API Reference

Zero Trust

Access

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Groups

resource cloudflare_zero_trust_access_group

required Expand Collapse

name: String

The name of the Access group.

include: List[Attributes]

Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.

group?: Attributes

id: String

The ID of a previously created Access group.

any_valid_service_token?: Attributes

An empty object which matches on all service tokens.

auth_context?: Attributes

id: String

The ID of an Authentication context.

ac_id: String

The ACID of an Authentication context.

identity_provider_id: String

The ID of your Azure identity provider.

auth_method?: Attributes

auth_method: String

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

azure_ad?: Attributes

id: String

The ID of an Azure group.

identity_provider_id: String

The ID of your Azure identity provider.

certificate?: Attributes

common_name?: Attributes

common_name: String

The common name to match.

geo?: Attributes

country_code: String

The country code that should be matched.

device_posture?: Attributes

integration_uid: String

The ID of a device posture integration.

email_domain?: Attributes

domain: String

The email domain to match.

email_list?: Attributes

id: String

The ID of a previously created email list.

email?: Attributes

email: String

The email of the user.

everyone?: Attributes

An empty object which matches on all users.

external_evaluation?: Attributes

evaluate_url: String

The API endpoint containing your business logic.

keys_url: String

The API endpoint containing the key that Access uses to verify that the response came from your API.

github_organization?: Attributes

identity_provider_id: String

The ID of your Github identity provider.

name: String

The name of the organization.

team?: String

The name of the team

gsuite?: Attributes

email: String

The email of the Google Workspace group.

identity_provider_id: String

The ID of your Google Workspace identity provider.

login_method?: Attributes

id: String

The ID of an identity provider.

ip_list?: Attributes

id: String

The ID of a previously created IP list.

ip?: Attributes

ip: String

An IPv4 or IPv6 CIDR block.

okta?: Attributes

identity_provider_id: String

The ID of your Okta identity provider.

name: String

The name of the Okta group.

saml?: Attributes

attribute_name: String

The name of the SAML attribute.

attribute_value: String

The SAML attribute value to look for.

identity_provider_id: String

The ID of your SAML identity provider.

oidc?: Attributes

claim_name: String

The name of the OIDC claim.

claim_value: String

The OIDC claim value to look for.

identity_provider_id: String

The ID of your OIDC identity provider.

service_token?: Attributes

token_id: String

The ID of a Service Token.

linked_app_token?: Attributes

app_uid: String

The ID of an Access OIDC SaaS application

user_risk_score?: Attributes

user_risk_score: List[String]

A list of risk score levels to match. Values can be low, medium, high, or unscored.

optional Expand Collapse

account_id?: String

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id?: String

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

is_default?: Bool

Whether this is the default group

exclude?: List[Attributes]

Rules evaluated with a NOT logical operator. To match a policy, a user cannot meet any of the Exclude rules.

group?: Attributes

id: String

The ID of a previously created Access group.

any_valid_service_token?: Attributes

An empty object which matches on all service tokens.

auth_context?: Attributes

id: String

The ID of an Authentication context.

ac_id: String

The ACID of an Authentication context.

identity_provider_id: String

The ID of your Azure identity provider.

auth_method?: Attributes

auth_method: String

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

azure_ad?: Attributes

id: String

The ID of an Azure group.

identity_provider_id: String

The ID of your Azure identity provider.

certificate?: Attributes

common_name?: Attributes

common_name: String

The common name to match.

geo?: Attributes

country_code: String

The country code that should be matched.

device_posture?: Attributes

integration_uid: String

The ID of a device posture integration.

email_domain?: Attributes

domain: String

The email domain to match.

email_list?: Attributes

id: String

The ID of a previously created email list.

email?: Attributes

email: String

The email of the user.

everyone?: Attributes

An empty object which matches on all users.

external_evaluation?: Attributes

evaluate_url: String

The API endpoint containing your business logic.

keys_url: String

The API endpoint containing the key that Access uses to verify that the response came from your API.

github_organization?: Attributes

identity_provider_id: String

The ID of your Github identity provider.

name: String

The name of the organization.

team?: String

The name of the team

gsuite?: Attributes

email: String

The email of the Google Workspace group.

identity_provider_id: String

The ID of your Google Workspace identity provider.

login_method?: Attributes

id: String

The ID of an identity provider.

ip_list?: Attributes

id: String

The ID of a previously created IP list.

ip?: Attributes

ip: String

An IPv4 or IPv6 CIDR block.

okta?: Attributes

identity_provider_id: String

The ID of your Okta identity provider.

name: String

The name of the Okta group.

saml?: Attributes

attribute_name: String

The name of the SAML attribute.

attribute_value: String

The SAML attribute value to look for.

identity_provider_id: String

The ID of your SAML identity provider.

oidc?: Attributes

claim_name: String

The name of the OIDC claim.

claim_value: String

The OIDC claim value to look for.

identity_provider_id: String

The ID of your OIDC identity provider.

service_token?: Attributes

token_id: String

The ID of a Service Token.

linked_app_token?: Attributes

app_uid: String

The ID of an Access OIDC SaaS application

user_risk_score?: Attributes

user_risk_score: List[String]

A list of risk score levels to match. Values can be low, medium, high, or unscored.

require?: List[Attributes]

Rules evaluated with an AND logical operator. To match a policy, a user must meet all of the Require rules.

group?: Attributes

id: String

The ID of a previously created Access group.

any_valid_service_token?: Attributes

An empty object which matches on all service tokens.

auth_context?: Attributes

id: String

The ID of an Authentication context.

ac_id: String

The ACID of an Authentication context.

identity_provider_id: String

The ID of your Azure identity provider.

auth_method?: Attributes

auth_method: String

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

azure_ad?: Attributes

id: String

The ID of an Azure group.

identity_provider_id: String

The ID of your Azure identity provider.

certificate?: Attributes

common_name?: Attributes

common_name: String

The common name to match.

geo?: Attributes

country_code: String

The country code that should be matched.

device_posture?: Attributes

integration_uid: String

The ID of a device posture integration.

email_domain?: Attributes

domain: String

The email domain to match.

email_list?: Attributes

id: String

The ID of a previously created email list.

email?: Attributes

email: String

The email of the user.

everyone?: Attributes

An empty object which matches on all users.

external_evaluation?: Attributes

evaluate_url: String

The API endpoint containing your business logic.

keys_url: String

The API endpoint containing the key that Access uses to verify that the response came from your API.

github_organization?: Attributes

identity_provider_id: String

The ID of your Github identity provider.

name: String

The name of the organization.

team?: String

The name of the team

gsuite?: Attributes

email: String

The email of the Google Workspace group.

identity_provider_id: String

The ID of your Google Workspace identity provider.

login_method?: Attributes

id: String

The ID of an identity provider.

ip_list?: Attributes

id: String

The ID of a previously created IP list.

ip?: Attributes

ip: String

An IPv4 or IPv6 CIDR block.

okta?: Attributes

identity_provider_id: String

The ID of your Okta identity provider.

name: String

The name of the Okta group.

saml?: Attributes

attribute_name: String

The name of the SAML attribute.

attribute_value: String

The SAML attribute value to look for.

identity_provider_id: String

The ID of your SAML identity provider.

oidc?: Attributes

claim_name: String

The name of the OIDC claim.

claim_value: String

The OIDC claim value to look for.

identity_provider_id: String

The ID of your OIDC identity provider.

service_token?: Attributes

token_id: String

The ID of a Service Token.

linked_app_token?: Attributes

app_uid: String

The ID of an Access OIDC SaaS application

user_risk_score?: Attributes

user_risk_score: List[String]

A list of risk score levels to match. Values can be low, medium, high, or unscored.

computed Expand Collapse

id: String

UUID.

created_at: Time

updated_at: Time

cloudflare_zero_trust_access_group

Terraform

HTTP

TypeScript

Python

Go

Terraform

resource "cloudflare_zero_trust_access_group" "example_zero_trust_access_group" {
  include = [{
    group = {
      id = "aa0a4aab-672b-4bdb-bc33-a59f1130a11f"
    }
  }]
  name = "Allow devs"
  zone_id = "zone_id"
  exclude = [{
    group = {
      id = "aa0a4aab-672b-4bdb-bc33-a59f1130a11f"
    }
  }]
  is_default = true
  require = [{
    group = {
      id = "aa0a4aab-672b-4bdb-bc33-a59f1130a11f"
    }
  }]
}

data cloudflare_zero_trust_access_group

optional Expand Collapse

group_id?: String

UUID.

account_id?: String

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id?: String

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

filter?: Attributes

name?: String

The name of the group.

search?: String

Search for groups by other listed query parameters.

computed Expand Collapse

id: String

UUID.

created_at: Time

name: String

The name of the Access group.

updated_at: Time

exclude: List[Attributes]

Rules evaluated with a NOT logical operator. To match a policy, a user cannot meet any of the Exclude rules.

group: Attributes

id: String

The ID of a previously created Access group.

any_valid_service_token: Attributes

An empty object which matches on all service tokens.

auth_context: Attributes

id: String

The ID of an Authentication context.

ac_id: String

The ACID of an Authentication context.

identity_provider_id: String

The ID of your Azure identity provider.

auth_method: Attributes

auth_method: String

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

azure_ad: Attributes

id: String

The ID of an Azure group.

identity_provider_id: String

The ID of your Azure identity provider.

certificate: Attributes

common_name: Attributes

common_name: String

The common name to match.

geo: Attributes

country_code: String

The country code that should be matched.

device_posture: Attributes

integration_uid: String

The ID of a device posture integration.

email_domain: Attributes

domain: String

The email domain to match.

email_list: Attributes

id: String

The ID of a previously created email list.

email: Attributes

email: String

The email of the user.

everyone: Attributes

An empty object which matches on all users.

external_evaluation: Attributes

evaluate_url: String

The API endpoint containing your business logic.

keys_url: String

The API endpoint containing the key that Access uses to verify that the response came from your API.

github_organization: Attributes

identity_provider_id: String

The ID of your Github identity provider.

name: String

The name of the organization.

team: String

The name of the team

gsuite: Attributes

email: String

The email of the Google Workspace group.

identity_provider_id: String

The ID of your Google Workspace identity provider.

login_method: Attributes

id: String

The ID of an identity provider.

ip_list: Attributes

id: String

The ID of a previously created IP list.

ip: Attributes

ip: String

An IPv4 or IPv6 CIDR block.

okta: Attributes

identity_provider_id: String

The ID of your Okta identity provider.

name: String

The name of the Okta group.

saml: Attributes

attribute_name: String

The name of the SAML attribute.

attribute_value: String

The SAML attribute value to look for.

identity_provider_id: String

The ID of your SAML identity provider.

oidc: Attributes

claim_name: String

The name of the OIDC claim.

claim_value: String

The OIDC claim value to look for.

identity_provider_id: String

The ID of your OIDC identity provider.

service_token: Attributes

token_id: String

The ID of a Service Token.

linked_app_token: Attributes

app_uid: String

The ID of an Access OIDC SaaS application

user_risk_score: Attributes

user_risk_score: List[String]

A list of risk score levels to match. Values can be low, medium, high, or unscored.

include: List[Attributes]

Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.

group: Attributes

id: String

The ID of a previously created Access group.

any_valid_service_token: Attributes

An empty object which matches on all service tokens.

auth_context: Attributes

id: String

The ID of an Authentication context.

ac_id: String

The ACID of an Authentication context.

identity_provider_id: String

The ID of your Azure identity provider.

auth_method: Attributes

auth_method: String

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

azure_ad: Attributes

id: String

The ID of an Azure group.

identity_provider_id: String

The ID of your Azure identity provider.

certificate: Attributes

common_name: Attributes

common_name: String

The common name to match.

geo: Attributes

country_code: String

The country code that should be matched.

device_posture: Attributes

integration_uid: String

The ID of a device posture integration.

email_domain: Attributes

domain: String

The email domain to match.

email_list: Attributes

id: String

The ID of a previously created email list.

email: Attributes

email: String

The email of the user.

everyone: Attributes

An empty object which matches on all users.

external_evaluation: Attributes

evaluate_url: String

The API endpoint containing your business logic.

keys_url: String

The API endpoint containing the key that Access uses to verify that the response came from your API.

github_organization: Attributes

identity_provider_id: String

The ID of your Github identity provider.

name: String

The name of the organization.

team: String

The name of the team

gsuite: Attributes

email: String

The email of the Google Workspace group.

identity_provider_id: String

The ID of your Google Workspace identity provider.

login_method: Attributes

id: String

The ID of an identity provider.

ip_list: Attributes

id: String

The ID of a previously created IP list.

ip: Attributes

ip: String

An IPv4 or IPv6 CIDR block.

okta: Attributes

identity_provider_id: String

The ID of your Okta identity provider.

name: String

The name of the Okta group.

saml: Attributes

attribute_name: String

The name of the SAML attribute.

attribute_value: String

The SAML attribute value to look for.

identity_provider_id: String

The ID of your SAML identity provider.

oidc: Attributes

claim_name: String

The name of the OIDC claim.

claim_value: String

The OIDC claim value to look for.

identity_provider_id: String

The ID of your OIDC identity provider.

service_token: Attributes

token_id: String

The ID of a Service Token.

linked_app_token: Attributes

app_uid: String

The ID of an Access OIDC SaaS application

user_risk_score: Attributes

user_risk_score: List[String]

A list of risk score levels to match. Values can be low, medium, high, or unscored.

is_default: List[Attributes]

Rules evaluated with an AND logical operator. To match a policy, a user must meet all of the Require rules.

group: Attributes

id: String

The ID of a previously created Access group.

any_valid_service_token: Attributes

An empty object which matches on all service tokens.

auth_context: Attributes

id: String

The ID of an Authentication context.

ac_id: String

The ACID of an Authentication context.

identity_provider_id: String

The ID of your Azure identity provider.

auth_method: Attributes

auth_method: String

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

azure_ad: Attributes

id: String

The ID of an Azure group.

identity_provider_id: String

The ID of your Azure identity provider.

certificate: Attributes

common_name: Attributes

common_name: String

The common name to match.

geo: Attributes

country_code: String

The country code that should be matched.

device_posture: Attributes

integration_uid: String

The ID of a device posture integration.

email_domain: Attributes

domain: String

The email domain to match.

email_list: Attributes

id: String

The ID of a previously created email list.

email: Attributes

email: String

The email of the user.

everyone: Attributes

An empty object which matches on all users.

external_evaluation: Attributes

evaluate_url: String

The API endpoint containing your business logic.

keys_url: String

The API endpoint containing the key that Access uses to verify that the response came from your API.

github_organization: Attributes

identity_provider_id: String

The ID of your Github identity provider.

name: String

The name of the organization.

team: String

The name of the team

gsuite: Attributes

email: String

The email of the Google Workspace group.

identity_provider_id: String

The ID of your Google Workspace identity provider.

login_method: Attributes

id: String

The ID of an identity provider.

ip_list: Attributes

id: String

The ID of a previously created IP list.

ip: Attributes

ip: String

An IPv4 or IPv6 CIDR block.

okta: Attributes

identity_provider_id: String

The ID of your Okta identity provider.

name: String

The name of the Okta group.

saml: Attributes

attribute_name: String

The name of the SAML attribute.

attribute_value: String

The SAML attribute value to look for.

identity_provider_id: String

The ID of your SAML identity provider.

oidc: Attributes

claim_name: String

The name of the OIDC claim.

claim_value: String

The OIDC claim value to look for.

identity_provider_id: String

The ID of your OIDC identity provider.

service_token: Attributes

token_id: String

The ID of a Service Token.

linked_app_token: Attributes

app_uid: String

The ID of an Access OIDC SaaS application

user_risk_score: Attributes

user_risk_score: List[String]

A list of risk score levels to match. Values can be low, medium, high, or unscored.

require: List[Attributes]

Rules evaluated with an AND logical operator. To match a policy, a user must meet all of the Require rules.

group: Attributes

id: String

The ID of a previously created Access group.

any_valid_service_token: Attributes

An empty object which matches on all service tokens.

auth_context: Attributes

id: String

The ID of an Authentication context.

ac_id: String

The ACID of an Authentication context.

identity_provider_id: String

The ID of your Azure identity provider.

auth_method: Attributes

auth_method: String

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

azure_ad: Attributes

id: String

The ID of an Azure group.

identity_provider_id: String

The ID of your Azure identity provider.

certificate: Attributes

common_name: Attributes

common_name: String

The common name to match.

geo: Attributes

country_code: String

The country code that should be matched.

device_posture: Attributes

integration_uid: String

The ID of a device posture integration.

email_domain: Attributes

domain: String

The email domain to match.

email_list: Attributes

id: String

The ID of a previously created email list.

email: Attributes

email: String

The email of the user.

everyone: Attributes

An empty object which matches on all users.

external_evaluation: Attributes

evaluate_url: String

The API endpoint containing your business logic.

keys_url: String

The API endpoint containing the key that Access uses to verify that the response came from your API.

github_organization: Attributes

identity_provider_id: String

The ID of your Github identity provider.

name: String

The name of the organization.

team: String

The name of the team

gsuite: Attributes

email: String

The email of the Google Workspace group.

identity_provider_id: String

The ID of your Google Workspace identity provider.

login_method: Attributes

id: String

The ID of an identity provider.

ip_list: Attributes

id: String

The ID of a previously created IP list.

ip: Attributes

ip: String

An IPv4 or IPv6 CIDR block.

okta: Attributes

identity_provider_id: String

The ID of your Okta identity provider.

name: String

The name of the Okta group.

saml: Attributes

attribute_name: String

The name of the SAML attribute.

attribute_value: String

The SAML attribute value to look for.

identity_provider_id: String

The ID of your SAML identity provider.

oidc: Attributes

claim_name: String

The name of the OIDC claim.

claim_value: String

The OIDC claim value to look for.

identity_provider_id: String

The ID of your OIDC identity provider.

service_token: Attributes

token_id: String

The ID of a Service Token.

linked_app_token: Attributes

app_uid: String

The ID of an Access OIDC SaaS application

user_risk_score: Attributes

user_risk_score: List[String]

A list of risk score levels to match. Values can be low, medium, high, or unscored.

cloudflare_zero_trust_access_group

Terraform

HTTP

TypeScript

Python

Go

Terraform

data "cloudflare_zero_trust_access_group" "example_zero_trust_access_group" {
  group_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
  account_id = "account_id"
  zone_id = "zone_id"
}

data cloudflare_zero_trust_access_groups

optional Expand Collapse

account_id?: String

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id?: String

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

name?: String

The name of the group.

search?: String

Search for groups by other listed query parameters.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

UUID.

created_at: Time

exclude: List[Attributes]

Rules evaluated with a NOT logical operator. To match a policy, a user cannot meet any of the Exclude rules.

group: Attributes

id: String

The ID of a previously created Access group.

any_valid_service_token: Attributes

An empty object which matches on all service tokens.

auth_context: Attributes

id: String

The ID of an Authentication context.

ac_id: String

The ACID of an Authentication context.

identity_provider_id: String

The ID of your Azure identity provider.

auth_method: Attributes

auth_method: String

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

azure_ad: Attributes

id: String

The ID of an Azure group.

identity_provider_id: String

The ID of your Azure identity provider.

certificate: Attributes

common_name: Attributes

common_name: String

The common name to match.

geo: Attributes

country_code: String

The country code that should be matched.

device_posture: Attributes

integration_uid: String

The ID of a device posture integration.

email_domain: Attributes

domain: String

The email domain to match.

email_list: Attributes

id: String

The ID of a previously created email list.

email: Attributes

email: String

The email of the user.

everyone: Attributes

An empty object which matches on all users.

external_evaluation: Attributes

evaluate_url: String

The API endpoint containing your business logic.

keys_url: String

The API endpoint containing the key that Access uses to verify that the response came from your API.

github_organization: Attributes

identity_provider_id: String

The ID of your Github identity provider.

name: String

The name of the organization.

team: String

The name of the team

gsuite: Attributes

email: String

The email of the Google Workspace group.

identity_provider_id: String

The ID of your Google Workspace identity provider.

login_method: Attributes

id: String

The ID of an identity provider.

ip_list: Attributes

id: String

The ID of a previously created IP list.

ip: Attributes

ip: String

An IPv4 or IPv6 CIDR block.

okta: Attributes

identity_provider_id: String

The ID of your Okta identity provider.

name: String

The name of the Okta group.

saml: Attributes

attribute_name: String

The name of the SAML attribute.

attribute_value: String

The SAML attribute value to look for.

identity_provider_id: String

The ID of your SAML identity provider.

oidc: Attributes

claim_name: String

The name of the OIDC claim.

claim_value: String

The OIDC claim value to look for.

identity_provider_id: String

The ID of your OIDC identity provider.

service_token: Attributes

token_id: String

The ID of a Service Token.

linked_app_token: Attributes

app_uid: String

The ID of an Access OIDC SaaS application

user_risk_score: Attributes

user_risk_score: List[String]

A list of risk score levels to match. Values can be low, medium, high, or unscored.

include: List[Attributes]

Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.

group: Attributes

id: String

The ID of a previously created Access group.

any_valid_service_token: Attributes

An empty object which matches on all service tokens.

auth_context: Attributes

id: String

The ID of an Authentication context.

ac_id: String

The ACID of an Authentication context.

identity_provider_id: String

The ID of your Azure identity provider.

auth_method: Attributes

auth_method: String

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

azure_ad: Attributes

id: String

The ID of an Azure group.

identity_provider_id: String

The ID of your Azure identity provider.

certificate: Attributes

common_name: Attributes

common_name: String

The common name to match.

geo: Attributes

country_code: String

The country code that should be matched.

device_posture: Attributes

integration_uid: String

The ID of a device posture integration.

email_domain: Attributes

domain: String

The email domain to match.

email_list: Attributes

id: String

The ID of a previously created email list.

email: Attributes

email: String

The email of the user.

everyone: Attributes

An empty object which matches on all users.

external_evaluation: Attributes

evaluate_url: String

The API endpoint containing your business logic.

keys_url: String

The API endpoint containing the key that Access uses to verify that the response came from your API.

github_organization: Attributes

identity_provider_id: String

The ID of your Github identity provider.

name: String

The name of the organization.

team: String

The name of the team

gsuite: Attributes

email: String

The email of the Google Workspace group.

identity_provider_id: String

The ID of your Google Workspace identity provider.

login_method: Attributes

id: String

The ID of an identity provider.

ip_list: Attributes

id: String

The ID of a previously created IP list.

ip: Attributes

ip: String

An IPv4 or IPv6 CIDR block.

okta: Attributes

identity_provider_id: String

The ID of your Okta identity provider.

name: String

The name of the Okta group.

saml: Attributes

attribute_name: String

The name of the SAML attribute.

attribute_value: String

The SAML attribute value to look for.

identity_provider_id: String

The ID of your SAML identity provider.

oidc: Attributes

claim_name: String

The name of the OIDC claim.

claim_value: String

The OIDC claim value to look for.

identity_provider_id: String

The ID of your OIDC identity provider.

service_token: Attributes

token_id: String

The ID of a Service Token.

linked_app_token: Attributes

app_uid: String

The ID of an Access OIDC SaaS application

user_risk_score: Attributes

user_risk_score: List[String]

A list of risk score levels to match. Values can be low, medium, high, or unscored.

is_default: List[Attributes]

Rules evaluated with an AND logical operator. To match a policy, a user must meet all of the Require rules.

group: Attributes

id: String

The ID of a previously created Access group.

any_valid_service_token: Attributes

An empty object which matches on all service tokens.

auth_context: Attributes

id: String

The ID of an Authentication context.

ac_id: String

The ACID of an Authentication context.

identity_provider_id: String

The ID of your Azure identity provider.

auth_method: Attributes

auth_method: String

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

azure_ad: Attributes

id: String

The ID of an Azure group.

identity_provider_id: String

The ID of your Azure identity provider.

certificate: Attributes

common_name: Attributes

common_name: String

The common name to match.

geo: Attributes

country_code: String

The country code that should be matched.

device_posture: Attributes

integration_uid: String

The ID of a device posture integration.

email_domain: Attributes

domain: String

The email domain to match.

email_list: Attributes

id: String

The ID of a previously created email list.

email: Attributes

email: String

The email of the user.

everyone: Attributes

An empty object which matches on all users.

external_evaluation: Attributes

evaluate_url: String

The API endpoint containing your business logic.

keys_url: String

The API endpoint containing the key that Access uses to verify that the response came from your API.

github_organization: Attributes

identity_provider_id: String

The ID of your Github identity provider.

name: String

The name of the organization.

team: String

The name of the team

gsuite: Attributes

email: String

The email of the Google Workspace group.

identity_provider_id: String

The ID of your Google Workspace identity provider.

login_method: Attributes

id: String

The ID of an identity provider.

ip_list: Attributes

id: String

The ID of a previously created IP list.

ip: Attributes

ip: String

An IPv4 or IPv6 CIDR block.

okta: Attributes

identity_provider_id: String

The ID of your Okta identity provider.

name: String

The name of the Okta group.

saml: Attributes

attribute_name: String

The name of the SAML attribute.

attribute_value: String

The SAML attribute value to look for.

identity_provider_id: String

The ID of your SAML identity provider.

oidc: Attributes

claim_name: String

The name of the OIDC claim.

claim_value: String

The OIDC claim value to look for.

identity_provider_id: String

The ID of your OIDC identity provider.

service_token: Attributes

token_id: String

The ID of a Service Token.

linked_app_token: Attributes

app_uid: String

The ID of an Access OIDC SaaS application

user_risk_score: Attributes

user_risk_score: List[String]

A list of risk score levels to match. Values can be low, medium, high, or unscored.

name: String

The name of the Access group.

require: List[Attributes]

Rules evaluated with an AND logical operator. To match a policy, a user must meet all of the Require rules.

group: Attributes

id: String

The ID of a previously created Access group.

any_valid_service_token: Attributes

An empty object which matches on all service tokens.

auth_context: Attributes

id: String

The ID of an Authentication context.

ac_id: String

The ACID of an Authentication context.

identity_provider_id: String

The ID of your Azure identity provider.

auth_method: Attributes

auth_method: String

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

azure_ad: Attributes

id: String

The ID of an Azure group.

identity_provider_id: String

The ID of your Azure identity provider.

certificate: Attributes

common_name: Attributes

common_name: String

The common name to match.

geo: Attributes

country_code: String

The country code that should be matched.

device_posture: Attributes

integration_uid: String

The ID of a device posture integration.

email_domain: Attributes

domain: String

The email domain to match.

email_list: Attributes

id: String

The ID of a previously created email list.

email: Attributes

email: String

The email of the user.

everyone: Attributes

An empty object which matches on all users.

external_evaluation: Attributes

evaluate_url: String

The API endpoint containing your business logic.

keys_url: String

The API endpoint containing the key that Access uses to verify that the response came from your API.

github_organization: Attributes

identity_provider_id: String

The ID of your Github identity provider.

name: String

The name of the organization.

team: String

The name of the team

gsuite: Attributes

email: String

The email of the Google Workspace group.

identity_provider_id: String

The ID of your Google Workspace identity provider.

login_method: Attributes

id: String

The ID of an identity provider.

ip_list: Attributes

id: String

The ID of a previously created IP list.

ip: Attributes

ip: String

An IPv4 or IPv6 CIDR block.

okta: Attributes

identity_provider_id: String

The ID of your Okta identity provider.

name: String

The name of the Okta group.

saml: Attributes

attribute_name: String

The name of the SAML attribute.

attribute_value: String

The SAML attribute value to look for.

identity_provider_id: String

The ID of your SAML identity provider.

oidc: Attributes

claim_name: String

The name of the OIDC claim.

claim_value: String

The OIDC claim value to look for.

identity_provider_id: String

The ID of your OIDC identity provider.

service_token: Attributes

token_id: String

The ID of a Service Token.

linked_app_token: Attributes

app_uid: String

The ID of an Access OIDC SaaS application

user_risk_score: Attributes

user_risk_score: List[String]

A list of risk score levels to match. Values can be low, medium, high, or unscored.

updated_at: Time

cloudflare_zero_trust_access_groups

Terraform

HTTP

TypeScript

Python

Go

Terraform

data "cloudflare_zero_trust_access_groups" "example_zero_trust_access_groups" {
  account_id = "account_id"
  zone_id = "zone_id"
  name = "name"
  search = "search"
}