Okta v4.8.1, Apr 18 24

Okta v4.8.1 published on Thursday, Apr 18, 2024 by Pulumi

okta.auth.ServerPolicyRule

Explore with Pulumi AI

Okta v4.8.1 published on Thursday, Apr 18, 2024 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.auth.ServerPolicyRule("example", {
    authServerId: "<auth server id>",
    grantTypeWhitelists: ["implicit"],
    groupWhitelists: ["<group ids>"],
    policyId: "<auth server policy id>",
    priority: 1,
    status: "ACTIVE",
});

import pulumi
import pulumi_okta as okta

example = okta.auth.ServerPolicyRule("example",
    auth_server_id="<auth server id>",
    grant_type_whitelists=["implicit"],
    group_whitelists=["<group ids>"],
    policy_id="<auth server policy id>",
    priority=1,
    status="ACTIVE")

package main

import (
	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/auth"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth.NewServerPolicyRule(ctx, "example", &auth.ServerPolicyRuleArgs{
			AuthServerId: pulumi.String("<auth server id>"),
			GrantTypeWhitelists: pulumi.StringArray{
				pulumi.String("implicit"),
			},
			GroupWhitelists: pulumi.StringArray{
				pulumi.String("<group ids>"),
			},
			PolicyId: pulumi.String("<auth server policy id>"),
			Priority: pulumi.Int(1),
			Status:   pulumi.String("ACTIVE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;

return await Deployment.RunAsync(() => 
{
    var example = new Okta.Auth.ServerPolicyRule("example", new()
    {
        AuthServerId = "<auth server id>",
        GrantTypeWhitelists = new[]
        {
            "implicit",
        },
        GroupWhitelists = new[]
        {
            "<group ids>",
        },
        PolicyId = "<auth server policy id>",
        Priority = 1,
        Status = "ACTIVE",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.auth.ServerPolicyRule;
import com.pulumi.okta.auth.ServerPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ServerPolicyRule("example", ServerPolicyRuleArgs.builder()        
            .authServerId("<auth server id>")
            .grantTypeWhitelists("implicit")
            .groupWhitelists("<group ids>")
            .policyId("<auth server policy id>")
            .priority(1)
            .status("ACTIVE")
            .build());

    }
}

resources:
  example:
    type: okta:auth:ServerPolicyRule
    properties:
      authServerId: <auth server id>
      grantTypeWhitelists:
        - implicit
      groupWhitelists:
        - <group ids>
      policyId: <auth server policy id>
      priority: 1
      status: ACTIVE

Create ServerPolicyRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ServerPolicyRule(name: string, args: ServerPolicyRuleArgs, opts?: CustomResourceOptions);

@overload
def ServerPolicyRule(resource_name: str,
                     args: ServerPolicyRuleArgs,
                     opts: Optional[ResourceOptions] = None)

@overload
def ServerPolicyRule(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     policy_id: Optional[str] = None,
                     auth_server_id: Optional[str] = None,
                     grant_type_whitelists: Optional[Sequence[str]] = None,
                     priority: Optional[int] = None,
                     group_whitelists: Optional[Sequence[str]] = None,
                     inline_hook_id: Optional[str] = None,
                     name: Optional[str] = None,
                     access_token_lifetime_minutes: Optional[int] = None,
                     group_blacklists: Optional[Sequence[str]] = None,
                     refresh_token_lifetime_minutes: Optional[int] = None,
                     refresh_token_window_minutes: Optional[int] = None,
                     scope_whitelists: Optional[Sequence[str]] = None,
                     status: Optional[str] = None,
                     type: Optional[str] = None,
                     user_blacklists: Optional[Sequence[str]] = None,
                     user_whitelists: Optional[Sequence[str]] = None)

func NewServerPolicyRule(ctx *Context, name string, args ServerPolicyRuleArgs, opts ...ResourceOption) (*ServerPolicyRule, error)

public ServerPolicyRule(string name, ServerPolicyRuleArgs args, CustomResourceOptions? opts = null)

public ServerPolicyRule(String name, ServerPolicyRuleArgs args)
public ServerPolicyRule(String name, ServerPolicyRuleArgs args, CustomResourceOptions options)

type: okta:auth:ServerPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ServerPolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ServerPolicyRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ServerPolicyRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ServerPolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ServerPolicyRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Example

The following reference example uses placeholder values for all input properties.

var serverPolicyRuleResource = new Okta.Auth.ServerPolicyRule("serverPolicyRuleResource", new()
{
    PolicyId = "string",
    AuthServerId = "string",
    GrantTypeWhitelists = new[]
    {
        "string",
    },
    Priority = 0,
    GroupWhitelists = new[]
    {
        "string",
    },
    InlineHookId = "string",
    Name = "string",
    AccessTokenLifetimeMinutes = 0,
    GroupBlacklists = new[]
    {
        "string",
    },
    RefreshTokenLifetimeMinutes = 0,
    RefreshTokenWindowMinutes = 0,
    ScopeWhitelists = new[]
    {
        "string",
    },
    Status = "string",
    Type = "string",
    UserBlacklists = new[]
    {
        "string",
    },
    UserWhitelists = new[]
    {
        "string",
    },
});

example, err := auth.NewServerPolicyRule(ctx, "serverPolicyRuleResource", &auth.ServerPolicyRuleArgs{
	PolicyId:     pulumi.String("string"),
	AuthServerId: pulumi.String("string"),
	GrantTypeWhitelists: pulumi.StringArray{
		pulumi.String("string"),
	},
	Priority: pulumi.Int(0),
	GroupWhitelists: pulumi.StringArray{
		pulumi.String("string"),
	},
	InlineHookId:               pulumi.String("string"),
	Name:                       pulumi.String("string"),
	AccessTokenLifetimeMinutes: pulumi.Int(0),
	GroupBlacklists: pulumi.StringArray{
		pulumi.String("string"),
	},
	RefreshTokenLifetimeMinutes: pulumi.Int(0),
	RefreshTokenWindowMinutes:   pulumi.Int(0),
	ScopeWhitelists: pulumi.StringArray{
		pulumi.String("string"),
	},
	Status: pulumi.String("string"),
	Type:   pulumi.String("string"),
	UserBlacklists: pulumi.StringArray{
		pulumi.String("string"),
	},
	UserWhitelists: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var serverPolicyRuleResource = new ServerPolicyRule("serverPolicyRuleResource", ServerPolicyRuleArgs.builder()        
    .policyId("string")
    .authServerId("string")
    .grantTypeWhitelists("string")
    .priority(0)
    .groupWhitelists("string")
    .inlineHookId("string")
    .name("string")
    .accessTokenLifetimeMinutes(0)
    .groupBlacklists("string")
    .refreshTokenLifetimeMinutes(0)
    .refreshTokenWindowMinutes(0)
    .scopeWhitelists("string")
    .status("string")
    .type("string")
    .userBlacklists("string")
    .userWhitelists("string")
    .build());

server_policy_rule_resource = okta.auth.ServerPolicyRule("serverPolicyRuleResource",
    policy_id="string",
    auth_server_id="string",
    grant_type_whitelists=["string"],
    priority=0,
    group_whitelists=["string"],
    inline_hook_id="string",
    name="string",
    access_token_lifetime_minutes=0,
    group_blacklists=["string"],
    refresh_token_lifetime_minutes=0,
    refresh_token_window_minutes=0,
    scope_whitelists=["string"],
    status="string",
    type="string",
    user_blacklists=["string"],
    user_whitelists=["string"])

const serverPolicyRuleResource = new okta.auth.ServerPolicyRule("serverPolicyRuleResource", {
    policyId: "string",
    authServerId: "string",
    grantTypeWhitelists: ["string"],
    priority: 0,
    groupWhitelists: ["string"],
    inlineHookId: "string",
    name: "string",
    accessTokenLifetimeMinutes: 0,
    groupBlacklists: ["string"],
    refreshTokenLifetimeMinutes: 0,
    refreshTokenWindowMinutes: 0,
    scopeWhitelists: ["string"],
    status: "string",
    type: "string",
    userBlacklists: ["string"],
    userWhitelists: ["string"],
});

type: okta:auth:ServerPolicyRule
properties:
    accessTokenLifetimeMinutes: 0
    authServerId: string
    grantTypeWhitelists:
        - string
    groupBlacklists:
        - string
    groupWhitelists:
        - string
    inlineHookId: string
    name: string
    policyId: string
    priority: 0
    refreshTokenLifetimeMinutes: 0
    refreshTokenWindowMinutes: 0
    scopeWhitelists:
        - string
    status: string
    type: string
    userBlacklists:
        - string
    userWhitelists:
        - string

ServerPolicyRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The ServerPolicyRule resource accepts the following input properties:

AuthServerId string: Auth Server ID.
GrantTypeWhitelists List<string>: Accepted grant type values, "authorization_code", "implicit", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:saml2-bearer" (Early Access Property), "urn:ietf:params:oauth:grant-type:token-exchange" (Early Access Property), "urn:ietf:params:oauth:grant-type:device_code" (Early Access Property), "interaction_code" (OIE only). For "implicit" value either user_whitelist or group_whitelist should be set.
PolicyId string: Auth Server Policy ID.
Priority int: Priority of the auth server policy rule.
AccessTokenLifetimeMinutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
GroupBlacklists List<string>: Specifies a set of Groups whose Users are to be excluded.
GroupWhitelists List<string>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: "EVERYONE".
InlineHookId string: The ID of the inline token to trigger.
Name string: Auth Server Policy Rule name.
RefreshTokenLifetimeMinutes int: Lifetime of refresh token.
RefreshTokenWindowMinutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days). "refresh_token_window_minutes" must be between "access_token_lifetime_minutes" and "refresh_token_lifetime_minutes".
ScopeWhitelists List<string>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
Status string: The status of the Auth Server Policy Rule.
Type string: The type of the Auth Server Policy Rule.
UserBlacklists List<string>: Specifies a set of Users to be excluded.
UserWhitelists List<string>: Specifies a set of Users to be included.

AuthServerId string: Auth Server ID.
GrantTypeWhitelists []string: Accepted grant type values, "authorization_code", "implicit", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:saml2-bearer" (Early Access Property), "urn:ietf:params:oauth:grant-type:token-exchange" (Early Access Property), "urn:ietf:params:oauth:grant-type:device_code" (Early Access Property), "interaction_code" (OIE only). For "implicit" value either user_whitelist or group_whitelist should be set.
PolicyId string: Auth Server Policy ID.
Priority int: Priority of the auth server policy rule.
AccessTokenLifetimeMinutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
GroupBlacklists []string: Specifies a set of Groups whose Users are to be excluded.
GroupWhitelists []string: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: "EVERYONE".
InlineHookId string: The ID of the inline token to trigger.
Name string: Auth Server Policy Rule name.
RefreshTokenLifetimeMinutes int: Lifetime of refresh token.
RefreshTokenWindowMinutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days). "refresh_token_window_minutes" must be between "access_token_lifetime_minutes" and "refresh_token_lifetime_minutes".
ScopeWhitelists []string: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
Status string: The status of the Auth Server Policy Rule.
Type string: The type of the Auth Server Policy Rule.
UserBlacklists []string: Specifies a set of Users to be excluded.
UserWhitelists []string: Specifies a set of Users to be included.

authServerId String: Auth Server ID.
grantTypeWhitelists List<String>: Accepted grant type values, "authorization_code", "implicit", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:saml2-bearer" (Early Access Property), "urn:ietf:params:oauth:grant-type:token-exchange" (Early Access Property), "urn:ietf:params:oauth:grant-type:device_code" (Early Access Property), "interaction_code" (OIE only). For "implicit" value either user_whitelist or group_whitelist should be set.
policyId String: Auth Server Policy ID.
priority Integer: Priority of the auth server policy rule.
accessTokenLifetimeMinutes Integer: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
groupBlacklists List<String>: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists List<String>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: "EVERYONE".
inlineHookId String: The ID of the inline token to trigger.
name String: Auth Server Policy Rule name.
refreshTokenLifetimeMinutes Integer: Lifetime of refresh token.
refreshTokenWindowMinutes Integer: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days). "refresh_token_window_minutes" must be between "access_token_lifetime_minutes" and "refresh_token_lifetime_minutes".
scopeWhitelists List<String>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
status String: The status of the Auth Server Policy Rule.
type String: The type of the Auth Server Policy Rule.
userBlacklists List<String>: Specifies a set of Users to be excluded.
userWhitelists List<String>: Specifies a set of Users to be included.

authServerId string: Auth Server ID.
grantTypeWhitelists string[]: Accepted grant type values, "authorization_code", "implicit", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:saml2-bearer" (Early Access Property), "urn:ietf:params:oauth:grant-type:token-exchange" (Early Access Property), "urn:ietf:params:oauth:grant-type:device_code" (Early Access Property), "interaction_code" (OIE only). For "implicit" value either user_whitelist or group_whitelist should be set.
policyId string: Auth Server Policy ID.
priority number: Priority of the auth server policy rule.
accessTokenLifetimeMinutes number: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
groupBlacklists string[]: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists string[]: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: "EVERYONE".
inlineHookId string: The ID of the inline token to trigger.
name string: Auth Server Policy Rule name.
refreshTokenLifetimeMinutes number: Lifetime of refresh token.
refreshTokenWindowMinutes number: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days). "refresh_token_window_minutes" must be between "access_token_lifetime_minutes" and "refresh_token_lifetime_minutes".
scopeWhitelists string[]: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
status string: The status of the Auth Server Policy Rule.
type string: The type of the Auth Server Policy Rule.
userBlacklists string[]: Specifies a set of Users to be excluded.
userWhitelists string[]: Specifies a set of Users to be included.

auth_server_id str: Auth Server ID.
grant_type_whitelists Sequence[str]: Accepted grant type values, "authorization_code", "implicit", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:saml2-bearer" (Early Access Property), "urn:ietf:params:oauth:grant-type:token-exchange" (Early Access Property), "urn:ietf:params:oauth:grant-type:device_code" (Early Access Property), "interaction_code" (OIE only). For "implicit" value either user_whitelist or group_whitelist should be set.
policy_id str: Auth Server Policy ID.
priority int: Priority of the auth server policy rule.
access_token_lifetime_minutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
group_blacklists Sequence[str]: Specifies a set of Groups whose Users are to be excluded.
group_whitelists Sequence[str]: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: "EVERYONE".
inline_hook_id str: The ID of the inline token to trigger.
name str: Auth Server Policy Rule name.
refresh_token_lifetime_minutes int: Lifetime of refresh token.
refresh_token_window_minutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days). "refresh_token_window_minutes" must be between "access_token_lifetime_minutes" and "refresh_token_lifetime_minutes".
scope_whitelists Sequence[str]: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
status str: The status of the Auth Server Policy Rule.
type str: The type of the Auth Server Policy Rule.
user_blacklists Sequence[str]: Specifies a set of Users to be excluded.
user_whitelists Sequence[str]: Specifies a set of Users to be included.

authServerId String: Auth Server ID.
grantTypeWhitelists List<String>: Accepted grant type values, "authorization_code", "implicit", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:saml2-bearer" (Early Access Property), "urn:ietf:params:oauth:grant-type:token-exchange" (Early Access Property), "urn:ietf:params:oauth:grant-type:device_code" (Early Access Property), "interaction_code" (OIE only). For "implicit" value either user_whitelist or group_whitelist should be set.
policyId String: Auth Server Policy ID.
priority Number: Priority of the auth server policy rule.
accessTokenLifetimeMinutes Number: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
groupBlacklists List<String>: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists List<String>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: "EVERYONE".
inlineHookId String: The ID of the inline token to trigger.
name String: Auth Server Policy Rule name.
refreshTokenLifetimeMinutes Number: Lifetime of refresh token.
refreshTokenWindowMinutes Number: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days). "refresh_token_window_minutes" must be between "access_token_lifetime_minutes" and "refresh_token_lifetime_minutes".
scopeWhitelists List<String>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
status String: The status of the Auth Server Policy Rule.
type String: The type of the Auth Server Policy Rule.
userBlacklists List<String>: Specifies a set of Users to be excluded.
userWhitelists List<String>: Specifies a set of Users to be included.

Outputs

All input properties are implicitly available as output properties. Additionally, the ServerPolicyRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
System bool: The rule is the system (default) rule for its associated policy.

Id string: The provider-assigned unique ID for this managed resource.
System bool: The rule is the system (default) rule for its associated policy.

id String: The provider-assigned unique ID for this managed resource.
system Boolean: The rule is the system (default) rule for its associated policy.

id string: The provider-assigned unique ID for this managed resource.
system boolean: The rule is the system (default) rule for its associated policy.

id str: The provider-assigned unique ID for this managed resource.
system bool: The rule is the system (default) rule for its associated policy.

id String: The provider-assigned unique ID for this managed resource.
system Boolean: The rule is the system (default) rule for its associated policy.

Look up Existing ServerPolicyRule Resource

Get an existing ServerPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ServerPolicyRuleState, opts?: CustomResourceOptions): ServerPolicyRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_token_lifetime_minutes: Optional[int] = None,
        auth_server_id: Optional[str] = None,
        grant_type_whitelists: Optional[Sequence[str]] = None,
        group_blacklists: Optional[Sequence[str]] = None,
        group_whitelists: Optional[Sequence[str]] = None,
        inline_hook_id: Optional[str] = None,
        name: Optional[str] = None,
        policy_id: Optional[str] = None,
        priority: Optional[int] = None,
        refresh_token_lifetime_minutes: Optional[int] = None,
        refresh_token_window_minutes: Optional[int] = None,
        scope_whitelists: Optional[Sequence[str]] = None,
        status: Optional[str] = None,
        system: Optional[bool] = None,
        type: Optional[str] = None,
        user_blacklists: Optional[Sequence[str]] = None,
        user_whitelists: Optional[Sequence[str]] = None) -> ServerPolicyRule

func GetServerPolicyRule(ctx *Context, name string, id IDInput, state *ServerPolicyRuleState, opts ...ResourceOption) (*ServerPolicyRule, error)

public static ServerPolicyRule Get(string name, Input<string> id, ServerPolicyRuleState? state, CustomResourceOptions? opts = null)

public static ServerPolicyRule get(String name, Output<String> id, ServerPolicyRuleState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessTokenLifetimeMinutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
AuthServerId string: Auth Server ID.
GrantTypeWhitelists List<string>: Accepted grant type values, "authorization_code", "implicit", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:saml2-bearer" (Early Access Property), "urn:ietf:params:oauth:grant-type:token-exchange" (Early Access Property), "urn:ietf:params:oauth:grant-type:device_code" (Early Access Property), "interaction_code" (OIE only). For "implicit" value either user_whitelist or group_whitelist should be set.
GroupBlacklists List<string>: Specifies a set of Groups whose Users are to be excluded.
GroupWhitelists List<string>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: "EVERYONE".
InlineHookId string: The ID of the inline token to trigger.
Name string: Auth Server Policy Rule name.
PolicyId string: Auth Server Policy ID.
Priority int: Priority of the auth server policy rule.
RefreshTokenLifetimeMinutes int: Lifetime of refresh token.
RefreshTokenWindowMinutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days). "refresh_token_window_minutes" must be between "access_token_lifetime_minutes" and "refresh_token_lifetime_minutes".
ScopeWhitelists List<string>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
Status string: The status of the Auth Server Policy Rule.
System bool: The rule is the system (default) rule for its associated policy.
Type string: The type of the Auth Server Policy Rule.
UserBlacklists List<string>: Specifies a set of Users to be excluded.
UserWhitelists List<string>: Specifies a set of Users to be included.

AccessTokenLifetimeMinutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
AuthServerId string: Auth Server ID.
GrantTypeWhitelists []string: Accepted grant type values, "authorization_code", "implicit", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:saml2-bearer" (Early Access Property), "urn:ietf:params:oauth:grant-type:token-exchange" (Early Access Property), "urn:ietf:params:oauth:grant-type:device_code" (Early Access Property), "interaction_code" (OIE only). For "implicit" value either user_whitelist or group_whitelist should be set.
GroupBlacklists []string: Specifies a set of Groups whose Users are to be excluded.
GroupWhitelists []string: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: "EVERYONE".
InlineHookId string: The ID of the inline token to trigger.
Name string: Auth Server Policy Rule name.
PolicyId string: Auth Server Policy ID.
Priority int: Priority of the auth server policy rule.
RefreshTokenLifetimeMinutes int: Lifetime of refresh token.
RefreshTokenWindowMinutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days). "refresh_token_window_minutes" must be between "access_token_lifetime_minutes" and "refresh_token_lifetime_minutes".
ScopeWhitelists []string: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
Status string: The status of the Auth Server Policy Rule.
System bool: The rule is the system (default) rule for its associated policy.
Type string: The type of the Auth Server Policy Rule.
UserBlacklists []string: Specifies a set of Users to be excluded.
UserWhitelists []string: Specifies a set of Users to be included.

accessTokenLifetimeMinutes Integer: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
authServerId String: Auth Server ID.
grantTypeWhitelists List<String>: Accepted grant type values, "authorization_code", "implicit", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:saml2-bearer" (Early Access Property), "urn:ietf:params:oauth:grant-type:token-exchange" (Early Access Property), "urn:ietf:params:oauth:grant-type:device_code" (Early Access Property), "interaction_code" (OIE only). For "implicit" value either user_whitelist or group_whitelist should be set.
groupBlacklists List<String>: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists List<String>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: "EVERYONE".
inlineHookId String: The ID of the inline token to trigger.
name String: Auth Server Policy Rule name.
policyId String: Auth Server Policy ID.
priority Integer: Priority of the auth server policy rule.
refreshTokenLifetimeMinutes Integer: Lifetime of refresh token.
refreshTokenWindowMinutes Integer: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days). "refresh_token_window_minutes" must be between "access_token_lifetime_minutes" and "refresh_token_lifetime_minutes".
scopeWhitelists List<String>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
status String: The status of the Auth Server Policy Rule.
system Boolean: The rule is the system (default) rule for its associated policy.
type String: The type of the Auth Server Policy Rule.
userBlacklists List<String>: Specifies a set of Users to be excluded.
userWhitelists List<String>: Specifies a set of Users to be included.

accessTokenLifetimeMinutes number: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
authServerId string: Auth Server ID.
grantTypeWhitelists string[]: Accepted grant type values, "authorization_code", "implicit", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:saml2-bearer" (Early Access Property), "urn:ietf:params:oauth:grant-type:token-exchange" (Early Access Property), "urn:ietf:params:oauth:grant-type:device_code" (Early Access Property), "interaction_code" (OIE only). For "implicit" value either user_whitelist or group_whitelist should be set.
groupBlacklists string[]: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists string[]: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: "EVERYONE".
inlineHookId string: The ID of the inline token to trigger.
name string: Auth Server Policy Rule name.
policyId string: Auth Server Policy ID.
priority number: Priority of the auth server policy rule.
refreshTokenLifetimeMinutes number: Lifetime of refresh token.
refreshTokenWindowMinutes number: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days). "refresh_token_window_minutes" must be between "access_token_lifetime_minutes" and "refresh_token_lifetime_minutes".
scopeWhitelists string[]: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
status string: The status of the Auth Server Policy Rule.
system boolean: The rule is the system (default) rule for its associated policy.
type string: The type of the Auth Server Policy Rule.
userBlacklists string[]: Specifies a set of Users to be excluded.
userWhitelists string[]: Specifies a set of Users to be included.

access_token_lifetime_minutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
auth_server_id str: Auth Server ID.
grant_type_whitelists Sequence[str]: Accepted grant type values, "authorization_code", "implicit", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:saml2-bearer" (Early Access Property), "urn:ietf:params:oauth:grant-type:token-exchange" (Early Access Property), "urn:ietf:params:oauth:grant-type:device_code" (Early Access Property), "interaction_code" (OIE only). For "implicit" value either user_whitelist or group_whitelist should be set.
group_blacklists Sequence[str]: Specifies a set of Groups whose Users are to be excluded.
group_whitelists Sequence[str]: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: "EVERYONE".
inline_hook_id str: The ID of the inline token to trigger.
name str: Auth Server Policy Rule name.
policy_id str: Auth Server Policy ID.
priority int: Priority of the auth server policy rule.
refresh_token_lifetime_minutes int: Lifetime of refresh token.
refresh_token_window_minutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days). "refresh_token_window_minutes" must be between "access_token_lifetime_minutes" and "refresh_token_lifetime_minutes".
scope_whitelists Sequence[str]: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
status str: The status of the Auth Server Policy Rule.
system bool: The rule is the system (default) rule for its associated policy.
type str: The type of the Auth Server Policy Rule.
user_blacklists Sequence[str]: Specifies a set of Users to be excluded.
user_whitelists Sequence[str]: Specifies a set of Users to be included.

accessTokenLifetimeMinutes Number: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
authServerId String: Auth Server ID.
grantTypeWhitelists List<String>: Accepted grant type values, "authorization_code", "implicit", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:saml2-bearer" (Early Access Property), "urn:ietf:params:oauth:grant-type:token-exchange" (Early Access Property), "urn:ietf:params:oauth:grant-type:device_code" (Early Access Property), "interaction_code" (OIE only). For "implicit" value either user_whitelist or group_whitelist should be set.
groupBlacklists List<String>: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists List<String>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: "EVERYONE".
inlineHookId String: The ID of the inline token to trigger.
name String: Auth Server Policy Rule name.
policyId String: Auth Server Policy ID.
priority Number: Priority of the auth server policy rule.
refreshTokenLifetimeMinutes Number: Lifetime of refresh token.
refreshTokenWindowMinutes Number: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days). "refresh_token_window_minutes" must be between "access_token_lifetime_minutes" and "refresh_token_lifetime_minutes".
scopeWhitelists List<String>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
status String: The status of the Auth Server Policy Rule.
system Boolean: The rule is the system (default) rule for its associated policy.
type String: The type of the Auth Server Policy Rule.
userBlacklists List<String>: Specifies a set of Users to be excluded.
userWhitelists List<String>: Specifies a set of Users to be included.

Import

Authorization Server Policy Rule can be imported via the Auth Server ID, Policy ID, and Policy Rule ID.

$ pulumi import okta:auth/serverPolicyRule:ServerPolicyRule example &#60;auth server id&#62;/&#60;policy id&#62;/&#60;policy rule id&#62;

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Okta pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

Okta v4.8.1 published on Thursday, Apr 18, 2024 by Pulumi

pulumi/pulumi-okta

okta.auth.ServerPolicyRule

On this page

On this page

Example Usage

Create ServerPolicyRule Resource

Constructor syntax

Parameters

Example

ServerPolicyRule Resource Properties

Inputs

Outputs

Look up Existing ServerPolicyRule Resource

Import

Package Details

On this page

On this page