Terraform definition for an access group that checks azure ad MFA

jpllima · June 30, 2023, 1:57pm

Hi,

We are looking to have an access group with the following rules:

the user belongs to a group on our AD
the origin is from a restricted list of countries
the user has MFA activated on our AD

We haven’t managed to find the MFA option on the Terraform resource https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/access_group, this is what we are looking for in this ticket.

This is what we have so far:

resource "cloudflare_access_group" "git" {
  name    = "${var.system}-${var.environment}"
  zone_id = data.cloudflare_zone.zero_trust.id

  include {
    geo = ["ES", "PT"]
  }
  require {
    # auth = MFA # must be a require and must contain an Include rule which defines an identity
    azure {
      identity_provider_id = data.cloudflare_access_identity_provider.main.id
      id                   = [azuread_group.git.object_id]
    }
  }
}

Cyb3r-Jak3 · July 1, 2023, 1:40am

I believe the settings you are looking for is auth_method and you would set it to mfa