Provides a Cloudflare Access Identity Provider resource. Identity Providers are used as an authentication or authorisation source within Access.
# one time pin
resource "cloudflare_access_identity_provider" "pin_login" {
account_id = "f037e56e89293a057740de681ac9abbe"
name = "PIN login"
type = "onetimepin"
}
# oauth
resource "cloudflare_access_identity_provider" "github_oauth" {
account_id = "f037e56e89293a057740de681ac9abbe"
name = "GitHub OAuth"
type = "github"
config {
client_id = "example"
client_secret = "secret_key"
}
}
# saml
resource "cloudflare_access_identity_provider" "jumpcloud_saml" {
account_id = "f037e56e89293a057740de681ac9abbe"
name = "JumpCloud SAML"
type = "saml"
config {
issuer_url = "jumpcloud"
sso_target_url = "https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess"
attributes = ["email", "username"]
sign_request = false
idp_public_cert = "MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg\nuTnQyuOqPuHbnN83d/2l1NSYKCbHt24o"
}
}
# okta
resource "cloudflare_access_identity_provider" "okta" {
account_id = "f037e56e89293a057740de681ac9abbe"
name = "Okta"
type = "okta"
config {
client_id = "example"
client_secret = "secret_key"
api_token = "okta_api_token"
okta_account = "https://example.com"
}
}
name
(String) Friendly name of the Access Identity Provider configuration.type
(String) The provider type to use. Available values: azureAD
, centrify
, facebook
, github
, google
, google-apps
, linkedin
, oidc
, okta
, onelogin
, onetimepin
, pingone
, saml
, yandex
.account_id
(String) The account identifier to target for the resource. Conflicts with zone_id
. Modifying this attribute will force creation of a new resource.config
(Block List) Provider configuration from the developer documentation. (see below for nested schema)scim_config
(Block List) Configuration for SCIM settings for a given IDP. (see below for nested schema)zone_id
(String) The zone identifier to target for the resource. Conflicts with account_id
. Modifying this attribute will force creation of a new resource.id
(String) The ID of this resource.config
Optional:
api_token
(String)apps_domain
(String)attributes
(List of String)auth_url
(String)authorization_server_id
(String)centrify_account
(String)centrify_app_id
(String)certs_url
(String)claims
(List of String)client_id
(String)client_secret
(String)conditional_access_enabled
(Boolean)directory_id
(String)email_attribute_name
(String)email_claim_name
(String)idp_public_cert
(String)issuer_url
(String)okta_account
(String)onelogin_account
(String)ping_env_id
(String)pkce_enabled
(Boolean)scopes
(List of String)sign_request
(Boolean)sso_target_url
(String)support_groups
(Boolean)token_url
(String)Read-Only:
redirect_url
(String)scim_config
Optional:
enabled
(Boolean)group_member_deprovision
(Boolean)seat_deprovision
(Boolean)secret
(String, Sensitive)user_deprovision
(Boolean)Import is supported using the following syntax:
$ terraform import cloudflare_access_identity_provider.example <account_id>/<identity_provider_id>