Skip to content
/ terraform-azuread-application Public

A Terraform module for creating an Azure AD application automates the process of provisioning and configuring an application within Azure Active Directory.

registry.terraform.io/modules/redevaerk/application/azuread/latest

License

View license
2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Redevaerk/terraform-azuread-application

BranchesTags

Repository files navigation

Terraform AzureAD Application

The Azure AD Application and Service Principal Terraform module streamlines the process of creating and configuring applications within Azure Active Directory (Azure AD)

Features

  1. Azure AD Application Creation: The module automates the creation of applications within Azure AD
  2. Service Principal Association: Alongside application creation, the module establishes the necessary association with a service principal.
  3. Azure Web App Authentication Integration: The module goes beyond basic application setup by providing specialized support for Azure Web App authentication. It simplifies the integration of your application with Azure Web App authentication mechanisms.

Usage

module "app" {
  source            = "Redevaerk/application/azuread"
  version           = "x.x.x"
  display_name      = var.display_name
  generate_password = true
}

Examples

  • Simple - This example will create application and generate a secret with default configuration.
  • Build Image With Context - This example will create application with custom configuration.
  • Web APP Authentication - This example create application with default configuration to work with Web Apps.

Requirements

Name Version
terraform >= 1.0
azuread >2.0.0
random >= 3.0.0

Providers

Name Version
azuread >2.0.0
random >= 3.0.0

Modules

Name Source Version
service_principal ./modules/service-principal n/a
service_principal_msgraph ./modules/service-principal n/a

Resources

Name Type
azuread_application.this resource
azuread_application_password.this resource
azuread_service_principal_delegated_permission_grant.web_app_grant resource
random_uuid.web_app_uuid resource
azuread_application_published_app_ids.well_known data source

Inputs

Name Description Type Default Required
api An optional api block, which configures API related settings for this application. 
object({
    mapped_claims_enabled          = optional(bool, false)
    known_client_applications      = optional(list(string), [])
    requested_access_token_version = optional(number, 1)
    oauth2_permission_scope = optional(list(object({
      admin_consent_description  = string
      admin_consent_display_name = string
      enabled                    = optional(bool, true)
      id                         = string
      type                       = optional(string, "User")
      user_consent_description   = optional(string)
      user_consent_display_name  = optional(string)
      value                      = optional(string)
    })), [])
  })
 null no
app_role A collection of app_role blocks. any [] no
create_service_principal Indicates if want to create a service principal for application. bool true no
device_only_auth_enabled Specifies whether this application supports device authentication without a user. bool false no
display_name The display name for the application. string n/a yes
end_date The end date until which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). string null no
end_date_relative A relative duration for which the password is valid until, for example 240h (10 days) or 2400h30m. string null no
fallback_public_client_enabled Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. bool false no
generate_password Indicates if want to generate a password for application bool false no
group_membership_claims Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup or All. list(string) 
[
  "SecurityGroup"
]
 no
identifier_uris A list of user-defined URI(s) that uniquely identify a Web application within it's Azure AD tenant, or within a verified custom domain if the application is multi-tenant. list(string) [] no
logo_image A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. string null no
marketing_url The URL to the application's home page. If no homepage is specified this defaults to https://{name} string null no
oauth2_post_response_required Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. bool false no
optional_claims An optional claim block. any null no
owners A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. list(string) [] no
prevent_duplicate_names If true, will return an error if an existing application is found with the same name. bool false no
privacy_statement_url URL of the application's privacy statement. string null no
public_client To configure non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. Must be a valid https or ms-appx-web URL. any null no
required_resource_access A collection of required resource access for this application. any null no
rotate_when_changed A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. map(string) null no
sign_in_audience The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. string "AzureADMyOrg" no
single_page_application A single_page_application block, which configures single-page application (SPA) related settings for this application. Must be https. any null no
sp_app_role_assignment_required Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. bool false no
sp_enterprise_tag Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. bool false no
sp_owners A set of object IDs of principals that will be granted ownership of both the AAD Application and associated Service Principal. Supported object types are users or service principals. list(string) [] no
start_date The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the current date is used. string null no
support_url URL of the application's support page. string null no
support_web_app_auth Set it to true if want use the application to authentication Azure Web App via Active Directory. bool false no
tags A set of tags to apply to the application. Cannot be used together with the feature_tags block list(string) [] no
template_id Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. string null no
terms_of_service_url URL of the application's terms of service statement. string null no
web Configures web related settings for this application. 
object({
    homepage_url  = optional(string)
    redirect_uris = optional(list(string))
    logout_url    = optional(string)
    implicit_grant = optional(object({
      access_token_issuance_enabled = optional(bool)
      id_token_issuance_enabled     = optional(bool)
    }))
  })
 null no
web_app_add_default_redirect_uri Whether to add the application's default URI to the list of redirect URIs. bool true no
web_app_homepage The URL to the application's home page. If no homepage is specified this defaults' string null no
web_app_name The name of the Azure Web App. string null no
web_app_redirect_uris A list of URIs that Azure AD should use to redirect users to the application's' list(string) [] no

Outputs

Name Description
app_client_secret App password of AzureAD application created
app_role_ids A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
client_id The application id of AzureAD application created.
disabled_by_microsoft Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement.
logo_url CDN URL to the application's logo, as uploaded with the logo_image property.
oauth2_permission_scope_ids A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
object_id The object id of application. Can be used to assign roles to user.
publisher_domain The verified publisher domain for the application.
sp_object_id Azure Service Principal Object ID.

License

Apache 2 Licensed. See LICENSE for full details.

About

A Terraform module for creating an Azure AD application automates the process of provisioning and configuring an application within Azure Active Directory.

registry.terraform.io/modules/Redevaerk/application/azuread/latest

Topics

azure terraform azuread terraform-module azuread-provider

Resources

Readme

License

View license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases 2

v1.1.0 Latest
Aug 10, 2023
+ 1 release

Packages

No packages published

Contributors 2

  •  
  •  

Languages