okta.policy.RuleMfa
Explore with Pulumi AI
This resource allows you to create and configure an MFA Policy Rule.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
{
Type = "MFA_ENROLL",
});
var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
{
PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
AppExcludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppExcludeArgs
{
Name = "okta",
Type = "APP_TYPE",
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
Type: "MFA_ENROLL",
}, nil)
if err != nil {
return err
}
_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
PolicyId: *pulumi.String(exampleDefaultPolicy.Id),
AppExcludes: policy.RuleMfaAppExcludeArray{
&policy.RuleMfaAppExcludeArgs{
Name: pulumi.String("okta"),
Type: pulumi.String("APP_TYPE"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
import com.pulumi.okta.app.OAuth;
import com.pulumi.okta.app.OAuthArgs;
import com.pulumi.okta.policy.RuleMfa;
import com.pulumi.okta.policy.RuleMfaArgs;
import com.pulumi.okta.policy.inputs.RuleMfaAppIncludeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
.type("MFA_ENROLL")
.build());
var exampleOAuth = new OAuth("exampleOAuth", OAuthArgs.builder()
.label("My App")
.type("web")
.grantTypes("authorization_code")
.redirectUris("http://localhost:8000")
.responseTypes("code")
.skipGroups(true)
.build());
var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()
.policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
.status("ACTIVE")
.enroll("LOGIN")
.appIncludes(
RuleMfaAppIncludeArgs.builder()
.id(exampleOAuth.id())
.type("APP")
.build(),
RuleMfaAppIncludeArgs.builder()
.type("APP_TYPE")
.name("yahoo_mail")
.build())
.build());
}
}
import pulumi
import pulumi_okta as okta
example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa",
policy_id=example_default_policy.id,
app_excludes=[okta.policy.RuleMfaAppExcludeArgs(
name="okta",
type="APP_TYPE",
)])
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
type: "MFA_ENROLL",
});
const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {
policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id),
appExcludes: [{
name: "okta",
type: "APP_TYPE",
}],
});
resources:
exampleRuleMfa:
type: okta:policy:RuleMfa
properties:
policyId: ${exampleDefaultPolicy.id}
status: ACTIVE
enroll: LOGIN
appIncludes:
- id: ${exampleOAuth.id}
type: APP
- type: APP_TYPE
name: yahoo_mail
exampleOAuth:
type: okta:app:OAuth
properties:
label: My App
type: web
grantTypes:
- authorization_code
redirectUris:
- http://localhost:8000
responseTypes:
- code
skipGroups: true
variables:
exampleDefaultPolicy:
fn::invoke:
Function: okta:policy:getDefaultPolicy
Arguments:
type: MFA_ENROLL
section corresponds to the following config
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
{
Type = "MFA_ENROLL",
});
var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
{
PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
AppExcludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppExcludeArgs
{
Name = "okta",
Type = "APP_TYPE",
},
},
AppIncludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
{
Id = "some_app_id",
Type = "APP",
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
Type: "MFA_ENROLL",
}, nil)
if err != nil {
return err
}
_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
PolicyId: *pulumi.String(exampleDefaultPolicy.Id),
AppExcludes: policy.RuleMfaAppExcludeArray{
&policy.RuleMfaAppExcludeArgs{
Name: pulumi.String("okta"),
Type: pulumi.String("APP_TYPE"),
},
},
AppIncludes: policy.RuleMfaAppIncludeArray{
&policy.RuleMfaAppIncludeArgs{
Id: pulumi.String("some_app_id"),
Type: pulumi.String("APP"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
import com.pulumi.okta.policy.RuleMfa;
import com.pulumi.okta.policy.RuleMfaArgs;
import com.pulumi.okta.policy.inputs.RuleMfaAppExcludeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
.type("MFA_ENROLL")
.build());
var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()
.policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
.appExcludes(RuleMfaAppExcludeArgs.builder()
.name("okta")
.type("APP_TYPE")
.build())
.build());
}
}
import pulumi
import pulumi_okta as okta
example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa",
policy_id=example_default_policy.id,
app_excludes=[okta.policy.RuleMfaAppExcludeArgs(
name="okta",
type="APP_TYPE",
)],
app_includes=[okta.policy.RuleMfaAppIncludeArgs(
id="some_app_id",
type="APP",
)])
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
type: "MFA_ENROLL",
});
const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {
policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id),
appExcludes: [{
name: "okta",
type: "APP_TYPE",
}],
appIncludes: [{
id: "some_app_id",
type: "APP",
}],
});
resources:
exampleRuleMfa:
type: okta:policy:RuleMfa
properties:
policyId: ${exampleDefaultPolicy.id}
appExcludes:
- name: okta
type: APP_TYPE
variables:
exampleDefaultPolicy:
fn::invoke:
Function: okta:policy:getDefaultPolicy
Arguments:
type: MFA_ENROLL
section corresponds to the following config
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
{
Type = "MFA_ENROLL",
});
var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
{
PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
AppIncludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
{
Name = "okta",
Type = "APP_TYPE",
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
Type: "MFA_ENROLL",
}, nil)
if err != nil {
return err
}
_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
PolicyId: *pulumi.String(exampleDefaultPolicy.Id),
AppIncludes: policy.RuleMfaAppIncludeArray{
&policy.RuleMfaAppIncludeArgs{
Name: pulumi.String("okta"),
Type: pulumi.String("APP_TYPE"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
import com.pulumi.okta.policy.RuleMfa;
import com.pulumi.okta.policy.RuleMfaArgs;
import com.pulumi.okta.policy.inputs.RuleMfaAppExcludeArgs;
import com.pulumi.okta.policy.inputs.RuleMfaAppIncludeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
.type("MFA_ENROLL")
.build());
var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()
.policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
.appExcludes(RuleMfaAppExcludeArgs.builder()
.name("okta")
.type("APP_TYPE")
.build())
.appIncludes(RuleMfaAppIncludeArgs.builder()
.id("some_app_id")
.type("APP")
.build())
.build());
}
}
import pulumi
import pulumi_okta as okta
example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa",
policy_id=example_default_policy.id,
app_includes=[okta.policy.RuleMfaAppIncludeArgs(
name="okta",
type="APP_TYPE",
)])
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
type: "MFA_ENROLL",
});
const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {
policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id),
appIncludes: [{
name: "okta",
type: "APP_TYPE",
}],
});
resources:
exampleRuleMfa:
type: okta:policy:RuleMfa
properties:
policyId: ${exampleDefaultPolicy.id}
appExcludes:
- name: okta
type: APP_TYPE
appIncludes:
- id: some_app_id
type: APP
variables:
exampleDefaultPolicy:
fn::invoke:
Function: okta:policy:getDefaultPolicy
Arguments:
type: MFA_ENROLL
section corresponds to the following config
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
{
Type = "MFA_ENROLL",
});
var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
{
PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
});
});
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
Type: "MFA_ENROLL",
}, nil)
if err != nil {
return err
}
_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
PolicyId: *pulumi.String(exampleDefaultPolicy.Id),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
import com.pulumi.okta.policy.RuleMfa;
import com.pulumi.okta.policy.RuleMfaArgs;
import com.pulumi.okta.policy.inputs.RuleMfaAppIncludeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
.type("MFA_ENROLL")
.build());
var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()
.policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
.appIncludes(RuleMfaAppIncludeArgs.builder()
.name("okta")
.type("APP_TYPE")
.build())
.build());
}
}
import pulumi
import pulumi_okta as okta
example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa", policy_id=example_default_policy.id)
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
type: "MFA_ENROLL",
});
const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id)});
resources:
exampleRuleMfa:
type: okta:policy:RuleMfa
properties:
policyId: ${exampleDefaultPolicy.id}
appIncludes:
- name: okta
type: APP_TYPE
variables:
exampleDefaultPolicy:
fn::invoke:
Function: okta:policy:getDefaultPolicy
Arguments:
type: MFA_ENROLL
section corresponds to the following config
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
{
Type = "MFA_ENROLL",
});
var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
{
PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
AppIncludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
{
Name = "okta",
Type = "APP_TYPE",
},
new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
{
Id = "some_app_id",
Type = "APP",
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
Type: "MFA_ENROLL",
}, nil)
if err != nil {
return err
}
_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
PolicyId: *pulumi.String(exampleDefaultPolicy.Id),
AppIncludes: policy.RuleMfaAppIncludeArray{
&policy.RuleMfaAppIncludeArgs{
Name: pulumi.String("okta"),
Type: pulumi.String("APP_TYPE"),
},
&policy.RuleMfaAppIncludeArgs{
Id: pulumi.String("some_app_id"),
Type: pulumi.String("APP"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
import com.pulumi.okta.policy.RuleMfa;
import com.pulumi.okta.policy.RuleMfaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
.type("MFA_ENROLL")
.build());
var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()
.policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
.build());
}
}
import pulumi
import pulumi_okta as okta
example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa",
policy_id=example_default_policy.id,
app_includes=[
okta.policy.RuleMfaAppIncludeArgs(
name="okta",
type="APP_TYPE",
),
okta.policy.RuleMfaAppIncludeArgs(
id="some_app_id",
type="APP",
),
])
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
type: "MFA_ENROLL",
});
const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {
policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id),
appIncludes: [
{
name: "okta",
type: "APP_TYPE",
},
{
id: "some_app_id",
type: "APP",
},
],
});
resources:
exampleRuleMfa:
type: okta:policy:RuleMfa
properties:
policyId: ${exampleDefaultPolicy.id}
variables:
exampleDefaultPolicy:
fn::invoke:
Function: okta:policy:getDefaultPolicy
Arguments:
type: MFA_ENROLL
section corresponds to the following config
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
import com.pulumi.okta.policy.RuleMfa;
import com.pulumi.okta.policy.RuleMfaArgs;
import com.pulumi.okta.policy.inputs.RuleMfaAppIncludeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
.type("MFA_ENROLL")
.build());
var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()
.policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
.appIncludes(
RuleMfaAppIncludeArgs.builder()
.name("okta")
.type("APP_TYPE")
.build(),
RuleMfaAppIncludeArgs.builder()
.id("some_app_id")
.type("APP")
.build())
.build());
}
}
Coming soon!
Coming soon!
resources:
exampleRuleMfa:
type: okta:policy:RuleMfa
properties:
policyId: ${exampleDefaultPolicy.id}
appIncludes:
- name: okta
type: APP_TYPE
- id: some_app_id
type: APP
variables:
exampleDefaultPolicy:
fn::invoke:
Function: okta:policy:getDefaultPolicy
Arguments:
type: MFA_ENROLL
Create RuleMfa Resource
new RuleMfa(name: string, args?: RuleMfaArgs, opts?: CustomResourceOptions);
@overload
def RuleMfa(resource_name: str,
opts: Optional[ResourceOptions] = None,
app_excludes: Optional[Sequence[RuleMfaAppExcludeArgs]] = None,
app_includes: Optional[Sequence[RuleMfaAppIncludeArgs]] = None,
enroll: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
status: Optional[str] = None,
users_excludeds: Optional[Sequence[str]] = None)
@overload
def RuleMfa(resource_name: str,
args: Optional[RuleMfaArgs] = None,
opts: Optional[ResourceOptions] = None)
func NewRuleMfa(ctx *Context, name string, args *RuleMfaArgs, opts ...ResourceOption) (*RuleMfa, error)
public RuleMfa(string name, RuleMfaArgs? args = null, CustomResourceOptions? opts = null)
public RuleMfa(String name, RuleMfaArgs args)
public RuleMfa(String name, RuleMfaArgs args, CustomResourceOptions options)
type: okta:policy:RuleMfa
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
RuleMfa Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The RuleMfa resource accepts the following input properties:
- App
Excludes List<RuleMfa App Exclude> - Applications to exclude
- App
Includes List<RuleMfa App Include> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- Enroll string
- When a user should be prompted for MFA. It can be
"CHALLENGE"
,"LOGIN"
, or"NEVER"
. - Name string
- Use if the
type
is"APP_TYPE"
to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail
) of applications should be included. - Network
Connection string - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - Network
Excludes List<string> - The network zones to exclude. Conflicts with
network_includes
. - Network
Includes List<string> - The network zones to include. Conflicts with
network_excludes
. - Policy
Id string - Policy ID.
- Priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Status string
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - Users
Excludeds List<string> - Set of User IDs to Exclude
- App
Excludes []RuleMfa App Exclude Args - Applications to exclude
- App
Includes []RuleMfa App Include Args - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- Enroll string
- When a user should be prompted for MFA. It can be
"CHALLENGE"
,"LOGIN"
, or"NEVER"
. - Name string
- Use if the
type
is"APP_TYPE"
to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail
) of applications should be included. - Network
Connection string - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - Network
Excludes []string - The network zones to exclude. Conflicts with
network_includes
. - Network
Includes []string - The network zones to include. Conflicts with
network_excludes
. - Policy
Id string - Policy ID.
- Priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Status string
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - Users
Excludeds []string - Set of User IDs to Exclude
- app
Excludes List<RuleMfa App Exclude> - Applications to exclude
- app
Includes List<RuleMfa App Include> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll String
- When a user should be prompted for MFA. It can be
"CHALLENGE"
,"LOGIN"
, or"NEVER"
. - name String
- Use if the
type
is"APP_TYPE"
to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail
) of applications should be included. - network
Connection String - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network
Excludes List<String> - The network zones to exclude. Conflicts with
network_includes
. - network
Includes List<String> - The network zones to include. Conflicts with
network_excludes
. - policy
Id String - Policy ID.
- priority Integer
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status String
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users
Excludeds List<String> - Set of User IDs to Exclude
- app
Excludes RuleMfa App Exclude[] - Applications to exclude
- app
Includes RuleMfa App Include[] - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll string
- When a user should be prompted for MFA. It can be
"CHALLENGE"
,"LOGIN"
, or"NEVER"
. - name string
- Use if the
type
is"APP_TYPE"
to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail
) of applications should be included. - network
Connection string - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network
Excludes string[] - The network zones to exclude. Conflicts with
network_includes
. - network
Includes string[] - The network zones to include. Conflicts with
network_excludes
. - policy
Id string - Policy ID.
- priority number
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status string
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users
Excludeds string[] - Set of User IDs to Exclude
- app_
excludes Sequence[RuleMfa App Exclude Args] - Applications to exclude
- app_
includes Sequence[RuleMfa App Include Args] - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll str
- When a user should be prompted for MFA. It can be
"CHALLENGE"
,"LOGIN"
, or"NEVER"
. - name str
- Use if the
type
is"APP_TYPE"
to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail
) of applications should be included. - network_
connection str - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network_
excludes Sequence[str] - The network zones to exclude. Conflicts with
network_includes
. - network_
includes Sequence[str] - The network zones to include. Conflicts with
network_excludes
. - policy_
id str - Policy ID.
- priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status str
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users_
excludeds Sequence[str] - Set of User IDs to Exclude
- app
Excludes List<Property Map> - Applications to exclude
- app
Includes List<Property Map> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll String
- When a user should be prompted for MFA. It can be
"CHALLENGE"
,"LOGIN"
, or"NEVER"
. - name String
- Use if the
type
is"APP_TYPE"
to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail
) of applications should be included. - network
Connection String - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network
Excludes List<String> - The network zones to exclude. Conflicts with
network_includes
. - network
Includes List<String> - The network zones to include. Conflicts with
network_excludes
. - policy
Id String - Policy ID.
- priority Number
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status String
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users
Excludeds List<String> - Set of User IDs to Exclude
Outputs
All input properties are implicitly available as output properties. Additionally, the RuleMfa resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing RuleMfa Resource
Get an existing RuleMfa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RuleMfaState, opts?: CustomResourceOptions): RuleMfa
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
app_excludes: Optional[Sequence[RuleMfaAppExcludeArgs]] = None,
app_includes: Optional[Sequence[RuleMfaAppIncludeArgs]] = None,
enroll: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
status: Optional[str] = None,
users_excludeds: Optional[Sequence[str]] = None) -> RuleMfa
func GetRuleMfa(ctx *Context, name string, id IDInput, state *RuleMfaState, opts ...ResourceOption) (*RuleMfa, error)
public static RuleMfa Get(string name, Input<string> id, RuleMfaState? state, CustomResourceOptions? opts = null)
public static RuleMfa get(String name, Output<String> id, RuleMfaState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- App
Excludes List<RuleMfa App Exclude> - Applications to exclude
- App
Includes List<RuleMfa App Include> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- Enroll string
- When a user should be prompted for MFA. It can be
"CHALLENGE"
,"LOGIN"
, or"NEVER"
. - Name string
- Use if the
type
is"APP_TYPE"
to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail
) of applications should be included. - Network
Connection string - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - Network
Excludes List<string> - The network zones to exclude. Conflicts with
network_includes
. - Network
Includes List<string> - The network zones to include. Conflicts with
network_excludes
. - Policy
Id string - Policy ID.
- Priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Status string
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - Users
Excludeds List<string> - Set of User IDs to Exclude
- App
Excludes []RuleMfa App Exclude Args - Applications to exclude
- App
Includes []RuleMfa App Include Args - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- Enroll string
- When a user should be prompted for MFA. It can be
"CHALLENGE"
,"LOGIN"
, or"NEVER"
. - Name string
- Use if the
type
is"APP_TYPE"
to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail
) of applications should be included. - Network
Connection string - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - Network
Excludes []string - The network zones to exclude. Conflicts with
network_includes
. - Network
Includes []string - The network zones to include. Conflicts with
network_excludes
. - Policy
Id string - Policy ID.
- Priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Status string
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - Users
Excludeds []string - Set of User IDs to Exclude
- app
Excludes List<RuleMfa App Exclude> - Applications to exclude
- app
Includes List<RuleMfa App Include> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll String
- When a user should be prompted for MFA. It can be
"CHALLENGE"
,"LOGIN"
, or"NEVER"
. - name String
- Use if the
type
is"APP_TYPE"
to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail
) of applications should be included. - network
Connection String - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network
Excludes List<String> - The network zones to exclude. Conflicts with
network_includes
. - network
Includes List<String> - The network zones to include. Conflicts with
network_excludes
. - policy
Id String - Policy ID.
- priority Integer
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status String
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users
Excludeds List<String> - Set of User IDs to Exclude
- app
Excludes RuleMfa App Exclude[] - Applications to exclude
- app
Includes RuleMfa App Include[] - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll string
- When a user should be prompted for MFA. It can be
"CHALLENGE"
,"LOGIN"
, or"NEVER"
. - name string
- Use if the
type
is"APP_TYPE"
to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail
) of applications should be included. - network
Connection string - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network
Excludes string[] - The network zones to exclude. Conflicts with
network_includes
. - network
Includes string[] - The network zones to include. Conflicts with
network_excludes
. - policy
Id string - Policy ID.
- priority number
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status string
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users
Excludeds string[] - Set of User IDs to Exclude
- app_
excludes Sequence[RuleMfa App Exclude Args] - Applications to exclude
- app_
includes Sequence[RuleMfa App Include Args] - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll str
- When a user should be prompted for MFA. It can be
"CHALLENGE"
,"LOGIN"
, or"NEVER"
. - name str
- Use if the
type
is"APP_TYPE"
to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail
) of applications should be included. - network_
connection str - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network_
excludes Sequence[str] - The network zones to exclude. Conflicts with
network_includes
. - network_
includes Sequence[str] - The network zones to include. Conflicts with
network_excludes
. - policy_
id str - Policy ID.
- priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status str
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users_
excludeds Sequence[str] - Set of User IDs to Exclude
- app
Excludes List<Property Map> - Applications to exclude
- app
Includes List<Property Map> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll String
- When a user should be prompted for MFA. It can be
"CHALLENGE"
,"LOGIN"
, or"NEVER"
. - name String
- Use if the
type
is"APP_TYPE"
to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail
) of applications should be included. - network
Connection String - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network
Excludes List<String> - The network zones to exclude. Conflicts with
network_includes
. - network
Includes List<String> - The network zones to include. Conflicts with
network_excludes
. - policy
Id String - Policy ID.
- priority Number
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status String
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users
Excludeds List<String> - Set of User IDs to Exclude
Supporting Types
RuleMfaAppExclude, RuleMfaAppExcludeArgs
RuleMfaAppInclude, RuleMfaAppIncludeArgs
Import
A Policy Rule can be imported via the Policy and Rule ID.
$ pulumi import okta:policy/ruleMfa:RuleMfa example <policy id>/<rule id>
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.