Terraform Provider
Identity as code.
GitOps your auth.
Manage tenants, users, roles, SSO, cloud mappings, and eBPF policies -- all from HCL. Review in PRs. Deploy with CI.
Available on Free and above. See pricing
Every resource in HCL
10 Terraform resources cover your entire identity stack.
authfi_tenant
resource "authfi_tenant" "acme" {
name = "Acme Corp"
slug = "acme"
plan = "pro"
region = "us"
}authfi_role
resource "authfi_role" "editor" {
tenant_id = authfi_tenant.acme.id
name = "editor"
permissions = [
"read:articles",
"write:articles"
]
}authfi_sso_connection
resource "authfi_sso_connection" "okta" {
tenant_id = authfi_tenant.acme.id
type = "saml"
metadata_url = "https://..."
domain_hint = "acme.com"
}authfi_agent_policy
resource "authfi_agent_policy" "api" {
tenant_id = authfi_tenant.acme.id
port = 8080
mode = "enforce"
rules {
method = "GET"
path = "/api/patients/*"
roles = ["doctor"]
}
}Review before you apply
terraform plan shows exactly what will change. No surprises.
Terminal
$ terraform plan + authfi_tenant.acme name = "Acme Corp" slug = "acme" plan = "pro" region = "us" + authfi_role.editor name = "editor" permissions = ["read:articles", "write:articles"] ~ authfi_sso_connection.okta domain_hint: "acme.io" -> "acme.com" Plan: 2 to add, 1 to change, 0 to destroy.
GitOps workflow
1
Edit HCL
Change a role, add a user, update an SSO connection.
2
Open PR
terraform plan runs in CI. Review the diff.
3
Merge
terraform apply runs on merge. Changes deployed.
4
Audit trail
Every change tracked in git history + AuthFI logs.
All 10 resources
authfi_tenant authfi_project authfi_user authfi_group authfi_role authfi_permission authfi_sso_connection authfi_organization authfi_cloud_mapping authfi_agent_policyReady to get started?
Free for 5,000 monthly active users. No credit card required.