okta.PolicyMfaDefault
Explore with Pulumi AI
Configures default MFA Policy.
This resource allows you to configure default MFA Policy.
Requires Org Feature Flag
OKTA_MFA_POLICY
. Contact support to have this feature flag enabled.
Unless Org Feature Flag
ENG_ENABLE_OPTIONAL_PASSWORD_ENROLLMENT
is disabledokta_password
orokta_email
must be present and itsenroll
value set toREQUIRED
. Contact support to have this feature flag disabled.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const classicExample = new okta.PolicyMfaDefault("classicExample", {
isOie: false,
oktaOtp: {
enroll: "REQUIRED",
},
oktaPassword: {
enroll: "REQUIRED",
},
});
const oieExample = new okta.PolicyMfaDefault("oieExample", {
isOie: true,
oktaPassword: {
enroll: "REQUIRED",
},
oktaVerify: {
enroll: "REQUIRED",
},
});
import pulumi
import pulumi_okta as okta
classic_example = okta.PolicyMfaDefault("classicExample",
is_oie=False,
okta_otp={
"enroll": "REQUIRED",
},
okta_password={
"enroll": "REQUIRED",
})
oie_example = okta.PolicyMfaDefault("oieExample",
is_oie=True,
okta_password={
"enroll": "REQUIRED",
},
okta_verify={
"enroll": "REQUIRED",
})
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := okta.NewPolicyMfaDefault(ctx, "classicExample", &okta.PolicyMfaDefaultArgs{
IsOie: pulumi.Bool(false),
OktaOtp: pulumi.StringMap{
"enroll": pulumi.String("REQUIRED"),
},
OktaPassword: pulumi.StringMap{
"enroll": pulumi.String("REQUIRED"),
},
})
if err != nil {
return err
}
_, err = okta.NewPolicyMfaDefault(ctx, "oieExample", &okta.PolicyMfaDefaultArgs{
IsOie: pulumi.Bool(true),
OktaPassword: pulumi.StringMap{
"enroll": pulumi.String("REQUIRED"),
},
OktaVerify: pulumi.StringMap{
"enroll": pulumi.String("REQUIRED"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var classicExample = new Okta.PolicyMfaDefault("classicExample", new()
{
IsOie = false,
OktaOtp =
{
{ "enroll", "REQUIRED" },
},
OktaPassword =
{
{ "enroll", "REQUIRED" },
},
});
var oieExample = new Okta.PolicyMfaDefault("oieExample", new()
{
IsOie = true,
OktaPassword =
{
{ "enroll", "REQUIRED" },
},
OktaVerify =
{
{ "enroll", "REQUIRED" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.PolicyMfaDefault;
import com.pulumi.okta.PolicyMfaDefaultArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var classicExample = new PolicyMfaDefault("classicExample", PolicyMfaDefaultArgs.builder()
.isOie(false)
.oktaOtp(Map.of("enroll", "REQUIRED"))
.oktaPassword(Map.of("enroll", "REQUIRED"))
.build());
var oieExample = new PolicyMfaDefault("oieExample", PolicyMfaDefaultArgs.builder()
.isOie(true)
.oktaPassword(Map.of("enroll", "REQUIRED"))
.oktaVerify(Map.of("enroll", "REQUIRED"))
.build());
}
}
resources:
classicExample:
type: okta:PolicyMfaDefault
properties:
isOie: false
oktaOtp:
enroll: REQUIRED
oktaPassword:
enroll: REQUIRED
oieExample:
type: okta:PolicyMfaDefault
properties:
isOie: true
oktaPassword:
enroll: REQUIRED
# The following authenticator can only be used when `is_oie` is set to true
oktaVerify:
enroll: REQUIRED
If the
okta.PolicyMfaDefault
is used in conjunction withokta.policy.Mfa
resources, ensure to use adepends_on
attribute for the default policy to ensure that all other policies are created/updated first such that thepriority
field can be appropriately computed on the first plan/apply.
Create PolicyMfaDefault Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyMfaDefault(name: string, args?: PolicyMfaDefaultArgs, opts?: CustomResourceOptions);
@overload
def PolicyMfaDefault(resource_name: str,
args: Optional[PolicyMfaDefaultArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyMfaDefault(resource_name: str,
opts: Optional[ResourceOptions] = None,
duo: Optional[Mapping[str, str]] = None,
external_idp: Optional[Mapping[str, str]] = None,
fido_u2f: Optional[Mapping[str, str]] = None,
fido_webauthn: Optional[Mapping[str, str]] = None,
google_otp: Optional[Mapping[str, str]] = None,
hotp: Optional[Mapping[str, str]] = None,
is_oie: Optional[bool] = None,
okta_call: Optional[Mapping[str, str]] = None,
okta_email: Optional[Mapping[str, str]] = None,
okta_otp: Optional[Mapping[str, str]] = None,
okta_password: Optional[Mapping[str, str]] = None,
okta_push: Optional[Mapping[str, str]] = None,
okta_question: Optional[Mapping[str, str]] = None,
okta_sms: Optional[Mapping[str, str]] = None,
okta_verify: Optional[Mapping[str, str]] = None,
onprem_mfa: Optional[Mapping[str, str]] = None,
phone_number: Optional[Mapping[str, str]] = None,
rsa_token: Optional[Mapping[str, str]] = None,
security_question: Optional[Mapping[str, str]] = None,
symantec_vip: Optional[Mapping[str, str]] = None,
webauthn: Optional[Mapping[str, str]] = None,
yubikey_token: Optional[Mapping[str, str]] = None)
func NewPolicyMfaDefault(ctx *Context, name string, args *PolicyMfaDefaultArgs, opts ...ResourceOption) (*PolicyMfaDefault, error)
public PolicyMfaDefault(string name, PolicyMfaDefaultArgs? args = null, CustomResourceOptions? opts = null)
public PolicyMfaDefault(String name, PolicyMfaDefaultArgs args)
public PolicyMfaDefault(String name, PolicyMfaDefaultArgs args, CustomResourceOptions options)
type: okta:PolicyMfaDefault
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyMfaDefaultArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyMfaDefaultArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyMfaDefaultArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyMfaDefaultArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyMfaDefaultArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var policyMfaDefaultResource = new Okta.PolicyMfaDefault("policyMfaDefaultResource", new()
{
Duo =
{
{ "string", "string" },
},
ExternalIdp =
{
{ "string", "string" },
},
FidoU2f =
{
{ "string", "string" },
},
FidoWebauthn =
{
{ "string", "string" },
},
GoogleOtp =
{
{ "string", "string" },
},
Hotp =
{
{ "string", "string" },
},
IsOie = false,
OktaCall =
{
{ "string", "string" },
},
OktaEmail =
{
{ "string", "string" },
},
OktaOtp =
{
{ "string", "string" },
},
OktaPassword =
{
{ "string", "string" },
},
OktaPush =
{
{ "string", "string" },
},
OktaQuestion =
{
{ "string", "string" },
},
OktaSms =
{
{ "string", "string" },
},
OktaVerify =
{
{ "string", "string" },
},
OnpremMfa =
{
{ "string", "string" },
},
PhoneNumber =
{
{ "string", "string" },
},
RsaToken =
{
{ "string", "string" },
},
SecurityQuestion =
{
{ "string", "string" },
},
SymantecVip =
{
{ "string", "string" },
},
Webauthn =
{
{ "string", "string" },
},
YubikeyToken =
{
{ "string", "string" },
},
});
example, err := okta.NewPolicyMfaDefault(ctx, "policyMfaDefaultResource", &okta.PolicyMfaDefaultArgs{
Duo: pulumi.StringMap{
"string": pulumi.String("string"),
},
ExternalIdp: pulumi.StringMap{
"string": pulumi.String("string"),
},
FidoU2f: pulumi.StringMap{
"string": pulumi.String("string"),
},
FidoWebauthn: pulumi.StringMap{
"string": pulumi.String("string"),
},
GoogleOtp: pulumi.StringMap{
"string": pulumi.String("string"),
},
Hotp: pulumi.StringMap{
"string": pulumi.String("string"),
},
IsOie: pulumi.Bool(false),
OktaCall: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaEmail: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaOtp: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaPassword: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaPush: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaQuestion: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaSms: pulumi.StringMap{
"string": pulumi.String("string"),
},
OktaVerify: pulumi.StringMap{
"string": pulumi.String("string"),
},
OnpremMfa: pulumi.StringMap{
"string": pulumi.String("string"),
},
PhoneNumber: pulumi.StringMap{
"string": pulumi.String("string"),
},
RsaToken: pulumi.StringMap{
"string": pulumi.String("string"),
},
SecurityQuestion: pulumi.StringMap{
"string": pulumi.String("string"),
},
SymantecVip: pulumi.StringMap{
"string": pulumi.String("string"),
},
Webauthn: pulumi.StringMap{
"string": pulumi.String("string"),
},
YubikeyToken: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var policyMfaDefaultResource = new PolicyMfaDefault("policyMfaDefaultResource", PolicyMfaDefaultArgs.builder()
.duo(Map.of("string", "string"))
.externalIdp(Map.of("string", "string"))
.fidoU2f(Map.of("string", "string"))
.fidoWebauthn(Map.of("string", "string"))
.googleOtp(Map.of("string", "string"))
.hotp(Map.of("string", "string"))
.isOie(false)
.oktaCall(Map.of("string", "string"))
.oktaEmail(Map.of("string", "string"))
.oktaOtp(Map.of("string", "string"))
.oktaPassword(Map.of("string", "string"))
.oktaPush(Map.of("string", "string"))
.oktaQuestion(Map.of("string", "string"))
.oktaSms(Map.of("string", "string"))
.oktaVerify(Map.of("string", "string"))
.onpremMfa(Map.of("string", "string"))
.phoneNumber(Map.of("string", "string"))
.rsaToken(Map.of("string", "string"))
.securityQuestion(Map.of("string", "string"))
.symantecVip(Map.of("string", "string"))
.webauthn(Map.of("string", "string"))
.yubikeyToken(Map.of("string", "string"))
.build());
policy_mfa_default_resource = okta.PolicyMfaDefault("policyMfaDefaultResource",
duo={
"string": "string",
},
external_idp={
"string": "string",
},
fido_u2f={
"string": "string",
},
fido_webauthn={
"string": "string",
},
google_otp={
"string": "string",
},
hotp={
"string": "string",
},
is_oie=False,
okta_call={
"string": "string",
},
okta_email={
"string": "string",
},
okta_otp={
"string": "string",
},
okta_password={
"string": "string",
},
okta_push={
"string": "string",
},
okta_question={
"string": "string",
},
okta_sms={
"string": "string",
},
okta_verify={
"string": "string",
},
onprem_mfa={
"string": "string",
},
phone_number={
"string": "string",
},
rsa_token={
"string": "string",
},
security_question={
"string": "string",
},
symantec_vip={
"string": "string",
},
webauthn={
"string": "string",
},
yubikey_token={
"string": "string",
})
const policyMfaDefaultResource = new okta.PolicyMfaDefault("policyMfaDefaultResource", {
duo: {
string: "string",
},
externalIdp: {
string: "string",
},
fidoU2f: {
string: "string",
},
fidoWebauthn: {
string: "string",
},
googleOtp: {
string: "string",
},
hotp: {
string: "string",
},
isOie: false,
oktaCall: {
string: "string",
},
oktaEmail: {
string: "string",
},
oktaOtp: {
string: "string",
},
oktaPassword: {
string: "string",
},
oktaPush: {
string: "string",
},
oktaQuestion: {
string: "string",
},
oktaSms: {
string: "string",
},
oktaVerify: {
string: "string",
},
onpremMfa: {
string: "string",
},
phoneNumber: {
string: "string",
},
rsaToken: {
string: "string",
},
securityQuestion: {
string: "string",
},
symantecVip: {
string: "string",
},
webauthn: {
string: "string",
},
yubikeyToken: {
string: "string",
},
});
type: okta:PolicyMfaDefault
properties:
duo:
string: string
externalIdp:
string: string
fidoU2f:
string: string
fidoWebauthn:
string: string
googleOtp:
string: string
hotp:
string: string
isOie: false
oktaCall:
string: string
oktaEmail:
string: string
oktaOtp:
string: string
oktaPassword:
string: string
oktaPush:
string: string
oktaQuestion:
string: string
oktaSms:
string: string
oktaVerify:
string: string
onpremMfa:
string: string
phoneNumber:
string: string
rsaToken:
string: string
securityQuestion:
string: string
symantecVip:
string: string
webauthn:
string: string
yubikeyToken:
string: string
PolicyMfaDefault Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The PolicyMfaDefault resource accepts the following input properties:
- Duo Dictionary<string, string>
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- External
Idp Dictionary<string, string> - External IDP MFA policy settings (✓ OIE).
- Fido
U2f Dictionary<string, string> - Fido U2F MFA policy settings (✓ Classic).
- Fido
Webauthn Dictionary<string, string> - Fido Web Authn MFA policy settings (✓ Classic).
- Google
Otp Dictionary<string, string> - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- Hotp Dictionary<string, string>
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- Is
Oie bool Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- Okta
Call Dictionary<string, string> - Okta Call MFA policy settings (✓ Classic).
- Okta
Email Dictionary<string, string> - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Otp Dictionary<string, string> - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- Okta
Password Dictionary<string, string> - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Push Dictionary<string, string> - Okta Push MFA policy settings (✓ Classic).
- Okta
Question Dictionary<string, string> - Okta Question MFA policy settings (✓ Classic).
- Okta
Sms Dictionary<string, string> - Okta SMS MFA policy settings (✓ Classic).
- Okta
Verify Dictionary<string, string> - Okta Verify MFA policy settings (✓ OIE).
- Onprem
Mfa Dictionary<string, string> - On-Prem MFA MFA policy settings (✓ OIE).
- Phone
Number Dictionary<string, string> - Phone Number MFA policy settings (✓ OIE).
- Rsa
Token Dictionary<string, string> - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- Security
Question Dictionary<string, string> - Security Question MFA policy settings (✓ OIE).
- Symantec
Vip Dictionary<string, string> - Symantec VIP MFA policy settings (✓ Classic).
- Webauthn Dictionary<string, string>
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- Yubikey
Token Dictionary<string, string> - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- Duo map[string]string
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- External
Idp map[string]string - External IDP MFA policy settings (✓ OIE).
- Fido
U2f map[string]string - Fido U2F MFA policy settings (✓ Classic).
- Fido
Webauthn map[string]string - Fido Web Authn MFA policy settings (✓ Classic).
- Google
Otp map[string]string - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- Hotp map[string]string
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- Is
Oie bool Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- Okta
Call map[string]string - Okta Call MFA policy settings (✓ Classic).
- Okta
Email map[string]string - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Otp map[string]string - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- Okta
Password map[string]string - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Push map[string]string - Okta Push MFA policy settings (✓ Classic).
- Okta
Question map[string]string - Okta Question MFA policy settings (✓ Classic).
- Okta
Sms map[string]string - Okta SMS MFA policy settings (✓ Classic).
- Okta
Verify map[string]string - Okta Verify MFA policy settings (✓ OIE).
- Onprem
Mfa map[string]string - On-Prem MFA MFA policy settings (✓ OIE).
- Phone
Number map[string]string - Phone Number MFA policy settings (✓ OIE).
- Rsa
Token map[string]string - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- Security
Question map[string]string - Security Question MFA policy settings (✓ OIE).
- Symantec
Vip map[string]string - Symantec VIP MFA policy settings (✓ Classic).
- Webauthn map[string]string
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- Yubikey
Token map[string]string - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- duo Map<String,String>
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external
Idp Map<String,String> - External IDP MFA policy settings (✓ OIE).
- fido
U2f Map<String,String> - Fido U2F MFA policy settings (✓ Classic).
- fido
Webauthn Map<String,String> - Fido Web Authn MFA policy settings (✓ Classic).
- google
Otp Map<String,String> - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- hotp Map<String,String>
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is
Oie Boolean Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- okta
Call Map<String,String> - Okta Call MFA policy settings (✓ Classic).
- okta
Email Map<String,String> - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta
Otp Map<String,String> - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta
Password Map<String,String> - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta
Push Map<String,String> - Okta Push MFA policy settings (✓ Classic).
- okta
Question Map<String,String> - Okta Question MFA policy settings (✓ Classic).
- okta
Sms Map<String,String> - Okta SMS MFA policy settings (✓ Classic).
- okta
Verify Map<String,String> - Okta Verify MFA policy settings (✓ OIE).
- onprem
Mfa Map<String,String> - On-Prem MFA MFA policy settings (✓ OIE).
- phone
Number Map<String,String> - Phone Number MFA policy settings (✓ OIE).
- rsa
Token Map<String,String> - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security
Question Map<String,String> - Security Question MFA policy settings (✓ OIE).
- symantec
Vip Map<String,String> - Symantec VIP MFA policy settings (✓ Classic).
- webauthn Map<String,String>
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey
Token Map<String,String> - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- duo {[key: string]: string}
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external
Idp {[key: string]: string} - External IDP MFA policy settings (✓ OIE).
- fido
U2f {[key: string]: string} - Fido U2F MFA policy settings (✓ Classic).
- fido
Webauthn {[key: string]: string} - Fido Web Authn MFA policy settings (✓ Classic).
- google
Otp {[key: string]: string} - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- hotp {[key: string]: string}
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is
Oie boolean Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- okta
Call {[key: string]: string} - Okta Call MFA policy settings (✓ Classic).
- okta
Email {[key: string]: string} - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta
Otp {[key: string]: string} - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta
Password {[key: string]: string} - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta
Push {[key: string]: string} - Okta Push MFA policy settings (✓ Classic).
- okta
Question {[key: string]: string} - Okta Question MFA policy settings (✓ Classic).
- okta
Sms {[key: string]: string} - Okta SMS MFA policy settings (✓ Classic).
- okta
Verify {[key: string]: string} - Okta Verify MFA policy settings (✓ OIE).
- onprem
Mfa {[key: string]: string} - On-Prem MFA MFA policy settings (✓ OIE).
- phone
Number {[key: string]: string} - Phone Number MFA policy settings (✓ OIE).
- rsa
Token {[key: string]: string} - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security
Question {[key: string]: string} - Security Question MFA policy settings (✓ OIE).
- symantec
Vip {[key: string]: string} - Symantec VIP MFA policy settings (✓ Classic).
- webauthn {[key: string]: string}
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey
Token {[key: string]: string} - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- duo Mapping[str, str]
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external_
idp Mapping[str, str] - External IDP MFA policy settings (✓ OIE).
- fido_
u2f Mapping[str, str] - Fido U2F MFA policy settings (✓ Classic).
- fido_
webauthn Mapping[str, str] - Fido Web Authn MFA policy settings (✓ Classic).
- google_
otp Mapping[str, str] - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- hotp Mapping[str, str]
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is_
oie bool Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- okta_
call Mapping[str, str] - Okta Call MFA policy settings (✓ Classic).
- okta_
email Mapping[str, str] - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta_
otp Mapping[str, str] - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta_
password Mapping[str, str] - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta_
push Mapping[str, str] - Okta Push MFA policy settings (✓ Classic).
- okta_
question Mapping[str, str] - Okta Question MFA policy settings (✓ Classic).
- okta_
sms Mapping[str, str] - Okta SMS MFA policy settings (✓ Classic).
- okta_
verify Mapping[str, str] - Okta Verify MFA policy settings (✓ OIE).
- onprem_
mfa Mapping[str, str] - On-Prem MFA MFA policy settings (✓ OIE).
- phone_
number Mapping[str, str] - Phone Number MFA policy settings (✓ OIE).
- rsa_
token Mapping[str, str] - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security_
question Mapping[str, str] - Security Question MFA policy settings (✓ OIE).
- symantec_
vip Mapping[str, str] - Symantec VIP MFA policy settings (✓ Classic).
- webauthn Mapping[str, str]
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey_
token Mapping[str, str] - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- duo Map<String>
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external
Idp Map<String> - External IDP MFA policy settings (✓ OIE).
- fido
U2f Map<String> - Fido U2F MFA policy settings (✓ Classic).
- fido
Webauthn Map<String> - Fido Web Authn MFA policy settings (✓ Classic).
- google
Otp Map<String> - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- hotp Map<String>
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is
Oie Boolean Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- okta
Call Map<String> - Okta Call MFA policy settings (✓ Classic).
- okta
Email Map<String> - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta
Otp Map<String> - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta
Password Map<String> - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta
Push Map<String> - Okta Push MFA policy settings (✓ Classic).
- okta
Question Map<String> - Okta Question MFA policy settings (✓ Classic).
- okta
Sms Map<String> - Okta SMS MFA policy settings (✓ Classic).
- okta
Verify Map<String> - Okta Verify MFA policy settings (✓ OIE).
- onprem
Mfa Map<String> - On-Prem MFA MFA policy settings (✓ OIE).
- phone
Number Map<String> - Phone Number MFA policy settings (✓ OIE).
- rsa
Token Map<String> - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security
Question Map<String> - Security Question MFA policy settings (✓ OIE).
- symantec
Vip Map<String> - Symantec VIP MFA policy settings (✓ Classic).
- webauthn Map<String>
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey
Token Map<String> - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyMfaDefault resource produces the following output properties:
- Default
Included stringGroup Id - ID of the default Okta group.
- Description string
- Default policy description.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Default policy name.
- Priority int
- Default policy priority.
- Status string
- Default policy status.
- Default
Included stringGroup Id - ID of the default Okta group.
- Description string
- Default policy description.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Default policy name.
- Priority int
- Default policy priority.
- Status string
- Default policy status.
- default
Included StringGroup Id - ID of the default Okta group.
- description String
- Default policy description.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Default policy name.
- priority Integer
- Default policy priority.
- status String
- Default policy status.
- default
Included stringGroup Id - ID of the default Okta group.
- description string
- Default policy description.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Default policy name.
- priority number
- Default policy priority.
- status string
- Default policy status.
- default_
included_ strgroup_ id - ID of the default Okta group.
- description str
- Default policy description.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Default policy name.
- priority int
- Default policy priority.
- status str
- Default policy status.
- default
Included StringGroup Id - ID of the default Okta group.
- description String
- Default policy description.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Default policy name.
- priority Number
- Default policy priority.
- status String
- Default policy status.
Look up Existing PolicyMfaDefault Resource
Get an existing PolicyMfaDefault resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyMfaDefaultState, opts?: CustomResourceOptions): PolicyMfaDefault
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
default_included_group_id: Optional[str] = None,
description: Optional[str] = None,
duo: Optional[Mapping[str, str]] = None,
external_idp: Optional[Mapping[str, str]] = None,
fido_u2f: Optional[Mapping[str, str]] = None,
fido_webauthn: Optional[Mapping[str, str]] = None,
google_otp: Optional[Mapping[str, str]] = None,
hotp: Optional[Mapping[str, str]] = None,
is_oie: Optional[bool] = None,
name: Optional[str] = None,
okta_call: Optional[Mapping[str, str]] = None,
okta_email: Optional[Mapping[str, str]] = None,
okta_otp: Optional[Mapping[str, str]] = None,
okta_password: Optional[Mapping[str, str]] = None,
okta_push: Optional[Mapping[str, str]] = None,
okta_question: Optional[Mapping[str, str]] = None,
okta_sms: Optional[Mapping[str, str]] = None,
okta_verify: Optional[Mapping[str, str]] = None,
onprem_mfa: Optional[Mapping[str, str]] = None,
phone_number: Optional[Mapping[str, str]] = None,
priority: Optional[int] = None,
rsa_token: Optional[Mapping[str, str]] = None,
security_question: Optional[Mapping[str, str]] = None,
status: Optional[str] = None,
symantec_vip: Optional[Mapping[str, str]] = None,
webauthn: Optional[Mapping[str, str]] = None,
yubikey_token: Optional[Mapping[str, str]] = None) -> PolicyMfaDefault
func GetPolicyMfaDefault(ctx *Context, name string, id IDInput, state *PolicyMfaDefaultState, opts ...ResourceOption) (*PolicyMfaDefault, error)
public static PolicyMfaDefault Get(string name, Input<string> id, PolicyMfaDefaultState? state, CustomResourceOptions? opts = null)
public static PolicyMfaDefault get(String name, Output<String> id, PolicyMfaDefaultState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Default
Included stringGroup Id - ID of the default Okta group.
- Description string
- Default policy description.
- Duo Dictionary<string, string>
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- External
Idp Dictionary<string, string> - External IDP MFA policy settings (✓ OIE).
- Fido
U2f Dictionary<string, string> - Fido U2F MFA policy settings (✓ Classic).
- Fido
Webauthn Dictionary<string, string> - Fido Web Authn MFA policy settings (✓ Classic).
- Google
Otp Dictionary<string, string> - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- Hotp Dictionary<string, string>
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- Is
Oie bool Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- Name string
- Default policy name.
- Okta
Call Dictionary<string, string> - Okta Call MFA policy settings (✓ Classic).
- Okta
Email Dictionary<string, string> - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Otp Dictionary<string, string> - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- Okta
Password Dictionary<string, string> - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Push Dictionary<string, string> - Okta Push MFA policy settings (✓ Classic).
- Okta
Question Dictionary<string, string> - Okta Question MFA policy settings (✓ Classic).
- Okta
Sms Dictionary<string, string> - Okta SMS MFA policy settings (✓ Classic).
- Okta
Verify Dictionary<string, string> - Okta Verify MFA policy settings (✓ OIE).
- Onprem
Mfa Dictionary<string, string> - On-Prem MFA MFA policy settings (✓ OIE).
- Phone
Number Dictionary<string, string> - Phone Number MFA policy settings (✓ OIE).
- Priority int
- Default policy priority.
- Rsa
Token Dictionary<string, string> - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- Security
Question Dictionary<string, string> - Security Question MFA policy settings (✓ OIE).
- Status string
- Default policy status.
- Symantec
Vip Dictionary<string, string> - Symantec VIP MFA policy settings (✓ Classic).
- Webauthn Dictionary<string, string>
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- Yubikey
Token Dictionary<string, string> - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- Default
Included stringGroup Id - ID of the default Okta group.
- Description string
- Default policy description.
- Duo map[string]string
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- External
Idp map[string]string - External IDP MFA policy settings (✓ OIE).
- Fido
U2f map[string]string - Fido U2F MFA policy settings (✓ Classic).
- Fido
Webauthn map[string]string - Fido Web Authn MFA policy settings (✓ Classic).
- Google
Otp map[string]string - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- Hotp map[string]string
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- Is
Oie bool Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- Name string
- Default policy name.
- Okta
Call map[string]string - Okta Call MFA policy settings (✓ Classic).
- Okta
Email map[string]string - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Otp map[string]string - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- Okta
Password map[string]string - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- Okta
Push map[string]string - Okta Push MFA policy settings (✓ Classic).
- Okta
Question map[string]string - Okta Question MFA policy settings (✓ Classic).
- Okta
Sms map[string]string - Okta SMS MFA policy settings (✓ Classic).
- Okta
Verify map[string]string - Okta Verify MFA policy settings (✓ OIE).
- Onprem
Mfa map[string]string - On-Prem MFA MFA policy settings (✓ OIE).
- Phone
Number map[string]string - Phone Number MFA policy settings (✓ OIE).
- Priority int
- Default policy priority.
- Rsa
Token map[string]string - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- Security
Question map[string]string - Security Question MFA policy settings (✓ OIE).
- Status string
- Default policy status.
- Symantec
Vip map[string]string - Symantec VIP MFA policy settings (✓ Classic).
- Webauthn map[string]string
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- Yubikey
Token map[string]string - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- default
Included StringGroup Id - ID of the default Okta group.
- description String
- Default policy description.
- duo Map<String,String>
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external
Idp Map<String,String> - External IDP MFA policy settings (✓ OIE).
- fido
U2f Map<String,String> - Fido U2F MFA policy settings (✓ Classic).
- fido
Webauthn Map<String,String> - Fido Web Authn MFA policy settings (✓ Classic).
- google
Otp Map<String,String> - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- hotp Map<String,String>
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is
Oie Boolean Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- name String
- Default policy name.
- okta
Call Map<String,String> - Okta Call MFA policy settings (✓ Classic).
- okta
Email Map<String,String> - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta
Otp Map<String,String> - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta
Password Map<String,String> - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta
Push Map<String,String> - Okta Push MFA policy settings (✓ Classic).
- okta
Question Map<String,String> - Okta Question MFA policy settings (✓ Classic).
- okta
Sms Map<String,String> - Okta SMS MFA policy settings (✓ Classic).
- okta
Verify Map<String,String> - Okta Verify MFA policy settings (✓ OIE).
- onprem
Mfa Map<String,String> - On-Prem MFA MFA policy settings (✓ OIE).
- phone
Number Map<String,String> - Phone Number MFA policy settings (✓ OIE).
- priority Integer
- Default policy priority.
- rsa
Token Map<String,String> - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security
Question Map<String,String> - Security Question MFA policy settings (✓ OIE).
- status String
- Default policy status.
- symantec
Vip Map<String,String> - Symantec VIP MFA policy settings (✓ Classic).
- webauthn Map<String,String>
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey
Token Map<String,String> - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- default
Included stringGroup Id - ID of the default Okta group.
- description string
- Default policy description.
- duo {[key: string]: string}
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external
Idp {[key: string]: string} - External IDP MFA policy settings (✓ OIE).
- fido
U2f {[key: string]: string} - Fido U2F MFA policy settings (✓ Classic).
- fido
Webauthn {[key: string]: string} - Fido Web Authn MFA policy settings (✓ Classic).
- google
Otp {[key: string]: string} - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- hotp {[key: string]: string}
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is
Oie boolean Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- name string
- Default policy name.
- okta
Call {[key: string]: string} - Okta Call MFA policy settings (✓ Classic).
- okta
Email {[key: string]: string} - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta
Otp {[key: string]: string} - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta
Password {[key: string]: string} - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta
Push {[key: string]: string} - Okta Push MFA policy settings (✓ Classic).
- okta
Question {[key: string]: string} - Okta Question MFA policy settings (✓ Classic).
- okta
Sms {[key: string]: string} - Okta SMS MFA policy settings (✓ Classic).
- okta
Verify {[key: string]: string} - Okta Verify MFA policy settings (✓ OIE).
- onprem
Mfa {[key: string]: string} - On-Prem MFA MFA policy settings (✓ OIE).
- phone
Number {[key: string]: string} - Phone Number MFA policy settings (✓ OIE).
- priority number
- Default policy priority.
- rsa
Token {[key: string]: string} - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security
Question {[key: string]: string} - Security Question MFA policy settings (✓ OIE).
- status string
- Default policy status.
- symantec
Vip {[key: string]: string} - Symantec VIP MFA policy settings (✓ Classic).
- webauthn {[key: string]: string}
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey
Token {[key: string]: string} - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- default_
included_ strgroup_ id - ID of the default Okta group.
- description str
- Default policy description.
- duo Mapping[str, str]
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external_
idp Mapping[str, str] - External IDP MFA policy settings (✓ OIE).
- fido_
u2f Mapping[str, str] - Fido U2F MFA policy settings (✓ Classic).
- fido_
webauthn Mapping[str, str] - Fido Web Authn MFA policy settings (✓ Classic).
- google_
otp Mapping[str, str] - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- hotp Mapping[str, str]
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is_
oie bool Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- name str
- Default policy name.
- okta_
call Mapping[str, str] - Okta Call MFA policy settings (✓ Classic).
- okta_
email Mapping[str, str] - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta_
otp Mapping[str, str] - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta_
password Mapping[str, str] - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta_
push Mapping[str, str] - Okta Push MFA policy settings (✓ Classic).
- okta_
question Mapping[str, str] - Okta Question MFA policy settings (✓ Classic).
- okta_
sms Mapping[str, str] - Okta SMS MFA policy settings (✓ Classic).
- okta_
verify Mapping[str, str] - Okta Verify MFA policy settings (✓ OIE).
- onprem_
mfa Mapping[str, str] - On-Prem MFA MFA policy settings (✓ OIE).
- phone_
number Mapping[str, str] - Phone Number MFA policy settings (✓ OIE).
- priority int
- Default policy priority.
- rsa_
token Mapping[str, str] - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security_
question Mapping[str, str] - Security Question MFA policy settings (✓ OIE).
- status str
- Default policy status.
- symantec_
vip Mapping[str, str] - Symantec VIP MFA policy settings (✓ Classic).
- webauthn Mapping[str, str]
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey_
token Mapping[str, str] - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
- default
Included StringGroup Id - ID of the default Okta group.
- description String
- Default policy description.
- duo Map<String>
- DUO MFA policy settings (✓ Classic, ✓ OIE).
- external
Idp Map<String> - External IDP MFA policy settings (✓ OIE).
- fido
U2f Map<String> - Fido U2F MFA policy settings (✓ Classic).
- fido
Webauthn Map<String> - Fido Web Authn MFA policy settings (✓ Classic).
- google
Otp Map<String> - Google OTP MFA policy settings (✓ Classic, ✓ OIE).
- hotp Map<String>
- HMAC-based One-Time Password MFA policy settings (✓ Classic).
- is
Oie Boolean Boolean that specifies whether to use the newer Okta Identity Engine (OIE) with policy authenticators instead of the classic engine with Factors. This value determines which of the following policy factor settings can be configured. (Default =
false
)WARNING: Tenant must have the Okta Identity Engine enabled in order to use this feature.
- name String
- Default policy name.
- okta
Call Map<String> - Okta Call MFA policy settings (✓ Classic).
- okta
Email Map<String> - Okta Email MFA policy settings (✓ Classic, ✓ OIE).
- okta
Otp Map<String> - Okta OTP (via the Okta Verify app) MFA policy settings (✓ Classic).
- okta
Password Map<String> - Okta Password MFA policy settings (✓ Classic, ✓ OIE).
- okta
Push Map<String> - Okta Push MFA policy settings (✓ Classic).
- okta
Question Map<String> - Okta Question MFA policy settings (✓ Classic).
- okta
Sms Map<String> - Okta SMS MFA policy settings (✓ Classic).
- okta
Verify Map<String> - Okta Verify MFA policy settings (✓ OIE).
- onprem
Mfa Map<String> - On-Prem MFA MFA policy settings (✓ OIE).
- phone
Number Map<String> - Phone Number MFA policy settings (✓ OIE).
- priority Number
- Default policy priority.
- rsa
Token Map<String> - RSA Token MFA policy settings (✓ Classic, ✓ OIE).
- security
Question Map<String> - Security Question MFA policy settings (✓ OIE).
- status String
- Default policy status.
- symantec
Vip Map<String> - Symantec VIP MFA policy settings (✓ Classic).
- webauthn Map<String>
- FIDO2 (WebAuthn) MFA policy settings (✓ OIE).
- yubikey
Token Map<String> - Yubikey Token MFA policy settings (✓ Classic, ✓ OIE).
Import
Default MFA Policy can be imported without providing Okta ID.
$ pulumi import okta:index/policyMfaDefault:PolicyMfaDefault example .
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.