Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
OIDC Auth Method Resource
Create AuthMethodOidc Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthMethodOidc(name: string, args: AuthMethodOidcArgs, opts?: CustomResourceOptions);@overload
def AuthMethodOidc(resource_name: str,
args: AuthMethodOidcArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AuthMethodOidc(resource_name: str,
opts: Optional[ResourceOptions] = None,
unique_identifier: Optional[str] = None,
description: Optional[str] = None,
force_sub_claims: Optional[bool] = None,
audience: Optional[str] = None,
audit_logs_claims: Optional[Sequence[str]] = None,
auth_method_oidc_id: Optional[str] = None,
bound_ips: Optional[Sequence[str]] = None,
client_id: Optional[str] = None,
client_secret: Optional[str] = None,
delete_protection: Optional[str] = None,
access_expires: Optional[float] = None,
allowed_redirect_uris: Optional[Sequence[str]] = None,
gw_bound_ips: Optional[Sequence[str]] = None,
expiration_event_ins: Optional[Sequence[str]] = None,
issuer: Optional[str] = None,
jwt_ttl: Optional[float] = None,
name: Optional[str] = None,
product_types: Optional[Sequence[str]] = None,
required_scopes: Optional[Sequence[str]] = None,
required_scopes_prefix: Optional[str] = None,
subclaims_delimiters: Optional[Sequence[str]] = None,
allowed_client_types: Optional[Sequence[str]] = None)func NewAuthMethodOidc(ctx *Context, name string, args AuthMethodOidcArgs, opts ...ResourceOption) (*AuthMethodOidc, error)public AuthMethodOidc(string name, AuthMethodOidcArgs args, CustomResourceOptions? opts = null)
public AuthMethodOidc(String name, AuthMethodOidcArgs args)
public AuthMethodOidc(String name, AuthMethodOidcArgs args, CustomResourceOptions options)
type: akeyless:AuthMethodOidc
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AuthMethodOidcArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthMethodOidcArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthMethodOidcArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthMethodOidcArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthMethodOidcArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var authMethodOidcResource = new Akeyless.AuthMethodOidc("authMethodOidcResource", new()
{
UniqueIdentifier = "string",
Description = "string",
ForceSubClaims = false,
Audience = "string",
AuditLogsClaims = new[]
{
"string",
},
AuthMethodOidcId = "string",
BoundIps = new[]
{
"string",
},
ClientId = "string",
ClientSecret = "string",
DeleteProtection = "string",
AccessExpires = 0,
AllowedRedirectUris = new[]
{
"string",
},
GwBoundIps = new[]
{
"string",
},
ExpirationEventIns = new[]
{
"string",
},
Issuer = "string",
JwtTtl = 0,
Name = "string",
ProductTypes = new[]
{
"string",
},
RequiredScopes = new[]
{
"string",
},
RequiredScopesPrefix = "string",
SubclaimsDelimiters = new[]
{
"string",
},
AllowedClientTypes = new[]
{
"string",
},
});
example, err := akeyless.NewAuthMethodOidc(ctx, "authMethodOidcResource", &akeyless.AuthMethodOidcArgs{
UniqueIdentifier: pulumi.String("string"),
Description: pulumi.String("string"),
ForceSubClaims: pulumi.Bool(false),
Audience: pulumi.String("string"),
AuditLogsClaims: pulumi.StringArray{
pulumi.String("string"),
},
AuthMethodOidcId: pulumi.String("string"),
BoundIps: pulumi.StringArray{
pulumi.String("string"),
},
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
DeleteProtection: pulumi.String("string"),
AccessExpires: pulumi.Float64(0),
AllowedRedirectUris: pulumi.StringArray{
pulumi.String("string"),
},
GwBoundIps: pulumi.StringArray{
pulumi.String("string"),
},
ExpirationEventIns: pulumi.StringArray{
pulumi.String("string"),
},
Issuer: pulumi.String("string"),
JwtTtl: pulumi.Float64(0),
Name: pulumi.String("string"),
ProductTypes: pulumi.StringArray{
pulumi.String("string"),
},
RequiredScopes: pulumi.StringArray{
pulumi.String("string"),
},
RequiredScopesPrefix: pulumi.String("string"),
SubclaimsDelimiters: pulumi.StringArray{
pulumi.String("string"),
},
AllowedClientTypes: pulumi.StringArray{
pulumi.String("string"),
},
})
var authMethodOidcResource = new AuthMethodOidc("authMethodOidcResource", AuthMethodOidcArgs.builder()
.uniqueIdentifier("string")
.description("string")
.forceSubClaims(false)
.audience("string")
.auditLogsClaims("string")
.authMethodOidcId("string")
.boundIps("string")
.clientId("string")
.clientSecret("string")
.deleteProtection("string")
.accessExpires(0.0)
.allowedRedirectUris("string")
.gwBoundIps("string")
.expirationEventIns("string")
.issuer("string")
.jwtTtl(0.0)
.name("string")
.productTypes("string")
.requiredScopes("string")
.requiredScopesPrefix("string")
.subclaimsDelimiters("string")
.allowedClientTypes("string")
.build());
auth_method_oidc_resource = akeyless.AuthMethodOidc("authMethodOidcResource",
unique_identifier="string",
description="string",
force_sub_claims=False,
audience="string",
audit_logs_claims=["string"],
auth_method_oidc_id="string",
bound_ips=["string"],
client_id="string",
client_secret="string",
delete_protection="string",
access_expires=float(0),
allowed_redirect_uris=["string"],
gw_bound_ips=["string"],
expiration_event_ins=["string"],
issuer="string",
jwt_ttl=float(0),
name="string",
product_types=["string"],
required_scopes=["string"],
required_scopes_prefix="string",
subclaims_delimiters=["string"],
allowed_client_types=["string"])
const authMethodOidcResource = new akeyless.AuthMethodOidc("authMethodOidcResource", {
uniqueIdentifier: "string",
description: "string",
forceSubClaims: false,
audience: "string",
auditLogsClaims: ["string"],
authMethodOidcId: "string",
boundIps: ["string"],
clientId: "string",
clientSecret: "string",
deleteProtection: "string",
accessExpires: 0,
allowedRedirectUris: ["string"],
gwBoundIps: ["string"],
expirationEventIns: ["string"],
issuer: "string",
jwtTtl: 0,
name: "string",
productTypes: ["string"],
requiredScopes: ["string"],
requiredScopesPrefix: "string",
subclaimsDelimiters: ["string"],
allowedClientTypes: ["string"],
});
type: akeyless:AuthMethodOidc
properties:
accessExpires: 0
allowedClientTypes:
- string
allowedRedirectUris:
- string
audience: string
auditLogsClaims:
- string
authMethodOidcId: string
boundIps:
- string
clientId: string
clientSecret: string
deleteProtection: string
description: string
expirationEventIns:
- string
forceSubClaims: false
gwBoundIps:
- string
issuer: string
jwtTtl: 0
name: string
productTypes:
- string
requiredScopes:
- string
requiredScopesPrefix: string
subclaimsDelimiters:
- string
uniqueIdentifier: string
AuthMethodOidc Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AuthMethodOidc resource accepts the following input properties:
- Unique
Identifier string - A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- Access
Expires double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Allowed
Client List<string>Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Allowed
Redirect List<string>Uris - Allowed redirect URIs after the authentication
- Audience string
- Audience claim to be used as part of the authentication flow. In case set, it must match the one configured on the Identity Provider's Application
- Audit
Logs List<string>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- Auth
Method stringOidc Id - The ID of this resource.
- Bound
Ips List<string> - A CIDR whitelist with the IPs that the access is restricted to
- Client
Id string - Client ID
- Client
Secret string - Client Secret
- Delete
Protection string - Protection from accidental deletion of this object [true/false]
- Description string
- Auth Method description
- Expiration
Event List<string>Ins - How many days before the expiration of the auth method would you like to be notified.
- Force
Sub boolClaims - if true: enforce role-association must include sub claims
- Gw
Bound List<string>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- Issuer string
- Issuer URL
- Jwt
Ttl double - Jwt TTL
- Name string
- Auth Method name
- Product
Types List<string> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Required
Scopes List<string> - RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve
- Required
Scopes stringPrefix - RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures' Application ID URI)
- Subclaims
Delimiters List<string> - A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT)
- Unique
Identifier string - A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- Access
Expires float64 - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Allowed
Client []stringTypes - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Allowed
Redirect []stringUris - Allowed redirect URIs after the authentication
- Audience string
- Audience claim to be used as part of the authentication flow. In case set, it must match the one configured on the Identity Provider's Application
- Audit
Logs []stringClaims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- Auth
Method stringOidc Id - The ID of this resource.
- Bound
Ips []string - A CIDR whitelist with the IPs that the access is restricted to
- Client
Id string - Client ID
- Client
Secret string - Client Secret
- Delete
Protection string - Protection from accidental deletion of this object [true/false]
- Description string
- Auth Method description
- Expiration
Event []stringIns - How many days before the expiration of the auth method would you like to be notified.
- Force
Sub boolClaims - if true: enforce role-association must include sub claims
- Gw
Bound []stringIps - A CIDR whitelist with the GW IPs that the access is restricted to
- Issuer string
- Issuer URL
- Jwt
Ttl float64 - Jwt TTL
- Name string
- Auth Method name
- Product
Types []string - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Required
Scopes []string - RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve
- Required
Scopes stringPrefix - RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures' Application ID URI)
- Subclaims
Delimiters []string - A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT)
- unique
Identifier String - A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- access
Expires Double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed
Client List<String>Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- allowed
Redirect List<String>Uris - Allowed redirect URIs after the authentication
- audience String
- Audience claim to be used as part of the authentication flow. In case set, it must match the one configured on the Identity Provider's Application
- audit
Logs List<String>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method StringOidc Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- client
Id String - Client ID
- client
Secret String - Client Secret
- delete
Protection String - Protection from accidental deletion of this object [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub BooleanClaims - if true: enforce role-association must include sub claims
- gw
Bound List<String>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- issuer String
- Issuer URL
- jwt
Ttl Double - Jwt TTL
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- required
Scopes List<String> - RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve
- required
Scopes StringPrefix - RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures' Application ID URI)
- subclaims
Delimiters List<String> - A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT)
- unique
Identifier string - A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- access
Expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed
Client string[]Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- allowed
Redirect string[]Uris - Allowed redirect URIs after the authentication
- audience string
- Audience claim to be used as part of the authentication flow. In case set, it must match the one configured on the Identity Provider's Application
- audit
Logs string[]Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method stringOidc Id - The ID of this resource.
- bound
Ips string[] - A CIDR whitelist with the IPs that the access is restricted to
- client
Id string - Client ID
- client
Secret string - Client Secret
- delete
Protection string - Protection from accidental deletion of this object [true/false]
- description string
- Auth Method description
- expiration
Event string[]Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub booleanClaims - if true: enforce role-association must include sub claims
- gw
Bound string[]Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- issuer string
- Issuer URL
- jwt
Ttl number - Jwt TTL
- name string
- Auth Method name
- product
Types string[] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- required
Scopes string[] - RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve
- required
Scopes stringPrefix - RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures' Application ID URI)
- subclaims
Delimiters string[] - A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT)
- unique_
identifier str - A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- access_
expires float - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed_
client_ Sequence[str]types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- allowed_
redirect_ Sequence[str]uris - Allowed redirect URIs after the authentication
- audience str
- Audience claim to be used as part of the authentication flow. In case set, it must match the one configured on the Identity Provider's Application
- audit_
logs_ Sequence[str]claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth_
method_ stroidc_ id - The ID of this resource.
- bound_
ips Sequence[str] - A CIDR whitelist with the IPs that the access is restricted to
- client_
id str - Client ID
- client_
secret str - Client Secret
- delete_
protection str - Protection from accidental deletion of this object [true/false]
- description str
- Auth Method description
- expiration_
event_ Sequence[str]ins - How many days before the expiration of the auth method would you like to be notified.
- force_
sub_ boolclaims - if true: enforce role-association must include sub claims
- gw_
bound_ Sequence[str]ips - A CIDR whitelist with the GW IPs that the access is restricted to
- issuer str
- Issuer URL
- jwt_
ttl float - Jwt TTL
- name str
- Auth Method name
- product_
types Sequence[str] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- required_
scopes Sequence[str] - RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve
- required_
scopes_ strprefix - RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures' Application ID URI)
- subclaims_
delimiters Sequence[str] - A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT)
- unique
Identifier String - A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- access
Expires Number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed
Client List<String>Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- allowed
Redirect List<String>Uris - Allowed redirect URIs after the authentication
- audience String
- Audience claim to be used as part of the authentication flow. In case set, it must match the one configured on the Identity Provider's Application
- audit
Logs List<String>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method StringOidc Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- client
Id String - Client ID
- client
Secret String - Client Secret
- delete
Protection String - Protection from accidental deletion of this object [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub BooleanClaims - if true: enforce role-association must include sub claims
- gw
Bound List<String>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- issuer String
- Issuer URL
- jwt
Ttl Number - Jwt TTL
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- required
Scopes List<String> - RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve
- required
Scopes StringPrefix - RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures' Application ID URI)
- subclaims
Delimiters List<String> - A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT)
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthMethodOidc resource produces the following output properties:
Look up Existing AuthMethodOidc Resource
Get an existing AuthMethodOidc resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthMethodOidcState, opts?: CustomResourceOptions): AuthMethodOidc@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_expires: Optional[float] = None,
access_id: Optional[str] = None,
allowed_client_types: Optional[Sequence[str]] = None,
allowed_redirect_uris: Optional[Sequence[str]] = None,
audience: Optional[str] = None,
audit_logs_claims: Optional[Sequence[str]] = None,
auth_method_oidc_id: Optional[str] = None,
bound_ips: Optional[Sequence[str]] = None,
client_id: Optional[str] = None,
client_secret: Optional[str] = None,
delete_protection: Optional[str] = None,
description: Optional[str] = None,
expiration_event_ins: Optional[Sequence[str]] = None,
force_sub_claims: Optional[bool] = None,
gw_bound_ips: Optional[Sequence[str]] = None,
issuer: Optional[str] = None,
jwt_ttl: Optional[float] = None,
name: Optional[str] = None,
product_types: Optional[Sequence[str]] = None,
required_scopes: Optional[Sequence[str]] = None,
required_scopes_prefix: Optional[str] = None,
subclaims_delimiters: Optional[Sequence[str]] = None,
unique_identifier: Optional[str] = None) -> AuthMethodOidcfunc GetAuthMethodOidc(ctx *Context, name string, id IDInput, state *AuthMethodOidcState, opts ...ResourceOption) (*AuthMethodOidc, error)public static AuthMethodOidc Get(string name, Input<string> id, AuthMethodOidcState? state, CustomResourceOptions? opts = null)public static AuthMethodOidc get(String name, Output<String> id, AuthMethodOidcState state, CustomResourceOptions options)resources: _: type: akeyless:AuthMethodOidc get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Expires double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Access
Id string - Auth Method access ID
- Allowed
Client List<string>Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Allowed
Redirect List<string>Uris - Allowed redirect URIs after the authentication
- Audience string
- Audience claim to be used as part of the authentication flow. In case set, it must match the one configured on the Identity Provider's Application
- Audit
Logs List<string>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- Auth
Method stringOidc Id - The ID of this resource.
- Bound
Ips List<string> - A CIDR whitelist with the IPs that the access is restricted to
- Client
Id string - Client ID
- Client
Secret string - Client Secret
- Delete
Protection string - Protection from accidental deletion of this object [true/false]
- Description string
- Auth Method description
- Expiration
Event List<string>Ins - How many days before the expiration of the auth method would you like to be notified.
- Force
Sub boolClaims - if true: enforce role-association must include sub claims
- Gw
Bound List<string>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- Issuer string
- Issuer URL
- Jwt
Ttl double - Jwt TTL
- Name string
- Auth Method name
- Product
Types List<string> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Required
Scopes List<string> - RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve
- Required
Scopes stringPrefix - RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures' Application ID URI)
- Subclaims
Delimiters List<string> - A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT)
- Unique
Identifier string - A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- Access
Expires float64 - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Access
Id string - Auth Method access ID
- Allowed
Client []stringTypes - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Allowed
Redirect []stringUris - Allowed redirect URIs after the authentication
- Audience string
- Audience claim to be used as part of the authentication flow. In case set, it must match the one configured on the Identity Provider's Application
- Audit
Logs []stringClaims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- Auth
Method stringOidc Id - The ID of this resource.
- Bound
Ips []string - A CIDR whitelist with the IPs that the access is restricted to
- Client
Id string - Client ID
- Client
Secret string - Client Secret
- Delete
Protection string - Protection from accidental deletion of this object [true/false]
- Description string
- Auth Method description
- Expiration
Event []stringIns - How many days before the expiration of the auth method would you like to be notified.
- Force
Sub boolClaims - if true: enforce role-association must include sub claims
- Gw
Bound []stringIps - A CIDR whitelist with the GW IPs that the access is restricted to
- Issuer string
- Issuer URL
- Jwt
Ttl float64 - Jwt TTL
- Name string
- Auth Method name
- Product
Types []string - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Required
Scopes []string - RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve
- Required
Scopes stringPrefix - RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures' Application ID URI)
- Subclaims
Delimiters []string - A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT)
- Unique
Identifier string - A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- access
Expires Double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id String - Auth Method access ID
- allowed
Client List<String>Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- allowed
Redirect List<String>Uris - Allowed redirect URIs after the authentication
- audience String
- Audience claim to be used as part of the authentication flow. In case set, it must match the one configured on the Identity Provider's Application
- audit
Logs List<String>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method StringOidc Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- client
Id String - Client ID
- client
Secret String - Client Secret
- delete
Protection String - Protection from accidental deletion of this object [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub BooleanClaims - if true: enforce role-association must include sub claims
- gw
Bound List<String>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- issuer String
- Issuer URL
- jwt
Ttl Double - Jwt TTL
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- required
Scopes List<String> - RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve
- required
Scopes StringPrefix - RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures' Application ID URI)
- subclaims
Delimiters List<String> - A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT)
- unique
Identifier String - A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- access
Expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id string - Auth Method access ID
- allowed
Client string[]Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- allowed
Redirect string[]Uris - Allowed redirect URIs after the authentication
- audience string
- Audience claim to be used as part of the authentication flow. In case set, it must match the one configured on the Identity Provider's Application
- audit
Logs string[]Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method stringOidc Id - The ID of this resource.
- bound
Ips string[] - A CIDR whitelist with the IPs that the access is restricted to
- client
Id string - Client ID
- client
Secret string - Client Secret
- delete
Protection string - Protection from accidental deletion of this object [true/false]
- description string
- Auth Method description
- expiration
Event string[]Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub booleanClaims - if true: enforce role-association must include sub claims
- gw
Bound string[]Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- issuer string
- Issuer URL
- jwt
Ttl number - Jwt TTL
- name string
- Auth Method name
- product
Types string[] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- required
Scopes string[] - RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve
- required
Scopes stringPrefix - RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures' Application ID URI)
- subclaims
Delimiters string[] - A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT)
- unique
Identifier string - A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- access_
expires float - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access_
id str - Auth Method access ID
- allowed_
client_ Sequence[str]types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- allowed_
redirect_ Sequence[str]uris - Allowed redirect URIs after the authentication
- audience str
- Audience claim to be used as part of the authentication flow. In case set, it must match the one configured on the Identity Provider's Application
- audit_
logs_ Sequence[str]claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth_
method_ stroidc_ id - The ID of this resource.
- bound_
ips Sequence[str] - A CIDR whitelist with the IPs that the access is restricted to
- client_
id str - Client ID
- client_
secret str - Client Secret
- delete_
protection str - Protection from accidental deletion of this object [true/false]
- description str
- Auth Method description
- expiration_
event_ Sequence[str]ins - How many days before the expiration of the auth method would you like to be notified.
- force_
sub_ boolclaims - if true: enforce role-association must include sub claims
- gw_
bound_ Sequence[str]ips - A CIDR whitelist with the GW IPs that the access is restricted to
- issuer str
- Issuer URL
- jwt_
ttl float - Jwt TTL
- name str
- Auth Method name
- product_
types Sequence[str] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- required_
scopes Sequence[str] - RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve
- required_
scopes_ strprefix - RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures' Application ID URI)
- subclaims_
delimiters Sequence[str] - A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT)
- unique_
identifier str - A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- access
Expires Number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id String - Auth Method access ID
- allowed
Client List<String>Types - limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- allowed
Redirect List<String>Uris - Allowed redirect URIs after the authentication
- audience String
- Audience claim to be used as part of the authentication flow. In case set, it must match the one configured on the Identity Provider's Application
- audit
Logs List<String>Claims - Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"
- auth
Method StringOidc Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- client
Id String - Client ID
- client
Secret String - Client Secret
- delete
Protection String - Protection from accidental deletion of this object [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified.
- force
Sub BooleanClaims - if true: enforce role-association must include sub claims
- gw
Bound List<String>Ips - A CIDR whitelist with the GW IPs that the access is restricted to
- issuer String
- Issuer URL
- jwt
Ttl Number - Jwt TTL
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- required
Scopes List<String> - RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve
- required
Scopes StringPrefix - RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures' Application ID URI)
- subclaims
Delimiters List<String> - A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT)
- unique
Identifier String - A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
Package Details
- Repository
- akeyless akeyless-community/terraform-provider-akeyless
- License
- Notes
- This Pulumi package is based on the
akeylessTerraform Provider.
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
