# IAM # Permission Groups ## List Account Permission Groups `iam.permission_groups.list(PermissionGroupListParams**kwargs) -> SyncV4PagePaginationArray[PermissionGroupListResponse]` **get** `/accounts/{account_id}/iam/permission_groups` List all the permissions groups for an account. ### Parameters - `account_id: str` Account identifier tag. - `id: Optional[str]` ID of the permission group to be fetched. - `label: Optional[str]` Label of the permission group to be fetched. - `name: Optional[str]` Name of the permission group to be fetched. - `page: Optional[float]` Page number of paginated results. - `per_page: Optional[float]` Maximum number of results per page. ### Returns - `class PermissionGroupListResponse: …` A named group of permissions that map to a group of operations against resources. - `id: str` Identifier of the permission group. - `meta: Optional[Meta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.iam.permission_groups.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Permission Group Details `iam.permission_groups.get(strpermission_group_id, PermissionGroupGetParams**kwargs) -> PermissionGroupGetResponse` **get** `/accounts/{account_id}/iam/permission_groups/{permission_group_id}` Get information about a specific permission group in an account. ### Parameters - `account_id: str` Account identifier tag. - `permission_group_id: str` Permission Group identifier tag. ### Returns - `class PermissionGroupGetResponse: …` A named group of permissions that map to a group of operations against resources. - `id: str` Identifier of the permission group. - `meta: Optional[Meta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) permission_group = client.iam.permission_groups.get( permission_group_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(permission_group.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "meta": { "key": "key", "value": "value" }, "name": "Load Balancer" } } ``` ## Domain Types ### Permission Group List Response - `class PermissionGroupListResponse: …` A named group of permissions that map to a group of operations against resources. - `id: str` Identifier of the permission group. - `meta: Optional[Meta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. ### Permission Group Get Response - `class PermissionGroupGetResponse: …` A named group of permissions that map to a group of operations against resources. - `id: str` Identifier of the permission group. - `meta: Optional[Meta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. # Resource Groups ## List Resource Groups `iam.resource_groups.list(ResourceGroupListParams**kwargs) -> SyncSinglePage[ResourceGroupListResponse]` **get** `/accounts/{account_id}/iam/resource_groups` List all the resource groups for an account. ### Parameters - `account_id: str` Account identifier tag. - `id: Optional[str]` ID of the resource group to be fetched. - `name: Optional[str]` Name of the resource group to be fetched. ### Returns - `class ResourceGroupListResponse: …` A group of scoped resources. - `id: str` Identifier of the resource group. - `scope: List[Scope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[ScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[Meta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.iam.resource_groups.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ``` ## Resource Group Details `iam.resource_groups.get(strresource_group_id, ResourceGroupGetParams**kwargs) -> ResourceGroupGetResponse` **get** `/accounts/{account_id}/iam/resource_groups/{resource_group_id}` Get information about a specific resource group in an account. ### Parameters - `account_id: str` Account identifier tag. - `resource_group_id: str` Resource Group identifier tag. ### Returns - `class ResourceGroupGetResponse: …` A group of scoped resources. - `id: str` Identifier of the resource group. - `scope: List[Scope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[ScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[Meta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) resource_group = client.iam.resource_groups.get( resource_group_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(resource_group.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } } ``` ## Create Resource Group `iam.resource_groups.create(ResourceGroupCreateParams**kwargs) -> ResourceGroupCreateResponse` **post** `/accounts/{account_id}/iam/resource_groups` Create a new Resource Group under the specified account. ### Parameters - `account_id: str` Account identifier tag. - `name: str` Name of the resource group - `scope: Scope` A scope is a combination of scope objects which provides additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Iterable[ScopeObject]` A list of scope objects for additional context. The number of Scope objects should not be zero. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) ### Returns - `class ResourceGroupCreateResponse: …` A group of scoped resources. - `id: str` Identifier of the resource group. - `scope: List[Scope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[ScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[Meta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) resource_group = client.iam.resource_groups.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", name="NewResourceGroup", scope={ "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [{ "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" }], }, ) print(resource_group.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } } ``` ## Update Resource Group `iam.resource_groups.update(strresource_group_id, ResourceGroupUpdateParams**kwargs) -> ResourceGroupUpdateResponse` **put** `/accounts/{account_id}/iam/resource_groups/{resource_group_id}` Modify an existing resource group. ### Parameters - `account_id: str` Account identifier tag. - `resource_group_id: str` Resource Group identifier tag. - `name: Optional[str]` Name of the resource group - `scope: Optional[Scope]` A scope is a combination of scope objects which provides additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Iterable[ScopeObject]` A list of scope objects for additional context. The number of Scope objects should not be zero. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) ### Returns - `class ResourceGroupUpdateResponse: …` A group of scoped resources. - `id: str` Identifier of the resource group. - `scope: List[Scope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[ScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[Meta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) resource_group = client.iam.resource_groups.update( resource_group_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(resource_group.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } } ``` ## Remove Resource Group `iam.resource_groups.delete(strresource_group_id, ResourceGroupDeleteParams**kwargs) -> ResourceGroupDeleteResponse` **delete** `/accounts/{account_id}/iam/resource_groups/{resource_group_id}` Remove a resource group from an account. ### Parameters - `account_id: str` Account identifier tag. - `resource_group_id: str` Resource Group identifier tag. ### Returns - `class ResourceGroupDeleteResponse: …` - `id: str` Identifier ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) resource_group = client.iam.resource_groups.delete( resource_group_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(resource_group.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Domain Types ### Resource Group List Response - `class ResourceGroupListResponse: …` A group of scoped resources. - `id: str` Identifier of the resource group. - `scope: List[Scope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[ScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[Meta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### Resource Group Get Response - `class ResourceGroupGetResponse: …` A group of scoped resources. - `id: str` Identifier of the resource group. - `scope: List[Scope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[ScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[Meta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### Resource Group Create Response - `class ResourceGroupCreateResponse: …` A group of scoped resources. - `id: str` Identifier of the resource group. - `scope: List[Scope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[ScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[Meta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### Resource Group Update Response - `class ResourceGroupUpdateResponse: …` A group of scoped resources. - `id: str` Identifier of the resource group. - `scope: List[Scope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[ScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[Meta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### Resource Group Delete Response - `class ResourceGroupDeleteResponse: …` - `id: str` Identifier # User Groups ## List User Groups `iam.user_groups.list(UserGroupListParams**kwargs) -> SyncV4PagePaginationArray[UserGroupListResponse]` **get** `/accounts/{account_id}/iam/user_groups` List all the user groups for an account. ### Parameters - `account_id: str` Account identifier tag. - `id: Optional[str]` ID of the user group to be fetched. - `direction: Optional[str]` The sort order of returned user groups by name. Default sort order is ascending. To switch to descending, set this parameter to "desc" - `fuzzy_name: Optional[str]` A string used for searching for user groups containing that substring. - `name: Optional[str]` Name of the user group to be fetched. - `page: Optional[float]` Page number of paginated results. - `per_page: Optional[float]` Maximum number of results per page. ### Returns - `class UserGroupListResponse: …` A group of policies resources. - `id: str` User Group identifier tag. - `created_on: datetime` Timestamp for the creation of the user group - `modified_on: datetime` Last time the user group was modified. - `name: str` Name of the user group. - `policies: Optional[List[Policy]]` Policies attached to the User group - `id: Optional[str]` Policy identifier. - `access: Optional[Literal["allow", "deny"]]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Optional[List[PolicyPermissionGroup]]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PolicyPermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resource_groups: Optional[List[PolicyResourceGroup]]` A list of resource groups that the policy applies to. - `id: str` Identifier of the resource group. - `scope: List[PolicyResourceGroupScope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[PolicyResourceGroupScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[PolicyResourceGroupMeta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.iam.user_groups.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2024-03-01T12:21:02.0000Z", "modified_on": "2024-03-01T12:21:02.0000Z", "name": "My New User Group", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## User Group Details `iam.user_groups.get(struser_group_id, UserGroupGetParams**kwargs) -> UserGroupGetResponse` **get** `/accounts/{account_id}/iam/user_groups/{user_group_id}` Get information about a specific user group in an account. ### Parameters - `account_id: str` Account identifier tag. - `user_group_id: str` User Group identifier tag. ### Returns - `class UserGroupGetResponse: …` A group of policies resources. - `id: str` User Group identifier tag. - `created_on: datetime` Timestamp for the creation of the user group - `modified_on: datetime` Last time the user group was modified. - `name: str` Name of the user group. - `policies: Optional[List[Policy]]` Policies attached to the User group - `id: Optional[str]` Policy identifier. - `access: Optional[Literal["allow", "deny"]]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Optional[List[PolicyPermissionGroup]]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PolicyPermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resource_groups: Optional[List[PolicyResourceGroup]]` A list of resource groups that the policy applies to. - `id: str` Identifier of the resource group. - `scope: List[PolicyResourceGroupScope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[PolicyResourceGroupScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[PolicyResourceGroupMeta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) user_group = client.iam.user_groups.get( user_group_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(user_group.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2024-03-01T12:21:02.0000Z", "modified_on": "2024-03-01T12:21:02.0000Z", "name": "My New User Group", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ] } } ``` ## Create User Group `iam.user_groups.create(UserGroupCreateParams**kwargs) -> UserGroupCreateResponse` **post** `/accounts/{account_id}/iam/user_groups` Create a new user group under the specified account. ### Parameters - `account_id: str` Account identifier tag. - `name: str` Name of the User group. - `policies: Iterable[Policy]` Policies attached to the User group - `access: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Iterable[PolicyPermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Permission Group identifier tag. - `resource_groups: Iterable[PolicyResourceGroup]` A set of resource groups that are specified to the policy. - `id: str` Resource Group identifier tag. ### Returns - `class UserGroupCreateResponse: …` A group of policies resources. - `id: str` User Group identifier tag. - `created_on: datetime` Timestamp for the creation of the user group - `modified_on: datetime` Last time the user group was modified. - `name: str` Name of the user group. - `policies: Optional[List[Policy]]` Policies attached to the User group - `id: Optional[str]` Policy identifier. - `access: Optional[Literal["allow", "deny"]]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Optional[List[PolicyPermissionGroup]]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PolicyPermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resource_groups: Optional[List[PolicyResourceGroup]]` A list of resource groups that the policy applies to. - `id: str` Identifier of the resource group. - `scope: List[PolicyResourceGroupScope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[PolicyResourceGroupScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[PolicyResourceGroupMeta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) user_group = client.iam.user_groups.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", name="My New User Group", policies=[{ "access": "allow", "permission_groups": [{ "id": "c8fed203ed3043cba015a93ad1616f1f" }, { "id": "82e64a83756745bbbb1c9c2701bf816b" }], "resource_groups": [{ "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1" }], }], ) print(user_group.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2024-03-01T12:21:02.0000Z", "modified_on": "2024-03-01T12:21:02.0000Z", "name": "My New User Group", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ] } } ``` ## Update User Group `iam.user_groups.update(struser_group_id, UserGroupUpdateParams**kwargs) -> UserGroupUpdateResponse` **put** `/accounts/{account_id}/iam/user_groups/{user_group_id}` Modify an existing user group. ### Parameters - `account_id: str` Account identifier tag. - `user_group_id: str` User Group identifier tag. - `name: Optional[str]` Name of the User group. - `policies: Optional[Iterable[Policy]]` Policies attached to the User group - `id: str` Policy identifier. - `access: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Iterable[PolicyPermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Permission Group identifier tag. - `resource_groups: Iterable[PolicyResourceGroup]` A set of resource groups that are specified to the policy. - `id: str` Resource Group identifier tag. ### Returns - `class UserGroupUpdateResponse: …` A group of policies resources. - `id: str` User Group identifier tag. - `created_on: datetime` Timestamp for the creation of the user group - `modified_on: datetime` Last time the user group was modified. - `name: str` Name of the user group. - `policies: Optional[List[Policy]]` Policies attached to the User group - `id: Optional[str]` Policy identifier. - `access: Optional[Literal["allow", "deny"]]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Optional[List[PolicyPermissionGroup]]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PolicyPermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resource_groups: Optional[List[PolicyResourceGroup]]` A list of resource groups that the policy applies to. - `id: str` Identifier of the resource group. - `scope: List[PolicyResourceGroupScope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[PolicyResourceGroupScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[PolicyResourceGroupMeta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) user_group = client.iam.user_groups.update( user_group_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(user_group.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2024-03-01T12:21:02.0000Z", "modified_on": "2024-03-01T12:21:02.0000Z", "name": "My New User Group", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ] } } ``` ## Remove User Group `iam.user_groups.delete(struser_group_id, UserGroupDeleteParams**kwargs) -> UserGroupDeleteResponse` **delete** `/accounts/{account_id}/iam/user_groups/{user_group_id}` Remove a user group from an account. ### Parameters - `account_id: str` Account identifier tag. - `user_group_id: str` User Group identifier tag. ### Returns - `class UserGroupDeleteResponse: …` - `id: str` Identifier ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) user_group = client.iam.user_groups.delete( user_group_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(user_group.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Domain Types ### User Group List Response - `class UserGroupListResponse: …` A group of policies resources. - `id: str` User Group identifier tag. - `created_on: datetime` Timestamp for the creation of the user group - `modified_on: datetime` Last time the user group was modified. - `name: str` Name of the user group. - `policies: Optional[List[Policy]]` Policies attached to the User group - `id: Optional[str]` Policy identifier. - `access: Optional[Literal["allow", "deny"]]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Optional[List[PolicyPermissionGroup]]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PolicyPermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resource_groups: Optional[List[PolicyResourceGroup]]` A list of resource groups that the policy applies to. - `id: str` Identifier of the resource group. - `scope: List[PolicyResourceGroupScope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[PolicyResourceGroupScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[PolicyResourceGroupMeta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### User Group Get Response - `class UserGroupGetResponse: …` A group of policies resources. - `id: str` User Group identifier tag. - `created_on: datetime` Timestamp for the creation of the user group - `modified_on: datetime` Last time the user group was modified. - `name: str` Name of the user group. - `policies: Optional[List[Policy]]` Policies attached to the User group - `id: Optional[str]` Policy identifier. - `access: Optional[Literal["allow", "deny"]]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Optional[List[PolicyPermissionGroup]]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PolicyPermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resource_groups: Optional[List[PolicyResourceGroup]]` A list of resource groups that the policy applies to. - `id: str` Identifier of the resource group. - `scope: List[PolicyResourceGroupScope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[PolicyResourceGroupScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[PolicyResourceGroupMeta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### User Group Create Response - `class UserGroupCreateResponse: …` A group of policies resources. - `id: str` User Group identifier tag. - `created_on: datetime` Timestamp for the creation of the user group - `modified_on: datetime` Last time the user group was modified. - `name: str` Name of the user group. - `policies: Optional[List[Policy]]` Policies attached to the User group - `id: Optional[str]` Policy identifier. - `access: Optional[Literal["allow", "deny"]]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Optional[List[PolicyPermissionGroup]]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PolicyPermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resource_groups: Optional[List[PolicyResourceGroup]]` A list of resource groups that the policy applies to. - `id: str` Identifier of the resource group. - `scope: List[PolicyResourceGroupScope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[PolicyResourceGroupScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[PolicyResourceGroupMeta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### User Group Update Response - `class UserGroupUpdateResponse: …` A group of policies resources. - `id: str` User Group identifier tag. - `created_on: datetime` Timestamp for the creation of the user group - `modified_on: datetime` Last time the user group was modified. - `name: str` Name of the user group. - `policies: Optional[List[Policy]]` Policies attached to the User group - `id: Optional[str]` Policy identifier. - `access: Optional[Literal["allow", "deny"]]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Optional[List[PolicyPermissionGroup]]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PolicyPermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resource_groups: Optional[List[PolicyResourceGroup]]` A list of resource groups that the policy applies to. - `id: str` Identifier of the resource group. - `scope: List[PolicyResourceGroupScope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[PolicyResourceGroupScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[PolicyResourceGroupMeta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. ### User Group Delete Response - `class UserGroupDeleteResponse: …` - `id: str` Identifier # Members ## List User Group Members `iam.user_groups.members.list(struser_group_id, MemberListParams**kwargs) -> SyncV4PagePaginationArray[MemberListResponse]` **get** `/accounts/{account_id}/iam/user_groups/{user_group_id}/members` List all the members attached to a user group. ### Parameters - `account_id: str` Account identifier tag. - `user_group_id: str` User Group identifier tag. - `page: Optional[float]` Page number of paginated results. - `per_page: Optional[float]` Maximum number of results per page. ### Returns - `class MemberListResponse: …` Member attached to a User Group. - `id: str` Account member identifier. - `email: Optional[str]` The contact email address of the user. - `status: Optional[Literal["accepted", "pending"]]` The member's status in the account. - `"accepted"` - `"pending"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.iam.user_groups.members.list( user_group_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "4f5f0c14a2a41d5063dd301b2f829f04", "email": "user@example.com", "status": "accepted" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Add User Group Members `iam.user_groups.members.create(struser_group_id, MemberCreateParams**kwargs) -> MemberCreateResponse` **post** `/accounts/{account_id}/iam/user_groups/{user_group_id}/members` Add members to a User Group. ### Parameters - `account_id: str` Account identifier tag. - `user_group_id: str` User Group identifier tag. - `body: Iterable[Body]` - `id: str` The identifier of an existing account Member. ### Returns - `class MemberCreateResponse: …` Member attached to a User Group. - `id: str` Account member identifier. - `email: Optional[str]` The contact email address of the user. - `status: Optional[Literal["accepted", "pending"]]` The member's status in the account. - `"accepted"` - `"pending"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) member = client.iam.user_groups.members.create( user_group_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", body=[{ "id": "023e105f4ecef8ad9ca31a8372d0c353" }], ) print(member.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "4f5f0c14a2a41d5063dd301b2f829f04", "email": "user@example.com", "status": "accepted" } } ``` ## Update User Group Members `iam.user_groups.members.update(struser_group_id, MemberUpdateParams**kwargs) -> SyncSinglePage[MemberUpdateResponse]` **put** `/accounts/{account_id}/iam/user_groups/{user_group_id}/members` Replace the set of members attached to a User Group. ### Parameters - `account_id: str` Account identifier tag. - `user_group_id: str` User Group identifier tag. - `body: Iterable[Body]` Set/Replace members to a user group. - `id: str` The identifier of an existing account Member. ### Returns - `class MemberUpdateResponse: …` Member attached to a User Group. - `id: str` Account member identifier. - `email: Optional[str]` The contact email address of the user. - `status: Optional[Literal["accepted", "pending"]]` The member's status in the account. - `"accepted"` - `"pending"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.iam.user_groups.members.update( user_group_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", body=[{ "id": "023e105f4ecef8ad9ca31a8372d0c353" }], ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "4f5f0c14a2a41d5063dd301b2f829f04", "email": "user@example.com", "status": "accepted" } ] } ``` ## Remove User Group Member `iam.user_groups.members.delete(strmember_id, MemberDeleteParams**kwargs) -> MemberDeleteResponse` **delete** `/accounts/{account_id}/iam/user_groups/{user_group_id}/members/{member_id}` Remove a member from User Group ### Parameters - `account_id: str` Account identifier tag. - `user_group_id: str` User Group identifier tag. - `member_id: str` The identifier of an existing account Member. ### Returns - `class MemberDeleteResponse: …` Member attached to a User Group. - `id: str` Account member identifier. - `email: Optional[str]` The contact email address of the user. - `status: Optional[Literal["accepted", "pending"]]` The member's status in the account. - `"accepted"` - `"pending"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) member = client.iam.user_groups.members.delete( member_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", user_group_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(member.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "4f5f0c14a2a41d5063dd301b2f829f04", "email": "user@example.com", "status": "accepted" } } ``` ## Domain Types ### Member List Response - `class MemberListResponse: …` Member attached to a User Group. - `id: str` Account member identifier. - `email: Optional[str]` The contact email address of the user. - `status: Optional[Literal["accepted", "pending"]]` The member's status in the account. - `"accepted"` - `"pending"` ### Member Create Response - `class MemberCreateResponse: …` Member attached to a User Group. - `id: str` Account member identifier. - `email: Optional[str]` The contact email address of the user. - `status: Optional[Literal["accepted", "pending"]]` The member's status in the account. - `"accepted"` - `"pending"` ### Member Update Response - `class MemberUpdateResponse: …` Member attached to a User Group. - `id: str` Account member identifier. - `email: Optional[str]` The contact email address of the user. - `status: Optional[Literal["accepted", "pending"]]` The member's status in the account. - `"accepted"` - `"pending"` ### Member Delete Response - `class MemberDeleteResponse: …` Member attached to a User Group. - `id: str` Account member identifier. - `email: Optional[str]` The contact email address of the user. - `status: Optional[Literal["accepted", "pending"]]` The member's status in the account. - `"accepted"` - `"pending"` # SSO ## Get all SSO connectors `iam.sso.list(SSOListParams**kwargs) -> SyncSinglePage[SSOListResponse]` **get** `/accounts/{account_id}/sso_connectors` Get all SSO connectors ### Parameters - `account_id: str` Account identifier tag. ### Returns - `class SSOListResponse: …` - `id: Optional[str]` SSO Connector identifier tag. - `created_on: Optional[datetime]` Timestamp for the creation of the SSO connector - `email_domain: Optional[str]` - `enabled: Optional[bool]` - `updated_on: Optional[datetime]` Timestamp for the last update of the SSO connector - `use_fedramp_language: Optional[bool]` Controls the display of FedRAMP language to the user during SSO login - `verification: Optional[Verification]` - `code: Optional[str]` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: Optional[Literal["awaiting", "pending", "failed", "verified"]]` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.iam.sso.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2025-01-01T12:21:02.0000Z", "email_domain": "example.com", "enabled": false, "updated_on": "2025-01-01T12:21:02.0000Z", "use_fedramp_language": false, "verification": { "code": "cloudflare_dashboard_sso=023e105f4ecef8ad9ca31a8372d0c353", "status": "pending" } } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get single SSO connector `iam.sso.get(strsso_connector_id, SSOGetParams**kwargs) -> SSOGetResponse` **get** `/accounts/{account_id}/sso_connectors/{sso_connector_id}` Get single SSO connector ### Parameters - `account_id: str` Account identifier tag. - `sso_connector_id: str` SSO Connector identifier tag. ### Returns - `class SSOGetResponse: …` - `id: Optional[str]` SSO Connector identifier tag. - `created_on: Optional[datetime]` Timestamp for the creation of the SSO connector - `email_domain: Optional[str]` - `enabled: Optional[bool]` - `updated_on: Optional[datetime]` Timestamp for the last update of the SSO connector - `use_fedramp_language: Optional[bool]` Controls the display of FedRAMP language to the user during SSO login - `verification: Optional[Verification]` - `code: Optional[str]` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: Optional[Literal["awaiting", "pending", "failed", "verified"]]` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) sso = client.iam.sso.get( sso_connector_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(sso.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2025-01-01T12:21:02.0000Z", "email_domain": "example.com", "enabled": false, "updated_on": "2025-01-01T12:21:02.0000Z", "use_fedramp_language": false, "verification": { "code": "cloudflare_dashboard_sso=023e105f4ecef8ad9ca31a8372d0c353", "status": "pending" } } } ``` ## Initialize new SSO connector `iam.sso.create(SSOCreateParams**kwargs) -> SSOCreateResponse` **post** `/accounts/{account_id}/sso_connectors` Initialize new SSO connector ### Parameters - `account_id: str` Account identifier tag. - `email_domain: str` Email domain of the new SSO connector - `begin_verification: Optional[bool]` Begin the verification process after creation - `use_fedramp_language: Optional[bool]` Controls the display of FedRAMP language to the user during SSO login ### Returns - `class SSOCreateResponse: …` - `id: Optional[str]` SSO Connector identifier tag. - `created_on: Optional[datetime]` Timestamp for the creation of the SSO connector - `email_domain: Optional[str]` - `enabled: Optional[bool]` - `updated_on: Optional[datetime]` Timestamp for the last update of the SSO connector - `use_fedramp_language: Optional[bool]` Controls the display of FedRAMP language to the user during SSO login - `verification: Optional[Verification]` - `code: Optional[str]` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: Optional[Literal["awaiting", "pending", "failed", "verified"]]` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) sso = client.iam.sso.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", email_domain="example.com", ) print(sso.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2025-01-01T12:21:02.0000Z", "email_domain": "example.com", "enabled": false, "updated_on": "2025-01-01T12:21:02.0000Z", "use_fedramp_language": false, "verification": { "code": "cloudflare_dashboard_sso=023e105f4ecef8ad9ca31a8372d0c353", "status": "pending" } } } ``` ## Update SSO connector state `iam.sso.update(strsso_connector_id, SSOUpdateParams**kwargs) -> SSOUpdateResponse` **patch** `/accounts/{account_id}/sso_connectors/{sso_connector_id}` Update SSO connector state ### Parameters - `account_id: str` Account identifier tag. - `sso_connector_id: str` SSO Connector identifier tag. - `enabled: Optional[bool]` SSO Connector enabled state - `use_fedramp_language: Optional[bool]` Controls the display of FedRAMP language to the user during SSO login ### Returns - `class SSOUpdateResponse: …` - `id: Optional[str]` SSO Connector identifier tag. - `created_on: Optional[datetime]` Timestamp for the creation of the SSO connector - `email_domain: Optional[str]` - `enabled: Optional[bool]` - `updated_on: Optional[datetime]` Timestamp for the last update of the SSO connector - `use_fedramp_language: Optional[bool]` Controls the display of FedRAMP language to the user during SSO login - `verification: Optional[Verification]` - `code: Optional[str]` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: Optional[Literal["awaiting", "pending", "failed", "verified"]]` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) sso = client.iam.sso.update( sso_connector_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(sso.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2025-01-01T12:21:02.0000Z", "email_domain": "example.com", "enabled": false, "updated_on": "2025-01-01T12:21:02.0000Z", "use_fedramp_language": false, "verification": { "code": "cloudflare_dashboard_sso=023e105f4ecef8ad9ca31a8372d0c353", "status": "pending" } } } ``` ## Delete SSO connector `iam.sso.delete(strsso_connector_id, SSODeleteParams**kwargs) -> SSODeleteResponse` **delete** `/accounts/{account_id}/sso_connectors/{sso_connector_id}` Delete SSO connector ### Parameters - `account_id: str` Account identifier tag. - `sso_connector_id: str` SSO Connector identifier tag. ### Returns - `class SSODeleteResponse: …` - `id: str` Identifier ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) sso = client.iam.sso.delete( sso_connector_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(sso.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Begin SSO connector verification `iam.sso.begin_verification(strsso_connector_id, SSOBeginVerificationParams**kwargs) -> SSOBeginVerificationResponse` **post** `/accounts/{account_id}/sso_connectors/{sso_connector_id}/begin_verification` Begin SSO connector verification ### Parameters - `account_id: str` Account identifier tag. - `sso_connector_id: str` SSO Connector identifier tag. ### Returns - `class SSOBeginVerificationResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.iam.sso.begin_verification( sso_connector_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(response.errors) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Domain Types ### SSO List Response - `class SSOListResponse: …` - `id: Optional[str]` SSO Connector identifier tag. - `created_on: Optional[datetime]` Timestamp for the creation of the SSO connector - `email_domain: Optional[str]` - `enabled: Optional[bool]` - `updated_on: Optional[datetime]` Timestamp for the last update of the SSO connector - `use_fedramp_language: Optional[bool]` Controls the display of FedRAMP language to the user during SSO login - `verification: Optional[Verification]` - `code: Optional[str]` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: Optional[Literal["awaiting", "pending", "failed", "verified"]]` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### SSO Get Response - `class SSOGetResponse: …` - `id: Optional[str]` SSO Connector identifier tag. - `created_on: Optional[datetime]` Timestamp for the creation of the SSO connector - `email_domain: Optional[str]` - `enabled: Optional[bool]` - `updated_on: Optional[datetime]` Timestamp for the last update of the SSO connector - `use_fedramp_language: Optional[bool]` Controls the display of FedRAMP language to the user during SSO login - `verification: Optional[Verification]` - `code: Optional[str]` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: Optional[Literal["awaiting", "pending", "failed", "verified"]]` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### SSO Create Response - `class SSOCreateResponse: …` - `id: Optional[str]` SSO Connector identifier tag. - `created_on: Optional[datetime]` Timestamp for the creation of the SSO connector - `email_domain: Optional[str]` - `enabled: Optional[bool]` - `updated_on: Optional[datetime]` Timestamp for the last update of the SSO connector - `use_fedramp_language: Optional[bool]` Controls the display of FedRAMP language to the user during SSO login - `verification: Optional[Verification]` - `code: Optional[str]` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: Optional[Literal["awaiting", "pending", "failed", "verified"]]` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### SSO Update Response - `class SSOUpdateResponse: …` - `id: Optional[str]` SSO Connector identifier tag. - `created_on: Optional[datetime]` Timestamp for the creation of the SSO connector - `email_domain: Optional[str]` - `enabled: Optional[bool]` - `updated_on: Optional[datetime]` Timestamp for the last update of the SSO connector - `use_fedramp_language: Optional[bool]` Controls the display of FedRAMP language to the user during SSO login - `verification: Optional[Verification]` - `code: Optional[str]` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: Optional[Literal["awaiting", "pending", "failed", "verified"]]` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### SSO Delete Response - `class SSODeleteResponse: …` - `id: str` Identifier ### SSO Begin Verification Response - `class SSOBeginVerificationResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true`