Terraform definition for an access group that checks azure ad MFA


We are looking to have an access group with the following rules:

  1. the user belongs to a group on our AD
  2. the origin is from a restricted list of countries
  3. the user has MFA activated on our AD

We haven’t managed to find the MFA option on the Terraform resource https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/access_group, this is what we are looking for in this ticket.

This is what we have so far:

resource "cloudflare_access_group" "git" {
  name    = "${var.system}-${var.environment}"
  zone_id = data.cloudflare_zone.zero_trust.id

  include {
    geo = ["ES", "PT"]
  require {
    # auth = MFA # must be a require and must contain an Include rule which defines an identity
    azure {
      identity_provider_id = data.cloudflare_access_identity_provider.main.id
      id                   = [azuread_group.git.object_id]

I believe the settings you are looking for is auth_method and you would set it to mfa