Cidaas is a fast and secure Cloud Identity & Access Management solution that standardises what’s important and simplifies what’s complex.
- Single Sign On (SSO) based on OAuth 2.0, OpenID Connect, SAML 2.0
- Multi-Factor-Authentication with more than 14 authentication methods, including TOTP and FIDO2
- Passwordless Authentication
- Social Login (e.g. Facebook, Google, LinkedIn and more) as well as Enterprise Identity Provider (e.g. SAML or AD)
- Security in Machine-to-Machine (M2M) and IoT
The Terraform provider for Cidaas enables interaction with Cidaas instances that allows to perform CRUD operations on applications, custom providers, registration fields and many other functionalities. From managing applications to configuring custom providers, the Terraform provider enhances the user's capacity to define, provision and manipulate their Cidaas resources.
- Ensure Terraform is installed on your local machine. Find installation instructions for different operating systems here.
- Go (1.21)
Official documentation on how to use this provider can be found on the Terraform Registry. Detailed explanations of the resources can also be found in the Supported Resources section.
Below is a step-by-step guide to help you set up the provider, configure essential environment variables and integrate the provider into your configuration:
Begin by specifying the Cidaas provider in your terraform
block in your Terraform configuration file:
terraform {
required_providers {
cidaas = {
version = "3.0.0"
source = "Cidaas/cidaas"
}
}
}
Terraform pulls the version configured of the Cidaas provider for your infrastructure.
To authenticate and authorize Terraform operations with Cidaas, set the necessary environment variables. These variables include your Cidaas client credentials, allowing the Terraform provider to complete the client credentials flow and generate an access_token. Execute the following commands in your terminal, replacing placeholders with your actual Cidaas client ID and client secret.
export TERRAFORM_PROVIDER_CIDAAS_CLIENT_ID="ENTER CIDAAS CLIENT ID"
export TERRAFORM_PROVIDER_CIDAAS_CLIENT_SECRET="ENTER CIDAAS CLIENT SECRET"
Set-Item -Path env:TERRAFORM_PROVIDER_CIDAAS_CLIENT_ID -Value “ENTER CIDAAS CLIENT ID“
Set-Item -Path env:TERRAFORM_PROVIDER_CIDAAS_CLIENT_SECRET -Value “ENTER CIDAAS CLIENT SECRET“
You can get a set of client credentials from the Cidaas Admin UI by creating a new client. Simply go to the Apps
> App Settings
> Create New App
. It's important to note that when creating the client, you must select the app type as Non-Interactive.
Next, add the Cidaas provider configuration to your Terraform configuration file. Specify the base_url
parameter to point to your Cidaas instance. For reference, check the example folder.
provider "cidaas" {
base_url = "https://cidaas.de"
}
Note: Starting from version 2.5.1, the redirect_url
is no longer supported in the provider configuration. Ensure that you adjust your configuration accordingly.
By following these steps, you integrate the Cidaas Terraform provider enabling you to manage your Cidaas resources with Terraform.
The Terraform provider for Cidaas supports a variety of resources that enables you to manage and configure different aspects of your Cidaas environment. These resources are designed to integrate with Terraform workflows, allowing you to define, provision and manage your Cidaas resources as code.
Explore the following resources to understand their attributes, functionalities and how to use them in your Terraform configurations:
- cidaas_app
- cidaas_consent
- cidaas_consent_group
- cidaas_consent_version
- cidaas_custom_provider
- cidaas_group_type
- cidaas_hosted_page
- cidaas_password_policy
- cidaas_registration_field
- cidaas_role
- cidaas_scope_group
- cidaas_scope
- cidaas_social_provider
- cidaas_template_group
- cidaas_template
- cidaas_user_groups
- cidaas_webhook
The provider also provides a list of datasources to fetch your required data that can be referenced in your terraform configuration.
Here is the list of the datasources the provider supports:
- cidaas_consent
- cidaas_custom_provider
- cidaas_group_type
- cidaas_registration_field
- cidaas_role
- cidaas_scope_group
- cidaas_scope
- cidaas_social_provider
- cidaas_system_template_option
The App resource allows creation and management of clients in Cidaas system. When creating a client with a custom client_id
and client_secret
you can include the configuration in the resource. If not provided, Cidaas will generate a set for you. client_secret
is sensitive data. Refer to the article Terraform Sensitive Variables to properly handle sensitive information.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:apps_read
- cidaas:apps_write
- cidaas:apps_delete
If you are migrating from v2 to v3, please note the following changes in the v3 version:
- client_secret_expires_at
- client_id_issued_at
- push_config
- created_at
- updated_at
- admin_client
- deleted
- app_owner
- application_type
- social_providers
- custom_providers
- saml_providers
- ad_providers
The above attributes now has to be provided as set of objects.
{
...
social_providers = [
{
logo_url = "https://cidaas.com/logo-url"
provider_name = "sample-custom-provider"
display_name = "sample-custom-provider"
type = "CUSTOM_OPENID_CONNECT"
is_provider_visible = true
domains = ["cidaas.de"]
},
{
logo_url = "https://cidaas.com/logo-url"
provider_name = "sample-custom-provider"
display_name = "sample-custom-provider"
type = "CUSTOM_OPENID_CONNECT"
is_provider_visible = true
domains = ["cidaas.de"]
},
]
}
If you encounter the following error message when the below specified attributes are present in the state, please follow the steps to fix the error:
Error: Unable to Read Previously Saved State for UpgradeResourceState
...
There was an error reading the saved resource state using the current resource schema.
...
AttributeName("group_selection"): invalid JSON, expected "{", got "["
-
group_selection
-
login_spi
-
mfa
-
mobile_settings
To resolve this issue, manually update the Terraform state file by following these steps:
- Open the state file (
terraform.tfstate
) and locate thecidaas_app.<resource_name_in_your_config>
resource. - Search for the affected attributes listed above.
- Update their types to JSON objects. Ensure they are set as objects (
{}
) and not arrays ([]
).
Before:
"group_selection": [
{
"selectable_groups" : ["developer-users"]
"selectable_group_types" : ["sample"]
"always_show_group_selection" : null
}
]
After:
"group_selection": {
"selectable_groups" : ["developer-users"]
"selectable_group_types" : ["sample"]
"always_show_group_selection" : null
}
Alternatively, you can resolve the issue by deleting the existing state of the specific resource and importing it from Cidaas. However, this approach can be risky, so please proceed with caution. Ensure you only delete the specific resource from the state file that is causing the error, not the entire file or any other resources.
From version 3.3.0, the attribute common_configs
is not supported anymore. Instead, we encourage you to use the custom module terraform-cidaas-app.
The module provides a variable with the same name common_configs
which
supports all the attributes in the resource app except client_name
. With this module you can avoid the repeated configuration and assign the common properties
of multiple apps to a common variable and inherit the properties.
Link to the custom module https://github.com/Cidaas/terraform-cidaas-app
// local.tfvars
common_configs = {
client_type = "SINGLE_PAGE"
company_address = "Wimsheim"
company_name = "WidasConcepts GmbH"
company_address = "Maybachstraße 2, 71299 Wimsheim, Germany"
company_website = "https://widas.com"
redirect_uris = [
"https://cidaas.de/callback",
]
allowed_logout_urls = [
"https://cidaas.de/logout"
]
allowed_scopes = [
"openid",
]
}
// main.tf
provider "cidaas" {
base_url = "https://cidaas.de"
}
module "app1" {
source = "[email protected]:Cidaas/terraform-cidaas-app.git"
providers = {
cidaas = cidaas
}
client_name = "Demo App"
common_configs = var.common_configs
}
module "app2" {
source = "[email protected]:Cidaas/terraform-cidaas-app.git"
providers = {
cidaas = cidaas
}
client_name = "Demo IOS App"
client_type = "IOS"
common_configs = var.common_configs
}
You can explore more on the module in the github repo.
resource "cidaas_app" "sample" {
client_name = "Test Terraform Application" // unique
client_type = "SINGLE_PAGE"
accent_color = "#ef4923" // Default: #ef4923
primary_color = "#ef4923" // Default: #f7941d
media_type = "IMAGE" // Default: IMAGE
allow_login_with = ["EMAIL", "MOBILE", "USER_NAME"] // Default: ["EMAIL", "MOBILE", "USER_NAME"]
redirect_uris = ["https://cidaas.com"]
allowed_logout_urls = ["https://cidaas.com"]
enable_deduplication = true // Default: false
auto_login_after_register = true // Default: false
enable_passwordless_auth = false // Default: true
register_with_login_information = false // Default: false
fds_enabled = false // Default: true
hosted_page_group = "default" // Default: default
company_name = "Widas ID GmbH"
company_address = "01"
company_website = "https://cidaas.com"
allowed_scopes = ["openid", "cidaas:register", "profile"]
client_display_name = "Display Name of the app" // unique
content_align = "CENTER" // Default: CENTER
post_logout_redirect_uris = ["https://cidaas.com"]
logo_align = "CENTER" // Default: CENTER
allow_disposable_email = false // Default: false
validate_phone_number = false // Default: false
additional_access_token_payload = ["sample_payload"]
required_fields = ["email"]
mobile_settings = {
team_id = "sample-team-id"
bundle_id = "sample-bundle-id"
package_name = "sample-package-name"
key_hash = "sample-key-hash"
}
// for custom client credentials use client_id and client_secret, you can leave blank if you want cidaas to create a set for you
# client_id = ""
# client_secret = ""
policy_uri = "https://cidaas.com"
tos_uri = "https://cidaas.com"
imprint_uri = "https://cidaas.com"
contacts = ["[email protected]"]
token_endpoint_auth_method = "client_secret_post" // Default: client_secret_post
token_endpoint_auth_signing_alg = "RS256" // Default: RS256
default_acr_values = ["default"]
web_message_uris = ["https://cidaas.com"]
allowed_fields = ["email"]
smart_mfa = false // Default: false
captcha_ref = "sample-captcha-ref"
captcha_refs = ["sample"]
consent_refs = ["sample"]
communication_medium_verification = "email_verification_required_on_usage"
mobile_number_verification_required = false // Default: false
enable_bot_detection = false // Default: false
allow_guest_login_groups = [{
group_id = "developer101"
roles = ["developer", "qa", "admin"]
default_roles = ["developer"]
}]
is_login_success_page_enabled = false // Default: false
is_register_success_page_enabled = false // Default: false
group_ids = ["sample"]
is_group_login_selection_enabled = false // Default: false
group_selection = {
selectable_groups = ["developer-users"]
selectable_group_types = ["sample"]
}
group_types = ["sample"]
logo_uri = "https://cidaas.com"
initiate_login_uri = "https://cidaas.com"
registration_client_uri = "https://cidaas.com"
registration_access_token = "registration access token"
client_uri = "https://cidaas.com"
jwks_uri = "https://cidaas.com"
jwks = "https://cidaas.com/jwks"
sector_identifier_uri = "https://cidaas.com"
subject_type = "sample subject type"
id_token_signed_response_alg = "RS256"
id_token_encrypted_response_alg = "RS256"
id_token_encrypted_response_enc = "example"
userinfo_signed_response_alg = "RS256"
userinfo_encrypted_response_alg = "RS256"
userinfo_encrypted_response_enc = "example"
request_object_signing_alg = "RS256"
request_object_encryption_alg = "RS256"
request_object_encryption_enc = "userinfo_encrypted_response_enc"
request_uris = ["sample"]
description = "app description"
consent_page_group = "sample-consent-page-group"
password_policy_ref = "password-policy-ref"
blocking_mechanism_ref = "blocking-mechanism-ref"
sub = "sample-sub"
role = "sample-role"
mfa_configuration = "sample-configuration"
suggest_mfa = ["OFF"]
login_spi = {
oauth_client_id = "bcb-4a6b-9777-8a64abe6af"
spi_url = "https://cidaas.com/spi-url"
}
background_uri = "https://cidaas.com"
video_url = "https://cidaas.com"
bot_captcha_ref = "sample-bot-captcha-ref"
application_meta_data = {
status : "active"
version : "1.0.0"
}
}
allowed_logout_urls
(Set of String) Allowed logout URLs for OAuth2 client.allowed_scopes
(Set of String) The URL of the company website. allowed_scopes is a required attribute. It must be provided in the main config or common_configclient_name
(String) Name of the client.client_type
(String) The type of the client. The allowed values are SINGLE_PAGE, REGULAR_WEB, NON_INTERACTIVEIOS, ANDROID, WINDOWS_MOBILE, DESKTOP, MOBILE, DEVICE and THIRD_PARTYcompany_address
(String) The company address.company_name
(String) The name of the company that the client belongs to.company_website
(String) The URL of the company website.redirect_uris
(Set of String) Redirect URIs for OAuth2 client.
accent_color
(String) The accent color of the client. e.g.,#f7941d
. The value must be a valid hex colorThe default is set to#ef4923
.accept_roles_in_the_registration
(Boolean) A boolean flag that determines whether roles can be accepted during the registration process.ad_providers
(Attributes List) A list of Active Directory identity providers that users can authenticate with. (see below for nested schema)additional_access_token_payload
(Set of String) Access token payload definition.allow_disposable_email
(Boolean) Allow disposable email addresses. Default is set tofalse
while creating an app.allow_guest_login
(Boolean) Flag to specify whether guest users are allowed to access functionalities of the client. Default is set tofalse
allow_guest_login_groups
(Attributes List) (see below for nested schema)allow_login_with
(Set of String) allow_login_with is used to specify the preferred methods of login allowed for a client. Allowed values are EMAIL, MOBILE and USER_NAMEThe default is set to['EMAIL', 'MOBILE', 'USER_NAME']
.allowed_fields
(Set of String)allowed_groups
(Attributes List) (see below for nested schema)allowed_mfa
(Set of String)allowed_origins
(Set of String) List of the origins allowed to access the client.allowed_roles
(Set of String)allowed_web_origins
(Set of String) List of the web origins allowed to access the client.always_ask_mfa
(Boolean)application_meta_data
(Map of String) A map to add metadata of a client.auto_login_after_register
(Boolean) Automatically login after registration. Default is set tofalse
while creating an app.backchannel_logout_session_required
(Boolean) If enabled, client applications or RPs must support session management through backchannel logout.backchannel_logout_uri
(String)background_uri
(String) The URL to the background image of the client.blocking_mechanism_ref
(String)bot_captcha_ref
(String)bot_provider
(String)captcha_ref
(String)captcha_refs
(Set of String)client_display_name
(String) The display name of the client.client_id
(String) The client_id is the unqique identifier of the app. It's an optional attribute. If not provided, cidaas will gererate one for you and the state will be updated with the sameclient_secret
(String, Sensitive) The client_id is the unqique identifier of the app. It's an optional attribute. If not provided, cidaas will gererate one for you and the state will be updated with the sameclient_uri
(String)communication_medium_verification
(String)consent_page_group
(String)consent_refs
(Set of String)contacts
(Set of String) The contacts of the client.content_align
(String) The alignment of the content of the client. e.g.,CENTER
. Allowed values are CENTER, LEFT and RIGHTThe default is set toCENTER
.custom_providers
(Attributes List) A list of custom identity providers that users can authenticate with. A custom provider can be created with the help of the resource cidaas_custom_provider. (see below for nested schema)default_acr_values
(Set of String)default_max_age
(Number) The default maximum age for the token in seconds. Default is 86400 seconds (24 hours).default_roles
(Set of String)default_scopes
(Set of String)description
(String)editable
(Boolean) Flag to define if your client is editable or not. Default istrue
.email_verification_required
(Boolean)enable_bot_detection
(Boolean)enable_classical_provider
(Boolean)enable_deduplication
(Boolean) Enable deduplication.enable_login_spi
(Boolean) If enabled, the login service verifies whether login spi responsded with success only then it issues a token.enable_passwordless_auth
(Boolean) Enable passwordless authentication. Default is set totrue
while creating an app.enabled
(Boolean)fds_enabled
(Boolean) Flag to enable or disable fraud detection system. By default, it is enabled when a client is createdgrant_types
(Set of String) The grant types of the client. The default value is set to['implicit','authorization_code', 'password', 'refresh_token']
group_ids
(Set of String)group_role_restriction
(Attributes) (see below for nested schema)group_selection
(Attributes) (see below for nested schema)group_types
(Set of String)hosted_page_group
(String) Hosted page group.id_token_encrypted_response_alg
(String)id_token_encrypted_response_enc
(String)id_token_lifetime_in_seconds
(Number) The lifetime of the id_token in seconds. Default is 86400 seconds (24 hours).id_token_signed_response_alg
(String)imprint_uri
(String) The URL to the imprint page.initiate_login_uri
(String)is_group_login_selection_enabled
(Boolean)is_hybrid_app
(Boolean) Flag to set if your app is hybrid or not. Default is set tofalse
. Set totrue
to make your app hybrid.is_login_success_page_enabled
(Boolean)is_register_success_page_enabled
(Boolean)is_remember_me_selected
(Boolean)jwe_enabled
(Boolean) Flag to specify whether JSON Web Encryption (JWE) should be enabled for encrypting data.jwks
(String)jwks_uri
(String)login_providers
(Set of String) With this attribute one can setup login provider to the client.login_spi
(Attributes) A map defining the Login SPI configuration. (see below for nested schema)logo_align
(String)logo_uri
(String)media_type
(String) The media type of the client. e.g.,IMAGE
. Allowed values are VIDEO and IMAGEThe default is set toIMAGE
.mfa
(Attributes) Configuration settings for Multi-Factor Authentication (MFA). (see below for nested schema)mfa_configuration
(String)mobile_number_verification_required
(Boolean)mobile_settings
(Attributes) (see below for nested schema)operations_allowed_groups
(Attributes List) (see below for nested schema)password_policy_ref
(String)pending_scopes
(Set of String)policy_uri
(String) The URL to the policy of a client.post_logout_redirect_uris
(Set of String)primary_color
(String) The primary color of the client. e.g.,#ef4923
. The value must be a valid hex colorThe default is set to#f7941d
.refresh_token_lifetime_in_seconds
(Number) The lifetime of the refresh token in seconds. Default is 15780000 seconds.register_with_login_information
(Boolean) Register with login information. Default is set tofalse
while creating an app.registration_access_token
(String)registration_client_uri
(String)request_object_encryption_alg
(String)request_object_encryption_enc
(String)request_object_signing_alg
(String)request_uris
(Set of String)require_auth_time
(Boolean) Boolean flag to specify whether the auth_time claim is REQUIRED in a id token.required_fields
(Set of String) The required fields while registering to the client.response_types
(Set of String) The response types of the client. The default value is set to['code','token', 'id_token']
role
(String)saml_providers
(Attributes List) A list of SAML identity providers that users can authenticate with. (see below for nested schema)sector_identifier_uri
(String)smart_mfa
(Boolean)social_providers
(Attributes List) A list of social identity providers that users can authenticate with. Examples: Google, Facebook etc... (see below for nested schema)sub
(String)subject_type
(String)suggest_mfa
(Set of String)suggest_verification_methods
(Attributes) Configuration for verification methods. (see below for nested schema)template_group_id
(String) The id of the template group to be configured for commenication. Default is set to the system default group.token_endpoint_auth_method
(String)token_endpoint_auth_signing_alg
(String)token_lifetime_in_seconds
(Number) The lifetime of the token in seconds. Default is 86400 seconds (24 hours).tos_uri
(String) The URL to the TOS of a client.user_consent
(Boolean) Specifies whether user consent is required or not. Default isfalse
userinfo_encrypted_response_alg
(String)userinfo_encrypted_response_enc
(String)userinfo_signed_response_alg
(String)validate_phone_number
(Boolean) if enabled, phone number is validaed. Default is set tofalse
while creating an app.video_url
(String) The URL to the video of the client.web_message_uris
(Set of String) A list of URLs for web messages used.webfinger
(String)
id
(String) The ID of the resource.
Optional:
display_name
(String)domains
(Set of String)is_provider_visible
(Boolean)logo_url
(String)provider_name
(String)type
(String)
Optional:
default_roles
(Set of String)group_id
(String)roles
(Set of String)
Optional:
default_roles
(Set of String)group_id
(String)roles
(Set of String)
Optional:
display_name
(String)domains
(Set of String)is_provider_visible
(Boolean)logo_url
(String)provider_name
(String)type
(String)
Required:
filters
(Attributes List) An array of group role filters. (see below for nested schema)match_condition
(String) The match condition for the role restriction
Optional:
group_id
(String) The unique ID of the user group.role_filter
(Attributes) A filter for roles within the group. (see below for nested schema)
Optional:
match_condition
(String) The match condition for the roles (AND or OR).roles
(Set of String) An array of role names.
Optional:
always_show_group_selection
(Boolean)selectable_group_types
(Set of String)selectable_groups
(Set of String)
Optional:
oauth_client_id
(String)spi_url
(String)
Optional:
allowed_methods
(Set of String) Optional set of allowed MFA methods.setting
(String) Specifies the Multi-Factor Authentication (MFA) setting. Allowed values are 'OFF', 'ALWAYS', 'SMART', 'TIME_BASED' and 'SMART_PLUS_TIME_BASED'.time_interval_in_seconds
(Number) Optional time interval in seconds for time-based Multi-Factor Authentication.
Optional:
bundle_id
(String)key_hash
(String)package_name
(String)team_id
(String)
Optional:
default_roles
(Set of String)group_id
(String)roles
(Set of String)
Optional:
display_name
(String)domains
(Set of String)is_provider_visible
(Boolean)logo_url
(String)provider_name
(String)type
(String)
Optional:
provider_name
(String)social_id
(String)
Optional:
mandatory_config
(Attributes) Configuration for mandatory verification methods. (see below for nested schema)optional_config
(Attributes) Configuration for optional verification methods (see below for nested schema)skip_duration_in_days
(Number) The number of days for which the verification methods can be skipped (default is 7 days).
Optional:
methods
(Set of String) List of mandatory verification methods.range
(String) The range type for mandatory methods. Allowed value is one of ALLOF or ONEOF.skip_until
(String) The date and time until which the mandatory methods can be skipped.
Optional:
methods
(Set of String) List of optional verification methods.
Import is supported using the following syntax:
# The import identifier in this command is the client_id of the app to be imported.
terraform import cidaas_app.sample client_id
The Consent resource in the provider allows you to manage different consents within a specific consent group in Cidaas.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:tenant_consent_read
- cidaas:tenant_consent_write
- cidaas:tenant_consent_delete
resource "cidaas_consent" "sample" {
consent_group_id = cidaas_consent_group.sample.id
name = "sample_consent"
enabled = true # By default enabled is set to 'true'
}
consent_group_id
(String) Theconsent_group_id
to which the consent belongs.name
(String) The name of the consent.
enabled
(Boolean) The flag to enable or disable a speicific consent. By default, the value is set totrue
created_at
(String) The timestamp when the consent version was created.id
(String) The unique identifier of the consent resource.updated_at
(String) The timestamp when the consent version was last updated.
In the import statement, the identifier is the combination of consent_group_id
and consent_name
joined by the special character ":".
Below is an exmaple of import command to import a consent:
terraform import cidaas_consent.sample a0508317-cec9-4f3e-afa4:sample_consent
The Consent Group resource in the provider allows you to define and manage consent groups in Cidaas. Consent Groups are useful to organize and manage consents by grouping related consent items together.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:tenant_consent_read
- cidaas:tenant_consent_write
- cidaas:tenant_consent_delete
resource "cidaas_consent_group" "sample" {
group_name = "sample_consent_group"
description = "sample description"
}
group_name
(String) The name of the consent group.
description
(String) Description of the consent group.
created_at
(String) The timestamp when the consent group was created.id
(String) The unique identifier of the consent group.updated_at
(String) The timestamp when the consent group was last updated.
Import is supported using the following syntax:
terraform import cidaas_consent_group.sample id
The Consent Version resource in the provider allows you to manage different versions of a specific consent in Cidaas. This resource also supports managing consent versions across multiple locales enabling different configurations such as URLs and content for each locale.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:tenant_consent_read
- cidaas:tenant_consent_write
- cidaas:tenant_consent_delete
# cidaas_consent_version sample for consent_type "SCOPES"
resource "cidaas_consent_version" "v1" {
version = 1
consent_id = cidaas_consent.sample.id
consent_type = "SCOPES"
scopes = ["developer"]
required_fields = ["name"]
consent_locales = [
{
content = "consent version in German"
locale = "de"
},
{
content = "consent version in English"
locale = "en"
}
]
}
# cidaas_consent_version sample for consent_type "URL"
resource "cidaas_consent_version" "v2" {
version = 2
consent_id = cidaas_consent.sample.id
consent_type = "URL"
consent_locales = [
{
content = "consent version in German"
locale = "de"
url = "https://cidaas.de/de"
},
{
content = "consent version in English"
locale = "en"
url = "https://cidaas.de/en"
}
]
}
consent_id
(String) Theconsent_id
for which the consent version is created. It can not be updated for a specific consent version.consent_locales
(Attributes Set) (see below for nested schema)version
(Number) The version number of the consent. It can not be updated for a specific consent version.
consent_type
(String) Specifies the type of consent. The allowed values areSCOPES
orURL
. It can not be updated for a specific consent version.required_fields
(Set of String) A set of fields that are required for the consent. It can not be updated for a specific consent version. Note that the attributerequired_fields
is required only if theconsent_type
is set to SCOPES.scopes
(Set of String) A set of scopes related to the consent. It can not be updated for a specific consent version. Note that the attributescopes
is required only if theconsent_type
is set to SCOPES.
id
(String) The unique identifier of the consent version.
Required:
locale
(String) The locale for which the consent version is created. e.g.en-us
,de
.
Optional:
content
(String) The content of the consent version associated with a specific locale.url
(String) The url to the consent page of the created consent version. Note that the attributeurl
is required only if theconsent_type
is set to URL.
In the import statement, the identifier is the combination of consent_id
, consent_version_id
and locale
joined by the special character ":".
To import a consent version for multiple locales, you need to append the locales separated by ":".
For example, the identifier "3f453233-92d4-475b-b10e:813fbd47-6c50-4fc4-881a:en-us:de:en" imports the consent version for the locales en-us
, de
and en
.
Below is an exmaple of import command to import a consent version:
terraform import cidaas_consent_version.v1 3f453233-92d4-475b-b10e:813fbd47-6c50-4fc4-881a:en-us
This example demonstrates the configuration of a custom provider resource for interacting with Cidaas.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:providers_read
- cidaas:providers_write
- cidaas:providers_delete
If you are migrating from v2 to v3, please note the following changes in the v3 version:
- The attribute
scopes
now has to be set as an array of objects instead of separate separate object custom_fields
in userinfo_fields should be passed as object as shown in the Example Usage section
resource "cidaas_custom_provider" "sample" {
...
scopes {
recommended = true
required = true
scope_name = "email"
}
scopes {
recommended = true
required = true
scope_name = "openid"
}
userinfo_fields = {
custom_fields = [
{
key = "zipcode"
value = "123456"
},
{
key = "alternate_phone"
value = "1234567890"
}
]
}
}
resource "cidaas_custom_provider" "sample" {
standard_type = "OAUTH2"
authorization_endpoint = "https://cidaas.de/authz-srv/authz"
token_endpoint = "https://cidaas.de/token-srv/token"
provider_name = "terraform-sample"
display_name = "Terraform"
logo_url = "https://cidaas.de/logo"
userinfo_endpoint = "https://cidaas.de/users-srv/userinfo"
scope_display_label = "terraform sample scope display name"
client_id = "acb-4a6b-9777-8a64abe6af"
client_secret = "zcb-4a6b-9777-8a64abe6ay"
domains = ["cidaas.de", "cidaas.org"]
scopes = [
{
recommended = true
required = true
scope_name = "email"
},
{
recommended = true
required = true
scope_name = "openid"
},
]
userinfo_fields = {
family_name = "cp_family_name"
address = "cp_address"
birthdate = "01-01-2000"
email = "[email protected]"
email_verified = "true"
gender = "male"
given_name = "cp_given_name"
locale = "cp_locale"
middle_name = "cp_middle_name"
mobile_number = "100000000"
phone_number = "10000000"
picture = "https://cidaas.de/image.jpg"
preferred_username = "cp_preferred_username"
profile = "cp_profile"
updated_at = "01-01-01"
website = "https://cidaas.de"
zoneinfo = "cp_zone_info"
custom_fields = {
zipcode = "123456"
alternate_phone = "1234567890"
}
}
}
authorization_endpoint
(String) The URL for authorization of the provider.client_id
(String) The client ID of the provider.client_secret
(String, Sensitive) The client secret of the provider.display_name
(String) The display name of the provider.provider_name
(String) The unique identifier of the custom provider. This cannot be updated for an existing state.scope_display_label
(String) Display label for the scope of the provider.token_endpoint
(String) The URL to generate token with this provider.userinfo_endpoint
(String) The URL to fetch user details using this provider.
amr_config
(Attributes List) AMR configuration mapping. (see below for nested schema)domains
(Set of String) The domains of the provider.logo_url
(String) The URL for the provider's logo.scopes
(Attributes List) List of scopes of the provider with details (see below for nested schema)standard_type
(String) Type of standard. Allowed valuesOAUTH2
andOPENID_CONNECT
.userinfo_fields
(Attributes) Object containing various user information fields with their values. The userinfo_fields section includes specific fields such as name, family_name, address, etc., along with custom_fields allowing additional user information customization (see below for nested schema)userinfo_source
(String) Source of userinfo. Allowed values areIDTOKEN
andUSERINFOENDPOINT
.
id
(String) The ID of the resource.
Required:
amr_value
(String)ext_amr_value
(String)
Optional:
recommended
(Boolean) Indicates if the scope is recommended.required
(Boolean) Indicates if the scope is required.scope_name
(String) The name of the scope, e.g.,openid
,profile
.
Optional:
address
(Attributes) (see below for nested schema)birthdate
(Attributes) (see below for nested schema)custom_fields
(Map of String)email
(Attributes) (see below for nested schema)email_verified
(Attributes) (see below for nested schema)family_name
(Attributes) (see below for nested schema)gender
(Attributes) (see below for nested schema)given_name
(Attributes) (see below for nested schema)locale
(Attributes) (see below for nested schema)middle_name
(Attributes) (see below for nested schema)mobile_number
(Attributes) (see below for nested schema)name
(Attributes) (see below for nested schema)nickname
(Attributes) (see below for nested schema)phone_number
(Attributes) (see below for nested schema)picture
(Attributes) (see below for nested schema)preferred_username
(Attributes) (see below for nested schema)profile
(Attributes) (see below for nested schema)sub
(Attributes) (see below for nested schema)updated_at
(Attributes) (see below for nested schema)website
(Attributes) (see below for nested schema)zoneinfo
(Attributes) (see below for nested schema)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Optional:
default
(Boolean)ext_field_key
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Required:
ext_field_key
(String)
Optional:
default
(String)
Import is supported using the following syntax:
terraform import cidaas_custom_provider.resource_name provider_name
The Group Type, managed through the cidaas_group_type
resource in the provider defines and configures categories for user groups within the Cidaas system.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:group_type_read
- cidaas:group_type_write
- cidaas:group_type_delete
If you are migrating from v2 to v3, please note that cidaas_user_group_category
has been renamed to cidaas_group_type
.
Please update your Terraform configuration files accordingly to ensure compatibility with the latest version(v3).
resource "cidaas_group_type" "sample" {
role_mode = "no_roles"
group_type = "TerraformSampleGroupType"
description = "terraform user group category description"
allowed_roles = ["developer"]
}
group_type
(String) The unique identifier of the group type. This cannot be updated for an existing state.role_mode
(String) Determines the role mode for the user group type. Allowed values areany_roles
,no_roles
,roles_required
andallowed_roles
allowed_roles
(Set of String) List of allowed roles in this group type.description
(String) Thedescription
attribute provides details about the group type, explaining its purpose.
created_at
(String) The timestamp when the resource was created.id
(String) The ID of the resource.updated_at
(String) The timestamp when the resource was last updated.
Import is supported using the following syntax:
terraform import cidaas_group_type.resource_name group_type
The Hosted Page resource in the provider allows you to define and manage hosted pages within the Cidaas system.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:hosted_pages_write
- cidaas:hosted_pages_read
- cidaas:hosted_pages_delete
resource "cidaas_hosted_page" "sample" {
hosted_page_group_name = "terraform-sample-hosted-page"
default_locale = "en-IN"
hosted_pages = [
{
hosted_page_id = "register_success"
locale = "en-US"
url = "https://cidaas.de/register_success_hosted_page"
content = "content"
},
{
hosted_page_id = "register_success"
locale = "en-IN"
url = "https://cidaas.de/register_success_hosted_page"
content = "content"
}
]
}
hosted_page_group_name
(String) The name of the hosted page group. This must be unique across the cidaas system and cannot be updated for an existing state.hosted_pages
(Attributes List) List of hosted pages with their respective attributes (see below for nested schema)
default_locale
(String) The default locale for hosted pages e.g.en-US
.
created_at
(String) The timestamp when the resource was created.id
(String) The ID of the resource.updated_at
(String) The timestamp when the resource was last updated.
Required:
hosted_page_id
(String) The identifier for the hosted page, e.g.,register_success
.url
(String) The URL for the hosted page.
Optional:
content
(String) The conent of the hosted page.locale
(String) The locale for the hosted page, e.g.,en-US
.
Import is supported using the following syntax:
terraform import cidaas_hosted_page.resource_name hosted_page_id
The Password Policy resource in the provider allows you to manage the password policy within the Cidaas.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:password_policy_read
- cidaas:password_policy_write
- cidaas:password_policy_delete
resource "cidaas_password_policy" "sample" {
policy_name = "sample_terraform_policy"
minimum_length = 8
maximum_length = 20
lower_and_uppercase = true
no_of_digits = 1
no_of_special_chars = 1
}
lower_and_uppercase
(Boolean) Specifies whether the password must contain both lowercase and uppercase letters.maximum_length
(Number) The maximum length allowed for the password. Themaximum_length
must be at least sum ofminimum_length
,no_of_special_chars
,no_of_digits
andlower_and_uppercase(1)
minimum_length
(Number) The minimum length required for the password. Theminimum_length
must be greater than or equal to 5.no_of_digits
(Number) The required number of digits in the password.no_of_special_chars
(Number) The required number of special characters in the password.policy_name
(String) The name of the password policy.
id
(String) Unique identifier of the password policy.
Import is supported using the following syntax:
terraform import cidaas_password_policy.resource_name id
The cidaas_registration_page_field
in the provider allows management of registration fields in the Cidaas system. This resource enables you to configure and customize the fields displayed during user registration.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:field_setup_read
- cidaas:field_setup_write
- cidaas:field_setup_delete
If you are migrating from v2 to v3, please note that cidaas_registration_page_field
has been renamed to cidaas_registration_field
. Below is the list of changes in cidaas_registration_field
:
- Multiple Locales: Internationalization now supported via
local_texts
. - Field Definition Attributes: Added to specify maximum and minimum lengths for
TEXT
andDATE
attributes. - Extended Datatypes: It now supports the datatypes
TEXT
,NUMBER
,SELECT
,MULTISELECT
,RADIO
,CHECKBOX
,PASSWORD
,DATE
,URL
,EMAIL
,TEXTAREA
,MOBILE
,CONSENT
,JSON_STRING
,USERNAME
,ARRAY
,GROUPING
andDAYDATE
. - Configuration Updates: Adjustments required for the below attribute as shown below:
old config | new config |
---|---|
required_msg | local_texts[i].required_msg |
locale_text_min_length | field_defination.min_length |
locale_text_max_length | field_defination.max_length |
min_length_error_msg | local_texts[i].min_length_msg |
max_length_error_msg | local_texts[i].max_length_msg |
locale_text_language | The language attribute is no longer required. The provider computes and assigns the language based on the locale provided. |
locale_text_locale | local_texts[i].locale |
locale_text_name | local_texts[i].name |
attributes | description |
---|---|
locale | The locale of the field. example: de-DE |
name | The name of the field in the local configured. for example: in en-US the name is Sample Field in de-DE Beispielfeld |
max_length_msg | warning/error msg to show to the user when user exceeds the maximum character configured. This is applicable only for the attributes of base_data_type string |
min_length_msg | warning/error msg to show to the user when user don't provide the minimum character required. This is applicable only for the attributes of base_data_type string |
required_msg | When the flag required is set to true the required_msg must be provided. required_msg is shown if user does not provide a required field |
attributes | The field attributes must be provided for the data_type SELECT, MULTISELECT and RADIO. it's an array of key value pairs. example shown below |
consent_label | required when data_type is CONSENT. exmaple shown below |
local_texts = [
{
locale = "en-US"
name = "Sample Field"
required_msg = "The field is required"
attributes = [
{
key = "test_key"
value = "test_value"
}
]
}
]
local_texts = [
{
locale = "en-US"
name = "sample_consent_field"
required_msg = "The field is required"
consent_label = {
label = "test",
label_text = "test label text"
}
}
]
attributes | description |
---|---|
max_length | The maximum length of a string type attribute |
min_length | The minimum length of a string type attribute |
min_date | applicable only for DATE attribute. example: "2024-06-28T18:30:00Z" |
max_date | applicable only for DATE attribute. example: "2024-06-28T18:30:00Z" |
initial_date_view | applicable only for DATE attribute. Allowed values: month, year and multi-year |
initial_date | applicable only for DATE attribute. example: "2024-06-28T18:30:00Z" |
Ensure your Terraform configurations are updated accordingly to maintain compatibility with the latest version.
resource "cidaas_registration_page_field" "sample" {
claimable = true
data_type = "TEXT"
enabled = false
field_key = "sample_field"
field_type = "CUSTOM"
internal = false
is_group = false
locale_text_language = "en"
locale_text_locale = "en-us"
locale_text_name = "Sample Field"
order = 2
parent_group_id = "DEFAULT"
read_only = false
required = true
required_msg = "sample_field is required"
locale_text_min_length = 10
locale_text_max_length = 100
min_length_error_msg = "minimum length should be 10"
max_length_error_msg = "maximum length should be 100"
scopes = [
"profile",
]
overwrite_with_null_value_from_social_provider = false
}
resource "cidaas_registration_field" "text" {
data_type = "TEXT"
field_key = "sample_text_field"
field_type = "CUSTOM" // CUSTOM and SYSTEM, SYSTEM can not be created but modified
internal = true // Default: false
required = true // Default: false
read_only = true // Default: false
is_group = false // Default: false
unique = true // Default: false
overwrite_with_null_value_from_social_provider = false // Default: true
is_searchable = true // Default: true
enabled = true // Default: true
claimable = true // Default: true
order = 1 // Default: 1
parent_group_id = "DEFAULT" // Default: DEFAULT
scopes = ["profile"]
local_texts = [
{
locale = "en-US"
name = "Sample Field"
required_msg = "The field is required"
max_length_msg = "Maximum 99 chars allowed"
min_length_msg = "Minimum 99 chars allowed"
},
{
locale = "de-DE"
name = "Beispielfeld"
required_msg = "Dieses Feld ist erforderlich"
max_length_msg = "DE maximum 99 chars allowed"
min_length_msg = "DE minimum 10 chars allowed"
}
]
field_definition = {
max_length = 100
min_length = 10
}
}
data_type
(String) The data type of the field. This cannot be modified for an existing resource. Allowed values areTEXT
,NUMBER
,SELECT
,MULTISELECT
,RADIO
,CHECKBOX
,PASSWORD
,DATE
,URL
,EMAIL
,TEXTAREA
,MOBILE
,CONSENT
,JSON_STRING
,USERNAME
,ARRAY
,GROUPING
,DAYDATE
,field_key
(String) The unique identifier of the registration field. This cannot be modified for an existing resource.local_texts
(Attributes List) The localized detail of the registration field. (see below for nested schema)
claimable
(Boolean) Flag to mark if a field is claimable. Defaults set totrue
consent_refs
(Set of String) List of consents(the ids of the consent in cidaas must be passed) in registration. The data type must beCONSENT
in this caseenabled
(Boolean) Flag to mark if a field is enabled. Defaults set totrue
field_definition
(Attributes) (see below for nested schema)field_type
(String) Specifies whether the field type isSYSTEM
orCUSTOM
. Defaults toCUSTOM
. This cannot be modified for an existing resource.SYSTEM
fields cannot be created but can be modified. To modify an existing field import it first and then update.internal
(Boolean) Flag to mark if a field is internal. Defaults set tofalse
is_group
(Boolean) Setting is_group totrue
creates a registration field group. Defaults set tofalse
The data_type attribute must be set to TEXT when is_group is true.is_list
(Boolean)is_searchable
(Boolean) Flag to mark if a field is searchable. Defaults set totrue
order
(Number) The attribute order is used to set the order of the Field in the UI. Defaults set to1
overwrite_with_null_value_from_social_provider
(Boolean) Set to true if you want the value should be reset by identity provider. Defaults set tofalse
parent_group_id
(String) The ID of the parent registration group. Defaults toDEFAULT
if not provided.read_only
(Boolean) Flag to mark if a field is read only. Defaults set tofalse
required
(Boolean) Flag to mark if a field is required in registration. Defaults set tofalse
scopes
(Set of String) The scopes of the registration field.unique
(Boolean) Flag to mark if a field is unique. Defaults set tofalse
base_data_type
(String) The base data type of the field. This is computed property.id
(String) The ID of the resource
Required:
name
(String) The name of the field in the local configured. for example: in en-US the name isSample Field
in de-DEBeispielfeld
.
Optional:
attributes
(Attributes List) The field attributes must be provided for the data_type SELECT, MULTISELECT and RADIO. it's an array of key value pairs. Example provided in the example section. (see below for nested schema)consent_label
(Attributes) required when data_type is CONSENT. Example provided in the example section. (see below for nested schema)locale
(String) The locale of the field. example: de-DE.max_length_msg
(String) warning/error msg to show to the user when user exceeds the maximum character configured. This is applicable only for the attributes of base_data_type string.min_length_msg
(String) warning/error msg to show to the user when user don't provide the minimum character required. This is applicable only for the attributes of base_data_type string.required_msg
(String) When the flag required is set to true the required_msg must be provided. required_msg is shown if user does not provide a required field.
Required:
key
(String)value
(String)
Required:
label
(String)label_text
(String)
Optional:
initial_date
(String) The initial date. Applicable only for DATE attributes. Example format:2024-06-28T18:30:00Z
.initial_date_view
(String) The view of the calender. Applicable only for DATE attributes. Allowed values:month
,year
andmulti-year
max_date
(String) The maximum date a user can select. Applicable only for DATE attributes. Example format:2024-06-28T18:30:00Z
.max_length
(Number) The maximum length of a string type attribute.min_date
(String) The earliest date a user can select. Applicable only for DATE attributes. Example format:2024-06-28T18:30:00Z
.min_length
(Number) The minimum length of a string type attribute
Import is supported using the following syntax:
terraform import cidaas_registration_page_field.resource_name field_key
The cidaas_role resource in Terraform facilitates the management of roles in Cidaas system. This resource allows you to configure and define custom roles to suit your application's specific access control requirements.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:roles_read
- cidaas:roles_write
- cidaas:roles_delete
resource "cidaas_role" "sample" {
role = "terraform_sample_role"
name = "Terraform Sample Role"
description = "The sample is designed to demonstrate the configuration of the terraform cidaas_role resource."
}
role
(String) The unique identifier of the role. The role name must be unique across the cidaas system and cannot be updated for an existing state.
description
(String) Thedescription
attribute provides details about the role, explaining its purpose.name
(String) The name of the role.
id
(String) The ID of the role resource.
Import is supported using the following syntax:
terraform import cidaas_role.resource_name role
The cidaas_scope_group resource in the provider allows to manage Scope Groups in Cidaas system. Scope Groups help organize and group related scopes for better categorization and access control.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:scopes_read
- cidaas:scopes_write
- cidaas:scopes_delete
resource "cidaas_scope_group" "sample" {
group_name = "terraform-sample-scope"
description = "The sample is designed to demonstrate the configuration of the terraform cidaas_scope_group resource."
}
group_name
(String) The name of the group. The group name must be unique across the cidaas system and cannot be updated for an existing state.
description
(String) Thedescription
attribute provides details about the scope of the group, explaining its purpose.
created_at
(String) The timestamp when the resource was created.id
(String) The ID of th resource.updated_at
(String) The timestamp when the resource was last updated.
Import is supported using the following syntax:
terraform import cidaas_scope_group.resource_name group_name
The Scope resource allows to manage scopes in Cidaas system. Scopes define the level of access and permissions granted to an application (client).
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:scopes_read
- cidaas:scopes_write
- cidaas:scopes_delete
If you are migrating from v2 to v3, please note the following changes in the v3 version:
- The
locale
,language
,title
anddescription
attributes have been removed and replaced with alocalized_descriptions
block that supports a scope with multiple locale with better internationalization. Earlier only one locale was supported by the terraform plugin. localized_descriptions
is a list of objects, each containing:- locale
- title
- description
- The
language
attribute is no longer required. The provider computes and assigns the language based on thelocale
provided.
resource "scope" "sample" {
locale = "en-US"
language = "en-US"
title = "terraform title"
description = "terraform description"
security_level = "PUBLIC"
scope_key = "terraform-test-scope"
required_user_consent = false
group_name = []
}
resource "cidaas_scope" "sample" {
security_level = "CONFIDENTIAL"
scope_key = "terraform-sample-scope"
required_user_consent = false
group_name = []
localized_descriptions = [
{
title = "Cidaas Scope Tunisia Title"
locale = "ar-TN"
description = "This is scope in local ar-TN"
},
{
title = "Cidaas Scope German Title"
locale = "de-DE"
description = "This is scope in local de-DE"
},
{
title = "Cidaas Scope India Title"
locale = "en-IN"
description = "This is scope in local en-IN"
}
]
}
scope_key
(String) Unique identifier for the scope. This cannot be updated for an existing state.
group_name
(Set of String) List of scope_groups to associate the scope with.localized_descriptions
(Attributes List) (see below for nested schema)required_user_consent
(Boolean) Indicates whether user consent is required for the scope.scope_owner
(String) The owner of the scope. e.g.ADMIN
security_level
(String) The security level of the scope, e.g.,PUBLIC
. Allowed values arePUBLIC
andCONFIDENTIAL
id
(String) The ID of the resource.
Required:
title
(String) The title of the scope in the configured locale.
Optional:
description
(String) The description of the scope in the configured locale.locale
(String) The locale for the scope, e.g.,en-US
.
Import is supported using the following syntax:
terraform import cidaas_scope.resource_name scope_key
The cidaas_social_provider
resource allows you to configure and manage social login providers within Cidaas.
Social login providers enable users to authenticate using their existing accounts from popular social platforms such as Google, Facebook, LinkedIn and others.
Ensure that the below scopes are assigned to the client:
- cidaas:providers_read
- cidaas:providers_write
- cidaas:providers_delete
resource "cidaas_social_provider" "sample" {
name = "Sample Social Provider"
provider_name = "google"
enabled = true
client_id = "8d789b3d-b312"
client_secret = "96ae-ea2e8d8e6708"
scopes = ["profile", "email"]
enabled_for_admin_portal = true
claims = {
required_claims = {
user_info = ["name"]
id_token = ["phone_number"]
}
optional_claims = {
user_info = ["website"]
id_token = ["street_address"]
}
}
userinfo_fields = [
{
inner_key = "sample_custom_field"
external_key = "external_sample_cf"
is_custom_field = true
is_system_field = false
},
{
inner_key = "sample_system_field"
external_key = "external_sample_sf"
is_custom_field = false
is_system_field = true
}
]
}
To configure a social provider for a client in your Terraform configuration, you need to update the cidaas_app
resources with the details from the cidaas_social_provider
resource. Below is an example demonstrating how you can configure a social provider for a client:
resource "cidaas_app" "app_sample" {
...
social_providers = [
{
provider_name = cidaas_social_provider.sample.provider_name
social_id = cidaas_social_provider.sample.id
display_name = "google"
}
]
...
}
client_id
(String) The client ID provided by the social provider. This is used to authenticate your application with the social provider.client_secret
(String, Sensitive) The client secret provided by the social provider. This is used alongside the client ID to authenticate your application with the social provider.name
(String) The name of the social provider configuration. This should be unique within your Cidaas environment.provider_name
(String) The name of the social provider. Supported values includegoogle
,facebook
,linkedin
etc.
claims
(Attributes) A map defining required and optional claims to be requested from the social provider. (see below for nested schema)enabled
(Boolean) A flag to enable or disable the social provider configuration. Set totrue
to enable andfalse
to disable.enabled_for_admin_portal
(Boolean) A flag to enable or disable the social provider for the admin portal. Set totrue
to enable andfalse
to disable.scopes
(Set of String) A list of scopes of the social provider.userinfo_fields
(Attributes List) A list of user info fields to be mapped between the social provider and Cidaas. (see below for nested schema)
id
(String) The unique identifier of the social provider
Optional:
optional_claims
(Attributes) Defines the claims that are optional from the social provider. (see below for nested schema)required_claims
(Attributes) Defines the claims that are required from the social provider. (see below for nested schema)
Optional:
id_token
(Set of String) A list of ID token claims that are optional.user_info
(Set of String) A list of user information claims that are optional.
Optional:
id_token
(Set of String) A list of ID token claims that are required.user_info
(Set of String) A list of user information claims that are required.
Required:
external_key
(String) The external key used by the social provider.inner_key
(String) The internal key used by Cidaas.is_custom_field
(Boolean) A flag indicating whether the field is a custom field. Set totrue
if it is a custom field.is_system_field
(Boolean) A flag indicating whether the field is a system field. Set totrue
if it is a system field.
The import identifier of resource social provider is a combination of provider_name and provider_id joined by the special character ":".
For example, if the resource name is sample
with provider_name google
and provider_id 8d789b3d-b312-4251
, the import statement would be:
terraform import cidaas_social_provider.sample google:8d789b3d-b312-4251
The cidaas_template_group resource in the provider is used to define and manage templates groups within the Cidaas system. Template Groups categorize your communication templates allowing you to map preferred templates to specific clients effectively.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:templates_read
- cidaas:templates_write
- cidaas:templates_delete
// To create a template group, only the attribute group_id is required in the configuration.
// The attributes shown in sample-tg-2 are optional and can be configured as needed.
// If these properties are not configured in the .tf file, the provider/cidaas will compute
// and assign values to them.
// sample1
resource "cidaas_template_group" "sample-tg-1" {
group_id = "sample_group"
}
// sample2
resource "cidaas_template_group" "sample-tg-2" {
group_id = "group_another"
email_sender_config = {
from_email = "[email protected]"
from_name = "Kube-dev"
reply_to = "[email protected]"
sender_names = [
"SYSTEM",
]
}
ivr_sender_config = {
sender_names = [
"SYSTEM",
]
}
push_sender_config = {
sender_names = [
"SYSTEM",
]
}
sms_sender_config = {
sender_names = [
"SYSTEM",
]
}
}
group_id
(String) The group_id of the Template Group. The group_id is used to import an existing template group. The maximum allowed length of a group_id is 15 characters.
email_sender_config
(Attributes) Theemail_sender_config
is used to configure your email sender. (see below for nested schema)ivr_sender_config
(Attributes) The configuration of the IVR sender. (see below for nested schema)push_sender_config
(Attributes) The configuration of the PUSH notification sender. (see below for nested schema)sms_sender_config
(Attributes) The configuration of the SMS sender. (see below for nested schema)
id
(String) The ID of the resource
Optional:
from_email
(String) The email from address from which the emails will be sent when the specific group is configured.from_name
(String) Thefrom_name
attribute is the display name that appears in the 'From' field of the emails.reply_to
(String) Thereply_to
attribute is the email address where replies should be directed.sender_names
(Set of String) Thesender_names
attribute defines the names associated with email senders.
Read-Only:
id
(String) TheID
of the configured email sender.
Optional:
sender_names
(Set of String)
Read-Only:
id
(String)
Optional:
sender_names
(Set of String)
Read-Only:
id
(String)
Optional:
from_name
(String)sender_names
(Set of String)
Read-Only:
id
(String)
Import is supported using the following syntax:
terraform import cidaas_template_group.resource_name group_id
The Template resource in the provider is used to define and manage templates within the Cidaas system. Templates are used for emails, SMS, IVR, and push notifications.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:templates_read
- cidaas:templates_write
- cidaas:templates_delete
If you are migrating from v2 to v3, please note the changes in the format of the import identifier:
-
In v2, the import identifier was formed by joining template_key, template_type and locale with the character
-
. For example:TERRAFORM_TEMPLATE-SMS-en-us
. -
In v3, the import identifier format has been updated. The character
-
is replaced by the character:
. For example:TERRAFORM_TEMPLATE:SMS:en-us
.
- To create system templates, set the is_system_template flag to
true
. By default, this value isfalse
and creates custom templates when applied. - When creating system templates validation checks are applied and suggestions are provided in error messages to assist users in creating system templates.
- System templates cannot be imported using the standard Terraform import command. Instead, users must create a configuration that matches the existing system template and run terraform apply.
// custom template example
resource "cidaas_template" "custom-template-1" {
locale = "en-in"
template_key = "TERRAFORM_TEMPLATE"
template_type = "EMAIL"
content = "Indian sample content"
subject = "Email custom template subject with Indian English locale"
}
// custom template example with same template_key as custom-template-1 but different template_type and locale
resource "cidaas_template" "custom-template-2" {
locale = "de-de"
template_key = "TERRAFORM_TEMPLATE"
template_type = "SMS"
content = "Sample SMS template content in German English"
}
// custom template example with same template_key and template_type as custom-template-2 but different locale
resource "cidaas_template" "custom-template-3" {
locale = "en-us"
template_key = "TERRAFORM_TEMPLATE"
template_type = "SMS"
content = "Sample SMS template content in US English"
}
// System templates are created by setting the flag is_system_template to true.
// By default, this value is false and creates custom templates when applied.
// Validation checks are applied, and suggestions are provided in error messages to assist users in creating system templates.
// System templates cannot be imported using the standard Terraform import command.
// Instead, users must create a configuration that matches the existing system template and run terraform apply.
// Example of a system template for the template group "sample_group":
resource "cidaas_template" "system-template-1" {
locale = "en-us"
template_key = "VERIFY_USER"
template_type = "SMS"
content = "Hi {{name}}, here is the {{code}} to verify the user"
is_system_template = true
group_id = "sample_group"
processing_type = "GENERAL"
verification_type = "SMS"
usage_type = "VERIFICATION_CONFIGURATION"
}
// Example of a system template for the system default template_group "default"
resource "cidaas_template" "system-template-2" {
locale = "en-us"
template_key = "NOTIFY_COMMUNICATION_CHANGE"
template_type = "SMS"
content = "Your mobile number changed in {{account_name}}-account to {{communication_medium_value}}."
is_system_template = true
group_id = "default"
processing_type = "GENERAL"
usage_type = "GENERAL"
}
content
(String) The content of the template.locale
(String) The locale of the template. e.g.en-us
,en-uk
. Ensure the locale is set in lowercase. Find the allowed locales in the Allowed Locales section below. It cannot be updated for an existing state.template_key
(String) The unique name of the template. It cannot be updated for an existing state.template_type
(String) The type of the template. Allowed template_types are EMAIL, SMS, IVR and PUSH. Template types are case sensitive. It cannot be updated for an existing state.
group_id
(String) Thegroup_id
under which the configured template will be categorized. Only applicable for SYSTEM templates.is_system_template
(Boolean) A boolean flag to decide between SYSTEM and CUSTOM template. When set to true the provider creates a SYSTEM template else CUSTOMprocessing_type
(String) The processing_type attribute specifies the method by which the template information is processed and delivered. Only applicable for SYSTEM templates. It should be set toGENERAL
when cidaas does not provide an allowed list of values.subject
(String) Applicable only for template_type EMAIL. It represents the subject of an email.usage_type
(String) The usage_type attribute specifies the specific use case or application for the template. Only applicable for SYSTEM templates. It should be set toGENERAL
when cidaas does not provide an allowed list of values.verification_type
(String) The verification_type attribute defines the method used for verification. Only applicable for SYSTEM templates.
id
(String) The unique identifier of the template resource.language
(String) The language based on the local provided in the configuration.template_owner
(String) The template owner of the template.
Import is supported using the following syntax:
# System templates cannot be imported using the standard Terraform import command.
# Instead, users must create a configuration that matches the existing system template and run terraform apply.
# V3 Change Note: The format of the import identifier is changed in V3. In V2, the import identifier was joined by the chracter "-"
# However in V3, it is replaced by the chracter ":". Example: TERRAFORM_TEMPLATE:SMS:en-us
# Below is the command to import a custom template
# Here, template_key:template_type:locale is a combination of template_key, template_type and locale, joined by the special character ":".
# For example, if the resource name is "sample" with template_key as "TERRAFORM_TEMPLATE", template_type as "SMS" and locale as "de-de", the import statement would be:
terraform import cidaas_template.sample TERRAFORM_TEMPLATE:SMS:de-de
The cidaas_user_groups resource enables the creation of user groups in the cidaas system. These groups allow users to be organized and assigned group-specific roles.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:groups_write
- cidaas:groups_read
- cidaas:groups_delete
# In the below examples, 'parent-user-group' is the top-level group, and its group_id is passed as parent_id in the 'child-user-group' resource.
resource "cidaas_user_groups" "parent-user-group" {
group_type = "test_terraform"
group_id = "sample-group-id"
group_name = "sample-group-name"
logo_url = "https://cidaas.de/logo"
description = "sample parent user groups description"
custom_fields = {}
make_first_user_admin = true
member_profile_visibility = "full"
none_member_profile_visibility = "public"
}
resource "cidaas_user_groups" "child-user-group" {
group_type = "test_terraform"
group_id = "sample-child-group-id-sub"
group_name = "sample-child-group-name"
logo_url = "https://cidaas.de/logo"
description = "sample child user groups description"
custom_fields = {
first_name = "cidaas"
family_name = "widaas"
}
parent_id = cidaas_user_groups.sample.group_id
}
group_id
(String) Identifier for the user group.group_name
(String) Name of the user group.group_type
(String) Type of the user group.
custom_fields
(Map of String) Custom fields for the user group.description
(String) Description of the user group.logo_url
(String) URL for the user group's logomake_first_user_admin
(Boolean) Indicates whether the first user should be made an admin.member_profile_visibility
(String) Visibility of member profiles. Allowed valuespublic
orfull
.none_member_profile_visibility
(String) Visibility of non-member profiles. Allowed valuesnone
orpublic
.parent_id
(String) Identifier of the parent user group.
created_at
(String) The timestamp when the resource was created.id
(String) The unique identifier of the user group resource.updated_at
(String) The timestamp when the resource was last updated.
Import is supported using the following syntax:
terraform import cidaas_user_groups.resource_name group_id
The Webhook resource in the provider facilitates integration of webhooks in the Cidaas system. This resource allows you to configure webhooks with different authentication options.
Ensure that the below scopes are assigned to the client with the specified client_id
:
- cidaas:webhook_read
- cidaas:webhook_write
- cidaas:webhook_delete
# This is a sample configuration for setting up a webhook with multiple authentication options.
# The available authentication types include apikey_config, totp_config, and cidaas_auth_config.
# When the auth_type is set to "APIKEY", the apikey_config is required, while totp_config and cidaas_auth_config are optional.
# These optional configurations can be removed if not needed. However, by including them, you can easily switch the auth_type
# to other options by simply updating the auth_type value without needing to modify other parts of the configuration.
resource "cidaas_webhook" "sample_webhook" {
auth_type = "APIKEY"
url = "https://cidaas.de/webhook-srv/webhook"
events = [
"ACCOUNT_MODIFIED"
]
apikey_config = {
key = "api-key"
placeholder = "test-apikey-placeholder"
placement = "query"
}
totp_config = {
key = "totp-key"
placeholder = "test-totp-placeholder"
placement = "query"
}
cidaas_auth_config = {
client_id = "ce90d6ba-9a5a-49b6-9a50-b8db759e9b90"
}
}
auth_type
(String) The attribute auth_type is to define how this url is secured from your end.The allowed values areAPIKEY
,TOTP
andCIDAAS_OAUTH2
events
(Set of String) A set of events that trigger the webhook.url
(String) The webhook url that needs to be called when an event occurs.
apikey_config
(Attributes) Configuration for API key-based authentication. It's a required parameter when the auth_type is APIKEY. (see below for nested schema)cidaas_auth_config
(Attributes) Configuration for Cidaas authentication. It's a required parameter when the auth_type is CIDAAS_OAUTH2. (see below for nested schema)disable
(Boolean) Flag to disable the webhook.totp_config
(Attributes) Configuration for TOTP based authentication. It's a required parameter when the auth_type is TOTP. (see below for nested schema)
created_at
(String) The timestamp when the webhook was created.id
(String) The unique identifier of the webhook resource.updated_at
(String) The timestamp when the webhook was last updated.
Required:
key
(String) The API key that will be used to authenticate the webhook request.The key that will be passed in the request header or in query param as configured in the attributeplacement
placeholder
(String) The attribute is the placeholder for the key which need to be passed as a query parameter or in the request header.placement
(String) The placement of the API key in the request (e.g., query).The allowed value areheader
andquery
.
Required:
client_id
(String) The client ID for Cidaas authentication.
Required:
key
(String) The key used for TOTP authentication.placeholder
(String) A placeholder value for the TOTP.placement
(String) The placement of the TOTP in the request.The allowed value areheader
andquery
.
Import is supported using the following syntax:
# The import identifier in this command is the ID of the webhook to be imported.
terraform import cidaas_webhook.sample ae90d6ba-9a5a-49b6-9a50-b8db759e9b90
The data source cidaas_consent
returns a list of consents available in your Cidaas instance.
You can apply filters using the filter
block in your Terraform configuration.
data "cidaas_consent" "example" {
filter {
name = "consent_name"
values = ["terraform"]
match_by = "substring"
}
}
filter
(Block Set) (see below for nested schema)
consent
(Block List) The returned list of consents. (see below for nested schema)id
(String) The data source's unique ID.
Required:
name
(String) The name of the attribute to filter on.values
(Set of String) The value(s) to be used in the filter.
Optional:
match_by
(String) The type of comparison to use for this filter. Allowed valuesexact
,substring
andregex
Read-Only:
consent_name
(String) The name of the consent.id
(String) The unique identifier of the consent.
consent_name
The data source cidaas_custom_provider
returns a list of custom providers available in your Cidaas instance.
You can apply filters using the filter
block in your Terraform configuration.
data "cidaas_custom_provider" "example" {
filter {
name = "provider_name"
values = ["dev"]
match_by = "substring"
}
}
filter
(Block Set) (see below for nested schema)
custom_provider
(Block List) The returned list of custom providers. (see below for nested schema)id
(String) The data source's unique ID.
Required:
name
(String) The name of the attribute to filter on.values
(Set of String) The value(s) to be used in the filter.
Optional:
match_by
(String) The type of comparison to use for this filter. Allowed valuesexact
,substring
andregex
Read-Only:
domains
(Set of String) The domains of the provider.id
(String) The unique identifier of the custom provider.provider_name
(String) The name of the custom provider.standard_type
(String) Type of standard.OAUTH2
orOPENID_CONNECT
.
provider_name
standard_type
The data source cidaas_group_type
returns a list of group types available in your Cidaas instance.
You can apply filters using the filter
block in your Terraform configuration.
data "cidaas_group_type" "example" {
filter {
name = "role_mode"
values = ["roles_required"]
}
filter {
name = "allowed_roles"
values = ["DEVELOPER"]
}
}
filter
(Block Set) (see below for nested schema)
group_type
(Block List) The returned list of group types. (see below for nested schema)id
(String) The data source's unique ID.
Required:
name
(String) The name of the attribute to filter on.values
(Set of String) The value(s) to be used in the filter.
Optional:
match_by
(String) The type of comparison to use for this filter. Allowed valuesexact
,substring
andregex
Read-Only:
allowed_roles
(Set of String) List of allowed roles in a group type.description
(String) The description of the group typegroup_type
(String) The unique identifier of the group type.id
(String) The identifier of the group type.role_mode
(String) Determines the role mode for the user group type.
group_type
role_mode
allowed_roles
The data source cidaas_registration_field
returns a list of registration fields available in your Cidaas instance.
You can apply filters using the filter
block in your Terraform configuration.
data "cidaas_registration_field" "example" {
filter {
name = "field_type"
values = ["CUSTOM"]
}
}
filter
(Block Set) (see below for nested schema)registration_field
(Block List) The returned list of registration fields. (see below for nested schema)
id
(String) The data source's unique ID.
Required:
name
(String) The name of the attribute to filter on.values
(Set of String) The value(s) to be used in the filter.
Optional:
match_by
(String) The type of comparison to use for this filter. Allowed valuesexact
,substring
andregex
Required:
field_key
(String) The unique name of the registration field.
Read-Only:
data_type
(String) The data type of the field.enabled
(Boolean) Flag to identify if a field is enabled.field_type
(String) Specifies whether the field type isSYSTEM
orCUSTOM
.id
(String) The unique identifier of the group type.internal
(Boolean) Flag to identify if a field is internal.is_group
(Boolean) Flag to identify if a field is group field.order
(Number) The order of the Field in the UI.parent_group_id
(String) The ID of the parent registration group.read_only
(Boolean) Flag to identify if a field is read only.required
(Boolean) Flag to identify if a field is required in registration.
parent_group_id
field_type
data_type
field_key
required
internal
read_only
is_group
enabled
The data source cidaas_role
returns a list of roles available in your Cidaas instance.
You can apply filters using the filter
block in your Terraform configuration.
data "cidaas_role" "example" {
filter {
name = "name"
values = ["DEVELOPER"]
}
}
filter
(Block Set) (see below for nested schema)
id
(String) The data source's unique ID.role
(Block List) The returned list of roles. (see below for nested schema)
Required:
name
(String) The name of the attribute to filter on.values
(Set of String) The value(s) to be used in the filter.
Optional:
match_by
(String) The type of comparison to use for this filter. Allowed valuesexact
,substring
andregex
Read-Only:
description
(String) Thedescription
of the rolename
(String) The name of the role.role
(String) The unique identifier of the role.
role
name
The data source cidaas_scope_group
returns a list of scope groups available in your Cidaas instance.
You can apply filters using the filter
block in your Terraform configuration.
data "cidaas_scope_group" "example" {
filter {
name = "group_name"
values = ["terraform"]
match_by = "substring"
}
}
filter
(Block Set) (see below for nested schema)
id
(String) The data source's unique ID.scope_group
(Block List) The returned list of scope groups (see below for nested schema)
Required:
name
(String) The name of the attribute to filter on.values
(Set of String) The value(s) to be used in the filter.
Optional:
match_by
(String) The type of comparison to use for this filter. Allowed valuesexact
,substring
andregex
Read-Only:
description
(String) Thedescription
attribute provides details about the scope of the group, explaining its purpose.group_name
(String) The name of the group.id
(String) The ID of th resource.
group_name
The data source cidaas_scope
returns a list of scopes available in your Cidaas instance.
You can apply filters using the filter
block in your Terraform configuration.
data "cidaas_scope" "example" {
filter {
name = "security_level"
values = ["CONFIDENTIAL"]
}
filter {
name = "scope_key"
values = ["cidaas"]
match_by = "substring"
}
filter {
name = "required_user_consent"
values = [false]
}
}
filter
(Block Set) (see below for nested schema)scope
(Block List) The returned list of scopes. (see below for nested schema)
id
(String) The data source's unique ID.
Required:
name
(String) The name of the attribute to filter on.values
(Set of String) The value(s) to be used in the filter.
Optional:
match_by
(String) The type of comparison to use for this filter. Allowed valuesexact
,substring
andregex
Optional:
localized_descriptions
(Attributes List) (see below for nested schema)
Read-Only:
group_name
(Set of String) List of scope_groups associated with the scope.id
(String) The ID of the scope.required_user_consent
(Boolean) Indicates whether user consent is required for the scope.scope_key
(String) Unique identifier(name) for the scope.scope_owner
(String) The owner of the scope. e.g.ADMIN
.security_level
(String) The security level of the scope,PUBLIC
orCONFIDENTIAL
.
Read-Only:
description
(String) The description of the scope in the configured locale.locale
(String) The locale for the scope, e.g.,en-US
.title
(String) The title of the scope in the configured locale.
scope_key
security_level
group_name
required_user_consent
The data source cidaas_social_provider
returns a list of social providers available in your Cidaas instance.
You can apply filters using the filter
block in your Terraform configuration.
data "cidaas_social_provider" "example" {
filter {
name = "enabled_for_admin_portal"
values = ["true"]
}
filter {
name = "enabled"
values = ["true"]
}
}
filter
(Block Set) (see below for nested schema)
id
(String) The data source's unique ID.social_provider
(Block List) The returned list of social providers. (see below for nested schema)
Required:
name
(String) The name of the attribute to filter on.values
(Set of String) The value(s) to be used in the filter.
Optional:
match_by
(String) The type of comparison to use for this filter. Allowed valuesexact
,substring
andregex
Read-Only:
client_id
(String) The client ID of the social provider.client_secret
(String, Sensitive) The client secret of the social provider.enabled
(Boolean) A flag to identify if a provider is enabled.enabled_for_admin_portal
(Boolean) A flag to identify if a social provider is enabled for the admin portal.id
(String) The unique identifier of the social providername
(String) The name of the social provider configuration.provider_name
(String) The name of the social provider e.g;google
,facebook
,linkedin
etc.scopes
(Set of String) A list of scopes of the social provider.
name
provider_name
enabled
enabled_for_admin_portal
The data source cidaas_system_template_option
returns a list of system templates optionsa that can be
configured to create a system template in your Cidaas instance.
You can apply filters using the filter
block in your Terraform configuration.
data "cidaas_system_template_option" "example" {
filter {
name = "template_key"
values = ["UN_REGISTER_USER_ALERT"]
}
filter {
name = "role"
values = ["USER_CREATE"]
}
}
filter
(Block Set) (see below for nested schema)system_template_option
(Block List) The returned list of system template options. (see below for nested schema)
id
(String) The data source's unique ID.
Required:
name
(String) The name of the attribute to filter on.values
(Set of String) The value(s) to be used in the filter.
Optional:
match_by
(String) The type of comparison to use for this filter. Allowed valuesexact
,substring
andregex
Required:
enabled
(Boolean) The flag to identify if a system template is enabled.template_key
(String) The key of the template.
Optional:
template_types
(Attributes List) (see below for nested schema)
Optional:
processing_types
(Attributes List) (see below for nested schema)
Read-Only:
template_type
(String) The type of the template. e.g.EMAIL
Optional:
verification_types
(Attributes List) (see below for nested schema)
Read-Only:
processing_type
(String) The processing type of the template. e.g.LINK
orCODE
supported_tags
(Attributes) (see below for nested schema)
Read-Only:
usage_types
(Set of String) The usage type of the template. e.g.MULTIFACTOR_AUTHENTICATION
verification_type
(String) The verification type of the template. e.g.EMAIL
Read-Only:
optional
(Set of String) This lists provides the optional tags supported in a template content.required
(Set of String) The required tags in a template. While creating a templates the required tags must be part of the content.
template_key
enabled