Skip to content

Latest commit

 

History

History
81 lines (60 loc) · 3.25 KB

service_account.md

File metadata and controls

81 lines (60 loc) · 3.25 KB
page_title subcategory description
citrix_service_account Resource - citrix
CVAD
Resource for creating and managing service accounts.

citrix_service_account (Resource)

Resource for creating and managing service accounts.

Example Usage

resource citrix_service_account "example-azuread-service-account" {
    display_name = "example-azuread-service-account"
    description = "created with terraform"
    identity_provider_type = "AzureAD"
    identity_provider_identifier = "<Azure-Tenant-ID>"
    account_id = "<Application-ID>"
    account_secret = "<Application-Secret>"
    account_secret_format = "PlainText"
    enable_intune_enrolled_device_management = true
    secret_expiry_time = "2099-12-31"
}

resource citrix_service_account "example-ad-service-account" {
    display_name = "example-ad-service-account"
    description = "created with terraform"
    identity_provider_type = "ActiveDirectory"
    identity_provider_identifier = "domain.com" # Domain name
    account_id = "domain\\admin" # Admin user name
    account_secret = "admin-secret" # Admin password
    account_secret_format = "PlainText"
}

Schema

Required

  • account_id (String) The account ID of the service account.

-> Note For Active Directory, this is the username. Username should be in domain\username format. For AzureAD, this is the application ID. The account ID must be in lowercase.

  • account_secret (String, Sensitive) The password for the service account.

-> Note For Active Directory, this is the password. For AzureAD, this is the client secret.

  • account_secret_format (String) The format of the account secret. Possible values are PlainText and Base64.
  • display_name (String) A friendly name for the service account.
  • identity_provider_identifier (String) The identity provider identifier for the service account.

-> Note For Active Directory, this is the domain name in the FQDN format. For example, domain.com. For AzureAD, this is the tenant ID.

  • identity_provider_type (String) The identity provider type for the service account. Possible values are ActiveDirectory and AzureAD.

-> Note 'Device.ReadWrite.All' permission is required for the service principal for Azure AD joined device management.

Optional

  • description (String) A description for the service account.
  • enable_intune_enrolled_device_management (Boolean) Indicates whether the service account can perform Microsoft Intune enrolled device management. This is applicable only for AzureAD identity provider type.

-> Note 'DeviceManagementManagedDevices.ReadWrite.All' permission is required for the service principal before enabling this capability.

  • scopes (Set of String) The IDs of the scopes for the service account to be a part of.
  • secret_expiry_time (String) The UTC expiration date of the account secret.

-> Note The expected format is YYYY-MM-DD.

Read-Only

  • id (String) GUID identifier of the application.

Import

Import is supported using the following syntax:

# Service account can be imported by specifying the ID
terraform import citrix_service_account ce571dd9-1a46-4b85-891c-484423322c53