Auth0 v3.17.0, Apr 9 25

Auth0 v3.17.0 published on Wednesday, Apr 9, 2025 by Pulumi

auth0.getTenant

Explore with Pulumi AI

Auth0 v3.17.0 published on Wednesday, Apr 9, 2025 by Pulumi

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myTenant = auth0.getTenant({});

import pulumi
import pulumi_auth0 as auth0

my_tenant = auth0.get_tenant()

package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.LookupTenant(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var myTenant = Auth0.GetTenant.Invoke();

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Auth0Functions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var myTenant = Auth0Functions.getTenant(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);

    }
}

variables:
  myTenant:
    fn::invoke:
      function: auth0:getTenant
      arguments: {}

Using getTenant

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getTenant(opts?: InvokeOptions): Promise<GetTenantResult>
function getTenantOutput(opts?: InvokeOptions): Output<GetTenantResult>

def get_tenant(opts: Optional[InvokeOptions] = None) -> GetTenantResult
def get_tenant_output(opts: Optional[InvokeOptions] = None) -> Output[GetTenantResult]

func LookupTenant(ctx *Context, opts ...InvokeOption) (*LookupTenantResult, error)
func LookupTenantOutput(ctx *Context, opts ...InvokeOption) LookupTenantResultOutput

> Note: This function is named LookupTenant in the Go SDK.

public static class GetTenant 
{
    public static Task<GetTenantResult> InvokeAsync(InvokeOptions? opts = null)
    public static Output<GetTenantResult> Invoke(InvokeOptions? opts = null)
}

public static CompletableFuture<GetTenantResult> getTenant(InvokeOptions options)
public static Output<GetTenantResult> getTenant(InvokeOptions options)

fn::invoke:
  function: auth0:index/getTenant:getTenant
  arguments:
    # arguments dictionary

getTenant Result

The following output properties are available:

AcrValuesSupporteds List<string>: List of supported ACR values.
AllowOrganizationNameInAuthenticationApi bool: Whether to accept an organization name instead of an ID on auth endpoints.
AllowedLogoutUrls List<string>: URLs that Auth0 may redirect to after logout.
CustomizeMfaInPostloginAction bool: Whether to enable flexible factors for MFA in the PostLogin action.
DefaultAudience string: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
DefaultDirectory string: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
DefaultRedirectionUri string: The default absolute redirection URI. Must be HTTPS or an empty string.
DisableAcrValuesSupported bool: Disable list of supported ACR values.
Domain string: Your Auth0 domain name.
EnabledLocales List<string>: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
ErrorPages List<GetTenantErrorPage>: Configuration for the error page
Flags List<GetTenantFlag>: Configuration settings for tenant flags.
FriendlyName string: Friendly name for the tenant.
Id string: The provider-assigned unique ID for this managed resource.
IdleSessionLifetime double: Number of hours during which a session can be inactive before the user must log in again.
ManagementApiIdentifier string: The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.
Mtls List<GetTenantMtl>: Configuration for mTLS.
OidcLogouts List<GetTenantOidcLogout>: Settings related to OIDC RP-initiated Logout.
PictureUrl string: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
PushedAuthorizationRequestsSupported bool: Enable pushed authorization requests.
SandboxVersion string: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
SessionCookies List<GetTenantSessionCooky>: Alters behavior of tenant's session cookie. Contains a single mode property.
SessionLifetime double: Number of hours during which a session will stay valid.
Sessions List<GetTenantSession>: Sessions related settings for the tenant.
SupportEmail string: Support email address for authenticating users.
SupportUrl string: Support URL for authenticating users.

AcrValuesSupporteds []string: List of supported ACR values.
AllowOrganizationNameInAuthenticationApi bool: Whether to accept an organization name instead of an ID on auth endpoints.
AllowedLogoutUrls []string: URLs that Auth0 may redirect to after logout.
CustomizeMfaInPostloginAction bool: Whether to enable flexible factors for MFA in the PostLogin action.
DefaultAudience string: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
DefaultDirectory string: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
DefaultRedirectionUri string: The default absolute redirection URI. Must be HTTPS or an empty string.
DisableAcrValuesSupported bool: Disable list of supported ACR values.
Domain string: Your Auth0 domain name.
EnabledLocales []string: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
ErrorPages []GetTenantErrorPage: Configuration for the error page
Flags []GetTenantFlag: Configuration settings for tenant flags.
FriendlyName string: Friendly name for the tenant.
Id string: The provider-assigned unique ID for this managed resource.
IdleSessionLifetime float64: Number of hours during which a session can be inactive before the user must log in again.
ManagementApiIdentifier string: The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.
Mtls []GetTenantMtl: Configuration for mTLS.
OidcLogouts []GetTenantOidcLogout: Settings related to OIDC RP-initiated Logout.
PictureUrl string: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
PushedAuthorizationRequestsSupported bool: Enable pushed authorization requests.
SandboxVersion string: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
SessionCookies []GetTenantSessionCooky: Alters behavior of tenant's session cookie. Contains a single mode property.
SessionLifetime float64: Number of hours during which a session will stay valid.
Sessions []GetTenantSession: Sessions related settings for the tenant.
SupportEmail string: Support email address for authenticating users.
SupportUrl string: Support URL for authenticating users.

acrValuesSupporteds List<String>: List of supported ACR values.
allowOrganizationNameInAuthenticationApi Boolean: Whether to accept an organization name instead of an ID on auth endpoints.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
customizeMfaInPostloginAction Boolean: Whether to enable flexible factors for MFA in the PostLogin action.
defaultAudience String: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
defaultDirectory String: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
defaultRedirectionUri String: The default absolute redirection URI. Must be HTTPS or an empty string.
disableAcrValuesSupported Boolean: Disable list of supported ACR values.
domain String: Your Auth0 domain name.
enabledLocales List<String>: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
errorPages List<GetTenantErrorPage>: Configuration for the error page
flags List<GetTenantFlag>: Configuration settings for tenant flags.
friendlyName String: Friendly name for the tenant.
id String: The provider-assigned unique ID for this managed resource.
idleSessionLifetime Double: Number of hours during which a session can be inactive before the user must log in again.
managementApiIdentifier String: The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.
mtls List<GetTenantMtl>: Configuration for mTLS.
oidcLogouts List<GetTenantOidcLogout>: Settings related to OIDC RP-initiated Logout.
pictureUrl String: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
pushedAuthorizationRequestsSupported Boolean: Enable pushed authorization requests.
sandboxVersion String: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
sessionCookies List<GetTenantSessionCooky>: Alters behavior of tenant's session cookie. Contains a single mode property.
sessionLifetime Double: Number of hours during which a session will stay valid.
sessions List<GetTenantSession>: Sessions related settings for the tenant.
supportEmail String: Support email address for authenticating users.
supportUrl String: Support URL for authenticating users.

acrValuesSupporteds string[]: List of supported ACR values.
allowOrganizationNameInAuthenticationApi boolean: Whether to accept an organization name instead of an ID on auth endpoints.
allowedLogoutUrls string[]: URLs that Auth0 may redirect to after logout.
customizeMfaInPostloginAction boolean: Whether to enable flexible factors for MFA in the PostLogin action.
defaultAudience string: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
defaultDirectory string: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
defaultRedirectionUri string: The default absolute redirection URI. Must be HTTPS or an empty string.
disableAcrValuesSupported boolean: Disable list of supported ACR values.
domain string: Your Auth0 domain name.
enabledLocales string[]: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
errorPages GetTenantErrorPage[]: Configuration for the error page
flags GetTenantFlag[]: Configuration settings for tenant flags.
friendlyName string: Friendly name for the tenant.
id string: The provider-assigned unique ID for this managed resource.
idleSessionLifetime number: Number of hours during which a session can be inactive before the user must log in again.
managementApiIdentifier string: The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.
mtls GetTenantMtl[]: Configuration for mTLS.
oidcLogouts GetTenantOidcLogout[]: Settings related to OIDC RP-initiated Logout.
pictureUrl string: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
pushedAuthorizationRequestsSupported boolean: Enable pushed authorization requests.
sandboxVersion string: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
sessionCookies GetTenantSessionCooky[]: Alters behavior of tenant's session cookie. Contains a single mode property.
sessionLifetime number: Number of hours during which a session will stay valid.
sessions GetTenantSession[]: Sessions related settings for the tenant.
supportEmail string: Support email address for authenticating users.
supportUrl string: Support URL for authenticating users.

acr_values_supporteds Sequence[str]: List of supported ACR values.
allow_organization_name_in_authentication_api bool: Whether to accept an organization name instead of an ID on auth endpoints.
allowed_logout_urls Sequence[str]: URLs that Auth0 may redirect to after logout.
customize_mfa_in_postlogin_action bool: Whether to enable flexible factors for MFA in the PostLogin action.
default_audience str: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
default_directory str: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
default_redirection_uri str: The default absolute redirection URI. Must be HTTPS or an empty string.
disable_acr_values_supported bool: Disable list of supported ACR values.
domain str: Your Auth0 domain name.
enabled_locales Sequence[str]: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
error_pages Sequence[GetTenantErrorPage]: Configuration for the error page
flags Sequence[GetTenantFlag]: Configuration settings for tenant flags.
friendly_name str: Friendly name for the tenant.
id str: The provider-assigned unique ID for this managed resource.
idle_session_lifetime float: Number of hours during which a session can be inactive before the user must log in again.
management_api_identifier str: The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.
mtls Sequence[GetTenantMtl]: Configuration for mTLS.
oidc_logouts Sequence[GetTenantOidcLogout]: Settings related to OIDC RP-initiated Logout.
picture_url str: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
pushed_authorization_requests_supported bool: Enable pushed authorization requests.
sandbox_version str: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
session_cookies Sequence[GetTenantSessionCooky]: Alters behavior of tenant's session cookie. Contains a single mode property.
session_lifetime float: Number of hours during which a session will stay valid.
sessions Sequence[GetTenantSession]: Sessions related settings for the tenant.
support_email str: Support email address for authenticating users.
support_url str: Support URL for authenticating users.

acrValuesSupporteds List<String>: List of supported ACR values.
allowOrganizationNameInAuthenticationApi Boolean: Whether to accept an organization name instead of an ID on auth endpoints.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
customizeMfaInPostloginAction Boolean: Whether to enable flexible factors for MFA in the PostLogin action.
defaultAudience String: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
defaultDirectory String: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
defaultRedirectionUri String: The default absolute redirection URI. Must be HTTPS or an empty string.
disableAcrValuesSupported Boolean: Disable list of supported ACR values.
domain String: Your Auth0 domain name.
enabledLocales List<String>: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
errorPages List<Property Map>: Configuration for the error page
flags List<Property Map>: Configuration settings for tenant flags.
friendlyName String: Friendly name for the tenant.
id String: The provider-assigned unique ID for this managed resource.
idleSessionLifetime Number: Number of hours during which a session can be inactive before the user must log in again.
managementApiIdentifier String: The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.
mtls List<Property Map>: Configuration for mTLS.
oidcLogouts List<Property Map>: Settings related to OIDC RP-initiated Logout.
pictureUrl String: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
pushedAuthorizationRequestsSupported Boolean: Enable pushed authorization requests.
sandboxVersion String: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
sessionCookies List<Property Map>: Alters behavior of tenant's session cookie. Contains a single mode property.
sessionLifetime Number: Number of hours during which a session will stay valid.
sessions List<Property Map>: Sessions related settings for the tenant.
supportEmail String: Support email address for authenticating users.
supportUrl String: Support URL for authenticating users.

Supporting Types

GetTenantErrorPage

Html string: Custom Error HTML (Liquid syntax is supported)
ShowLogLink bool: Whether to show the link to log as part of the default error page (true, default) or not to show the link (false).
Url string: URL to redirect to when an error occurs instead of showing the default error page

Html string: Custom Error HTML (Liquid syntax is supported)
ShowLogLink bool: Whether to show the link to log as part of the default error page (true, default) or not to show the link (false).
Url string: URL to redirect to when an error occurs instead of showing the default error page

html String: Custom Error HTML (Liquid syntax is supported)
showLogLink Boolean: Whether to show the link to log as part of the default error page (true, default) or not to show the link (false).
url String: URL to redirect to when an error occurs instead of showing the default error page

html string: Custom Error HTML (Liquid syntax is supported)
showLogLink boolean: Whether to show the link to log as part of the default error page (true, default) or not to show the link (false).
url string: URL to redirect to when an error occurs instead of showing the default error page

html str: Custom Error HTML (Liquid syntax is supported)
show_log_link bool: Whether to show the link to log as part of the default error page (true, default) or not to show the link (false).
url str: URL to redirect to when an error occurs instead of showing the default error page

html String: Custom Error HTML (Liquid syntax is supported)
showLogLink Boolean: Whether to show the link to log as part of the default error page (true, default) or not to show the link (false).
url String: URL to redirect to when an error occurs instead of showing the default error page

GetTenantFlag

AllowLegacyDelegationGrantTypes bool: Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
AllowLegacyRoGrantTypes bool: Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
AllowLegacyTokeninfoEndpoint bool: If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
DashboardInsightsView bool: Enables new insights activity page view.
DashboardLogStreamsNext bool: Enables beta access to log streaming changes.
DisableClickjackProtectionHeaders bool: Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
DisableFieldsMapFix bool: Disables SAML fields map fix for bad mappings with repeated attributes.
DisableManagementApiSmsObfuscation bool: If true, SMS phone numbers will not be obfuscated in Management API GET calls.
EnableAdfsWaadEmailVerification bool: If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
EnableApisSection bool: Indicates whether the APIs section is enabled for the tenant.
EnableClientConnections bool: Indicates whether all current connections should be enabled when a new client is created.
EnableCustomDomainInEmails bool: Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
EnableDynamicClientRegistration bool: Indicates whether the tenant allows dynamic client registration.
EnableIdtokenApi2 bool: Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
EnableLegacyLogsSearchV2 bool: Indicates whether to use the older v2 legacy logs search.
EnableLegacyProfile bool: Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
EnablePipeline2 bool: Indicates whether advanced API Authorization scenarios are enabled.
EnablePublicSignupUserExistsError bool: Indicates whether the public sign up process shows a user_exists error if the user already exists.
EnableSso bool: Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
MfaShowFactorListOnEnrollment bool: Used to allow users to pick which factor to enroll with from the list of available MFA factors.
NoDiscloseEnterpriseConnections bool: Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
RemoveAlgFromJwks bool: Remove alg from jwks(JSON Web Key Sets).
RequirePushedAuthorizationRequests bool: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
RevokeRefreshTokenGrant bool: Delete underlying grant when a refresh token is revoked via the Authentication API.
UseScopeDescriptionsForConsent bool: Indicates whether to use scope descriptions for consent.

AllowLegacyDelegationGrantTypes bool: Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
AllowLegacyRoGrantTypes bool: Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
AllowLegacyTokeninfoEndpoint bool: If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
DashboardInsightsView bool: Enables new insights activity page view.
DashboardLogStreamsNext bool: Enables beta access to log streaming changes.
DisableClickjackProtectionHeaders bool: Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
DisableFieldsMapFix bool: Disables SAML fields map fix for bad mappings with repeated attributes.
DisableManagementApiSmsObfuscation bool: If true, SMS phone numbers will not be obfuscated in Management API GET calls.
EnableAdfsWaadEmailVerification bool: If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
EnableApisSection bool: Indicates whether the APIs section is enabled for the tenant.
EnableClientConnections bool: Indicates whether all current connections should be enabled when a new client is created.
EnableCustomDomainInEmails bool: Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
EnableDynamicClientRegistration bool: Indicates whether the tenant allows dynamic client registration.
EnableIdtokenApi2 bool: Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
EnableLegacyLogsSearchV2 bool: Indicates whether to use the older v2 legacy logs search.
EnableLegacyProfile bool: Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
EnablePipeline2 bool: Indicates whether advanced API Authorization scenarios are enabled.
EnablePublicSignupUserExistsError bool: Indicates whether the public sign up process shows a user_exists error if the user already exists.
EnableSso bool: Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
MfaShowFactorListOnEnrollment bool: Used to allow users to pick which factor to enroll with from the list of available MFA factors.
NoDiscloseEnterpriseConnections bool: Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
RemoveAlgFromJwks bool: Remove alg from jwks(JSON Web Key Sets).
RequirePushedAuthorizationRequests bool: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
RevokeRefreshTokenGrant bool: Delete underlying grant when a refresh token is revoked via the Authentication API.
UseScopeDescriptionsForConsent bool: Indicates whether to use scope descriptions for consent.

allowLegacyDelegationGrantTypes Boolean: Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
allowLegacyRoGrantTypes Boolean: Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
allowLegacyTokeninfoEndpoint Boolean: If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
dashboardInsightsView Boolean: Enables new insights activity page view.
dashboardLogStreamsNext Boolean: Enables beta access to log streaming changes.
disableClickjackProtectionHeaders Boolean: Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
disableFieldsMapFix Boolean: Disables SAML fields map fix for bad mappings with repeated attributes.
disableManagementApiSmsObfuscation Boolean: If true, SMS phone numbers will not be obfuscated in Management API GET calls.
enableAdfsWaadEmailVerification Boolean: If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
enableApisSection Boolean: Indicates whether the APIs section is enabled for the tenant.
enableClientConnections Boolean: Indicates whether all current connections should be enabled when a new client is created.
enableCustomDomainInEmails Boolean: Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
enableDynamicClientRegistration Boolean: Indicates whether the tenant allows dynamic client registration.
enableIdtokenApi2 Boolean: Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
enableLegacyLogsSearchV2 Boolean: Indicates whether to use the older v2 legacy logs search.
enableLegacyProfile Boolean: Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
enablePipeline2 Boolean: Indicates whether advanced API Authorization scenarios are enabled.
enablePublicSignupUserExistsError Boolean: Indicates whether the public sign up process shows a user_exists error if the user already exists.
enableSso Boolean: Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
mfaShowFactorListOnEnrollment Boolean: Used to allow users to pick which factor to enroll with from the list of available MFA factors.
noDiscloseEnterpriseConnections Boolean: Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
removeAlgFromJwks Boolean: Remove alg from jwks(JSON Web Key Sets).
requirePushedAuthorizationRequests Boolean: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
revokeRefreshTokenGrant Boolean: Delete underlying grant when a refresh token is revoked via the Authentication API.
useScopeDescriptionsForConsent Boolean: Indicates whether to use scope descriptions for consent.

allowLegacyDelegationGrantTypes boolean: Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
allowLegacyRoGrantTypes boolean: Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
allowLegacyTokeninfoEndpoint boolean: If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
dashboardInsightsView boolean: Enables new insights activity page view.
dashboardLogStreamsNext boolean: Enables beta access to log streaming changes.
disableClickjackProtectionHeaders boolean: Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
disableFieldsMapFix boolean: Disables SAML fields map fix for bad mappings with repeated attributes.
disableManagementApiSmsObfuscation boolean: If true, SMS phone numbers will not be obfuscated in Management API GET calls.
enableAdfsWaadEmailVerification boolean: If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
enableApisSection boolean: Indicates whether the APIs section is enabled for the tenant.
enableClientConnections boolean: Indicates whether all current connections should be enabled when a new client is created.
enableCustomDomainInEmails boolean: Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
enableDynamicClientRegistration boolean: Indicates whether the tenant allows dynamic client registration.
enableIdtokenApi2 boolean: Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
enableLegacyLogsSearchV2 boolean: Indicates whether to use the older v2 legacy logs search.
enableLegacyProfile boolean: Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
enablePipeline2 boolean: Indicates whether advanced API Authorization scenarios are enabled.
enablePublicSignupUserExistsError boolean: Indicates whether the public sign up process shows a user_exists error if the user already exists.
enableSso boolean: Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
mfaShowFactorListOnEnrollment boolean: Used to allow users to pick which factor to enroll with from the list of available MFA factors.
noDiscloseEnterpriseConnections boolean: Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
removeAlgFromJwks boolean: Remove alg from jwks(JSON Web Key Sets).
requirePushedAuthorizationRequests boolean: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
revokeRefreshTokenGrant boolean: Delete underlying grant when a refresh token is revoked via the Authentication API.
useScopeDescriptionsForConsent boolean: Indicates whether to use scope descriptions for consent.

allow_legacy_delegation_grant_types bool: Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
allow_legacy_ro_grant_types bool: Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
allow_legacy_tokeninfo_endpoint bool: If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
dashboard_insights_view bool: Enables new insights activity page view.
dashboard_log_streams_next bool: Enables beta access to log streaming changes.
disable_clickjack_protection_headers bool: Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
disable_fields_map_fix bool: Disables SAML fields map fix for bad mappings with repeated attributes.
disable_management_api_sms_obfuscation bool: If true, SMS phone numbers will not be obfuscated in Management API GET calls.
enable_adfs_waad_email_verification bool: If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
enable_apis_section bool: Indicates whether the APIs section is enabled for the tenant.
enable_client_connections bool: Indicates whether all current connections should be enabled when a new client is created.
enable_custom_domain_in_emails bool: Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
enable_dynamic_client_registration bool: Indicates whether the tenant allows dynamic client registration.
enable_idtoken_api2 bool: Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
enable_legacy_logs_search_v2 bool: Indicates whether to use the older v2 legacy logs search.
enable_legacy_profile bool: Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
enable_pipeline2 bool: Indicates whether advanced API Authorization scenarios are enabled.
enable_public_signup_user_exists_error bool: Indicates whether the public sign up process shows a user_exists error if the user already exists.
enable_sso bool: Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
mfa_show_factor_list_on_enrollment bool: Used to allow users to pick which factor to enroll with from the list of available MFA factors.
no_disclose_enterprise_connections bool: Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
remove_alg_from_jwks bool: Remove alg from jwks(JSON Web Key Sets).
require_pushed_authorization_requests bool: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
revoke_refresh_token_grant bool: Delete underlying grant when a refresh token is revoked via the Authentication API.
use_scope_descriptions_for_consent bool: Indicates whether to use scope descriptions for consent.

allowLegacyDelegationGrantTypes Boolean: Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
allowLegacyRoGrantTypes Boolean: Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
allowLegacyTokeninfoEndpoint Boolean: If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
dashboardInsightsView Boolean: Enables new insights activity page view.
dashboardLogStreamsNext Boolean: Enables beta access to log streaming changes.
disableClickjackProtectionHeaders Boolean: Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
disableFieldsMapFix Boolean: Disables SAML fields map fix for bad mappings with repeated attributes.
disableManagementApiSmsObfuscation Boolean: If true, SMS phone numbers will not be obfuscated in Management API GET calls.
enableAdfsWaadEmailVerification Boolean: If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
enableApisSection Boolean: Indicates whether the APIs section is enabled for the tenant.
enableClientConnections Boolean: Indicates whether all current connections should be enabled when a new client is created.
enableCustomDomainInEmails Boolean: Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
enableDynamicClientRegistration Boolean: Indicates whether the tenant allows dynamic client registration.
enableIdtokenApi2 Boolean: Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
enableLegacyLogsSearchV2 Boolean: Indicates whether to use the older v2 legacy logs search.
enableLegacyProfile Boolean: Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
enablePipeline2 Boolean: Indicates whether advanced API Authorization scenarios are enabled.
enablePublicSignupUserExistsError Boolean: Indicates whether the public sign up process shows a user_exists error if the user already exists.
enableSso Boolean: Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
mfaShowFactorListOnEnrollment Boolean: Used to allow users to pick which factor to enroll with from the list of available MFA factors.
noDiscloseEnterpriseConnections Boolean: Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
removeAlgFromJwks Boolean: Remove alg from jwks(JSON Web Key Sets).
requirePushedAuthorizationRequests Boolean: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
revokeRefreshTokenGrant Boolean: Delete underlying grant when a refresh token is revoked via the Authentication API.
useScopeDescriptionsForConsent Boolean: Indicates whether to use scope descriptions for consent.

GetTenantMtl

Disable bool: Disable mTLS settings.
EnableEndpointAliases bool: Enable mTLS endpoint aliases.

Disable bool: Disable mTLS settings.
EnableEndpointAliases bool: Enable mTLS endpoint aliases.

disable Boolean: Disable mTLS settings.
enableEndpointAliases Boolean: Enable mTLS endpoint aliases.

disable boolean: Disable mTLS settings.
enableEndpointAliases boolean: Enable mTLS endpoint aliases.

disable bool: Disable mTLS settings.
enable_endpoint_aliases bool: Enable mTLS endpoint aliases.

disable Boolean: Disable mTLS settings.
enableEndpointAliases Boolean: Enable mTLS endpoint aliases.

GetTenantOidcLogout

RpLogoutEndSessionEndpointDiscovery bool: Enable the end_session_endpoint URL in the .well-known discovery configuration.

RpLogoutEndSessionEndpointDiscovery bool: Enable the end_session_endpoint URL in the .well-known discovery configuration.

rpLogoutEndSessionEndpointDiscovery Boolean: Enable the end_session_endpoint URL in the .well-known discovery configuration.

rpLogoutEndSessionEndpointDiscovery boolean: Enable the end_session_endpoint URL in the .well-known discovery configuration.

rp_logout_end_session_endpoint_discovery bool: Enable the end_session_endpoint URL in the .well-known discovery configuration.

rpLogoutEndSessionEndpointDiscovery Boolean: Enable the end_session_endpoint URL in the .well-known discovery configuration.

GetTenantSession

OidcLogoutPromptEnabled bool: When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.

OidcLogoutPromptEnabled bool: When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.

oidcLogoutPromptEnabled Boolean: When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.

oidcLogoutPromptEnabled boolean: When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.

oidc_logout_prompt_enabled bool: When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.

oidcLogoutPromptEnabled Boolean: When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.

GetTenantSessionCooky

Mode string: Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".

Mode string: Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".

mode String: Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".

mode string: Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".

mode str: Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".

mode String: Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".

Package Details

Repository: Auth0 pulumi/pulumi-auth0
License: Apache-2.0
Notes: This Pulumi package is based on the auth0 Terraform Provider.

Auth0 v3.17.0 published on Wednesday, Apr 9, 2025 by Pulumi

pulumi/pulumi-auth0

auth0.getTenant

On this page

On this page

Example Usage

Using getTenant

getTenant Result

Supporting Types

GetTenantErrorPage

GetTenantFlag

GetTenantMtl

GetTenantOidcLogout

GetTenantSession

GetTenantSessionCooky

Package Details

On this page

On this page