okta.policy.Mfa
Explore with Pulumi AI
Creates an MFA Policy.
This resource allows you to create and configure an MFA Policy.
Requires Org Feature Flag
OKTA_MFA_POLICY
. Contact support to have this feature flag enabled.
Unless Org Feature Flag
ENG_ENABLE_OPTIONAL_PASSWORD_ENROLLMENT
is disabledokta_password
orokta_email
must be present and itsenroll
value set toREQUIRED
. Contact support to have this feature flag disabled.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const classicExample = new okta.policy.Mfa("classicExample", {
description: "Example MFA policy using Okta Classic engine with factors.",
groupsIncludeds: [data.okta_group.everyone.id],
isOie: false,
oktaOtp: {
enroll: "REQUIRED",
},
oktaPassword: {
enroll: "REQUIRED",
},
status: "ACTIVE",
});
const oieExample = new okta.policy.Mfa("oieExample", {
description: "Example MFA policy that uses Okta Identity Engine (OIE) with authenticators",
groupsIncludeds: [data.okta_group.everyone.id],
isOie: true,
oktaPassword: {
enroll: "REQUIRED",
},
oktaVerify: {
enroll: "REQUIRED",
},
status: "ACTIVE",
});
import pulumi
import pulumi_okta as okta
classic_example = okta.policy.Mfa("classicExample",
description="Example MFA policy using Okta Classic engine with factors.",
groups_includeds=[data["okta_group"]["everyone"]["id"]],
is_oie=False,
okta_otp={
"enroll": "REQUIRED",
},
okta_password={
"enroll": "REQUIRED",
},
status="ACTIVE")
oie_example = okta.policy.Mfa("oieExample",
description="Example MFA policy that uses Okta Identity Engine (OIE) with authenticators",
groups_includeds=[data["okta_group"]["everyone"]["id"]],
is_oie=True,
okta_password={
"enroll": "REQUIRED",
},
okta_verify={
"enroll": "REQUIRED",
},
status="ACTIVE")
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := policy.NewMfa(ctx, "classicExample", &policy.MfaArgs{
Description: pulumi.String("Example MFA policy using Okta Classic engine with factors."),
GroupsIncludeds: pulumi.StringArray{
data.Okta_group.Everyone.Id,
},
IsOie: pulumi.Bool(false),
OktaOtp: pulumi.StringMap{
"enroll": pulumi.String("REQUIRED"),
},
OktaPassword: pulumi.StringMap{
"enroll": pulumi.String("REQUIRED"),
},
Status: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
_, err = policy.NewMfa(ctx, "oieExample", &policy.MfaArgs{
Description: pulumi.String("Example MFA policy that uses Okta Identity Engine (OIE) with authenticators"),
GroupsIncludeds: pulumi.StringArray{
data.Okta_group.Everyone.Id,
},
IsOie: pulumi.Bool(true),
OktaPassword: pulumi.StringMap{
"enroll": pulumi.String("REQUIRED"),
},
OktaVerify: pulumi.StringMap{
"enroll": pulumi.String("REQUIRED"),
},
Status: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var classicExample = new Okta.Policy.Mfa("classicExample", new()
{
Description = "Example MFA policy using Okta Classic engine with factors.",
GroupsIncludeds = new[]
{
data.Okta_group.Everyone.Id,
},
IsOie = false,
OktaOtp =
{
{ "enroll", "REQUIRED" },
},
OktaPassword =
{
{ "enroll", "REQUIRED" },
},
Status = "ACTIVE",
});
var oieExample = new Okta.Policy.Mfa("oieExample", new()
{
Description = "Example MFA policy that uses Okta Identity Engine (OIE) with authenticators",
GroupsIncludeds = new[]
{
data.Okta_group.Everyone.Id,
},
IsOie = true,
OktaPassword =
{
{ "enroll", "REQUIRED" },
},
OktaVerify =
{
{ "enroll", "REQUIRED" },
},
Status = "ACTIVE",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.Mfa;
import com.pulumi.okta.policy.MfaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var classicExample = new Mfa("classicExample", MfaArgs.builder()
.description("Example MFA policy using Okta Classic engine with factors.")
.groupsIncludeds(data.okta_group().everyone().id())
.isOie(false)
.oktaOtp(Map.of("enroll", "REQUIRED"))
.oktaPassword(Map.of("enroll", "REQUIRED"))
.status("ACTIVE")
.build());
var oieExample = new Mfa("oieExample", MfaArgs.builder()
.description("Example MFA policy that uses Okta Identity Engine (OIE) with authenticators")
.groupsIncludeds(data.okta_group().everyone().id())
.isOie(true)
.oktaPassword(Map.of("enroll", "REQUIRED"))
.oktaVerify(Map.of("enroll", "REQUIRED"))
.status("ACTIVE")
.build());
}
}
resources:
classicExample:
type: okta:policy:Mfa
properties:
description: Example MFA policy using Okta Classic engine with factors.
groupsIncludeds:
- ${data.okta_group.everyone.id}
isOie: false
oktaOtp:
enroll: REQUIRED
oktaPassword:
enroll: REQUIRED
status: ACTIVE
oieExample:
type: okta:policy:Mfa
properties:
description: Example MFA policy that uses Okta Identity Engine (OIE) with authenticators
groupsIncludeds:
- ${data.okta_group.everyone.id}
isOie: true
oktaPassword:
enroll: REQUIRED
# The following authenticator can only be used when `is_oie` is set to true
oktaVerify:
enroll: REQUIRED
status: ACTIVE
Create Mfa Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Mfa(name: string, args?: MfaArgs, opts?: CustomResourceOptions);
@overload
def Mfa(resource_name: str,
args: Optional[MfaArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Mfa(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
duo: Optional[Mapping[str, str]] = None,
external_idp: Optional[Mapping[str, str]] = None,
fido_u2f: Optional[Mapping[str, str]] = None,
fido_webauthn: Optional[Mapping[str, str]] = None,
google_otp: Optional[Mapping[str, str]] = None,
groups_includeds: Optional[Sequence[str]] = None,
hotp: Optional[Mapping[str, str]] = None,
is_oie: Optional[bool] = None,
name: Optional[str] = None,
okta_call: Optional[Mapping[str, str]] = None,
okta_email: Optional[Mapping[str, str]] = None,
okta_otp: Optional[Mapping[str, str]] = None,
okta_password: Optional[Mapping[str, str]] = None,
okta_push: Optional[Mapping[str, str]] = None,
okta_question: Optional[Mapping[str, str]] = None,
okta_sms: Optional[Mapping[str, str]] = None,
okta_verify: Optional[Mapping[str, str]] = None,
onprem_mfa: Optional[Mapping[str, str]] = None,
phone_number: Optional[Mapping[str, str]] = None,
priority: Optional[int] = None,
rsa_token: Optional[Mapping[str, str]] = None,
security_question: Optional[Mapping[str, str]] = None,
status: Optional[str] = None,
symantec_vip: Optional[Mapping[str, str]] = None,
webauthn: Optional[Mapping[str, str]] = None,
yubikey_token: Optional[Mapping[str, str]] = None)
func NewMfa(ctx *Context, name string, args *MfaArgs, opts ...ResourceOption) (*Mfa, error)
public Mfa(string name, MfaArgs? args = null, CustomResourceOptions? opts = null)
type: okta:policy:Mfa
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args MfaArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args MfaArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args MfaArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args MfaArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args MfaArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var mfaResource = new Okta.Policy.Mfa("mfaResource", new()
{
Description = "string",
Duo =
{
{ "string", "string" },
},
ExternalIdp =
{
{ "string", "string" },
},
FidoU2f =
{
{ "string", "string" },
},
FidoWebauthn =
{
{ "string", "string" },
},
GoogleOtp =
{
{ "string", "string" },
},
GroupsIncludeds = new[]
{
"string",
},
Hotp =
{
{ "string", "string" },
},
IsOie = false,
Name = "string",
OktaCall =
{
{ "string", "string" },
},
OktaEmail =
{
{ "string", "string" },
},
OktaOtp =
{
{ "string", "string" },
},
OktaPassword =
{
{ "string", "string" },
},
OktaPush =
{
{ "string", "string" },
},
OktaQuestion =
{
{ "string", "string" },
},
OktaSms =
{
{ "string", "string" },
},
OktaVerify =
{
{ "string", "string" },
},
OnpremMfa =
{
{ "string", "string" },
},
PhoneNumber =
{
{ "string", "string" },
},
Priority = 0,
RsaToken =
{
{ "string", "string" },
},
SecurityQuestion =
{
{ "string", "string" },
},
Status = "string",
SymantecVip =
{
{ "string", "string" },
},
Webauthn =
{
{ "string", "string" },
},
YubikeyToken =
{
{ "string", "string" },
},
});
example, err := policy.NewMfa(ctx, "mfaResource", &policy.MfaArgs{
Description: pulumi.String("string"),
Duo: pulumi.StringMap{
"string": pulumi.String("string"),
},
ExternalIdp: pulumi.StringMap{
"string": pulumi.String("string"),
},
FidoU2f: pulumi.StringMap{
"string": pulumi.String("string"),
},
FidoWebauthn: pulumi.StringMap{
"string": pulumi.String("string"),
},
GoogleOtp: pulumi.StringMap{
"string": pulumi.String("string"),
},
GroupsIncludeds: pulumi.StringArray{
pulumi.String("string"),
},
Hotp: pulumi.StringMap{
"string": pulumi.String("string"),
},
IsOie: pulumi.Bool(false),
Name: pulumi.String("string"),
OktaCall: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaEmail: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaOtp: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaPassword: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaPush: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaQuestion: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaSms: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaVerify: pulumi.StringMap{
"string": pulumi.String("string"),
},
OnpremMfa: pulumi.StringMap{
"string": pulumi.String("string"),
},
PhoneNumber: pulumi.StringMap{
"string": pulumi.String("string"),
},
Priority: pulumi.Int(0),
RsaToken: pulumi.StringMap{
"string": pulumi.String("string"),
},
SecurityQuestion: pulumi.StringMap{
"string": pulumi.String("string"),
},
Status: pulumi.String("string"),
SymantecVip: pulumi.StringMap{
"string": pulumi.String("string"),
},
Webauthn: pulumi.StringMap{
"string": pulumi.String("string"),
},
YubikeyToken: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var mfaResource = new Mfa("mfaResource", MfaArgs.builder()
.description("string")
.duo(Map.of("string", "string"))
.externalIdp(Map.of("string", "string"))
.fidoU2f(Map.of("string", "string"))
.fidoWebauthn(Map.of("string", "string"))
.googleOtp(Map.of("string", "string"))
.groupsIncludeds("string")
.hotp(Map.of("string", "string"))
.isOie(false)
.name("string")
.oktaCall(Map.of("string", "string"))
.oktaEmail(Map.of("string", "string"))
.oktaOtp(Map.of("string", "string"))
.oktaPassword(Map.of("string", "string"))
.oktaPush(Map.of("string", "string"))
.oktaQuestion(Map.of("string", "string"))
.oktaSms(Map.of("string", "string"))
.oktaVerify(Map.of("string", "string"))
.onpremMfa(Map.of("string", "string"))
.phoneNumber(Map.of("string", "string"))
.priority(0)
.rsaToken(Map.of("string", "string"))
.securityQuestion(Map.of("string", "string"))
.status("string")
.symantecVip(Map.of("string", "string"))
.webauthn(Map.of("string", "string"))
.yubikeyToken(Map.of("string", "string"))
.build());
mfa_resource = okta.policy.Mfa("mfaResource",
description="string",
duo={
"string": "string",
},
external_idp={
"string": "string",
},
fido_u2f={
"string": "string",
},
fido_webauthn={
"string": "string",
},
google_otp={
"string": "string",
},
groups_includeds=["string"],
hotp={
"string": "string",
},
is_oie=False,
name="string",
okta_call={
"string": "string",
},
okta_email={
"string": "string",
},
okta_otp={
"string": "string",
},
okta_password={
"string": "string",
},
okta_push={
"string": "string",
},
okta_question={
"string": "string",
},
okta_sms={
"string": "string",
},
okta_verify={
"string": "string",
},
onprem_mfa={
"string": "string",
},
phone_number={
"string": "string",
},
priority=0,
rsa_token={
"string": "string",
},
security_question={
"string": "string",
},
status="string",
symantec_vip={
"string": "string",
},
webauthn={
"string": "string",
},
yubikey_token={
"string": "string",
})
const mfaResource = new okta.policy.Mfa("mfaResource", {
description: "string",
duo: {
string: "string",
},
externalIdp: {
string: "string",
},
fidoU2f: {
string: "string",
},
fidoWebauthn: {
string: "string",
},
googleOtp: {
string: "string",
},
groupsIncludeds: ["string"],
hotp: {
string: "string",
},
isOie: false,
name: "string",
oktaCall: {
string: "string",
},
oktaEmail: {
string: "string",
},
oktaOtp: {
string: "string",
},
oktaPassword: {
string: "string",
},
oktaPush: {
string: "string",
},
oktaQuestion: {
string: "string",
},
oktaSms: {
string: "string",
},
oktaVerify: {
string: "string",
},
onpremMfa: {
string: "string",
},
phoneNumber: {
string: "string",
},
priority: 0,
rsaToken: {
string: "string",
},
securityQuestion: {
string: "string",
},
status: "string",
symantecVip: {
string: "string",
},
webauthn: {
string: "string",
},
yubikeyToken: {
string: "string",
},
});
type: okta:policy:Mfa
properties:
description: string
duo:
string: string
externalIdp:
string: string
fidoU2f:
string: string
fidoWebauthn:
string: string
googleOtp:
string: string
groupsIncludeds:
- string
hotp:
string: string
isOie: false
name: string
oktaCall:
string: string
oktaEmail:
string: string
oktaOtp:
string: string
oktaPassword:
string: string
oktaPush:
string: string
oktaQuestion:
string: string
oktaSms:
string: string
oktaVerify:
string: string
onpremMfa:
string: string
phoneNumber:
string: string
priority: 0
rsaToken:
string: string
securityQuestion:
string: string
status: string
symantecVip:
string: string
webauthn:
string: string
yubikeyToken:
string: string
Mfa Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Mfa resource accepts the following input properties:
- Description string
- Policy Description.
- Duo Dictionary<string, string>
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- External
Idp Dictionary<string, string> - External IDP MFA policy settings (✓ OIE).
- Fido
U2f Dictionary<string, string> - Fido U2F MFA policy settings (✓ Classic).
- Fido
Webauthn Dictionary<string, string> - Fido Web Authn MFA policy settings (✓ Classic).
- Google
Otp Dictionary<string, string> - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- Groups
Includeds List<string> - List of Group IDs to Include.
- Hotp Dictionary<string, string>
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- Is
Oie bool Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- Name string
- Policy Name.
- Okta
Call Dictionary<string, string> - Okta Call MFA policy settings (✓ Classic).
- Okta
Email Dictionary<string, string> - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Otp Dictionary<string, string> - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- Okta
Password Dictionary<string, string> - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Push Dictionary<string, string> - Okta Push MFA policy settings (✓ Classic).
- Okta
Question Dictionary<string, string> - Okta Question MFA policy settings (✓ Classic).
- Okta
Sms Dictionary<string, string> - Okta SMS MFA policy settings (✓ Classic).
- Okta
Verify Dictionary<string, string> - Okta Verify MFA policy settings (✓ OIE).
- Onprem
Mfa Dictionary<string, string> - On-Prem MFA MFA policy settings (✓ OIE).
- Phone
Number Dictionary<string, string> - Phone Number MFA policy settings (✓ OIE).
- Priority int
- Priority of the policy.
- Rsa
Token Dictionary<string, string> - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- Security
Question Dictionary<string, string> - Security Question MFA policy settings (✓ OIE).
- Status string
- Policy Status:
"ACTIVE"
or"INACTIVE"
. - Symantec
Vip Dictionary<string, string> - Symantec VIP MFA policy settings (✓ Classic).
- Webauthn Dictionary<string, string>
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- Yubikey
Token Dictionary<string, string> - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- Description string
- Policy Description.
- Duo map[string]string
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- External
Idp map[string]string - External IDP MFA policy settings (✓ OIE).
- Fido
U2f map[string]string - Fido U2F MFA policy settings (✓ Classic).
- Fido
Webauthn map[string]string - Fido Web Authn MFA policy settings (✓ Classic).
- Google
Otp map[string]string - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- Groups
Includeds []string - List of Group IDs to Include.
- Hotp map[string]string
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- Is
Oie bool Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- Name string
- Policy Name.
- Okta
Call map[string]string - Okta Call MFA policy settings (✓ Classic).
- Okta
Email map[string]string - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Otp map[string]string - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- Okta
Password map[string]string - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Push map[string]string - Okta Push MFA policy settings (✓ Classic).
- Okta
Question map[string]string - Okta Question MFA policy settings (✓ Classic).
- Okta
Sms map[string]string - Okta SMS MFA policy settings (✓ Classic).
- Okta
Verify map[string]string - Okta Verify MFA policy settings (✓ OIE).
- Onprem
Mfa map[string]string - On-Prem MFA MFA policy settings (✓ OIE).
- Phone
Number map[string]string - Phone Number MFA policy settings (✓ OIE).
- Priority int
- Priority of the policy.
- Rsa
Token map[string]string - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- Security
Question map[string]string - Security Question MFA policy settings (✓ OIE).
- Status string
- Policy Status:
"ACTIVE"
or"INACTIVE"
. - Symantec
Vip map[string]string - Symantec VIP MFA policy settings (✓ Classic).
- Webauthn map[string]string
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- Yubikey
Token map[string]string - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- description String
- Policy Description.
- duo Map<String,String>
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external
Idp Map<String,String> - External IDP MFA policy settings (✓ OIE).
- fido
U2f Map<String,String> - Fido U2F MFA policy settings (✓ Classic).
- fido
Webauthn Map<String,String> - Fido Web Authn MFA policy settings (✓ Classic).
- google
Otp Map<String,String> - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- groups
Includeds List<String> - List of Group IDs to Include.
- hotp Map<String,String>
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is
Oie Boolean Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- name String
- Policy Name.
- okta
Call Map<String,String> - Okta Call MFA policy settings (✓ Classic).
- okta
Email Map<String,String> - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta
Otp Map<String,String> - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta
Password Map<String,String> - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta
Push Map<String,String> - Okta Push MFA policy settings (✓ Classic).
- okta
Question Map<String,String> - Okta Question MFA policy settings (✓ Classic).
- okta
Sms Map<String,String> - Okta SMS MFA policy settings (✓ Classic).
- okta
Verify Map<String,String> - Okta Verify MFA policy settings (✓ OIE).
- onprem
Mfa Map<String,String> - On-Prem MFA MFA policy settings (✓ OIE).
- phone
Number Map<String,String> - Phone Number MFA policy settings (✓ OIE).
- priority Integer
- Priority of the policy.
- rsa
Token Map<String,String> - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security
Question Map<String,String> - Security Question MFA policy settings (✓ OIE).
- status String
- Policy Status:
"ACTIVE"
or"INACTIVE"
. - symantec
Vip Map<String,String> - Symantec VIP MFA policy settings (✓ Classic).
- webauthn Map<String,String>
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey
Token Map<String,String> - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- description string
- Policy Description.
- duo {[key: string]: string}
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external
Idp {[key: string]: string} - External IDP MFA policy settings (✓ OIE).
- fido
U2f {[key: string]: string} - Fido U2F MFA policy settings (✓ Classic).
- fido
Webauthn {[key: string]: string} - Fido Web Authn MFA policy settings (✓ Classic).
- google
Otp {[key: string]: string} - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- groups
Includeds string[] - List of Group IDs to Include.
- hotp {[key: string]: string}
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is
Oie boolean Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- name string
- Policy Name.
- okta
Call {[key: string]: string} - Okta Call MFA policy settings (✓ Classic).
- okta
Email {[key: string]: string} - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta
Otp {[key: string]: string} - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta
Password {[key: string]: string} - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta
Push {[key: string]: string} - Okta Push MFA policy settings (✓ Classic).
- okta
Question {[key: string]: string} - Okta Question MFA policy settings (✓ Classic).
- okta
Sms {[key: string]: string} - Okta SMS MFA policy settings (✓ Classic).
- okta
Verify {[key: string]: string} - Okta Verify MFA policy settings (✓ OIE).
- onprem
Mfa {[key: string]: string} - On-Prem MFA MFA policy settings (✓ OIE).
- phone
Number {[key: string]: string} - Phone Number MFA policy settings (✓ OIE).
- priority number
- Priority of the policy.
- rsa
Token {[key: string]: string} - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security
Question {[key: string]: string} - Security Question MFA policy settings (✓ OIE).
- status string
- Policy Status:
"ACTIVE"
or"INACTIVE"
. - symantec
Vip {[key: string]: string} - Symantec VIP MFA policy settings (✓ Classic).
- webauthn {[key: string]: string}
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey
Token {[key: string]: string} - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- description str
- Policy Description.
- duo Mapping[str, str]
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external_
idp Mapping[str, str] - External IDP MFA policy settings (✓ OIE).
- fido_
u2f Mapping[str, str] - Fido U2F MFA policy settings (✓ Classic).
- fido_
webauthn Mapping[str, str] - Fido Web Authn MFA policy settings (✓ Classic).
- google_
otp Mapping[str, str] - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- groups_
includeds Sequence[str] - List of Group IDs to Include.
- hotp Mapping[str, str]
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is_
oie bool Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- name str
- Policy Name.
- okta_
call Mapping[str, str] - Okta Call MFA policy settings (✓ Classic).
- okta_
email Mapping[str, str] - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta_
otp Mapping[str, str] - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta_
password Mapping[str, str] - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta_
push Mapping[str, str] - Okta Push MFA policy settings (✓ Classic).
- okta_
question Mapping[str, str] - Okta Question MFA policy settings (✓ Classic).
- okta_
sms Mapping[str, str] - Okta SMS MFA policy settings (✓ Classic).
- okta_
verify Mapping[str, str] - Okta Verify MFA policy settings (✓ OIE).
- onprem_
mfa Mapping[str, str] - On-Prem MFA MFA policy settings (✓ OIE).
- phone_
number Mapping[str, str] - Phone Number MFA policy settings (✓ OIE).
- priority int
- Priority of the policy.
- rsa_
token Mapping[str, str] - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security_
question Mapping[str, str] - Security Question MFA policy settings (✓ OIE).
- status str
- Policy Status:
"ACTIVE"
or"INACTIVE"
. - symantec_
vip Mapping[str, str] - Symantec VIP MFA policy settings (✓ Classic).
- webauthn Mapping[str, str]
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey_
token Mapping[str, str] - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- description String
- Policy Description.
- duo Map<String>
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external
Idp Map<String> - External IDP MFA policy settings (✓ OIE).
- fido
U2f Map<String> - Fido U2F MFA policy settings (✓ Classic).
- fido
Webauthn Map<String> - Fido Web Authn MFA policy settings (✓ Classic).
- google
Otp Map<String> - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- groups
Includeds List<String> - List of Group IDs to Include.
- hotp Map<String>
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is
Oie Boolean Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- name String
- Policy Name.
- okta
Call Map<String> - Okta Call MFA policy settings (✓ Classic).
- okta
Email Map<String> - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta
Otp Map<String> - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta
Password Map<String> - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta
Push Map<String> - Okta Push MFA policy settings (✓ Classic).
- okta
Question Map<String> - Okta Question MFA policy settings (✓ Classic).
- okta
Sms Map<String> - Okta SMS MFA policy settings (✓ Classic).
- okta
Verify Map<String> - Okta Verify MFA policy settings (✓ OIE).
- onprem
Mfa Map<String> - On-Prem MFA MFA policy settings (✓ OIE).
- phone
Number Map<String> - Phone Number MFA policy settings (✓ OIE).
- priority Number
- Priority of the policy.
- rsa
Token Map<String> - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security
Question Map<String> - Security Question MFA policy settings (✓ OIE).
- status String
- Policy Status:
"ACTIVE"
or"INACTIVE"
. - symantec
Vip Map<String> - Symantec VIP MFA policy settings (✓ Classic).
- webauthn Map<String>
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey
Token Map<String> - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
Outputs
All input properties are implicitly available as output properties. Additionally, the Mfa resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Mfa Resource
Get an existing Mfa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: MfaState, opts?: CustomResourceOptions): Mfa
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
duo: Optional[Mapping[str, str]] = None,
external_idp: Optional[Mapping[str, str]] = None,
fido_u2f: Optional[Mapping[str, str]] = None,
fido_webauthn: Optional[Mapping[str, str]] = None,
google_otp: Optional[Mapping[str, str]] = None,
groups_includeds: Optional[Sequence[str]] = None,
hotp: Optional[Mapping[str, str]] = None,
is_oie: Optional[bool] = None,
name: Optional[str] = None,
okta_call: Optional[Mapping[str, str]] = None,
okta_email: Optional[Mapping[str, str]] = None,
okta_otp: Optional[Mapping[str, str]] = None,
okta_password: Optional[Mapping[str, str]] = None,
okta_push: Optional[Mapping[str, str]] = None,
okta_question: Optional[Mapping[str, str]] = None,
okta_sms: Optional[Mapping[str, str]] = None,
okta_verify: Optional[Mapping[str, str]] = None,
onprem_mfa: Optional[Mapping[str, str]] = None,
phone_number: Optional[Mapping[str, str]] = None,
priority: Optional[int] = None,
rsa_token: Optional[Mapping[str, str]] = None,
security_question: Optional[Mapping[str, str]] = None,
status: Optional[str] = None,
symantec_vip: Optional[Mapping[str, str]] = None,
webauthn: Optional[Mapping[str, str]] = None,
yubikey_token: Optional[Mapping[str, str]] = None) -> Mfa
func GetMfa(ctx *Context, name string, id IDInput, state *MfaState, opts ...ResourceOption) (*Mfa, error)
public static Mfa Get(string name, Input<string> id, MfaState? state, CustomResourceOptions? opts = null)
public static Mfa get(String name, Output<String> id, MfaState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
- Policy Description.
- Duo Dictionary<string, string>
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- External
Idp Dictionary<string, string> - External IDP MFA policy settings (✓ OIE).
- Fido
U2f Dictionary<string, string> - Fido U2F MFA policy settings (✓ Classic).
- Fido
Webauthn Dictionary<string, string> - Fido Web Authn MFA policy settings (✓ Classic).
- Google
Otp Dictionary<string, string> - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- Groups
Includeds List<string> - List of Group IDs to Include.
- Hotp Dictionary<string, string>
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- Is
Oie bool Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- Name string
- Policy Name.
- Okta
Call Dictionary<string, string> - Okta Call MFA policy settings (✓ Classic).
- Okta
Email Dictionary<string, string> - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Otp Dictionary<string, string> - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- Okta
Password Dictionary<string, string> - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Push Dictionary<string, string> - Okta Push MFA policy settings (✓ Classic).
- Okta
Question Dictionary<string, string> - Okta Question MFA policy settings (✓ Classic).
- Okta
Sms Dictionary<string, string> - Okta SMS MFA policy settings (✓ Classic).
- Okta
Verify Dictionary<string, string> - Okta Verify MFA policy settings (✓ OIE).
- Onprem
Mfa Dictionary<string, string> - On-Prem MFA MFA policy settings (✓ OIE).
- Phone
Number Dictionary<string, string> - Phone Number MFA policy settings (✓ OIE).
- Priority int
- Priority of the policy.
- Rsa
Token Dictionary<string, string> - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- Security
Question Dictionary<string, string> - Security Question MFA policy settings (✓ OIE).
- Status string
- Policy Status:
"ACTIVE"
or"INACTIVE"
. - Symantec
Vip Dictionary<string, string> - Symantec VIP MFA policy settings (✓ Classic).
- Webauthn Dictionary<string, string>
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- Yubikey
Token Dictionary<string, string> - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- Description string
- Policy Description.
- Duo map[string]string
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- External
Idp map[string]string - External IDP MFA policy settings (✓ OIE).
- Fido
U2f map[string]string - Fido U2F MFA policy settings (✓ Classic).
- Fido
Webauthn map[string]string - Fido Web Authn MFA policy settings (✓ Classic).
- Google
Otp map[string]string - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- Groups
Includeds []string - List of Group IDs to Include.
- Hotp map[string]string
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- Is
Oie bool Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- Name string
- Policy Name.
- Okta
Call map[string]string - Okta Call MFA policy settings (✓ Classic).
- Okta
Email map[string]string - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Otp map[string]string - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- Okta
Password map[string]string - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Push map[string]string - Okta Push MFA policy settings (✓ Classic).
- Okta
Question map[string]string - Okta Question MFA policy settings (✓ Classic).
- Okta
Sms map[string]string - Okta SMS MFA policy settings (✓ Classic).
- Okta
Verify map[string]string - Okta Verify MFA policy settings (✓ OIE).
- Onprem
Mfa map[string]string - On-Prem MFA MFA policy settings (✓ OIE).
- Phone
Number map[string]string - Phone Number MFA policy settings (✓ OIE).
- Priority int
- Priority of the policy.
- Rsa
Token map[string]string - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- Security
Question map[string]string - Security Question MFA policy settings (✓ OIE).
- Status string
- Policy Status:
"ACTIVE"
or"INACTIVE"
. - Symantec
Vip map[string]string - Symantec VIP MFA policy settings (✓ Classic).
- Webauthn map[string]string
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- Yubikey
Token map[string]string - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- description String
- Policy Description.
- duo Map<String,String>
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external
Idp Map<String,String> - External IDP MFA policy settings (✓ OIE).
- fido
U2f Map<String,String> - Fido U2F MFA policy settings (✓ Classic).
- fido
Webauthn Map<String,String> - Fido Web Authn MFA policy settings (✓ Classic).
- google
Otp Map<String,String> - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- groups
Includeds List<String> - List of Group IDs to Include.
- hotp Map<String,String>
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is
Oie Boolean Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- name String
- Policy Name.
- okta
Call Map<String,String> - Okta Call MFA policy settings (✓ Classic).
- okta
Email Map<String,String> - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta
Otp Map<String,String> - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta
Password Map<String,String> - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta
Push Map<String,String> - Okta Push MFA policy settings (✓ Classic).
- okta
Question Map<String,String> - Okta Question MFA policy settings (✓ Classic).
- okta
Sms Map<String,String> - Okta SMS MFA policy settings (✓ Classic).
- okta
Verify Map<String,String> - Okta Verify MFA policy settings (✓ OIE).
- onprem
Mfa Map<String,String> - On-Prem MFA MFA policy settings (✓ OIE).
- phone
Number Map<String,String> - Phone Number MFA policy settings (✓ OIE).
- priority Integer
- Priority of the policy.
- rsa
Token Map<String,String> - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security
Question Map<String,String> - Security Question MFA policy settings (✓ OIE).
- status String
- Policy Status:
"ACTIVE"
or"INACTIVE"
. - symantec
Vip Map<String,String> - Symantec VIP MFA policy settings (✓ Classic).
- webauthn Map<String,String>
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey
Token Map<String,String> - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- description string
- Policy Description.
- duo {[key: string]: string}
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external
Idp {[key: string]: string} - External IDP MFA policy settings (✓ OIE).
- fido
U2f {[key: string]: string} - Fido U2F MFA policy settings (✓ Classic).
- fido
Webauthn {[key: string]: string} - Fido Web Authn MFA policy settings (✓ Classic).
- google
Otp {[key: string]: string} - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- groups
Includeds string[] - List of Group IDs to Include.
- hotp {[key: string]: string}
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is
Oie boolean Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- name string
- Policy Name.
- okta
Call {[key: string]: string} - Okta Call MFA policy settings (✓ Classic).
- okta
Email {[key: string]: string} - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta
Otp {[key: string]: string} - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta
Password {[key: string]: string} - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta
Push {[key: string]: string} - Okta Push MFA policy settings (✓ Classic).
- okta
Question {[key: string]: string} - Okta Question MFA policy settings (✓ Classic).
- okta
Sms {[key: string]: string} - Okta SMS MFA policy settings (✓ Classic).
- okta
Verify {[key: string]: string} - Okta Verify MFA policy settings (✓ OIE).
- onprem
Mfa {[key: string]: string} - On-Prem MFA MFA policy settings (✓ OIE).
- phone
Number {[key: string]: string} - Phone Number MFA policy settings (✓ OIE).
- priority number
- Priority of the policy.
- rsa
Token {[key: string]: string} - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security
Question {[key: string]: string} - Security Question MFA policy settings (✓ OIE).
- status string
- Policy Status:
"ACTIVE"
or"INACTIVE"
. - symantec
Vip {[key: string]: string} - Symantec VIP MFA policy settings (✓ Classic).
- webauthn {[key: string]: string}
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey
Token {[key: string]: string} - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- description str
- Policy Description.
- duo Mapping[str, str]
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external_
idp Mapping[str, str] - External IDP MFA policy settings (✓ OIE).
- fido_
u2f Mapping[str, str] - Fido U2F MFA policy settings (✓ Classic).
- fido_
webauthn Mapping[str, str] - Fido Web Authn MFA policy settings (✓ Classic).
- google_
otp Mapping[str, str] - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- groups_
includeds Sequence[str] - List of Group IDs to Include.
- hotp Mapping[str, str]
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is_
oie bool Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- name str
- Policy Name.
- okta_
call Mapping[str, str] - Okta Call MFA policy settings (✓ Classic).
- okta_
email Mapping[str, str] - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta_
otp Mapping[str, str] - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta_
password Mapping[str, str] - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta_
push Mapping[str, str] - Okta Push MFA policy settings (✓ Classic).
- okta_
question Mapping[str, str] - Okta Question MFA policy settings (✓ Classic).
- okta_
sms Mapping[str, str] - Okta SMS MFA policy settings (✓ Classic).
- okta_
verify Mapping[str, str] - Okta Verify MFA policy settings (✓ OIE).
- onprem_
mfa Mapping[str, str] - On-Prem MFA MFA policy settings (✓ OIE).
- phone_
number Mapping[str, str] - Phone Number MFA policy settings (✓ OIE).
- priority int
- Priority of the policy.
- rsa_
token Mapping[str, str] - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security_
question Mapping[str, str] - Security Question MFA policy settings (✓ OIE).
- status str
- Policy Status:
"ACTIVE"
or"INACTIVE"
. - symantec_
vip Mapping[str, str] - Symantec VIP MFA policy settings (✓ Classic).
- webauthn Mapping[str, str]
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey_
token Mapping[str, str] - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- description String
- Policy Description.
- duo Map<String>
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external
Idp Map<String> - External IDP MFA policy settings (✓ OIE).
- fido
U2f Map<String> - Fido U2F MFA policy settings (✓ Classic).
- fido
Webauthn Map<String> - Fido Web Authn MFA policy settings (✓ Classic).
- google
Otp Map<String> - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- groups
Includeds List<String> - List of Group IDs to Include.
- hotp Map<String>
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is
Oie Boolean Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- name String
- Policy Name.
- okta
Call Map<String> - Okta Call MFA policy settings (✓ Classic).
- okta
Email Map<String> - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta
Otp Map<String> - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta
Password Map<String> - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta
Push Map<String> - Okta Push MFA policy settings (✓ Classic).
- okta
Question Map<String> - Okta Question MFA policy settings (✓ Classic).
- okta
Sms Map<String> - Okta SMS MFA policy settings (✓ Classic).
- okta
Verify Map<String> - Okta Verify MFA policy settings (✓ OIE).
- onprem
Mfa Map<String> - On-Prem MFA MFA policy settings (✓ OIE).
- phone
Number Map<String> - Phone Number MFA policy settings (✓ OIE).
- priority Number
- Priority of the policy.
- rsa
Token Map<String> - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security
Question Map<String> - Security Question MFA policy settings (✓ OIE).
- status String
- Policy Status:
"ACTIVE"
or"INACTIVE"
. - symantec
Vip Map<String> - Symantec VIP MFA policy settings (✓ Classic).
- webauthn Map<String>
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey
Token Map<String> - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
Import
An MFA Policy can be imported via the Okta ID.
$ pulumi import okta:policy/mfa:Mfa example <policy id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.