireAzureArgs{
					IdentityProviderId: pulumi.String("string"),
					Ids: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Certificate: pulumi.Bool(false),
			CommonName:  pulumi.String("string"),
			CommonNames: pulumi.StringArray{
				pulumi.String("string"),
			},
			DevicePostures: pulumi.StringArray{
				pulumi.String("string"),
			},
			EmailDomains: pulumi.StringArray{
				pulumi.String("string"),
			},
			EmailLists: pulumi.StringArray{
				pulumi.String("string"),
			},
			Emails: pulumi.StringArray{
				pulumi.String("string"),
			},
			Everyone: pulumi.Bool(false),
			ExternalEvaluations: cloudflare.ZeroTrustAccessGroupRequireExternalEvaluationArray{
				&cloudflare.ZeroTrustAccessGroupRequireExternalEvaluationArgs{
					EvaluateUrl: pulumi.String("string"),
					KeysUrl:     pulumi.String("string"),
				},
			},
			Geos: pulumi.StringArray{
				pulumi.String("string"),
			},
			Githubs: cloudflare.ZeroTrustAccessGroupRequireGithubArray{
				&cloudflare.ZeroTrustAccessGroupRequireGithubArgs{
					IdentityProviderId: pulumi.String("string"),
					Name:               pulumi.String("string"),
					Teams: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Groups: pulumi.StringArray{
				pulumi.String("string"),
			},
			Gsuites: cloudflare.ZeroTrustAccessGroupRequireGsuiteArray{
				&cloudflare.ZeroTrustAccessGroupRequireGsuiteArgs{
					Emails: pulumi.StringArray{
						pulumi.String("string"),
					},
					IdentityProviderId: pulumi.String("string"),
				},
			},
			IpLists: pulumi.StringArray{
				pulumi.String("string"),
			},
			Ips: pulumi.StringArray{
				pulumi.String("string"),
			},
			LoginMethods: pulumi.StringArray{
				pulumi.String("string"),
			},
			Oktas: cloudflare.ZeroTrustAccessGroupRequireOktaArray{
				&cloudflare.ZeroTrustAccessGroupRequireOktaArgs{
					IdentityProviderId: pulumi.String("string"),
					Names: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Samls: cloudflare.ZeroTrustAccessGroupRequireSamlArray{
				&cloudflare.ZeroTrustAccessGroupRequireSamlArgs{
					AttributeName:      pulumi.String("string"),
					AttributeValue:     pulumi.String("string"),
					IdentityProviderId: pulumi.String("string"),
				},
			},
			ServiceTokens: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	ZoneId: pulumi.String("string"),
})
Copy
var zeroTrustAccessGroupResource = new ZeroTrustAccessGroup("zeroTrustAccessGroupResource", ZeroTrustAccessGroupArgs.builder()
    .includes(ZeroTrustAccessGroupIncludeArgs.builder()
        .anyValidServiceToken(false)
        .authContexts(ZeroTrustAccessGroupIncludeAuthContextArgs.builder()
            .acId("string")
            .id("string")
            .identityProviderId("string")
            .build())
        .authMethod("string")
        .azures(ZeroTrustAccessGroupIncludeAzureArgs.builder()
            .identityProviderId("string")
            .ids("string")
            .build())
        .certificate(false)
        .commonName("string")
        .commonNames("string")
        .devicePostures("string")
        .emailDomains("string")
        .emailLists("string")
        .emails("string")
        .everyone(false)
        .externalEvaluations(ZeroTrustAccessGroupIncludeExternalEvaluationArgs.builder()
            .evaluateUrl("string")
            .keysUrl("string")
            .build())
        .geos("string")
        .githubs(ZeroTrustAccessGroupIncludeGithubArgs.builder()
            .identityProviderId("string")
            .name("string")
            .teams("string")
            .build())
        .groups("string")
        .gsuites(ZeroTrustAccessGroupIncludeGsuiteArgs.builder()
            .emails("string")
            .identityProviderId("string")
            .build())
        .ipLists("string")
        .ips("string")
        .loginMethods("string")
        .oktas(ZeroTrustAccessGroupIncludeOktaArgs.builder()
            .identityProviderId("string")
            .names("string")
            .build())
        .samls(ZeroTrustAccessGroupIncludeSamlArgs.builder()
            .attributeName("string")
            .attributeValue("string")
            .identityProviderId("string")
            .build())
        .serviceTokens("string")
        .build())
    .name("string")
    .accountId("string")
    .excludes(ZeroTrustAccessGroupExcludeArgs.builder()
        .anyValidServiceToken(false)
        .authContexts(ZeroTrustAccessGroupExcludeAuthContextArgs.builder()
            .acId("string")
            .id("string")
            .identityProviderId("string")
            .build())
        .authMethod("string")
        .azures(ZeroTrustAccessGroupExcludeAzureArgs.builder()
            .identityProviderId("string")
            .ids("string")
            .build())
        .certificate(false)
        .commonName("string")
        .commonNames("string")
        .devicePostures("string")
        .emailDomains("string")
        .emailLists("string")
        .emails("string")
        .everyone(false)
        .externalEvaluations(ZeroTrustAccessGroupExcludeExternalEvaluationArgs.builder()
            .evaluateUrl("string")
            .keysUrl("string")
            .build())
        .geos("string")
        .githubs(ZeroTrustAccessGroupExcludeGithubArgs.builder()
            .identityProviderId("string")
            .name("string")
            .teams("string")
            .build())
        .groups("string")
        .gsuites(ZeroTrustAccessGroupExcludeGsuiteArgs.builder()
            .emails("string")
            .identityProviderId("string")
            .build())
        .ipLists("string")
        .ips("string")
        .loginMethods("string")
        .oktas(ZeroTrustAccessGroupExcludeOktaArgs.builder()
            .identityProviderId("string")
            .names("string")
            .build())
        .samls(ZeroTrustAccessGroupExcludeSamlArgs.builder()
            .attributeName("string")
            .attributeValue("string")
            .identityProviderId("string")
            .build())
        .serviceTokens("string")
        .build())
    .requires(ZeroTrustAccessGroupRequireArgs.builder()
        .anyValidServiceToken(false)
        .authContexts(ZeroTrustAccessGroupRequireAuthContextArgs.builder()
            .acId("string")
            .id("string")
            .identityProviderId("string")
            .build())
        .authMethod("string")
        .azures(ZeroTrustAccessGroupRequireAzureArgs.builder()
            .identityProviderId("string")
            .ids("string")
            .build())
        .certificate(false)
        .commonName("string")
        .commonNames("string")
        .devicePostures("string")
        .emailDomains("string")
        .emailLists("string")
        .emails("string")
        .everyone(false)
        .externalEvaluations(ZeroTrustAccessGroupRequireExternalEvaluationArgs.builder()
            .evaluateUrl("string")
            .keysUrl("string")
            .build())
        .geos("string")
        .githubs(ZeroTrustAccessGroupRequireGithubArgs.builder()
            .identityProviderId("string")
            .name("string")
            .teams("string")
            .build())
        .groups("string")
        .gsuites(ZeroTrustAccessGroupRequireGsuiteArgs.builder()
            .emails("string")
            .identityProviderId("string")
            .build())
        .ipLists("string")
        .ips("string")
        .loginMethods("string")
        .oktas(ZeroTrustAccessGroupRequireOktaArgs.builder()
            .identityProviderId("string")
            .names("string")
            .build())
        .samls(ZeroTrustAccessGroupRequireSamlArgs.builder()
            .attributeName("string")
            .attributeValue("string")
            .identityProviderId("string")
            .build())
        .serviceTokens("string")
        .build())
    .zoneId("string")
    .build());
Copy
zero_trust_access_group_resource = cloudflare.ZeroTrustAccessGroup("zeroTrustAccessGroupResource",
    includes=[{
        "any_valid_service_token": False,
        "auth_contexts": [{
            "ac_id": "string",
            "id": "string",
            "identity_provider_id": "string",
        }],
        "auth_method": "string",
        "azures": [{
            "identity_provider_id": "string",
            "ids": ["string"],
        }],
        "certificate": False,
        "common_name": "string",
        "common_names": ["string"],
        "device_postures": ["string"],
        "email_domains": ["string"],
        "email_lists": ["string"],
        "emails": ["string"],
        "everyone": False,
        "external_evaluations": [{
            "evaluate_url": "string",
            "keys_url": "string",
        }],
        "geos": ["string"],
        "githubs": [{
            "identity_provider_id": "string",
            "name": "string",
            "teams": ["string"],
        }],
        "groups": ["string"],
        "gsuites": [{
            "emails": ["string"],
            "identity_provider_id": "string",
        }],
        "ip_lists": ["string"],
        "ips": ["string"],
        "login_methods": ["string"],
        "oktas": [{
            "identity_provider_id": "string",
            "names": ["string"],
        }],
        "samls": [{
            "attribute_name": "string",
            "attribute_value": "string",
            "identity_provider_id": "string",
        }],
        "service_tokens": ["string"],
    }],
    name="string",
    account_id="string",
    excludes=[{
        "any_valid_service_token": False,
        "auth_contexts": [{
            "ac_id": "string",
            "id": "string",
            "identity_provider_id": "string",
        }],
        "auth_method": "string",
        "azures": [{
            "identity_provider_id": "string",
            "ids": ["string"],
        }],
        "certificate": False,
        "common_name": "string",
        "common_names": ["string"],
        "device_postures": ["string"],
        "email_domains": ["string"],
        "email_lists": ["string"],
        "emails": ["string"],
        "everyone": False,
        "external_evaluations": [{
            "evaluate_url": "string",
            "keys_url": "string",
        }],
        "geos": ["string"],
        "githubs": [{
            "identity_provider_id": "string",
            "name": "string",
            "teams": ["string"],
        }],
        "groups": ["string"],
        "gsuites": [{
            "emails": ["string"],
            "identity_provider_id": "string",
        }],
        "ip_lists": ["string"],
        "ips": ["string"],
        "login_methods": ["string"],
        "oktas": [{
            "identity_provider_id": "string",
            "names": ["string"],
        }],
        "samls": [{
            "attribute_name": "string",
            "attribute_value": "string",
            "identity_provider_id": "string",
        }],
        "service_tokens": ["string"],
    }],
    requires=[{
        "any_valid_service_token": False,
        "auth_contexts": [{
            "ac_id": "string",
            "id": "string",
            "identity_provider_id": "string",
        }],
        "auth_method": "string",
        "azures": [{
            "identity_provider_id": "string",
            "ids": ["string"],
        }],
        "certificate": False,
        "common_name": "string",
        "common_names": ["string"],
        "device_postures": ["string"],
        "email_domains": ["string"],
        "email_lists": ["string"],
        "emails": ["string"],
        "everyone": False,
        "external_evaluations": [{
            "evaluate_url": "string",
            "keys_url": "string",
        }],
        "geos": ["string"],
        "githubs": [{
            "identity_provider_id": "string",
            "name": "string",
            "teams": ["string"],
        }],
        "groups": ["string"],
        "gsuites": [{
            "emails": ["string"],
            "identity_provider_id": "string",
        }],
        "ip_lists": ["string"],
        "ips": ["string"],
        "login_methods": ["string"],
        "oktas": [{
            "identity_provider_id": "string",
            "names": ["string"],
        }],
        "samls": [{
            "attribute_name": "string",
            "attribute_value": "string",
            "identity_provider_id": "string",
        }],
        "service_tokens": ["string"],
    }],
    zone_id="string")
Copy
const zeroTrustAccessGroupResource = new cloudflare.ZeroTrustAccessGroup("zeroTrustAccessGroupResource", {
    includes: [{
        anyValidServiceToken: false,
        authContexts: [{
            acId: "string",
            id: "string",
            identityProviderId: "string",
        }],
        authMethod: "string",
        azures: [{
            identityProviderId: "string",
            ids: ["string"],
        }],
        certificate: false,
        commonName: "string",
        commonNames: ["string"],
        devicePostures: ["string"],
        emailDomains: ["string"],
        emailLists: ["string"],
        emails: ["string"],
        everyone: false,
        externalEvaluations: [{
            evaluateUrl: "string",
            keysUrl: "string",
        }],
        geos: ["string"],
        githubs: [{
            identityProviderId: "string",
            name: "string",
            teams: ["string"],
        }],
        groups: ["string"],
        gsuites: [{
            emails: ["string"],
            identityProviderId: "string",
        }],
        ipLists: ["string"],
        ips: ["string"],
        loginMethods: ["string"],
        oktas: [{
            identityProviderId: "string",
            names: ["string"],
        }],
        samls: [{
            attributeName: "string",
            attributeValue: "string",
            identityProviderId: "string",
        }],
        serviceTokens: ["string"],
    }],
    name: "string",
    accountId: "string",
    excludes: [{
        anyValidServiceToken: false,
        authContexts: [{
            acId: "string",
            id: "string",
            identityProviderId: "string",
        }],
        authMethod: "string",
        azures: [{
            identityProviderId: "string",
            ids: ["string"],
        }],
        certificate: false,
        commonName: "string",
        commonNames: ["string"],
        devicePostures: ["string"],
        emailDomains: ["string"],
        emailLists: ["string"],
        emails: ["string"],
        everyone: false,
        externalEvaluations: [{
            evaluateUrl: "string",
            keysUrl: "string",
        }],
        geos: ["string"],
        githubs: [{
            identityProviderId: "string",
            name: "string",
            teams: ["string"],
        }],
        groups: ["string"],
        gsuites: [{
            emails: ["string"],
            identityProviderId: "string",
        }],
        ipLists: ["string"],
        ips: ["string"],
        loginMethods: ["string"],
        oktas: [{
            identityProviderId: "string",
            names: ["string"],
        }],
        samls: [{
            attributeName: "string",
            attributeValue: "string",
            identityProviderId: "string",
        }],
        serviceTokens: ["string"],
    }],
    requires: [{
        anyValidServiceToken: false,
        authContexts: [{
            acId: "string",
            id: "string",
            identityProviderId: "string",
        }],
        authMethod: "string",
        azures: [{
            identityProviderId: "string",
            ids: ["string"],
        }],
        certificate: false,
        commonName: "string",
        commonNames: ["string"],
        devicePostures: ["string"],
        emailDomains: ["string"],
        emailLists: ["string"],
        emails: ["string"],
        everyone: false,
        externalEvaluations: [{
            evaluateUrl: "string",
            keysUrl: "string",
        }],
        geos: ["string"],
        githubs: [{
            identityProviderId: "string",
            name: "string",
            teams: ["string"],
        }],
        groups: ["string"],
        gsuites: [{
            emails: ["string"],
            identityProviderId: "string",
        }],
        ipLists: ["string"],
        ips: ["string"],
        loginMethods: ["string"],
        oktas: [{
            identityProviderId: "string",
            names: ["string"],
        }],
        samls: [{
            attributeName: "string",
            attributeValue: "string",
            identityProviderId: "string",
        }],
        serviceTokens: ["string"],
    }],
    zoneId: "string",
});
Copy
type: cloudflare:ZeroTrustAccessGroup
properties:
    accountId: string
    excludes:
        - anyValidServiceToken: false
          authContexts:
            - acId: string
              id: string
              identityProviderId: string
          authMethod: string
          azures:
            - identityProviderId: string
              ids:
                - string
          certificate: false
          commonName: string
          commonNames:
            - string
          devicePostures:
            - string
          emailDomains:
            - string
          emailLists:
            - string
          emails:
            - string
          everyone: false
          externalEvaluations:
            - evaluateUrl: string
              keysUrl: string
          geos:
            - string
          githubs:
            - identityProviderId: string
              name: string
              teams:
                - string
          groups:
            - string
          gsuites:
            - emails:
                - string
              identityProviderId: string
          ipLists:
            - string
          ips:
            - string
          loginMethods:
            - string
          oktas:
            - identityProviderId: string
              names:
                - string
          samls:
            - attributeName: string
              attributeValue: string
              identityProviderId: string
          serviceTokens:
            - string
    includes:
        - anyValidServiceToken: false
          authContexts:
            - acId: string
              id: string
              identityProviderId: string
          authMethod: string
          azures:
            - identityProviderId: string
              ids:
                - string
          certificate: false
          commonName: string
          commonNames:
            - string
          devicePostures:
            - string
          emailDomains:
            - string
          emailLists:
            - string
          emails:
            - string
          everyone: false
          externalEvaluations:
            - evaluateUrl: string
              keysUrl: string
          geos:
            - string
          githubs:
            - identityProviderId: string
              name: string
              teams:
                - string
          groups:
            - string
          gsuites:
            - emails:
                - string
              identityProviderId: string
          ipLists:
            - string
          ips:
            - string
          loginMethods:
            - string
          oktas:
            - identityProviderId: string
              names:
                - string
          samls:
            - attributeName: string
              attributeValue: string
              identityProviderId: string
          serviceTokens:
            - string
    name: string
    requires:
        - anyValidServiceToken: false
          authContexts:
            - acId: string
              id: string
              identityProviderId: string
          authMethod: string
          azures:
            - identityProviderId: string
              ids:
                - string
          certificate: false
          commonName: string
          commonNames:
            - string
          devicePostures:
            - string
          emailDomains:
            - string
          emailLists:
            - string
          emails:
            - string
          everyone: false
          externalEvaluations:
            - evaluateUrl: string
              keysUrl: string
          geos:
            - string
          githubs:
            - identityProviderId: string
              name: string
              teams:
                - string
          groups:
            - string
          gsuites:
            - emails:
                - string
              identityProviderId: string
          ipLists:
            - string
          ips:
            - string
          loginMethods:
            - string
          oktas:
            - identityProviderId: string
              names:
                - string
          samls:
            - attributeName: string
              attributeValue: string
              identityProviderId: string
          serviceTokens:
            - string
    zoneId: string
Copy

ZeroTrustAccessGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ZeroTrustAccessGroup resource accepts the following input properties:

Includes This property is required. List<ZeroTrustAccessGroupInclude>
Name This property is required. string
AccountId Changes to this property will trigger replacement. string
The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
Excludes List<ZeroTrustAccessGroupExclude>
Requires List<ZeroTrustAccessGroupRequire>
ZoneId string
The zone identifier to target for the resource. Conflicts with account_id.
Includes This property is required. []ZeroTrustAccessGroupIncludeArgs
Name This property is required. string
AccountId Changes to this property will trigger replacement. string
The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
Excludes []ZeroTrustAccessGroupExcludeArgs
Requires []ZeroTrustAccessGroupRequireArgs
ZoneId string
The zone identifier to target for the resource. Conflicts with account_id.
includes This property is required. List<ZeroTrustAccessGroupInclude>
name This property is required. String
accountId Changes to this property will trigger replacement. String
The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
excludes List<ZeroTrustAccessGroupExclude>
requires List<ZeroTrustAccessGroupRequire>
zoneId String
The zone identifier to target for the resource. Conflicts with account_id.
includes This property is required. ZeroTrustAccessGroupInclude[]
name This property is required. string
accountId Changes to this property will trigger replacement. string
The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
excludes ZeroTrustAccessGroupExclude[]
requires ZeroTrustAccessGroupRequire[]
zoneId string
The zone identifier to target for the resource. Conflicts with account_id.
includes This property is required. Sequence[ZeroTrustAccessGroupIncludeArgs]
name This property is required. str
account_id Changes to this property will trigger replacement. str
The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
excludes Sequence[ZeroTrustAccessGroupExcludeArgs]
requires Sequence[ZeroTrustAccessGroupRequireArgs]
zone_id str
The zone identifier to target for the resource. Conflicts with account_id.
includes This property is required. List<Property Map>
name This property is required. String
accountId Changes to this property will trigger replacement. String
The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
excludes List<Property Map>
requires List<Property Map>
zoneId String
The zone identifier to target for the resource. Conflicts with account_id.

Outputs

All input properties are implicitly available as output properties. Additionally, the ZeroTrustAccessGroup resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing ZeroTrustAccessGroup Resource

Get an existing ZeroTrustAccessGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ZeroTrustAccessGroupState, opts?: CustomResourceOptions): ZeroTrustAccessGroup
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        excludes: Optional[Sequence[ZeroTrustAccessGroupExcludeArgs]] = None,
        includes: Optional[Sequence[ZeroTrustAccessGroupIncludeArgs]] = None,
        name: Optional[str] = None,
        requires: Optional[Sequence[ZeroTrustAccessGroupRequireArgs]] = None,
        zone_id: Optional[str] = None) -> ZeroTrustAccessGroup
func GetZeroTrustAccessGroup(ctx *Context, name string, id IDInput, state *ZeroTrustAccessGroupState, opts ...ResourceOption) (*ZeroTrustAccessGroup, error)
public static ZeroTrustAccessGroup Get(string name, Input<string> id, ZeroTrustAccessGroupState? state, CustomResourceOptions? opts = null)
public static ZeroTrustAccessGroup get(String name, Output<String> id, ZeroTrustAccessGroupState state, CustomResourceOptions options)
resources:  _:    type: cloudflare:ZeroTrustAccessGroup    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccountId Changes to this property will trigger replacement. string
The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
Excludes List<ZeroTrustAccessGroupExclude>
Includes List<ZeroTrustAccessGroupInclude>
Name string
Requires List<ZeroTrustAccessGroupRequire>
ZoneId string
The zone identifier to target for the resource. Conflicts with account_id.
AccountId Changes to this property will trigger replacement. string
The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
Excludes []ZeroTrustAccessGroupExcludeArgs
Includes []ZeroTrustAccessGroupIncludeArgs
Name string
Requires []ZeroTrustAccessGroupRequireArgs
ZoneId string
The zone identifier to target for the resource. Conflicts with account_id.
accountId Changes to this property will trigger replacement. String
The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
excludes List<ZeroTrustAccessGroupExclude>
includes List<ZeroTrustAccessGroupInclude>
name String
requires List<ZeroTrustAccessGroupRequire>
zoneId String
The zone identifier to target for the resource. Conflicts with account_id.
accountId Changes to this property will trigger replacement. string
The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
excludes ZeroTrustAccessGroupExclude[]
includes ZeroTrustAccessGroupInclude[]
name string
requires ZeroTrustAccessGroupRequire[]
zoneId string
The zone identifier to target for the resource. Conflicts with account_id.
account_id Changes to this property will trigger replacement. str
The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
excludes Sequence[ZeroTrustAccessGroupExcludeArgs]
includes Sequence[ZeroTrustAccessGroupIncludeArgs]
name str
requires Sequence[ZeroTrustAccessGroupRequireArgs]
zone_id str
The zone identifier to target for the resource. Conflicts with account_id.
accountId Changes to this property will trigger replacement. String
The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
excludes List<Property Map>
includes List<Property Map>
name String
requires List<Property Map>
zoneId String
The zone identifier to target for the resource. Conflicts with account_id.

Supporting Types

ZeroTrustAccessGroupExclude
, ZeroTrustAccessGroupExcludeArgs

AnyValidServiceToken bool
Matches any valid Access service token.
AuthContexts List<ZeroTrustAccessGroupExcludeAuthContext>
AuthMethod string
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
Azures List<ZeroTrustAccessGroupExcludeAzure>
Matches an Azure group. Requires an Azure identity provider.
Certificate bool
Matches any valid client certificate.
CommonName string
Matches a valid client certificate common name.
CommonNames List<string>
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
DevicePostures List<string>
The ID of a device posture integration.
EmailDomains List<string>
The email domain to match.
EmailLists List<string>
The ID of a previously created email list.
Emails List<string>
The email of the user.
Everyone bool
Matches everyone.
ExternalEvaluations List<ZeroTrustAccessGroupExcludeExternalEvaluation>
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
Geos List<string>
Matches a specific country.
Githubs List<ZeroTrustAccessGroupExcludeGithub>
Matches a Github organization. Requires a Github identity provider.
Groups List<string>
The ID of a previously created Access group.
Gsuites List<ZeroTrustAccessGroupExcludeGsuite>
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
IpLists List<string>
The ID of a previously created IP list.
Ips List<string>
An IPv4 or IPv6 CIDR block.
LoginMethods List<string>
The ID of a configured identity provider.
Oktas List<ZeroTrustAccessGroupExcludeOkta>
Matches an Okta group. Requires an Okta identity provider.
Samls List<ZeroTrustAccessGroupExcludeSaml>
Matches a SAML group. Requires a SAML identity provider.
ServiceTokens List<string>
The ID of an Access service token.
AnyValidServiceToken bool
Matches any valid Access service token.
AuthContexts []ZeroTrustAccessGroupExcludeAuthContext
AuthMethod string
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
Azures []ZeroTrustAccessGroupExcludeAzure
Matches an Azure group. Requires an Azure identity provider.
Certificate bool
Matches any valid client certificate.
CommonName string
Matches a valid client certificate common name.
CommonNames []string
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
DevicePostures []string
The ID of a device posture integration.
EmailDomains []string
The email domain to match.
EmailLists []string
The ID of a previously created email list.
Emails []string
The email of the user.
Everyone bool
Matches everyone.
ExternalEvaluations []ZeroTrustAccessGroupExcludeExternalEvaluation
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
Geos []string
Matches a specific country.
Githubs []ZeroTrustAccessGroupExcludeGithub
Matches a Github organization. Requires a Github identity provider.
Groups []string
The ID of a previously created Access group.
Gsuites []ZeroTrustAccessGroupExcludeGsuite
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
IpLists []string
The ID of a previously created IP list.
Ips []string
An IPv4 or IPv6 CIDR block.
LoginMethods []string
The ID of a configured identity provider.
Oktas []ZeroTrustAccessGroupExcludeOkta
Matches an Okta group. Requires an Okta identity provider.
Samls []ZeroTrustAccessGroupExcludeSaml
Matches a SAML group. Requires a SAML identity provider.
ServiceTokens []string
The ID of an Access service token.
anyValidServiceToken Boolean
Matches any valid Access service token.
authContexts List<ZeroTrustAccessGroupExcludeAuthContext>
authMethod String
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
azures List<ZeroTrustAccessGroupExcludeAzure>
Matches an Azure group. Requires an Azure identity provider.
certificate Boolean
Matches any valid client certificate.
commonName String
Matches a valid client certificate common name.
commonNames List<String>
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures List<String>
The ID of a device posture integration.
emailDomains List<String>
The email domain to match.
emailLists List<String>
The ID of a previously created email list.
emails List<String>
The email of the user.
everyone Boolean
Matches everyone.
externalEvaluations List<ZeroTrustAccessGroupExcludeExternalEvaluation>
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
geos List<String>
Matches a specific country.
githubs List<ZeroTrustAccessGroupExcludeGithub>
Matches a Github organization. Requires a Github identity provider.
groups List<String>
The ID of a previously created Access group.
gsuites List<ZeroTrustAccessGroupExcludeGsuite>
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
ipLists List<String>
The ID of a previously created IP list.
ips List<String>
An IPv4 or IPv6 CIDR block.
loginMethods List<String>
The ID of a configured identity provider.
oktas List<ZeroTrustAccessGroupExcludeOkta>
Matches an Okta group. Requires an Okta identity provider.
samls List<ZeroTrustAccessGroupExcludeSaml>
Matches a SAML group. Requires a SAML identity provider.
serviceTokens List<String>
The ID of an Access service token.
anyValidServiceToken boolean
Matches any valid Access service token.
authContexts ZeroTrustAccessGroupExcludeAuthContext[]
authMethod string
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
azures ZeroTrustAccessGroupExcludeAzure[]
Matches an Azure group. Requires an Azure identity provider.
certificate boolean
Matches any valid client certificate.
commonName string
Matches a valid client certificate common name.
commonNames string[]
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures string[]
The ID of a device posture integration.
emailDomains string[]
The email domain to match.
emailLists string[]
The ID of a previously created email list.
emails string[]
The email of the user.
everyone boolean
Matches everyone.
externalEvaluations ZeroTrustAccessGroupExcludeExternalEvaluation[]
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
geos string[]
Matches a specific country.
githubs ZeroTrustAccessGroupExcludeGithub[]
Matches a Github organization. Requires a Github identity provider.
groups string[]
The ID of a previously created Access group.
gsuites ZeroTrustAccessGroupExcludeGsuite[]
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
ipLists string[]
The ID of a previously created IP list.
ips string[]
An IPv4 or IPv6 CIDR block.
loginMethods string[]
The ID of a configured identity provider.
oktas ZeroTrustAccessGroupExcludeOkta[]
Matches an Okta group. Requires an Okta identity provider.
samls ZeroTrustAccessGroupExcludeSaml[]
Matches a SAML group. Requires a SAML identity provider.
serviceTokens string[]
The ID of an Access service token.
any_valid_service_token bool
Matches any valid Access service token.
auth_contexts Sequence[ZeroTrustAccessGroupExcludeAuthContext]
auth_method str
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
azures Sequence[ZeroTrustAccessGroupExcludeAzure]
Matches an Azure group. Requires an Azure identity provider.
certificate bool
Matches any valid client certificate.
common_name str
Matches a valid client certificate common name.
common_names Sequence[str]
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
device_postures Sequence[str]
The ID of a device posture integration.
email_domains Sequence[str]
The email domain to match.
email_lists Sequence[str]
The ID of a previously created email list.
emails Sequence[str]
The email of the user.
everyone bool
Matches everyone.
external_evaluations Sequence[ZeroTrustAccessGroupExcludeExternalEvaluation]
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
geos Sequence[str]
Matches a specific country.
githubs Sequence[ZeroTrustAccessGroupExcludeGithub]
Matches a Github organization. Requires a Github identity provider.
groups Sequence[str]
The ID of a previously created Access group.
gsuites Sequence[ZeroTrustAccessGroupExcludeGsuite]
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
ip_lists Sequence[str]
The ID of a previously created IP list.
ips Sequence[str]
An IPv4 or IPv6 CIDR block.
login_methods Sequence[str]
The ID of a configured identity provider.
oktas Sequence[ZeroTrustAccessGroupExcludeOkta]
Matches an Okta group. Requires an Okta identity provider.
samls Sequence[ZeroTrustAccessGroupExcludeSaml]
Matches a SAML group. Requires a SAML identity provider.
service_tokens Sequence[str]
The ID of an Access service token.
anyValidServiceToken Boolean
Matches any valid Access service token.
authContexts List<Property Map>
authMethod String
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
azures List<Property Map>
Matches an Azure group. Requires an Azure identity provider.
certificate Boolean
Matches any valid client certificate.
commonName String
Matches a valid client certificate common name.
commonNames List<String>
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures List<String>
The ID of a device posture integration.
emailDomains List<String>
The email domain to match.
emailLists List<String>
The ID of a previously created email list.
emails List<String>
The email of the user.
everyone Boolean
Matches everyone.
externalEvaluations List<Property Map>
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
geos List<String>
Matches a specific country.
githubs List<Property Map>
Matches a Github organization. Requires a Github identity provider.
groups List<String>
The ID of a previously created Access group.
gsuites List<Property Map>
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
ipLists List<String>
The ID of a previously created IP list.
ips List<String>
An IPv4 or IPv6 CIDR block.
loginMethods List<String>
The ID of a configured identity provider.
oktas List<Property Map>
Matches an Okta group. Requires an Okta identity provider.
samls List<Property Map>
Matches a SAML group. Requires a SAML identity provider.
serviceTokens List<String>
The ID of an Access service token.

ZeroTrustAccessGroupExcludeAuthContext
, ZeroTrustAccessGroupExcludeAuthContextArgs

AcId This property is required. string
The ACID of the Authentication Context.
Id This property is required. string
The ID of the Authentication Context.
IdentityProviderId This property is required. string
The ID of the Azure identity provider.
AcId This property is required. string
The ACID of the Authentication Context.
Id This property is required. string
The ID of the Authentication Context.
IdentityProviderId This property is required. string
The ID of the Azure identity provider.
acId This property is required. String
The ACID of the Authentication Context.
id This property is required. String
The ID of the Authentication Context.
identityProviderId This property is required. String
The ID of the Azure identity provider.
acId This property is required. string
The ACID of the Authentication Context.
id This property is required. string
The ID of the Authentication Context.
identityProviderId This property is required. string
The ID of the Azure identity provider.
ac_id This property is required. str
The ACID of the Authentication Context.
id This property is required. str
The ID of the Authentication Context.
identity_provider_id This property is required. str
The ID of the Azure identity provider.
acId This property is required. String
The ACID of the Authentication Context.
id This property is required. String
The ID of the Authentication Context.
identityProviderId This property is required. String
The ID of the Azure identity provider.

ZeroTrustAccessGroupExcludeAzure
, ZeroTrustAccessGroupExcludeAzureArgs

IdentityProviderId string
The ID of the Azure identity provider.
Ids List<string>
The ID of the Azure group or user.
IdentityProviderId string
The ID of the Azure identity provider.
Ids []string
The ID of the Azure group or user.
identityProviderId String
The ID of the Azure identity provider.
ids List<String>
The ID of the Azure group or user.
identityProviderId string
The ID of the Azure identity provider.
ids string[]
The ID of the Azure group or user.
identity_provider_id str
The ID of the Azure identity provider.
ids Sequence[str]
The ID of the Azure group or user.
identityProviderId String
The ID of the Azure identity provider.
ids List<String>
The ID of the Azure group or user.

ZeroTrustAccessGroupExcludeExternalEvaluation
, ZeroTrustAccessGroupExcludeExternalEvaluationArgs

EvaluateUrl string
The API endpoint containing your business logic.
KeysUrl string
The API endpoint containing the key that Access uses to verify that the response came from your API.
EvaluateUrl string
The API endpoint containing your business logic.
KeysUrl string
The API endpoint containing the key that Access uses to verify that the response came from your API.
evaluateUrl String
The API endpoint containing your business logic.
keysUrl String
The API endpoint containing the key that Access uses to verify that the response came from your API.
evaluateUrl string
The API endpoint containing your business logic.
keysUrl string
The API endpoint containing the key that Access uses to verify that the response came from your API.
evaluate_url str
The API endpoint containing your business logic.
keys_url str
The API endpoint containing the key that Access uses to verify that the response came from your API.
evaluateUrl String
The API endpoint containing your business logic.
keysUrl String
The API endpoint containing the key that Access uses to verify that the response came from your API.

ZeroTrustAccessGroupExcludeGithub
, ZeroTrustAccessGroupExcludeGithubArgs

IdentityProviderId string
The ID of your Github identity provider.
Name string
The name of the organization.
Teams List<string>
The teams that should be matched.
IdentityProviderId string
The ID of your Github identity provider.
Name string
The name of the organization.
Teams []string
The teams that should be matched.
identityProviderId String
The ID of your Github identity provider.
name String
The name of the organization.
teams List<String>
The teams that should be matched.
identityProviderId string
The ID of your Github identity provider.
name string
The name of the organization.
teams string[]
The teams that should be matched.
identity_provider_id str
The ID of your Github identity provider.
name str
The name of the organization.
teams Sequence[str]
The teams that should be matched.
identityProviderId String
The ID of your Github identity provider.
name String
The name of the organization.
teams List<String>
The teams that should be matched.

ZeroTrustAccessGroupExcludeGsuite
, ZeroTrustAccessGroupExcludeGsuiteArgs

Emails This property is required. List<string>
The email of the Google Workspace group.
IdentityProviderId This property is required. string
The ID of your Google Workspace identity provider.
Emails This property is required. []string
The email of the Google Workspace group.
IdentityProviderId This property is required. string
The ID of your Google Workspace identity provider.
emails This property is required. List<String>
The email of the Google Workspace group.
identityProviderId This property is required. String
The ID of your Google Workspace identity provider.
emails This property is required. string[]
The email of the Google Workspace group.
identityProviderId This property is required. string
The ID of your Google Workspace identity provider.
emails This property is required. Sequence[str]
The email of the Google Workspace group.
identity_provider_id This property is required. str
The ID of your Google Workspace identity provider.
emails This property is required. List<String>
The email of the Google Workspace group.
identityProviderId This property is required. String
The ID of your Google Workspace identity provider.

ZeroTrustAccessGroupExcludeOkta
, ZeroTrustAccessGroupExcludeOktaArgs

IdentityProviderId string
The ID of your Okta identity provider.
Names List<string>
The name of the Okta Group.
IdentityProviderId string
The ID of your Okta identity provider.
Names []string
The name of the Okta Group.
identityProviderId String
The ID of your Okta identity provider.
names List<String>
The name of the Okta Group.
identityProviderId string
The ID of your Okta identity provider.
names string[]
The name of the Okta Group.
identity_provider_id str
The ID of your Okta identity provider.
names Sequence[str]
The name of the Okta Group.
identityProviderId String
The ID of your Okta identity provider.
names List<String>
The name of the Okta Group.

ZeroTrustAccessGroupExcludeSaml
, ZeroTrustAccessGroupExcludeSamlArgs

AttributeName string
The name of the SAML attribute.
AttributeValue string
The SAML attribute value to look for.
IdentityProviderId string
The ID of your SAML identity provider.
AttributeName string
The name of the SAML attribute.
AttributeValue string
The SAML attribute value to look for.
IdentityProviderId string
The ID of your SAML identity provider.
attributeName String
The name of the SAML attribute.
attributeValue String
The SAML attribute value to look for.
identityProviderId String
The ID of your SAML identity provider.
attributeName string
The name of the SAML attribute.
attributeValue string
The SAML attribute value to look for.
identityProviderId string
The ID of your SAML identity provider.
attribute_name str
The name of the SAML attribute.
attribute_value str
The SAML attribute value to look for.
identity_provider_id str
The ID of your SAML identity provider.
attributeName String
The name of the SAML attribute.
attributeValue String
The SAML attribute value to look for.
identityProviderId String
The ID of your SAML identity provider.

ZeroTrustAccessGroupInclude
, ZeroTrustAccessGroupIncludeArgs

AnyValidServiceToken bool
Matches any valid Access service token.
AuthContexts List<ZeroTrustAccessGroupIncludeAuthContext>
AuthMethod string
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
Azures List<ZeroTrustAccessGroupIncludeAzure>
Matches an Azure group. Requires an Azure identity provider.
Certificate bool
Matches any valid client certificate.
CommonName string
Matches a valid client certificate common name.
CommonNames List<string>
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
DevicePostures List<string>
The ID of a device posture integration.
EmailDomains List<string>
The email domain to match.
EmailLists List<string>
The ID of a previously created email list.
Emails List<string>
The email of the user.
Everyone bool
Matches everyone.
ExternalEvaluations List<ZeroTrustAccessGroupIncludeExternalEvaluation>
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
Geos List<string>
Matches a specific country.
Githubs List<ZeroTrustAccessGroupIncludeGithub>
Matches a Github organization. Requires a Github identity provider.
Groups List<string>
The ID of a previously created Access group.
Gsuites List<ZeroTrustAccessGroupIncludeGsuite>
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
IpLists List<string>
The ID of a previously created IP list.
Ips List<string>
An IPv4 or IPv6 CIDR block.
LoginMethods List<string>
The ID of a configured identity provider.
Oktas List<ZeroTrustAccessGroupIncludeOkta>
Matches an Okta group. Requires an Okta identity provider.
Samls List<ZeroTrustAccessGroupIncludeSaml>
Matches a SAML group. Requires a SAML identity provider.
ServiceTokens List<string>
The ID of an Access service token.
AnyValidServiceToken bool
Matches any valid Access service token.
AuthContexts []ZeroTrustAccessGroupIncludeAuthContext
AuthMethod string
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
Azures []ZeroTrustAccessGroupIncludeAzure
Matches an Azure group. Requires an Azure identity provider.
Certificate bool
Matches any valid client certificate.
CommonName string
Matches a valid client certificate common name.
CommonNames []string
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
DevicePostures []string
The ID of a device posture integration.
EmailDomains []string
The email domain to match.
EmailLists []string
The ID of a previously created email list.
Emails []string
The email of the user.
Everyone bool
Matches everyone.
ExternalEvaluations []ZeroTrustAccessGroupIncludeExternalEvaluation
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
Geos []string
Matches a specific country.
Githubs []ZeroTrustAccessGroupIncludeGithub
Matches a Github organization. Requires a Github identity provider.
Groups []string
The ID of a previously created Access group.
Gsuites []ZeroTrustAccessGroupIncludeGsuite
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
IpLists []string
The ID of a previously created IP list.
Ips []string
An IPv4 or IPv6 CIDR block.
LoginMethods []string
The ID of a configured identity provider.
Oktas []ZeroTrustAccessGroupIncludeOkta
Matches an Okta group. Requires an Okta identity provider.
Samls []ZeroTrustAccessGroupIncludeSaml
Matches a SAML group. Requires a SAML identity provider.
ServiceTokens []string
The ID of an Access service token.
anyValidServiceToken Boolean
Matches any valid Access service token.
authContexts List<ZeroTrustAccessGroupIncludeAuthContext>
authMethod String
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
azures List<ZeroTrustAccessGroupIncludeAzure>
Matches an Azure group. Requires an Azure identity provider.
certificate Boolean
Matches any valid client certificate.
commonName String
Matches a valid client certificate common name.
commonNames List<String>
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures List<String>
The ID of a device posture integration.
emailDomains List<String>
The email domain to match.
emailLists List<String>
The ID of a previously created email list.
emails List<String>
The email of the user.
everyone Boolean
Matches everyone.
externalEvaluations List<ZeroTrustAccessGroupIncludeExternalEvaluation>
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
geos List<String>
Matches a specific country.
githubs List<ZeroTrustAccessGroupIncludeGithub>
Matches a Github organization. Requires a Github identity provider.
groups List<String>
The ID of a previously created Access group.
gsuites List<ZeroTrustAccessGroupIncludeGsuite>
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
ipLists List<String>
The ID of a previously created IP list.
ips List<String>
An IPv4 or IPv6 CIDR block.
loginMethods List<String>
The ID of a configured identity provider.
oktas List<ZeroTrustAccessGroupIncludeOkta>
Matches an Okta group. Requires an Okta identity provider.
samls List<ZeroTrustAccessGroupIncludeSaml>
Matches a SAML group. Requires a SAML identity provider.
serviceTokens List<String>
The ID of an Access service token.
anyValidServiceToken boolean
Matches any valid Access service token.
authContexts ZeroTrustAccessGroupIncludeAuthContext[]
authMethod string
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
azures ZeroTrustAccessGroupIncludeAzure[]
Matches an Azure group. Requires an Azure identity provider.
certificate boolean
Matches any valid client certificate.
commonName string
Matches a valid client certificate common name.
commonNames string[]
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures string[]
The ID of a device posture integration.
emailDomains string[]
The email domain to match.
emailLists string[]
The ID of a previously created email list.
emails string[]
The email of the user.
everyone boolean
Matches everyone.
externalEvaluations ZeroTrustAccessGroupIncludeExternalEvaluation[]
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
geos string[]
Matches a specific country.
githubs ZeroTrustAccessGroupIncludeGithub[]
Matches a Github organization. Requires a Github identity provider.
groups string[]
The ID of a previously created Access group.
gsuites ZeroTrustAccessGroupIncludeGsuite[]
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
ipLists string[]
The ID of a previously created IP list.
ips string[]
An IPv4 or IPv6 CIDR block.
loginMethods string[]
The ID of a configured identity provider.
oktas ZeroTrustAccessGroupIncludeOkta[]
Matches an Okta group. Requires an Okta identity provider.
samls ZeroTrustAccessGroupIncludeSaml[]
Matches a SAML group. Requires a SAML identity provider.
serviceTokens string[]
The ID of an Access service token.
any_valid_service_token bool
Matches any valid Access service token.
auth_contexts Sequence[ZeroTrustAccessGroupIncludeAuthContext]
auth_method str
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
azures Sequence[ZeroTrustAccessGroupIncludeAzure]
Matches an Azure group. Requires an Azure identity provider.
certificate bool
Matches any valid client certificate.
common_name str
Matches a valid client certificate common name.
common_names Sequence[str]
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
device_postures Sequence[str]
The ID of a device posture integration.
email_domains Sequence[str]
The email domain to match.
email_lists Sequence[str]
The ID of a previously created email list.
emails Sequence[str]
The email of the user.
everyone bool
Matches everyone.
external_evaluations Sequence[ZeroTrustAccessGroupIncludeExternalEvaluation]
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
geos Sequence[str]
Matches a specific country.
githubs Sequence[ZeroTrustAccessGroupIncludeGithub]
Matches a Github organization. Requires a Github identity provider.
groups Sequence[str]
The ID of a previously created Access group.
gsuites Sequence[ZeroTrustAccessGroupIncludeGsuite]
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
ip_lists Sequence[str]
The ID of a previously created IP list.
ips Sequence[str]
An IPv4 or IPv6 CIDR block.
login_methods Sequence[str]
The ID of a configured identity provider.
oktas Sequence[ZeroTrustAccessGroupIncludeOkta]
Matches an Okta group. Requires an Okta identity provider.
samls Sequence[ZeroTrustAccessGroupIncludeSaml]
Matches a SAML group. Requires a SAML identity provider.
service_tokens Sequence[str]
The ID of an Access service token.
anyValidServiceToken Boolean
Matches any valid Access service token.
authContexts List<Property Map>
authMethod String
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
azures List<Property Map>
Matches an Azure group. Requires an Azure identity provider.
certificate Boolean
Matches any valid client certificate.
commonName String
Matches a valid client certificate common name.
commonNames List<String>
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures List<String>
The ID of a device posture integration.
emailDomains List<String>
The email domain to match.
emailLists List<String>
The ID of a previously created email list.
emails List<String>
The email of the user.
everyone Boolean
Matches everyone.
externalEvaluations List<Property Map>
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
geos List<String>
Matches a specific country.
githubs List<Property Map>
Matches a Github organization. Requires a Github identity provider.
groups List<String>
The ID of a previously created Access group.
gsuites List<Property Map>
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
ipLists List<String>
The ID of a previously created IP list.
ips List<String>
An IPv4 or IPv6 CIDR block.
loginMethods List<String>
The ID of a configured identity provider.
oktas List<Property Map>
Matches an Okta group. Requires an Okta identity provider.
samls List<Property Map>
Matches a SAML group. Requires a SAML identity provider.
serviceTokens List<String>
The ID of an Access service token.

ZeroTrustAccessGroupIncludeAuthContext
, ZeroTrustAccessGroupIncludeAuthContextArgs

AcId This property is required. string
The ACID of the Authentication Context.
Id This property is required. string
The ID of the Authentication Context.
IdentityProviderId This property is required. string
The ID of the Azure identity provider.
AcId This property is required. string
The ACID of the Authentication Context.
Id This property is required. string
The ID of the Authentication Context.
IdentityProviderId This property is required. string
The ID of the Azure identity provider.
acId This property is required. String
The ACID of the Authentication Context.
id This property is required. String
The ID of the Authentication Context.
identityProviderId This property is required. String
The ID of the Azure identity provider.
acId This property is required. string
The ACID of the Authentication Context.
id This property is required. string
The ID of the Authentication Context.
identityProviderId This property is required. string
The ID of the Azure identity provider.
ac_id This property is required. str
The ACID of the Authentication Context.
id This property is required. str
The ID of the Authentication Context.
identity_provider_id This property is required. str
The ID of the Azure identity provider.
acId This property is required. String
The ACID of the Authentication Context.
id This property is required. String
The ID of the Authentication Context.
identityProviderId This property is required. String
The ID of the Azure identity provider.

ZeroTrustAccessGroupIncludeAzure
, ZeroTrustAccessGroupIncludeAzureArgs

IdentityProviderId string
The ID of the Azure identity provider.
Ids List<string>
The ID of the Azure group or user.
IdentityProviderId string
The ID of the Azure identity provider.
Ids []string
The ID of the Azure group or user.
identityProviderId String
The ID of the Azure identity provider.
ids List<String>
The ID of the Azure group or user.
identityProviderId string
The ID of the Azure identity provider.
ids string[]
The ID of the Azure group or user.
identity_provider_id str
The ID of the Azure identity provider.
ids Sequence[str]
The ID of the Azure group or user.
identityProviderId String
The ID of the Azure identity provider.
ids List<String>
The ID of the Azure group or user.

ZeroTrustAccessGroupIncludeExternalEvaluation
, ZeroTrustAccessGroupIncludeExternalEvaluationArgs

EvaluateUrl string
The API endpoint containing your business logic.
KeysUrl string
The API endpoint containing the key that Access uses to verify that the response came from your API.
EvaluateUrl string
The API endpoint containing your business logic.
KeysUrl string
The API endpoint containing the key that Access uses to verify that the response came from your API.
evaluateUrl String
The API endpoint containing your business logic.
keysUrl String
The API endpoint containing the key that Access uses to verify that the response came from your API.
evaluateUrl string
The API endpoint containing your business logic.
keysUrl string
The API endpoint containing the key that Access uses to verify that the response came from your API.
evaluate_url str
The API endpoint containing your business logic.
keys_url str
The API endpoint containing the key that Access uses to verify that the response came from your API.
evaluateUrl String
The API endpoint containing your business logic.
keysUrl String
The API endpoint containing the key that Access uses to verify that the response came from your API.

ZeroTrustAccessGroupIncludeGithub
, ZeroTrustAccessGroupIncludeGithubArgs

IdentityProviderId string
The ID of your Github identity provider.
Name string
The name of the organization.
Teams List<string>
The teams that should be matched.
IdentityProviderId string
The ID of your Github identity provider.
Name string
The name of the organization.
Teams []string
The teams that should be matched.
identityProviderId String
The ID of your Github identity provider.
name String
The name of the organization.
teams List<String>
The teams that should be matched.
identityProviderId string
The ID of your Github identity provider.
name string
The name of the organization.
teams string[]
The teams that should be matched.
identity_provider_id str
The ID of your Github identity provider.
name str
The name of the organization.
teams Sequence[str]
The teams that should be matched.
identityProviderId String
The ID of your Github identity provider.
name String
The name of the organization.
teams List<String>
The teams that should be matched.

ZeroTrustAccessGroupIncludeGsuite
, ZeroTrustAccessGroupIncludeGsuiteArgs

Emails This property is required. List<string>
The email of the Google Workspace group.
IdentityProviderId This property is required. string
The ID of your Google Workspace identity provider.
Emails This property is required. []string
The email of the Google Workspace group.
IdentityProviderId This property is required. string
The ID of your Google Workspace identity provider.
emails This property is required. List<String>
The email of the Google Workspace group.
identityProviderId This property is required. String
The ID of your Google Workspace identity provider.
emails This property is required. string[]
The email of the Google Workspace group.
identityProviderId This property is required. string
The ID of your Google Workspace identity provider.
emails This property is required. Sequence[str]
The email of the Google Workspace group.
identity_provider_id This property is required. str
The ID of your Google Workspace identity provider.
emails This property is required. List<String>
The email of the Google Workspace group.
identityProviderId This property is required. String
The ID of your Google Workspace identity provider.

ZeroTrustAccessGroupIncludeOkta
, ZeroTrustAccessGroupIncludeOktaArgs

IdentityProviderId string
The ID of your Okta identity provider.
Names List<string>
The name of the Okta Group.
IdentityProviderId string
The ID of your Okta identity provider.
Names []string
The name of the Okta Group.
identityProviderId String
The ID of your Okta identity provider.
names List<String>
The name of the Okta Group.
identityProviderId string
The ID of your Okta identity provider.
names string[]
The name of the Okta Group.
identity_provider_id str
The ID of your Okta identity provider.
names Sequence[str]
The name of the Okta Group.
identityProviderId String
The ID of your Okta identity provider.
names List<String>
The name of the Okta Group.

ZeroTrustAccessGroupIncludeSaml
, ZeroTrustAccessGroupIncludeSamlArgs

AttributeName string
The name of the SAML attribute.
AttributeValue string
The SAML attribute value to look for.
IdentityProviderId string
The ID of your SAML identity provider.
AttributeName string
The name of the SAML attribute.
AttributeValue string
The SAML attribute value to look for.
IdentityProviderId string
The ID of your SAML identity provider.
attributeName String
The name of the SAML attribute.
attributeValue String
The SAML attribute value to look for.
identityProviderId String
The ID of your SAML identity provider.
attributeName string
The name of the SAML attribute.
attributeValue string
The SAML attribute value to look for.
identityProviderId string
The ID of your SAML identity provider.
attribute_name str
The name of the SAML attribute.
attribute_value str
The SAML attribute value to look for.
identity_provider_id str
The ID of your SAML identity provider.
attributeName String
The name of the SAML attribute.
attributeValue String
The SAML attribute value to look for.
identityProviderId String
The ID of your SAML identity provider.

ZeroTrustAccessGroupRequire
, ZeroTrustAccessGroupRequireArgs

AnyValidServiceToken bool
Matches any valid Access service token.
AuthContexts List<ZeroTrustAccessGroupRequireAuthContext>
AuthMethod string
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
Azures List<ZeroTrustAccessGroupRequireAzure>
Matches an Azure group. Requires an Azure identity provider.
Certificate bool
Matches any valid client certificate.
CommonName string
Matches a valid client certificate common name.
CommonNames List<string>
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
DevicePostures List<string>
The ID of a device posture integration.
EmailDomains List<string>
The email domain to match.
EmailLists List<string>
The ID of a previously created email list.
Emails List<string>
The email of the user.
Everyone bool
Matches everyone.
ExternalEvaluations List<ZeroTrustAccessGroupRequireExternalEvaluation>
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
Geos List<string>
Matches a specific country.
Githubs List<ZeroTrustAccessGroupRequireGithub>
Matches a Github organization. Requires a Github identity provider.
Groups List<string>
The ID of a previously created Access group.
Gsuites List<ZeroTrustAccessGroupRequireGsuite>
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
IpLists List<string>
The ID of a previously created IP list.
Ips List<string>
An IPv4 or IPv6 CIDR block.
LoginMethods List<string>
The ID of a configured identity provider.
Oktas List<ZeroTrustAccessGroupRequireOkta>
Matches an Okta group. Requires an Okta identity provider.
Samls List<ZeroTrustAccessGroupRequireSaml>
Matches a SAML group. Requires a SAML identity provider.
ServiceTokens List<string>
The ID of an Access service token.
AnyValidServiceToken bool
Matches any valid Access service token.
AuthContexts []ZeroTrustAccessGroupRequireAuthContext
AuthMethod string
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
Azures []ZeroTrustAccessGroupRequireAzure
Matches an Azure group. Requires an Azure identity provider.
Certificate bool
Matches any valid client certificate.
CommonName string
Matches a valid client certificate common name.
CommonNames []string
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
DevicePostures []string
The ID of a device posture integration.
EmailDomains []string
The email domain to match.
EmailLists []string
The ID of a previously created email list.
Emails []string
The email of the user.
Everyone bool
Matches everyone.
ExternalEvaluations []ZeroTrustAccessGroupRequireExternalEvaluation
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
Geos []string
Matches a specific country.
Githubs []ZeroTrustAccessGroupRequireGithub
Matches a Github organization. Requires a Github identity provider.
Groups []string
The ID of a previously created Access group.
Gsuites []ZeroTrustAccessGroupRequireGsuite
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
IpLists []string
The ID of a previously created IP list.
Ips []string
An IPv4 or IPv6 CIDR block.
LoginMethods []string
The ID of a configured identity provider.
Oktas []ZeroTrustAccessGroupRequireOkta
Matches an Okta group. Requires an Okta identity provider.
Samls []ZeroTrustAccessGroupRequireSaml
Matches a SAML group. Requires a SAML identity provider.
ServiceTokens []string
The ID of an Access service token.
anyValidServiceToken Boolean
Matches any valid Access service token.
authContexts List<ZeroTrustAccessGroupRequireAuthContext>
authMethod String
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
azures List<ZeroTrustAccessGroupRequireAzure>
Matches an Azure group. Requires an Azure identity provider.
certificate Boolean
Matches any valid client certificate.
commonName String
Matches a valid client certificate common name.
commonNames List<String>
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures List<String>
The ID of a device posture integration.
emailDomains List<String>
The email domain to match.
emailLists List<String>
The ID of a previously created email list.
emails List<String>
The email of the user.
everyone Boolean
Matches everyone.
externalEvaluations List<ZeroTrustAccessGroupRequireExternalEvaluation>
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
geos List<String>
Matches a specific country.
githubs List<ZeroTrustAccessGroupRequireGithub>
Matches a Github organization. Requires a Github identity provider.
groups List<String>
The ID of a previously created Access group.
gsuites List<ZeroTrustAccessGroupRequireGsuite>
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
ipLists List<String>
The ID of a previously created IP list.
ips List<String>
An IPv4 or IPv6 CIDR block.
loginMethods List<String>
The ID of a configured identity provider.
oktas List<ZeroTrustAccessGroupRequireOkta>
Matches an Okta group. Requires an Okta identity provider.
samls List<ZeroTrustAccessGroupRequireSaml>
Matches a SAML group. Requires a SAML identity provider.
serviceTokens List<String>
The ID of an Access service token.
anyValidServiceToken boolean
Matches any valid Access service token.
authContexts ZeroTrustAccessGroupRequireAuthContext[]
authMethod string
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
azures ZeroTrustAccessGroupRequireAzure[]
Matches an Azure group. Requires an Azure identity provider.
certificate boolean
Matches any valid client certificate.
commonName string
Matches a valid client certificate common name.
commonNames string[]
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures string[]
The ID of a device posture integration.
emailDomains string[]
The email domain to match.
emailLists string[]
The ID of a previously created email list.
emails string[]
The email of the user.
everyone boolean
Matches everyone.
externalEvaluations ZeroTrustAccessGroupRequireExternalEvaluation[]
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
geos string[]
Matches a specific country.
githubs ZeroTrustAccessGroupRequireGithub[]
Matches a Github organization. Requires a Github identity provider.
groups string[]
The ID of a previously created Access group.
gsuites ZeroTrustAccessGroupRequireGsuite[]
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
ipLists string[]
The ID of a previously created IP list.
ips string[]
An IPv4 or IPv6 CIDR block.
loginMethods string[]
The ID of a configured identity provider.
oktas ZeroTrustAccessGroupRequireOkta[]
Matches an Okta group. Requires an Okta identity provider.
samls ZeroTrustAccessGroupRequireSaml[]
Matches a SAML group. Requires a SAML identity provider.
serviceTokens string[]
The ID of an Access service token.
any_valid_service_token bool
Matches any valid Access service token.
auth_contexts Sequence[ZeroTrustAccessGroupRequireAuthContext]
auth_method str
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
azures Sequence[ZeroTrustAccessGroupRequireAzure]
Matches an Azure group. Requires an Azure identity provider.
certificate bool
Matches any valid client certificate.
common_name str
Matches a valid client certificate common name.
common_names Sequence[str]
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
device_postures Sequence[str]
The ID of a device posture integration.
email_domains Sequence[str]
The email domain to match.
email_lists Sequence[str]
The ID of a previously created email list.
emails Sequence[str]
The email of the user.
everyone bool
Matches everyone.
external_evaluations Sequence[ZeroTrustAccessGroupRequireExternalEvaluation]
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
geos Sequence[str]
Matches a specific country.
githubs Sequence[ZeroTrustAccessGroupRequireGithub]
Matches a Github organization. Requires a Github identity provider.
groups Sequence[str]
The ID of a previously created Access group.
gsuites Sequence[ZeroTrustAccessGroupRequireGsuite]
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
ip_lists Sequence[str]
The ID of a previously created IP list.
ips Sequence[str]
An IPv4 or IPv6 CIDR block.
login_methods Sequence[str]
The ID of a configured identity provider.
oktas Sequence[ZeroTrustAccessGroupRequireOkta]
Matches an Okta group. Requires an Okta identity provider.
samls Sequence[ZeroTrustAccessGroupRequireSaml]
Matches a SAML group. Requires a SAML identity provider.
service_tokens Sequence[str]
The ID of an Access service token.
anyValidServiceToken Boolean
Matches any valid Access service token.
authContexts List<Property Map>
authMethod String
The type of authentication method. Refer to https://datatracker.ietf.org/doc/html/rfc8176#section-2 for possible types.
azures List<Property Map>
Matches an Azure group. Requires an Azure identity provider.
certificate Boolean
Matches any valid client certificate.
commonName String
Matches a valid client certificate common name.
commonNames List<String>
Overflow field if you need to have multiple commonname rules in a single policy. Use in place of the singular commonname field.
devicePostures List<String>
The ID of a device posture integration.
emailDomains List<String>
The email domain to match.
emailLists List<String>
The ID of a previously created email list.
emails List<String>
The email of the user.
everyone Boolean
Matches everyone.
externalEvaluations List<Property Map>
Create Allow or Block policies which evaluate the user based on custom criteria. https://developers.cloudflare.com/cloudflare-one/policies/access/external-evaluation/.
geos List<String>
Matches a specific country.
githubs List<Property Map>
Matches a Github organization. Requires a Github identity provider.
groups List<String>
The ID of a previously created Access group.
gsuites List<Property Map>
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
ipLists List<String>
The ID of a previously created IP list.
ips List<String>
An IPv4 or IPv6 CIDR block.
loginMethods List<String>
The ID of a configured identity provider.
oktas List<Property Map>
Matches an Okta group. Requires an Okta identity provider.
samls List<Property Map>
Matches a SAML group. Requires a SAML identity provider.
serviceTokens List<String>
The ID of an Access service token.

ZeroTrustAccessGroupRequireAuthContext
, ZeroTrustAccessGroupRequireAuthContextArgs

AcId This property is required. string
The ACID of the Authentication Context.
Id This property is required. string
The ID of the Authentication Context.
IdentityProviderId This property is required. string
The ID of the Azure identity provider.
AcId This property is required. string
The ACID of the Authentication Context.
Id This property is required. string
The ID of the Authentication Context.
IdentityProviderId This property is required. string
The ID of the Azure identity provider.
acId This property is required. String
The ACID of the Authentication Context.
id This property is required. String
The ID of the Authentication Context.
identityProviderId This property is required. String
The ID of the Azure identity provider.
acId This property is required. string
The ACID of the Authentication Context.
id This property is required. string
The ID of the Authentication Context.
identityProviderId This property is required. string
The ID of the Azure identity provider.
ac_id This property is required. str
The ACID of the Authentication Context.
id This property is required. str
The ID of the Authentication Context.
identity_provider_id This property is required. str
The ID of the Azure identity provider.
acId This property is required. String
The ACID of the Authentication Context.
id This property is required. String
The ID of the Authentication Context.
identityProviderId This property is required. String
The ID of the Azure identity provider.

ZeroTrustAccessGroupRequireAzure
, ZeroTrustAccessGroupRequireAzureArgs

IdentityProviderId string
The ID of the Azure identity provider.
Ids List<string>
The ID of the Azure group or user.
IdentityProviderId string
The ID of the Azure identity provider.
Ids []string
The ID of the Azure group or user.
identityProviderId String
The ID of the Azure identity provider.
ids List<String>
The ID of the Azure group or user.
identityProviderId string
The ID of the Azure identity provider.
ids string[]
The ID of the Azure group or user.
identity_provider_id str
The ID of the Azure identity provider.
ids Sequence[str]
The ID of the Azure group or user.
identityProviderId String
The ID of the Azure identity provider.
ids List<String>
The ID of the Azure group or user.

ZeroTrustAccessGroupRequireExternalEvaluation
, ZeroTrustAccessGroupRequireExternalEvaluationArgs

EvaluateUrl string
The API endpoint containing your business logic.
KeysUrl string
The API endpoint containing the key that Access uses to verify that the response came from your API.
EvaluateUrl string
The API endpoint containing your business logic.
KeysUrl string
The API endpoint containing the key that Access uses to verify that the response came from your API.
evaluateUrl String
The API endpoint containing your business logic.
keysUrl String
The API endpoint containing the key that Access uses to verify that the response came from your API.
evaluateUrl string
The API endpoint containing your business logic.
keysUrl string
The API endpoint containing the key that Access uses to verify that the response came from your API.
evaluate_url str
The API endpoint containing your business logic.
keys_url str
The API endpoint containing the key that Access uses to verify that the response came from your API.
evaluateUrl String
The API endpoint containing your business logic.
keysUrl String
The API endpoint containing the key that Access uses to verify that the response came from your API.

ZeroTrustAccessGroupRequireGithub
, ZeroTrustAccessGroupRequireGithubArgs

IdentityProviderId string
The ID of your Github identity provider.
Name string
The name of the organization.
Teams List<string>
The teams that should be matched.
IdentityProviderId string
The ID of your Github identity provider.
Name string
The name of the organization.
Teams []string
The teams that should be matched.
identityProviderId String
The ID of your Github identity provider.
name String
The name of the organization.
teams List<String>
The teams that should be matched.
identityProviderId string
The ID of your Github identity provider.
name string
The name of the organization.
teams string[]
The teams that should be matched.
identity_provider_id str
The ID of your Github identity provider.
name str
The name of the organization.
teams Sequence[str]
The teams that should be matched.
identityProviderId String
The ID of your Github identity provider.
name String
The name of the organization.
teams List<String>
The teams that should be matched.

ZeroTrustAccessGroupRequireGsuite
, ZeroTrustAccessGroupRequireGsuiteArgs

Emails This property is required. List<string>
The email of the Google Workspace group.
IdentityProviderId This property is required. string
The ID of your Google Workspace identity provider.
Emails This property is required. []string
The email of the Google Workspace group.
IdentityProviderId This property is required. string
The ID of your Google Workspace identity provider.
emails This property is required. List<String>
The email of the Google Workspace group.
identityProviderId This property is required. String
The ID of your Google Workspace identity provider.
emails This property is required. string[]
The email of the Google Workspace group.
identityProviderId This property is required. string
The ID of your Google Workspace identity provider.
emails This property is required. Sequence[str]
The email of the Google Workspace group.
identity_provider_id This property is required. str
The ID of your Google Workspace identity provider.
emails This property is required. List<String>
The email of the Google Workspace group.
identityProviderId This property is required. String
The ID of your Google Workspace identity provider.

ZeroTrustAccessGroupRequireOkta
, ZeroTrustAccessGroupRequireOktaArgs

IdentityProviderId string
The ID of your Okta identity provider.
Names List<string>
The name of the Okta Group.
IdentityProviderId string
The ID of your Okta identity provider.
Names []string
The name of the Okta Group.
identityProviderId String
The ID of your Okta identity provider.
names List<String>
The name of the Okta Group.
identityProviderId string
The ID of your Okta identity provider.
names string[]
The name of the Okta Group.
identity_provider_id str
The ID of your Okta identity provider.
names Sequence[str]
The name of the Okta Group.
identityProviderId String
The ID of your Okta identity provider.
names List<String>
The name of the Okta Group.

ZeroTrustAccessGroupRequireSaml
, ZeroTrustAccessGroupRequireSamlArgs

AttributeName string
The name of the SAML attribute.
AttributeValue string
The SAML attribute value to look for.
IdentityProviderId string
The ID of your SAML identity provider.
AttributeName string
The name of the SAML attribute.
AttributeValue string
The SAML attribute value to look for.
IdentityProviderId string
The ID of your SAML identity provider.
attributeName String
The name of the SAML attribute.
attributeValue String
The SAML attribute value to look for.
identityProviderId String
The ID of your SAML identity provider.
attributeName string
The name of the SAML attribute.
attributeValue string
The SAML attribute value to look for.
identityProviderId string
The ID of your SAML identity provider.
attribute_name str
The name of the SAML attribute.
attribute_value str
The SAML attribute value to look for.
identity_provider_id str
The ID of your SAML identity provider.
attributeName String
The name of the SAML attribute.
attributeValue String
The SAML attribute value to look for.
identityProviderId String
The ID of your SAML identity provider.

Import

$ pulumi import cloudflare:index/zeroTrustAccessGroup:ZeroTrustAccessGroup example <account_id>/<group_id>
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Cloudflare pulumi/pulumi-cloudflare
License
Apache-2.0
Notes
This Pulumi package is based on the cloudflare Terraform Provider.
Cloudflare v5.49.1 published on Tuesday, Feb 18, 2025 by Pulumi
pulumi/pulumi-cloudflare