Docs
Packagesazuread.Application
Explore with Pulumi AI
Example Usage
Create an application
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
import * as std from "@pulumi/std";
const current = azuread.getClientConfig({});
const example = new azuread.Application("example", {
displayName: "example",
identifierUris: ["api://example-app"],
logoImage: std.filebase64({
input: "/path/to/logo.png",
}).then(invoke => invoke.result),
owners: [current.then(current => current.objectId)],
signInAudience: "AzureADMultipleOrgs",
api: {
mappedClaimsEnabled: true,
requestedAccessTokenVersion: 2,
knownClientApplications: [
known1.applicationId,
known2.applicationId,
],
oauth2PermissionScopes: [
{
adminConsentDescription: "Allow the application to access example on behalf of the signed-in user.",
adminConsentDisplayName: "Access example",
enabled: true,
id: "96183846-204b-4b43-82e1-5d2222eb4b9b",
type: "User",
userConsentDescription: "Allow the application to access example on your behalf.",
userConsentDisplayName: "Access example",
value: "user_impersonation",
},
{
adminConsentDescription: "Administer the example application",
adminConsentDisplayName: "Administer",
enabled: true,
id: "be98fa3e-ab5b-4b11-83d9-04ba2b7946bc",
type: "Admin",
value: "administer",
},
],
},
appRoles: [
{
allowedMemberTypes: [
"User",
"Application",
],
description: "Admins can manage roles and perform all task actions",
displayName: "Admin",
enabled: true,
id: "1b19509b-32b1-4e9f-b71d-4992aa991967",
value: "admin",
},
{
allowedMemberTypes: ["User"],
description: "ReadOnly roles have limited query access",
displayName: "ReadOnly",
enabled: true,
id: "497406e4-012a-4267-bf18-45a1cb148a01",
value: "User",
},
],
featureTags: [{
enterprise: true,
gallery: true,
}],
optionalClaims: {
accessTokens: [
{
name: "myclaim",
},
{
name: "otherclaim",
},
],
idTokens: [{
name: "userclaim",
source: "user",
essential: true,
additionalProperties: ["emit_as_roles"],
}],
saml2Tokens: [{
name: "samlexample",
}],
},
requiredResourceAccesses: [
{
resourceAppId: "00000003-0000-0000-c000-000000000000",
resourceAccesses: [
{
id: "df021288-bdef-4463-88db-98f22de89214",
type: "Role",
},
{
id: "b4e74841-8e56-480b-be8b-910348b18b4c",
type: "Scope",
},
],
},
{
resourceAppId: "c5393580-f805-4401-95e8-94b7a6ef2fc2",
resourceAccesses: [{
id: "594c1fb6-4f81-4475-ae41-0c394909246c",
type: "Role",
}],
},
],
web: {
homepageUrl: "https://app.example.net",
logoutUrl: "https://app.example.net/logout",
redirectUris: ["https://app.example.net/account"],
implicitGrant: {
accessTokenIssuanceEnabled: true,
idTokenIssuanceEnabled: true,
},
},
});
import pulumi
import pulumi_azuread as azuread
import pulumi_std as std
current = azuread.get_client_config()
example = azuread.Application("example",
display_name="example",
identifier_uris=["api://example-app"],
logo_image=std.filebase64(input="/path/to/logo.png").result,
owners=[current.object_id],
sign_in_audience="AzureADMultipleOrgs",
api=azuread.ApplicationApiArgs(
mapped_claims_enabled=True,
requested_access_token_version=2,
known_client_applications=[
known1["applicationId"],
known2["applicationId"],
],
oauth2_permission_scopes=[
azuread.ApplicationApiOauth2PermissionScopeArgs(
admin_consent_description="Allow the application to access example on behalf of the signed-in user.",
admin_consent_display_name="Access example",
enabled=True,
id="96183846-204b-4b43-82e1-5d2222eb4b9b",
type="User",
user_consent_description="Allow the application to access example on your behalf.",
user_consent_display_name="Access example",
value="user_impersonation",
),
azuread.ApplicationApiOauth2PermissionScopeArgs(
admin_consent_description="Administer the example application",
admin_consent_display_name="Administer",
enabled=True,
id="be98fa3e-ab5b-4b11-83d9-04ba2b7946bc",
type="Admin",
value="administer",
),
],
),
app_roles=[
azuread.ApplicationAppRoleArgs(
allowed_member_types=[
"User",
"Application",
],
description="Admins can manage roles and perform all task actions",
display_name="Admin",
enabled=True,
id="1b19509b-32b1-4e9f-b71d-4992aa991967",
value="admin",
),
azuread.ApplicationAppRoleArgs(
allowed_member_types=["User"],
description="ReadOnly roles have limited query access",
display_name="ReadOnly",
enabled=True,
id="497406e4-012a-4267-bf18-45a1cb148a01",
value="User",
),
],
feature_tags=[azuread.ApplicationFeatureTagArgs(
enterprise=True,
gallery=True,
)],
optional_claims=azuread.ApplicationOptionalClaimsArgs(
access_tokens=[
azuread.ApplicationOptionalClaimsAccessTokenArgs(
name="myclaim",
),
azuread.ApplicationOptionalClaimsAccessTokenArgs(
name="otherclaim",
),
],
id_tokens=[azuread.ApplicationOptionalClaimsIdTokenArgs(
name="userclaim",
source="user",
essential=True,
additional_properties=["emit_as_roles"],
)],
saml2_tokens=[azuread.ApplicationOptionalClaimsSaml2TokenArgs(
name="samlexample",
)],
),
required_resource_accesses=[
azuread.ApplicationRequiredResourceAccessArgs(
resource_app_id="00000003-0000-0000-c000-000000000000",
resource_accesses=[
azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
id="df021288-bdef-4463-88db-98f22de89214",
type="Role",
),
azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
id="b4e74841-8e56-480b-be8b-910348b18b4c",
type="Scope",
),
],
),
azuread.ApplicationRequiredResourceAccessArgs(
resource_app_id="c5393580-f805-4401-95e8-94b7a6ef2fc2",
resource_accesses=[azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
id="594c1fb6-4f81-4475-ae41-0c394909246c",
type="Role",
)],
),
],
web=azuread.ApplicationWebArgs(
homepage_url="https://app.example.net",
logout_url="https://app.example.net/logout",
redirect_uris=["https://app.example.net/account"],
implicit_grant=azuread.ApplicationWebImplicitGrantArgs(
access_token_issuance_enabled=True,
id_token_issuance_enabled=True,
),
))
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := azuread.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
invokeFilebase64, err := std.Filebase64(ctx, &std.Filebase64Args{
Input: "/path/to/logo.png",
}, nil)
if err != nil {
return err
}
_, err = azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{
DisplayName: pulumi.String("example"),
IdentifierUris: pulumi.StringArray{
pulumi.String("api://example-app"),
},
LogoImage: invokeFilebase64.Result,
Owners: pulumi.StringArray{
pulumi.String(current.ObjectId),
},
SignInAudience: pulumi.String("AzureADMultipleOrgs"),
Api: &azuread.ApplicationApiArgs{
MappedClaimsEnabled: pulumi.Bool(true),
RequestedAccessTokenVersion: pulumi.Int(2),
KnownClientApplications: pulumi.StringArray{
known1.ApplicationId,
known2.ApplicationId,
},
Oauth2PermissionScopes: azuread.ApplicationApiOauth2PermissionScopeArray{
&azuread.ApplicationApiOauth2PermissionScopeArgs{
AdminConsentDescription: pulumi.String("Allow the application to access example on behalf of the signed-in user."),
AdminConsentDisplayName: pulumi.String("Access example"),
Enabled: pulumi.Bool(true),
Id: pulumi.String("96183846-204b-4b43-82e1-5d2222eb4b9b"),
Type: pulumi.String("User"),
UserConsentDescription: pulumi.String("Allow the application to access example on your behalf."),
UserConsentDisplayName: pulumi.String("Access example"),
Value: pulumi.String("user_impersonation"),
},
&azuread.ApplicationApiOauth2PermissionScopeArgs{
AdminConsentDescription: pulumi.String("Administer the example application"),
AdminConsentDisplayName: pulumi.String("Administer"),
Enabled: pulumi.Bool(true),
Id: pulumi.String("be98fa3e-ab5b-4b11-83d9-04ba2b7946bc"),
Type: pulumi.String("Admin"),
Value: pulumi.String("administer"),
},
},
},
AppRoles: azuread.ApplicationAppRoleTypeArray{
&azuread.ApplicationAppRoleTypeArgs{
AllowedMemberTypes: pulumi.StringArray{
pulumi.String("User"),
pulumi.String("Application"),
},
Description: pulumi.String("Admins can manage roles and perform all task actions"),
DisplayName: pulumi.String("Admin"),
Enabled: pulumi.Bool(true),
Id: pulumi.String("1b19509b-32b1-4e9f-b71d-4992aa991967"),
Value: pulumi.String("admin"),
},
&azuread.ApplicationAppRoleTypeArgs{
AllowedMemberTypes: pulumi.StringArray{
pulumi.String("User"),
},
Description: pulumi.String("ReadOnly roles have limited query access"),
DisplayName: pulumi.String("ReadOnly"),
Enabled: pulumi.Bool(true),
Id: pulumi.String("497406e4-012a-4267-bf18-45a1cb148a01"),
Value: pulumi.String("User"),
},
},
FeatureTags: azuread.ApplicationFeatureTagArray{
&azuread.ApplicationFeatureTagArgs{
Enterprise: pulumi.Bool(true),
Gallery: pulumi.Bool(true),
},
},
OptionalClaims: &azuread.ApplicationOptionalClaimsTypeArgs{
AccessTokens: azuread.ApplicationOptionalClaimsAccessTokenArray{
&azuread.ApplicationOptionalClaimsAccessTokenArgs{
Name: pulumi.String("myclaim"),
},
&azuread.ApplicationOptionalClaimsAccessTokenArgs{
Name: pulumi.String("otherclaim"),
},
},
IdTokens: azuread.ApplicationOptionalClaimsIdTokenArray{
&azuread.ApplicationOptionalClaimsIdTokenArgs{
Name: pulumi.String("userclaim"),
Source: pulumi.String("user"),
Essential: pulumi.Bool(true),
AdditionalProperties: pulumi.StringArray{
pulumi.String("emit_as_roles"),
},
},
},
Saml2Tokens: azuread.ApplicationOptionalClaimsSaml2TokenArray{
&azuread.ApplicationOptionalClaimsSaml2TokenArgs{
Name: pulumi.String("samlexample"),
},
},
},
RequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{
&azuread.ApplicationRequiredResourceAccessArgs{
ResourceAppId: pulumi.String("00000003-0000-0000-c000-000000000000"),
ResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{
&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
Id: pulumi.String("df021288-bdef-4463-88db-98f22de89214"),
Type: pulumi.String("Role"),
},
&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
Id: pulumi.String("b4e74841-8e56-480b-be8b-910348b18b4c"),
Type: pulumi.String("Scope"),
},
},
},
&azuread.ApplicationRequiredResourceAccessArgs{
ResourceAppId: pulumi.String("c5393580-f805-4401-95e8-94b7a6ef2fc2"),
ResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{
&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
Id: pulumi.String("594c1fb6-4f81-4475-ae41-0c394909246c"),
Type: pulumi.String("Role"),
},
},
},
},
Web: &azuread.ApplicationWebArgs{
HomepageUrl: pulumi.String("https://app.example.net"),
LogoutUrl: pulumi.String("https://app.example.net/logout"),
RedirectUris: pulumi.StringArray{
pulumi.String("https://app.example.net/account"),
},
ImplicitGrant: &azuread.ApplicationWebImplicitGrantArgs{
AccessTokenIssuanceEnabled: pulumi.Bool(true),
IdTokenIssuanceEnabled: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var current = AzureAD.GetClientConfig.Invoke();
var example = new AzureAD.Application("example", new()
{
DisplayName = "example",
IdentifierUris = new[]
{
"api://example-app",
},
LogoImage = Std.Filebase64.Invoke(new()
{
Input = "/path/to/logo.png",
}).Apply(invoke => invoke.Result),
Owners = new[]
{
current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
},
SignInAudience = "AzureADMultipleOrgs",
Api = new AzureAD.Inputs.ApplicationApiArgs
{
MappedClaimsEnabled = true,
RequestedAccessTokenVersion = 2,
KnownClientApplications = new[]
{
known1.ApplicationId,
known2.ApplicationId,
},
Oauth2PermissionScopes = new[]
{
new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs
{
AdminConsentDescription = "Allow the application to access example on behalf of the signed-in user.",
AdminConsentDisplayName = "Access example",
Enabled = true,
Id = "96183846-204b-4b43-82e1-5d2222eb4b9b",
Type = "User",
UserConsentDescription = "Allow the application to access example on your behalf.",
UserConsentDisplayName = "Access example",
Value = "user_impersonation",
},
new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs
{
AdminConsentDescription = "Administer the example application",
AdminConsentDisplayName = "Administer",
Enabled = true,
Id = "be98fa3e-ab5b-4b11-83d9-04ba2b7946bc",
Type = "Admin",
Value = "administer",
},
},
},
AppRoles = new[]
{
new AzureAD.Inputs.ApplicationAppRoleArgs
{
AllowedMemberTypes = new[]
{
"User",
"Application",
},
Description = "Admins can manage roles and perform all task actions",
DisplayName = "Admin",
Enabled = true,
Id = "1b19509b-32b1-4e9f-b71d-4992aa991967",
Value = "admin",
},
new AzureAD.Inputs.ApplicationAppRoleArgs
{
AllowedMemberTypes = new[]
{
"User",
},
Description = "ReadOnly roles have limited query access",
DisplayName = "ReadOnly",
Enabled = true,
Id = "497406e4-012a-4267-bf18-45a1cb148a01",
Value = "User",
},
},
FeatureTags = new[]
{
new AzureAD.Inputs.ApplicationFeatureTagArgs
{
Enterprise = true,
Gallery = true,
},
},
OptionalClaims = new AzureAD.Inputs.ApplicationOptionalClaimsArgs
{
AccessTokens = new[]
{
new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs
{
Name = "myclaim",
},
new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs
{
Name = "otherclaim",
},
},
IdTokens = new[]
{
new AzureAD.Inputs.ApplicationOptionalClaimsIdTokenArgs
{
Name = "userclaim",
Source = "user",
Essential = true,
AdditionalProperties = new[]
{
"emit_as_roles",
},
},
},
Saml2Tokens = new[]
{
new AzureAD.Inputs.ApplicationOptionalClaimsSaml2TokenArgs
{
Name = "samlexample",
},
},
},
RequiredResourceAccesses = new[]
{
new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs
{
ResourceAppId = "00000003-0000-0000-c000-000000000000",
ResourceAccesses = new[]
{
new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
{
Id = "df021288-bdef-4463-88db-98f22de89214",
Type = "Role",
},
new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
{
Id = "b4e74841-8e56-480b-be8b-910348b18b4c",
Type = "Scope",
},
},
},
new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs
{
ResourceAppId = "c5393580-f805-4401-95e8-94b7a6ef2fc2",
ResourceAccesses = new[]
{
new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
{
Id = "594c1fb6-4f81-4475-ae41-0c394909246c",
Type = "Role",
},
},
},
},
Web = new AzureAD.Inputs.ApplicationWebArgs
{
HomepageUrl = "https://app.example.net",
LogoutUrl = "https://app.example.net/logout",
RedirectUris = new[]
{
"https://app.example.net/account",
},
ImplicitGrant = new AzureAD.Inputs.ApplicationWebImplicitGrantArgs
{
AccessTokenIssuanceEnabled = true,
IdTokenIssuanceEnabled = true,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.Application;
import com.pulumi.azuread.ApplicationArgs;
import com.pulumi.azuread.inputs.ApplicationApiArgs;
import com.pulumi.azuread.inputs.ApplicationAppRoleArgs;
import com.pulumi.azuread.inputs.ApplicationFeatureTagArgs;
import com.pulumi.azuread.inputs.ApplicationOptionalClaimsArgs;
import com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;
import com.pulumi.azuread.inputs.ApplicationWebArgs;
import com.pulumi.azuread.inputs.ApplicationWebImplicitGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AzureadFunctions.getClientConfig();
var example = new Application("example", ApplicationArgs.builder()
.displayName("example")
.identifierUris("api://example-app")
.logoImage(StdFunctions.filebase64(Filebase64Args.builder()
.input("/path/to/logo.png")
.build()).result())
.owners(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.signInAudience("AzureADMultipleOrgs")
.api(ApplicationApiArgs.builder()
.mappedClaimsEnabled(true)
.requestedAccessTokenVersion(2)
.knownClientApplications(
known1.applicationId(),
known2.applicationId())
.oauth2PermissionScopes(
ApplicationApiOauth2PermissionScopeArgs.builder()
.adminConsentDescription("Allow the application to access example on behalf of the signed-in user.")
.adminConsentDisplayName("Access example")
.enabled(true)
.id("96183846-204b-4b43-82e1-5d2222eb4b9b")
.type("User")
.userConsentDescription("Allow the application to access example on your behalf.")
.userConsentDisplayName("Access example")
.value("user_impersonation")
.build(),
ApplicationApiOauth2PermissionScopeArgs.builder()
.adminConsentDescription("Administer the example application")
.adminConsentDisplayName("Administer")
.enabled(true)
.id("be98fa3e-ab5b-4b11-83d9-04ba2b7946bc")
.type("Admin")
.value("administer")
.build())
.build())
.appRoles(
ApplicationAppRoleArgs.builder()
.allowedMemberTypes(
"User",
"Application")
.description("Admins can manage roles and perform all task actions")
.displayName("Admin")
.enabled(true)
.id("1b19509b-32b1-4e9f-b71d-4992aa991967")
.value("admin")
.build(),
ApplicationAppRoleArgs.builder()
.allowedMemberTypes("User")
.description("ReadOnly roles have limited query access")
.displayName("ReadOnly")
.enabled(true)
.id("497406e4-012a-4267-bf18-45a1cb148a01")
.value("User")
.build())
.featureTags(ApplicationFeatureTagArgs.builder()
.enterprise(true)
.gallery(true)
.build())
.optionalClaims(ApplicationOptionalClaimsArgs.builder()
.accessTokens(
ApplicationOptionalClaimsAccessTokenArgs.builder()
.name("myclaim")
.build(),
ApplicationOptionalClaimsAccessTokenArgs.builder()
.name("otherclaim")
.build())
.idTokens(ApplicationOptionalClaimsIdTokenArgs.builder()
.name("userclaim")
.source("user")
.essential(true)
.additionalProperties("emit_as_roles")
.build())
.saml2Tokens(ApplicationOptionalClaimsSaml2TokenArgs.builder()
.name("samlexample")
.build())
.build())
.requiredResourceAccesses(
ApplicationRequiredResourceAccessArgs.builder()
.resourceAppId("00000003-0000-0000-c000-000000000000")
.resourceAccesses(
ApplicationRequiredResourceAccessResourceAccessArgs.builder()
.id("df021288-bdef-4463-88db-98f22de89214")
.type("Role")
.build(),
ApplicationRequiredResourceAccessResourceAccessArgs.builder()
.id("b4e74841-8e56-480b-be8b-910348b18b4c")
.type("Scope")
.build())
.build(),
ApplicationRequiredResourceAccessArgs.builder()
.resourceAppId("c5393580-f805-4401-95e8-94b7a6ef2fc2")
.resourceAccesses(ApplicationRequiredResourceAccessResourceAccessArgs.builder()
.id("594c1fb6-4f81-4475-ae41-0c394909246c")
.type("Role")
.build())
.build())
.web(ApplicationWebArgs.builder()
.homepageUrl("https://app.example.net")
.logoutUrl("https://app.example.net/logout")
.redirectUris("https://app.example.net/account")
.implicitGrant(ApplicationWebImplicitGrantArgs.builder()
.accessTokenIssuanceEnabled(true)
.idTokenIssuanceEnabled(true)
.build())
.build())
.build());
}
}
resources:
example:
type: azuread:Application
properties:
displayName: example
identifierUris:
- api://example-app
logoImage:
fn::invoke:
Function: std:filebase64
Arguments:
input: /path/to/logo.png
Return: result
owners:
- ${current.objectId}
signInAudience: AzureADMultipleOrgs
api:
mappedClaimsEnabled: true
requestedAccessTokenVersion: 2
knownClientApplications:
- ${known1.applicationId}
- ${known2.applicationId}
oauth2PermissionScopes:
- adminConsentDescription: Allow the application to access example on behalf of the signed-in user.
adminConsentDisplayName: Access example
enabled: true
id: 96183846-204b-4b43-82e1-5d2222eb4b9b
type: User
userConsentDescription: Allow the application to access example on your behalf.
userConsentDisplayName: Access example
value: user_impersonation
- adminConsentDescription: Administer the example application
adminConsentDisplayName: Administer
enabled: true
id: be98fa3e-ab5b-4b11-83d9-04ba2b7946bc
type: Admin
value: administer
appRoles:
- allowedMemberTypes:
- User
- Application
description: Admins can manage roles and perform all task actions
displayName: Admin
enabled: true
id: 1b19509b-32b1-4e9f-b71d-4992aa991967
value: admin
- allowedMemberTypes:
- User
description: ReadOnly roles have limited query access
displayName: ReadOnly
enabled: true
id: 497406e4-012a-4267-bf18-45a1cb148a01
value: User
featureTags:
- enterprise: true
gallery: true
optionalClaims:
accessTokens:
- name: myclaim
- name: otherclaim
idTokens:
- name: userclaim
source: user
essential: true
additionalProperties:
- emit_as_roles
saml2Tokens:
- name: samlexample
requiredResourceAccesses:
- resourceAppId: 00000003-0000-0000-c000-000000000000
resourceAccesses:
- id: df021288-bdef-4463-88db-98f22de89214
type: Role
- id: b4e74841-8e56-480b-be8b-910348b18b4c
type: Scope
- resourceAppId: c5393580-f805-4401-95e8-94b7a6ef2fc2
resourceAccesses:
- id: 594c1fb6-4f81-4475-ae41-0c394909246c
type: Role
web:
homepageUrl: https://app.example.net
logoutUrl: https://app.example.net/logout
redirectUris:
- https://app.example.net/account
implicitGrant:
accessTokenIssuanceEnabled: true
idTokenIssuanceEnabled: true
variables:
current:
fn::invoke:
Function: azuread:getClientConfig
Arguments: {}
Create application from a gallery template
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const example = azuread.getApplicationTemplate({
displayName: "Marketo",
});
const exampleApplication = new azuread.Application("example", {
displayName: "example",
templateId: example.then(example => example.templateId),
});
const exampleServicePrincipal = new azuread.ServicePrincipal("example", {
applicationId: exampleApplication.applicationId,
useExisting: true,
});
import pulumi
import pulumi_azuread as azuread
example = azuread.get_application_template(display_name="Marketo")
example_application = azuread.Application("example",
display_name="example",
template_id=example.template_id)
example_service_principal = azuread.ServicePrincipal("example",
application_id=example_application.application_id,
use_existing=True)
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuread.GetApplicationTemplate(ctx, &azuread.GetApplicationTemplateArgs{
DisplayName: pulumi.StringRef("Marketo"),
}, nil)
if err != nil {
return err
}
exampleApplication, err := azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{
DisplayName: pulumi.String("example"),
TemplateId: pulumi.String(example.TemplateId),
})
if err != nil {
return err
}
_, err = azuread.NewServicePrincipal(ctx, "example", &azuread.ServicePrincipalArgs{
ApplicationId: exampleApplication.ApplicationId,
UseExisting: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = AzureAD.GetApplicationTemplate.Invoke(new()
{
DisplayName = "Marketo",
});
var exampleApplication = new AzureAD.Application("example", new()
{
DisplayName = "example",
TemplateId = example.Apply(getApplicationTemplateResult => getApplicationTemplateResult.TemplateId),
});
var exampleServicePrincipal = new AzureAD.ServicePrincipal("example", new()
{
ApplicationId = exampleApplication.ApplicationId,
UseExisting = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetApplicationTemplateArgs;
import com.pulumi.azuread.Application;
import com.pulumi.azuread.ApplicationArgs;
import com.pulumi.azuread.ServicePrincipal;
import com.pulumi.azuread.ServicePrincipalArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()
.displayName("Marketo")
.build());
var exampleApplication = new Application("exampleApplication", ApplicationArgs.builder()
.displayName("example")
.templateId(example.applyValue(getApplicationTemplateResult -> getApplicationTemplateResult.templateId()))
.build());
var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder()
.applicationId(exampleApplication.applicationId())
.useExisting(true)
.build());
}
}
resources:
exampleApplication:
type: azuread:Application
name: example
properties:
displayName: example
templateId: ${example.templateId}
exampleServicePrincipal:
type: azuread:ServicePrincipal
name: example
properties:
applicationId: ${exampleApplication.applicationId}
useExisting: true
variables:
example:
fn::invoke:
Function: azuread:getApplicationTemplate
Arguments:
displayName: Marketo
Create Application Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Application(name: string, args: ApplicationArgs, opts?: CustomResourceOptions);@overload
def Application(resource_name: str,
args: ApplicationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Application(resource_name: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
oauth2_post_response_required: Optional[bool] = None,
device_only_auth_enabled: Optional[bool] = None,
owners: Optional[Sequence[str]] = None,
prevent_duplicate_names: Optional[bool] = None,
fallback_public_client_enabled: Optional[bool] = None,
feature_tags: Optional[Sequence[ApplicationFeatureTagArgs]] = None,
group_membership_claims: Optional[Sequence[str]] = None,
identifier_uris: Optional[Sequence[str]] = None,
logo_image: Optional[str] = None,
marketing_url: Optional[str] = None,
notes: Optional[str] = None,
api: Optional[ApplicationApiArgs] = None,
web: Optional[ApplicationWebArgs] = None,
description: Optional[str] = None,
app_roles: Optional[Sequence[ApplicationAppRoleArgs]] = None,
privacy_statement_url: Optional[str] = None,
public_client: Optional[ApplicationPublicClientArgs] = None,
required_resource_accesses: Optional[Sequence[ApplicationRequiredResourceAccessArgs]] = None,
service_management_reference: Optional[str] = None,
sign_in_audience: Optional[str] = None,
single_page_application: Optional[ApplicationSinglePageApplicationArgs] = None,
support_url: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
template_id: Optional[str] = None,
terms_of_service_url: Optional[str] = None,
optional_claims: Optional[ApplicationOptionalClaimsArgs] = None)func NewApplication(ctx *Context, name string, args ApplicationArgs, opts ...ResourceOption) (*Application, error)public Application(string name, ApplicationArgs args, CustomResourceOptions? opts = null)
public Application(String name, ApplicationArgs args)
public Application(String name, ApplicationArgs args, CustomResourceOptions options)
type: azuread:Application
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var applicationResource = new AzureAD.Application("applicationResource", new()
{
DisplayName = "string",
Oauth2PostResponseRequired = false,
DeviceOnlyAuthEnabled = false,
Owners = new[]
{
"string",
},
PreventDuplicateNames = false,
FallbackPublicClientEnabled = false,
FeatureTags = new[]
{
new AzureAD.Inputs.ApplicationFeatureTagArgs
{
CustomSingleSignOn = false,
Enterprise = false,
Gallery = false,
Hide = false,
},
},
GroupMembershipClaims = new[]
{
"string",
},
IdentifierUris = new[]
{
"string",
},
LogoImage = "string",
MarketingUrl = "string",
Notes = "string",
Api = new AzureAD.Inputs.ApplicationApiArgs
{
KnownClientApplications = new[]
{
"string",
},
MappedClaimsEnabled = false,
Oauth2PermissionScopes = new[]
{
new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs
{
Id = "string",
AdminConsentDescription = "string",
AdminConsentDisplayName = "string",
Enabled = false,
Type = "string",
UserConsentDescription = "string",
UserConsentDisplayName = "string",
Value = "string",
},
},
RequestedAccessTokenVersion = 0,
},
Web = new AzureAD.Inputs.ApplicationWebArgs
{
HomepageUrl = "string",
ImplicitGrant = new AzureAD.Inputs.ApplicationWebImplicitGrantArgs
{
AccessTokenIssuanceEnabled = false,
IdTokenIssuanceEnabled = false,
},
LogoutUrl = "string",
RedirectUris = new[]
{
"string",
},
},
Description = "string",
AppRoles = new[]
{
new AzureAD.Inputs.ApplicationAppRoleArgs
{
AllowedMemberTypes = new[]
{
"string",
},
Description = "string",
DisplayName = "string",
Id = "string",
Enabled = false,
Value = "string",
},
},
PrivacyStatementUrl = "string",
PublicClient = new AzureAD.Inputs.ApplicationPublicClientArgs
{
RedirectUris = new[]
{
"string",
},
},
RequiredResourceAccesses = new[]
{
new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs
{
ResourceAccesses = new[]
{
new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
{
Id = "string",
Type = "string",
},
},
ResourceAppId = "string",
},
},
ServiceManagementReference = "string",
SignInAudience = "string",
SinglePageApplication = new AzureAD.Inputs.ApplicationSinglePageApplicationArgs
{
RedirectUris = new[]
{
"string",
},
},
SupportUrl = "string",
Tags = new[]
{
"string",
},
TemplateId = "string",
TermsOfServiceUrl = "string",
OptionalClaims = new AzureAD.Inputs.ApplicationOptionalClaimsArgs
{
AccessTokens = new[]
{
new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs
{
Name = "string",
AdditionalProperties = new[]
{
"string",
},
Essential = false,
Source = "string",
},
},
IdTokens = new[]
{
new AzureAD.Inputs.ApplicationOptionalClaimsIdTokenArgs
{
Name = "string",
AdditionalProperties = new[]
{
"string",
},
Essential = false,
Source = "string",
},
},
Saml2Tokens = new[]
{
new AzureAD.Inputs.ApplicationOptionalClaimsSaml2TokenArgs
{
Name = "string",
AdditionalProperties = new[]
{
"string",
},
Essential = false,
Source = "string",
},
},
},
});
example, err := azuread.NewApplication(ctx, "applicationResource", &azuread.ApplicationArgs{
DisplayName: pulumi.String("string"),
Oauth2PostResponseRequired: pulumi.Bool(false),
DeviceOnlyAuthEnabled: pulumi.Bool(false),
Owners: pulumi.StringArray{
pulumi.String("string"),
},
PreventDuplicateNames: pulumi.Bool(false),
FallbackPublicClientEnabled: pulumi.Bool(false),
FeatureTags: azuread.ApplicationFeatureTagArray{
&azuread.ApplicationFeatureTagArgs{
CustomSingleSignOn: pulumi.Bool(false),
Enterprise: pulumi.Bool(false),
Gallery: pulumi.Bool(false),
Hide: pulumi.Bool(false),
},
},
GroupMembershipClaims: pulumi.StringArray{
pulumi.String("string"),
},
IdentifierUris: pulumi.StringArray{
pulumi.String("string"),
},
LogoImage: pulumi.String("string"),
MarketingUrl: pulumi.String("string"),
Notes: pulumi.String("string"),
Api: &azuread.ApplicationApiArgs{
KnownClientApplications: pulumi.StringArray{
pulumi.String("string"),
},
MappedClaimsEnabled: pulumi.Bool(false),
Oauth2PermissionScopes: azuread.ApplicationApiOauth2PermissionScopeArray{
&azuread.ApplicationApiOauth2PermissionScopeArgs{
Id: pulumi.String("string"),
AdminConsentDescription: pulumi.String("string"),
AdminConsentDisplayName: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Type: pulumi.String("string"),
UserConsentDescription: pulumi.String("string"),
UserConsentDisplayName: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
RequestedAccessTokenVersion: pulumi.Int(0),
},
Web: &azuread.ApplicationWebArgs{
HomepageUrl: pulumi.String("string"),
ImplicitGrant: &azuread.ApplicationWebImplicitGrantArgs{
AccessTokenIssuanceEnabled: pulumi.Bool(false),
IdTokenIssuanceEnabled: pulumi.Bool(false),
},
LogoutUrl: pulumi.String("string"),
RedirectUris: pulumi.StringArray{
pulumi.String("string"),
},
},
Description: pulumi.String("string"),
AppRoles: azuread.ApplicationAppRoleTypeArray{
&azuread.ApplicationAppRoleTypeArgs{
AllowedMemberTypes: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
Id: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Value: pulumi.String("string"),
},
},
PrivacyStatementUrl: pulumi.String("string"),
PublicClient: &azuread.ApplicationPublicClientArgs{
RedirectUris: pulumi.StringArray{
pulumi.String("string"),
},
},
RequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{
&azuread.ApplicationRequiredResourceAccessArgs{
ResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{
&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
Id: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
ResourceAppId: pulumi.String("string"),
},
},
ServiceManagementReference: pulumi.String("string"),
SignInAudience: pulumi.String("string"),
SinglePageApplication: &azuread.ApplicationSinglePageApplicationArgs{
RedirectUris: pulumi.StringArray{
pulumi.String("string"),
},
},
SupportUrl: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
TemplateId: pulumi.String("string"),
TermsOfServiceUrl: pulumi.String("string"),
OptionalClaims: &azuread.ApplicationOptionalClaimsTypeArgs{
AccessTokens: azuread.ApplicationOptionalClaimsAccessTokenArray{
&azuread.ApplicationOptionalClaimsAccessTokenArgs{
Name: pulumi.String("string"),
AdditionalProperties: pulumi.StringArray{
pulumi.String("string"),
},
Essential: pulumi.Bool(false),
Source: pulumi.String("string"),
},
},
IdTokens: azuread.ApplicationOptionalClaimsIdTokenArray{
&azuread.ApplicationOptionalClaimsIdTokenArgs{
Name: pulumi.String("string"),
AdditionalProperties: pulumi.StringArray{
pulumi.String("string"),
},
Essential: pulumi.Bool(false),
Source: pulumi.String("string"),
},
},
Saml2Tokens: azuread.ApplicationOptionalClaimsSaml2TokenArray{
&azuread.ApplicationOptionalClaimsSaml2TokenArgs{
Name: pulumi.String("string"),
AdditionalProperties: pulumi.StringArray{
pulumi.String("string"),
},
Essential: pulumi.Bool(false),
Source: pulumi.String("string"),
},
},
},
})
var applicationResource = new Application("applicationResource", ApplicationArgs.builder()
.displayName("string")
.oauth2PostResponseRequired(false)
.deviceOnlyAuthEnabled(false)
.owners("string")
.preventDuplicateNames(false)
.fallbackPublicClientEnabled(false)
.featureTags(ApplicationFeatureTagArgs.builder()
.customSingleSignOn(false)
.enterprise(false)
.gallery(false)
.hide(false)
.build())
.groupMembershipClaims("string")
.identifierUris("string")
.logoImage("string")
.marketingUrl("string")
.notes("string")
.api(ApplicationApiArgs.builder()
.knownClientApplications("string")
.mappedClaimsEnabled(false)
.oauth2PermissionScopes(ApplicationApiOauth2PermissionScopeArgs.builder()
.id("string")
.adminConsentDescription("string")
.adminConsentDisplayName("string")
.enabled(false)
.type("string")
.userConsentDescription("string")
.userConsentDisplayName("string")
.value("string")
.build())
.requestedAccessTokenVersion(0)
.build())
.web(ApplicationWebArgs.builder()
.homepageUrl("string")
.implicitGrant(ApplicationWebImplicitGrantArgs.builder()
.accessTokenIssuanceEnabled(false)
.idTokenIssuanceEnabled(false)
.build())
.logoutUrl("string")
.redirectUris("string")
.build())
.description("string")
.appRoles(ApplicationAppRoleArgs.builder()
.allowedMemberTypes("string")
.description("string")
.displayName("string")
.id("string")
.enabled(false)
.value("string")
.build())
.privacyStatementUrl("string")
.publicClient(ApplicationPublicClientArgs.builder()
.redirectUris("string")
.build())
.requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()
.resourceAccesses(ApplicationRequiredResourceAccessResourceAccessArgs.builder()
.id("string")
.type("string")
.build())
.resourceAppId("string")
.build())
.serviceManagementReference("string")
.signInAudience("string")
.singlePageApplication(ApplicationSinglePageApplicationArgs.builder()
.redirectUris("string")
.build())
.supportUrl("string")
.tags("string")
.templateId("string")
.termsOfServiceUrl("string")
.optionalClaims(ApplicationOptionalClaimsArgs.builder()
.accessTokens(ApplicationOptionalClaimsAccessTokenArgs.builder()
.name("string")
.additionalProperties("string")
.essential(false)
.source("string")
.build())
.idTokens(ApplicationOptionalClaimsIdTokenArgs.builder()
.name("string")
.additionalProperties("string")
.essential(false)
.source("string")
.build())
.saml2Tokens(ApplicationOptionalClaimsSaml2TokenArgs.builder()
.name("string")
.additionalProperties("string")
.essential(false)
.source("string")
.build())
.build())
.build());
application_resource = azuread.Application("applicationResource",
display_name="string",
oauth2_post_response_required=False,
device_only_auth_enabled=False,
owners=["string"],
prevent_duplicate_names=False,
fallback_public_client_enabled=False,
feature_tags=[azuread.ApplicationFeatureTagArgs(
custom_single_sign_on=False,
enterprise=False,
gallery=False,
hide=False,
)],
group_membership_claims=["string"],
identifier_uris=["string"],
logo_image="string",
marketing_url="string",
notes="string",
api=azuread.ApplicationApiArgs(
known_client_applications=["string"],
mapped_claims_enabled=False,
oauth2_permission_scopes=[azuread.ApplicationApiOauth2PermissionScopeArgs(
id="string",
admin_consent_description="string",
admin_consent_display_name="string",
enabled=False,
type="string",
user_consent_description="string",
user_consent_display_name="string",
value="string",
)],
requested_access_token_version=0,
),
web=azuread.ApplicationWebArgs(
homepage_url="string",
implicit_grant=azuread.ApplicationWebImplicitGrantArgs(
access_token_issuance_enabled=False,
id_token_issuance_enabled=False,
),
logout_url="string",
redirect_uris=["string"],
),
description="string",
app_roles=[azuread.ApplicationAppRoleArgs(
allowed_member_types=["string"],
description="string",
display_name="string",
id="string",
enabled=False,
value="string",
)],
privacy_statement_url="string",
public_client=azuread.ApplicationPublicClientArgs(
redirect_uris=["string"],
),
required_resource_accesses=[azuread.ApplicationRequiredResourceAccessArgs(
resource_accesses=[azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
id="string",
type="string",
)],
resource_app_id="string",
)],
service_management_reference="string",
sign_in_audience="string",
single_page_application=azuread.ApplicationSinglePageApplicationArgs(
redirect_uris=["string"],
),
support_url="string",
tags=["string"],
template_id="string",
terms_of_service_url="string",
optional_claims=azuread.ApplicationOptionalClaimsArgs(
access_tokens=[azuread.ApplicationOptionalClaimsAccessTokenArgs(
name="string",
additional_properties=["string"],
essential=False,
source="string",
)],
id_tokens=[azuread.ApplicationOptionalClaimsIdTokenArgs(
name="string",
additional_properties=["string"],
essential=False,
source="string",
)],
saml2_tokens=[azuread.ApplicationOptionalClaimsSaml2TokenArgs(
name="string",
additional_properties=["string"],
essential=False,
source="string",
)],
))
const applicationResource = new azuread.Application("applicationResource", {
displayName: "string",
oauth2PostResponseRequired: false,
deviceOnlyAuthEnabled: false,
owners: ["string"],
preventDuplicateNames: false,
fallbackPublicClientEnabled: false,
featureTags: [{
customSingleSignOn: false,
enterprise: false,
gallery: false,
hide: false,
}],
groupMembershipClaims: ["string"],
identifierUris: ["string"],
logoImage: "string",
marketingUrl: "string",
notes: "string",
api: {
knownClientApplications: ["string"],
mappedClaimsEnabled: false,
oauth2PermissionScopes: [{
id: "string",
adminConsentDescription: "string",
adminConsentDisplayName: "string",
enabled: false,
type: "string",
userConsentDescription: "string",
userConsentDisplayName: "string",
value: "string",
}],
requestedAccessTokenVersion: 0,
},
web: {
homepageUrl: "string",
implicitGrant: {
accessTokenIssuanceEnabled: false,
idTokenIssuanceEnabled: false,
},
logoutUrl: "string",
redirectUris: ["string"],
},
description: "string",
appRoles: [{
allowedMemberTypes: ["string"],
description: "string",
displayName: "string",
id: "string",
enabled: false,
value: "string",
}],
privacyStatementUrl: "string",
publicClient: {
redirectUris: ["string"],
},
requiredResourceAccesses: [{
resourceAccesses: [{
id: "string",
type: "string",
}],
resourceAppId: "string",
}],
serviceManagementReference: "string",
signInAudience: "string",
singlePageApplication: {
redirectUris: ["string"],
},
supportUrl: "string",
tags: ["string"],
templateId: "string",
termsOfServiceUrl: "string",
optionalClaims: {
accessTokens: [{
name: "string",
additionalProperties: ["string"],
essential: false,
source: "string",
}],
idTokens: [{
name: "string",
additionalProperties: ["string"],
essential: false,
source: "string",
}],
saml2Tokens: [{
name: "string",
additionalProperties: ["string"],
essential: false,
source: "string",
}],
},
});
type: azuread:Application
properties:
api:
knownClientApplications:
- string
mappedClaimsEnabled: false
oauth2PermissionScopes:
- adminConsentDescription: string
adminConsentDisplayName: string
enabled: false
id: string
type: string
userConsentDescription: string
userConsentDisplayName: string
value: string
requestedAccessTokenVersion: 0
appRoles:
- allowedMemberTypes:
- string
description: string
displayName: string
enabled: false
id: string
value: string
description: string
deviceOnlyAuthEnabled: false
displayName: string
fallbackPublicClientEnabled: false
featureTags:
- customSingleSignOn: false
enterprise: false
gallery: false
hide: false
groupMembershipClaims:
- string
identifierUris:
- string
logoImage: string
marketingUrl: string
notes: string
oauth2PostResponseRequired: false
optionalClaims:
accessTokens:
- additionalProperties:
- string
essential: false
name: string
source: string
idTokens:
- additionalProperties:
- string
essential: false
name: string
source: string
saml2Tokens:
- additionalProperties:
- string
essential: false
name: string
source: string
owners:
- string
preventDuplicateNames: false
privacyStatementUrl: string
publicClient:
redirectUris:
- string
requiredResourceAccesses:
- resourceAccesses:
- id: string
type: string
resourceAppId: string
serviceManagementReference: string
signInAudience: string
singlePageApplication:
redirectUris:
- string
supportUrl: string
tags:
- string
templateId: string
termsOfServiceUrl: string
web:
homepageUrl: string
implicitGrant:
accessTokenIssuanceEnabled: false
idTokenIssuanceEnabled: false
logoutUrl: string
redirectUris:
- string
Application Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Application resource accepts the following input properties:
- Display
Name string - The display name for the application.
- Api
Pulumi.
Azure AD. Inputs. Application Api - An
apiblock as documented below, which configures API related settings for this application. - App
Roles List<Pulumi.Azure AD. Inputs. Application App Role> - A collection of
app_roleblocks as documented below. For more information see official documentation on Application Roles. - Description string
- A description of the application, as shown to end users.
- Device
Only boolAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false. - Fallback
Public boolClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false. -
List<Pulumi.
Azure AD. Inputs. Application Feature Tag> A
feature_tagsblock as described below. Cannot be used together with thetagsproperty.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tagsandtagsfor an application at the same time, so if you need to assign additional custom tags it's recommended to use thetagsproperty instead. Tag values also propagate to any linked service principals.- Group
Membership List<string>Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None,SecurityGroup,DirectoryRole,ApplicationGrouporAll. - Identifier
Uris List<string> - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- Logo
Image string - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- Marketing
Url string - URL of the application's marketing page.
- Notes string
- User-specified notes relevant for the management of the application.
- Oauth2Post
Response boolRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false, which specifies that only GET requests are allowed. - Optional
Claims Pulumi.Azure AD. Inputs. Application Optional Claims - An
optional_claimsblock as documented below. - Owners List<string>
- A list of object IDs of principals that will be granted ownership of the application
- Prevent
Duplicate boolNames - If
true, will return an error if an existing application is found with the same name. Defaults tofalse. - Privacy
Statement stringUrl - URL of the application's privacy statement.
- Public
Client Pulumi.Azure AD. Inputs. Application Public Client - A
public_clientblock as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - Required
Resource List<Pulumi.Accesses Azure AD. Inputs. Application Required Resource Access> - A collection of
required_resource_accessblocks as documented below. - Service
Management stringReference - References application context information from a Service or Asset Management database.
- Sign
In stringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. Defaults toAzureADMyOrg.Changing
sign_in_audiencefor existing applications When updating an existing application to use asign_in_audiencevalue ofAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- Single
Page Pulumi.Application Azure AD. Inputs. Application Single Page Application - A
single_page_applicationblock as documented below, which configures single-page application (SPA) related settings for this application. - Support
Url string - URL of the application's support page.
- List<string>
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tagsblock.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tagsproperty or with thefeature_tagsblock. If you need to set any custom tag values not supported by thefeature_tagsblock, it's recommended to use thetagsproperty. Tag values also propagate to any linked service principals.- Template
Id string Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- Terms
Of stringService Url - URL of the application's terms of service statement.
- Web
Pulumi.
Azure AD. Inputs. Application Web A
webblock as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_namesargument to check for existing applications if you want to avoid name collisions.
- Display
Name string - The display name for the application.
- Api
Application
Api Args - An
apiblock as documented below, which configures API related settings for this application. - App
Roles []ApplicationApp Role Type Args - A collection of
app_roleblocks as documented below. For more information see official documentation on Application Roles. - Description string
- A description of the application, as shown to end users.
- Device
Only boolAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false. - Fallback
Public boolClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false. -
[]Application
Feature Tag Args A
feature_tagsblock as described below. Cannot be used together with thetagsproperty.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tagsandtagsfor an application at the same time, so if you need to assign additional custom tags it's recommended to use thetagsproperty instead. Tag values also propagate to any linked service principals.- Group
Membership []stringClaims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None,SecurityGroup,DirectoryRole,ApplicationGrouporAll. - Identifier
Uris []string - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- Logo
Image string - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- Marketing
Url string - URL of the application's marketing page.
- Notes string
- User-specified notes relevant for the management of the application.
- Oauth2Post
Response boolRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false, which specifies that only GET requests are allowed. - Optional
Claims ApplicationOptional Claims Type Args - An
optional_claimsblock as documented below. - Owners []string
- A list of object IDs of principals that will be granted ownership of the application
- Prevent
Duplicate boolNames - If
true, will return an error if an existing application is found with the same name. Defaults tofalse. - Privacy
Statement stringUrl - URL of the application's privacy statement.
- Public
Client ApplicationPublic Client Args - A
public_clientblock as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - Required
Resource []ApplicationAccesses Required Resource Access Args - A collection of
required_resource_accessblocks as documented below. - Service
Management stringReference - References application context information from a Service or Asset Management database.
- Sign
In stringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. Defaults toAzureADMyOrg.Changing
sign_in_audiencefor existing applications When updating an existing application to use asign_in_audiencevalue ofAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- Single
Page ApplicationApplication Single Page Application Args - A
single_page_applicationblock as documented below, which configures single-page application (SPA) related settings for this application. - Support
Url string - URL of the application's support page.
- []string
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tagsblock.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tagsproperty or with thefeature_tagsblock. If you need to set any custom tag values not supported by thefeature_tagsblock, it's recommended to use thetagsproperty. Tag values also propagate to any linked service principals.- Template
Id string Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- Terms
Of stringService Url - URL of the application's terms of service statement.
- Web
Application
Web Args A
webblock as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_namesargument to check for existing applications if you want to avoid name collisions.
- display
Name String - The display name for the application.
- api
Application
Api - An
apiblock as documented below, which configures API related settings for this application. - app
Roles List<ApplicationApp Role> - A collection of
app_roleblocks as documented below. For more information see official documentation on Application Roles. - description String
- A description of the application, as shown to end users.
- device
Only BooleanAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false. - fallback
Public BooleanClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false. -
List<Application
Feature Tag> A
feature_tagsblock as described below. Cannot be used together with thetagsproperty.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tagsandtagsfor an application at the same time, so if you need to assign additional custom tags it's recommended to use thetagsproperty instead. Tag values also propagate to any linked service principals.- group
Membership List<String>Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None,SecurityGroup,DirectoryRole,ApplicationGrouporAll. - identifier
Uris List<String> - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo
Image String - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- marketing
Url String - URL of the application's marketing page.
- notes String
- User-specified notes relevant for the management of the application.
- oauth2Post
Response BooleanRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false, which specifies that only GET requests are allowed. - optional
Claims ApplicationOptional Claims - An
optional_claimsblock as documented below. - owners List<String>
- A list of object IDs of principals that will be granted ownership of the application
- prevent
Duplicate BooleanNames - If
true, will return an error if an existing application is found with the same name. Defaults tofalse. - privacy
Statement StringUrl - URL of the application's privacy statement.
- public
Client ApplicationPublic Client - A
public_clientblock as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - required
Resource List<ApplicationAccesses Required Resource Access> - A collection of
required_resource_accessblocks as documented below. - service
Management StringReference - References application context information from a Service or Asset Management database.
- sign
In StringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. Defaults toAzureADMyOrg.Changing
sign_in_audiencefor existing applications When updating an existing application to use asign_in_audiencevalue ofAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single
Page ApplicationApplication Single Page Application - A
single_page_applicationblock as documented below, which configures single-page application (SPA) related settings for this application. - support
Url String - URL of the application's support page.
- List<String>
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tagsblock.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tagsproperty or with thefeature_tagsblock. If you need to set any custom tag values not supported by thefeature_tagsblock, it's recommended to use thetagsproperty. Tag values also propagate to any linked service principals.- template
Id String Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms
Of StringService Url - URL of the application's terms of service statement.
- web
Application
Web A
webblock as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_namesargument to check for existing applications if you want to avoid name collisions.
- display
Name string - The display name for the application.
- api
Application
Api - An
apiblock as documented below, which configures API related settings for this application. - app
Roles ApplicationApp Role[] - A collection of
app_roleblocks as documented below. For more information see official documentation on Application Roles. - description string
- A description of the application, as shown to end users.
- device
Only booleanAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false. - fallback
Public booleanClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false. -
Application
Feature Tag[] A
feature_tagsblock as described below. Cannot be used together with thetagsproperty.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tagsandtagsfor an application at the same time, so if you need to assign additional custom tags it's recommended to use thetagsproperty instead. Tag values also propagate to any linked service principals.- group
Membership string[]Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None,SecurityGroup,DirectoryRole,ApplicationGrouporAll. - identifier
Uris string[] - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo
Image string - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- marketing
Url string - URL of the application's marketing page.
- notes string
- User-specified notes relevant for the management of the application.
- oauth2Post
Response booleanRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false, which specifies that only GET requests are allowed. - optional
Claims ApplicationOptional Claims - An
optional_claimsblock as documented below. - owners string[]
- A list of object IDs of principals that will be granted ownership of the application
- prevent
Duplicate booleanNames - If
true, will return an error if an existing application is found with the same name. Defaults tofalse. - privacy
Statement stringUrl - URL of the application's privacy statement.
- public
Client ApplicationPublic Client - A
public_clientblock as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - required
Resource ApplicationAccesses Required Resource Access[] - A collection of
required_resource_accessblocks as documented below. - service
Management stringReference - References application context information from a Service or Asset Management database.
- sign
In stringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. Defaults toAzureADMyOrg.Changing
sign_in_audiencefor existing applications When updating an existing application to use asign_in_audiencevalue ofAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single
Page ApplicationApplication Single Page Application - A
single_page_applicationblock as documented below, which configures single-page application (SPA) related settings for this application. - support
Url string - URL of the application's support page.
- string[]
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tagsblock.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tagsproperty or with thefeature_tagsblock. If you need to set any custom tag values not supported by thefeature_tagsblock, it's recommended to use thetagsproperty. Tag values also propagate to any linked service principals.- template
Id string Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms
Of stringService Url - URL of the application's terms of service statement.
- web
Application
Web A
webblock as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_namesargument to check for existing applications if you want to avoid name collisions.
- display_
name str - The display name for the application.
- api
Application
Api Args - An
apiblock as documented below, which configures API related settings for this application. - app_
roles Sequence[ApplicationApp Role Args] - A collection of
app_roleblocks as documented below. For more information see official documentation on Application Roles. - description str
- A description of the application, as shown to end users.
- device_
only_ boolauth_ enabled - Specifies whether this application supports device authentication without a user. Defaults to
false. - fallback_
public_ boolclient_ enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false. -
Sequence[Application
Feature Tag Args] A
feature_tagsblock as described below. Cannot be used together with thetagsproperty.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tagsandtagsfor an application at the same time, so if you need to assign additional custom tags it's recommended to use thetagsproperty instead. Tag values also propagate to any linked service principals.- group_
membership_ Sequence[str]claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None,SecurityGroup,DirectoryRole,ApplicationGrouporAll. - identifier_
uris Sequence[str] - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo_
image str - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- marketing_
url str - URL of the application's marketing page.
- notes str
- User-specified notes relevant for the management of the application.
- oauth2_
post_ boolresponse_ required - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false, which specifies that only GET requests are allowed. - optional_
claims ApplicationOptional Claims Args - An
optional_claimsblock as documented below. - owners Sequence[str]
- A list of object IDs of principals that will be granted ownership of the application
- prevent_
duplicate_ boolnames - If
true, will return an error if an existing application is found with the same name. Defaults tofalse. - privacy_
statement_ strurl - URL of the application's privacy statement.
- public_
client ApplicationPublic Client Args - A
public_clientblock as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - required_
resource_ Sequence[Applicationaccesses Required Resource Access Args] - A collection of
required_resource_accessblocks as documented below. - service_
management_ strreference - References application context information from a Service or Asset Management database.
- sign_
in_ straudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. Defaults toAzureADMyOrg.Changing
sign_in_audiencefor existing applications When updating an existing application to use asign_in_audiencevalue ofAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single_
page_ Applicationapplication Single Page Application Args - A
single_page_applicationblock as documented below, which configures single-page application (SPA) related settings for this application. - support_
url str - URL of the application's support page.
- Sequence[str]
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tagsblock.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tagsproperty or with thefeature_tagsblock. If you need to set any custom tag values not supported by thefeature_tagsblock, it's recommended to use thetagsproperty. Tag values also propagate to any linked service principals.- template_
id str Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms_
of_ strservice_ url - URL of the application's terms of service statement.
- web
Application
Web Args A
webblock as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_namesargument to check for existing applications if you want to avoid name collisions.
- display
Name String - The display name for the application.
- api Property Map
- An
apiblock as documented below, which configures API related settings for this application. - app
Roles List<Property Map> - A collection of
app_roleblocks as documented below. For more information see official documentation on Application Roles. - description String
- A description of the application, as shown to end users.
- device
Only BooleanAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false. - fallback
Public BooleanClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false. - List<Property Map>
A
feature_tagsblock as described below. Cannot be used together with thetagsproperty.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tagsandtagsfor an application at the same time, so if you need to assign additional custom tags it's recommended to use thetagsproperty instead. Tag values also propagate to any linked service principals.- group
Membership List<String>Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None,SecurityGroup,DirectoryRole,ApplicationGrouporAll. - identifier
Uris List<String> - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo
Image String - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- marketing
Url String - URL of the application's marketing page.
- notes String
- User-specified notes relevant for the management of the application.
- oauth2Post
Response BooleanRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false, which specifies that only GET requests are allowed. - optional
Claims Property Map - An
optional_claimsblock as documented below. - owners List<String>
- A list of object IDs of principals that will be granted ownership of the application
- prevent
Duplicate BooleanNames - If
true, will return an error if an existing application is found with the same name. Defaults tofalse. - privacy
Statement StringUrl - URL of the application's privacy statement.
- public
Client Property Map - A
public_clientblock as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - required
Resource List<Property Map>Accesses - A collection of
required_resource_accessblocks as documented below. - service
Management StringReference - References application context information from a Service or Asset Management database.
- sign
In StringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. Defaults toAzureADMyOrg.Changing
sign_in_audiencefor existing applications When updating an existing application to use asign_in_audiencevalue ofAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single
Page Property MapApplication - A
single_page_applicationblock as documented below, which configures single-page application (SPA) related settings for this application. - support
Url String - URL of the application's support page.
- List<String>
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tagsblock.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tagsproperty or with thefeature_tagsblock. If you need to set any custom tag values not supported by thefeature_tagsblock, it's recommended to use thetagsproperty. Tag values also propagate to any linked service principals.- template
Id String Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms
Of StringService Url - URL of the application's terms of service statement.
- web Property Map
A
webblock as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_namesargument to check for existing applications if you want to avoid name collisions.
Outputs
All input properties are implicitly available as output properties. Additionally, the Application resource produces the following output properties:
- App
Role Dictionary<string, string>Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- Application
Id string - The Application ID (also called Client ID)
- Client
Id string - The Client ID for the application.
- Disabled
By stringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement - Id string
- The provider-assigned unique ID for this managed resource.
- Logo
Url string - CDN URL to the application's logo, as uploaded with the
logo_imageproperty. - Oauth2Permission
Scope Dictionary<string, string>Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- Object
Id string - The application's object ID.
- Publisher
Domain string - The verified publisher domain for the application.
- App
Role map[string]stringIds - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- Application
Id string - The Application ID (also called Client ID)
- Client
Id string - The Client ID for the application.
- Disabled
By stringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement - Id string
- The provider-assigned unique ID for this managed resource.
- Logo
Url string - CDN URL to the application's logo, as uploaded with the
logo_imageproperty. - Oauth2Permission
Scope map[string]stringIds - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- Object
Id string - The application's object ID.
- Publisher
Domain string - The verified publisher domain for the application.
- app
Role Map<String,String>Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- application
Id String - The Application ID (also called Client ID)
- client
Id String - The Client ID for the application.
- disabled
By StringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement - id String
- The provider-assigned unique ID for this managed resource.
- logo
Url String - CDN URL to the application's logo, as uploaded with the
logo_imageproperty. - oauth2Permission
Scope Map<String,String>Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- object
Id String - The application's object ID.
- publisher
Domain String - The verified publisher domain for the application.
- app
Role {[key: string]: string}Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- application
Id string - The Application ID (also called Client ID)
- client
Id string - The Client ID for the application.
- disabled
By stringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement - id string
- The provider-assigned unique ID for this managed resource.
- logo
Url string - CDN URL to the application's logo, as uploaded with the
logo_imageproperty. - oauth2Permission
Scope {[key: string]: string}Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- object
Id string - The application's object ID.
- publisher
Domain string - The verified publisher domain for the application.
- app_
role_ Mapping[str, str]ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- application_
id str - The Application ID (also called Client ID)
- client_
id str - The Client ID for the application.
- disabled_
by_ strmicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement - id str
- The provider-assigned unique ID for this managed resource.
- logo_
url str - CDN URL to the application's logo, as uploaded with the
logo_imageproperty. - oauth2_
permission_ Mapping[str, str]scope_ ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- object_
id str - The application's object ID.
- publisher_
domain str - The verified publisher domain for the application.
- app
Role Map<String>Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- application
Id String - The Application ID (also called Client ID)
- client
Id String - The Client ID for the application.
- disabled
By StringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement - id String
- The provider-assigned unique ID for this managed resource.
- logo
Url String - CDN URL to the application's logo, as uploaded with the
logo_imageproperty. - oauth2Permission
Scope Map<String>Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- object
Id String - The application's object ID.
- publisher
Domain String - The verified publisher domain for the application.
Look up Existing Application Resource
Get an existing Application resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ApplicationState, opts?: CustomResourceOptions): Application@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
api: Optional[ApplicationApiArgs] = None,
app_role_ids: Optional[Mapping[str, str]] = None,
app_roles: Optional[Sequence[ApplicationAppRoleArgs]] = None,
application_id: Optional[str] = None,
client_id: Optional[str] = None,
description: Optional[str] = None,
device_only_auth_enabled: Optional[bool] = None,
disabled_by_microsoft: Optional[str] = None,
display_name: Optional[str] = None,
fallback_public_client_enabled: Optional[bool] = None,
feature_tags: Optional[Sequence[ApplicationFeatureTagArgs]] = None,
group_membership_claims: Optional[Sequence[str]] = None,
identifier_uris: Optional[Sequence[str]] = None,
logo_image: Optional[str] = None,
logo_url: Optional[str] = None,
marketing_url: Optional[str] = None,
notes: Optional[str] = None,
oauth2_permission_scope_ids: Optional[Mapping[str, str]] = None,
oauth2_post_response_required: Optional[bool] = None,
object_id: Optional[str] = None,
optional_claims: Optional[ApplicationOptionalClaimsArgs] = None,
owners: Optional[Sequence[str]] = None,
prevent_duplicate_names: Optional[bool] = None,
privacy_statement_url: Optional[str] = None,
public_client: Optional[ApplicationPublicClientArgs] = None,
publisher_domain: Optional[str] = None,
required_resource_accesses: Optional[Sequence[ApplicationRequiredResourceAccessArgs]] = None,
service_management_reference: Optional[str] = None,
sign_in_audience: Optional[str] = None,
single_page_application: Optional[ApplicationSinglePageApplicationArgs] = None,
support_url: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
template_id: Optional[str] = None,
terms_of_service_url: Optional[str] = None,
web: Optional[ApplicationWebArgs] = None) -> Applicationfunc GetApplication(ctx *Context, name string, id IDInput, state *ApplicationState, opts ...ResourceOption) (*Application, error)public static Application Get(string name, Input<string> id, ApplicationState? state, CustomResourceOptions? opts = null)public static Application get(String name, Output<String> id, ApplicationState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Api
Pulumi.
Azure AD. Inputs. Application Api - An
apiblock as documented below, which configures API related settings for this application. - App
Role Dictionary<string, string>Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- App
Roles List<Pulumi.Azure AD. Inputs. Application App Role> - A collection of
app_roleblocks as documented below. For more information see official documentation on Application Roles. - Application
Id string - The Application ID (also called Client ID)
- Client
Id string - The Client ID for the application.
- Description string
- A description of the application, as shown to end users.
- Device
Only boolAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false. - Disabled
By stringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement - Display
Name string - The display name for the application.
- Fallback
Public boolClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false. -
List<Pulumi.
Azure AD. Inputs. Application Feature Tag> A
feature_tagsblock as described below. Cannot be used together with thetagsproperty.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tagsandtagsfor an application at the same time, so if you need to assign additional custom tags it's recommended to use thetagsproperty instead. Tag values also propagate to any linked service principals.- Group
Membership List<string>Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None,SecurityGroup,DirectoryRole,ApplicationGrouporAll. - Identifier
Uris List<string> - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- Logo
Image string - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- Logo
Url string - CDN URL to the application's logo, as uploaded with the
logo_imageproperty. - Marketing
Url string - URL of the application's marketing page.
- Notes string
- User-specified notes relevant for the management of the application.
- Oauth2Permission
Scope Dictionary<string, string>Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- Oauth2Post
Response boolRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false, which specifies that only GET requests are allowed. - Object
Id string - The application's object ID.
- Optional
Claims Pulumi.Azure AD. Inputs. Application Optional Claims - An
optional_claimsblock as documented below. - Owners List<string>
- A list of object IDs of principals that will be granted ownership of the application
- Prevent
Duplicate boolNames - If
true, will return an error if an existing application is found with the same name. Defaults tofalse. - Privacy
Statement stringUrl - URL of the application's privacy statement.
- Public
Client Pulumi.Azure AD. Inputs. Application Public Client - A
public_clientblock as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - Publisher
Domain string - The verified publisher domain for the application.
- Required
Resource List<Pulumi.Accesses Azure AD. Inputs. Application Required Resource Access> - A collection of
required_resource_accessblocks as documented below. - Service
Management stringReference - References application context information from a Service or Asset Management database.
- Sign
In stringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. Defaults toAzureADMyOrg.Changing
sign_in_audiencefor existing applications When updating an existing application to use asign_in_audiencevalue ofAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- Single
Page Pulumi.Application Azure AD. Inputs. Application Single Page Application - A
single_page_applicationblock as documented below, which configures single-page application (SPA) related settings for this application. - Support
Url string - URL of the application's support page.
- List<string>
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tagsblock.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tagsproperty or with thefeature_tagsblock. If you need to set any custom tag values not supported by thefeature_tagsblock, it's recommended to use thetagsproperty. Tag values also propagate to any linked service principals.- Template
Id string Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- Terms
Of stringService Url - URL of the application's terms of service statement.
- Web
Pulumi.
Azure AD. Inputs. Application Web A
webblock as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_namesargument to check for existing applications if you want to avoid name collisions.
- Api
Application
Api Args - An
apiblock as documented below, which configures API related settings for this application. - App
Role map[string]stringIds - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- App
Roles []ApplicationApp Role Type Args - A collection of
app_roleblocks as documented below. For more information see official documentation on Application Roles. - Application
Id string - The Application ID (also called Client ID)
- Client
Id string - The Client ID for the application.
- Description string
- A description of the application, as shown to end users.
- Device
Only boolAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false. - Disabled
By stringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement - Display
Name string - The display name for the application.
- Fallback
Public boolClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false. -
[]Application
Feature Tag Args A
feature_tagsblock as described below. Cannot be used together with thetagsproperty.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tagsandtagsfor an application at the same time, so if you need to assign additional custom tags it's recommended to use thetagsproperty instead. Tag values also propagate to any linked service principals.- Group
Membership []stringClaims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None,SecurityGroup,DirectoryRole,ApplicationGrouporAll. - Identifier
Uris []string - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- Logo
Image string - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- Logo
Url string - CDN URL to the application's logo, as uploaded with the
logo_imageproperty. - Marketing
Url string - URL of the application's marketing page.
- Notes string
- User-specified notes relevant for the management of the application.
- Oauth2Permission
Scope map[string]stringIds - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- Oauth2Post
Response boolRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false, which specifies that only GET requests are allowed. - Object
Id string - The application's object ID.
- Optional
Claims ApplicationOptional Claims Type Args - An
optional_claimsblock as documented below. - Owners []string
- A list of object IDs of principals that will be granted ownership of the application
- Prevent
Duplicate boolNames - If
true, will return an error if an existing application is found with the same name. Defaults tofalse. - Privacy
Statement stringUrl - URL of the application's privacy statement.
- Public
Client ApplicationPublic Client Args - A
public_clientblock as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - Publisher
Domain string - The verified publisher domain for the application.
- Required
Resource []ApplicationAccesses Required Resource Access Args - A collection of
required_resource_accessblocks as documented below. - Service
Management stringReference - References application context information from a Service or Asset Management database.
- Sign
In stringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. Defaults toAzureADMyOrg.Changing
sign_in_audiencefor existing applications When updating an existing application to use asign_in_audiencevalue ofAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- Single
Page ApplicationApplication Single Page Application Args - A
single_page_applicationblock as documented below, which configures single-page application (SPA) related settings for this application. - Support
Url string - URL of the application's support page.
- []string
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tagsblock.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tagsproperty or with thefeature_tagsblock. If you need to set any custom tag values not supported by thefeature_tagsblock, it's recommended to use thetagsproperty. Tag values also propagate to any linked service principals.- Template
Id string Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- Terms
Of stringService Url - URL of the application's terms of service statement.
- Web
Application
Web Args A
webblock as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_namesargument to check for existing applications if you want to avoid name collisions.
- api
Application
Api - An
apiblock as documented below, which configures API related settings for this application. - app
Role Map<String,String>Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- app
Roles List<ApplicationApp Role> - A collection of
app_roleblocks as documented below. For more information see official documentation on Application Roles. - application
Id String - The Application ID (also called Client ID)
- client
Id String - The Client ID for the application.
- description String
- A description of the application, as shown to end users.
- device
Only BooleanAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false. - disabled
By StringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement - display
Name String - The display name for the application.
- fallback
Public BooleanClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false. -
List<Application
Feature Tag> A
feature_tagsblock as described below. Cannot be used together with thetagsproperty.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tagsandtagsfor an application at the same time, so if you need to assign additional custom tags it's recommended to use thetagsproperty instead. Tag values also propagate to any linked service principals.- group
Membership List<String>Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None,SecurityGroup,DirectoryRole,ApplicationGrouporAll. - identifier
Uris List<String> - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo
Image String - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- logo
Url String - CDN URL to the application's logo, as uploaded with the
logo_imageproperty. - marketing
Url String - URL of the application's marketing page.
- notes String
- User-specified notes relevant for the management of the application.
- oauth2Permission
Scope Map<String,String>Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- oauth2Post
Response BooleanRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false, which specifies that only GET requests are allowed. - object
Id String - The application's object ID.
- optional
Claims ApplicationOptional Claims - An
optional_claimsblock as documented below. - owners List<String>
- A list of object IDs of principals that will be granted ownership of the application
- prevent
Duplicate BooleanNames - If
true, will return an error if an existing application is found with the same name. Defaults tofalse. - privacy
Statement StringUrl - URL of the application's privacy statement.
- public
Client ApplicationPublic Client - A
public_clientblock as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - publisher
Domain String - The verified publisher domain for the application.
- required
Resource List<ApplicationAccesses Required Resource Access> - A collection of
required_resource_accessblocks as documented below. - service
Management StringReference - References application context information from a Service or Asset Management database.
- sign
In StringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. Defaults toAzureADMyOrg.Changing
sign_in_audiencefor existing applications When updating an existing application to use asign_in_audiencevalue ofAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single
Page ApplicationApplication Single Page Application - A
single_page_applicationblock as documented below, which configures single-page application (SPA) related settings for this application. - support
Url String - URL of the application's support page.
- List<String>
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tagsblock.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tagsproperty or with thefeature_tagsblock. If you need to set any custom tag values not supported by thefeature_tagsblock, it's recommended to use thetagsproperty. Tag values also propagate to any linked service principals.- template
Id String Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms
Of StringService Url - URL of the application's terms of service statement.
- web
Application
Web A
webblock as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_namesargument to check for existing applications if you want to avoid name collisions.
- api
Application
Api - An
apiblock as documented below, which configures API related settings for this application. - app
Role {[key: string]: string}Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- app
Roles ApplicationApp Role[] - A collection of
app_roleblocks as documented below. For more information see official documentation on Application Roles. - application
Id string - The Application ID (also called Client ID)
- client
Id string - The Client ID for the application.
- description string
- A description of the application, as shown to end users.
- device
Only booleanAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false. - disabled
By stringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement - display
Name string - The display name for the application.
- fallback
Public booleanClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false. -
Application
Feature Tag[] A
feature_tagsblock as described below. Cannot be used together with thetagsproperty.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tagsandtagsfor an application at the same time, so if you need to assign additional custom tags it's recommended to use thetagsproperty instead. Tag values also propagate to any linked service principals.- group
Membership string[]Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None,SecurityGroup,DirectoryRole,ApplicationGrouporAll. - identifier
Uris string[] - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo
Image string - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- logo
Url string - CDN URL to the application's logo, as uploaded with the
logo_imageproperty. - marketing
Url string - URL of the application's marketing page.
- notes string
- User-specified notes relevant for the management of the application.
- oauth2Permission
Scope {[key: string]: string}Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- oauth2Post
Response booleanRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false, which specifies that only GET requests are allowed. - object
Id string - The application's object ID.
- optional
Claims ApplicationOptional Claims - An
optional_claimsblock as documented below. - owners string[]
- A list of object IDs of principals that will be granted ownership of the application
- prevent
Duplicate booleanNames - If
true, will return an error if an existing application is found with the same name. Defaults tofalse. - privacy
Statement stringUrl - URL of the application's privacy statement.
- public
Client ApplicationPublic Client - A
public_clientblock as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - publisher
Domain string - The verified publisher domain for the application.
- required
Resource ApplicationAccesses Required Resource Access[] - A collection of
required_resource_accessblocks as documented below. - service
Management stringReference - References application context information from a Service or Asset Management database.
- sign
In stringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. Defaults toAzureADMyOrg.Changing
sign_in_audiencefor existing applications When updating an existing application to use asign_in_audiencevalue ofAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single
Page ApplicationApplication Single Page Application - A
single_page_applicationblock as documented below, which configures single-page application (SPA) related settings for this application. - support
Url string - URL of the application's support page.
- string[]
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tagsblock.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tagsproperty or with thefeature_tagsblock. If you need to set any custom tag values not supported by thefeature_tagsblock, it's recommended to use thetagsproperty. Tag values also propagate to any linked service principals.- template
Id string Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms
Of stringService Url - URL of the application's terms of service statement.
- web
Application
Web A
webblock as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_namesargument to check for existing applications if you want to avoid name collisions.
- api
Application
Api Args - An
apiblock as documented below, which configures API related settings for this application. - app_
role_ Mapping[str, str]ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- app_
roles Sequence[ApplicationApp Role Args] - A collection of
app_roleblocks as documented below. For more information see official documentation on Application Roles. - application_
id str - The Application ID (also called Client ID)
- client_
id str - The Client ID for the application.
- description str
- A description of the application, as shown to end users.
- device_
only_ boolauth_ enabled - Specifies whether this application supports device authentication without a user. Defaults to
false. - disabled_
by_ strmicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement - display_
name str - The display name for the application.
- fallback_
public_ boolclient_ enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false. -
Sequence[Application
Feature Tag Args] A
feature_tagsblock as described below. Cannot be used together with thetagsproperty.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tagsandtagsfor an application at the same time, so if you need to assign additional custom tags it's recommended to use thetagsproperty instead. Tag values also propagate to any linked service principals.- group_
membership_ Sequence[str]claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None,SecurityGroup,DirectoryRole,ApplicationGrouporAll. - identifier_
uris Sequence[str] - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo_
image str - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- logo_
url str - CDN URL to the application's logo, as uploaded with the
logo_imageproperty. - marketing_
url str - URL of the application's marketing page.
- notes str
- User-specified notes relevant for the management of the application.
- oauth2_
permission_ Mapping[str, str]scope_ ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- oauth2_
post_ boolresponse_ required - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false, which specifies that only GET requests are allowed. - object_
id str - The application's object ID.
- optional_
claims ApplicationOptional Claims Args - An
optional_claimsblock as documented below. - owners Sequence[str]
- A list of object IDs of principals that will be granted ownership of the application
- prevent_
duplicate_ boolnames - If
true, will return an error if an existing application is found with the same name. Defaults tofalse. - privacy_
statement_ strurl - URL of the application's privacy statement.
- public_
client ApplicationPublic Client Args - A
public_clientblock as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - publisher_
domain str - The verified publisher domain for the application.
- required_
resource_ Sequence[Applicationaccesses Required Resource Access Args] - A collection of
required_resource_accessblocks as documented below. - service_
management_ strreference - References application context information from a Service or Asset Management database.
- sign_
in_ straudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. Defaults toAzureADMyOrg.Changing
sign_in_audiencefor existing applications When updating an existing application to use asign_in_audiencevalue ofAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single_
page_ Applicationapplication Single Page Application Args - A
single_page_applicationblock as documented below, which configures single-page application (SPA) related settings for this application. - support_
url str - URL of the application's support page.
- Sequence[str]
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tagsblock.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tagsproperty or with thefeature_tagsblock. If you need to set any custom tag values not supported by thefeature_tagsblock, it's recommended to use thetagsproperty. Tag values also propagate to any linked service principals.- template_
id str Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms_
of_ strservice_ url - URL of the application's terms of service statement.
- web
Application
Web Args A
webblock as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_namesargument to check for existing applications if you want to avoid name collisions.
- api Property Map
- An
apiblock as documented below, which configures API related settings for this application. - app
Role Map<String>Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- app
Roles List<Property Map> - A collection of
app_roleblocks as documented below. For more information see official documentation on Application Roles. - application
Id String - The Application ID (also called Client ID)
- client
Id String - The Client ID for the application.
- description String
- A description of the application, as shown to end users.
- device
Only BooleanAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false. - disabled
By StringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement - display
Name String - The display name for the application.
- fallback
Public BooleanClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false. - List<Property Map>
A
feature_tagsblock as described below. Cannot be used together with thetagsproperty.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tagsandtagsfor an application at the same time, so if you need to assign additional custom tags it's recommended to use thetagsproperty instead. Tag values also propagate to any linked service principals.- group
Membership List<String>Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None,SecurityGroup,DirectoryRole,ApplicationGrouporAll. - identifier
Uris List<String> - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo
Image String - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- logo
Url String - CDN URL to the application's logo, as uploaded with the
logo_imageproperty. - marketing
Url String - URL of the application's marketing page.
- notes String
- User-specified notes relevant for the management of the application.
- oauth2Permission
Scope Map<String>Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- oauth2Post
Response BooleanRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false, which specifies that only GET requests are allowed. - object
Id String - The application's object ID.
- optional
Claims Property Map - An
optional_claimsblock as documented below. - owners List<String>
- A list of object IDs of principals that will be granted ownership of the application
- prevent
Duplicate BooleanNames - If
true, will return an error if an existing application is found with the same name. Defaults tofalse. - privacy
Statement StringUrl - URL of the application's privacy statement.
- public
Client Property Map - A
public_clientblock as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - publisher
Domain String - The verified publisher domain for the application.
- required
Resource List<Property Map>Accesses - A collection of
required_resource_accessblocks as documented below. - service
Management StringReference - References application context information from a Service or Asset Management database.
- sign
In StringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. Defaults toAzureADMyOrg.Changing
sign_in_audiencefor existing applications When updating an existing application to use asign_in_audiencevalue ofAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single
Page Property MapApplication - A
single_page_applicationblock as documented below, which configures single-page application (SPA) related settings for this application. - support
Url String - URL of the application's support page.
- List<String>
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tagsblock.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tagsproperty or with thefeature_tagsblock. If you need to set any custom tag values not supported by thefeature_tagsblock, it's recommended to use thetagsproperty. Tag values also propagate to any linked service principals.- template
Id String Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms
Of StringService Url - URL of the application's terms of service statement.
- web Property Map
A
webblock as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_namesargument to check for existing applications if you want to avoid name collisions.
Supporting Types
ApplicationApi, ApplicationApiArgs
- Known
Client List<string>Applications - A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
- Mapped
Claims boolEnabled - Allows an application to use claims mapping without specifying a custom signing key. Defaults to
false. - Oauth2Permission
Scopes List<Pulumi.Azure AD. Inputs. Application Api Oauth2Permission Scope> - One or more
oauth2_permission_scopeblocks as documented below, to describe delegated permissions exposed by the web API represented by this application. - Requested
Access intToken Version - The access token version expected by this resource. Must be one of
1or2, and must be2whensign_in_audienceis eitherAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccountDefaults to1.
- Known
Client []stringApplications - A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
- Mapped
Claims boolEnabled - Allows an application to use claims mapping without specifying a custom signing key. Defaults to
false. - Oauth2Permission
Scopes []ApplicationApi Oauth2Permission Scope - One or more
oauth2_permission_scopeblocks as documented below, to describe delegated permissions exposed by the web API represented by this application. - Requested
Access intToken Version - The access token version expected by this resource. Must be one of
1or2, and must be2whensign_in_audienceis eitherAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccountDefaults to1.
- known
Client List<String>Applications - A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
- mapped
Claims BooleanEnabled - Allows an application to use claims mapping without specifying a custom signing key. Defaults to
false. - oauth2Permission
Scopes List<ApplicationApi Oauth2Permission Scope> - One or more
oauth2_permission_scopeblocks as documented below, to describe delegated permissions exposed by the web API represented by this application. - requested
Access IntegerToken Version - The access token version expected by this resource. Must be one of
1or2, and must be2whensign_in_audienceis eitherAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccountDefaults to1.
- known
Client string[]Applications - A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
- mapped
Claims booleanEnabled - Allows an application to use claims mapping without specifying a custom signing key. Defaults to
false. - oauth2Permission
Scopes ApplicationApi Oauth2Permission Scope[] - One or more
oauth2_permission_scopeblocks as documented below, to describe delegated permissions exposed by the web API represented by this application. - requested
Access numberToken Version - The access token version expected by this resource. Must be one of
1or2, and must be2whensign_in_audienceis eitherAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccountDefaults to1.
- known_
client_ Sequence[str]applications - A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
- mapped_
claims_ boolenabled - Allows an application to use claims mapping without specifying a custom signing key. Defaults to
false. - oauth2_
permission_ Sequence[Applicationscopes Api Oauth2Permission Scope] - One or more
oauth2_permission_scopeblocks as documented below, to describe delegated permissions exposed by the web API represented by this application. - requested_
access_ inttoken_ version - The access token version expected by this resource. Must be one of
1or2, and must be2whensign_in_audienceis eitherAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccountDefaults to1.
- known
Client List<String>Applications - A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
- mapped
Claims BooleanEnabled - Allows an application to use claims mapping without specifying a custom signing key. Defaults to
false. - oauth2Permission
Scopes List<Property Map> - One or more
oauth2_permission_scopeblocks as documented below, to describe delegated permissions exposed by the web API represented by this application. - requested
Access NumberToken Version - The access token version expected by this resource. Must be one of
1or2, and must be2whensign_in_audienceis eitherAzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccountDefaults to1.
ApplicationApiOauth2PermissionScope, ApplicationApiOauth2PermissionScopeArgs
- Id string
The unique identifier of the delegated permission. Must be a valid UUID.
Tip: Generating a UUID for the
idfield To generate a value for theidfield in cases where the actual UUID is not important, you can use therandom_uuidresource. See the application example in the provider repository.- Admin
Consent stringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- Admin
Consent stringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- Enabled bool
- Determines if the permission scope is enabled. Defaults to
true. - Type string
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to
User. Possible values areUserorAdmin. - User
Consent stringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- User
Consent stringDisplay Name - Display name for the delegated permission that appears in the end user consent experience.
- Value string
- The value that is used for the
scpclaim in OAuth 2.0 access tokens
- Id string
The unique identifier of the delegated permission. Must be a valid UUID.
Tip: Generating a UUID for the
idfield To generate a value for theidfield in cases where the actual UUID is not important, you can use therandom_uuidresource. See the application example in the provider repository.- Admin
Consent stringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- Admin
Consent stringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- Enabled bool
- Determines if the permission scope is enabled. Defaults to
true. - Type string
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to
User. Possible values areUserorAdmin. - User
Consent stringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- User
Consent stringDisplay Name - Display name for the delegated permission that appears in the end user consent experience.
- Value string
- The value that is used for the
scpclaim in OAuth 2.0 access tokens
- id String
The unique identifier of the delegated permission. Must be a valid UUID.
Tip: Generating a UUID for the
idfield To generate a value for theidfield in cases where the actual UUID is not important, you can use therandom_uuidresource. See the application example in the provider repository.- admin
Consent StringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin
Consent StringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- enabled Boolean
- Determines if the permission scope is enabled. Defaults to
true. - type String
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to
User. Possible values areUserorAdmin. - user
Consent StringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user
Consent StringDisplay Name - Display name for the delegated permission that appears in the end user consent experience.
- value String
- The value that is used for the
scpclaim in OAuth 2.0 access tokens
- id string
The unique identifier of the delegated permission. Must be a valid UUID.
Tip: Generating a UUID for the
idfield To generate a value for theidfield in cases where the actual UUID is not important, you can use therandom_uuidresource. See the application example in the provider repository.- admin
Consent stringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin
Consent stringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- enabled boolean
- Determines if the permission scope is enabled. Defaults to
true. - type string
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to
User. Possible values areUserorAdmin. - user
Consent stringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user
Consent stringDisplay Name - Display name for the delegated permission that appears in the end user consent experience.
- value string
- The value that is used for the
scpclaim in OAuth 2.0 access tokens
- id str
The unique identifier of the delegated permission. Must be a valid UUID.
Tip: Generating a UUID for the
idfield To generate a value for theidfield in cases where the actual UUID is not important, you can use therandom_uuidresource. See the application example in the provider repository.- admin_
consent_ strdescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin_
consent_ strdisplay_ name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- enabled bool
- Determines if the permission scope is enabled. Defaults to
true. - type str
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to
User. Possible values areUserorAdmin. - user_
consent_ strdescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user_
consent_ strdisplay_ name - Display name for the delegated permission that appears in the end user consent experience.
- value str
- The value that is used for the
scpclaim in OAuth 2.0 access tokens
- id String
The unique identifier of the delegated permission. Must be a valid UUID.
Tip: Generating a UUID for the
idfield To generate a value for theidfield in cases where the actual UUID is not important, you can use therandom_uuidresource. See the application example in the provider repository.- admin
Consent StringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin
Consent StringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- enabled Boolean
- Determines if the permission scope is enabled. Defaults to
true. - type String
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to
User. Possible values areUserorAdmin. - user
Consent StringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user
Consent StringDisplay Name - Display name for the delegated permission that appears in the end user consent experience.
- value String
- The value that is used for the
scpclaim in OAuth 2.0 access tokens
ApplicationAppRole, ApplicationAppRoleArgs
- Allowed
Member List<string>Types - Specifies whether this app role definition can be assigned to users and groups by setting to
User, or to other applications (that are accessing this application in a standalone scenario) by setting toApplication, or to both. - Description string
- Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
- Display
Name string - Display name for the app role that appears during app role assignment and in consent experiences.
- Id string
The unique identifier of the app role. Must be a valid UUID.
Tip: Generating a UUID for the
idfield To generate a value for theidfield in cases where the actual UUID is not important, you can use therandom_uuidresource. See the application example in the provider repository.- Enabled bool
- Determines if the app role is enabled. Defaults to
true. - Value string
- The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
- Allowed
Member []stringTypes - Specifies whether this app role definition can be assigned to users and groups by setting to
User, or to other applications (that are accessing this application in a standalone scenario) by setting toApplication, or to both. - Description string
- Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
- Display
Name string - Display name for the app role that appears during app role assignment and in consent experiences.
- Id string
The unique identifier of the app role. Must be a valid UUID.
Tip: Generating a UUID for the
idfield To generate a value for theidfield in cases where the actual UUID is not important, you can use therandom_uuidresource. See the application example in the provider repository.- Enabled bool
- Determines if the app role is enabled. Defaults to
true. - Value string
- The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
- allowed
Member List<String>Types - Specifies whether this app role definition can be assigned to users and groups by setting to
User, or to other applications (that are accessing this application in a standalone scenario) by setting toApplication, or to both. - description String
- Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
- display
Name String - Display name for the app role that appears during app role assignment and in consent experiences.
- id String
The unique identifier of the app role. Must be a valid UUID.
Tip: Generating a UUID for the
idfield To generate a value for theidfield in cases where the actual UUID is not important, you can use therandom_uuidresource. See the application example in the provider repository.- enabled Boolean
- Determines if the app role is enabled. Defaults to
true. - value String
- The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
- allowed
Member string[]Types - Specifies whether this app role definition can be assigned to users and groups by setting to
User, or to other applications (that are accessing this application in a standalone scenario) by setting toApplication, or to both. - description string
- Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
- display
Name string - Display name for the app role that appears during app role assignment and in consent experiences.
- id string
The unique identifier of the app role. Must be a valid UUID.
Tip: Generating a UUID for the
idfield To generate a value for theidfield in cases where the actual UUID is not important, you can use therandom_uuidresource. See the application example in the provider repository.- enabled boolean
- Determines if the app role is enabled. Defaults to
true. - value string
- The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
- allowed_
member_ Sequence[str]types - Specifies whether this app role definition can be assigned to users and groups by setting to
User, or to other applications (that are accessing this application in a standalone scenario) by setting toApplication, or to both. - description str
- Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
- display_
name str - Display name for the app role that appears during app role assignment and in consent experiences.
- id str
The unique identifier of the app role. Must be a valid UUID.
Tip: Generating a UUID for the
idfield To generate a value for theidfield in cases where the actual UUID is not important, you can use therandom_uuidresource. See the application example in the provider repository.- enabled bool
- Determines if the app role is enabled. Defaults to
true. - value str
- The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
- allowed
Member List<String>Types - Specifies whether this app role definition can be assigned to users and groups by setting to
User, or to other applications (that are accessing this application in a standalone scenario) by setting toApplication, or to both. - description String
- Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
- display
Name String - Display name for the app role that appears during app role assignment and in consent experiences.
- id String
The unique identifier of the app role. Must be a valid UUID.
Tip: Generating a UUID for the
idfield To generate a value for theidfield in cases where the actual UUID is not important, you can use therandom_uuidresource. See the application example in the provider repository.- enabled Boolean
- Determines if the app role is enabled. Defaults to
true. - value String
- The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
ApplicationFeatureTag, ApplicationFeatureTagArgs
- Custom
Single boolSign On - Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryCustomSingleSignOnApplicationtag. Defaults tofalse. - Enterprise bool
- Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryIntegratedApptag. Defaults tofalse. - Gallery bool
- Whether this application represents a gallery application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1tag. Defaults tofalse. - Hide bool
- Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the
HideApptag. Defaults tofalse.
- Custom
Single boolSign On - Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryCustomSingleSignOnApplicationtag. Defaults tofalse. - Enterprise bool
- Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryIntegratedApptag. Defaults tofalse. - Gallery bool
- Whether this application represents a gallery application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1tag. Defaults tofalse. - Hide bool
- Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the
HideApptag. Defaults tofalse.
- custom
Single BooleanSign On - Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryCustomSingleSignOnApplicationtag. Defaults tofalse. - enterprise Boolean
- Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryIntegratedApptag. Defaults tofalse. - gallery Boolean
- Whether this application represents a gallery application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1tag. Defaults tofalse. - hide Boolean
- Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the
HideApptag. Defaults tofalse.
- custom
Single booleanSign On - Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryCustomSingleSignOnApplicationtag. Defaults tofalse. - enterprise boolean
- Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryIntegratedApptag. Defaults tofalse. - gallery boolean
- Whether this application represents a gallery application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1tag. Defaults tofalse. - hide boolean
- Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the
HideApptag. Defaults tofalse.
- custom_
single_ boolsign_ on - Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryCustomSingleSignOnApplicationtag. Defaults tofalse. - enterprise bool
- Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryIntegratedApptag. Defaults tofalse. - gallery bool
- Whether this application represents a gallery application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1tag. Defaults tofalse. - hide bool
- Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the
HideApptag. Defaults tofalse.
- custom
Single BooleanSign On - Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryCustomSingleSignOnApplicationtag. Defaults tofalse. - enterprise Boolean
- Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryIntegratedApptag. Defaults tofalse. - gallery Boolean
- Whether this application represents a gallery application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1tag. Defaults tofalse. - hide Boolean
- Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the
HideApptag. Defaults tofalse.
ApplicationOptionalClaims, ApplicationOptionalClaimsArgs
- Access
Tokens List<Pulumi.Azure AD. Inputs. Application Optional Claims Access Token> - One or more
access_tokenblocks as documented below. - Id
Tokens List<Pulumi.Azure AD. Inputs. Application Optional Claims Id Token> - One or more
id_tokenblocks as documented below. - Saml2Tokens
List<Pulumi.
Azure AD. Inputs. Application Optional Claims Saml2Token> - One or more
saml2_tokenblocks as documented below.
- Access
Tokens []ApplicationOptional Claims Access Token - One or more
access_tokenblocks as documented below. - Id
Tokens []ApplicationOptional Claims Id Token - One or more
id_tokenblocks as documented below. - Saml2Tokens
[]Application
Optional Claims Saml2Token - One or more
saml2_tokenblocks as documented below.
- access
Tokens List<ApplicationOptional Claims Access Token> - One or more
access_tokenblocks as documented below. - id
Tokens List<ApplicationOptional Claims Id Token> - One or more
id_tokenblocks as documented below. - saml2Tokens
List<Application
Optional Claims Saml2Token> - One or more
saml2_tokenblocks as documented below.
- access
Tokens ApplicationOptional Claims Access Token[] - One or more
access_tokenblocks as documented below. - id
Tokens ApplicationOptional Claims Id Token[] - One or more
id_tokenblocks as documented below. - saml2Tokens
Application
Optional Claims Saml2Token[] - One or more
saml2_tokenblocks as documented below.
- access_
tokens Sequence[ApplicationOptional Claims Access Token] - One or more
access_tokenblocks as documented below. - id_
tokens Sequence[ApplicationOptional Claims Id Token] - One or more
id_tokenblocks as documented below. - saml2_
tokens Sequence[ApplicationOptional Claims Saml2Token] - One or more
saml2_tokenblocks as documented below.
- access
Tokens List<Property Map> - One or more
access_tokenblocks as documented below. - id
Tokens List<Property Map> - One or more
id_tokenblocks as documented below. - saml2Tokens List<Property Map>
- One or more
saml2_tokenblocks as documented below.
ApplicationOptionalClaimsAccessToken, ApplicationOptionalClaimsAccessTokenArgs
- Name string
- The name of the optional claim.
- Additional
Properties List<string> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - Essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- Source string
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- Name string
- The name of the optional claim.
- Additional
Properties []string - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - Essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- Source string
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- name String
- The name of the optional claim.
- additional
Properties List<String> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - essential Boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source String
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- name string
- The name of the optional claim.
- additional
Properties string[] - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - essential boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source string
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- name str
- The name of the optional claim.
- additional_
properties Sequence[str] - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source str
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- name String
- The name of the optional claim.
- additional
Properties List<String> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - essential Boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source String
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
ApplicationOptionalClaimsIdToken, ApplicationOptionalClaimsIdTokenArgs
- Name string
- The name of the optional claim.
- Additional
Properties List<string> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - Essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- Source string
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- Name string
- The name of the optional claim.
- Additional
Properties []string - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - Essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- Source string
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- name String
- The name of the optional claim.
- additional
Properties List<String> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - essential Boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source String
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- name string
- The name of the optional claim.
- additional
Properties string[] - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - essential boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source string
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- name str
- The name of the optional claim.
- additional_
properties Sequence[str] - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source str
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- name String
- The name of the optional claim.
- additional
Properties List<String> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - essential Boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source String
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
ApplicationOptionalClaimsSaml2Token, ApplicationOptionalClaimsSaml2TokenArgs
- Name string
- The name of the optional claim.
- Additional
Properties List<string> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - Essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- Source string
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- Name string
- The name of the optional claim.
- Additional
Properties []string - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - Essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- Source string
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- name String
- The name of the optional claim.
- additional
Properties List<String> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - essential Boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source String
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- name string
- The name of the optional claim.
- additional
Properties string[] - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - essential boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source string
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- name str
- The name of the optional claim.
- additional_
properties Sequence[str] - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source str
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
- name String
- The name of the optional claim.
- additional
Properties List<String> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname,dns_domain_and_sam_account_name,emit_as_roles,include_externally_authenticated_upn_without_hash,include_externally_authenticated_upn,max_size_limit,netbios_domain_and_sam_account_name,on_premise_security_identifier,sam_account_name, anduse_guid. - essential Boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source String
- The source of the claim. If
sourceis absent, the claim is a predefined optional claim. Ifsourceisuser, the value ofnameis the extension property from the user object.
ApplicationPublicClient, ApplicationPublicClientArgs
- Redirect
Uris List<string> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpsorms-appx-webURL.
- Redirect
Uris []string - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpsorms-appx-webURL.
- redirect
Uris List<String> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpsorms-appx-webURL.
- redirect
Uris string[] - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpsorms-appx-webURL.
- redirect_
uris Sequence[str] - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpsorms-appx-webURL.
- redirect
Uris List<String> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpsorms-appx-webURL.
ApplicationRequiredResourceAccess, ApplicationRequiredResourceAccessArgs
- Resource
Accesses List<Pulumi.Azure AD. Inputs. Application Required Resource Access Resource Access> - A collection of
resource_accessblocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. - Resource
App stringId The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
Note: Documentation on
resource_app_idvalues for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g.az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}')
- Resource
Accesses []ApplicationRequired Resource Access Resource Access - A collection of
resource_accessblocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. - Resource
App stringId The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
Note: Documentation on
resource_app_idvalues for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g.az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}')
- resource
Accesses List<ApplicationRequired Resource Access Resource Access> - A collection of
resource_accessblocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. - resource
App StringId The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
Note: Documentation on
resource_app_idvalues for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g.az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}')
- resource
Accesses ApplicationRequired Resource Access Resource Access[] - A collection of
resource_accessblocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. - resource
App stringId The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
Note: Documentation on
resource_app_idvalues for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g.az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}')
- resource_
accesses Sequence[ApplicationRequired Resource Access Resource Access] - A collection of
resource_accessblocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. - resource_
app_ strid The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
Note: Documentation on
resource_app_idvalues for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g.az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}')
- resource
Accesses List<Property Map> - A collection of
resource_accessblocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. - resource
App StringId The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
Note: Documentation on
resource_app_idvalues for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g.az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}')
ApplicationRequiredResourceAccessResourceAccess, ApplicationRequiredResourceAccessResourceAccessArgs
ApplicationSinglePageApplication, ApplicationSinglePageApplicationArgs
- Redirect
Uris List<string> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpsURL.
- Redirect
Uris []string - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpsURL.
- redirect
Uris List<String> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpsURL.
- redirect
Uris string[] - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpsURL.
- redirect_
uris Sequence[str] - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpsURL.
- redirect
Uris List<String> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpsURL.
ApplicationWeb, ApplicationWebArgs
- Homepage
Url string - Home page or landing page of the application.
- Implicit
Grant Pulumi.Azure AD. Inputs. Application Web Implicit Grant - An
implicit_grantblock as documented above. - Logout
Url string - The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
- Redirect
Uris List<string> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpURL or a URN.
- Homepage
Url string - Home page or landing page of the application.
- Implicit
Grant ApplicationWeb Implicit Grant - An
implicit_grantblock as documented above. - Logout
Url string - The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
- Redirect
Uris []string - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpURL or a URN.
- homepage
Url String - Home page or landing page of the application.
- implicit
Grant ApplicationWeb Implicit Grant - An
implicit_grantblock as documented above. - logout
Url String - The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
- redirect
Uris List<String> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpURL or a URN.
- homepage
Url string - Home page or landing page of the application.
- implicit
Grant ApplicationWeb Implicit Grant - An
implicit_grantblock as documented above. - logout
Url string - The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
- redirect
Uris string[] - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpURL or a URN.
- homepage_
url str - Home page or landing page of the application.
- implicit_
grant ApplicationWeb Implicit Grant - An
implicit_grantblock as documented above. - logout_
url str - The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
- redirect_
uris Sequence[str] - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpURL or a URN.
- homepage
Url String - Home page or landing page of the application.
- implicit
Grant Property Map - An
implicit_grantblock as documented above. - logout
Url String - The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
- redirect
Uris List<String> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
httpURL or a URN.
ApplicationWebImplicitGrant, ApplicationWebImplicitGrantArgs
- Access
Token boolIssuance Enabled - Whether this web application can request an access token using OAuth 2.0 implicit flow.
- Id
Token boolIssuance Enabled - Whether this web application can request an ID token using OAuth 2.0 implicit flow.
- Access
Token boolIssuance Enabled - Whether this web application can request an access token using OAuth 2.0 implicit flow.
- Id
Token boolIssuance Enabled - Whether this web application can request an ID token using OAuth 2.0 implicit flow.
- access
Token BooleanIssuance Enabled - Whether this web application can request an access token using OAuth 2.0 implicit flow.
- id
Token BooleanIssuance Enabled - Whether this web application can request an ID token using OAuth 2.0 implicit flow.
- access
Token booleanIssuance Enabled - Whether this web application can request an access token using OAuth 2.0 implicit flow.
- id
Token booleanIssuance Enabled - Whether this web application can request an ID token using OAuth 2.0 implicit flow.
- access_
token_ boolissuance_ enabled - Whether this web application can request an access token using OAuth 2.0 implicit flow.
- id_
token_ boolissuance_ enabled - Whether this web application can request an ID token using OAuth 2.0 implicit flow.
- access
Token BooleanIssuance Enabled - Whether this web application can request an access token using OAuth 2.0 implicit flow.
- id
Token BooleanIssuance Enabled - Whether this web application can request an ID token using OAuth 2.0 implicit flow.
Import
Applications can be imported using the object ID of the application, in the following format.
$ pulumi import azuread:index/application:Application example /applications/00000000-0000-0000-0000-000000000000
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azureadTerraform Provider.