Overview

The IronWiFi Terraform Provider enables you to manage your WiFi infrastructure as code. Define networks, users, groups, policies, captive portals, and more using HashiCorp Terraform — bringing version control, automation, and reproducibility to your WiFi management workflow.

Supported Resources (12)

• ironwifi_network — WiFi networks (SSIDs, auth settings, RADIUS)
• ironwifi_user — End users and guest accounts
• ironwifi_group — User groups for access control
• ironwifi_policy — Conditional access policies
• ironwifi_captive_portal — Guest portal configurations
• ironwifi_authentication_provider — LDAP, SAML, OAuth2 providers
• ironwifi_device — MAC-authenticated devices
• ironwifi_certificate — EAP-TLS certificates
• ironwifi_profile — Authentication profiles
• ironwifi_connector — Directory sync connectors
• ironwifi_voucher — Guest voucher templates
• ironwifi_org_unit — Organizational units

Data Sources (6)

• ironwifi_networks, ironwifi_users, ironwifi_groups
• ironwifi_policies, ironwifi_devices, ironwifi_authentication_providers

Authentication

The provider supports two authentication methods:

API Token (Recommended) — Generate an Operator API Token from the IronWiFi console under Settings > API Tokens. Use it with the api_token provider attribute or the IRONWIFI_API_TOKEN environment variable.

OAuth2 Credentials — Use your IronWiFi username and password with OAuth2 password grant. Set username, password, client_id, and client_secret in the provider block.

Quick Start

terraform {
  required_providers {
    ironwifi = {
      source = "ironwifi/ironwifi"
    }
  }
}

provider "ironwifi" {
  api_endpoint = "https://console.ironwifi.com"
  api_token    = var.ironwifi_api_token
  company_id   = var.ironwifi_company_id
}

resource "ironwifi_network" "office" {
  name   = "OfficeWiFi"
  region = "us-east1"
  secret = "radius-shared-secret"
}

resource "ironwifi_group" "engineering" {
  name        = "Engineering"
  description = "Engineering team"
  priority    = 10
}

resource "ironwifi_user" "admin" {
  username   = "admin@company.com"
  email      = "admin@company.com"
  password   = "SecureP@ssw0rd123"
  firstname  = "Admin"
  lastname   = "User"
  user_type  = "e"
  authsource = "local"
}

Then run: terraform init, terraform plan, terraform apply

Environment Variables

• IRONWIFI_API_TOKEN — API token for authentication
• IRONWIFI_API_ENDPOINT — API endpoint URL
• IRONWIFI_COMPANY_ID — Your company/tenant ID

Importing Existing Resources

Import existing IronWiFi resources into Terraform state:

terraform import ironwifi_network.example abc-123-def
terraform import ironwifi_user.admin user-456-ghi

Multi-Region Support

Target specific regions using provider aliases:

provider "ironwifi" {
  alias        = "europe"
  api_endpoint = "https://europe-west1.ironwifi.com"
  api_token    = var.ironwifi_api_token
  company_id   = var.company_id
}

Common Use Cases

Guest WiFi Setup — Provision a complete guest WiFi environment with a captive portal, authentication provider, and voucher template in a single Terraform configuration.

Enterprise WiFi — Manage networks, user groups, access policies, and LDAP/SAML authentication providers as code for multi-site deployments.

Automated Onboarding — Use Terraform in CI/CD pipelines to automatically provision WiFi users, groups, and device certificates when onboarding new employees or locations.

Need Help?

Contact IronWiFi support at support@ironwifi.com or visit the IronWiFi documentation portal for more details.