| Name | Version |
|---|---|
| terraform | >= 0.13.0 |
| azuread | ~> 2.47.0 |
| Name | Version |
|---|---|
| azuread | ~> 2.47.0 |
| random | n/a |
| time | n/a |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_package_assignment_policy_approval_required | Whether approval is required for access package assignment policy. | bool |
false |
no |
| access_package_assignment_policy_duration_in_days | The duration in days for access package assignment policy. | number |
14 |
no |
| access_token | The access token configuration. | list(object({ |
null |
no |
| access_token_issuance_enabled | Whether access token issuance is enabled. | bool |
false |
no |
| api_access | The required API access Permission for the application. | list(object({ |
null |
no |
| app_role_assignment_required | Whether app role assignment is required. | bool |
true |
no |
| app_roles | The roles assigned to the application. | list(object({ |
[] |
no |
| approver_group_name | The name of the approver group for access package assignment policy. | string |
"Administrators" |
no |
| claims_mapping_policy | The claims mapping policy for the application. | object({ |
null |
no |
| client_secret_rotation_days | The number of days after which client secret will be rotated. | number |
14 |
no |
| description | The description of the application. | string |
null |
no |
| display_name | The display name of the application. | string |
n/a | yes |
| generate_catalog_access_package | Whether to generate a catalog access package for the application. | bool |
false |
no |
| generate_certificate | Whether to generate a certificate for the application. | bool |
false |
no |
| generate_secret | Whether to generate a secret for the application. | bool |
false |
no |
| id_token | The ID token configuration. | list(object({ |
null |
no |
| id_token_issuance_enabled | Whether ID token issuance is enabled. | bool |
false |
no |
| identifier_uris | The URIs that identify the application. | list(string) |
n/a | yes |
| object_owner_upn | The UPN of the object owner. | string |
n/a | yes |
| path_to_logo_image | The path to the logo image of the application. | string |
null |
no |
| preferred_single_sign_on_mode | The preferred single sign-on mode. | string |
"notSupported" |
no |
| relay_state | The relay state for single sign-on. | string |
null |
no |
| saml2_token | The SAML2 token configuration. | list(object({ |
null |
no |
| sign_in_audience | The audience for the sign-in request. | string |
"AzureADMyOrg" |
no |
| Name | Description |
|---|---|
| access_package | The access package associated with the application. |
| application_group | The Azure AD group associated with the application. |
| azuread_access_package_resource_package_association | The association between the access package and the resource package in Azure AD. |
| azuread_application | The Azure AD application. |
| azuread_application_secret | The Azure AD application secret Object. |
data "azuread_application_published_app_ids" "well_known" {}
data "azuread_service_principal" "msgraph" {
client_id = data.azuread_application_published_app_ids.well_known.result["MicrosoftGraph"]
}
data "azuread_service_principal" "TestAPI" {
client_id = "6e3df5f1-974f-4305-9361-948f43cc43dd"
}
data "azuread_domains" "example" {
only_initial = true
}
module "test_application" {
source = "./modules/EntraIDApplication"
display_name = "Test Application"
identifier_uris = ["https://test-application"]
sign_in_audience = "AzureADMyOrg"
path_to_logo_image = "GCN3.png"
app_roles = [
{
description = "Test Application Role"
display_name = "Test Application"
value = "TestApplication Role"
},
{
description = "Test Application Role2"
display_name = "Test Application Role 2"
value = "TestApplicationRole2"
}
]
app_role_assignment_required = true
description = "Test Application Description"
preferred_single_sign_on_mode = "saml"
claims_mapping_policy = {
claims_schema = [
{
id = "id"
jwt_claim_type = "name"
Saml_Claim_Type = "name"
source = "user"
}
]
include_basic_claim_set = "true"
version = "1"
}
generate_certificate = false
generate_secret = false
generate_catalog_access_package = true
approver_group_name = "Assigned Group"
access_package_assignment_policy_approval_required = true
object_owner_upn = "SuryenduB@03z3s.onmicrosoft.com"
api_access = [{
api_client_id = data.azuread_application_published_app_ids.well_known.result["MicrosoftGraph"]
role_ids = [data.azuread_service_principal.msgraph.app_role_ids["Group.Read.All"],
data.azuread_service_principal.msgraph.app_role_ids["User.Read.All"],
]
scope_ids = [
data.azuread_service_principal.msgraph.oauth2_permission_scope_ids["User.ReadWrite"],
]
},
{
api_client_id = data.azuread_service_principal.TestAPI.client_id
role_ids = [
data.azuread_service_principal.TestAPI.app_role_ids["Files.ReadUser"],
]
scope_ids = [
data.azuread_service_principal.TestAPI.oauth2_permission_scope_ids["Files.Read"],
]
},
]
}
output "access_package" {
value = module.test_application.access_package
}
output "access_package_url" {
value = [
for access_package in module.test_application.access_package : "https://myaccess.microsoft.com/@${data.azuread_domains.example.domains.0.domain_name}#/access-packages/${access_package.id}"
]
}
output "azuread_application_id" {
value = module.test_application.azuread_application.application_id
}
output "azuread_application_client_id" {
value = module.test_application.azuread_application.client_id
}
output "azuread_application_object_id" {
value = module.test_application.azuread_application.object_id
}