fortimanager 1.13.0, Mar 13 25

fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortinetdev/terraform-provider-fortimanager

fortimanager.ObjectUserRadiusDynamicMapping

Explore with Pulumi AI

fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortinetdev/terraform-provider-fortimanager

This resource is a sub resource for variable dynamic_mapping of resource fortimanager.ObjectUserRadius. Conflict and overwrite may occur if use both of them. The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.
accounting_server: fortimanager.ObjectUserRadiusDynamicMappingAccountingserver

Create ObjectUserRadiusDynamicMapping Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ObjectUserRadiusDynamicMapping(name: string, args: ObjectUserRadiusDynamicMappingArgs, opts?: CustomResourceOptions);

@overload
def ObjectUserRadiusDynamicMapping(resource_name: str,
                                   args: ObjectUserRadiusDynamicMappingInitArgs,
                                   opts: Optional[ResourceOptions] = None)

@overload
def ObjectUserRadiusDynamicMapping(resource_name: str,
                                   opts: Optional[ResourceOptions] = None,
                                   radius: Optional[str] = None,
                                   _scopes: Optional[Sequence[ObjectUserRadiusDynamicMapping_ScopeArgs]] = None,
                                   account_key_cert_field: Optional[str] = None,
                                   account_key_processing: Optional[str] = None,
                                   accounting_servers: Optional[Sequence[ObjectUserRadiusDynamicMappingAccountingServerArgs]] = None,
                                   acct_all_servers: Optional[str] = None,
                                   acct_interim_interval: Optional[float] = None,
                                   adom: Optional[str] = None,
                                   all_usergroup: Optional[str] = None,
                                   auth_type: Optional[str] = None,
                                   ca_cert: Optional[str] = None,
                                   call_station_id_type: Optional[str] = None,
                                   classes: Optional[Sequence[str]] = None,
                                   client_cert: Optional[str] = None,
                                   delimiter: Optional[str] = None,
                                   dp_carrier_endpoint_attribute: Optional[str] = None,
                                   dp_carrier_endpoint_block_attribute: Optional[str] = None,
                                   dp_context_timeout: Optional[float] = None,
                                   dp_flush_ip_session: Optional[str] = None,
                                   dp_hold_time: Optional[float] = None,
                                   dp_http_header: Optional[str] = None,
                                   dp_http_header_fallback: Optional[str] = None,
                                   dp_http_header_status: Optional[str] = None,
                                   dp_http_header_suppress: Optional[str] = None,
                                   dp_log_dyn_flags: Optional[Sequence[str]] = None,
                                   dp_log_period: Optional[float] = None,
                                   dp_mem_percent: Optional[float] = None,
                                   dp_profile_attribute: Optional[str] = None,
                                   dp_profile_attribute_key: Optional[str] = None,
                                   dp_radius_response: Optional[str] = None,
                                   dp_radius_server_port: Optional[float] = None,
                                   dp_secrets: Optional[Sequence[str]] = None,
                                   dp_validate_request_secret: Optional[str] = None,
                                   dynamic_profile: Optional[str] = None,
                                   dynamic_sort_subtable: Optional[str] = None,
                                   endpoint_translation: Optional[str] = None,
                                   ep_carrier_endpoint_convert_hex: Optional[str] = None,
                                   ep_carrier_endpoint_header: Optional[str] = None,
                                   ep_carrier_endpoint_header_suppress: Optional[str] = None,
                                   ep_carrier_endpoint_prefix: Optional[str] = None,
                                   ep_carrier_endpoint_prefix_range_max: Optional[float] = None,
                                   ep_carrier_endpoint_prefix_range_min: Optional[float] = None,
                                   ep_carrier_endpoint_prefix_string: Optional[str] = None,
                                   ep_carrier_endpoint_source: Optional[str] = None,
                                   ep_ip_header: Optional[str] = None,
                                   ep_ip_header_suppress: Optional[str] = None,
                                   ep_missing_header_fallback: Optional[str] = None,
                                   ep_profile_query_type: Optional[str] = None,
                                   group_override_attr_type: Optional[str] = None,
                                   h3c_compatibility: Optional[str] = None,
                                   interface: Optional[str] = None,
                                   interface_select_method: Optional[str] = None,
                                   mac_case: Optional[str] = None,
                                   mac_password_delimiter: Optional[str] = None,
                                   mac_username_delimiter: Optional[str] = None,
                                   nas_id: Optional[str] = None,
                                   nas_id_type: Optional[str] = None,
                                   nas_ip: Optional[str] = None,
                                   object_user_radius_dynamic_mapping_id: Optional[str] = None,
                                   password_encoding: Optional[str] = None,
                                   password_renewal: Optional[str] = None,
                                   radius_coa: Optional[str] = None,
                                   radius_port: Optional[float] = None,
                                   rsso: Optional[str] = None,
                                   rsso_context_timeout: Optional[float] = None,
                                   rsso_endpoint_attribute: Optional[str] = None,
                                   rsso_endpoint_block_attribute: Optional[str] = None,
                                   rsso_ep_one_ip_only: Optional[str] = None,
                                   rsso_flush_ip_session: Optional[str] = None,
                                   rsso_log_flags: Optional[Sequence[str]] = None,
                                   rsso_log_period: Optional[float] = None,
                                   rsso_radius_response: Optional[str] = None,
                                   rsso_radius_server_port: Optional[float] = None,
                                   rsso_secrets: Optional[Sequence[str]] = None,
                                   rsso_validate_request_secret: Optional[str] = None,
                                   scopetype: Optional[str] = None,
                                   secondary_secrets: Optional[Sequence[str]] = None,
                                   secondary_server: Optional[str] = None,
                                   secrets: Optional[Sequence[str]] = None,
                                   server: Optional[str] = None,
                                   server_identity_check: Optional[str] = None,
                                   source_ip: Optional[str] = None,
                                   source_ip_interfaces: Optional[Sequence[str]] = None,
                                   sso_attribute: Optional[str] = None,
                                   sso_attribute_key: Optional[str] = None,
                                   sso_attribute_value_override: Optional[str] = None,
                                   status_ttl: Optional[float] = None,
                                   switch_controller_acct_fast_framedip_detect: Optional[float] = None,
                                   switch_controller_nas_ip_dynamic: Optional[str] = None,
                                   switch_controller_service_types: Optional[Sequence[str]] = None,
                                   tertiary_secrets: Optional[Sequence[str]] = None,
                                   tertiary_server: Optional[str] = None,
                                   timeout: Optional[float] = None,
                                   tls_min_proto_version: Optional[str] = None,
                                   transport_protocol: Optional[str] = None,
                                   use_group_for_profile: Optional[str] = None,
                                   use_management_vdom: Optional[str] = None,
                                   username_case_sensitive: Optional[str] = None)

func NewObjectUserRadiusDynamicMapping(ctx *Context, name string, args ObjectUserRadiusDynamicMappingArgs, opts ...ResourceOption) (*ObjectUserRadiusDynamicMapping, error)

public ObjectUserRadiusDynamicMapping(string name, ObjectUserRadiusDynamicMappingArgs args, CustomResourceOptions? opts = null)

public ObjectUserRadiusDynamicMapping(String name, ObjectUserRadiusDynamicMappingArgs args)
public ObjectUserRadiusDynamicMapping(String name, ObjectUserRadiusDynamicMappingArgs args, CustomResourceOptions options)

type: fortimanager:ObjectUserRadiusDynamicMapping
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ObjectUserRadiusDynamicMappingArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ObjectUserRadiusDynamicMappingInitArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ObjectUserRadiusDynamicMappingArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ObjectUserRadiusDynamicMappingArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ObjectUserRadiusDynamicMappingArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var objectUserRadiusDynamicMappingResource = new Fortimanager.ObjectUserRadiusDynamicMapping("objectUserRadiusDynamicMappingResource", new()
{
    Radius = "string",
    _scopes = new[]
    {
        new Fortimanager.Inputs.ObjectUserRadiusDynamicMapping_ScopeArgs
        {
            Name = "string",
            Vdom = "string",
        },
    },
    AccountKeyCertField = "string",
    AccountKeyProcessing = "string",
    AccountingServers = new[]
    {
        new Fortimanager.Inputs.ObjectUserRadiusDynamicMappingAccountingServerArgs
        {
            Id = 0,
            Interface = "string",
            InterfaceSelectMethod = "string",
            Port = 0,
            Secrets = new[]
            {
                "string",
            },
            Server = "string",
            SourceIp = "string",
            Status = "string",
        },
    },
    AcctAllServers = "string",
    AcctInterimInterval = 0,
    Adom = "string",
    AllUsergroup = "string",
    AuthType = "string",
    CaCert = "string",
    CallStationIdType = "string",
    Classes = new[]
    {
        "string",
    },
    ClientCert = "string",
    Delimiter = "string",
    DpCarrierEndpointAttribute = "string",
    DpCarrierEndpointBlockAttribute = "string",
    DpContextTimeout = 0,
    DpFlushIpSession = "string",
    DpHoldTime = 0,
    DpHttpHeader = "string",
    DpHttpHeaderFallback = "string",
    DpHttpHeaderStatus = "string",
    DpHttpHeaderSuppress = "string",
    DpLogDynFlags = new[]
    {
        "string",
    },
    DpLogPeriod = 0,
    DpMemPercent = 0,
    DpProfileAttribute = "string",
    DpProfileAttributeKey = "string",
    DpRadiusResponse = "string",
    DpRadiusServerPort = 0,
    DpSecrets = new[]
    {
        "string",
    },
    DpValidateRequestSecret = "string",
    DynamicProfile = "string",
    DynamicSortSubtable = "string",
    EndpointTranslation = "string",
    EpCarrierEndpointConvertHex = "string",
    EpCarrierEndpointHeader = "string",
    EpCarrierEndpointHeaderSuppress = "string",
    EpCarrierEndpointPrefix = "string",
    EpCarrierEndpointPrefixRangeMax = 0,
    EpCarrierEndpointPrefixRangeMin = 0,
    EpCarrierEndpointPrefixString = "string",
    EpCarrierEndpointSource = "string",
    EpIpHeader = "string",
    EpIpHeaderSuppress = "string",
    EpMissingHeaderFallback = "string",
    EpProfileQueryType = "string",
    GroupOverrideAttrType = "string",
    H3cCompatibility = "string",
    Interface = "string",
    InterfaceSelectMethod = "string",
    MacCase = "string",
    MacPasswordDelimiter = "string",
    MacUsernameDelimiter = "string",
    NasId = "string",
    NasIdType = "string",
    NasIp = "string",
    ObjectUserRadiusDynamicMappingId = "string",
    PasswordEncoding = "string",
    PasswordRenewal = "string",
    RadiusCoa = "string",
    RadiusPort = 0,
    Rsso = "string",
    RssoContextTimeout = 0,
    RssoEndpointAttribute = "string",
    RssoEndpointBlockAttribute = "string",
    RssoEpOneIpOnly = "string",
    RssoFlushIpSession = "string",
    RssoLogFlags = new[]
    {
        "string",
    },
    RssoLogPeriod = 0,
    RssoRadiusResponse = "string",
    RssoRadiusServerPort = 0,
    RssoSecrets = new[]
    {
        "string",
    },
    RssoValidateRequestSecret = "string",
    Scopetype = "string",
    SecondarySecrets = new[]
    {
        "string",
    },
    SecondaryServer = "string",
    Secrets = new[]
    {
        "string",
    },
    Server = "string",
    ServerIdentityCheck = "string",
    SourceIp = "string",
    SourceIpInterfaces = new[]
    {
        "string",
    },
    SsoAttribute = "string",
    SsoAttributeKey = "string",
    SsoAttributeValueOverride = "string",
    StatusTtl = 0,
    SwitchControllerAcctFastFramedipDetect = 0,
    SwitchControllerNasIpDynamic = "string",
    SwitchControllerServiceTypes = new[]
    {
        "string",
    },
    TertiarySecrets = new[]
    {
        "string",
    },
    TertiaryServer = "string",
    Timeout = 0,
    TlsMinProtoVersion = "string",
    TransportProtocol = "string",
    UseGroupForProfile = "string",
    UseManagementVdom = "string",
    UsernameCaseSensitive = "string",
});

example, err := fortimanager.NewObjectUserRadiusDynamicMapping(ctx, "objectUserRadiusDynamicMappingResource", &fortimanager.ObjectUserRadiusDynamicMappingArgs{
Radius: pulumi.String("string"),
_scopes: .ObjectUserRadiusDynamicMapping_ScopeArray{
&.ObjectUserRadiusDynamicMapping_ScopeArgs{
Name: pulumi.String("string"),
Vdom: pulumi.String("string"),
},
},
AccountKeyCertField: pulumi.String("string"),
AccountKeyProcessing: pulumi.String("string"),
AccountingServers: .ObjectUserRadiusDynamicMappingAccountingServerTypeArray{
&.ObjectUserRadiusDynamicMappingAccountingServerTypeArgs{
Id: pulumi.Float64(0),
Interface: pulumi.String("string"),
InterfaceSelectMethod: pulumi.String("string"),
Port: pulumi.Float64(0),
Secrets: pulumi.StringArray{
pulumi.String("string"),
},
Server: pulumi.String("string"),
SourceIp: pulumi.String("string"),
Status: pulumi.String("string"),
},
},
AcctAllServers: pulumi.String("string"),
AcctInterimInterval: pulumi.Float64(0),
Adom: pulumi.String("string"),
AllUsergroup: pulumi.String("string"),
AuthType: pulumi.String("string"),
CaCert: pulumi.String("string"),
CallStationIdType: pulumi.String("string"),
Classes: pulumi.StringArray{
pulumi.String("string"),
},
ClientCert: pulumi.String("string"),
Delimiter: pulumi.String("string"),
DpCarrierEndpointAttribute: pulumi.String("string"),
DpCarrierEndpointBlockAttribute: pulumi.String("string"),
DpContextTimeout: pulumi.Float64(0),
DpFlushIpSession: pulumi.String("string"),
DpHoldTime: pulumi.Float64(0),
DpHttpHeader: pulumi.String("string"),
DpHttpHeaderFallback: pulumi.String("string"),
DpHttpHeaderStatus: pulumi.String("string"),
DpHttpHeaderSuppress: pulumi.String("string"),
DpLogDynFlags: pulumi.StringArray{
pulumi.String("string"),
},
DpLogPeriod: pulumi.Float64(0),
DpMemPercent: pulumi.Float64(0),
DpProfileAttribute: pulumi.String("string"),
DpProfileAttributeKey: pulumi.String("string"),
DpRadiusResponse: pulumi.String("string"),
DpRadiusServerPort: pulumi.Float64(0),
DpSecrets: pulumi.StringArray{
pulumi.String("string"),
},
DpValidateRequestSecret: pulumi.String("string"),
DynamicProfile: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
EndpointTranslation: pulumi.String("string"),
EpCarrierEndpointConvertHex: pulumi.String("string"),
EpCarrierEndpointHeader: pulumi.String("string"),
EpCarrierEndpointHeaderSuppress: pulumi.String("string"),
EpCarrierEndpointPrefix: pulumi.String("string"),
EpCarrierEndpointPrefixRangeMax: pulumi.Float64(0),
EpCarrierEndpointPrefixRangeMin: pulumi.Float64(0),
EpCarrierEndpointPrefixString: pulumi.String("string"),
EpCarrierEndpointSource: pulumi.String("string"),
EpIpHeader: pulumi.String("string"),
EpIpHeaderSuppress: pulumi.String("string"),
EpMissingHeaderFallback: pulumi.String("string"),
EpProfileQueryType: pulumi.String("string"),
GroupOverrideAttrType: pulumi.String("string"),
H3cCompatibility: pulumi.String("string"),
Interface: pulumi.String("string"),
InterfaceSelectMethod: pulumi.String("string"),
MacCase: pulumi.String("string"),
MacPasswordDelimiter: pulumi.String("string"),
MacUsernameDelimiter: pulumi.String("string"),
NasId: pulumi.String("string"),
NasIdType: pulumi.String("string"),
NasIp: pulumi.String("string"),
ObjectUserRadiusDynamicMappingId: pulumi.String("string"),
PasswordEncoding: pulumi.String("string"),
PasswordRenewal: pulumi.String("string"),
RadiusCoa: pulumi.String("string"),
RadiusPort: pulumi.Float64(0),
Rsso: pulumi.String("string"),
RssoContextTimeout: pulumi.Float64(0),
RssoEndpointAttribute: pulumi.String("string"),
RssoEndpointBlockAttribute: pulumi.String("string"),
RssoEpOneIpOnly: pulumi.String("string"),
RssoFlushIpSession: pulumi.String("string"),
RssoLogFlags: pulumi.StringArray{
pulumi.String("string"),
},
RssoLogPeriod: pulumi.Float64(0),
RssoRadiusResponse: pulumi.String("string"),
RssoRadiusServerPort: pulumi.Float64(0),
RssoSecrets: pulumi.StringArray{
pulumi.String("string"),
},
RssoValidateRequestSecret: pulumi.String("string"),
Scopetype: pulumi.String("string"),
SecondarySecrets: pulumi.StringArray{
pulumi.String("string"),
},
SecondaryServer: pulumi.String("string"),
Secrets: pulumi.StringArray{
pulumi.String("string"),
},
Server: pulumi.String("string"),
ServerIdentityCheck: pulumi.String("string"),
SourceIp: pulumi.String("string"),
SourceIpInterfaces: pulumi.StringArray{
pulumi.String("string"),
},
SsoAttribute: pulumi.String("string"),
SsoAttributeKey: pulumi.String("string"),
SsoAttributeValueOverride: pulumi.String("string"),
StatusTtl: pulumi.Float64(0),
SwitchControllerAcctFastFramedipDetect: pulumi.Float64(0),
SwitchControllerNasIpDynamic: pulumi.String("string"),
SwitchControllerServiceTypes: pulumi.StringArray{
pulumi.String("string"),
},
TertiarySecrets: pulumi.StringArray{
pulumi.String("string"),
},
TertiaryServer: pulumi.String("string"),
Timeout: pulumi.Float64(0),
TlsMinProtoVersion: pulumi.String("string"),
TransportProtocol: pulumi.String("string"),
UseGroupForProfile: pulumi.String("string"),
UseManagementVdom: pulumi.String("string"),
UsernameCaseSensitive: pulumi.String("string"),
})

var objectUserRadiusDynamicMappingResource = new ObjectUserRadiusDynamicMapping("objectUserRadiusDynamicMappingResource", ObjectUserRadiusDynamicMappingArgs.builder()
    .radius("string")
    ._scopes(ObjectUserRadiusDynamicMapping_ScopeArgs.builder()
        .name("string")
        .vdom("string")
        .build())
    .accountKeyCertField("string")
    .accountKeyProcessing("string")
    .accountingServers(ObjectUserRadiusDynamicMappingAccountingServerArgs.builder()
        .id(0)
        .interface_("string")
        .interfaceSelectMethod("string")
        .port(0)
        .secrets("string")
        .server("string")
        .sourceIp("string")
        .status("string")
        .build())
    .acctAllServers("string")
    .acctInterimInterval(0)
    .adom("string")
    .allUsergroup("string")
    .authType("string")
    .caCert("string")
    .callStationIdType("string")
    .classes("string")
    .clientCert("string")
    .delimiter("string")
    .dpCarrierEndpointAttribute("string")
    .dpCarrierEndpointBlockAttribute("string")
    .dpContextTimeout(0)
    .dpFlushIpSession("string")
    .dpHoldTime(0)
    .dpHttpHeader("string")
    .dpHttpHeaderFallback("string")
    .dpHttpHeaderStatus("string")
    .dpHttpHeaderSuppress("string")
    .dpLogDynFlags("string")
    .dpLogPeriod(0)
    .dpMemPercent(0)
    .dpProfileAttribute("string")
    .dpProfileAttributeKey("string")
    .dpRadiusResponse("string")
    .dpRadiusServerPort(0)
    .dpSecrets("string")
    .dpValidateRequestSecret("string")
    .dynamicProfile("string")
    .dynamicSortSubtable("string")
    .endpointTranslation("string")
    .epCarrierEndpointConvertHex("string")
    .epCarrierEndpointHeader("string")
    .epCarrierEndpointHeaderSuppress("string")
    .epCarrierEndpointPrefix("string")
    .epCarrierEndpointPrefixRangeMax(0)
    .epCarrierEndpointPrefixRangeMin(0)
    .epCarrierEndpointPrefixString("string")
    .epCarrierEndpointSource("string")
    .epIpHeader("string")
    .epIpHeaderSuppress("string")
    .epMissingHeaderFallback("string")
    .epProfileQueryType("string")
    .groupOverrideAttrType("string")
    .h3cCompatibility("string")
    .interface_("string")
    .interfaceSelectMethod("string")
    .macCase("string")
    .macPasswordDelimiter("string")
    .macUsernameDelimiter("string")
    .nasId("string")
    .nasIdType("string")
    .nasIp("string")
    .objectUserRadiusDynamicMappingId("string")
    .passwordEncoding("string")
    .passwordRenewal("string")
    .radiusCoa("string")
    .radiusPort(0)
    .rsso("string")
    .rssoContextTimeout(0)
    .rssoEndpointAttribute("string")
    .rssoEndpointBlockAttribute("string")
    .rssoEpOneIpOnly("string")
    .rssoFlushIpSession("string")
    .rssoLogFlags("string")
    .rssoLogPeriod(0)
    .rssoRadiusResponse("string")
    .rssoRadiusServerPort(0)
    .rssoSecrets("string")
    .rssoValidateRequestSecret("string")
    .scopetype("string")
    .secondarySecrets("string")
    .secondaryServer("string")
    .secrets("string")
    .server("string")
    .serverIdentityCheck("string")
    .sourceIp("string")
    .sourceIpInterfaces("string")
    .ssoAttribute("string")
    .ssoAttributeKey("string")
    .ssoAttributeValueOverride("string")
    .statusTtl(0)
    .switchControllerAcctFastFramedipDetect(0)
    .switchControllerNasIpDynamic("string")
    .switchControllerServiceTypes("string")
    .tertiarySecrets("string")
    .tertiaryServer("string")
    .timeout(0)
    .tlsMinProtoVersion("string")
    .transportProtocol("string")
    .useGroupForProfile("string")
    .useManagementVdom("string")
    .usernameCaseSensitive("string")
    .build());

object_user_radius_dynamic_mapping_resource = fortimanager.ObjectUserRadiusDynamicMapping("objectUserRadiusDynamicMappingResource",
    radius="string",
    _scopes=[{
        "name": "string",
        "vdom": "string",
    }],
    account_key_cert_field="string",
    account_key_processing="string",
    accounting_servers=[{
        "id": 0,
        "interface": "string",
        "interface_select_method": "string",
        "port": 0,
        "secrets": ["string"],
        "server": "string",
        "source_ip": "string",
        "status": "string",
    }],
    acct_all_servers="string",
    acct_interim_interval=0,
    adom="string",
    all_usergroup="string",
    auth_type="string",
    ca_cert="string",
    call_station_id_type="string",
    classes=["string"],
    client_cert="string",
    delimiter="string",
    dp_carrier_endpoint_attribute="string",
    dp_carrier_endpoint_block_attribute="string",
    dp_context_timeout=0,
    dp_flush_ip_session="string",
    dp_hold_time=0,
    dp_http_header="string",
    dp_http_header_fallback="string",
    dp_http_header_status="string",
    dp_http_header_suppress="string",
    dp_log_dyn_flags=["string"],
    dp_log_period=0,
    dp_mem_percent=0,
    dp_profile_attribute="string",
    dp_profile_attribute_key="string",
    dp_radius_response="string",
    dp_radius_server_port=0,
    dp_secrets=["string"],
    dp_validate_request_secret="string",
    dynamic_profile="string",
    dynamic_sort_subtable="string",
    endpoint_translation="string",
    ep_carrier_endpoint_convert_hex="string",
    ep_carrier_endpoint_header="string",
    ep_carrier_endpoint_header_suppress="string",
    ep_carrier_endpoint_prefix="string",
    ep_carrier_endpoint_prefix_range_max=0,
    ep_carrier_endpoint_prefix_range_min=0,
    ep_carrier_endpoint_prefix_string="string",
    ep_carrier_endpoint_source="string",
    ep_ip_header="string",
    ep_ip_header_suppress="string",
    ep_missing_header_fallback="string",
    ep_profile_query_type="string",
    group_override_attr_type="string",
    h3c_compatibility="string",
    interface="string",
    interface_select_method="string",
    mac_case="string",
    mac_password_delimiter="string",
    mac_username_delimiter="string",
    nas_id="string",
    nas_id_type="string",
    nas_ip="string",
    object_user_radius_dynamic_mapping_id="string",
    password_encoding="string",
    password_renewal="string",
    radius_coa="string",
    radius_port=0,
    rsso="string",
    rsso_context_timeout=0,
    rsso_endpoint_attribute="string",
    rsso_endpoint_block_attribute="string",
    rsso_ep_one_ip_only="string",
    rsso_flush_ip_session="string",
    rsso_log_flags=["string"],
    rsso_log_period=0,
    rsso_radius_response="string",
    rsso_radius_server_port=0,
    rsso_secrets=["string"],
    rsso_validate_request_secret="string",
    scopetype="string",
    secondary_secrets=["string"],
    secondary_server="string",
    secrets=["string"],
    server="string",
    server_identity_check="string",
    source_ip="string",
    source_ip_interfaces=["string"],
    sso_attribute="string",
    sso_attribute_key="string",
    sso_attribute_value_override="string",
    status_ttl=0,
    switch_controller_acct_fast_framedip_detect=0,
    switch_controller_nas_ip_dynamic="string",
    switch_controller_service_types=["string"],
    tertiary_secrets=["string"],
    tertiary_server="string",
    timeout=0,
    tls_min_proto_version="string",
    transport_protocol="string",
    use_group_for_profile="string",
    use_management_vdom="string",
    username_case_sensitive="string")

const objectUserRadiusDynamicMappingResource = new fortimanager.ObjectUserRadiusDynamicMapping("objectUserRadiusDynamicMappingResource", {
    radius: "string",
    _scopes: [{
        name: "string",
        vdom: "string",
    }],
    accountKeyCertField: "string",
    accountKeyProcessing: "string",
    accountingServers: [{
        id: 0,
        "interface": "string",
        interfaceSelectMethod: "string",
        port: 0,
        secrets: ["string"],
        server: "string",
        sourceIp: "string",
        status: "string",
    }],
    acctAllServers: "string",
    acctInterimInterval: 0,
    adom: "string",
    allUsergroup: "string",
    authType: "string",
    caCert: "string",
    callStationIdType: "string",
    classes: ["string"],
    clientCert: "string",
    delimiter: "string",
    dpCarrierEndpointAttribute: "string",
    dpCarrierEndpointBlockAttribute: "string",
    dpContextTimeout: 0,
    dpFlushIpSession: "string",
    dpHoldTime: 0,
    dpHttpHeader: "string",
    dpHttpHeaderFallback: "string",
    dpHttpHeaderStatus: "string",
    dpHttpHeaderSuppress: "string",
    dpLogDynFlags: ["string"],
    dpLogPeriod: 0,
    dpMemPercent: 0,
    dpProfileAttribute: "string",
    dpProfileAttributeKey: "string",
    dpRadiusResponse: "string",
    dpRadiusServerPort: 0,
    dpSecrets: ["string"],
    dpValidateRequestSecret: "string",
    dynamicProfile: "string",
    dynamicSortSubtable: "string",
    endpointTranslation: "string",
    epCarrierEndpointConvertHex: "string",
    epCarrierEndpointHeader: "string",
    epCarrierEndpointHeaderSuppress: "string",
    epCarrierEndpointPrefix: "string",
    epCarrierEndpointPrefixRangeMax: 0,
    epCarrierEndpointPrefixRangeMin: 0,
    epCarrierEndpointPrefixString: "string",
    epCarrierEndpointSource: "string",
    epIpHeader: "string",
    epIpHeaderSuppress: "string",
    epMissingHeaderFallback: "string",
    epProfileQueryType: "string",
    groupOverrideAttrType: "string",
    h3cCompatibility: "string",
    "interface": "string",
    interfaceSelectMethod: "string",
    macCase: "string",
    macPasswordDelimiter: "string",
    macUsernameDelimiter: "string",
    nasId: "string",
    nasIdType: "string",
    nasIp: "string",
    objectUserRadiusDynamicMappingId: "string",
    passwordEncoding: "string",
    passwordRenewal: "string",
    radiusCoa: "string",
    radiusPort: 0,
    rsso: "string",
    rssoContextTimeout: 0,
    rssoEndpointAttribute: "string",
    rssoEndpointBlockAttribute: "string",
    rssoEpOneIpOnly: "string",
    rssoFlushIpSession: "string",
    rssoLogFlags: ["string"],
    rssoLogPeriod: 0,
    rssoRadiusResponse: "string",
    rssoRadiusServerPort: 0,
    rssoSecrets: ["string"],
    rssoValidateRequestSecret: "string",
    scopetype: "string",
    secondarySecrets: ["string"],
    secondaryServer: "string",
    secrets: ["string"],
    server: "string",
    serverIdentityCheck: "string",
    sourceIp: "string",
    sourceIpInterfaces: ["string"],
    ssoAttribute: "string",
    ssoAttributeKey: "string",
    ssoAttributeValueOverride: "string",
    statusTtl: 0,
    switchControllerAcctFastFramedipDetect: 0,
    switchControllerNasIpDynamic: "string",
    switchControllerServiceTypes: ["string"],
    tertiarySecrets: ["string"],
    tertiaryServer: "string",
    timeout: 0,
    tlsMinProtoVersion: "string",
    transportProtocol: "string",
    useGroupForProfile: "string",
    useManagementVdom: "string",
    usernameCaseSensitive: "string",
});

type: fortimanager:ObjectUserRadiusDynamicMapping
properties:
    _scopes:
        - name: string
          vdom: string
    accountKeyCertField: string
    accountKeyProcessing: string
    accountingServers:
        - id: 0
          interface: string
          interfaceSelectMethod: string
          port: 0
          secrets:
            - string
          server: string
          sourceIp: string
          status: string
    acctAllServers: string
    acctInterimInterval: 0
    adom: string
    allUsergroup: string
    authType: string
    caCert: string
    callStationIdType: string
    classes:
        - string
    clientCert: string
    delimiter: string
    dpCarrierEndpointAttribute: string
    dpCarrierEndpointBlockAttribute: string
    dpContextTimeout: 0
    dpFlushIpSession: string
    dpHoldTime: 0
    dpHttpHeader: string
    dpHttpHeaderFallback: string
    dpHttpHeaderStatus: string
    dpHttpHeaderSuppress: string
    dpLogDynFlags:
        - string
    dpLogPeriod: 0
    dpMemPercent: 0
    dpProfileAttribute: string
    dpProfileAttributeKey: string
    dpRadiusResponse: string
    dpRadiusServerPort: 0
    dpSecrets:
        - string
    dpValidateRequestSecret: string
    dynamicProfile: string
    dynamicSortSubtable: string
    endpointTranslation: string
    epCarrierEndpointConvertHex: string
    epCarrierEndpointHeader: string
    epCarrierEndpointHeaderSuppress: string
    epCarrierEndpointPrefix: string
    epCarrierEndpointPrefixRangeMax: 0
    epCarrierEndpointPrefixRangeMin: 0
    epCarrierEndpointPrefixString: string
    epCarrierEndpointSource: string
    epIpHeader: string
    epIpHeaderSuppress: string
    epMissingHeaderFallback: string
    epProfileQueryType: string
    groupOverrideAttrType: string
    h3cCompatibility: string
    interface: string
    interfaceSelectMethod: string
    macCase: string
    macPasswordDelimiter: string
    macUsernameDelimiter: string
    nasId: string
    nasIdType: string
    nasIp: string
    objectUserRadiusDynamicMappingId: string
    passwordEncoding: string
    passwordRenewal: string
    radius: string
    radiusCoa: string
    radiusPort: 0
    rsso: string
    rssoContextTimeout: 0
    rssoEndpointAttribute: string
    rssoEndpointBlockAttribute: string
    rssoEpOneIpOnly: string
    rssoFlushIpSession: string
    rssoLogFlags:
        - string
    rssoLogPeriod: 0
    rssoRadiusResponse: string
    rssoRadiusServerPort: 0
    rssoSecrets:
        - string
    rssoValidateRequestSecret: string
    scopetype: string
    secondarySecrets:
        - string
    secondaryServer: string
    secrets:
        - string
    server: string
    serverIdentityCheck: string
    sourceIp: string
    sourceIpInterfaces:
        - string
    ssoAttribute: string
    ssoAttributeKey: string
    ssoAttributeValueOverride: string
    statusTtl: 0
    switchControllerAcctFastFramedipDetect: 0
    switchControllerNasIpDynamic: string
    switchControllerServiceTypes:
        - string
    tertiarySecrets:
        - string
    tertiaryServer: string
    timeout: 0
    tlsMinProtoVersion: string
    transportProtocol: string
    useGroupForProfile: string
    useManagementVdom: string
    usernameCaseSensitive: string

ObjectUserRadiusDynamicMapping Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ObjectUserRadiusDynamicMapping resource accepts the following input properties:

Radius string: Radius.
AccountKeyCertField string: Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
AccountKeyProcessing string: Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
AccountingServers List<ObjectUserRadiusDynamicMappingAccountingServer>: Accounting-Server. The structure of accounting_server block is documented below.
AcctAllServers string: Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: disable, enable.
AcctInterimInterval double: Time in seconds between each accounting interim update message.
Adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
AllUsergroup string: Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
AuthType string: Authentication methods/protocols permitted for this RADIUS server. Valid values: pap, chap, ms_chap, ms_chap_v2, auto.
CaCert string: CA of server to trust under TLS.
CallStationIdType string: Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
Classes List<string>: Class attribute name(s).
ClientCert string: Client certificate to use under TLS.
Delimiter string: Delimiter. Valid values: plus, comma.
DpCarrierEndpointAttribute string: Dp-Carrier-Endpoint-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
DpCarrierEndpointBlockAttribute string: Dp-Carrier-Endpoint-Block-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
DpContextTimeout double: Dp-Context-Timeout.
DpFlushIpSession string: Dp-Flush-Ip-Session. Valid values: disable, enable.
DpHoldTime double: Dp-Hold-Time.
DpHttpHeader string: Dp-Http-Header.
DpHttpHeaderFallback string: Dp-Http-Header-Fallback. Valid values: ip-header-address, default-profile.
DpHttpHeaderStatus string: Dp-Http-Header-Status. Valid values: disable, enable.
DpHttpHeaderSuppress string: Dp-Http-Header-Suppress. Valid values: disable, enable.
DpLogDynFlags List<string>: Dp-Log-Dyn_Flags. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
DpLogPeriod double: Dp-Log-Period.
DpMemPercent double: Dp-Mem-Percent.
DpProfileAttribute string: Dp-Profile-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
DpProfileAttributeKey string: Dp-Profile-Attribute-Key.
DpRadiusResponse string: Dp-Radius-Response. Valid values: disable, enable.
DpRadiusServerPort double: Dp-Radius-Server-Port.
DpSecrets List<string>: Dp-Secret.
DpValidateRequestSecret string: Dp-Validate-Request-Secret. Valid values: disable, enable.
DynamicProfile string: Dynamic-Profile. Valid values: disable, enable.
DynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EndpointTranslation string: Endpoint-Translation. Valid values: disable, enable.
EpCarrierEndpointConvertHex string: Ep-Carrier-Endpoint-Convert-Hex. Valid values: disable, enable.
EpCarrierEndpointHeader string: Ep-Carrier-Endpoint-Header.
EpCarrierEndpointHeaderSuppress string: Ep-Carrier-Endpoint-Header-Suppress. Valid values: disable, enable.
EpCarrierEndpointPrefix string: Ep-Carrier-Endpoint-Prefix. Valid values: disable, enable.
EpCarrierEndpointPrefixRangeMax double: Ep-Carrier-Endpoint-Prefix-Range-Max.
EpCarrierEndpointPrefixRangeMin double: Ep-Carrier-Endpoint-Prefix-Range-Min.
EpCarrierEndpointPrefixString string: Ep-Carrier-Endpoint-Prefix-String.
EpCarrierEndpointSource string: Ep-Carrier-Endpoint-Source. Valid values: http-header, cookie.
EpIpHeader string: Ep-Ip-Header.
EpIpHeaderSuppress string: Ep-Ip-Header-Suppress. Valid values: disable, enable.
EpMissingHeaderFallback string: Ep-Missing-Header-Fallback. Valid values: session-ip, policy-profile.
EpProfileQueryType string: Ep-Profile-Query-Type. Valid values: session-ip, extract-ip, extract-carrier-endpoint.
GroupOverrideAttrType string: Group-Override-Attr-Type. Valid values: filter-Id, class.
H3cCompatibility string: Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: disable, enable.
Interface string: Specify outgoing interface to reach server.
InterfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
MacCase string: MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
MacPasswordDelimiter string: MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
MacUsernameDelimiter string: MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
NasId string: Custom NAS identifier.
NasIdType string: NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
NasIp string: IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
ObjectUserRadiusDynamicMappingId string: an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
PasswordEncoding string: Password encoding. Valid values: ISO-8859-1, auto.
PasswordRenewal string: Enable/disable password renewal. Valid values: disable, enable.
RadiusCoa string: Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: disable, enable.
RadiusPort double: RADIUS service port number.
Rsso string: Enable/disable RADIUS based single sign on feature. Valid values: disable, enable.
RssoContextTimeout double: Time in seconds before the logged out user is removed from the "user context list" of logged on users.
RssoEndpointAttribute string: RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
RssoEndpointBlockAttribute string: RADIUS attributes used to block a user. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
RssoEpOneIpOnly string: Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: disable, enable.
RssoFlushIpSession string: Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: disable, enable.
RssoLogFlags List<string>: Events to log. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
RssoLogPeriod double: Time interval in seconds that group event log messages will be generated for dynamic profile events.
RssoRadiusResponse string: Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: disable, enable.
RssoRadiusServerPort double: UDP port to listen on for RADIUS Start and Stop records.
RssoSecrets List<string>: RADIUS secret used by the RADIUS accounting server.
RssoValidateRequestSecret string: Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: disable, enable.
Scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
SecondarySecrets List<string>: Secret key to access the secondary server.
SecondaryServer string: {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
Secrets List<string>: Pre-shared secret key used to access the primary RADIUS server.
Server string: Primary RADIUS server CN domain name or IP address.
ServerIdentityCheck string: Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
SourceIp string: Source IP address for communications to the RADIUS server.
SourceIpInterfaces List<string>: Source interface for communication with the RADIUS server.
SsoAttribute string: RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
SsoAttributeKey string: Key prefix for SSO group value in the SSO attribute.
SsoAttributeValueOverride string: Enable/disable override old attribute value with new value for the same endpoint. Valid values: disable, enable.
StatusTtl double: Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
SwitchControllerAcctFastFramedipDetect double: Switch-Controller-Acct-Fast-Framedip-Detect.
SwitchControllerNasIpDynamic string: Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: disable, enable.
SwitchControllerServiceTypes List<string>: Switch-Controller-Service-Type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
TertiarySecrets List<string>: Secret key to access the tertiary server.
TertiaryServer string: {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
Timeout double: Time in seconds between re-sending authentication requests.
TlsMinProtoVersion string: Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
TransportProtocol string: Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
UseGroupForProfile string: Use-Group-For-Profile. Valid values: disable, enable.
UseManagementVdom string: Enable/disable using management VDOM to send requests. Valid values: disable, enable.
UsernameCaseSensitive string: Enable/disable case sensitive user names. Valid values: disable, enable.
_scopes List<ObjectUserRadiusDynamicMapping_Scope>: _Scope. The structure of _scope block is documented below.

Radius string: Radius.
AccountKeyCertField string: Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
AccountKeyProcessing string: Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
AccountingServers []ObjectUserRadiusDynamicMappingAccountingServerTypeArgs: Accounting-Server. The structure of accounting_server block is documented below.
AcctAllServers string: Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: disable, enable.
AcctInterimInterval float64: Time in seconds between each accounting interim update message.
Adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
AllUsergroup string: Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
AuthType string: Authentication methods/protocols permitted for this RADIUS server. Valid values: pap, chap, ms_chap, ms_chap_v2, auto.
CaCert string: CA of server to trust under TLS.
CallStationIdType string: Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
Classes []string: Class attribute name(s).
ClientCert string: Client certificate to use under TLS.
Delimiter string: Delimiter. Valid values: plus, comma.
DpCarrierEndpointAttribute string: Dp-Carrier-Endpoint-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
DpCarrierEndpointBlockAttribute string: Dp-Carrier-Endpoint-Block-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
DpContextTimeout float64: Dp-Context-Timeout.
DpFlushIpSession string: Dp-Flush-Ip-Session. Valid values: disable, enable.
DpHoldTime float64: Dp-Hold-Time.
DpHttpHeader string: Dp-Http-Header.
DpHttpHeaderFallback string: Dp-Http-Header-Fallback. Valid values: ip-header-address, default-profile.
DpHttpHeaderStatus string: Dp-Http-Header-Status. Valid values: disable, enable.
DpHttpHeaderSuppress string: Dp-Http-Header-Suppress. Valid values: disable, enable.
DpLogDynFlags []string: Dp-Log-Dyn_Flags. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
DpLogPeriod float64: Dp-Log-Period.
DpMemPercent float64: Dp-Mem-Percent.
DpProfileAttribute string: Dp-Profile-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
DpProfileAttributeKey string: Dp-Profile-Attribute-Key.
DpRadiusResponse string: Dp-Radius-Response. Valid values: disable, enable.
DpRadiusServerPort float64: Dp-Radius-Server-Port.
DpSecrets []string: Dp-Secret.
DpValidateRequestSecret string: Dp-Validate-Request-Secret. Valid values: disable, enable.
DynamicProfile string: Dynamic-Profile. Valid values: disable, enable.
DynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EndpointTranslation string: Endpoint-Translation. Valid values: disable, enable.
EpCarrierEndpointConvertHex string: Ep-Carrier-Endpoint-Convert-Hex. Valid values: disable, enable.
EpCarrierEndpointHeader string: Ep-Carrier-Endpoint-Header.
EpCarrierEndpointHeaderSuppress string: Ep-Carrier-Endpoint-Header-Suppress. Valid values: disable, enable.
EpCarrierEndpointPrefix string: Ep-Carrier-Endpoint-Prefix. Valid values: disable, enable.
EpCarrierEndpointPrefixRangeMax float64: Ep-Carrier-Endpoint-Prefix-Range-Max.
EpCarrierEndpointPrefixRangeMin float64: Ep-Carrier-Endpoint-Prefix-Range-Min.
EpCarrierEndpointPrefixString string: Ep-Carrier-Endpoint-Prefix-String.
EpCarrierEndpointSource string: Ep-Carrier-Endpoint-Source. Valid values: http-header, cookie.
EpIpHeader string: Ep-Ip-Header.
EpIpHeaderSuppress string: Ep-Ip-Header-Suppress. Valid values: disable, enable.
EpMissingHeaderFallback string: Ep-Missing-Header-Fallback. Valid values: session-ip, policy-profile.
EpProfileQueryType string: Ep-Profile-Query-Type. Valid values: session-ip, extract-ip, extract-carrier-endpoint.
GroupOverrideAttrType string: Group-Override-Attr-Type. Valid values: filter-Id, class.
H3cCompatibility string: Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: disable, enable.
Interface string: Specify outgoing interface to reach server.
InterfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
MacCase string: MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
MacPasswordDelimiter string: MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
MacUsernameDelimiter string: MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
NasId string: Custom NAS identifier.
NasIdType string: NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
NasIp string: IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
ObjectUserRadiusDynamicMappingId string: an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
PasswordEncoding string: Password encoding. Valid values: ISO-8859-1, auto.
PasswordRenewal string: Enable/disable password renewal. Valid values: disable, enable.
RadiusCoa string: Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: disable, enable.
RadiusPort float64: RADIUS service port number.
Rsso string: Enable/disable RADIUS based single sign on feature. Valid values: disable, enable.
RssoContextTimeout float64: Time in seconds before the logged out user is removed from the "user context list" of logged on users.
RssoEndpointAttribute string: RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
RssoEndpointBlockAttribute string: RADIUS attributes used to block a user. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
RssoEpOneIpOnly string: Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: disable, enable.
RssoFlushIpSession string: Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: disable, enable.
RssoLogFlags []string: Events to log. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
RssoLogPeriod float64: Time interval in seconds that group event log messages will be generated for dynamic profile events.
RssoRadiusResponse string: Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: disable, enable.
RssoRadiusServerPort float64: UDP port to listen on for RADIUS Start and Stop records.
RssoSecrets []string: RADIUS secret used by the RADIUS accounting server.
RssoValidateRequestSecret string: Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: disable, enable.
Scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
SecondarySecrets []string: Secret key to access the secondary server.
SecondaryServer string: {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
Secrets []string: Pre-shared secret key used to access the primary RADIUS server.
Server string: Primary RADIUS server CN domain name or IP address.
ServerIdentityCheck string: Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
SourceIp string: Source IP address for communications to the RADIUS server.
SourceIpInterfaces []string: Source interface for communication with the RADIUS server.
SsoAttribute string: RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
SsoAttributeKey string: Key prefix for SSO group value in the SSO attribute.
SsoAttributeValueOverride string: Enable/disable override old attribute value with new value for the same endpoint. Valid values: disable, enable.
StatusTtl float64: Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
SwitchControllerAcctFastFramedipDetect float64: Switch-Controller-Acct-Fast-Framedip-Detect.
SwitchControllerNasIpDynamic string: Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: disable, enable.
SwitchControllerServiceTypes []string: Switch-Controller-Service-Type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
TertiarySecrets []string: Secret key to access the tertiary server.
TertiaryServer string: {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
Timeout float64: Time in seconds between re-sending authentication requests.
TlsMinProtoVersion string: Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
TransportProtocol string: Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
UseGroupForProfile string: Use-Group-For-Profile. Valid values: disable, enable.
UseManagementVdom string: Enable/disable using management VDOM to send requests. Valid values: disable, enable.
UsernameCaseSensitive string: Enable/disable case sensitive user names. Valid values: disable, enable.
_scopes []ObjectUserRadiusDynamicMapping_ScopeArgs: _Scope. The structure of _scope block is documented below.

radius String: Radius.
_scopes List<ObjectUserRadiusDynamicMapping_Scope>: _Scope. The structure of _scope block is documented below.
accountKeyCertField String: Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyProcessing String: Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
accountingServers List<ObjectUserRadiusDynamicMappingAccountingServer>: Accounting-Server. The structure of accounting_server block is documented below.
acctAllServers String: Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: disable, enable.
acctInterimInterval Double: Time in seconds between each accounting interim update message.
adom String: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allUsergroup String: Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
authType String: Authentication methods/protocols permitted for this RADIUS server. Valid values: pap, chap, ms_chap, ms_chap_v2, auto.
caCert String: CA of server to trust under TLS.
callStationIdType String: Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
classes List<String>: Class attribute name(s).
clientCert String: Client certificate to use under TLS.
delimiter String: Delimiter. Valid values: plus, comma.
dpCarrierEndpointAttribute String: Dp-Carrier-Endpoint-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpCarrierEndpointBlockAttribute String: Dp-Carrier-Endpoint-Block-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpContextTimeout Double: Dp-Context-Timeout.
dpFlushIpSession String: Dp-Flush-Ip-Session. Valid values: disable, enable.
dpHoldTime Double: Dp-Hold-Time.
dpHttpHeader String: Dp-Http-Header.
dpHttpHeaderFallback String: Dp-Http-Header-Fallback. Valid values: ip-header-address, default-profile.
dpHttpHeaderStatus String: Dp-Http-Header-Status. Valid values: disable, enable.
dpHttpHeaderSuppress String: Dp-Http-Header-Suppress. Valid values: disable, enable.
dpLogDynFlags List<String>: Dp-Log-Dyn_Flags. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
dpLogPeriod Double: Dp-Log-Period.
dpMemPercent Double: Dp-Mem-Percent.
dpProfileAttribute String: Dp-Profile-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpProfileAttributeKey String: Dp-Profile-Attribute-Key.
dpRadiusResponse String: Dp-Radius-Response. Valid values: disable, enable.
dpRadiusServerPort Double: Dp-Radius-Server-Port.
dpSecrets List<String>: Dp-Secret.
dpValidateRequestSecret String: Dp-Validate-Request-Secret. Valid values: disable, enable.
dynamicProfile String: Dynamic-Profile. Valid values: disable, enable.
dynamicSortSubtable String: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
endpointTranslation String: Endpoint-Translation. Valid values: disable, enable.
epCarrierEndpointConvertHex String: Ep-Carrier-Endpoint-Convert-Hex. Valid values: disable, enable.
epCarrierEndpointHeader String: Ep-Carrier-Endpoint-Header.
epCarrierEndpointHeaderSuppress String: Ep-Carrier-Endpoint-Header-Suppress. Valid values: disable, enable.
epCarrierEndpointPrefix String: Ep-Carrier-Endpoint-Prefix. Valid values: disable, enable.
epCarrierEndpointPrefixRangeMax Double: Ep-Carrier-Endpoint-Prefix-Range-Max.
epCarrierEndpointPrefixRangeMin Double: Ep-Carrier-Endpoint-Prefix-Range-Min.
epCarrierEndpointPrefixString String: Ep-Carrier-Endpoint-Prefix-String.
epCarrierEndpointSource String: Ep-Carrier-Endpoint-Source. Valid values: http-header, cookie.
epIpHeader String: Ep-Ip-Header.
epIpHeaderSuppress String: Ep-Ip-Header-Suppress. Valid values: disable, enable.
epMissingHeaderFallback String: Ep-Missing-Header-Fallback. Valid values: session-ip, policy-profile.
epProfileQueryType String: Ep-Profile-Query-Type. Valid values: session-ip, extract-ip, extract-carrier-endpoint.
groupOverrideAttrType String: Group-Override-Attr-Type. Valid values: filter-Id, class.
h3cCompatibility String: Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: disable, enable.
interfaceSelectMethod String: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
interface_ String: Specify outgoing interface to reach server.
macCase String: MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
macPasswordDelimiter String: MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
macUsernameDelimiter String: MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
nasId String: Custom NAS identifier.
nasIdType String: NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
nasIp String: IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
objectUserRadiusDynamicMappingId String: an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
passwordEncoding String: Password encoding. Valid values: ISO-8859-1, auto.
passwordRenewal String: Enable/disable password renewal. Valid values: disable, enable.
radiusCoa String: Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: disable, enable.
radiusPort Double: RADIUS service port number.
rsso String: Enable/disable RADIUS based single sign on feature. Valid values: disable, enable.
rssoContextTimeout Double: Time in seconds before the logged out user is removed from the "user context list" of logged on users.
rssoEndpointAttribute String: RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rssoEndpointBlockAttribute String: RADIUS attributes used to block a user. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rssoEpOneIpOnly String: Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: disable, enable.
rssoFlushIpSession String: Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: disable, enable.
rssoLogFlags List<String>: Events to log. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
rssoLogPeriod Double: Time interval in seconds that group event log messages will be generated for dynamic profile events.
rssoRadiusResponse String: Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: disable, enable.
rssoRadiusServerPort Double: UDP port to listen on for RADIUS Start and Stop records.
rssoSecrets List<String>: RADIUS secret used by the RADIUS accounting server.
rssoValidateRequestSecret String: Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: disable, enable.
scopetype String: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
secondarySecrets List<String>: Secret key to access the secondary server.
secondaryServer String: {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
secrets List<String>: Pre-shared secret key used to access the primary RADIUS server.
server String: Primary RADIUS server CN domain name or IP address.
serverIdentityCheck String: Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp String: Source IP address for communications to the RADIUS server.
sourceIpInterfaces List<String>: Source interface for communication with the RADIUS server.
ssoAttribute String: RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
ssoAttributeKey String: Key prefix for SSO group value in the SSO attribute.
ssoAttributeValueOverride String: Enable/disable override old attribute value with new value for the same endpoint. Valid values: disable, enable.
statusTtl Double: Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
switchControllerAcctFastFramedipDetect Double: Switch-Controller-Acct-Fast-Framedip-Detect.
switchControllerNasIpDynamic String: Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: disable, enable.
switchControllerServiceTypes List<String>: Switch-Controller-Service-Type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
tertiarySecrets List<String>: Secret key to access the tertiary server.
tertiaryServer String: {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
timeout Double: Time in seconds between re-sending authentication requests.
tlsMinProtoVersion String: Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
transportProtocol String: Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
useGroupForProfile String: Use-Group-For-Profile. Valid values: disable, enable.
useManagementVdom String: Enable/disable using management VDOM to send requests. Valid values: disable, enable.
usernameCaseSensitive String: Enable/disable case sensitive user names. Valid values: disable, enable.

radius string: Radius.
_scopes ObjectUserRadiusDynamicMapping_Scope[]: _Scope. The structure of _scope block is documented below.
accountKeyCertField string: Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyProcessing string: Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
accountingServers ObjectUserRadiusDynamicMappingAccountingServer[]: Accounting-Server. The structure of accounting_server block is documented below.
acctAllServers string: Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: disable, enable.
acctInterimInterval number: Time in seconds between each accounting interim update message.
adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allUsergroup string: Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
authType string: Authentication methods/protocols permitted for this RADIUS server. Valid values: pap, chap, ms_chap, ms_chap_v2, auto.
caCert string: CA of server to trust under TLS.
callStationIdType string: Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
classes string[]: Class attribute name(s).
clientCert string: Client certificate to use under TLS.
delimiter string: Delimiter. Valid values: plus, comma.
dpCarrierEndpointAttribute string: Dp-Carrier-Endpoint-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpCarrierEndpointBlockAttribute string: Dp-Carrier-Endpoint-Block-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpContextTimeout number: Dp-Context-Timeout.
dpFlushIpSession string: Dp-Flush-Ip-Session. Valid values: disable, enable.
dpHoldTime number: Dp-Hold-Time.
dpHttpHeader string: Dp-Http-Header.
dpHttpHeaderFallback string: Dp-Http-Header-Fallback. Valid values: ip-header-address, default-profile.
dpHttpHeaderStatus string: Dp-Http-Header-Status. Valid values: disable, enable.
dpHttpHeaderSuppress string: Dp-Http-Header-Suppress. Valid values: disable, enable.
dpLogDynFlags string[]: Dp-Log-Dyn_Flags. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
dpLogPeriod number: Dp-Log-Period.
dpMemPercent number: Dp-Mem-Percent.
dpProfileAttribute string: Dp-Profile-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpProfileAttributeKey string: Dp-Profile-Attribute-Key.
dpRadiusResponse string: Dp-Radius-Response. Valid values: disable, enable.
dpRadiusServerPort number: Dp-Radius-Server-Port.
dpSecrets string[]: Dp-Secret.
dpValidateRequestSecret string: Dp-Validate-Request-Secret. Valid values: disable, enable.
dynamicProfile string: Dynamic-Profile. Valid values: disable, enable.
dynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
endpointTranslation string: Endpoint-Translation. Valid values: disable, enable.
epCarrierEndpointConvertHex string: Ep-Carrier-Endpoint-Convert-Hex. Valid values: disable, enable.
epCarrierEndpointHeader string: Ep-Carrier-Endpoint-Header.
epCarrierEndpointHeaderSuppress string: Ep-Carrier-Endpoint-Header-Suppress. Valid values: disable, enable.
epCarrierEndpointPrefix string: Ep-Carrier-Endpoint-Prefix. Valid values: disable, enable.
epCarrierEndpointPrefixRangeMax number: Ep-Carrier-Endpoint-Prefix-Range-Max.
epCarrierEndpointPrefixRangeMin number: Ep-Carrier-Endpoint-Prefix-Range-Min.
epCarrierEndpointPrefixString string: Ep-Carrier-Endpoint-Prefix-String.
epCarrierEndpointSource string: Ep-Carrier-Endpoint-Source. Valid values: http-header, cookie.
epIpHeader string: Ep-Ip-Header.
epIpHeaderSuppress string: Ep-Ip-Header-Suppress. Valid values: disable, enable.
epMissingHeaderFallback string: Ep-Missing-Header-Fallback. Valid values: session-ip, policy-profile.
epProfileQueryType string: Ep-Profile-Query-Type. Valid values: session-ip, extract-ip, extract-carrier-endpoint.
groupOverrideAttrType string: Group-Override-Attr-Type. Valid values: filter-Id, class.
h3cCompatibility string: Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: disable, enable.
interface string: Specify outgoing interface to reach server.
interfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
macCase string: MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
macPasswordDelimiter string: MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
macUsernameDelimiter string: MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
nasId string: Custom NAS identifier.
nasIdType string: NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
nasIp string: IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
objectUserRadiusDynamicMappingId string: an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
passwordEncoding string: Password encoding. Valid values: ISO-8859-1, auto.
passwordRenewal string: Enable/disable password renewal. Valid values: disable, enable.
radiusCoa string: Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: disable, enable.
radiusPort number: RADIUS service port number.
rsso string: Enable/disable RADIUS based single sign on feature. Valid values: disable, enable.
rssoContextTimeout number: Time in seconds before the logged out user is removed from the "user context list" of logged on users.
rssoEndpointAttribute string: RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rssoEndpointBlockAttribute string: RADIUS attributes used to block a user. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rssoEpOneIpOnly string: Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: disable, enable.
rssoFlushIpSession string: Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: disable, enable.
rssoLogFlags string[]: Events to log. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
rssoLogPeriod number: Time interval in seconds that group event log messages will be generated for dynamic profile events.
rssoRadiusResponse string: Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: disable, enable.
rssoRadiusServerPort number: UDP port to listen on for RADIUS Start and Stop records.
rssoSecrets string[]: RADIUS secret used by the RADIUS accounting server.
rssoValidateRequestSecret string: Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: disable, enable.
scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
secondarySecrets string[]: Secret key to access the secondary server.
secondaryServer string: {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
secrets string[]: Pre-shared secret key used to access the primary RADIUS server.
server string: Primary RADIUS server CN domain name or IP address.
serverIdentityCheck string: Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp string: Source IP address for communications to the RADIUS server.
sourceIpInterfaces string[]: Source interface for communication with the RADIUS server.
ssoAttribute string: RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
ssoAttributeKey string: Key prefix for SSO group value in the SSO attribute.
ssoAttributeValueOverride string: Enable/disable override old attribute value with new value for the same endpoint. Valid values: disable, enable.
statusTtl number: Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
switchControllerAcctFastFramedipDetect number: Switch-Controller-Acct-Fast-Framedip-Detect.
switchControllerNasIpDynamic string: Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: disable, enable.
switchControllerServiceTypes string[]: Switch-Controller-Service-Type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
tertiarySecrets string[]: Secret key to access the tertiary server.
tertiaryServer string: {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
timeout number: Time in seconds between re-sending authentication requests.
tlsMinProtoVersion string: Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
transportProtocol string: Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
useGroupForProfile string: Use-Group-For-Profile. Valid values: disable, enable.
useManagementVdom string: Enable/disable using management VDOM to send requests. Valid values: disable, enable.
usernameCaseSensitive string: Enable/disable case sensitive user names. Valid values: disable, enable.

radius str: Radius.
_scopes Sequence[ObjectUserRadiusDynamicMapping_ScopeArgs]: _Scope. The structure of _scope block is documented below.
account_key_cert_field str: Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
account_key_processing str: Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
accounting_servers Sequence[ObjectUserRadiusDynamicMappingAccountingServerArgs]: Accounting-Server. The structure of accounting_server block is documented below.
acct_all_servers str: Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: disable, enable.
acct_interim_interval float: Time in seconds between each accounting interim update message.
adom str: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
all_usergroup str: Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
auth_type str: Authentication methods/protocols permitted for this RADIUS server. Valid values: pap, chap, ms_chap, ms_chap_v2, auto.
ca_cert str: CA of server to trust under TLS.
call_station_id_type str: Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
classes Sequence[str]: Class attribute name(s).
client_cert str: Client certificate to use under TLS.
delimiter str: Delimiter. Valid values: plus, comma.
dp_carrier_endpoint_attribute str: Dp-Carrier-Endpoint-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dp_carrier_endpoint_block_attribute str: Dp-Carrier-Endpoint-Block-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dp_context_timeout float: Dp-Context-Timeout.
dp_flush_ip_session str: Dp-Flush-Ip-Session. Valid values: disable, enable.
dp_hold_time float: Dp-Hold-Time.
dp_http_header str: Dp-Http-Header.
dp_http_header_fallback str: Dp-Http-Header-Fallback. Valid values: ip-header-address, default-profile.
dp_http_header_status str: Dp-Http-Header-Status. Valid values: disable, enable.
dp_http_header_suppress str: Dp-Http-Header-Suppress. Valid values: disable, enable.
dp_log_dyn_flags Sequence[str]: Dp-Log-Dyn_Flags. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
dp_log_period float: Dp-Log-Period.
dp_mem_percent float: Dp-Mem-Percent.
dp_profile_attribute str: Dp-Profile-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dp_profile_attribute_key str: Dp-Profile-Attribute-Key.
dp_radius_response str: Dp-Radius-Response. Valid values: disable, enable.
dp_radius_server_port float: Dp-Radius-Server-Port.
dp_secrets Sequence[str]: Dp-Secret.
dp_validate_request_secret str: Dp-Validate-Request-Secret. Valid values: disable, enable.
dynamic_profile str: Dynamic-Profile. Valid values: disable, enable.
dynamic_sort_subtable str: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
endpoint_translation str: Endpoint-Translation. Valid values: disable, enable.
ep_carrier_endpoint_convert_hex str: Ep-Carrier-Endpoint-Convert-Hex. Valid values: disable, enable.
ep_carrier_endpoint_header str: Ep-Carrier-Endpoint-Header.
ep_carrier_endpoint_header_suppress str: Ep-Carrier-Endpoint-Header-Suppress. Valid values: disable, enable.
ep_carrier_endpoint_prefix str: Ep-Carrier-Endpoint-Prefix. Valid values: disable, enable.
ep_carrier_endpoint_prefix_range_max float: Ep-Carrier-Endpoint-Prefix-Range-Max.
ep_carrier_endpoint_prefix_range_min float: Ep-Carrier-Endpoint-Prefix-Range-Min.
ep_carrier_endpoint_prefix_string str: Ep-Carrier-Endpoint-Prefix-String.
ep_carrier_endpoint_source str: Ep-Carrier-Endpoint-Source. Valid values: http-header, cookie.
ep_ip_header str: Ep-Ip-Header.
ep_ip_header_suppress str: Ep-Ip-Header-Suppress. Valid values: disable, enable.
ep_missing_header_fallback str: Ep-Missing-Header-Fallback. Valid values: session-ip, policy-profile.
ep_profile_query_type str: Ep-Profile-Query-Type. Valid values: session-ip, extract-ip, extract-carrier-endpoint.
group_override_attr_type str: Group-Override-Attr-Type. Valid values: filter-Id, class.
h3c_compatibility str: Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: disable, enable.
interface str: Specify outgoing interface to reach server.
interface_select_method str: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
mac_case str: MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
mac_password_delimiter str: MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
mac_username_delimiter str: MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
nas_id str: Custom NAS identifier.
nas_id_type str: NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
nas_ip str: IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
object_user_radius_dynamic_mapping_id str: an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
password_encoding str: Password encoding. Valid values: ISO-8859-1, auto.
password_renewal str: Enable/disable password renewal. Valid values: disable, enable.
radius_coa str: Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: disable, enable.
radius_port float: RADIUS service port number.
rsso str: Enable/disable RADIUS based single sign on feature. Valid values: disable, enable.
rsso_context_timeout float: Time in seconds before the logged out user is removed from the "user context list" of logged on users.
rsso_endpoint_attribute str: RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rsso_endpoint_block_attribute str: RADIUS attributes used to block a user. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rsso_ep_one_ip_only str: Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: disable, enable.
rsso_flush_ip_session str: Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: disable, enable.
rsso_log_flags Sequence[str]: Events to log. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
rsso_log_period float: Time interval in seconds that group event log messages will be generated for dynamic profile events.
rsso_radius_response str: Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: disable, enable.
rsso_radius_server_port float: UDP port to listen on for RADIUS Start and Stop records.
rsso_secrets Sequence[str]: RADIUS secret used by the RADIUS accounting server.
rsso_validate_request_secret str: Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: disable, enable.
scopetype str: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
secondary_secrets Sequence[str]: Secret key to access the secondary server.
secondary_server str: {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
secrets Sequence[str]: Pre-shared secret key used to access the primary RADIUS server.
server str: Primary RADIUS server CN domain name or IP address.
server_identity_check str: Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
source_ip str: Source IP address for communications to the RADIUS server.
source_ip_interfaces Sequence[str]: Source interface for communication with the RADIUS server.
sso_attribute str: RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
sso_attribute_key str: Key prefix for SSO group value in the SSO attribute.
sso_attribute_value_override str: Enable/disable override old attribute value with new value for the same endpoint. Valid values: disable, enable.
status_ttl float: Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
switch_controller_acct_fast_framedip_detect float: Switch-Controller-Acct-Fast-Framedip-Detect.
switch_controller_nas_ip_dynamic str: Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: disable, enable.
switch_controller_service_types Sequence[str]: Switch-Controller-Service-Type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
tertiary_secrets Sequence[str]: Secret key to access the tertiary server.
tertiary_server str: {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
timeout float: Time in seconds between re-sending authentication requests.
tls_min_proto_version str: Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
transport_protocol str: Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
use_group_for_profile str: Use-Group-For-Profile. Valid values: disable, enable.
use_management_vdom str: Enable/disable using management VDOM to send requests. Valid values: disable, enable.
username_case_sensitive str: Enable/disable case sensitive user names. Valid values: disable, enable.

radius String: Radius.
_scopes List<Property Map>: _Scope. The structure of _scope block is documented below.
accountKeyCertField String: Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyProcessing String: Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
accountingServers List<Property Map>: Accounting-Server. The structure of accounting_server block is documented below.
acctAllServers String: Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: disable, enable.
acctInterimInterval Number: Time in seconds between each accounting interim update message.
adom String: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allUsergroup String: Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
authType String: Authentication methods/protocols permitted for this RADIUS server. Valid values: pap, chap, ms_chap, ms_chap_v2, auto.
caCert String: CA of server to trust under TLS.
callStationIdType String: Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
classes List<String>: Class attribute name(s).
clientCert String: Client certificate to use under TLS.
delimiter String: Delimiter. Valid values: plus, comma.
dpCarrierEndpointAttribute String: Dp-Carrier-Endpoint-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpCarrierEndpointBlockAttribute String: Dp-Carrier-Endpoint-Block-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpContextTimeout Number: Dp-Context-Timeout.
dpFlushIpSession String: Dp-Flush-Ip-Session. Valid values: disable, enable.
dpHoldTime Number: Dp-Hold-Time.
dpHttpHeader String: Dp-Http-Header.
dpHttpHeaderFallback String: Dp-Http-Header-Fallback. Valid values: ip-header-address, default-profile.
dpHttpHeaderStatus String: Dp-Http-Header-Status. Valid values: disable, enable.
dpHttpHeaderSuppress String: Dp-Http-Header-Suppress. Valid values: disable, enable.
dpLogDynFlags List<String>: Dp-Log-Dyn_Flags. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
dpLogPeriod Number: Dp-Log-Period.
dpMemPercent Number: Dp-Mem-Percent.
dpProfileAttribute String: Dp-Profile-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpProfileAttributeKey String: Dp-Profile-Attribute-Key.
dpRadiusResponse String: Dp-Radius-Response. Valid values: disable, enable.
dpRadiusServerPort Number: Dp-Radius-Server-Port.
dpSecrets List<String>: Dp-Secret.
dpValidateRequestSecret String: Dp-Validate-Request-Secret. Valid values: disable, enable.
dynamicProfile String: Dynamic-Profile. Valid values: disable, enable.
dynamicSortSubtable String: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
endpointTranslation String: Endpoint-Translation. Valid values: disable, enable.
epCarrierEndpointConvertHex String: Ep-Carrier-Endpoint-Convert-Hex. Valid values: disable, enable.
epCarrierEndpointHeader String: Ep-Carrier-Endpoint-Header.
epCarrierEndpointHeaderSuppress String: Ep-Carrier-Endpoint-Header-Suppress. Valid values: disable, enable.
epCarrierEndpointPrefix String: Ep-Carrier-Endpoint-Prefix. Valid values: disable, enable.
epCarrierEndpointPrefixRangeMax Number: Ep-Carrier-Endpoint-Prefix-Range-Max.
epCarrierEndpointPrefixRangeMin Number: Ep-Carrier-Endpoint-Prefix-Range-Min.
epCarrierEndpointPrefixString String: Ep-Carrier-Endpoint-Prefix-String.
epCarrierEndpointSource String: Ep-Carrier-Endpoint-Source. Valid values: http-header, cookie.
epIpHeader String: Ep-Ip-Header.
epIpHeaderSuppress String: Ep-Ip-Header-Suppress. Valid values: disable, enable.
epMissingHeaderFallback String: Ep-Missing-Header-Fallback. Valid values: session-ip, policy-profile.
epProfileQueryType String: Ep-Profile-Query-Type. Valid values: session-ip, extract-ip, extract-carrier-endpoint.
groupOverrideAttrType String: Group-Override-Attr-Type. Valid values: filter-Id, class.
h3cCompatibility String: Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: disable, enable.
interface String: Specify outgoing interface to reach server.
interfaceSelectMethod String: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
macCase String: MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
macPasswordDelimiter String: MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
macUsernameDelimiter String: MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
nasId String: Custom NAS identifier.
nasIdType String: NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
nasIp String: IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
objectUserRadiusDynamicMappingId String: an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
passwordEncoding String: Password encoding. Valid values: ISO-8859-1, auto.
passwordRenewal String: Enable/disable password renewal. Valid values: disable, enable.
radiusCoa String: Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: disable, enable.
radiusPort Number: RADIUS service port number.
rsso String: Enable/disable RADIUS based single sign on feature. Valid values: disable, enable.
rssoContextTimeout Number: Time in seconds before the logged out user is removed from the "user context list" of logged on users.
rssoEndpointAttribute String: RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rssoEndpointBlockAttribute String: RADIUS attributes used to block a user. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rssoEpOneIpOnly String: Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: disable, enable.
rssoFlushIpSession String: Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: disable, enable.
rssoLogFlags List<String>: Events to log. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
rssoLogPeriod Number: Time interval in seconds that group event log messages will be generated for dynamic profile events.
rssoRadiusResponse String: Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: disable, enable.
rssoRadiusServerPort Number: UDP port to listen on for RADIUS Start and Stop records.
rssoSecrets List<String>: RADIUS secret used by the RADIUS accounting server.
rssoValidateRequestSecret String: Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: disable, enable.
scopetype String: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
secondarySecrets List<String>: Secret key to access the secondary server.
secondaryServer String: {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
secrets List<String>: Pre-shared secret key used to access the primary RADIUS server.
server String: Primary RADIUS server CN domain name or IP address.
serverIdentityCheck String: Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp String: Source IP address for communications to the RADIUS server.
sourceIpInterfaces List<String>: Source interface for communication with the RADIUS server.
ssoAttribute String: RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
ssoAttributeKey String: Key prefix for SSO group value in the SSO attribute.
ssoAttributeValueOverride String: Enable/disable override old attribute value with new value for the same endpoint. Valid values: disable, enable.
statusTtl Number: Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
switchControllerAcctFastFramedipDetect Number: Switch-Controller-Acct-Fast-Framedip-Detect.
switchControllerNasIpDynamic String: Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: disable, enable.
switchControllerServiceTypes List<String>: Switch-Controller-Service-Type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
tertiarySecrets List<String>: Secret key to access the tertiary server.
tertiaryServer String: {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
timeout Number: Time in seconds between re-sending authentication requests.
tlsMinProtoVersion String: Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
transportProtocol String: Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
useGroupForProfile String: Use-Group-For-Profile. Valid values: disable, enable.
useManagementVdom String: Enable/disable using management VDOM to send requests. Valid values: disable, enable.
usernameCaseSensitive String: Enable/disable case sensitive user names. Valid values: disable, enable.

Outputs

All input properties are implicitly available as output properties. Additionally, the ObjectUserRadiusDynamicMapping resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing ObjectUserRadiusDynamicMapping Resource

Get an existing ObjectUserRadiusDynamicMapping resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ObjectUserRadiusDynamicMappingState, opts?: CustomResourceOptions): ObjectUserRadiusDynamicMapping

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        _scopes: Optional[Sequence[ObjectUserRadiusDynamicMapping_ScopeArgs]] = None,
        account_key_cert_field: Optional[str] = None,
        account_key_processing: Optional[str] = None,
        accounting_servers: Optional[Sequence[ObjectUserRadiusDynamicMappingAccountingServerArgs]] = None,
        acct_all_servers: Optional[str] = None,
        acct_interim_interval: Optional[float] = None,
        adom: Optional[str] = None,
        all_usergroup: Optional[str] = None,
        auth_type: Optional[str] = None,
        ca_cert: Optional[str] = None,
        call_station_id_type: Optional[str] = None,
        classes: Optional[Sequence[str]] = None,
        client_cert: Optional[str] = None,
        delimiter: Optional[str] = None,
        dp_carrier_endpoint_attribute: Optional[str] = None,
        dp_carrier_endpoint_block_attribute: Optional[str] = None,
        dp_context_timeout: Optional[float] = None,
        dp_flush_ip_session: Optional[str] = None,
        dp_hold_time: Optional[float] = None,
        dp_http_header: Optional[str] = None,
        dp_http_header_fallback: Optional[str] = None,
        dp_http_header_status: Optional[str] = None,
        dp_http_header_suppress: Optional[str] = None,
        dp_log_dyn_flags: Optional[Sequence[str]] = None,
        dp_log_period: Optional[float] = None,
        dp_mem_percent: Optional[float] = None,
        dp_profile_attribute: Optional[str] = None,
        dp_profile_attribute_key: Optional[str] = None,
        dp_radius_response: Optional[str] = None,
        dp_radius_server_port: Optional[float] = None,
        dp_secrets: Optional[Sequence[str]] = None,
        dp_validate_request_secret: Optional[str] = None,
        dynamic_profile: Optional[str] = None,
        dynamic_sort_subtable: Optional[str] = None,
        endpoint_translation: Optional[str] = None,
        ep_carrier_endpoint_convert_hex: Optional[str] = None,
        ep_carrier_endpoint_header: Optional[str] = None,
        ep_carrier_endpoint_header_suppress: Optional[str] = None,
        ep_carrier_endpoint_prefix: Optional[str] = None,
        ep_carrier_endpoint_prefix_range_max: Optional[float] = None,
        ep_carrier_endpoint_prefix_range_min: Optional[float] = None,
        ep_carrier_endpoint_prefix_string: Optional[str] = None,
        ep_carrier_endpoint_source: Optional[str] = None,
        ep_ip_header: Optional[str] = None,
        ep_ip_header_suppress: Optional[str] = None,
        ep_missing_header_fallback: Optional[str] = None,
        ep_profile_query_type: Optional[str] = None,
        group_override_attr_type: Optional[str] = None,
        h3c_compatibility: Optional[str] = None,
        interface: Optional[str] = None,
        interface_select_method: Optional[str] = None,
        mac_case: Optional[str] = None,
        mac_password_delimiter: Optional[str] = None,
        mac_username_delimiter: Optional[str] = None,
        nas_id: Optional[str] = None,
        nas_id_type: Optional[str] = None,
        nas_ip: Optional[str] = None,
        object_user_radius_dynamic_mapping_id: Optional[str] = None,
        password_encoding: Optional[str] = None,
        password_renewal: Optional[str] = None,
        radius: Optional[str] = None,
        radius_coa: Optional[str] = None,
        radius_port: Optional[float] = None,
        rsso: Optional[str] = None,
        rsso_context_timeout: Optional[float] = None,
        rsso_endpoint_attribute: Optional[str] = None,
        rsso_endpoint_block_attribute: Optional[str] = None,
        rsso_ep_one_ip_only: Optional[str] = None,
        rsso_flush_ip_session: Optional[str] = None,
        rsso_log_flags: Optional[Sequence[str]] = None,
        rsso_log_period: Optional[float] = None,
        rsso_radius_response: Optional[str] = None,
        rsso_radius_server_port: Optional[float] = None,
        rsso_secrets: Optional[Sequence[str]] = None,
        rsso_validate_request_secret: Optional[str] = None,
        scopetype: Optional[str] = None,
        secondary_secrets: Optional[Sequence[str]] = None,
        secondary_server: Optional[str] = None,
        secrets: Optional[Sequence[str]] = None,
        server: Optional[str] = None,
        server_identity_check: Optional[str] = None,
        source_ip: Optional[str] = None,
        source_ip_interfaces: Optional[Sequence[str]] = None,
        sso_attribute: Optional[str] = None,
        sso_attribute_key: Optional[str] = None,
        sso_attribute_value_override: Optional[str] = None,
        status_ttl: Optional[float] = None,
        switch_controller_acct_fast_framedip_detect: Optional[float] = None,
        switch_controller_nas_ip_dynamic: Optional[str] = None,
        switch_controller_service_types: Optional[Sequence[str]] = None,
        tertiary_secrets: Optional[Sequence[str]] = None,
        tertiary_server: Optional[str] = None,
        timeout: Optional[float] = None,
        tls_min_proto_version: Optional[str] = None,
        transport_protocol: Optional[str] = None,
        use_group_for_profile: Optional[str] = None,
        use_management_vdom: Optional[str] = None,
        username_case_sensitive: Optional[str] = None) -> ObjectUserRadiusDynamicMapping

func GetObjectUserRadiusDynamicMapping(ctx *Context, name string, id IDInput, state *ObjectUserRadiusDynamicMappingState, opts ...ResourceOption) (*ObjectUserRadiusDynamicMapping, error)

public static ObjectUserRadiusDynamicMapping Get(string name, Input<string> id, ObjectUserRadiusDynamicMappingState? state, CustomResourceOptions? opts = null)

public static ObjectUserRadiusDynamicMapping get(String name, Output<String> id, ObjectUserRadiusDynamicMappingState state, CustomResourceOptions options)

resources:  _:    type: fortimanager:ObjectUserRadiusDynamicMapping    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountKeyCertField string: Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
AccountKeyProcessing string: Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
AccountingServers List<ObjectUserRadiusDynamicMappingAccountingServer>: Accounting-Server. The structure of accounting_server block is documented below.
AcctAllServers string: Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: disable, enable.
AcctInterimInterval double: Time in seconds between each accounting interim update message.
Adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
AllUsergroup string: Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
AuthType string: Authentication methods/protocols permitted for this RADIUS server. Valid values: pap, chap, ms_chap, ms_chap_v2, auto.
CaCert string: CA of server to trust under TLS.
CallStationIdType string: Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
Classes List<string>: Class attribute name(s).
ClientCert string: Client certificate to use under TLS.
Delimiter string: Delimiter. Valid values: plus, comma.
DpCarrierEndpointAttribute string: Dp-Carrier-Endpoint-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
DpCarrierEndpointBlockAttribute string: Dp-Carrier-Endpoint-Block-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
DpContextTimeout double: Dp-Context-Timeout.
DpFlushIpSession string: Dp-Flush-Ip-Session. Valid values: disable, enable.
DpHoldTime double: Dp-Hold-Time.
DpHttpHeader string: Dp-Http-Header.
DpHttpHeaderFallback string: Dp-Http-Header-Fallback. Valid values: ip-header-address, default-profile.
DpHttpHeaderStatus string: Dp-Http-Header-Status. Valid values: disable, enable.
DpHttpHeaderSuppress string: Dp-Http-Header-Suppress. Valid values: disable, enable.
DpLogDynFlags List<string>: Dp-Log-Dyn_Flags. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
DpLogPeriod double: Dp-Log-Period.
DpMemPercent double: Dp-Mem-Percent.
DpProfileAttribute string: Dp-Profile-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
DpProfileAttributeKey string: Dp-Profile-Attribute-Key.
DpRadiusResponse string: Dp-Radius-Response. Valid values: disable, enable.
DpRadiusServerPort double: Dp-Radius-Server-Port.
DpSecrets List<string>: Dp-Secret.
DpValidateRequestSecret string: Dp-Validate-Request-Secret. Valid values: disable, enable.
DynamicProfile string: Dynamic-Profile. Valid values: disable, enable.
DynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EndpointTranslation string: Endpoint-Translation. Valid values: disable, enable.
EpCarrierEndpointConvertHex string: Ep-Carrier-Endpoint-Convert-Hex. Valid values: disable, enable.
EpCarrierEndpointHeader string: Ep-Carrier-Endpoint-Header.
EpCarrierEndpointHeaderSuppress string: Ep-Carrier-Endpoint-Header-Suppress. Valid values: disable, enable.
EpCarrierEndpointPrefix string: Ep-Carrier-Endpoint-Prefix. Valid values: disable, enable.
EpCarrierEndpointPrefixRangeMax double: Ep-Carrier-Endpoint-Prefix-Range-Max.
EpCarrierEndpointPrefixRangeMin double: Ep-Carrier-Endpoint-Prefix-Range-Min.
EpCarrierEndpointPrefixString string: Ep-Carrier-Endpoint-Prefix-String.
EpCarrierEndpointSource string: Ep-Carrier-Endpoint-Source. Valid values: http-header, cookie.
EpIpHeader string: Ep-Ip-Header.
EpIpHeaderSuppress string: Ep-Ip-Header-Suppress. Valid values: disable, enable.
EpMissingHeaderFallback string: Ep-Missing-Header-Fallback. Valid values: session-ip, policy-profile.
EpProfileQueryType string: Ep-Profile-Query-Type. Valid values: session-ip, extract-ip, extract-carrier-endpoint.
GroupOverrideAttrType string: Group-Override-Attr-Type. Valid values: filter-Id, class.
H3cCompatibility string: Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: disable, enable.
Interface string: Specify outgoing interface to reach server.
InterfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
MacCase string: MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
MacPasswordDelimiter string: MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
MacUsernameDelimiter string: MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
NasId string: Custom NAS identifier.
NasIdType string: NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
NasIp string: IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
ObjectUserRadiusDynamicMappingId string: an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
PasswordEncoding string: Password encoding. Valid values: ISO-8859-1, auto.
PasswordRenewal string: Enable/disable password renewal. Valid values: disable, enable.
Radius string: Radius.
RadiusCoa string: Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: disable, enable.
RadiusPort double: RADIUS service port number.
Rsso string: Enable/disable RADIUS based single sign on feature. Valid values: disable, enable.
RssoContextTimeout double: Time in seconds before the logged out user is removed from the "user context list" of logged on users.
RssoEndpointAttribute string: RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
RssoEndpointBlockAttribute string: RADIUS attributes used to block a user. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
RssoEpOneIpOnly string: Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: disable, enable.
RssoFlushIpSession string: Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: disable, enable.
RssoLogFlags List<string>: Events to log. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
RssoLogPeriod double: Time interval in seconds that group event log messages will be generated for dynamic profile events.
RssoRadiusResponse string: Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: disable, enable.
RssoRadiusServerPort double: UDP port to listen on for RADIUS Start and Stop records.
RssoSecrets List<string>: RADIUS secret used by the RADIUS accounting server.
RssoValidateRequestSecret string: Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: disable, enable.
Scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
SecondarySecrets List<string>: Secret key to access the secondary server.
SecondaryServer string: {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
Secrets List<string>: Pre-shared secret key used to access the primary RADIUS server.
Server string: Primary RADIUS server CN domain name or IP address.
ServerIdentityCheck string: Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
SourceIp string: Source IP address for communications to the RADIUS server.
SourceIpInterfaces List<string>: Source interface for communication with the RADIUS server.
SsoAttribute string: RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
SsoAttributeKey string: Key prefix for SSO group value in the SSO attribute.
SsoAttributeValueOverride string: Enable/disable override old attribute value with new value for the same endpoint. Valid values: disable, enable.
StatusTtl double: Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
SwitchControllerAcctFastFramedipDetect double: Switch-Controller-Acct-Fast-Framedip-Detect.
SwitchControllerNasIpDynamic string: Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: disable, enable.
SwitchControllerServiceTypes List<string>: Switch-Controller-Service-Type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
TertiarySecrets List<string>: Secret key to access the tertiary server.
TertiaryServer string: {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
Timeout double: Time in seconds between re-sending authentication requests.
TlsMinProtoVersion string: Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
TransportProtocol string: Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
UseGroupForProfile string: Use-Group-For-Profile. Valid values: disable, enable.
UseManagementVdom string: Enable/disable using management VDOM to send requests. Valid values: disable, enable.
UsernameCaseSensitive string: Enable/disable case sensitive user names. Valid values: disable, enable.
_scopes List<ObjectUserRadiusDynamicMapping_Scope>: _Scope. The structure of _scope block is documented below.

AccountKeyCertField string: Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
AccountKeyProcessing string: Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
AccountingServers []ObjectUserRadiusDynamicMappingAccountingServerTypeArgs: Accounting-Server. The structure of accounting_server block is documented below.
AcctAllServers string: Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: disable, enable.
AcctInterimInterval float64: Time in seconds between each accounting interim update message.
Adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
AllUsergroup string: Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
AuthType string: Authentication methods/protocols permitted for this RADIUS server. Valid values: pap, chap, ms_chap, ms_chap_v2, auto.
CaCert string: CA of server to trust under TLS.
CallStationIdType string: Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
Classes []string: Class attribute name(s).
ClientCert string: Client certificate to use under TLS.
Delimiter string: Delimiter. Valid values: plus, comma.
DpCarrierEndpointAttribute string: Dp-Carrier-Endpoint-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
DpCarrierEndpointBlockAttribute string: Dp-Carrier-Endpoint-Block-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
DpContextTimeout float64: Dp-Context-Timeout.
DpFlushIpSession string: Dp-Flush-Ip-Session. Valid values: disable, enable.
DpHoldTime float64: Dp-Hold-Time.
DpHttpHeader string: Dp-Http-Header.
DpHttpHeaderFallback string: Dp-Http-Header-Fallback. Valid values: ip-header-address, default-profile.
DpHttpHeaderStatus string: Dp-Http-Header-Status. Valid values: disable, enable.
DpHttpHeaderSuppress string: Dp-Http-Header-Suppress. Valid values: disable, enable.
DpLogDynFlags []string: Dp-Log-Dyn_Flags. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
DpLogPeriod float64: Dp-Log-Period.
DpMemPercent float64: Dp-Mem-Percent.
DpProfileAttribute string: Dp-Profile-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
DpProfileAttributeKey string: Dp-Profile-Attribute-Key.
DpRadiusResponse string: Dp-Radius-Response. Valid values: disable, enable.
DpRadiusServerPort float64: Dp-Radius-Server-Port.
DpSecrets []string: Dp-Secret.
DpValidateRequestSecret string: Dp-Validate-Request-Secret. Valid values: disable, enable.
DynamicProfile string: Dynamic-Profile. Valid values: disable, enable.
DynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EndpointTranslation string: Endpoint-Translation. Valid values: disable, enable.
EpCarrierEndpointConvertHex string: Ep-Carrier-Endpoint-Convert-Hex. Valid values: disable, enable.
EpCarrierEndpointHeader string: Ep-Carrier-Endpoint-Header.
EpCarrierEndpointHeaderSuppress string: Ep-Carrier-Endpoint-Header-Suppress. Valid values: disable, enable.
EpCarrierEndpointPrefix string: Ep-Carrier-Endpoint-Prefix. Valid values: disable, enable.
EpCarrierEndpointPrefixRangeMax float64: Ep-Carrier-Endpoint-Prefix-Range-Max.
EpCarrierEndpointPrefixRangeMin float64: Ep-Carrier-Endpoint-Prefix-Range-Min.
EpCarrierEndpointPrefixString string: Ep-Carrier-Endpoint-Prefix-String.
EpCarrierEndpointSource string: Ep-Carrier-Endpoint-Source. Valid values: http-header, cookie.
EpIpHeader string: Ep-Ip-Header.
EpIpHeaderSuppress string: Ep-Ip-Header-Suppress. Valid values: disable, enable.
EpMissingHeaderFallback string: Ep-Missing-Header-Fallback. Valid values: session-ip, policy-profile.
EpProfileQueryType string: Ep-Profile-Query-Type. Valid values: session-ip, extract-ip, extract-carrier-endpoint.
GroupOverrideAttrType string: Group-Override-Attr-Type. Valid values: filter-Id, class.
H3cCompatibility string: Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: disable, enable.
Interface string: Specify outgoing interface to reach server.
InterfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
MacCase string: MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
MacPasswordDelimiter string: MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
MacUsernameDelimiter string: MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
NasId string: Custom NAS identifier.
NasIdType string: NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
NasIp string: IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
ObjectUserRadiusDynamicMappingId string: an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
PasswordEncoding string: Password encoding. Valid values: ISO-8859-1, auto.
PasswordRenewal string: Enable/disable password renewal. Valid values: disable, enable.
Radius string: Radius.
RadiusCoa string: Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: disable, enable.
RadiusPort float64: RADIUS service port number.
Rsso string: Enable/disable RADIUS based single sign on feature. Valid values: disable, enable.
RssoContextTimeout float64: Time in seconds before the logged out user is removed from the "user context list" of logged on users.
RssoEndpointAttribute string: RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
RssoEndpointBlockAttribute string: RADIUS attributes used to block a user. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
RssoEpOneIpOnly string: Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: disable, enable.
RssoFlushIpSession string: Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: disable, enable.
RssoLogFlags []string: Events to log. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
RssoLogPeriod float64: Time interval in seconds that group event log messages will be generated for dynamic profile events.
RssoRadiusResponse string: Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: disable, enable.
RssoRadiusServerPort float64: UDP port to listen on for RADIUS Start and Stop records.
RssoSecrets []string: RADIUS secret used by the RADIUS accounting server.
RssoValidateRequestSecret string: Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: disable, enable.
Scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
SecondarySecrets []string: Secret key to access the secondary server.
SecondaryServer string: {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
Secrets []string: Pre-shared secret key used to access the primary RADIUS server.
Server string: Primary RADIUS server CN domain name or IP address.
ServerIdentityCheck string: Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
SourceIp string: Source IP address for communications to the RADIUS server.
SourceIpInterfaces []string: Source interface for communication with the RADIUS server.
SsoAttribute string: RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
SsoAttributeKey string: Key prefix for SSO group value in the SSO attribute.
SsoAttributeValueOverride string: Enable/disable override old attribute value with new value for the same endpoint. Valid values: disable, enable.
StatusTtl float64: Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
SwitchControllerAcctFastFramedipDetect float64: Switch-Controller-Acct-Fast-Framedip-Detect.
SwitchControllerNasIpDynamic string: Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: disable, enable.
SwitchControllerServiceTypes []string: Switch-Controller-Service-Type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
TertiarySecrets []string: Secret key to access the tertiary server.
TertiaryServer string: {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
Timeout float64: Time in seconds between re-sending authentication requests.
TlsMinProtoVersion string: Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
TransportProtocol string: Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
UseGroupForProfile string: Use-Group-For-Profile. Valid values: disable, enable.
UseManagementVdom string: Enable/disable using management VDOM to send requests. Valid values: disable, enable.
UsernameCaseSensitive string: Enable/disable case sensitive user names. Valid values: disable, enable.
_scopes []ObjectUserRadiusDynamicMapping_ScopeArgs: _Scope. The structure of _scope block is documented below.

_scopes List<ObjectUserRadiusDynamicMapping_Scope>: _Scope. The structure of _scope block is documented below.
accountKeyCertField String: Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyProcessing String: Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
accountingServers List<ObjectUserRadiusDynamicMappingAccountingServer>: Accounting-Server. The structure of accounting_server block is documented below.
acctAllServers String: Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: disable, enable.
acctInterimInterval Double: Time in seconds between each accounting interim update message.
adom String: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allUsergroup String: Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
authType String: Authentication methods/protocols permitted for this RADIUS server. Valid values: pap, chap, ms_chap, ms_chap_v2, auto.
caCert String: CA of server to trust under TLS.
callStationIdType String: Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
classes List<String>: Class attribute name(s).
clientCert String: Client certificate to use under TLS.
delimiter String: Delimiter. Valid values: plus, comma.
dpCarrierEndpointAttribute String: Dp-Carrier-Endpoint-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpCarrierEndpointBlockAttribute String: Dp-Carrier-Endpoint-Block-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpContextTimeout Double: Dp-Context-Timeout.
dpFlushIpSession String: Dp-Flush-Ip-Session. Valid values: disable, enable.
dpHoldTime Double: Dp-Hold-Time.
dpHttpHeader String: Dp-Http-Header.
dpHttpHeaderFallback String: Dp-Http-Header-Fallback. Valid values: ip-header-address, default-profile.
dpHttpHeaderStatus String: Dp-Http-Header-Status. Valid values: disable, enable.
dpHttpHeaderSuppress String: Dp-Http-Header-Suppress. Valid values: disable, enable.
dpLogDynFlags List<String>: Dp-Log-Dyn_Flags. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
dpLogPeriod Double: Dp-Log-Period.
dpMemPercent Double: Dp-Mem-Percent.
dpProfileAttribute String: Dp-Profile-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpProfileAttributeKey String: Dp-Profile-Attribute-Key.
dpRadiusResponse String: Dp-Radius-Response. Valid values: disable, enable.
dpRadiusServerPort Double: Dp-Radius-Server-Port.
dpSecrets List<String>: Dp-Secret.
dpValidateRequestSecret String: Dp-Validate-Request-Secret. Valid values: disable, enable.
dynamicProfile String: Dynamic-Profile. Valid values: disable, enable.
dynamicSortSubtable String: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
endpointTranslation String: Endpoint-Translation. Valid values: disable, enable.
epCarrierEndpointConvertHex String: Ep-Carrier-Endpoint-Convert-Hex. Valid values: disable, enable.
epCarrierEndpointHeader String: Ep-Carrier-Endpoint-Header.
epCarrierEndpointHeaderSuppress String: Ep-Carrier-Endpoint-Header-Suppress. Valid values: disable, enable.
epCarrierEndpointPrefix String: Ep-Carrier-Endpoint-Prefix. Valid values: disable, enable.
epCarrierEndpointPrefixRangeMax Double: Ep-Carrier-Endpoint-Prefix-Range-Max.
epCarrierEndpointPrefixRangeMin Double: Ep-Carrier-Endpoint-Prefix-Range-Min.
epCarrierEndpointPrefixString String: Ep-Carrier-Endpoint-Prefix-String.
epCarrierEndpointSource String: Ep-Carrier-Endpoint-Source. Valid values: http-header, cookie.
epIpHeader String: Ep-Ip-Header.
epIpHeaderSuppress String: Ep-Ip-Header-Suppress. Valid values: disable, enable.
epMissingHeaderFallback String: Ep-Missing-Header-Fallback. Valid values: session-ip, policy-profile.
epProfileQueryType String: Ep-Profile-Query-Type. Valid values: session-ip, extract-ip, extract-carrier-endpoint.
groupOverrideAttrType String: Group-Override-Attr-Type. Valid values: filter-Id, class.
h3cCompatibility String: Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: disable, enable.
interfaceSelectMethod String: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
interface_ String: Specify outgoing interface to reach server.
macCase String: MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
macPasswordDelimiter String: MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
macUsernameDelimiter String: MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
nasId String: Custom NAS identifier.
nasIdType String: NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
nasIp String: IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
objectUserRadiusDynamicMappingId String: an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
passwordEncoding String: Password encoding. Valid values: ISO-8859-1, auto.
passwordRenewal String: Enable/disable password renewal. Valid values: disable, enable.
radius String: Radius.
radiusCoa String: Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: disable, enable.
radiusPort Double: RADIUS service port number.
rsso String: Enable/disable RADIUS based single sign on feature. Valid values: disable, enable.
rssoContextTimeout Double: Time in seconds before the logged out user is removed from the "user context list" of logged on users.
rssoEndpointAttribute String: RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rssoEndpointBlockAttribute String: RADIUS attributes used to block a user. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rssoEpOneIpOnly String: Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: disable, enable.
rssoFlushIpSession String: Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: disable, enable.
rssoLogFlags List<String>: Events to log. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
rssoLogPeriod Double: Time interval in seconds that group event log messages will be generated for dynamic profile events.
rssoRadiusResponse String: Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: disable, enable.
rssoRadiusServerPort Double: UDP port to listen on for RADIUS Start and Stop records.
rssoSecrets List<String>: RADIUS secret used by the RADIUS accounting server.
rssoValidateRequestSecret String: Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: disable, enable.
scopetype String: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
secondarySecrets List<String>: Secret key to access the secondary server.
secondaryServer String: {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
secrets List<String>: Pre-shared secret key used to access the primary RADIUS server.
server String: Primary RADIUS server CN domain name or IP address.
serverIdentityCheck String: Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp String: Source IP address for communications to the RADIUS server.
sourceIpInterfaces List<String>: Source interface for communication with the RADIUS server.
ssoAttribute String: RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
ssoAttributeKey String: Key prefix for SSO group value in the SSO attribute.
ssoAttributeValueOverride String: Enable/disable override old attribute value with new value for the same endpoint. Valid values: disable, enable.
statusTtl Double: Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
switchControllerAcctFastFramedipDetect Double: Switch-Controller-Acct-Fast-Framedip-Detect.
switchControllerNasIpDynamic String: Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: disable, enable.
switchControllerServiceTypes List<String>: Switch-Controller-Service-Type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
tertiarySecrets List<String>: Secret key to access the tertiary server.
tertiaryServer String: {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
timeout Double: Time in seconds between re-sending authentication requests.
tlsMinProtoVersion String: Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
transportProtocol String: Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
useGroupForProfile String: Use-Group-For-Profile. Valid values: disable, enable.
useManagementVdom String: Enable/disable using management VDOM to send requests. Valid values: disable, enable.
usernameCaseSensitive String: Enable/disable case sensitive user names. Valid values: disable, enable.

_scopes ObjectUserRadiusDynamicMapping_Scope[]: _Scope. The structure of _scope block is documented below.
accountKeyCertField string: Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyProcessing string: Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
accountingServers ObjectUserRadiusDynamicMappingAccountingServer[]: Accounting-Server. The structure of accounting_server block is documented below.
acctAllServers string: Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: disable, enable.
acctInterimInterval number: Time in seconds between each accounting interim update message.
adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allUsergroup string: Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
authType string: Authentication methods/protocols permitted for this RADIUS server. Valid values: pap, chap, ms_chap, ms_chap_v2, auto.
caCert string: CA of server to trust under TLS.
callStationIdType string: Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
classes string[]: Class attribute name(s).
clientCert string: Client certificate to use under TLS.
delimiter string: Delimiter. Valid values: plus, comma.
dpCarrierEndpointAttribute string: Dp-Carrier-Endpoint-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpCarrierEndpointBlockAttribute string: Dp-Carrier-Endpoint-Block-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpContextTimeout number: Dp-Context-Timeout.
dpFlushIpSession string: Dp-Flush-Ip-Session. Valid values: disable, enable.
dpHoldTime number: Dp-Hold-Time.
dpHttpHeader string: Dp-Http-Header.
dpHttpHeaderFallback string: Dp-Http-Header-Fallback. Valid values: ip-header-address, default-profile.
dpHttpHeaderStatus string: Dp-Http-Header-Status. Valid values: disable, enable.
dpHttpHeaderSuppress string: Dp-Http-Header-Suppress. Valid values: disable, enable.
dpLogDynFlags string[]: Dp-Log-Dyn_Flags. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
dpLogPeriod number: Dp-Log-Period.
dpMemPercent number: Dp-Mem-Percent.
dpProfileAttribute string: Dp-Profile-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpProfileAttributeKey string: Dp-Profile-Attribute-Key.
dpRadiusResponse string: Dp-Radius-Response. Valid values: disable, enable.
dpRadiusServerPort number: Dp-Radius-Server-Port.
dpSecrets string[]: Dp-Secret.
dpValidateRequestSecret string: Dp-Validate-Request-Secret. Valid values: disable, enable.
dynamicProfile string: Dynamic-Profile. Valid values: disable, enable.
dynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
endpointTranslation string: Endpoint-Translation. Valid values: disable, enable.
epCarrierEndpointConvertHex string: Ep-Carrier-Endpoint-Convert-Hex. Valid values: disable, enable.
epCarrierEndpointHeader string: Ep-Carrier-Endpoint-Header.
epCarrierEndpointHeaderSuppress string: Ep-Carrier-Endpoint-Header-Suppress. Valid values: disable, enable.
epCarrierEndpointPrefix string: Ep-Carrier-Endpoint-Prefix. Valid values: disable, enable.
epCarrierEndpointPrefixRangeMax number: Ep-Carrier-Endpoint-Prefix-Range-Max.
epCarrierEndpointPrefixRangeMin number: Ep-Carrier-Endpoint-Prefix-Range-Min.
epCarrierEndpointPrefixString string: Ep-Carrier-Endpoint-Prefix-String.
epCarrierEndpointSource string: Ep-Carrier-Endpoint-Source. Valid values: http-header, cookie.
epIpHeader string: Ep-Ip-Header.
epIpHeaderSuppress string: Ep-Ip-Header-Suppress. Valid values: disable, enable.
epMissingHeaderFallback string: Ep-Missing-Header-Fallback. Valid values: session-ip, policy-profile.
epProfileQueryType string: Ep-Profile-Query-Type. Valid values: session-ip, extract-ip, extract-carrier-endpoint.
groupOverrideAttrType string: Group-Override-Attr-Type. Valid values: filter-Id, class.
h3cCompatibility string: Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: disable, enable.
interface string: Specify outgoing interface to reach server.
interfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
macCase string: MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
macPasswordDelimiter string: MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
macUsernameDelimiter string: MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
nasId string: Custom NAS identifier.
nasIdType string: NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
nasIp string: IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
objectUserRadiusDynamicMappingId string: an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
passwordEncoding string: Password encoding. Valid values: ISO-8859-1, auto.
passwordRenewal string: Enable/disable password renewal. Valid values: disable, enable.
radius string: Radius.
radiusCoa string: Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: disable, enable.
radiusPort number: RADIUS service port number.
rsso string: Enable/disable RADIUS based single sign on feature. Valid values: disable, enable.
rssoContextTimeout number: Time in seconds before the logged out user is removed from the "user context list" of logged on users.
rssoEndpointAttribute string: RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rssoEndpointBlockAttribute string: RADIUS attributes used to block a user. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rssoEpOneIpOnly string: Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: disable, enable.
rssoFlushIpSession string: Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: disable, enable.
rssoLogFlags string[]: Events to log. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
rssoLogPeriod number: Time interval in seconds that group event log messages will be generated for dynamic profile events.
rssoRadiusResponse string: Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: disable, enable.
rssoRadiusServerPort number: UDP port to listen on for RADIUS Start and Stop records.
rssoSecrets string[]: RADIUS secret used by the RADIUS accounting server.
rssoValidateRequestSecret string: Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: disable, enable.
scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
secondarySecrets string[]: Secret key to access the secondary server.
secondaryServer string: {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
secrets string[]: Pre-shared secret key used to access the primary RADIUS server.
server string: Primary RADIUS server CN domain name or IP address.
serverIdentityCheck string: Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp string: Source IP address for communications to the RADIUS server.
sourceIpInterfaces string[]: Source interface for communication with the RADIUS server.
ssoAttribute string: RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
ssoAttributeKey string: Key prefix for SSO group value in the SSO attribute.
ssoAttributeValueOverride string: Enable/disable override old attribute value with new value for the same endpoint. Valid values: disable, enable.
statusTtl number: Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
switchControllerAcctFastFramedipDetect number: Switch-Controller-Acct-Fast-Framedip-Detect.
switchControllerNasIpDynamic string: Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: disable, enable.
switchControllerServiceTypes string[]: Switch-Controller-Service-Type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
tertiarySecrets string[]: Secret key to access the tertiary server.
tertiaryServer string: {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
timeout number: Time in seconds between re-sending authentication requests.
tlsMinProtoVersion string: Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
transportProtocol string: Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
useGroupForProfile string: Use-Group-For-Profile. Valid values: disable, enable.
useManagementVdom string: Enable/disable using management VDOM to send requests. Valid values: disable, enable.
usernameCaseSensitive string: Enable/disable case sensitive user names. Valid values: disable, enable.

_scopes Sequence[ObjectUserRadiusDynamicMapping_ScopeArgs]: _Scope. The structure of _scope block is documented below.
account_key_cert_field str: Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
account_key_processing str: Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
accounting_servers Sequence[ObjectUserRadiusDynamicMappingAccountingServerArgs]: Accounting-Server. The structure of accounting_server block is documented below.
acct_all_servers str: Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: disable, enable.
acct_interim_interval float: Time in seconds between each accounting interim update message.
adom str: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
all_usergroup str: Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
auth_type str: Authentication methods/protocols permitted for this RADIUS server. Valid values: pap, chap, ms_chap, ms_chap_v2, auto.
ca_cert str: CA of server to trust under TLS.
call_station_id_type str: Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
classes Sequence[str]: Class attribute name(s).
client_cert str: Client certificate to use under TLS.
delimiter str: Delimiter. Valid values: plus, comma.
dp_carrier_endpoint_attribute str: Dp-Carrier-Endpoint-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dp_carrier_endpoint_block_attribute str: Dp-Carrier-Endpoint-Block-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dp_context_timeout float: Dp-Context-Timeout.
dp_flush_ip_session str: Dp-Flush-Ip-Session. Valid values: disable, enable.
dp_hold_time float: Dp-Hold-Time.
dp_http_header str: Dp-Http-Header.
dp_http_header_fallback str: Dp-Http-Header-Fallback. Valid values: ip-header-address, default-profile.
dp_http_header_status str: Dp-Http-Header-Status. Valid values: disable, enable.
dp_http_header_suppress str: Dp-Http-Header-Suppress. Valid values: disable, enable.
dp_log_dyn_flags Sequence[str]: Dp-Log-Dyn_Flags. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
dp_log_period float: Dp-Log-Period.
dp_mem_percent float: Dp-Mem-Percent.
dp_profile_attribute str: Dp-Profile-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dp_profile_attribute_key str: Dp-Profile-Attribute-Key.
dp_radius_response str: Dp-Radius-Response. Valid values: disable, enable.
dp_radius_server_port float: Dp-Radius-Server-Port.
dp_secrets Sequence[str]: Dp-Secret.
dp_validate_request_secret str: Dp-Validate-Request-Secret. Valid values: disable, enable.
dynamic_profile str: Dynamic-Profile. Valid values: disable, enable.
dynamic_sort_subtable str: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
endpoint_translation str: Endpoint-Translation. Valid values: disable, enable.
ep_carrier_endpoint_convert_hex str: Ep-Carrier-Endpoint-Convert-Hex. Valid values: disable, enable.
ep_carrier_endpoint_header str: Ep-Carrier-Endpoint-Header.
ep_carrier_endpoint_header_suppress str: Ep-Carrier-Endpoint-Header-Suppress. Valid values: disable, enable.
ep_carrier_endpoint_prefix str: Ep-Carrier-Endpoint-Prefix. Valid values: disable, enable.
ep_carrier_endpoint_prefix_range_max float: Ep-Carrier-Endpoint-Prefix-Range-Max.
ep_carrier_endpoint_prefix_range_min float: Ep-Carrier-Endpoint-Prefix-Range-Min.
ep_carrier_endpoint_prefix_string str: Ep-Carrier-Endpoint-Prefix-String.
ep_carrier_endpoint_source str: Ep-Carrier-Endpoint-Source. Valid values: http-header, cookie.
ep_ip_header str: Ep-Ip-Header.
ep_ip_header_suppress str: Ep-Ip-Header-Suppress. Valid values: disable, enable.
ep_missing_header_fallback str: Ep-Missing-Header-Fallback. Valid values: session-ip, policy-profile.
ep_profile_query_type str: Ep-Profile-Query-Type. Valid values: session-ip, extract-ip, extract-carrier-endpoint.
group_override_attr_type str: Group-Override-Attr-Type. Valid values: filter-Id, class.
h3c_compatibility str: Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: disable, enable.
interface str: Specify outgoing interface to reach server.
interface_select_method str: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
mac_case str: MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
mac_password_delimiter str: MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
mac_username_delimiter str: MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
nas_id str: Custom NAS identifier.
nas_id_type str: NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
nas_ip str: IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
object_user_radius_dynamic_mapping_id str: an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
password_encoding str: Password encoding. Valid values: ISO-8859-1, auto.
password_renewal str: Enable/disable password renewal. Valid values: disable, enable.
radius str: Radius.
radius_coa str: Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: disable, enable.
radius_port float: RADIUS service port number.
rsso str: Enable/disable RADIUS based single sign on feature. Valid values: disable, enable.
rsso_context_timeout float: Time in seconds before the logged out user is removed from the "user context list" of logged on users.
rsso_endpoint_attribute str: RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rsso_endpoint_block_attribute str: RADIUS attributes used to block a user. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rsso_ep_one_ip_only str: Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: disable, enable.
rsso_flush_ip_session str: Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: disable, enable.
rsso_log_flags Sequence[str]: Events to log. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
rsso_log_period float: Time interval in seconds that group event log messages will be generated for dynamic profile events.
rsso_radius_response str: Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: disable, enable.
rsso_radius_server_port float: UDP port to listen on for RADIUS Start and Stop records.
rsso_secrets Sequence[str]: RADIUS secret used by the RADIUS accounting server.
rsso_validate_request_secret str: Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: disable, enable.
scopetype str: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
secondary_secrets Sequence[str]: Secret key to access the secondary server.
secondary_server str: {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
secrets Sequence[str]: Pre-shared secret key used to access the primary RADIUS server.
server str: Primary RADIUS server CN domain name or IP address.
server_identity_check str: Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
source_ip str: Source IP address for communications to the RADIUS server.
source_ip_interfaces Sequence[str]: Source interface for communication with the RADIUS server.
sso_attribute str: RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
sso_attribute_key str: Key prefix for SSO group value in the SSO attribute.
sso_attribute_value_override str: Enable/disable override old attribute value with new value for the same endpoint. Valid values: disable, enable.
status_ttl float: Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
switch_controller_acct_fast_framedip_detect float: Switch-Controller-Acct-Fast-Framedip-Detect.
switch_controller_nas_ip_dynamic str: Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: disable, enable.
switch_controller_service_types Sequence[str]: Switch-Controller-Service-Type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
tertiary_secrets Sequence[str]: Secret key to access the tertiary server.
tertiary_server str: {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
timeout float: Time in seconds between re-sending authentication requests.
tls_min_proto_version str: Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
transport_protocol str: Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
use_group_for_profile str: Use-Group-For-Profile. Valid values: disable, enable.
use_management_vdom str: Enable/disable using management VDOM to send requests. Valid values: disable, enable.
username_case_sensitive str: Enable/disable case sensitive user names. Valid values: disable, enable.

_scopes List<Property Map>: _Scope. The structure of _scope block is documented below.
accountKeyCertField String: Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyProcessing String: Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
accountingServers List<Property Map>: Accounting-Server. The structure of accounting_server block is documented below.
acctAllServers String: Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: disable, enable.
acctInterimInterval Number: Time in seconds between each accounting interim update message.
adom String: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allUsergroup String: Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
authType String: Authentication methods/protocols permitted for this RADIUS server. Valid values: pap, chap, ms_chap, ms_chap_v2, auto.
caCert String: CA of server to trust under TLS.
callStationIdType String: Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
classes List<String>: Class attribute name(s).
clientCert String: Client certificate to use under TLS.
delimiter String: Delimiter. Valid values: plus, comma.
dpCarrierEndpointAttribute String: Dp-Carrier-Endpoint-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpCarrierEndpointBlockAttribute String: Dp-Carrier-Endpoint-Block-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpContextTimeout Number: Dp-Context-Timeout.
dpFlushIpSession String: Dp-Flush-Ip-Session. Valid values: disable, enable.
dpHoldTime Number: Dp-Hold-Time.
dpHttpHeader String: Dp-Http-Header.
dpHttpHeaderFallback String: Dp-Http-Header-Fallback. Valid values: ip-header-address, default-profile.
dpHttpHeaderStatus String: Dp-Http-Header-Status. Valid values: disable, enable.
dpHttpHeaderSuppress String: Dp-Http-Header-Suppress. Valid values: disable, enable.
dpLogDynFlags List<String>: Dp-Log-Dyn_Flags. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
dpLogPeriod Number: Dp-Log-Period.
dpMemPercent Number: Dp-Mem-Percent.
dpProfileAttribute String: Dp-Profile-Attribute. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Vendor-Specific, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
dpProfileAttributeKey String: Dp-Profile-Attribute-Key.
dpRadiusResponse String: Dp-Radius-Response. Valid values: disable, enable.
dpRadiusServerPort Number: Dp-Radius-Server-Port.
dpSecrets List<String>: Dp-Secret.
dpValidateRequestSecret String: Dp-Validate-Request-Secret. Valid values: disable, enable.
dynamicProfile String: Dynamic-Profile. Valid values: disable, enable.
dynamicSortSubtable String: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
endpointTranslation String: Endpoint-Translation. Valid values: disable, enable.
epCarrierEndpointConvertHex String: Ep-Carrier-Endpoint-Convert-Hex. Valid values: disable, enable.
epCarrierEndpointHeader String: Ep-Carrier-Endpoint-Header.
epCarrierEndpointHeaderSuppress String: Ep-Carrier-Endpoint-Header-Suppress. Valid values: disable, enable.
epCarrierEndpointPrefix String: Ep-Carrier-Endpoint-Prefix. Valid values: disable, enable.
epCarrierEndpointPrefixRangeMax Number: Ep-Carrier-Endpoint-Prefix-Range-Max.
epCarrierEndpointPrefixRangeMin Number: Ep-Carrier-Endpoint-Prefix-Range-Min.
epCarrierEndpointPrefixString String: Ep-Carrier-Endpoint-Prefix-String.
epCarrierEndpointSource String: Ep-Carrier-Endpoint-Source. Valid values: http-header, cookie.
epIpHeader String: Ep-Ip-Header.
epIpHeaderSuppress String: Ep-Ip-Header-Suppress. Valid values: disable, enable.
epMissingHeaderFallback String: Ep-Missing-Header-Fallback. Valid values: session-ip, policy-profile.
epProfileQueryType String: Ep-Profile-Query-Type. Valid values: session-ip, extract-ip, extract-carrier-endpoint.
groupOverrideAttrType String: Group-Override-Attr-Type. Valid values: filter-Id, class.
h3cCompatibility String: Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: disable, enable.
interface String: Specify outgoing interface to reach server.
interfaceSelectMethod String: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
macCase String: MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
macPasswordDelimiter String: MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
macUsernameDelimiter String: MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
nasId String: Custom NAS identifier.
nasIdType String: NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
nasIp String: IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
objectUserRadiusDynamicMappingId String: an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
passwordEncoding String: Password encoding. Valid values: ISO-8859-1, auto.
passwordRenewal String: Enable/disable password renewal. Valid values: disable, enable.
radius String: Radius.
radiusCoa String: Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: disable, enable.
radiusPort Number: RADIUS service port number.
rsso String: Enable/disable RADIUS based single sign on feature. Valid values: disable, enable.
rssoContextTimeout Number: Time in seconds before the logged out user is removed from the "user context list" of logged on users.
rssoEndpointAttribute String: RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rssoEndpointBlockAttribute String: RADIUS attributes used to block a user. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
rssoEpOneIpOnly String: Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: disable, enable.
rssoFlushIpSession String: Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: disable, enable.
rssoLogFlags List<String>: Events to log. Valid values: none, protocol-error, profile-missing, context-missing, accounting-stop-missed, accounting-event, radiusd-other, endpoint-block.
rssoLogPeriod Number: Time interval in seconds that group event log messages will be generated for dynamic profile events.
rssoRadiusResponse String: Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: disable, enable.
rssoRadiusServerPort Number: UDP port to listen on for RADIUS Start and Stop records.
rssoSecrets List<String>: RADIUS secret used by the RADIUS accounting server.
rssoValidateRequestSecret String: Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: disable, enable.
scopetype String: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
secondarySecrets List<String>: Secret key to access the secondary server.
secondaryServer String: {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
secrets List<String>: Pre-shared secret key used to access the primary RADIUS server.
server String: Primary RADIUS server CN domain name or IP address.
serverIdentityCheck String: Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp String: Source IP address for communications to the RADIUS server.
sourceIpInterfaces List<String>: Source interface for communication with the RADIUS server.
ssoAttribute String: RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port, Service-Type, Framed-Protocol, Framed-IP-Address, Framed-IP-Netmask, Framed-Routing, Filter-Id, Framed-MTU, Framed-Compression, Login-IP-Host, Login-Service, Login-TCP-Port, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, State, Class, Session-Timeout, Idle-Timeout, Termination-Action, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Framed-AppleTalk-Zone, Acct-Status-Type, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Session-Id, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Multi-Session-Id, Acct-Link-Count, CHAP-Challenge, NAS-Port-Type, Port-Limit, Login-LAT-Port.
ssoAttributeKey String: Key prefix for SSO group value in the SSO attribute.
ssoAttributeValueOverride String: Enable/disable override old attribute value with new value for the same endpoint. Valid values: disable, enable.
statusTtl Number: Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
switchControllerAcctFastFramedipDetect Number: Switch-Controller-Acct-Fast-Framedip-Detect.
switchControllerNasIpDynamic String: Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: disable, enable.
switchControllerServiceTypes List<String>: Switch-Controller-Service-Type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
tertiarySecrets List<String>: Secret key to access the tertiary server.
tertiaryServer String: {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
timeout Number: Time in seconds between re-sending authentication requests.
tlsMinProtoVersion String: Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
transportProtocol String: Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
useGroupForProfile String: Use-Group-For-Profile. Valid values: disable, enable.
useManagementVdom String: Enable/disable using management VDOM to send requests. Valid values: disable, enable.
usernameCaseSensitive String: Enable/disable case sensitive user names. Valid values: disable, enable.

Supporting Types

ObjectUserRadiusDynamicMappingAccountingServer, ObjectUserRadiusDynamicMappingAccountingServerArgs

Id double: ID (0 - 4294967295).
Interface string: Specify outgoing interface to reach server.
InterfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
Port double: RADIUS accounting port number.
Secrets List<string>: Secret key.
Server string: {<name_str|ip_str>} Server CN domain name or IP.
SourceIp string: Source IP address for communications to the RADIUS server.
Status string: Status. Valid values: disable, enable.

Id float64: ID (0 - 4294967295).
Interface string: Specify outgoing interface to reach server.
InterfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
Port float64: RADIUS accounting port number.
Secrets []string: Secret key.
Server string: {<name_str|ip_str>} Server CN domain name or IP.
SourceIp string: Source IP address for communications to the RADIUS server.
Status string: Status. Valid values: disable, enable.

id Double: ID (0 - 4294967295).
interfaceSelectMethod String: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
interface_ String: Specify outgoing interface to reach server.
port Double: RADIUS accounting port number.
secrets List<String>: Secret key.
server String: {<name_str|ip_str>} Server CN domain name or IP.
sourceIp String: Source IP address for communications to the RADIUS server.
status String: Status. Valid values: disable, enable.

id number: ID (0 - 4294967295).
interface string: Specify outgoing interface to reach server.
interfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
port number: RADIUS accounting port number.
secrets string[]: Secret key.
server string: {<name_str|ip_str>} Server CN domain name or IP.
sourceIp string: Source IP address for communications to the RADIUS server.
status string: Status. Valid values: disable, enable.

id float: ID (0 - 4294967295).
interface str: Specify outgoing interface to reach server.
interface_select_method str: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
port float: RADIUS accounting port number.
secrets Sequence[str]: Secret key.
server str: {<name_str|ip_str>} Server CN domain name or IP.
source_ip str: Source IP address for communications to the RADIUS server.
status str: Status. Valid values: disable, enable.

id Number: ID (0 - 4294967295).
interface String: Specify outgoing interface to reach server.
interfaceSelectMethod String: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
port Number: RADIUS accounting port number.
secrets List<String>: Secret key.
server String: {<name_str|ip_str>} Server CN domain name or IP.
sourceIp String: Source IP address for communications to the RADIUS server.
status String: Status. Valid values: disable, enable.

ObjectUserRadiusDynamicMapping_Scope, ObjectUserRadiusDynamicMapping_ScopeArgs

Name string: Name.
Vdom string: Vdom.

Name string: Name.
Vdom string: Vdom.

name String: Name.
vdom String: Vdom.

name string: Name.
vdom string: Vdom.

name str: Name.
vdom str: Vdom.

name String: Name.
vdom String: Vdom.

Import

ObjectUser RadiusDynamicMapping can be imported using any of these accepted formats:

Set import_options = [“radius=YOUR_VALUE”] in the provider section.

$ export “FORTIMANAGER_IMPORT_TABLE”=“true”

$ pulumi import fortimanager:index/objectUserRadiusDynamicMapping:ObjectUserRadiusDynamicMapping labelname {{_scope.name}}.{{_scope.vdom}}

$ unset “FORTIMANAGER_IMPORT_TABLE”

-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: fortimanager fortinetdev/terraform-provider-fortimanager
License
Notes: This Pulumi package is based on the fortimanager Terraform Provider.

fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortinetdev/terraform-provider-fortimanager

fortimanager.ObjectUserRadiusDynamicMapping

On this page

On this page

Create ObjectUserRadiusDynamicMapping Resource

Constructor syntax

Parameters

Constructor example

ObjectUserRadiusDynamicMapping Resource Properties

Inputs

Outputs

Look up Existing ObjectUserRadiusDynamicMapping Resource

Supporting Types

ObjectUserRadiusDynamicMappingAccountingServer, ObjectUserRadiusDynamicMappingAccountingServerArgs

ObjectUserRadiusDynamicMapping_Scope, ObjectUserRadiusDynamicMapping_ScopeArgs

Import

Package Details

On this page

On this page