@distilled.cloud/cloudflare 0.22.3 → 0.22.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. package/lib/services/abuse-reports.d.ts +39 -11
  2. package/lib/services/abuse-reports.d.ts.map +1 -1
  3. package/lib/services/abuse-reports.js +89 -11
  4. package/lib/services/abuse-reports.js.map +1 -1
  5. package/lib/services/accounts.d.ts +21 -1
  6. package/lib/services/accounts.d.ts.map +1 -1
  7. package/lib/services/accounts.js +33 -1
  8. package/lib/services/accounts.js.map +1 -1
  9. package/lib/services/ai.d.ts +97 -1
  10. package/lib/services/ai.d.ts.map +1 -1
  11. package/lib/services/ai.js +119 -2
  12. package/lib/services/ai.js.map +1 -1
  13. package/lib/services/bot-management.d.ts +16 -0
  14. package/lib/services/bot-management.d.ts.map +1 -1
  15. package/lib/services/bot-management.js +22 -0
  16. package/lib/services/bot-management.js.map +1 -1
  17. package/lib/services/browser-rendering.d.ts +25 -9
  18. package/lib/services/browser-rendering.d.ts.map +1 -1
  19. package/lib/services/browser-rendering.js +18 -9
  20. package/lib/services/browser-rendering.js.map +1 -1
  21. package/lib/services/cache.d.ts +11 -0
  22. package/lib/services/cache.d.ts.map +1 -1
  23. package/lib/services/cache.js +17 -1
  24. package/lib/services/cache.js.map +1 -1
  25. package/lib/services/connectivity.d.ts +18 -32
  26. package/lib/services/connectivity.d.ts.map +1 -1
  27. package/lib/services/connectivity.js +56 -66
  28. package/lib/services/connectivity.js.map +1 -1
  29. package/lib/services/d1.d.ts +18 -4
  30. package/lib/services/d1.d.ts.map +1 -1
  31. package/lib/services/d1.js +23 -5
  32. package/lib/services/d1.js.map +1 -1
  33. package/lib/services/dns.d.ts +129 -3
  34. package/lib/services/dns.d.ts.map +1 -1
  35. package/lib/services/dns.js +330 -6
  36. package/lib/services/dns.js.map +1 -1
  37. package/lib/services/magic-transit.d.ts +7 -1
  38. package/lib/services/magic-transit.d.ts.map +1 -1
  39. package/lib/services/magic-transit.js +7 -1
  40. package/lib/services/magic-transit.js.map +1 -1
  41. package/lib/services/network-interconnects.d.ts +5 -1
  42. package/lib/services/network-interconnects.d.ts.map +1 -1
  43. package/lib/services/network-interconnects.js +21 -1
  44. package/lib/services/network-interconnects.js.map +1 -1
  45. package/lib/services/queues.d.ts +6 -4
  46. package/lib/services/queues.d.ts.map +1 -1
  47. package/lib/services/queues.js +8 -4
  48. package/lib/services/queues.js.map +1 -1
  49. package/lib/services/r2.d.ts +11 -4
  50. package/lib/services/r2.d.ts.map +1 -1
  51. package/lib/services/r2.js +13 -4
  52. package/lib/services/r2.js.map +1 -1
  53. package/lib/services/resource-tagging.d.ts +4 -2
  54. package/lib/services/resource-tagging.d.ts.map +1 -1
  55. package/lib/services/resource-tagging.js +4 -1
  56. package/lib/services/resource-tagging.js.map +1 -1
  57. package/lib/services/rulesets.d.ts +510 -6
  58. package/lib/services/rulesets.d.ts.map +1 -1
  59. package/lib/services/rulesets.js +1298 -36
  60. package/lib/services/rulesets.js.map +1 -1
  61. package/lib/services/spectrum.d.ts +4 -8
  62. package/lib/services/spectrum.d.ts.map +1 -1
  63. package/lib/services/spectrum.js +12 -34
  64. package/lib/services/spectrum.js.map +1 -1
  65. package/lib/services/workers-for-platforms.d.ts +12 -2
  66. package/lib/services/workers-for-platforms.d.ts.map +1 -1
  67. package/lib/services/workers-for-platforms.js +35 -3
  68. package/lib/services/workers-for-platforms.js.map +1 -1
  69. package/lib/services/workers.d.ts +12 -2
  70. package/lib/services/workers.d.ts.map +1 -1
  71. package/lib/services/workers.js +35 -3
  72. package/lib/services/workers.js.map +1 -1
  73. package/lib/services/zero-trust.d.ts +1463 -557
  74. package/lib/services/zero-trust.d.ts.map +1 -1
  75. package/lib/services/zero-trust.js +1654 -93
  76. package/lib/services/zero-trust.js.map +1 -1
  77. package/lib/services/zones.d.ts +2 -0
  78. package/lib/services/zones.d.ts.map +1 -1
  79. package/lib/services/zones.js +1 -0
  80. package/lib/services/zones.js.map +1 -1
  81. package/package.json +2 -2
  82. package/src/services/abuse-reports.ts +173 -22
  83. package/src/services/accounts.ts +66 -2
  84. package/src/services/ai.ts +235 -2
  85. package/src/services/bot-management.ts +48 -0
  86. package/src/services/browser-rendering.ts +43 -18
  87. package/src/services/cache.ts +31 -0
  88. package/src/services/connectivity.ts +78 -70
  89. package/src/services/d1.ts +43 -8
  90. package/src/services/dns.ts +549 -12
  91. package/src/services/magic-transit.ts +14 -2
  92. package/src/services/network-interconnects.ts +41 -2
  93. package/src/services/queues.ts +16 -8
  94. package/src/services/r2.ts +30 -7
  95. package/src/services/resource-tagging.ts +8 -2
  96. package/src/services/rulesets.ts +3283 -963
  97. package/src/services/spectrum.ts +36 -52
  98. package/src/services/workers-for-platforms.ts +63 -4
  99. package/src/services/workers.ts +63 -4
  100. package/src/services/zero-trust.ts +3071 -478
  101. package/src/services/zones.ts +3 -0
package/lib/services/zero-trust.d.ts CHANGED
@@ -8518,9 +8518,9 @@ export declare const listAccessApplicationsForAccount: API.PaginatedOperationMet
8518
8518
  export declare const listAccessApplicationsForZone: API.PaginatedOperationMethod<ListAccessApplicationsForZoneRequest, ListAccessApplicationsResponse, ListAccessApplicationsError, Credentials | HttpClient.HttpClient>;
8519
8519
  interface CreateAccessApplicationBaseRequest {
8520
8520
  /** Body param: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher. */
8521
- domain: string;
8521
+ domain?: string;
8522
8522
  /** Body param: The application type. */
8523
- type: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
8523
+ type?: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
8524
8524
  /** Body param: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always */
8525
8525
  allowAuthenticateViaWarp?: boolean;
8526
8526
  /** Body param: Enables loading application content in an iFrame. */
@@ -8614,23 +8614,956 @@ interface CreateAccessApplicationBaseRequest {
8614
8614
  allowedClipboardLocalToRemoteFormats?: "text"[];
8615
8615
  allowedClipboardRemoteToLocalFormats?: "text"[];
8616
8616
  };
8617
- };
8618
- isolationRequired?: boolean;
8619
- mfaConfig?: {
8620
- allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[];
8621
- mfaDisabled?: boolean;
8622
- sessionDuration?: string;
8623
- };
8624
- precedence?: number;
8625
- purposeJustificationPrompt?: string;
8626
- purposeJustificationRequired?: boolean;
8627
- sessionDuration?: string;
8628
- })[];
8629
- /** Body param: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The */
8630
- readServiceTokensFromHeader?: string;
8631
- /** Body param: Sets the SameSite cookie setting, which provides increased security against CSRF attacks. */
8632
- sameSiteCookieAttribute?: string;
8633
- /** Body param: Configuration for provisioning to this application via SCIM. This is currently in closed beta. */
8617
+ };
8618
+ isolationRequired?: boolean;
8619
+ mfaConfig?: {
8620
+ allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[];
8621
+ mfaDisabled?: boolean;
8622
+ sessionDuration?: string;
8623
+ };
8624
+ precedence?: number;
8625
+ purposeJustificationPrompt?: string;
8626
+ purposeJustificationRequired?: boolean;
8627
+ sessionDuration?: string;
8628
+ })[] | {
8629
+ decision: "allow" | "deny" | "non_identity" | "bypass" | (string & {});
8630
+ include: ({
8631
+ group: {
8632
+ id: string;
8633
+ };
8634
+ } | {
8635
+ anyValidServiceToken: unknown;
8636
+ } | {
8637
+ authContext: {
8638
+ id: string;
8639
+ acId: string;
8640
+ identityProviderId: string;
8641
+ };
8642
+ } | {
8643
+ authMethod: {
8644
+ authMethod: string;
8645
+ };
8646
+ } | {
8647
+ azureAD: {
8648
+ id: string;
8649
+ identityProviderId: string;
8650
+ };
8651
+ } | {
8652
+ certificate: unknown;
8653
+ } | {
8654
+ commonName: {
8655
+ commonName: string;
8656
+ };
8657
+ } | {
8658
+ geo: {
8659
+ countryCode: string;
8660
+ };
8661
+ } | {
8662
+ devicePosture: {
8663
+ integrationUid: string;
8664
+ };
8665
+ } | {
8666
+ emailDomain: {
8667
+ domain: string;
8668
+ };
8669
+ } | {
8670
+ emailList: {
8671
+ id: string;
8672
+ };
8673
+ } | {
8674
+ email: {
8675
+ email: string;
8676
+ };
8677
+ } | {
8678
+ everyone: unknown;
8679
+ } | {
8680
+ externalEvaluation: {
8681
+ evaluateUrl: string;
8682
+ keysUrl: string;
8683
+ };
8684
+ } | {
8685
+ githubOrganization: {
8686
+ identityProviderId: string;
8687
+ name: string;
8688
+ team?: string;
8689
+ };
8690
+ } | {
8691
+ gsuite: {
8692
+ email: string;
8693
+ identityProviderId: string;
8694
+ };
8695
+ } | {
8696
+ loginMethod: {
8697
+ id: string;
8698
+ };
8699
+ } | {
8700
+ ipList: {
8701
+ id: string;
8702
+ };
8703
+ } | {
8704
+ ip: {
8705
+ ip: string;
8706
+ };
8707
+ } | {
8708
+ okta: {
8709
+ identityProviderId: string;
8710
+ name: string;
8711
+ };
8712
+ } | {
8713
+ saml: {
8714
+ attributeName: string;
8715
+ attributeValue: string;
8716
+ identityProviderId: string;
8717
+ };
8718
+ } | {
8719
+ oidc: {
8720
+ claimName: string;
8721
+ claimValue: string;
8722
+ identityProviderId: string;
8723
+ };
8724
+ } | {
8725
+ serviceToken: {
8726
+ tokenId: string;
8727
+ };
8728
+ } | {
8729
+ linkedAppToken: {
8730
+ appUid: string;
8731
+ };
8732
+ } | {
8733
+ userRiskScore: {
8734
+ userRiskScore: ("low" | "medium" | "high" | "unscored" | (string & {}))[];
8735
+ };
8736
+ } | {
8737
+ cloudflareAccountMember: {
8738
+ accountId?: string;
8739
+ };
8740
+ })[];
8741
+ name: string;
8742
+ connectionRules?: {
8743
+ ssh?: {
8744
+ usernames: string[];
8745
+ allowEmailAlias?: boolean;
8746
+ };
8747
+ };
8748
+ exclude?: ({
8749
+ group: {
8750
+ id: string;
8751
+ };
8752
+ } | {
8753
+ anyValidServiceToken: unknown;
8754
+ } | {
8755
+ authContext: {
8756
+ id: string;
8757
+ acId: string;
8758
+ identityProviderId: string;
8759
+ };
8760
+ } | {
8761
+ authMethod: {
8762
+ authMethod: string;
8763
+ };
8764
+ } | {
8765
+ azureAD: {
8766
+ id: string;
8767
+ identityProviderId: string;
8768
+ };
8769
+ } | {
8770
+ certificate: unknown;
8771
+ } | {
8772
+ commonName: {
8773
+ commonName: string;
8774
+ };
8775
+ } | {
8776
+ geo: {
8777
+ countryCode: string;
8778
+ };
8779
+ } | {
8780
+ devicePosture: {
8781
+ integrationUid: string;
8782
+ };
8783
+ } | {
8784
+ emailDomain: {
8785
+ domain: string;
8786
+ };
8787
+ } | {
8788
+ emailList: {
8789
+ id: string;
8790
+ };
8791
+ } | {
8792
+ email: {
8793
+ email: string;
8794
+ };
8795
+ } | {
8796
+ everyone: unknown;
8797
+ } | {
8798
+ externalEvaluation: {
8799
+ evaluateUrl: string;
8800
+ keysUrl: string;
8801
+ };
8802
+ } | {
8803
+ githubOrganization: {
8804
+ identityProviderId: string;
8805
+ name: string;
8806
+ team?: string;
8807
+ };
8808
+ } | {
8809
+ gsuite: {
8810
+ email: string;
8811
+ identityProviderId: string;
8812
+ };
8813
+ } | {
8814
+ loginMethod: {
8815
+ id: string;
8816
+ };
8817
+ } | {
8818
+ ipList: {
8819
+ id: string;
8820
+ };
8821
+ } | {
8822
+ ip: {
8823
+ ip: string;
8824
+ };
8825
+ } | {
8826
+ okta: {
8827
+ identityProviderId: string;
8828
+ name: string;
8829
+ };
8830
+ } | {
8831
+ saml: {
8832
+ attributeName: string;
8833
+ attributeValue: string;
8834
+ identityProviderId: string;
8835
+ };
8836
+ } | {
8837
+ oidc: {
8838
+ claimName: string;
8839
+ claimValue: string;
8840
+ identityProviderId: string;
8841
+ };
8842
+ } | {
8843
+ serviceToken: {
8844
+ tokenId: string;
8845
+ };
8846
+ } | {
8847
+ linkedAppToken: {
8848
+ appUid: string;
8849
+ };
8850
+ } | {
8851
+ userRiskScore: {
8852
+ userRiskScore: ("low" | "medium" | "high" | "unscored" | (string & {}))[];
8853
+ };
8854
+ } | {
8855
+ cloudflareAccountMember: {
8856
+ accountId?: string;
8857
+ };
8858
+ })[];
8859
+ mfaConfig?: {
8860
+ allowedAuthenticators?: "ssh_piv_key"[];
8861
+ mfaDisabled?: boolean;
8862
+ sessionDuration?: string;
8863
+ };
8864
+ require?: ({
8865
+ group: {
8866
+ id: string;
8867
+ };
8868
+ } | {
8869
+ anyValidServiceToken: unknown;
8870
+ } | {
8871
+ authContext: {
8872
+ id: string;
8873
+ acId: string;
8874
+ identityProviderId: string;
8875
+ };
8876
+ } | {
8877
+ authMethod: {
8878
+ authMethod: string;
8879
+ };
8880
+ } | {
8881
+ azureAD: {
8882
+ id: string;
8883
+ identityProviderId: string;
8884
+ };
8885
+ } | {
8886
+ certificate: unknown;
8887
+ } | {
8888
+ commonName: {
8889
+ commonName: string;
8890
+ };
8891
+ } | {
8892
+ geo: {
8893
+ countryCode: string;
8894
+ };
8895
+ } | {
8896
+ devicePosture: {
8897
+ integrationUid: string;
8898
+ };
8899
+ } | {
8900
+ emailDomain: {
8901
+ domain: string;
8902
+ };
8903
+ } | {
8904
+ emailList: {
8905
+ id: string;
8906
+ };
8907
+ } | {
8908
+ email: {
8909
+ email: string;
8910
+ };
8911
+ } | {
8912
+ everyone: unknown;
8913
+ } | {
8914
+ externalEvaluation: {
8915
+ evaluateUrl: string;
8916
+ keysUrl: string;
8917
+ };
8918
+ } | {
8919
+ githubOrganization: {
8920
+ identityProviderId: string;
8921
+ name: string;
8922
+ team?: string;
8923
+ };
8924
+ } | {
8925
+ gsuite: {
8926
+ email: string;
8927
+ identityProviderId: string;
8928
+ };
8929
+ } | {
8930
+ loginMethod: {
8931
+ id: string;
8932
+ };
8933
+ } | {
8934
+ ipList: {
8935
+ id: string;
8936
+ };
8937
+ } | {
8938
+ ip: {
8939
+ ip: string;
8940
+ };
8941
+ } | {
8942
+ okta: {
8943
+ identityProviderId: string;
8944
+ name: string;
8945
+ };
8946
+ } | {
8947
+ saml: {
8948
+ attributeName: string;
8949
+ attributeValue: string;
8950
+ identityProviderId: string;
8951
+ };
8952
+ } | {
8953
+ oidc: {
8954
+ claimName: string;
8955
+ claimValue: string;
8956
+ identityProviderId: string;
8957
+ };
8958
+ } | {
8959
+ serviceToken: {
8960
+ tokenId: string;
8961
+ };
8962
+ } | {
8963
+ linkedAppToken: {
8964
+ appUid: string;
8965
+ };
8966
+ } | {
8967
+ userRiskScore: {
8968
+ userRiskScore: ("low" | "medium" | "high" | "unscored" | (string & {}))[];
8969
+ };
8970
+ } | {
8971
+ cloudflareAccountMember: {
8972
+ accountId?: string;
8973
+ };
8974
+ })[];
8975
+ }[];
8976
+ /** Body param: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The */
8977
+ readServiceTokensFromHeader?: string;
8978
+ /** Body param: Sets the SameSite cookie setting, which provides increased security against CSRF attacks. */
8979
+ sameSiteCookieAttribute?: string;
8980
+ /** Body param: Configuration for provisioning to this application via SCIM. This is currently in closed beta. */
8981
+ scimConfig?: {
8982
+ idpUid: string;
8983
+ remoteUri: string;
8984
+ authentication?: {
8985
+ password: string;
8986
+ scheme: "httpbasic";
8987
+ user: string;
8988
+ } | {
8989
+ token: string;
8990
+ scheme: "oauthbearertoken";
8991
+ } | {
8992
+ authorizationUrl: string;
8993
+ clientId: string;
8994
+ clientSecret: string;
8995
+ scheme: "oauth2";
8996
+ tokenUrl: string;
8997
+ scopes?: string[];
8998
+ } | {
8999
+ clientId: string;
9000
+ clientSecret: string;
9001
+ scheme: "access_service_token";
9002
+ } | ({
9003
+ password: string;
9004
+ scheme: "httpbasic";
9005
+ user: string;
9006
+ } | {
9007
+ token: string;
9008
+ scheme: "oauthbearertoken";
9009
+ } | {
9010
+ authorizationUrl: string;
9011
+ clientId: string;
9012
+ clientSecret: string;
9013
+ scheme: "oauth2";
9014
+ tokenUrl: string;
9015
+ scopes?: string[];
9016
+ } | {
9017
+ clientId: string;
9018
+ clientSecret: string;
9019
+ scheme: "access_service_token";
9020
+ })[];
9021
+ deactivateOnDelete?: boolean;
9022
+ enabled?: boolean;
9023
+ mappings?: {
9024
+ schema: string;
9025
+ enabled?: boolean;
9026
+ filter?: string;
9027
+ operations?: {
9028
+ create?: boolean;
9029
+ delete?: boolean;
9030
+ update?: boolean;
9031
+ };
9032
+ strictness?: "strict" | "passthrough" | (string & {});
9033
+ transformJsonata?: string;
9034
+ }[];
9035
+ };
9036
+ /** @deprecated Body param: List of public domains that Access will secure. This field is deprecated in favor of `destinations` and will be supported until November 21, 2025. If `destinations` are prov */
9037
+ selfHostedDomains?: string[];
9038
+ /** Body param: Returns a 401 status code when the request is blocked by a Service Auth policy. */
9039
+ serviceAuth_401Redirect?: boolean;
9040
+ /** Body param: The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. Note: unsupported for */
9041
+ sessionDuration?: string;
9042
+ /** Body param: Enables automatic authentication through cloudflared. */
9043
+ skipInterstitial?: boolean;
9044
+ /** Body param: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard. */
9045
+ tags?: string[];
9046
+ /** Body param: Determines if users can access this application via a clientless browser isolation URL. This allows users to access private domains without connecting to Gateway. The option requires Clien */
9047
+ useClientlessIsolationAppLauncherUrl?: boolean;
9048
+ /** Body param */
9049
+ saasApp?: {
9050
+ authType?: "saml" | "oidc" | (string & {});
9051
+ consumerServiceUrl?: string;
9052
+ customAttributes?: {
9053
+ friendlyName?: string;
9054
+ name?: string;
9055
+ nameFormat?: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" | "urn:oasis:names:tc:SAML:2.0:attrname-format:basic" | "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" | (string & {});
9056
+ required?: boolean;
9057
+ source?: {
9058
+ name?: string;
9059
+ nameByIdp?: {
9060
+ idpId?: string;
9061
+ sourceName?: string;
9062
+ }[];
9063
+ };
9064
+ }[];
9065
+ defaultRelayState?: string;
9066
+ idpEntityId?: string;
9067
+ nameIdFormat?: "id" | "email" | (string & {});
9068
+ nameIdTransformJsonata?: string;
9069
+ publicKey?: string;
9070
+ samlAttributeTransformJsonata?: string;
9071
+ spEntityId?: string;
9072
+ ssoEndpoint?: string;
9073
+ accessTokenLifetime?: string;
9074
+ allowPkceWithoutClientSecret?: boolean;
9075
+ appLauncherUrl?: string;
9076
+ clientId?: string;
9077
+ clientSecret?: string;
9078
+ customClaims?: {
9079
+ name?: string;
9080
+ required?: boolean;
9081
+ scope?: "groups" | "profile" | "email" | "openid" | (string & {});
9082
+ source?: {
9083
+ name?: string;
9084
+ nameByIdp?: Record<string, unknown>;
9085
+ };
9086
+ }[];
9087
+ grantTypes?: ("authorization_code" | "authorization_code_with_pkce" | "refresh_tokens" | "hybrid" | "implicit" | (string & {}))[];
9088
+ groupFilterRegex?: string;
9089
+ hybridAndImplicitOptions?: {
9090
+ returnAccessTokenFromAuthorizationEndpoint?: boolean;
9091
+ returnIdTokenFromAuthorizationEndpoint?: boolean;
9092
+ };
9093
+ redirectUris?: string[];
9094
+ refreshTokenOptions?: {
9095
+ lifetime?: string;
9096
+ };
9097
+ scopes?: ("openid" | "groups" | "email" | "profile" | (string & {}))[];
9098
+ };
9099
+ /** Body param: The image URL of the logo shown in the App Launcher header. */
9100
+ appLauncherLogoUrl?: string;
9101
+ /** Body param: The background color of the App Launcher page. */
9102
+ bgColor?: string;
9103
+ /** Body param: The links in the App Launcher footer. */
9104
+ footerLinks?: {
9105
+ name: string;
9106
+ url: string;
9107
+ }[];
9108
+ /** Body param: The background color of the App Launcher header. */
9109
+ headerBgColor?: string;
9110
+ /** Body param: The design of the App Launcher landing page shown to users when they log in. */
9111
+ landingPageDesign?: {
9112
+ buttonColor?: string;
9113
+ buttonTextColor?: string;
9114
+ imageUrl?: string;
9115
+ message?: string;
9116
+ title?: string;
9117
+ };
9118
+ /** Body param: Determines when to skip the App Launcher landing page. */
9119
+ skipAppLauncherLoginPage?: boolean;
9120
+ /** Body param */
9121
+ targetCriteria?: {
9122
+ port: number;
9123
+ protocol: "SSH";
9124
+ targetAttributes: Record<string, unknown>;
9125
+ }[] | {
9126
+ port: number;
9127
+ protocol: "RDP";
9128
+ targetAttributes: Record<string, unknown>;
9129
+ }[];
9130
+ }
9131
+ export interface CreateAccessApplicationForAccountRequest extends CreateAccessApplicationBaseRequest {
9132
+ /** Path param: The Account ID to use for this endpoint. */
9133
+ accountId: string;
9134
+ }
9135
+ export interface CreateAccessApplicationForZoneRequest extends CreateAccessApplicationBaseRequest {
9136
+ /** Path param: The Zone ID to use for this endpoint. */
9137
+ zoneId: string;
9138
+ }
9139
+ export declare const CreateAccessApplicationForAccountRequest: Schema.Schema<CreateAccessApplicationForAccountRequest>;
9140
+ export declare const CreateAccessApplicationForZoneRequest: Schema.Schema<CreateAccessApplicationForZoneRequest>;
9141
+ export type CreateAccessApplicationResponse = {
9142
+ domain: string;
9143
+ type: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
9144
+ id?: string | null;
9145
+ allowAuthenticateViaWarp?: boolean | null;
9146
+ allowIframe?: boolean | null;
9147
+ allowedIdps?: string[] | null;
9148
+ appLauncherVisible?: boolean | null;
9149
+ aud?: string | null;
9150
+ autoRedirectToIdentity?: boolean | null;
9151
+ corsHeaders?: {
9152
+ allowAllHeaders?: boolean | null;
9153
+ allowAllMethods?: boolean | null;
9154
+ allowAllOrigins?: boolean | null;
9155
+ allowCredentials?: boolean | null;
9156
+ allowedHeaders?: string[] | null;
9157
+ allowedMethods?: ("GET" | "POST" | "HEAD" | "PUT" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE" | "PATCH" | (string & {}))[] | null;
9158
+ allowedOrigins?: string[] | null;
9159
+ maxAge?: number | null;
9160
+ } | null;
9161
+ customDenyMessage?: string | null;
9162
+ customDenyUrl?: string | null;
9163
+ customNonIdentityDenyUrl?: string | null;
9164
+ customPages?: string[] | null;
9165
+ destinations?: ({
9166
+ type?: "public" | null;
9167
+ uri?: string | null;
9168
+ } | {
9169
+ cidr?: string | null;
9170
+ hostname?: string | null;
9171
+ l4Protocol?: "tcp" | "udp" | (string & {}) | null;
9172
+ portRange?: string | null;
9173
+ type?: "private" | null;
9174
+ vnetId?: string | null;
9175
+ } | {
9176
+ mcpServerId?: string | null;
9177
+ type?: "via_mcp_server_portal" | null;
9178
+ })[] | null;
9179
+ enableBindingCookie?: boolean | null;
9180
+ httpOnlyCookieAttribute?: boolean | null;
9181
+ logoUrl?: string | null;
9182
+ mfaConfig?: {
9183
+ allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[] | null;
9184
+ mfaDisabled?: boolean | null;
9185
+ sessionDuration?: string | null;
9186
+ } | null;
9187
+ name?: string | null;
9188
+ oauthConfiguration?: {
9189
+ dynamicClientRegistration?: {
9190
+ allowAnyOnLocalhost?: boolean | null;
9191
+ allowAnyOnLoopback?: boolean | null;
9192
+ allowedUris?: string[] | null;
9193
+ enabled?: boolean | null;
9194
+ } | null;
9195
+ enabled?: boolean | null;
9196
+ grant?: {
9197
+ accessTokenLifetime?: string | null;
9198
+ sessionDuration?: string | null;
9199
+ } | null;
9200
+ } | null;
9201
+ optionsPreflightBypass?: boolean | null;
9202
+ pathCookieAttribute?: boolean | null;
9203
+ policies?: {
9204
+ id?: string | null;
9205
+ approvalGroups?: {
9206
+ approvalsNeeded: number;
9207
+ emailAddresses?: string[] | null;
9208
+ emailListUuid?: string | null;
9209
+ }[] | null;
9210
+ approvalRequired?: boolean | null;
9211
+ connectionRules?: {
9212
+ rdp?: {
9213
+ allowedClipboardLocalToRemoteFormats?: "text"[] | null;
9214
+ allowedClipboardRemoteToLocalFormats?: "text"[] | null;
9215
+ } | null;
9216
+ } | null;
9217
+ createdAt?: string | null;
9218
+ decision?: "allow" | "deny" | "non_identity" | "bypass" | (string & {}) | null;
9219
+ exclude?: ({
9220
+ group: {
9221
+ id: string;
9222
+ };
9223
+ } | {
9224
+ anyValidServiceToken: unknown;
9225
+ } | {
9226
+ authContext: {
9227
+ id: string;
9228
+ acId: string;
9229
+ identityProviderId: string;
9230
+ };
9231
+ } | {
9232
+ authMethod: {
9233
+ authMethod: string;
9234
+ };
9235
+ } | {
9236
+ azureAD: {
9237
+ id: string;
9238
+ identityProviderId: string;
9239
+ };
9240
+ } | {
9241
+ certificate: unknown;
9242
+ } | {
9243
+ commonName: {
9244
+ commonName: string;
9245
+ };
9246
+ } | {
9247
+ geo: {
9248
+ countryCode: string;
9249
+ };
9250
+ } | {
9251
+ devicePosture: {
9252
+ integrationUid: string;
9253
+ };
9254
+ } | {
9255
+ emailDomain: {
9256
+ domain: string;
9257
+ };
9258
+ } | {
9259
+ emailList: {
9260
+ id: string;
9261
+ };
9262
+ } | {
9263
+ email: {
9264
+ email: string;
9265
+ };
9266
+ } | {
9267
+ everyone: unknown;
9268
+ } | {
9269
+ externalEvaluation: {
9270
+ evaluateUrl: string;
9271
+ keysUrl: string;
9272
+ };
9273
+ } | {
9274
+ githubOrganization: {
9275
+ identityProviderId: string;
9276
+ name: string;
9277
+ team?: string | null;
9278
+ };
9279
+ } | {
9280
+ gsuite: {
9281
+ email: string;
9282
+ identityProviderId: string;
9283
+ };
9284
+ } | {
9285
+ loginMethod: {
9286
+ id: string;
9287
+ };
9288
+ } | {
9289
+ ipList: {
9290
+ id: string;
9291
+ };
9292
+ } | {
9293
+ ip: {
9294
+ ip: string;
9295
+ };
9296
+ } | {
9297
+ okta: {
9298
+ identityProviderId: string;
9299
+ name: string;
9300
+ };
9301
+ } | {
9302
+ saml: {
9303
+ attributeName: string;
9304
+ attributeValue: string;
9305
+ identityProviderId: string;
9306
+ };
9307
+ } | {
9308
+ oidc: {
9309
+ claimName: string;
9310
+ claimValue: string;
9311
+ identityProviderId: string;
9312
+ };
9313
+ } | {
9314
+ serviceToken: {
9315
+ tokenId: string;
9316
+ };
9317
+ } | {
9318
+ linkedAppToken: {
9319
+ appUid: string;
9320
+ };
9321
+ } | {
9322
+ userRiskScore: {
9323
+ userRiskScore: ("low" | "medium" | "high" | "unscored" | (string & {}))[];
9324
+ };
9325
+ } | {
9326
+ cloudflareAccountMember: {
9327
+ accountId?: string | null;
9328
+ };
9329
+ })[] | null;
9330
+ include?: ({
9331
+ group: {
9332
+ id: string;
9333
+ };
9334
+ } | {
9335
+ anyValidServiceToken: unknown;
9336
+ } | {
9337
+ authContext: {
9338
+ id: string;
9339
+ acId: string;
9340
+ identityProviderId: string;
9341
+ };
9342
+ } | {
9343
+ authMethod: {
9344
+ authMethod: string;
9345
+ };
9346
+ } | {
9347
+ azureAD: {
9348
+ id: string;
9349
+ identityProviderId: string;
9350
+ };
9351
+ } | {
9352
+ certificate: unknown;
9353
+ } | {
9354
+ commonName: {
9355
+ commonName: string;
9356
+ };
9357
+ } | {
9358
+ geo: {
9359
+ countryCode: string;
9360
+ };
9361
+ } | {
9362
+ devicePosture: {
9363
+ integrationUid: string;
9364
+ };
9365
+ } | {
9366
+ emailDomain: {
9367
+ domain: string;
9368
+ };
9369
+ } | {
9370
+ emailList: {
9371
+ id: string;
9372
+ };
9373
+ } | {
9374
+ email: {
9375
+ email: string;
9376
+ };
9377
+ } | {
9378
+ everyone: unknown;
9379
+ } | {
9380
+ externalEvaluation: {
9381
+ evaluateUrl: string;
9382
+ keysUrl: string;
9383
+ };
9384
+ } | {
9385
+ githubOrganization: {
9386
+ identityProviderId: string;
9387
+ name: string;
9388
+ team?: string | null;
9389
+ };
9390
+ } | {
9391
+ gsuite: {
9392
+ email: string;
9393
+ identityProviderId: string;
9394
+ };
9395
+ } | {
9396
+ loginMethod: {
9397
+ id: string;
9398
+ };
9399
+ } | {
9400
+ ipList: {
9401
+ id: string;
9402
+ };
9403
+ } | {
9404
+ ip: {
9405
+ ip: string;
9406
+ };
9407
+ } | {
9408
+ okta: {
9409
+ identityProviderId: string;
9410
+ name: string;
9411
+ };
9412
+ } | {
9413
+ saml: {
9414
+ attributeName: string;
9415
+ attributeValue: string;
9416
+ identityProviderId: string;
9417
+ };
9418
+ } | {
9419
+ oidc: {
9420
+ claimName: string;
9421
+ claimValue: string;
9422
+ identityProviderId: string;
9423
+ };
9424
+ } | {
9425
+ serviceToken: {
9426
+ tokenId: string;
9427
+ };
9428
+ } | {
9429
+ linkedAppToken: {
9430
+ appUid: string;
9431
+ };
9432
+ } | {
9433
+ userRiskScore: {
9434
+ userRiskScore: ("low" | "medium" | "high" | "unscored" | (string & {}))[];
9435
+ };
9436
+ } | {
9437
+ cloudflareAccountMember: {
9438
+ accountId?: string | null;
9439
+ };
9440
+ })[] | null;
9441
+ isolationRequired?: boolean | null;
9442
+ mfaConfig?: {
9443
+ allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[] | null;
9444
+ mfaDisabled?: boolean | null;
9445
+ sessionDuration?: string | null;
9446
+ } | null;
9447
+ name?: string | null;
9448
+ precedence?: number | null;
9449
+ purposeJustificationPrompt?: string | null;
9450
+ purposeJustificationRequired?: boolean | null;
9451
+ require?: ({
9452
+ group: {
9453
+ id: string;
9454
+ };
9455
+ } | {
9456
+ anyValidServiceToken: unknown;
9457
+ } | {
9458
+ authContext: {
9459
+ id: string;
9460
+ acId: string;
9461
+ identityProviderId: string;
9462
+ };
9463
+ } | {
9464
+ authMethod: {
9465
+ authMethod: string;
9466
+ };
9467
+ } | {
9468
+ azureAD: {
9469
+ id: string;
9470
+ identityProviderId: string;
9471
+ };
9472
+ } | {
9473
+ certificate: unknown;
9474
+ } | {
9475
+ commonName: {
9476
+ commonName: string;
9477
+ };
9478
+ } | {
9479
+ geo: {
9480
+ countryCode: string;
9481
+ };
9482
+ } | {
9483
+ devicePosture: {
9484
+ integrationUid: string;
9485
+ };
9486
+ } | {
9487
+ emailDomain: {
9488
+ domain: string;
9489
+ };
9490
+ } | {
9491
+ emailList: {
9492
+ id: string;
9493
+ };
9494
+ } | {
9495
+ email: {
9496
+ email: string;
9497
+ };
9498
+ } | {
9499
+ everyone: unknown;
9500
+ } | {
9501
+ externalEvaluation: {
9502
+ evaluateUrl: string;
9503
+ keysUrl: string;
9504
+ };
9505
+ } | {
9506
+ githubOrganization: {
9507
+ identityProviderId: string;
9508
+ name: string;
9509
+ team?: string | null;
9510
+ };
9511
+ } | {
9512
+ gsuite: {
9513
+ email: string;
9514
+ identityProviderId: string;
9515
+ };
9516
+ } | {
9517
+ loginMethod: {
9518
+ id: string;
9519
+ };
9520
+ } | {
9521
+ ipList: {
9522
+ id: string;
9523
+ };
9524
+ } | {
9525
+ ip: {
9526
+ ip: string;
9527
+ };
9528
+ } | {
9529
+ okta: {
9530
+ identityProviderId: string;
9531
+ name: string;
9532
+ };
9533
+ } | {
9534
+ saml: {
9535
+ attributeName: string;
9536
+ attributeValue: string;
9537
+ identityProviderId: string;
9538
+ };
9539
+ } | {
9540
+ oidc: {
9541
+ claimName: string;
9542
+ claimValue: string;
9543
+ identityProviderId: string;
9544
+ };
9545
+ } | {
9546
+ serviceToken: {
9547
+ tokenId: string;
9548
+ };
9549
+ } | {
9550
+ linkedAppToken: {
9551
+ appUid: string;
9552
+ };
9553
+ } | {
9554
+ userRiskScore: {
9555
+ userRiskScore: ("low" | "medium" | "high" | "unscored" | (string & {}))[];
9556
+ };
9557
+ } | {
9558
+ cloudflareAccountMember: {
9559
+ accountId?: string | null;
9560
+ };
9561
+ })[] | null;
9562
+ sessionDuration?: string | null;
9563
+ updatedAt?: string | null;
9564
+ }[] | null;
9565
+ readServiceTokensFromHeader?: string | null;
9566
+ sameSiteCookieAttribute?: string | null;
8634
9567
  scimConfig?: {
8635
9568
  idpUid: string;
8636
9569
  remoteUri: string;
@@ -8647,7 +9580,7 @@ interface CreateAccessApplicationBaseRequest {
8647
9580
  clientSecret: string;
8648
9581
  scheme: "oauth2";
8649
9582
  tokenUrl: string;
8650
- scopes?: string[];
9583
+ scopes?: string[] | null;
8651
9584
  } | {
8652
9585
  clientId: string;
8653
9586
  clientSecret: string;
@@ -8665,112 +9598,42 @@ interface CreateAccessApplicationBaseRequest {
8665
9598
  clientSecret: string;
8666
9599
  scheme: "oauth2";
8667
9600
  tokenUrl: string;
8668
- scopes?: string[];
9601
+ scopes?: string[] | null;
8669
9602
  } | {
8670
9603
  clientId: string;
8671
9604
  clientSecret: string;
8672
9605
  scheme: "access_service_token";
8673
- })[];
8674
- deactivateOnDelete?: boolean;
8675
- enabled?: boolean;
9606
+ })[] | null;
9607
+ deactivateOnDelete?: boolean | null;
9608
+ enabled?: boolean | null;
8676
9609
  mappings?: {
8677
9610
  schema: string;
8678
- enabled?: boolean;
8679
- filter?: string;
9611
+ enabled?: boolean | null;
9612
+ filter?: string | null;
8680
9613
  operations?: {
8681
- create?: boolean;
8682
- delete?: boolean;
8683
- update?: boolean;
8684
- };
8685
- strictness?: "strict" | "passthrough" | (string & {});
8686
- transformJsonata?: string;
8687
- }[];
8688
- };
8689
- /** @deprecated Body param: List of public domains that Access will secure. This field is deprecated in favor of `destinations` and will be supported until November 21, 2025. If `destinations` are prov */
8690
- selfHostedDomains?: string[];
8691
- /** Body param: Returns a 401 status code when the request is blocked by a Service Auth policy. */
8692
- serviceAuth_401Redirect?: boolean;
8693
- /** Body param: The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. Note: unsupported for */
8694
- sessionDuration?: string;
8695
- /** Body param: Enables automatic authentication through cloudflared. */
8696
- skipInterstitial?: boolean;
8697
- /** Body param: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard. */
8698
- tags?: string[];
8699
- /** Body param: Determines if users can access this application via a clientless browser isolation URL. This allows users to access private domains without connecting to Gateway. The option requires Clien */
8700
- useClientlessIsolationAppLauncherUrl?: boolean;
8701
- }
8702
- export interface CreateAccessApplicationForAccountRequest extends CreateAccessApplicationBaseRequest {
8703
- /** Path param: The Account ID to use for this endpoint. */
8704
- accountId: string;
8705
- }
8706
- export interface CreateAccessApplicationForZoneRequest extends CreateAccessApplicationBaseRequest {
8707
- /** Path param: The Zone ID to use for this endpoint. */
8708
- zoneId: string;
8709
- }
8710
- export declare const CreateAccessApplicationForAccountRequest: Schema.Schema<CreateAccessApplicationForAccountRequest>;
8711
- export declare const CreateAccessApplicationForZoneRequest: Schema.Schema<CreateAccessApplicationForZoneRequest>;
8712
- export type CreateAccessApplicationResponse = {
8713
- domain: string;
8714
- type: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
9614
+ create?: boolean | null;
9615
+ delete?: boolean | null;
9616
+ update?: boolean | null;
9617
+ } | null;
9618
+ strictness?: "strict" | "passthrough" | (string & {}) | null;
9619
+ transformJsonata?: string | null;
9620
+ }[] | null;
9621
+ } | null;
9622
+ selfHostedDomains?: string[] | null;
9623
+ serviceAuth_401Redirect?: boolean | null;
9624
+ sessionDuration?: string | null;
9625
+ skipInterstitial?: boolean | null;
9626
+ tags?: string[] | null;
9627
+ useClientlessIsolationAppLauncherUrl?: boolean | null;
9628
+ } | {
8715
9629
  id?: string | null;
8716
- allowAuthenticateViaWarp?: boolean | null;
8717
- allowIframe?: boolean | null;
8718
9630
  allowedIdps?: string[] | null;
8719
9631
  appLauncherVisible?: boolean | null;
8720
9632
  aud?: string | null;
8721
9633
  autoRedirectToIdentity?: boolean | null;
8722
- corsHeaders?: {
8723
- allowAllHeaders?: boolean | null;
8724
- allowAllMethods?: boolean | null;
8725
- allowAllOrigins?: boolean | null;
8726
- allowCredentials?: boolean | null;
8727
- allowedHeaders?: string[] | null;
8728
- allowedMethods?: ("GET" | "POST" | "HEAD" | "PUT" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE" | "PATCH" | (string & {}))[] | null;
8729
- allowedOrigins?: string[] | null;
8730
- maxAge?: number | null;
8731
- } | null;
8732
- customDenyMessage?: string | null;
8733
- customDenyUrl?: string | null;
8734
- customNonIdentityDenyUrl?: string | null;
8735
9634
  customPages?: string[] | null;
8736
- destinations?: ({
8737
- type?: "public" | null;
8738
- uri?: string | null;
8739
- } | {
8740
- cidr?: string | null;
8741
- hostname?: string | null;
8742
- l4Protocol?: "tcp" | "udp" | (string & {}) | null;
8743
- portRange?: string | null;
8744
- type?: "private" | null;
8745
- vnetId?: string | null;
8746
- } | {
8747
- mcpServerId?: string | null;
8748
- type?: "via_mcp_server_portal" | null;
8749
- })[] | null;
8750
- enableBindingCookie?: boolean | null;
8751
- httpOnlyCookieAttribute?: boolean | null;
8752
9635
  logoUrl?: string | null;
8753
- mfaConfig?: {
8754
- allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[] | null;
8755
- mfaDisabled?: boolean | null;
8756
- sessionDuration?: string | null;
8757
- } | null;
8758
9636
  name?: string | null;
8759
- oauthConfiguration?: {
8760
- dynamicClientRegistration?: {
8761
- allowAnyOnLocalhost?: boolean | null;
8762
- allowAnyOnLoopback?: boolean | null;
8763
- allowedUris?: string[] | null;
8764
- enabled?: boolean | null;
8765
- } | null;
8766
- enabled?: boolean | null;
8767
- grant?: {
8768
- accessTokenLifetime?: string | null;
8769
- sessionDuration?: string | null;
8770
- } | null;
8771
- } | null;
8772
- optionsPreflightBypass?: boolean | null;
8773
- pathCookieAttribute?: boolean | null;
8774
9637
  policies?: {
8775
9638
  id?: string | null;
8776
9639
  approvalGroups?: {
@@ -9133,8 +9996,59 @@ export type CreateAccessApplicationResponse = {
9133
9996
  sessionDuration?: string | null;
9134
9997
  updatedAt?: string | null;
9135
9998
  }[] | null;
9136
- readServiceTokensFromHeader?: string | null;
9137
- sameSiteCookieAttribute?: string | null;
9999
+ saasApp?: {
10000
+ authType?: "saml" | "oidc" | (string & {}) | null;
10001
+ consumerServiceUrl?: string | null;
10002
+ customAttributes?: {
10003
+ friendlyName?: string | null;
10004
+ name?: string | null;
10005
+ nameFormat?: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" | "urn:oasis:names:tc:SAML:2.0:attrname-format:basic" | "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" | (string & {}) | null;
10006
+ required?: boolean | null;
10007
+ source?: {
10008
+ name?: string | null;
10009
+ nameByIdp?: {
10010
+ idpId?: string | null;
10011
+ sourceName?: string | null;
10012
+ }[] | null;
10013
+ } | null;
10014
+ }[] | null;
10015
+ defaultRelayState?: string | null;
10016
+ idpEntityId?: string | null;
10017
+ nameIdFormat?: "id" | "email" | (string & {}) | null;
10018
+ nameIdTransformJsonata?: string | null;
10019
+ publicKey?: string | null;
10020
+ samlAttributeTransformJsonata?: string | null;
10021
+ spEntityId?: string | null;
10022
+ ssoEndpoint?: string | null;
10023
+ } | {
10024
+ accessTokenLifetime?: string | null;
10025
+ allowPkceWithoutClientSecret?: boolean | null;
10026
+ appLauncherUrl?: string | null;
10027
+ authType?: "saml" | "oidc" | (string & {}) | null;
10028
+ clientId?: string | null;
10029
+ clientSecret?: string | null;
10030
+ customClaims?: {
10031
+ name?: string | null;
10032
+ required?: boolean | null;
10033
+ scope?: "groups" | "profile" | "email" | "openid" | (string & {}) | null;
10034
+ source?: {
10035
+ name?: string | null;
10036
+ nameByIdp?: Record<string, unknown> | null;
10037
+ } | null;
10038
+ }[] | null;
10039
+ grantTypes?: ("authorization_code" | "authorization_code_with_pkce" | "refresh_tokens" | "hybrid" | "implicit" | (string & {}))[] | null;
10040
+ groupFilterRegex?: string | null;
10041
+ hybridAndImplicitOptions?: {
10042
+ returnAccessTokenFromAuthorizationEndpoint?: boolean | null;
10043
+ returnIdTokenFromAuthorizationEndpoint?: boolean | null;
10044
+ } | null;
10045
+ publicKey?: string | null;
10046
+ redirectUris?: string[] | null;
10047
+ refreshTokenOptions?: {
10048
+ lifetime?: string | null;
10049
+ } | null;
10050
+ scopes?: ("openid" | "groups" | "email" | "profile" | (string & {}))[] | null;
10051
+ } | null;
9138
10052
  scimConfig?: {
9139
10053
  idpUid: string;
9140
10054
  remoteUri: string;
@@ -9190,20 +10104,32 @@ export type CreateAccessApplicationResponse = {
9190
10104
  transformJsonata?: string | null;
9191
10105
  }[] | null;
9192
10106
  } | null;
9193
- selfHostedDomains?: string[] | null;
9194
- serviceAuth_401Redirect?: boolean | null;
9195
- sessionDuration?: string | null;
9196
- skipInterstitial?: boolean | null;
9197
10107
  tags?: string[] | null;
9198
- useClientlessIsolationAppLauncherUrl?: boolean | null;
10108
+ type?: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {}) | null;
9199
10109
  } | {
10110
+ type: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
9200
10111
  id?: string | null;
9201
10112
  allowedIdps?: string[] | null;
9202
- appLauncherVisible?: boolean | null;
10113
+ appLauncherLogoUrl?: string | null;
9203
10114
  aud?: string | null;
9204
10115
  autoRedirectToIdentity?: boolean | null;
10116
+ bgColor?: string | null;
10117
+ customDenyUrl?: string | null;
10118
+ customNonIdentityDenyUrl?: string | null;
9205
10119
  customPages?: string[] | null;
9206
- logoUrl?: string | null;
10120
+ domain?: string | null;
10121
+ footerLinks?: {
10122
+ name: string;
10123
+ url: string;
10124
+ }[] | null;
10125
+ headerBgColor?: string | null;
10126
+ landingPageDesign?: {
10127
+ buttonColor?: string | null;
10128
+ buttonTextColor?: string | null;
10129
+ imageUrl?: string | null;
10130
+ message?: string | null;
10131
+ title?: string | null;
10132
+ } | null;
9207
10133
  name?: string | null;
9208
10134
  policies?: {
9209
10135
  id?: string | null;
@@ -9567,140 +10493,18 @@ export type CreateAccessApplicationResponse = {
9567
10493
  sessionDuration?: string | null;
9568
10494
  updatedAt?: string | null;
9569
10495
  }[] | null;
9570
- saasApp?: {
9571
- authType?: "saml" | "oidc" | (string & {}) | null;
9572
- consumerServiceUrl?: string | null;
9573
- customAttributes?: {
9574
- friendlyName?: string | null;
9575
- name?: string | null;
9576
- nameFormat?: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" | "urn:oasis:names:tc:SAML:2.0:attrname-format:basic" | "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" | (string & {}) | null;
9577
- required?: boolean | null;
9578
- source?: {
9579
- name?: string | null;
9580
- nameByIdp?: {
9581
- idpId?: string | null;
9582
- sourceName?: string | null;
9583
- }[] | null;
9584
- } | null;
9585
- }[] | null;
9586
- defaultRelayState?: string | null;
9587
- idpEntityId?: string | null;
9588
- nameIdFormat?: "id" | "email" | (string & {}) | null;
9589
- nameIdTransformJsonata?: string | null;
9590
- publicKey?: string | null;
9591
- samlAttributeTransformJsonata?: string | null;
9592
- spEntityId?: string | null;
9593
- ssoEndpoint?: string | null;
9594
- } | {
9595
- accessTokenLifetime?: string | null;
9596
- allowPkceWithoutClientSecret?: boolean | null;
9597
- appLauncherUrl?: string | null;
9598
- authType?: "saml" | "oidc" | (string & {}) | null;
9599
- clientId?: string | null;
9600
- clientSecret?: string | null;
9601
- customClaims?: {
9602
- name?: string | null;
9603
- required?: boolean | null;
9604
- scope?: "groups" | "profile" | "email" | "openid" | (string & {}) | null;
9605
- source?: {
9606
- name?: string | null;
9607
- nameByIdp?: Record<string, unknown> | null;
9608
- } | null;
9609
- }[] | null;
9610
- grantTypes?: ("authorization_code" | "authorization_code_with_pkce" | "refresh_tokens" | "hybrid" | "implicit" | (string & {}))[] | null;
9611
- groupFilterRegex?: string | null;
9612
- hybridAndImplicitOptions?: {
9613
- returnAccessTokenFromAuthorizationEndpoint?: boolean | null;
9614
- returnIdTokenFromAuthorizationEndpoint?: boolean | null;
9615
- } | null;
9616
- publicKey?: string | null;
9617
- redirectUris?: string[] | null;
9618
- refreshTokenOptions?: {
9619
- lifetime?: string | null;
9620
- } | null;
9621
- scopes?: ("openid" | "groups" | "email" | "profile" | (string & {}))[] | null;
9622
- } | null;
9623
- scimConfig?: {
9624
- idpUid: string;
9625
- remoteUri: string;
9626
- authentication?: {
9627
- password: string;
9628
- scheme: "httpbasic";
9629
- user: string;
9630
- } | {
9631
- token: string;
9632
- scheme: "oauthbearertoken";
9633
- } | {
9634
- authorizationUrl: string;
9635
- clientId: string;
9636
- clientSecret: string;
9637
- scheme: "oauth2";
9638
- tokenUrl: string;
9639
- scopes?: string[] | null;
9640
- } | {
9641
- clientId: string;
9642
- clientSecret: string;
9643
- scheme: "access_service_token";
9644
- } | ({
9645
- password: string;
9646
- scheme: "httpbasic";
9647
- user: string;
9648
- } | {
9649
- token: string;
9650
- scheme: "oauthbearertoken";
9651
- } | {
9652
- authorizationUrl: string;
9653
- clientId: string;
9654
- clientSecret: string;
9655
- scheme: "oauth2";
9656
- tokenUrl: string;
9657
- scopes?: string[] | null;
9658
- } | {
9659
- clientId: string;
9660
- clientSecret: string;
9661
- scheme: "access_service_token";
9662
- })[] | null;
9663
- deactivateOnDelete?: boolean | null;
9664
- enabled?: boolean | null;
9665
- mappings?: {
9666
- schema: string;
9667
- enabled?: boolean | null;
9668
- filter?: string | null;
9669
- operations?: {
9670
- create?: boolean | null;
9671
- delete?: boolean | null;
9672
- update?: boolean | null;
9673
- } | null;
9674
- strictness?: "strict" | "passthrough" | (string & {}) | null;
9675
- transformJsonata?: string | null;
9676
- }[] | null;
9677
- } | null;
9678
- tags?: string[] | null;
9679
- type?: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {}) | null;
10496
+ sessionDuration?: string | null;
10497
+ skipAppLauncherLoginPage?: boolean | null;
9680
10498
  } | {
9681
10499
  type: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
9682
10500
  id?: string | null;
9683
10501
  allowedIdps?: string[] | null;
9684
- appLauncherLogoUrl?: string | null;
9685
10502
  aud?: string | null;
9686
10503
  autoRedirectToIdentity?: boolean | null;
9687
- bgColor?: string | null;
9688
10504
  customDenyUrl?: string | null;
9689
10505
  customNonIdentityDenyUrl?: string | null;
9690
10506
  customPages?: string[] | null;
9691
10507
  domain?: string | null;
9692
- footerLinks?: {
9693
- name: string;
9694
- url: string;
9695
- }[] | null;
9696
- headerBgColor?: string | null;
9697
- landingPageDesign?: {
9698
- buttonColor?: string | null;
9699
- buttonTextColor?: string | null;
9700
- imageUrl?: string | null;
9701
- message?: string | null;
9702
- title?: string | null;
9703
- } | null;
9704
10508
  name?: string | null;
9705
10509
  policies?: {
9706
10510
  id?: string | null;
@@ -10065,17 +10869,12 @@ export type CreateAccessApplicationResponse = {
10065
10869
  updatedAt?: string | null;
10066
10870
  }[] | null;
10067
10871
  sessionDuration?: string | null;
10068
- skipAppLauncherLoginPage?: boolean | null;
10069
10872
  } | {
10070
- type: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
10071
10873
  id?: string | null;
10072
- allowedIdps?: string[] | null;
10874
+ appLauncherVisible?: boolean | null;
10073
10875
  aud?: string | null;
10074
- autoRedirectToIdentity?: boolean | null;
10075
- customDenyUrl?: string | null;
10076
- customNonIdentityDenyUrl?: string | null;
10077
- customPages?: string[] | null;
10078
10876
  domain?: string | null;
10877
+ logoUrl?: string | null;
10079
10878
  name?: string | null;
10080
10879
  policies?: {
10081
10880
  id?: string | null;
@@ -10439,26 +11238,24 @@ export type CreateAccessApplicationResponse = {
10439
11238
  sessionDuration?: string | null;
10440
11239
  updatedAt?: string | null;
10441
11240
  }[] | null;
10442
- sessionDuration?: string | null;
11241
+ tags?: string[] | null;
11242
+ type?: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {}) | null;
10443
11243
  } | {
11244
+ targetCriteria: {
11245
+ port: number;
11246
+ protocol: "SSH";
11247
+ targetAttributes: Record<string, unknown>;
11248
+ }[];
11249
+ type: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
10444
11250
  id?: string | null;
10445
- appLauncherVisible?: boolean | null;
10446
11251
  aud?: string | null;
10447
- domain?: string | null;
10448
- logoUrl?: string | null;
10449
11252
  name?: string | null;
10450
11253
  policies?: {
10451
11254
  id?: string | null;
10452
- approvalGroups?: {
10453
- approvalsNeeded: number;
10454
- emailAddresses?: string[] | null;
10455
- emailListUuid?: string | null;
10456
- }[] | null;
10457
- approvalRequired?: boolean | null;
10458
11255
  connectionRules?: {
10459
- rdp?: {
10460
- allowedClipboardLocalToRemoteFormats?: "text"[] | null;
10461
- allowedClipboardRemoteToLocalFormats?: "text"[] | null;
11256
+ ssh?: {
11257
+ usernames: string[];
11258
+ allowEmailAlias?: boolean | null;
10462
11259
  } | null;
10463
11260
  } | null;
10464
11261
  createdAt?: string | null;
@@ -10685,16 +11482,12 @@ export type CreateAccessApplicationResponse = {
10685
11482
  accountId?: string | null;
10686
11483
  };
10687
11484
  })[] | null;
10688
- isolationRequired?: boolean | null;
10689
11485
  mfaConfig?: {
10690
- allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[] | null;
11486
+ allowedAuthenticators?: "ssh_piv_key"[] | null;
10691
11487
  mfaDisabled?: boolean | null;
10692
11488
  sessionDuration?: string | null;
10693
11489
  } | null;
10694
11490
  name?: string | null;
10695
- precedence?: number | null;
10696
- purposeJustificationPrompt?: string | null;
10697
- purposeJustificationRequired?: boolean | null;
10698
11491
  require?: ({
10699
11492
  group: {
10700
11493
  id: string;
@@ -10806,27 +11599,87 @@ export type CreateAccessApplicationResponse = {
10806
11599
  accountId?: string | null;
10807
11600
  };
10808
11601
  })[] | null;
10809
- sessionDuration?: string | null;
10810
11602
  updatedAt?: string | null;
10811
11603
  }[] | null;
10812
- tags?: string[] | null;
10813
- type?: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {}) | null;
10814
11604
  } | {
11605
+ domain: string;
10815
11606
  targetCriteria: {
10816
11607
  port: number;
10817
- protocol: "SSH";
11608
+ protocol: "RDP";
10818
11609
  targetAttributes: Record<string, unknown>;
10819
11610
  }[];
10820
11611
  type: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
10821
11612
  id?: string | null;
11613
+ allowAuthenticateViaWarp?: boolean | null;
11614
+ allowIframe?: boolean | null;
11615
+ allowedIdps?: string[] | null;
11616
+ appLauncherVisible?: boolean | null;
10822
11617
  aud?: string | null;
11618
+ autoRedirectToIdentity?: boolean | null;
11619
+ corsHeaders?: {
11620
+ allowAllHeaders?: boolean | null;
11621
+ allowAllMethods?: boolean | null;
11622
+ allowAllOrigins?: boolean | null;
11623
+ allowCredentials?: boolean | null;
11624
+ allowedHeaders?: string[] | null;
11625
+ allowedMethods?: ("GET" | "POST" | "HEAD" | "PUT" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE" | "PATCH" | (string & {}))[] | null;
11626
+ allowedOrigins?: string[] | null;
11627
+ maxAge?: number | null;
11628
+ } | null;
11629
+ customDenyMessage?: string | null;
11630
+ customDenyUrl?: string | null;
11631
+ customNonIdentityDenyUrl?: string | null;
11632
+ customPages?: string[] | null;
11633
+ destinations?: ({
11634
+ type?: "public" | null;
11635
+ uri?: string | null;
11636
+ } | {
11637
+ cidr?: string | null;
11638
+ hostname?: string | null;
11639
+ l4Protocol?: "tcp" | "udp" | (string & {}) | null;
11640
+ portRange?: string | null;
11641
+ type?: "private" | null;
11642
+ vnetId?: string | null;
11643
+ } | {
11644
+ mcpServerId?: string | null;
11645
+ type?: "via_mcp_server_portal" | null;
11646
+ })[] | null;
11647
+ enableBindingCookie?: boolean | null;
11648
+ httpOnlyCookieAttribute?: boolean | null;
11649
+ logoUrl?: string | null;
11650
+ mfaConfig?: {
11651
+ allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[] | null;
11652
+ mfaDisabled?: boolean | null;
11653
+ sessionDuration?: string | null;
11654
+ } | null;
10823
11655
  name?: string | null;
11656
+ oauthConfiguration?: {
11657
+ dynamicClientRegistration?: {
11658
+ allowAnyOnLocalhost?: boolean | null;
11659
+ allowAnyOnLoopback?: boolean | null;
11660
+ allowedUris?: string[] | null;
11661
+ enabled?: boolean | null;
11662
+ } | null;
11663
+ enabled?: boolean | null;
11664
+ grant?: {
11665
+ accessTokenLifetime?: string | null;
11666
+ sessionDuration?: string | null;
11667
+ } | null;
11668
+ } | null;
11669
+ optionsPreflightBypass?: boolean | null;
11670
+ pathCookieAttribute?: boolean | null;
10824
11671
  policies?: {
10825
11672
  id?: string | null;
11673
+ approvalGroups?: {
11674
+ approvalsNeeded: number;
11675
+ emailAddresses?: string[] | null;
11676
+ emailListUuid?: string | null;
11677
+ }[] | null;
11678
+ approvalRequired?: boolean | null;
10826
11679
  connectionRules?: {
10827
- ssh?: {
10828
- usernames: string[];
10829
- allowEmailAlias?: boolean | null;
11680
+ rdp?: {
11681
+ allowedClipboardLocalToRemoteFormats?: "text"[] | null;
11682
+ allowedClipboardRemoteToLocalFormats?: "text"[] | null;
10830
11683
  } | null;
10831
11684
  } | null;
10832
11685
  createdAt?: string | null;
@@ -11053,12 +11906,16 @@ export type CreateAccessApplicationResponse = {
11053
11906
  accountId?: string | null;
11054
11907
  };
11055
11908
  })[] | null;
11909
+ isolationRequired?: boolean | null;
11056
11910
  mfaConfig?: {
11057
- allowedAuthenticators?: "ssh_piv_key"[] | null;
11911
+ allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[] | null;
11058
11912
  mfaDisabled?: boolean | null;
11059
11913
  sessionDuration?: string | null;
11060
11914
  } | null;
11061
11915
  name?: string | null;
11916
+ precedence?: number | null;
11917
+ purposeJustificationPrompt?: string | null;
11918
+ purposeJustificationRequired?: boolean | null;
11062
11919
  require?: ({
11063
11920
  group: {
11064
11921
  id: string;
@@ -11170,33 +12027,79 @@ export type CreateAccessApplicationResponse = {
11170
12027
  accountId?: string | null;
11171
12028
  };
11172
12029
  })[] | null;
12030
+ sessionDuration?: string | null;
11173
12031
  updatedAt?: string | null;
11174
12032
  }[] | null;
12033
+ readServiceTokensFromHeader?: string | null;
12034
+ sameSiteCookieAttribute?: string | null;
12035
+ scimConfig?: {
12036
+ idpUid: string;
12037
+ remoteUri: string;
12038
+ authentication?: {
12039
+ password: string;
12040
+ scheme: "httpbasic";
12041
+ user: string;
12042
+ } | {
12043
+ token: string;
12044
+ scheme: "oauthbearertoken";
12045
+ } | {
12046
+ authorizationUrl: string;
12047
+ clientId: string;
12048
+ clientSecret: string;
12049
+ scheme: "oauth2";
12050
+ tokenUrl: string;
12051
+ scopes?: string[] | null;
12052
+ } | {
12053
+ clientId: string;
12054
+ clientSecret: string;
12055
+ scheme: "access_service_token";
12056
+ } | ({
12057
+ password: string;
12058
+ scheme: "httpbasic";
12059
+ user: string;
12060
+ } | {
12061
+ token: string;
12062
+ scheme: "oauthbearertoken";
12063
+ } | {
12064
+ authorizationUrl: string;
12065
+ clientId: string;
12066
+ clientSecret: string;
12067
+ scheme: "oauth2";
12068
+ tokenUrl: string;
12069
+ scopes?: string[] | null;
12070
+ } | {
12071
+ clientId: string;
12072
+ clientSecret: string;
12073
+ scheme: "access_service_token";
12074
+ })[] | null;
12075
+ deactivateOnDelete?: boolean | null;
12076
+ enabled?: boolean | null;
12077
+ mappings?: {
12078
+ schema: string;
12079
+ enabled?: boolean | null;
12080
+ filter?: string | null;
12081
+ operations?: {
12082
+ create?: boolean | null;
12083
+ delete?: boolean | null;
12084
+ update?: boolean | null;
12085
+ } | null;
12086
+ strictness?: "strict" | "passthrough" | (string & {}) | null;
12087
+ transformJsonata?: string | null;
12088
+ }[] | null;
12089
+ } | null;
12090
+ selfHostedDomains?: string[] | null;
12091
+ serviceAuth_401Redirect?: boolean | null;
12092
+ sessionDuration?: string | null;
12093
+ skipInterstitial?: boolean | null;
12094
+ tags?: string[] | null;
12095
+ useClientlessIsolationAppLauncherUrl?: boolean | null;
11175
12096
  } | {
11176
- domain: string;
11177
- targetCriteria: {
11178
- port: number;
11179
- protocol: "RDP";
11180
- targetAttributes: Record<string, unknown>;
11181
- }[];
11182
12097
  type: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
11183
12098
  id?: string | null;
11184
12099
  allowAuthenticateViaWarp?: boolean | null;
11185
- allowIframe?: boolean | null;
11186
12100
  allowedIdps?: string[] | null;
11187
- appLauncherVisible?: boolean | null;
11188
12101
  aud?: string | null;
11189
12102
  autoRedirectToIdentity?: boolean | null;
11190
- corsHeaders?: {
11191
- allowAllHeaders?: boolean | null;
11192
- allowAllMethods?: boolean | null;
11193
- allowAllOrigins?: boolean | null;
11194
- allowCredentials?: boolean | null;
11195
- allowedHeaders?: string[] | null;
11196
- allowedMethods?: ("GET" | "POST" | "HEAD" | "PUT" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE" | "PATCH" | (string & {}))[] | null;
11197
- allowedOrigins?: string[] | null;
11198
- maxAge?: number | null;
11199
- } | null;
11200
12103
  customDenyMessage?: string | null;
11201
12104
  customDenyUrl?: string | null;
11202
12105
  customNonIdentityDenyUrl?: string | null;
@@ -11215,14 +12118,8 @@ export type CreateAccessApplicationResponse = {
11215
12118
  mcpServerId?: string | null;
11216
12119
  type?: "via_mcp_server_portal" | null;
11217
12120
  })[] | null;
11218
- enableBindingCookie?: boolean | null;
11219
12121
  httpOnlyCookieAttribute?: boolean | null;
11220
12122
  logoUrl?: string | null;
11221
- mfaConfig?: {
11222
- allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[] | null;
11223
- mfaDisabled?: boolean | null;
11224
- sessionDuration?: string | null;
11225
- } | null;
11226
12123
  name?: string | null;
11227
12124
  oauthConfiguration?: {
11228
12125
  dynamicClientRegistration?: {
@@ -11238,7 +12135,6 @@ export type CreateAccessApplicationResponse = {
11238
12135
  } | null;
11239
12136
  } | null;
11240
12137
  optionsPreflightBypass?: boolean | null;
11241
- pathCookieAttribute?: boolean | null;
11242
12138
  policies?: {
11243
12139
  id?: string | null;
11244
12140
  approvalGroups?: {
@@ -11601,7 +12497,6 @@ export type CreateAccessApplicationResponse = {
11601
12497
  sessionDuration?: string | null;
11602
12498
  updatedAt?: string | null;
11603
12499
  }[] | null;
11604
- readServiceTokensFromHeader?: string | null;
11605
12500
  sameSiteCookieAttribute?: string | null;
11606
12501
  scimConfig?: {
11607
12502
  idpUid: string;
@@ -11658,12 +12553,8 @@ export type CreateAccessApplicationResponse = {
11658
12553
  transformJsonata?: string | null;
11659
12554
  }[] | null;
11660
12555
  } | null;
11661
- selfHostedDomains?: string[] | null;
11662
- serviceAuth_401Redirect?: boolean | null;
11663
12556
  sessionDuration?: string | null;
11664
- skipInterstitial?: boolean | null;
11665
12557
  tags?: string[] | null;
11666
- useClientlessIsolationAppLauncherUrl?: boolean | null;
11667
12558
  } | {
11668
12559
  type: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
11669
12560
  id?: string | null;
@@ -11689,6 +12580,7 @@ export type CreateAccessApplicationResponse = {
11689
12580
  mcpServerId?: string | null;
11690
12581
  type?: "via_mcp_server_portal" | null;
11691
12582
  })[] | null;
12583
+ domain?: string | null;
11692
12584
  httpOnlyCookieAttribute?: boolean | null;
11693
12585
  logoUrl?: string | null;
11694
12586
  name?: string | null;
@@ -12126,66 +13018,124 @@ export type CreateAccessApplicationResponse = {
12126
13018
  } | null;
12127
13019
  sessionDuration?: string | null;
12128
13020
  tags?: string[] | null;
12129
- } | {
12130
- type: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
12131
- id?: string | null;
12132
- allowAuthenticateViaWarp?: boolean | null;
12133
- allowedIdps?: string[] | null;
12134
- aud?: string | null;
12135
- autoRedirectToIdentity?: boolean | null;
12136
- customDenyMessage?: string | null;
12137
- customDenyUrl?: string | null;
12138
- customNonIdentityDenyUrl?: string | null;
12139
- customPages?: string[] | null;
13021
+ };
13022
+ export declare const CreateAccessApplicationResponse: Schema.Schema<CreateAccessApplicationResponse>;
13023
+ export type CreateAccessApplicationError = DefaultErrors;
13024
+ export declare const createAccessApplicationForAccount: API.OperationMethod<CreateAccessApplicationForAccountRequest, CreateAccessApplicationResponse, CreateAccessApplicationError, Credentials | HttpClient.HttpClient>;
13025
+ export declare const createAccessApplicationForZone: API.OperationMethod<CreateAccessApplicationForZoneRequest, CreateAccessApplicationResponse, CreateAccessApplicationError, Credentials | HttpClient.HttpClient>;
13026
+ interface UpdateAccessApplicationBaseRequest {
13027
+ appId: string;
13028
+ /** Body param: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher. */
13029
+ domain?: string;
13030
+ /** Body param: The application type. */
13031
+ type?: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
13032
+ /** Body param: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always */
13033
+ allowAuthenticateViaWarp?: boolean;
13034
+ /** Body param: Enables loading application content in an iFrame. */
13035
+ allowIframe?: boolean;
13036
+ /** Body param: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account. */
13037
+ allowedIdps?: string[];
13038
+ /** Body param: Displays the application in the App Launcher. */
13039
+ appLauncherVisible?: boolean;
13040
+ /** Body param: When set to `true`, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. */
13041
+ autoRedirectToIdentity?: boolean;
13042
+ /** Body param */
13043
+ corsHeaders?: {
13044
+ allowAllHeaders?: boolean;
13045
+ allowAllMethods?: boolean;
13046
+ allowAllOrigins?: boolean;
13047
+ allowCredentials?: boolean;
13048
+ allowedHeaders?: string[];
13049
+ allowedMethods?: ("GET" | "POST" | "HEAD" | "PUT" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE" | "PATCH" | (string & {}))[];
13050
+ allowedOrigins?: string[];
13051
+ maxAge?: number;
13052
+ };
13053
+ /** Body param: The custom error message shown to a user when they are denied access to the application. */
13054
+ customDenyMessage?: string;
13055
+ /** Body param: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules. */
13056
+ customDenyUrl?: string;
13057
+ /** Body param: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules. */
13058
+ customNonIdentityDenyUrl?: string;
13059
+ /** Body param: The custom pages that will be displayed when applicable for this application */
13060
+ customPages?: string[];
13061
+ /** Body param: List of destinations secured by Access. This supersedes `self_hosted_domains` to allow for more flexibility in defining different types of domains. If `destinations` are provided, then `se */
12140
13062
  destinations?: ({
12141
- type?: "public" | null;
12142
- uri?: string | null;
13063
+ type?: "public";
13064
+ uri?: string;
12143
13065
  } | {
12144
- cidr?: string | null;
12145
- hostname?: string | null;
12146
- l4Protocol?: "tcp" | "udp" | (string & {}) | null;
12147
- portRange?: string | null;
12148
- type?: "private" | null;
12149
- vnetId?: string | null;
13066
+ cidr?: string;
13067
+ hostname?: string;
13068
+ l4Protocol?: "tcp" | "udp" | (string & {});
13069
+ portRange?: string;
13070
+ type?: "private";
13071
+ vnetId?: string;
12150
13072
  } | {
12151
- mcpServerId?: string | null;
12152
- type?: "via_mcp_server_portal" | null;
12153
- })[] | null;
12154
- domain?: string | null;
12155
- httpOnlyCookieAttribute?: boolean | null;
12156
- logoUrl?: string | null;
12157
- name?: string | null;
13073
+ mcpServerId?: string;
13074
+ type?: "via_mcp_server_portal";
13075
+ })[];
13076
+ /** Body param: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. */
13077
+ enableBindingCookie?: boolean;
13078
+ /** Body param: Enables the HttpOnly cookie attribute, which increases security against XSS attacks. */
13079
+ httpOnlyCookieAttribute?: boolean;
13080
+ /** Body param: The image URL for the logo shown in the App Launcher dashboard. */
13081
+ logoUrl?: string;
13082
+ /** Body param: Configures multi-factor authentication (MFA) settings. */
13083
+ mfaConfig?: {
13084
+ allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[];
13085
+ mfaDisabled?: boolean;
13086
+ sessionDuration?: string;
13087
+ };
13088
+ /** Body param: The name of the application. */
13089
+ name?: string;
13090
+ /** Body param: Beta: Optional configuration for managing an OAuth authorization flow controlled by Access. When set, Access will act as the OAuth authorization server for this application. Only compati */
12158
13091
  oauthConfiguration?: {
12159
13092
  dynamicClientRegistration?: {
12160
- allowAnyOnLocalhost?: boolean | null;
12161
- allowAnyOnLoopback?: boolean | null;
12162
- allowedUris?: string[] | null;
12163
- enabled?: boolean | null;
12164
- } | null;
12165
- enabled?: boolean | null;
13093
+ allowAnyOnLocalhost?: boolean;
13094
+ allowAnyOnLoopback?: boolean;
13095
+ allowedUris?: string[];
13096
+ enabled?: boolean;
13097
+ };
13098
+ enabled?: boolean;
12166
13099
  grant?: {
12167
- accessTokenLifetime?: string | null;
12168
- sessionDuration?: string | null;
12169
- } | null;
12170
- } | null;
12171
- optionsPreflightBypass?: boolean | null;
12172
- policies?: {
12173
- id?: string | null;
13100
+ accessTokenLifetime?: string;
13101
+ sessionDuration?: string;
13102
+ };
13103
+ };
13104
+ /** Body param: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. */
13105
+ optionsPreflightBypass?: boolean;
13106
+ /** Body param: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default */
13107
+ pathCookieAttribute?: boolean;
13108
+ /** Body param: The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application. Reusable a */
13109
+ policies?: ({
13110
+ id?: string;
13111
+ precedence?: number;
13112
+ } | string | {
13113
+ id?: string;
12174
13114
  approvalGroups?: {
12175
13115
  approvalsNeeded: number;
12176
- emailAddresses?: string[] | null;
12177
- emailListUuid?: string | null;
12178
- }[] | null;
12179
- approvalRequired?: boolean | null;
13116
+ emailAddresses?: string[];
13117
+ emailListUuid?: string;
13118
+ }[];
13119
+ approvalRequired?: boolean;
12180
13120
  connectionRules?: {
12181
13121
  rdp?: {
12182
- allowedClipboardLocalToRemoteFormats?: "text"[] | null;
12183
- allowedClipboardRemoteToLocalFormats?: "text"[] | null;
12184
- } | null;
12185
- } | null;
12186
- createdAt?: string | null;
12187
- decision?: "allow" | "deny" | "non_identity" | "bypass" | (string & {}) | null;
12188
- exclude?: ({
13122
+ allowedClipboardLocalToRemoteFormats?: "text"[];
13123
+ allowedClipboardRemoteToLocalFormats?: "text"[];
13124
+ };
13125
+ };
13126
+ isolationRequired?: boolean;
13127
+ mfaConfig?: {
13128
+ allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[];
13129
+ mfaDisabled?: boolean;
13130
+ sessionDuration?: string;
13131
+ };
13132
+ precedence?: number;
13133
+ purposeJustificationPrompt?: string;
13134
+ purposeJustificationRequired?: boolean;
13135
+ sessionDuration?: string;
13136
+ })[] | {
13137
+ decision: "allow" | "deny" | "non_identity" | "bypass" | (string & {});
13138
+ include: ({
12189
13139
  group: {
12190
13140
  id: string;
12191
13141
  };
@@ -12243,7 +13193,7 @@ export type CreateAccessApplicationResponse = {
12243
13193
  githubOrganization: {
12244
13194
  identityProviderId: string;
12245
13195
  name: string;
12246
- team?: string | null;
13196
+ team?: string;
12247
13197
  };
12248
13198
  } | {
12249
13199
  gsuite: {
@@ -12293,10 +13243,17 @@ export type CreateAccessApplicationResponse = {
12293
13243
  };
12294
13244
  } | {
12295
13245
  cloudflareAccountMember: {
12296
- accountId?: string | null;
13246
+ accountId?: string;
12297
13247
  };
12298
- })[] | null;
12299
- include?: ({
13248
+ })[];
13249
+ name: string;
13250
+ connectionRules?: {
13251
+ ssh?: {
13252
+ usernames: string[];
13253
+ allowEmailAlias?: boolean;
13254
+ };
13255
+ };
13256
+ exclude?: ({
12300
13257
  group: {
12301
13258
  id: string;
12302
13259
  };
@@ -12354,7 +13311,7 @@ export type CreateAccessApplicationResponse = {
12354
13311
  githubOrganization: {
12355
13312
  identityProviderId: string;
12356
13313
  name: string;
12357
- team?: string | null;
13314
+ team?: string;
12358
13315
  };
12359
13316
  } | {
12360
13317
  gsuite: {
@@ -12404,19 +13361,14 @@ export type CreateAccessApplicationResponse = {
12404
13361
  };
12405
13362
  } | {
12406
13363
  cloudflareAccountMember: {
12407
- accountId?: string | null;
13364
+ accountId?: string;
12408
13365
  };
12409
- })[] | null;
12410
- isolationRequired?: boolean | null;
13366
+ })[];
12411
13367
  mfaConfig?: {
12412
- allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[] | null;
12413
- mfaDisabled?: boolean | null;
12414
- sessionDuration?: string | null;
12415
- } | null;
12416
- name?: string | null;
12417
- precedence?: number | null;
12418
- purposeJustificationPrompt?: string | null;
12419
- purposeJustificationRequired?: boolean | null;
13368
+ allowedAuthenticators?: "ssh_piv_key"[];
13369
+ mfaDisabled?: boolean;
13370
+ sessionDuration?: string;
13371
+ };
12420
13372
  require?: ({
12421
13373
  group: {
12422
13374
  id: string;
@@ -12475,7 +13427,7 @@ export type CreateAccessApplicationResponse = {
12475
13427
  githubOrganization: {
12476
13428
  identityProviderId: string;
12477
13429
  name: string;
12478
- team?: string | null;
13430
+ team?: string;
12479
13431
  };
12480
13432
  } | {
12481
13433
  gsuite: {
@@ -12525,186 +13477,10 @@ export type CreateAccessApplicationResponse = {
12525
13477
  };
12526
13478
  } | {
12527
13479
  cloudflareAccountMember: {
12528
- accountId?: string | null;
12529
- };
12530
- })[] | null;
12531
- sessionDuration?: string | null;
12532
- updatedAt?: string | null;
12533
- }[] | null;
12534
- sameSiteCookieAttribute?: string | null;
12535
- scimConfig?: {
12536
- idpUid: string;
12537
- remoteUri: string;
12538
- authentication?: {
12539
- password: string;
12540
- scheme: "httpbasic";
12541
- user: string;
12542
- } | {
12543
- token: string;
12544
- scheme: "oauthbearertoken";
12545
- } | {
12546
- authorizationUrl: string;
12547
- clientId: string;
12548
- clientSecret: string;
12549
- scheme: "oauth2";
12550
- tokenUrl: string;
12551
- scopes?: string[] | null;
12552
- } | {
12553
- clientId: string;
12554
- clientSecret: string;
12555
- scheme: "access_service_token";
12556
- } | ({
12557
- password: string;
12558
- scheme: "httpbasic";
12559
- user: string;
12560
- } | {
12561
- token: string;
12562
- scheme: "oauthbearertoken";
12563
- } | {
12564
- authorizationUrl: string;
12565
- clientId: string;
12566
- clientSecret: string;
12567
- scheme: "oauth2";
12568
- tokenUrl: string;
12569
- scopes?: string[] | null;
12570
- } | {
12571
- clientId: string;
12572
- clientSecret: string;
12573
- scheme: "access_service_token";
12574
- })[] | null;
12575
- deactivateOnDelete?: boolean | null;
12576
- enabled?: boolean | null;
12577
- mappings?: {
12578
- schema: string;
12579
- enabled?: boolean | null;
12580
- filter?: string | null;
12581
- operations?: {
12582
- create?: boolean | null;
12583
- delete?: boolean | null;
12584
- update?: boolean | null;
12585
- } | null;
12586
- strictness?: "strict" | "passthrough" | (string & {}) | null;
12587
- transformJsonata?: string | null;
12588
- }[] | null;
12589
- } | null;
12590
- sessionDuration?: string | null;
12591
- tags?: string[] | null;
12592
- };
12593
- export declare const CreateAccessApplicationResponse: Schema.Schema<CreateAccessApplicationResponse>;
12594
- export type CreateAccessApplicationError = DefaultErrors;
12595
- export declare const createAccessApplicationForAccount: API.OperationMethod<CreateAccessApplicationForAccountRequest, CreateAccessApplicationResponse, CreateAccessApplicationError, Credentials | HttpClient.HttpClient>;
12596
- export declare const createAccessApplicationForZone: API.OperationMethod<CreateAccessApplicationForZoneRequest, CreateAccessApplicationResponse, CreateAccessApplicationError, Credentials | HttpClient.HttpClient>;
12597
- interface UpdateAccessApplicationBaseRequest {
12598
- appId: string;
12599
- /** Body param: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher. */
12600
- domain: string;
12601
- /** Body param: The application type. */
12602
- type: "self_hosted" | "saas" | "ssh" | "vnc" | "app_launcher" | "warp" | "biso" | "bookmark" | "dash_sso" | "infrastructure" | "rdp" | "mcp" | "mcp_portal" | "proxy_endpoint" | (string & {});
12603
- /** Body param: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always */
12604
- allowAuthenticateViaWarp?: boolean;
12605
- /** Body param: Enables loading application content in an iFrame. */
12606
- allowIframe?: boolean;
12607
- /** Body param: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account. */
12608
- allowedIdps?: string[];
12609
- /** Body param: Displays the application in the App Launcher. */
12610
- appLauncherVisible?: boolean;
12611
- /** Body param: When set to `true`, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. */
12612
- autoRedirectToIdentity?: boolean;
12613
- /** Body param */
12614
- corsHeaders?: {
12615
- allowAllHeaders?: boolean;
12616
- allowAllMethods?: boolean;
12617
- allowAllOrigins?: boolean;
12618
- allowCredentials?: boolean;
12619
- allowedHeaders?: string[];
12620
- allowedMethods?: ("GET" | "POST" | "HEAD" | "PUT" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE" | "PATCH" | (string & {}))[];
12621
- allowedOrigins?: string[];
12622
- maxAge?: number;
12623
- };
12624
- /** Body param: The custom error message shown to a user when they are denied access to the application. */
12625
- customDenyMessage?: string;
12626
- /** Body param: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules. */
12627
- customDenyUrl?: string;
12628
- /** Body param: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules. */
12629
- customNonIdentityDenyUrl?: string;
12630
- /** Body param: The custom pages that will be displayed when applicable for this application */
12631
- customPages?: string[];
12632
- /** Body param: List of destinations secured by Access. This supersedes `self_hosted_domains` to allow for more flexibility in defining different types of domains. If `destinations` are provided, then `se */
12633
- destinations?: ({
12634
- type?: "public";
12635
- uri?: string;
12636
- } | {
12637
- cidr?: string;
12638
- hostname?: string;
12639
- l4Protocol?: "tcp" | "udp" | (string & {});
12640
- portRange?: string;
12641
- type?: "private";
12642
- vnetId?: string;
12643
- } | {
12644
- mcpServerId?: string;
12645
- type?: "via_mcp_server_portal";
12646
- })[];
12647
- /** Body param: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. */
12648
- enableBindingCookie?: boolean;
12649
- /** Body param: Enables the HttpOnly cookie attribute, which increases security against XSS attacks. */
12650
- httpOnlyCookieAttribute?: boolean;
12651
- /** Body param: The image URL for the logo shown in the App Launcher dashboard. */
12652
- logoUrl?: string;
12653
- /** Body param: Configures multi-factor authentication (MFA) settings. */
12654
- mfaConfig?: {
12655
- allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[];
12656
- mfaDisabled?: boolean;
12657
- sessionDuration?: string;
12658
- };
12659
- /** Body param: The name of the application. */
12660
- name?: string;
12661
- /** Body param: Beta: Optional configuration for managing an OAuth authorization flow controlled by Access. When set, Access will act as the OAuth authorization server for this application. Only compati */
12662
- oauthConfiguration?: {
12663
- dynamicClientRegistration?: {
12664
- allowAnyOnLocalhost?: boolean;
12665
- allowAnyOnLoopback?: boolean;
12666
- allowedUris?: string[];
12667
- enabled?: boolean;
12668
- };
12669
- enabled?: boolean;
12670
- grant?: {
12671
- accessTokenLifetime?: string;
12672
- sessionDuration?: string;
12673
- };
12674
- };
12675
- /** Body param: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. */
12676
- optionsPreflightBypass?: boolean;
12677
- /** Body param: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default */
12678
- pathCookieAttribute?: boolean;
12679
- /** Body param: The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application. Reusable a */
12680
- policies?: ({
12681
- id?: string;
12682
- precedence?: number;
12683
- } | string | {
12684
- id?: string;
12685
- approvalGroups?: {
12686
- approvalsNeeded: number;
12687
- emailAddresses?: string[];
12688
- emailListUuid?: string;
12689
- }[];
12690
- approvalRequired?: boolean;
12691
- connectionRules?: {
12692
- rdp?: {
12693
- allowedClipboardLocalToRemoteFormats?: "text"[];
12694
- allowedClipboardRemoteToLocalFormats?: "text"[];
13480
+ accountId?: string;
12695
13481
  };
12696
- };
12697
- isolationRequired?: boolean;
12698
- mfaConfig?: {
12699
- allowedAuthenticators?: ("totp" | "biometrics" | "security_key" | (string & {}))[];
12700
- mfaDisabled?: boolean;
12701
- sessionDuration?: string;
12702
- };
12703
- precedence?: number;
12704
- purposeJustificationPrompt?: string;
12705
- purposeJustificationRequired?: boolean;
12706
- sessionDuration?: string;
12707
- })[];
13482
+ })[];
13483
+ }[];
12708
13484
  /** Body param: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The */
12709
13485
  readServiceTokensFromHeader?: string;
12710
13486
  /** Body param: Sets the SameSite cookie setting, which provides increased security against CSRF attacks. */
@@ -12777,6 +13553,88 @@ interface UpdateAccessApplicationBaseRequest {
12777
13553
  tags?: string[];
12778
13554
  /** Body param: Determines if users can access this application via a clientless browser isolation URL. This allows users to access private domains without connecting to Gateway. The option requires Clien */
12779
13555
  useClientlessIsolationAppLauncherUrl?: boolean;
13556
+ /** Body param */
13557
+ saasApp?: {
13558
+ authType?: "saml" | "oidc" | (string & {});
13559
+ consumerServiceUrl?: string;
13560
+ customAttributes?: {
13561
+ friendlyName?: string;
13562
+ name?: string;
13563
+ nameFormat?: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" | "urn:oasis:names:tc:SAML:2.0:attrname-format:basic" | "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" | (string & {});
13564
+ required?: boolean;
13565
+ source?: {
13566
+ name?: string;
13567
+ nameByIdp?: {
13568
+ idpId?: string;
13569
+ sourceName?: string;
13570
+ }[];
13571
+ };
13572
+ }[];
13573
+ defaultRelayState?: string;
13574
+ idpEntityId?: string;
13575
+ nameIdFormat?: "id" | "email" | (string & {});
13576
+ nameIdTransformJsonata?: string;
13577
+ publicKey?: string;
13578
+ samlAttributeTransformJsonata?: string;
13579
+ spEntityId?: string;
13580
+ ssoEndpoint?: string;
13581
+ accessTokenLifetime?: string;
13582
+ allowPkceWithoutClientSecret?: boolean;
13583
+ appLauncherUrl?: string;
13584
+ clientId?: string;
13585
+ clientSecret?: string;
13586
+ customClaims?: {
13587
+ name?: string;
13588
+ required?: boolean;
13589
+ scope?: "groups" | "profile" | "email" | "openid" | (string & {});
13590
+ source?: {
13591
+ name?: string;
13592
+ nameByIdp?: Record<string, unknown>;
13593
+ };
13594
+ }[];
13595
+ grantTypes?: ("authorization_code" | "authorization_code_with_pkce" | "refresh_tokens" | "hybrid" | "implicit" | (string & {}))[];
13596
+ groupFilterRegex?: string;
13597
+ hybridAndImplicitOptions?: {
13598
+ returnAccessTokenFromAuthorizationEndpoint?: boolean;
13599
+ returnIdTokenFromAuthorizationEndpoint?: boolean;
13600
+ };
13601
+ redirectUris?: string[];
13602
+ refreshTokenOptions?: {
13603
+ lifetime?: string;
13604
+ };
13605
+ scopes?: ("openid" | "groups" | "email" | "profile" | (string & {}))[];
13606
+ };
13607
+ /** Body param: The image URL of the logo shown in the App Launcher header. */
13608
+ appLauncherLogoUrl?: string;
13609
+ /** Body param: The background color of the App Launcher page. */
13610
+ bgColor?: string;
13611
+ /** Body param: The links in the App Launcher footer. */
13612
+ footerLinks?: {
13613
+ name: string;
13614
+ url: string;
13615
+ }[];
13616
+ /** Body param: The background color of the App Launcher header. */
13617
+ headerBgColor?: string;
13618
+ /** Body param: The design of the App Launcher landing page shown to users when they log in. */
13619
+ landingPageDesign?: {
13620
+ buttonColor?: string;
13621
+ buttonTextColor?: string;
13622
+ imageUrl?: string;
13623
+ message?: string;
13624
+ title?: string;
13625
+ };
13626
+ /** Body param: Determines when to skip the App Launcher landing page. */
13627
+ skipAppLauncherLoginPage?: boolean;
13628
+ /** Body param */
13629
+ targetCriteria?: {
13630
+ port: number;
13631
+ protocol: "SSH";
13632
+ targetAttributes: Record<string, unknown>;
13633
+ }[] | {
13634
+ port: number;
13635
+ protocol: "RDP";
13636
+ targetAttributes: Record<string, unknown>;
13637
+ }[];
12780
13638
  }
12781
13639
  export interface UpdateAccessApplicationForAccountRequest extends UpdateAccessApplicationBaseRequest {
12782
13640
  /** Path param: The Account ID to use for this endpoint. */
@@ -30269,14 +31127,14 @@ export interface UpdateDlpEntryRequest {
30269
31127
  /** Path param */
30270
31128
  accountId: string;
30271
31129
  /** Body param */
30272
- name: string;
31130
+ name?: string;
30273
31131
  /** Body param */
30274
- pattern: {
31132
+ pattern?: {
30275
31133
  regex: string;
30276
31134
  validation?: "luhn";
30277
31135
  };
30278
31136
  /** Body param */
30279
- type: "custom";
31137
+ type: "custom" | "predefined" | "integration" | (string & {});
30280
31138
  /** Body param */
30281
31139
  description?: string | null;
30282
31140
  /** Body param */
@@ -35326,7 +36184,7 @@ export interface CreateGatewayProxyEndpointRequest {
35326
36184
  /** Body param: Specify the name of the proxy endpoint. */
35327
36185
  name: string;
35328
36186
  /** Body param: The proxy endpoint kind */
35329
- kind?: "ip";
36187
+ kind?: "ip" | "identity" | (string & {});
35330
36188
  }
35331
36189
  export declare const CreateGatewayProxyEndpointRequest: Schema.Schema<CreateGatewayProxyEndpointRequest>;
35332
36190
  export type CreateGatewayProxyEndpointResponse = {
@@ -37066,6 +37924,30 @@ interface CreateIdentityProviderBaseRequest {
37066
37924
  emailClaimName?: string;
37067
37925
  prompt?: "login" | "select_account" | "none" | (string & {});
37068
37926
  supportGroups?: boolean;
37927
+ centrifyAccount?: string;
37928
+ centrifyAppId?: string;
37929
+ appsDomain?: string;
37930
+ authUrl?: string;
37931
+ certsUrl?: string;
37932
+ pkceEnabled?: boolean;
37933
+ scopes?: string[];
37934
+ tokenUrl?: string;
37935
+ authorizationServerId?: string;
37936
+ oktaAccount?: string;
37937
+ oneloginAccount?: string;
37938
+ pingEnvId?: string;
37939
+ attributes?: string[];
37940
+ emailAttributeName?: string;
37941
+ enableEncryption?: boolean;
37942
+ headerAttributes?: {
37943
+ attributeName?: string;
37944
+ headerName?: string;
37945
+ }[];
37946
+ idpPublicCerts?: string[];
37947
+ issuerUrl?: string;
37948
+ signRequest?: boolean;
37949
+ ssoTargetUrl?: string;
37950
+ restrictToAccountMembers?: boolean;
37069
37951
  };
37070
37952
  /** Body param: The name of the identity provider, shown to users on the login page. */
37071
37953
  name: string;
@@ -37496,6 +38378,30 @@ interface UpdateIdentityProviderBaseRequest {
37496
38378
  emailClaimName?: string;
37497
38379
  prompt?: "login" | "select_account" | "none" | (string & {});
37498
38380
  supportGroups?: boolean;
38381
+ centrifyAccount?: string;
38382
+ centrifyAppId?: string;
38383
+ appsDomain?: string;
38384
+ authUrl?: string;
38385
+ certsUrl?: string;
38386
+ pkceEnabled?: boolean;
38387
+ scopes?: string[];
38388
+ tokenUrl?: string;
38389
+ authorizationServerId?: string;
38390
+ oktaAccount?: string;
38391
+ oneloginAccount?: string;
38392
+ pingEnvId?: string;
38393
+ attributes?: string[];
38394
+ emailAttributeName?: string;
38395
+ enableEncryption?: boolean;
38396
+ headerAttributes?: {
38397
+ attributeName?: string;
38398
+ headerName?: string;
38399
+ }[];
38400
+ idpPublicCerts?: string[];
38401
+ issuerUrl?: string;
38402
+ signRequest?: boolean;
38403
+ ssoTargetUrl?: string;
38404
+ restrictToAccountMembers?: boolean;
37499
38405
  };
37500
38406
  /** Body param: The name of the identity provider, shown to users on the login page. */
37501
38407
  name: string;