Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ESD-25022: Redesign how mfa types get enabled within the guardian resource #423

Merged
merged 1 commit into from
Jan 4, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 26 additions & 4 deletions docs/resources/guardian.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,17 @@ resource "auth0_guardian" "my_guardian" {
otp = true
recovery_code = true

webauthn_platform {} # This will enable it. Removing this block will disable it.
webauthn_platform {
enabled = true
}

webauthn_roaming {
enabled = true
user_verification = "required"
}

phone {
enabled = true
provider = "auth0"
message_types = ["sms", "voice"]

Expand All @@ -34,6 +38,9 @@ resource "auth0_guardian" "my_guardian" {
}

push {
enabled = true
provider = "sns"

amazon_sns {
aws_access_key_id = "test1"
aws_region = "us-west-1"
Expand All @@ -50,6 +57,7 @@ resource "auth0_guardian" "my_guardian" {
}

duo {
enabled = true
integration_key = "someKey"
secret_key = "someSecret"
hostname = "api-hostname"
Expand Down Expand Up @@ -84,6 +92,10 @@ resource "auth0_guardian" "my_guardian" {

Required:

- `enabled` (Boolean) Indicates whether Duo MFA is enabled.

Optional:

- `hostname` (String) Duo API Hostname, see the Duo documentation for more details on Duo setup.
- `integration_key` (String) Duo client ID, see the Duo documentation for more details on Duo setup.
- `secret_key` (String, Sensitive) Duo client secret, see the Duo documentation for more details on Duo setup.
Expand All @@ -94,12 +106,13 @@ Required:

Required:

- `message_types` (List of String) Message types to use, array of `sms` and/or `voice`. Adding both to the array should enable the user to choose.
- `provider` (String) Provider to use, one of `auth0`, `twilio` or `phone-message-hook`.
- `enabled` (Boolean) Indicates whether Phone MFA is enabled.

Optional:

- `message_types` (List of String) Message types to use, array of `sms` and/or `voice`. Adding both to the array should enable the user to choose.
- `options` (Block List, Max: 1) Options for the various providers. (see [below for nested schema](#nestedblock--phone--options))
- `provider` (String) Provider to use, one of `auth0`, `twilio` or `phone-message-hook`.

<a id="nestedblock--phone--options"></a>
### Nested Schema for `phone.options`
Expand All @@ -120,12 +133,13 @@ Optional:

Required:

- `provider` (String) Provider to use, one of `guardian`, `sns`.
- `enabled` (Boolean) Indicates whether Push MFA is enabled.

Optional:

- `amazon_sns` (Block List, Max: 1) Configuration for Amazon SNS. (see [below for nested schema](#nestedblock--push--amazon_sns))
- `custom_app` (Block List, Max: 1) Configuration for the Guardian Custom App. (see [below for nested schema](#nestedblock--push--custom_app))
- `provider` (String) Provider to use, one of `guardian`, `sns`.

<a id="nestedblock--push--amazon_sns"></a>
### Nested Schema for `push.amazon_sns`
Expand Down Expand Up @@ -153,6 +167,10 @@ Optional:
<a id="nestedblock--webauthn_platform"></a>
### Nested Schema for `webauthn_platform`

Required:

- `enabled` (Boolean) Indicates whether WebAuthn with FIDO Device Biometrics MFA is enabled.

Optional:

- `override_relying_party` (Boolean) The Relying Party is the domain for which the WebAuthn keys will be issued, set to `true` if you are customizing the identifier.
Expand All @@ -162,6 +180,10 @@ Optional:
<a id="nestedblock--webauthn_roaming"></a>
### Nested Schema for `webauthn_roaming`

Required:

- `enabled` (Boolean) Indicates whether WebAuthn with FIDO Security Keys MFA is enabled.

Optional:

- `override_relying_party` (Boolean) The Relying Party is the domain for which the WebAuthn keys will be issued, set to `true` if you are customizing the identifier.
Expand Down
10 changes: 9 additions & 1 deletion examples/resources/auth0_guardian/resource.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,17 @@ resource "auth0_guardian" "my_guardian" {
otp = true
recovery_code = true

webauthn_platform {} # This will enable it. Removing this block will disable it.
webauthn_platform {
enabled = true
}

webauthn_roaming {
enabled = true
user_verification = "required"
}

phone {
enabled = true
provider = "auth0"
message_types = ["sms", "voice"]

Expand All @@ -21,6 +25,9 @@ resource "auth0_guardian" "my_guardian" {
}

push {
enabled = true
provider = "sns"

amazon_sns {
aws_access_key_id = "test1"
aws_region = "us-west-1"
Expand All @@ -37,6 +44,7 @@ resource "auth0_guardian" "my_guardian" {
}

duo {
enabled = true
integration_key = "someKey"
secret_key = "someSecret"
hostname = "api-hostname"
Expand Down
Loading