Access
Provides a Cloudflare Access Application resource. Access Applications are used to restrict access to a whole application using an authorisation gateway managed by Cloudflare.
It's required that an
account_idorzone_idis provided and in most cases using either is fine. However, if you're using a scoped access token, you must provide the argument that matches the token's scope. For example, an access token that is scoped to the "example.com" zone needs to use thezone_idargument.
Import
$ pulumi import cloudflare:index/accessApplication:AccessApplication example <account_id>/<application_id>Properties
When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
The identity providers selected for the application.
The logo URL of the app launcher.
Option to show/hide applications in App Launcher. Defaults to true.
Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.
CORS configuration for the Access Application. See below for reference structure.
Option that returns a custom error message when a user is denied access to the application.
Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
The custom pages selected for the application.
A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain. Supersedes self_hosted_domains to allow for more flexibility in defining different types of destinations. Conflicts with self_hosted_domains.
The type of the primary domain. Available values: public, private.
Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
The footer links of the app launcher.
The background color of the header bar in the app launcher.
Option to add the HttpOnly cookie flag to access tokens.
The landing page design of the app launcher.
Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to false.
SaaS configuration for the Access Application.
Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.
Configuration for provisioning to this application via SCIM. This is currently in closed beta.
List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain. Deprecated in favor of destinations and will be removed in the next major version. Conflicts with destinations.
Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.
How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.
Option to skip the App Launcher landing page. Defaults to false.
Option to skip the authorization interstitial when using the CLI. Defaults to false.
The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required.