1. Packages
  2. Okta
  3. API Docs
  4. policy
  5. RuleMfa
Okta v4.8.0 published on Saturday, Mar 2, 2024 by Pulumi

okta.policy.RuleMfa

Explore with Pulumi AI

okta logo
Okta v4.8.0 published on Saturday, Mar 2, 2024 by Pulumi

    This resource allows you to create and configure an MFA Policy Rule.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Okta = Pulumi.Okta;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
        {
            Type = "MFA_ENROLL",
        });
    
        var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
        {
            PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
            AppExcludes = new[]
            {
                new Okta.Policy.Inputs.RuleMfaAppExcludeArgs
                {
                    Name = "okta",
                    Type = "APP_TYPE",
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
    			Type: "MFA_ENROLL",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
    			PolicyId: *pulumi.String(exampleDefaultPolicy.Id),
    			AppExcludes: policy.RuleMfaAppExcludeArray{
    				&policy.RuleMfaAppExcludeArgs{
    					Name: pulumi.String("okta"),
    					Type: pulumi.String("APP_TYPE"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.okta.policy.PolicyFunctions;
    import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
    import com.pulumi.okta.app.OAuth;
    import com.pulumi.okta.app.OAuthArgs;
    import com.pulumi.okta.policy.RuleMfa;
    import com.pulumi.okta.policy.RuleMfaArgs;
    import com.pulumi.okta.policy.inputs.RuleMfaAppIncludeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
                .type("MFA_ENROLL")
                .build());
    
            var exampleOAuth = new OAuth("exampleOAuth", OAuthArgs.builder()        
                .label("My App")
                .type("web")
                .grantTypes("authorization_code")
                .redirectUris("http://localhost:8000")
                .responseTypes("code")
                .skipGroups(true)
                .build());
    
            var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()        
                .policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
                .status("ACTIVE")
                .enroll("LOGIN")
                .appIncludes(            
                    RuleMfaAppIncludeArgs.builder()
                        .id(exampleOAuth.id())
                        .type("APP")
                        .build(),
                    RuleMfaAppIncludeArgs.builder()
                        .type("APP_TYPE")
                        .name("yahoo_mail")
                        .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_okta as okta
    
    example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
    example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa",
        policy_id=example_default_policy.id,
        app_excludes=[okta.policy.RuleMfaAppExcludeArgs(
            name="okta",
            type="APP_TYPE",
        )])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as okta from "@pulumi/okta";
    
    const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
        type: "MFA_ENROLL",
    });
    const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {
        policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id),
        appExcludes: [{
            name: "okta",
            type: "APP_TYPE",
        }],
    });
    
    resources:
      exampleRuleMfa:
        type: okta:policy:RuleMfa
        properties:
          policyId: ${exampleDefaultPolicy.id}
          status: ACTIVE
          enroll: LOGIN
          appIncludes:
            - id: ${exampleOAuth.id}
              type: APP
            - type: APP_TYPE
              name: yahoo_mail
      exampleOAuth:
        type: okta:app:OAuth
        properties:
          label: My App
          type: web
          grantTypes:
            - authorization_code
          redirectUris:
            - http://localhost:8000
          responseTypes:
            - code
          skipGroups: true
    variables:
      exampleDefaultPolicy:
        fn::invoke:
          Function: okta:policy:getDefaultPolicy
          Arguments:
            type: MFA_ENROLL
    

    section corresponds to the following config

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Okta = Pulumi.Okta;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
        {
            Type = "MFA_ENROLL",
        });
    
        var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
        {
            PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
            AppExcludes = new[]
            {
                new Okta.Policy.Inputs.RuleMfaAppExcludeArgs
                {
                    Name = "okta",
                    Type = "APP_TYPE",
                },
            },
            AppIncludes = new[]
            {
                new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
                {
                    Id = "some_app_id",
                    Type = "APP",
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
    			Type: "MFA_ENROLL",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
    			PolicyId: *pulumi.String(exampleDefaultPolicy.Id),
    			AppExcludes: policy.RuleMfaAppExcludeArray{
    				&policy.RuleMfaAppExcludeArgs{
    					Name: pulumi.String("okta"),
    					Type: pulumi.String("APP_TYPE"),
    				},
    			},
    			AppIncludes: policy.RuleMfaAppIncludeArray{
    				&policy.RuleMfaAppIncludeArgs{
    					Id:   pulumi.String("some_app_id"),
    					Type: pulumi.String("APP"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.okta.policy.PolicyFunctions;
    import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
    import com.pulumi.okta.policy.RuleMfa;
    import com.pulumi.okta.policy.RuleMfaArgs;
    import com.pulumi.okta.policy.inputs.RuleMfaAppExcludeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
                .type("MFA_ENROLL")
                .build());
    
            var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()        
                .policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
                .appExcludes(RuleMfaAppExcludeArgs.builder()
                    .name("okta")
                    .type("APP_TYPE")
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_okta as okta
    
    example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
    example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa",
        policy_id=example_default_policy.id,
        app_excludes=[okta.policy.RuleMfaAppExcludeArgs(
            name="okta",
            type="APP_TYPE",
        )],
        app_includes=[okta.policy.RuleMfaAppIncludeArgs(
            id="some_app_id",
            type="APP",
        )])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as okta from "@pulumi/okta";
    
    const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
        type: "MFA_ENROLL",
    });
    const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {
        policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id),
        appExcludes: [{
            name: "okta",
            type: "APP_TYPE",
        }],
        appIncludes: [{
            id: "some_app_id",
            type: "APP",
        }],
    });
    
    resources:
      exampleRuleMfa:
        type: okta:policy:RuleMfa
        properties:
          policyId: ${exampleDefaultPolicy.id}
          appExcludes:
            - name: okta
              type: APP_TYPE
    variables:
      exampleDefaultPolicy:
        fn::invoke:
          Function: okta:policy:getDefaultPolicy
          Arguments:
            type: MFA_ENROLL
    

    section corresponds to the following config

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Okta = Pulumi.Okta;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
        {
            Type = "MFA_ENROLL",
        });
    
        var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
        {
            PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
            AppIncludes = new[]
            {
                new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
                {
                    Name = "okta",
                    Type = "APP_TYPE",
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
    			Type: "MFA_ENROLL",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
    			PolicyId: *pulumi.String(exampleDefaultPolicy.Id),
    			AppIncludes: policy.RuleMfaAppIncludeArray{
    				&policy.RuleMfaAppIncludeArgs{
    					Name: pulumi.String("okta"),
    					Type: pulumi.String("APP_TYPE"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.okta.policy.PolicyFunctions;
    import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
    import com.pulumi.okta.policy.RuleMfa;
    import com.pulumi.okta.policy.RuleMfaArgs;
    import com.pulumi.okta.policy.inputs.RuleMfaAppExcludeArgs;
    import com.pulumi.okta.policy.inputs.RuleMfaAppIncludeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
                .type("MFA_ENROLL")
                .build());
    
            var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()        
                .policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
                .appExcludes(RuleMfaAppExcludeArgs.builder()
                    .name("okta")
                    .type("APP_TYPE")
                    .build())
                .appIncludes(RuleMfaAppIncludeArgs.builder()
                    .id("some_app_id")
                    .type("APP")
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_okta as okta
    
    example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
    example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa",
        policy_id=example_default_policy.id,
        app_includes=[okta.policy.RuleMfaAppIncludeArgs(
            name="okta",
            type="APP_TYPE",
        )])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as okta from "@pulumi/okta";
    
    const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
        type: "MFA_ENROLL",
    });
    const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {
        policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id),
        appIncludes: [{
            name: "okta",
            type: "APP_TYPE",
        }],
    });
    
    resources:
      exampleRuleMfa:
        type: okta:policy:RuleMfa
        properties:
          policyId: ${exampleDefaultPolicy.id}
          appExcludes:
            - name: okta
              type: APP_TYPE
          appIncludes:
            - id: some_app_id
              type: APP
    variables:
      exampleDefaultPolicy:
        fn::invoke:
          Function: okta:policy:getDefaultPolicy
          Arguments:
            type: MFA_ENROLL
    

    section corresponds to the following config

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Okta = Pulumi.Okta;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
        {
            Type = "MFA_ENROLL",
        });
    
        var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
        {
            PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
    			Type: "MFA_ENROLL",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
    			PolicyId: *pulumi.String(exampleDefaultPolicy.Id),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.okta.policy.PolicyFunctions;
    import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
    import com.pulumi.okta.policy.RuleMfa;
    import com.pulumi.okta.policy.RuleMfaArgs;
    import com.pulumi.okta.policy.inputs.RuleMfaAppIncludeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
                .type("MFA_ENROLL")
                .build());
    
            var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()        
                .policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
                .appIncludes(RuleMfaAppIncludeArgs.builder()
                    .name("okta")
                    .type("APP_TYPE")
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_okta as okta
    
    example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
    example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa", policy_id=example_default_policy.id)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as okta from "@pulumi/okta";
    
    const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
        type: "MFA_ENROLL",
    });
    const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id)});
    
    resources:
      exampleRuleMfa:
        type: okta:policy:RuleMfa
        properties:
          policyId: ${exampleDefaultPolicy.id}
          appIncludes:
            - name: okta
              type: APP_TYPE
    variables:
      exampleDefaultPolicy:
        fn::invoke:
          Function: okta:policy:getDefaultPolicy
          Arguments:
            type: MFA_ENROLL
    

    section corresponds to the following config

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Okta = Pulumi.Okta;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
        {
            Type = "MFA_ENROLL",
        });
    
        var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
        {
            PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
            AppIncludes = new[]
            {
                new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
                {
                    Name = "okta",
                    Type = "APP_TYPE",
                },
                new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
                {
                    Id = "some_app_id",
                    Type = "APP",
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
    			Type: "MFA_ENROLL",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
    			PolicyId: *pulumi.String(exampleDefaultPolicy.Id),
    			AppIncludes: policy.RuleMfaAppIncludeArray{
    				&policy.RuleMfaAppIncludeArgs{
    					Name: pulumi.String("okta"),
    					Type: pulumi.String("APP_TYPE"),
    				},
    				&policy.RuleMfaAppIncludeArgs{
    					Id:   pulumi.String("some_app_id"),
    					Type: pulumi.String("APP"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.okta.policy.PolicyFunctions;
    import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
    import com.pulumi.okta.policy.RuleMfa;
    import com.pulumi.okta.policy.RuleMfaArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
                .type("MFA_ENROLL")
                .build());
    
            var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()        
                .policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_okta as okta
    
    example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
    example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa",
        policy_id=example_default_policy.id,
        app_includes=[
            okta.policy.RuleMfaAppIncludeArgs(
                name="okta",
                type="APP_TYPE",
            ),
            okta.policy.RuleMfaAppIncludeArgs(
                id="some_app_id",
                type="APP",
            ),
        ])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as okta from "@pulumi/okta";
    
    const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
        type: "MFA_ENROLL",
    });
    const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {
        policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id),
        appIncludes: [
            {
                name: "okta",
                type: "APP_TYPE",
            },
            {
                id: "some_app_id",
                type: "APP",
            },
        ],
    });
    
    resources:
      exampleRuleMfa:
        type: okta:policy:RuleMfa
        properties:
          policyId: ${exampleDefaultPolicy.id}
    variables:
      exampleDefaultPolicy:
        fn::invoke:
          Function: okta:policy:getDefaultPolicy
          Arguments:
            type: MFA_ENROLL
    

    section corresponds to the following config

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.okta.policy.PolicyFunctions;
    import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
    import com.pulumi.okta.policy.RuleMfa;
    import com.pulumi.okta.policy.RuleMfaArgs;
    import com.pulumi.okta.policy.inputs.RuleMfaAppIncludeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
                .type("MFA_ENROLL")
                .build());
    
            var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()        
                .policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
                .appIncludes(            
                    RuleMfaAppIncludeArgs.builder()
                        .name("okta")
                        .type("APP_TYPE")
                        .build(),
                    RuleMfaAppIncludeArgs.builder()
                        .id("some_app_id")
                        .type("APP")
                        .build())
                .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      exampleRuleMfa:
        type: okta:policy:RuleMfa
        properties:
          policyId: ${exampleDefaultPolicy.id}
          appIncludes:
            - name: okta
              type: APP_TYPE
            - id: some_app_id
              type: APP
    variables:
      exampleDefaultPolicy:
        fn::invoke:
          Function: okta:policy:getDefaultPolicy
          Arguments:
            type: MFA_ENROLL
    

    Create RuleMfa Resource

    new RuleMfa(name: string, args?: RuleMfaArgs, opts?: CustomResourceOptions);
    @overload
    def RuleMfa(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                app_excludes: Optional[Sequence[RuleMfaAppExcludeArgs]] = None,
                app_includes: Optional[Sequence[RuleMfaAppIncludeArgs]] = None,
                enroll: Optional[str] = None,
                name: Optional[str] = None,
                network_connection: Optional[str] = None,
                network_excludes: Optional[Sequence[str]] = None,
                network_includes: Optional[Sequence[str]] = None,
                policy_id: Optional[str] = None,
                priority: Optional[int] = None,
                status: Optional[str] = None,
                users_excludeds: Optional[Sequence[str]] = None)
    @overload
    def RuleMfa(resource_name: str,
                args: Optional[RuleMfaArgs] = None,
                opts: Optional[ResourceOptions] = None)
    func NewRuleMfa(ctx *Context, name string, args *RuleMfaArgs, opts ...ResourceOption) (*RuleMfa, error)
    public RuleMfa(string name, RuleMfaArgs? args = null, CustomResourceOptions? opts = null)
    public RuleMfa(String name, RuleMfaArgs args)
    public RuleMfa(String name, RuleMfaArgs args, CustomResourceOptions options)
    
    type: okta:policy:RuleMfa
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args RuleMfaArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RuleMfaArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RuleMfaArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RuleMfaArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RuleMfaArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    RuleMfa Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The RuleMfa resource accepts the following input properties:

    AppExcludes List<RuleMfaAppExclude>
    Applications to exclude
    AppIncludes List<RuleMfaAppInclude>
    Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
    Enroll string
    When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".
    Name string
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    NetworkConnection string
    Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".
    NetworkExcludes List<string>
    The network zones to exclude. Conflicts with network_includes.
    NetworkIncludes List<string>
    The network zones to include. Conflicts with network_excludes.
    PolicyId string
    Policy ID.
    Priority int
    Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    Status string
    Policy Rule Status: "ACTIVE" or "INACTIVE".
    UsersExcludeds List<string>
    Set of User IDs to Exclude
    AppExcludes []RuleMfaAppExcludeArgs
    Applications to exclude
    AppIncludes []RuleMfaAppIncludeArgs
    Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
    Enroll string
    When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".
    Name string
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    NetworkConnection string
    Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".
    NetworkExcludes []string
    The network zones to exclude. Conflicts with network_includes.
    NetworkIncludes []string
    The network zones to include. Conflicts with network_excludes.
    PolicyId string
    Policy ID.
    Priority int
    Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    Status string
    Policy Rule Status: "ACTIVE" or "INACTIVE".
    UsersExcludeds []string
    Set of User IDs to Exclude
    appExcludes List<RuleMfaAppExclude>
    Applications to exclude
    appIncludes List<RuleMfaAppInclude>
    Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
    enroll String
    When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".
    name String
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    networkConnection String
    Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".
    networkExcludes List<String>
    The network zones to exclude. Conflicts with network_includes.
    networkIncludes List<String>
    The network zones to include. Conflicts with network_excludes.
    policyId String
    Policy ID.
    priority Integer
    Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    status String
    Policy Rule Status: "ACTIVE" or "INACTIVE".
    usersExcludeds List<String>
    Set of User IDs to Exclude
    appExcludes RuleMfaAppExclude[]
    Applications to exclude
    appIncludes RuleMfaAppInclude[]
    Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
    enroll string
    When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".
    name string
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    networkConnection string
    Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".
    networkExcludes string[]
    The network zones to exclude. Conflicts with network_includes.
    networkIncludes string[]
    The network zones to include. Conflicts with network_excludes.
    policyId string
    Policy ID.
    priority number
    Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    status string
    Policy Rule Status: "ACTIVE" or "INACTIVE".
    usersExcludeds string[]
    Set of User IDs to Exclude
    app_excludes Sequence[RuleMfaAppExcludeArgs]
    Applications to exclude
    app_includes Sequence[RuleMfaAppIncludeArgs]
    Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
    enroll str
    When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".
    name str
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    network_connection str
    Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".
    network_excludes Sequence[str]
    The network zones to exclude. Conflicts with network_includes.
    network_includes Sequence[str]
    The network zones to include. Conflicts with network_excludes.
    policy_id str
    Policy ID.
    priority int
    Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    status str
    Policy Rule Status: "ACTIVE" or "INACTIVE".
    users_excludeds Sequence[str]
    Set of User IDs to Exclude
    appExcludes List<Property Map>
    Applications to exclude
    appIncludes List<Property Map>
    Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
    enroll String
    When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".
    name String
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    networkConnection String
    Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".
    networkExcludes List<String>
    The network zones to exclude. Conflicts with network_includes.
    networkIncludes List<String>
    The network zones to include. Conflicts with network_excludes.
    policyId String
    Policy ID.
    priority Number
    Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    status String
    Policy Rule Status: "ACTIVE" or "INACTIVE".
    usersExcludeds List<String>
    Set of User IDs to Exclude

    Outputs

    All input properties are implicitly available as output properties. Additionally, the RuleMfa resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing RuleMfa Resource

    Get an existing RuleMfa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RuleMfaState, opts?: CustomResourceOptions): RuleMfa
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            app_excludes: Optional[Sequence[RuleMfaAppExcludeArgs]] = None,
            app_includes: Optional[Sequence[RuleMfaAppIncludeArgs]] = None,
            enroll: Optional[str] = None,
            name: Optional[str] = None,
            network_connection: Optional[str] = None,
            network_excludes: Optional[Sequence[str]] = None,
            network_includes: Optional[Sequence[str]] = None,
            policy_id: Optional[str] = None,
            priority: Optional[int] = None,
            status: Optional[str] = None,
            users_excludeds: Optional[Sequence[str]] = None) -> RuleMfa
    func GetRuleMfa(ctx *Context, name string, id IDInput, state *RuleMfaState, opts ...ResourceOption) (*RuleMfa, error)
    public static RuleMfa Get(string name, Input<string> id, RuleMfaState? state, CustomResourceOptions? opts = null)
    public static RuleMfa get(String name, Output<String> id, RuleMfaState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AppExcludes List<RuleMfaAppExclude>
    Applications to exclude
    AppIncludes List<RuleMfaAppInclude>
    Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
    Enroll string
    When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".
    Name string
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    NetworkConnection string
    Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".
    NetworkExcludes List<string>
    The network zones to exclude. Conflicts with network_includes.
    NetworkIncludes List<string>
    The network zones to include. Conflicts with network_excludes.
    PolicyId string
    Policy ID.
    Priority int
    Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    Status string
    Policy Rule Status: "ACTIVE" or "INACTIVE".
    UsersExcludeds List<string>
    Set of User IDs to Exclude
    AppExcludes []RuleMfaAppExcludeArgs
    Applications to exclude
    AppIncludes []RuleMfaAppIncludeArgs
    Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
    Enroll string
    When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".
    Name string
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    NetworkConnection string
    Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".
    NetworkExcludes []string
    The network zones to exclude. Conflicts with network_includes.
    NetworkIncludes []string
    The network zones to include. Conflicts with network_excludes.
    PolicyId string
    Policy ID.
    Priority int
    Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    Status string
    Policy Rule Status: "ACTIVE" or "INACTIVE".
    UsersExcludeds []string
    Set of User IDs to Exclude
    appExcludes List<RuleMfaAppExclude>
    Applications to exclude
    appIncludes List<RuleMfaAppInclude>
    Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
    enroll String
    When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".
    name String
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    networkConnection String
    Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".
    networkExcludes List<String>
    The network zones to exclude. Conflicts with network_includes.
    networkIncludes List<String>
    The network zones to include. Conflicts with network_excludes.
    policyId String
    Policy ID.
    priority Integer
    Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    status String
    Policy Rule Status: "ACTIVE" or "INACTIVE".
    usersExcludeds List<String>
    Set of User IDs to Exclude
    appExcludes RuleMfaAppExclude[]
    Applications to exclude
    appIncludes RuleMfaAppInclude[]
    Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
    enroll string
    When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".
    name string
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    networkConnection string
    Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".
    networkExcludes string[]
    The network zones to exclude. Conflicts with network_includes.
    networkIncludes string[]
    The network zones to include. Conflicts with network_excludes.
    policyId string
    Policy ID.
    priority number
    Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    status string
    Policy Rule Status: "ACTIVE" or "INACTIVE".
    usersExcludeds string[]
    Set of User IDs to Exclude
    app_excludes Sequence[RuleMfaAppExcludeArgs]
    Applications to exclude
    app_includes Sequence[RuleMfaAppIncludeArgs]
    Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
    enroll str
    When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".
    name str
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    network_connection str
    Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".
    network_excludes Sequence[str]
    The network zones to exclude. Conflicts with network_includes.
    network_includes Sequence[str]
    The network zones to include. Conflicts with network_excludes.
    policy_id str
    Policy ID.
    priority int
    Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    status str
    Policy Rule Status: "ACTIVE" or "INACTIVE".
    users_excludeds Sequence[str]
    Set of User IDs to Exclude
    appExcludes List<Property Map>
    Applications to exclude
    appIncludes List<Property Map>
    Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
    enroll String
    When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".
    name String
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    networkConnection String
    Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".
    networkExcludes List<String>
    The network zones to exclude. Conflicts with network_includes.
    networkIncludes List<String>
    The network zones to include. Conflicts with network_excludes.
    policyId String
    Policy ID.
    priority Number
    Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    status String
    Policy Rule Status: "ACTIVE" or "INACTIVE".
    usersExcludeds List<String>
    Set of User IDs to Exclude

    Supporting Types

    RuleMfaAppExclude, RuleMfaAppExcludeArgs

    Type string
    One of: "APP", "APP_TYPE"
    Id string
    Use if type is "APP" to indicate the application id to include.
    Name string
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    Type string
    One of: "APP", "APP_TYPE"
    Id string
    Use if type is "APP" to indicate the application id to include.
    Name string
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    type String
    One of: "APP", "APP_TYPE"
    id String
    Use if type is "APP" to indicate the application id to include.
    name String
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    type string
    One of: "APP", "APP_TYPE"
    id string
    Use if type is "APP" to indicate the application id to include.
    name string
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    type str
    One of: "APP", "APP_TYPE"
    id str
    Use if type is "APP" to indicate the application id to include.
    name str
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    type String
    One of: "APP", "APP_TYPE"
    id String
    Use if type is "APP" to indicate the application id to include.
    name String
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.

    RuleMfaAppInclude, RuleMfaAppIncludeArgs

    Type string
    One of: "APP", "APP_TYPE"
    Id string
    Use if type is "APP" to indicate the application id to include.
    Name string
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    Type string
    One of: "APP", "APP_TYPE"
    Id string
    Use if type is "APP" to indicate the application id to include.
    Name string
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    type String
    One of: "APP", "APP_TYPE"
    id String
    Use if type is "APP" to indicate the application id to include.
    name String
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    type string
    One of: "APP", "APP_TYPE"
    id string
    Use if type is "APP" to indicate the application id to include.
    name string
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    type str
    One of: "APP", "APP_TYPE"
    id str
    Use if type is "APP" to indicate the application id to include.
    name str
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.
    type String
    One of: "APP", "APP_TYPE"
    id String
    Use if type is "APP" to indicate the application id to include.
    name String
    Use if the type is "APP_TYPE" to indicate the type of application(s) to include in instances where an entire group (i.e. yahoo_mail) of applications should be included.

    Import

    A Policy Rule can be imported via the Policy and Rule ID.

    $ pulumi import okta:policy/ruleMfa:RuleMfa example &#60;policy id&#62;/&#60;rule id&#62;
    

    Package Details

    Repository
    Okta pulumi/pulumi-okta
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the okta Terraform Provider.
    okta logo
    Okta v4.8.0 published on Saturday, Mar 2, 2024 by Pulumi