1. Packages
  2. Ibm Provider
  3. API Docs
  4. getIamEffectiveAccountSettings
ibm 1.85.0-beta0 published on Wednesday, Oct 29, 2025 by ibm-cloud
ibm-cloud/terraform-provider-ibm

ibm.getIamEffectiveAccountSettings

Get Started
ibm logo
ibm 1.85.0-beta0 published on Wednesday, Oct 29, 2025 by ibm-cloud
ibm-cloud/terraform-provider-ibm

    Provides a read-only data source to retrieve information about iam_effective_account_settings. You can then reference the fields of the data source in other resources within the same configuration by using interpolation syntax.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const iamEffectiveAccountSettings = ibm.getIamEffectiveAccountSettings({
    accountId: ibm_iam_effective_account_settings.iam_effective_account_settings_instance.account_id,
});

    import pulumi
import pulumi_ibm as ibm

iam_effective_account_settings = ibm.get_iam_effective_account_settings(account_id=ibm_iam_effective_account_settings["iam_effective_account_settings_instance"]["account_id"])

    package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.GetIamEffectiveAccountSettings(ctx, &ibm.GetIamEffectiveAccountSettingsArgs{
			AccountId: ibm_iam_effective_account_settings.Iam_effective_account_settings_instance.Account_id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var iamEffectiveAccountSettings = Ibm.GetIamEffectiveAccountSettings.Invoke(new()
    {
        AccountId = ibm_iam_effective_account_settings.Iam_effective_account_settings_instance.Account_id,
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetIamEffectiveAccountSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var iamEffectiveAccountSettings = IbmFunctions.getIamEffectiveAccountSettings(GetIamEffectiveAccountSettingsArgs.builder()
            .accountId(ibm_iam_effective_account_settings.iam_effective_account_settings_instance().account_id())
            .build());

    }
}

    variables:
  iamEffectiveAccountSettings:
    fn::invoke:
      function: ibm:getIamEffectiveAccountSettings
      arguments:
        accountId: ${ibm_iam_effective_account_settings.iam_effective_account_settings_instance.account_id}

    Using getIamEffectiveAccountSettings

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getIamEffectiveAccountSettings(args: GetIamEffectiveAccountSettingsArgs, opts?: InvokeOptions): Promise<GetIamEffectiveAccountSettingsResult>
function getIamEffectiveAccountSettingsOutput(args: GetIamEffectiveAccountSettingsOutputArgs, opts?: InvokeOptions): Output<GetIamEffectiveAccountSettingsResult>
    def get_iam_effective_account_settings(account_id: Optional[str] = None,
                                       id: Optional[str] = None,
                                       include_history: Optional[bool] = None,
                                       resolve_user_mfa: Optional[bool] = None,
                                       opts: Optional[InvokeOptions] = None) -> GetIamEffectiveAccountSettingsResult
def get_iam_effective_account_settings_output(account_id: Optional[pulumi.Input[str]] = None,
                                       id: Optional[pulumi.Input[str]] = None,
                                       include_history: Optional[pulumi.Input[bool]] = None,
                                       resolve_user_mfa: Optional[pulumi.Input[bool]] = None,
                                       opts: Optional[InvokeOptions] = None) -> Output[GetIamEffectiveAccountSettingsResult]
    func GetIamEffectiveAccountSettings(ctx *Context, args *GetIamEffectiveAccountSettingsArgs, opts ...InvokeOption) (*GetIamEffectiveAccountSettingsResult, error)
func GetIamEffectiveAccountSettingsOutput(ctx *Context, args *GetIamEffectiveAccountSettingsOutputArgs, opts ...InvokeOption) GetIamEffectiveAccountSettingsResultOutput

    > Note: This function is named GetIamEffectiveAccountSettings in the Go SDK.

    public static class GetIamEffectiveAccountSettings 
{
    public static Task<GetIamEffectiveAccountSettingsResult> InvokeAsync(GetIamEffectiveAccountSettingsArgs args, InvokeOptions? opts = null)
    public static Output<GetIamEffectiveAccountSettingsResult> Invoke(GetIamEffectiveAccountSettingsInvokeArgs args, InvokeOptions? opts = null)
}
    public static CompletableFuture<GetIamEffectiveAccountSettingsResult> getIamEffectiveAccountSettings(GetIamEffectiveAccountSettingsArgs args, InvokeOptions options)
public static Output<GetIamEffectiveAccountSettingsResult> getIamEffectiveAccountSettings(GetIamEffectiveAccountSettingsArgs args, InvokeOptions options)

    fn::invoke:
  function: ibm:index/getIamEffectiveAccountSettings:getIamEffectiveAccountSettings
  arguments:
    # arguments dictionary

    The following arguments are supported:

    AccountId string
    Unique ID of the account.
    Id string
    The unique identifier of the iam_effective_account_settings.
    IncludeHistory bool
    Defines if the entity history is included in the response.

    • Constraints: The default value is false.
    ResolveUserMfa bool
    Enrich MFA exemptions with user information.

    • Constraints: The default value is false.
    AccountId string
    Unique ID of the account.
    Id string
    The unique identifier of the iam_effective_account_settings.
    IncludeHistory bool
    Defines if the entity history is included in the response.

    • Constraints: The default value is false.
    ResolveUserMfa bool
    Enrich MFA exemptions with user information.

    • Constraints: The default value is false.
    accountId String
    Unique ID of the account.
    id String
    The unique identifier of the iam_effective_account_settings.
    includeHistory Boolean
    Defines if the entity history is included in the response.

    • Constraints: The default value is false.
    resolveUserMfa Boolean
    Enrich MFA exemptions with user information.

    • Constraints: The default value is false.
    accountId string
    Unique ID of the account.
    id string
    The unique identifier of the iam_effective_account_settings.
    includeHistory boolean
    Defines if the entity history is included in the response.

    • Constraints: The default value is false.
    resolveUserMfa boolean
    Enrich MFA exemptions with user information.

    • Constraints: The default value is false.
    account_id str
    Unique ID of the account.
    id str
    The unique identifier of the iam_effective_account_settings.
    include_history bool
    Defines if the entity history is included in the response.

    • Constraints: The default value is false.
    resolve_user_mfa bool
    Enrich MFA exemptions with user information.

    • Constraints: The default value is false.
    accountId String
    Unique ID of the account.
    id String
    The unique identifier of the iam_effective_account_settings.
    includeHistory Boolean
    Defines if the entity history is included in the response.

    • Constraints: The default value is false.
    resolveUserMfa Boolean
    Enrich MFA exemptions with user information.

    • Constraints: The default value is false.

    getIamEffectiveAccountSettings Result

    The following output properties are available:

    AccountId string
    Accounts List<GetIamEffectiveAccountSettingsAccount>
    (List) Input body parameters for the Account Settings REST request. Nested schema for account:
    AssignedTemplates List<GetIamEffectiveAccountSettingsAssignedTemplate>
    (List) assigned template section. Nested schema for assigned_templates:
    Effectives List<GetIamEffectiveAccountSettingsEffective>
    (List) Nested schema for effective:
    Id string
    The unique identifier of the iam_effective_account_settings.
    IncludeHistory bool
    ResolveUserMfa bool
    AccountId string
    Accounts []GetIamEffectiveAccountSettingsAccount
    (List) Input body parameters for the Account Settings REST request. Nested schema for account:
    AssignedTemplates []GetIamEffectiveAccountSettingsAssignedTemplate
    (List) assigned template section. Nested schema for assigned_templates:
    Effectives []GetIamEffectiveAccountSettingsEffective
    (List) Nested schema for effective:
    Id string
    The unique identifier of the iam_effective_account_settings.
    IncludeHistory bool
    ResolveUserMfa bool
    accountId String
    accounts List<GetIamEffectiveAccountSettingsAccount>
    (List) Input body parameters for the Account Settings REST request. Nested schema for account:
    assignedTemplates List<GetIamEffectiveAccountSettingsAssignedTemplate>
    (List) assigned template section. Nested schema for assigned_templates:
    effectives List<GetIamEffectiveAccountSettingsEffective>
    (List) Nested schema for effective:
    id String
    The unique identifier of the iam_effective_account_settings.
    includeHistory Boolean
    resolveUserMfa Boolean
    accountId string
    accounts GetIamEffectiveAccountSettingsAccount[]
    (List) Input body parameters for the Account Settings REST request. Nested schema for account:
    assignedTemplates GetIamEffectiveAccountSettingsAssignedTemplate[]
    (List) assigned template section. Nested schema for assigned_templates:
    effectives GetIamEffectiveAccountSettingsEffective[]
    (List) Nested schema for effective:
    id string
    The unique identifier of the iam_effective_account_settings.
    includeHistory boolean
    resolveUserMfa boolean
    account_id str
    accounts Sequence[GetIamEffectiveAccountSettingsAccount]
    (List) Input body parameters for the Account Settings REST request. Nested schema for account:
    assigned_templates Sequence[GetIamEffectiveAccountSettingsAssignedTemplate]
    (List) assigned template section. Nested schema for assigned_templates:
    effectives Sequence[GetIamEffectiveAccountSettingsEffective]
    (List) Nested schema for effective:
    id str
    The unique identifier of the iam_effective_account_settings.
    include_history bool
    resolve_user_mfa bool
    accountId String
    accounts List<Property Map>
    (List) Input body parameters for the Account Settings REST request. Nested schema for account:
    assignedTemplates List<Property Map>
    (List) assigned template section. Nested schema for assigned_templates:
    effectives List<Property Map>
    (List) Nested schema for effective:
    id String
    The unique identifier of the iam_effective_account_settings.
    includeHistory Boolean
    resolveUserMfa Boolean

    Supporting Types

    GetIamEffectiveAccountSettingsAccount

    AllowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    EntityTag string
    (String) Version of the account settings.
    Histories List<GetIamEffectiveAccountSettingsAccountHistory>
    (List) History of the Account Settings. Nested schema for history:
    MaxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    Mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    RestrictCreatePlatformApikey string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictCreateServiceId string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictUserDomains List<GetIamEffectiveAccountSettingsAccountRestrictUserDomain>
    (List) Defines if account invitations are restricted to specified domains. To remove an entry for a realm_id, perform an update (PUT) request with only the realm_id set. Nested schema for restrict_user_domains:
    RestrictUserListVisibility string
    (String) Defines whether or not user visibility is access controlled. Valid values: * RESTRICTED - users can view only specific types of users in the account, such as those the user has invited to the account, or descendants of those users based on the classic infrastructure hierarchy * NOT_RESTRICTED - any user in the account can view other users from the Users page in IBM Cloud console.

    • Constraints: The default value is NOT_RESTRICTED. Allowable values are: NOT_RESTRICTED, RESTRICTED.
    SessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    SessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    SystemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    SystemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    UserMfas List<GetIamEffectiveAccountSettingsAccountUserMfa>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    AllowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    EntityTag string
    (String) Version of the account settings.
    Histories []GetIamEffectiveAccountSettingsAccountHistory
    (List) History of the Account Settings. Nested schema for history:
    MaxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    Mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    RestrictCreatePlatformApikey string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictCreateServiceId string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictUserDomains []GetIamEffectiveAccountSettingsAccountRestrictUserDomain
    (List) Defines if account invitations are restricted to specified domains. To remove an entry for a realm_id, perform an update (PUT) request with only the realm_id set. Nested schema for restrict_user_domains:
    RestrictUserListVisibility string
    (String) Defines whether or not user visibility is access controlled. Valid values: * RESTRICTED - users can view only specific types of users in the account, such as those the user has invited to the account, or descendants of those users based on the classic infrastructure hierarchy * NOT_RESTRICTED - any user in the account can view other users from the Users page in IBM Cloud console.

    • Constraints: The default value is NOT_RESTRICTED. Allowable values are: NOT_RESTRICTED, RESTRICTED.
    SessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    SessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    SystemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    SystemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    UserMfas []GetIamEffectiveAccountSettingsAccountUserMfa
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses String
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    entityTag String
    (String) Version of the account settings.
    histories List<GetIamEffectiveAccountSettingsAccountHistory>
    (List) History of the Account Settings. Nested schema for history:
    maxSessionsPerIdentity String
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa String
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey String
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId String
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictUserDomains List<GetIamEffectiveAccountSettingsAccountRestrictUserDomain>
    (List) Defines if account invitations are restricted to specified domains. To remove an entry for a realm_id, perform an update (PUT) request with only the realm_id set. Nested schema for restrict_user_domains:
    restrictUserListVisibility String
    (String) Defines whether or not user visibility is access controlled. Valid values: * RESTRICTED - users can view only specific types of users in the account, such as those the user has invited to the account, or descendants of those users based on the classic infrastructure hierarchy * NOT_RESTRICTED - any user in the account can view other users from the Users page in IBM Cloud console.

    • Constraints: The default value is NOT_RESTRICTED. Allowable values are: NOT_RESTRICTED, RESTRICTED.
    sessionExpirationInSeconds String
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds String
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds String
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds String
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    userMfas List<GetIamEffectiveAccountSettingsAccountUserMfa>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    entityTag string
    (String) Version of the account settings.
    histories GetIamEffectiveAccountSettingsAccountHistory[]
    (List) History of the Account Settings. Nested schema for history:
    maxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictUserDomains GetIamEffectiveAccountSettingsAccountRestrictUserDomain[]
    (List) Defines if account invitations are restricted to specified domains. To remove an entry for a realm_id, perform an update (PUT) request with only the realm_id set. Nested schema for restrict_user_domains:
    restrictUserListVisibility string
    (String) Defines whether or not user visibility is access controlled. Valid values: * RESTRICTED - users can view only specific types of users in the account, such as those the user has invited to the account, or descendants of those users based on the classic infrastructure hierarchy * NOT_RESTRICTED - any user in the account can view other users from the Users page in IBM Cloud console.

    • Constraints: The default value is NOT_RESTRICTED. Allowable values are: NOT_RESTRICTED, RESTRICTED.
    sessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    userMfas GetIamEffectiveAccountSettingsAccountUserMfa[]
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowed_ip_addresses str
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    entity_tag str
    (String) Version of the account settings.
    histories Sequence[GetIamEffectiveAccountSettingsAccountHistory]
    (List) History of the Account Settings. Nested schema for history:
    max_sessions_per_identity str
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa str
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrict_create_platform_apikey str
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrict_create_service_id str
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrict_user_domains Sequence[GetIamEffectiveAccountSettingsAccountRestrictUserDomain]
    (List) Defines if account invitations are restricted to specified domains. To remove an entry for a realm_id, perform an update (PUT) request with only the realm_id set. Nested schema for restrict_user_domains:
    restrict_user_list_visibility str
    (String) Defines whether or not user visibility is access controlled. Valid values: * RESTRICTED - users can view only specific types of users in the account, such as those the user has invited to the account, or descendants of those users based on the classic infrastructure hierarchy * NOT_RESTRICTED - any user in the account can view other users from the Users page in IBM Cloud console.

    • Constraints: The default value is NOT_RESTRICTED. Allowable values are: NOT_RESTRICTED, RESTRICTED.
    session_expiration_in_seconds str
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    session_invalidation_in_seconds str
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    system_access_token_expiration_in_seconds str
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    system_refresh_token_expiration_in_seconds str
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    user_mfas Sequence[GetIamEffectiveAccountSettingsAccountUserMfa]
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses String
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    entityTag String
    (String) Version of the account settings.
    histories List<Property Map>
    (List) History of the Account Settings. Nested schema for history:
    maxSessionsPerIdentity String
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa String
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey String
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId String
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictUserDomains List<Property Map>
    (List) Defines if account invitations are restricted to specified domains. To remove an entry for a realm_id, perform an update (PUT) request with only the realm_id set. Nested schema for restrict_user_domains:
    restrictUserListVisibility String
    (String) Defines whether or not user visibility is access controlled. Valid values: * RESTRICTED - users can view only specific types of users in the account, such as those the user has invited to the account, or descendants of those users based on the classic infrastructure hierarchy * NOT_RESTRICTED - any user in the account can view other users from the Users page in IBM Cloud console.

    • Constraints: The default value is NOT_RESTRICTED. Allowable values are: NOT_RESTRICTED, RESTRICTED.
    sessionExpirationInSeconds String
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds String
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds String
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds String
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    userMfas List<Property Map>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:

    GetIamEffectiveAccountSettingsAccountHistory

    Action string
    (String) Action of the history entry.
    IamId string
    (String) The iam_id of the user.
    IamIdAccount string
    (String) Account of the identity which triggered the action.
    Message string
    (String) Message which summarizes the executed action.
    Params List<string>
    (List) Params of the history entry.
    Timestamp string
    (String) Timestamp when the action was triggered.
    Action string
    (String) Action of the history entry.
    IamId string
    (String) The iam_id of the user.
    IamIdAccount string
    (String) Account of the identity which triggered the action.
    Message string
    (String) Message which summarizes the executed action.
    Params []string
    (List) Params of the history entry.
    Timestamp string
    (String) Timestamp when the action was triggered.
    action String
    (String) Action of the history entry.
    iamId String
    (String) The iam_id of the user.
    iamIdAccount String
    (String) Account of the identity which triggered the action.
    message String
    (String) Message which summarizes the executed action.
    params List<String>
    (List) Params of the history entry.
    timestamp String
    (String) Timestamp when the action was triggered.
    action string
    (String) Action of the history entry.
    iamId string
    (String) The iam_id of the user.
    iamIdAccount string
    (String) Account of the identity which triggered the action.
    message string
    (String) Message which summarizes the executed action.
    params string[]
    (List) Params of the history entry.
    timestamp string
    (String) Timestamp when the action was triggered.
    action str
    (String) Action of the history entry.
    iam_id str
    (String) The iam_id of the user.
    iam_id_account str
    (String) Account of the identity which triggered the action.
    message str
    (String) Message which summarizes the executed action.
    params Sequence[str]
    (List) Params of the history entry.
    timestamp str
    (String) Timestamp when the action was triggered.
    action String
    (String) Action of the history entry.
    iamId String
    (String) The iam_id of the user.
    iamIdAccount String
    (String) Account of the identity which triggered the action.
    message String
    (String) Message which summarizes the executed action.
    params List<String>
    (List) Params of the history entry.
    timestamp String
    (String) Timestamp when the action was triggered.

    GetIamEffectiveAccountSettingsAccountRestrictUserDomain

    InvitationEmailAllowPatterns List<string>
    (List) The list of allowed email patterns. Wildcard syntax is supported, '*' represents any sequence of zero or more characters in the string, except for '.' and '@'. The sequence ends if a '.' or '@' was found. '**' represents any sequence of zero or more characters in the string - without limit.
    RealmId string
    (String) The realm that the restrictions apply to.
    RestrictInvitation bool
    (Boolean) When true invites will only be possible to the domain patterns provided, otherwise invites are unrestricted.
    InvitationEmailAllowPatterns []string
    (List) The list of allowed email patterns. Wildcard syntax is supported, '*' represents any sequence of zero or more characters in the string, except for '.' and '@'. The sequence ends if a '.' or '@' was found. '**' represents any sequence of zero or more characters in the string - without limit.
    RealmId string
    (String) The realm that the restrictions apply to.
    RestrictInvitation bool
    (Boolean) When true invites will only be possible to the domain patterns provided, otherwise invites are unrestricted.
    invitationEmailAllowPatterns List<String>
    (List) The list of allowed email patterns. Wildcard syntax is supported, '*' represents any sequence of zero or more characters in the string, except for '.' and '@'. The sequence ends if a '.' or '@' was found. '**' represents any sequence of zero or more characters in the string - without limit.
    realmId String
    (String) The realm that the restrictions apply to.
    restrictInvitation Boolean
    (Boolean) When true invites will only be possible to the domain patterns provided, otherwise invites are unrestricted.
    invitationEmailAllowPatterns string[]
    (List) The list of allowed email patterns. Wildcard syntax is supported, '*' represents any sequence of zero or more characters in the string, except for '.' and '@'. The sequence ends if a '.' or '@' was found. '**' represents any sequence of zero or more characters in the string - without limit.
    realmId string
    (String) The realm that the restrictions apply to.
    restrictInvitation boolean
    (Boolean) When true invites will only be possible to the domain patterns provided, otherwise invites are unrestricted.
    invitation_email_allow_patterns Sequence[str]
    (List) The list of allowed email patterns. Wildcard syntax is supported, '*' represents any sequence of zero or more characters in the string, except for '.' and '@'. The sequence ends if a '.' or '@' was found. '**' represents any sequence of zero or more characters in the string - without limit.
    realm_id str
    (String) The realm that the restrictions apply to.
    restrict_invitation bool
    (Boolean) When true invites will only be possible to the domain patterns provided, otherwise invites are unrestricted.
    invitationEmailAllowPatterns List<String>
    (List) The list of allowed email patterns. Wildcard syntax is supported, '*' represents any sequence of zero or more characters in the string, except for '.' and '@'. The sequence ends if a '.' or '@' was found. '**' represents any sequence of zero or more characters in the string - without limit.
    realmId String
    (String) The realm that the restrictions apply to.
    restrictInvitation Boolean
    (Boolean) When true invites will only be possible to the domain patterns provided, otherwise invites are unrestricted.

    GetIamEffectiveAccountSettingsAccountUserMfa

    Description string
    (String) optional description.
    Email string
    (String) email of the user.
    IamId string
    (String) The iam_id of the user.
    Mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    Name string
    (String) name of the user account.
    UserName string
    (String) userName of the user.
    Description string
    (String) optional description.
    Email string
    (String) email of the user.
    IamId string
    (String) The iam_id of the user.
    Mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    Name string
    (String) name of the user account.
    UserName string
    (String) userName of the user.
    description String
    (String) optional description.
    email String
    (String) email of the user.
    iamId String
    (String) The iam_id of the user.
    mfa String
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name String
    (String) name of the user account.
    userName String
    (String) userName of the user.
    description string
    (String) optional description.
    email string
    (String) email of the user.
    iamId string
    (String) The iam_id of the user.
    mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name string
    (String) name of the user account.
    userName string
    (String) userName of the user.
    description str
    (String) optional description.
    email str
    (String) email of the user.
    iam_id str
    (String) The iam_id of the user.
    mfa str
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name str
    (String) name of the user account.
    user_name str
    (String) userName of the user.
    description String
    (String) optional description.
    email String
    (String) email of the user.
    iamId String
    (String) The iam_id of the user.
    mfa String
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name String
    (String) name of the user account.
    userName String
    (String) userName of the user.

    GetIamEffectiveAccountSettingsAssignedTemplate

    AllowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    MaxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    Mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    RestrictCreatePlatformApikey string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictCreateServiceId string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    SessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    SessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    SystemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    SystemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    TemplateId string
    (String) Template Id.
    TemplateName string
    (String) Template name.
    TemplateVersion double
    (Integer) Template version.
    UserMfas List<GetIamEffectiveAccountSettingsAssignedTemplateUserMfa>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    AllowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    MaxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    Mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    RestrictCreatePlatformApikey string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictCreateServiceId string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    SessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    SessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    SystemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    SystemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    TemplateId string
    (String) Template Id.
    TemplateName string
    (String) Template name.
    TemplateVersion float64
    (Integer) Template version.
    UserMfas []GetIamEffectiveAccountSettingsAssignedTemplateUserMfa
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses String
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    maxSessionsPerIdentity String
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa String
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey String
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId String
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    sessionExpirationInSeconds String
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds String
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds String
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds String
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    templateId String
    (String) Template Id.
    templateName String
    (String) Template name.
    templateVersion Double
    (Integer) Template version.
    userMfas List<GetIamEffectiveAccountSettingsAssignedTemplateUserMfa>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    maxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    sessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    templateId string
    (String) Template Id.
    templateName string
    (String) Template name.
    templateVersion number
    (Integer) Template version.
    userMfas GetIamEffectiveAccountSettingsAssignedTemplateUserMfa[]
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowed_ip_addresses str
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    max_sessions_per_identity str
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa str
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrict_create_platform_apikey str
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrict_create_service_id str
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    session_expiration_in_seconds str
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    session_invalidation_in_seconds str
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    system_access_token_expiration_in_seconds str
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    system_refresh_token_expiration_in_seconds str
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    template_id str
    (String) Template Id.
    template_name str
    (String) Template name.
    template_version float
    (Integer) Template version.
    user_mfas Sequence[GetIamEffectiveAccountSettingsAssignedTemplateUserMfa]
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses String
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    maxSessionsPerIdentity String
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa String
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey String
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId String
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    sessionExpirationInSeconds String
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds String
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds String
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds String
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    templateId String
    (String) Template Id.
    templateName String
    (String) Template name.
    templateVersion Number
    (Integer) Template version.
    userMfas List<Property Map>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:

    GetIamEffectiveAccountSettingsAssignedTemplateUserMfa

    Description string
    (String) optional description.
    Email string
    (String) email of the user.
    IamId string
    (String) The iam_id of the user.
    Mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    Name string
    (String) name of the user account.
    UserName string
    (String) userName of the user.
    Description string
    (String) optional description.
    Email string
    (String) email of the user.
    IamId string
    (String) The iam_id of the user.
    Mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    Name string
    (String) name of the user account.
    UserName string
    (String) userName of the user.
    description String
    (String) optional description.
    email String
    (String) email of the user.
    iamId String
    (String) The iam_id of the user.
    mfa String
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name String
    (String) name of the user account.
    userName String
    (String) userName of the user.
    description string
    (String) optional description.
    email string
    (String) email of the user.
    iamId string
    (String) The iam_id of the user.
    mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name string
    (String) name of the user account.
    userName string
    (String) userName of the user.
    description str
    (String) optional description.
    email str
    (String) email of the user.
    iam_id str
    (String) The iam_id of the user.
    mfa str
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name str
    (String) name of the user account.
    user_name str
    (String) userName of the user.
    description String
    (String) optional description.
    email String
    (String) email of the user.
    iamId String
    (String) The iam_id of the user.
    mfa String
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name String
    (String) name of the user account.
    userName String
    (String) userName of the user.

    GetIamEffectiveAccountSettingsEffective

    AllowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    MaxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    Mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    RestrictCreatePlatformApikey string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictCreateServiceId string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictUserListVisibility string
    (String) Defines whether or not user visibility is access controlled. Valid values: * RESTRICTED - users can view only specific types of users in the account, such as those the user has invited to the account, or descendants of those users based on the classic infrastructure hierarchy * NOT_RESTRICTED - any user in the account can view other users from the Users page in IBM Cloud console.

    • Constraints: The default value is NOT_RESTRICTED. Allowable values are: NOT_RESTRICTED, RESTRICTED.
    SessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    SessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    SystemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    SystemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    UserMfas List<GetIamEffectiveAccountSettingsEffectiveUserMfa>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    AllowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    MaxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    Mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    RestrictCreatePlatformApikey string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictCreateServiceId string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictUserListVisibility string
    (String) Defines whether or not user visibility is access controlled. Valid values: * RESTRICTED - users can view only specific types of users in the account, such as those the user has invited to the account, or descendants of those users based on the classic infrastructure hierarchy * NOT_RESTRICTED - any user in the account can view other users from the Users page in IBM Cloud console.

    • Constraints: The default value is NOT_RESTRICTED. Allowable values are: NOT_RESTRICTED, RESTRICTED.
    SessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    SessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    SystemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    SystemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    UserMfas []GetIamEffectiveAccountSettingsEffectiveUserMfa
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses String
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    maxSessionsPerIdentity String
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa String
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey String
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId String
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictUserListVisibility String
    (String) Defines whether or not user visibility is access controlled. Valid values: * RESTRICTED - users can view only specific types of users in the account, such as those the user has invited to the account, or descendants of those users based on the classic infrastructure hierarchy * NOT_RESTRICTED - any user in the account can view other users from the Users page in IBM Cloud console.

    • Constraints: The default value is NOT_RESTRICTED. Allowable values are: NOT_RESTRICTED, RESTRICTED.
    sessionExpirationInSeconds String
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds String
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds String
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds String
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    userMfas List<GetIamEffectiveAccountSettingsEffectiveUserMfa>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    maxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId string
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictUserListVisibility string
    (String) Defines whether or not user visibility is access controlled. Valid values: * RESTRICTED - users can view only specific types of users in the account, such as those the user has invited to the account, or descendants of those users based on the classic infrastructure hierarchy * NOT_RESTRICTED - any user in the account can view other users from the Users page in IBM Cloud console.

    • Constraints: The default value is NOT_RESTRICTED. Allowable values are: NOT_RESTRICTED, RESTRICTED.
    sessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    userMfas GetIamEffectiveAccountSettingsEffectiveUserMfa[]
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowed_ip_addresses str
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    max_sessions_per_identity str
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa str
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrict_create_platform_apikey str
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrict_create_service_id str
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrict_user_list_visibility str
    (String) Defines whether or not user visibility is access controlled. Valid values: * RESTRICTED - users can view only specific types of users in the account, such as those the user has invited to the account, or descendants of those users based on the classic infrastructure hierarchy * NOT_RESTRICTED - any user in the account can view other users from the Users page in IBM Cloud console.

    • Constraints: The default value is NOT_RESTRICTED. Allowable values are: NOT_RESTRICTED, RESTRICTED.
    session_expiration_in_seconds str
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    session_invalidation_in_seconds str
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    system_access_token_expiration_in_seconds str
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    system_refresh_token_expiration_in_seconds str
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    user_mfas Sequence[GetIamEffectiveAccountSettingsEffectiveUserMfa]
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses String
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    maxSessionsPerIdentity String
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa String
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey String
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId String
    (String) Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictUserListVisibility String
    (String) Defines whether or not user visibility is access controlled. Valid values: * RESTRICTED - users can view only specific types of users in the account, such as those the user has invited to the account, or descendants of those users based on the classic infrastructure hierarchy * NOT_RESTRICTED - any user in the account can view other users from the Users page in IBM Cloud console.

    • Constraints: The default value is NOT_RESTRICTED. Allowable values are: NOT_RESTRICTED, RESTRICTED.
    sessionExpirationInSeconds String
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds String
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds String
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds String
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    userMfas List<Property Map>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:

    GetIamEffectiveAccountSettingsEffectiveUserMfa

    Description string
    (String) optional description.
    Email string
    (String) email of the user.
    IamId string
    (String) The iam_id of the user.
    Mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    Name string
    (String) name of the user account.
    UserName string
    (String) userName of the user.
    Description string
    (String) optional description.
    Email string
    (String) email of the user.
    IamId string
    (String) The iam_id of the user.
    Mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    Name string
    (String) name of the user account.
    UserName string
    (String) userName of the user.
    description String
    (String) optional description.
    email String
    (String) email of the user.
    iamId String
    (String) The iam_id of the user.
    mfa String
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name String
    (String) name of the user account.
    userName String
    (String) userName of the user.
    description string
    (String) optional description.
    email string
    (String) email of the user.
    iamId string
    (String) The iam_id of the user.
    mfa string
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name string
    (String) name of the user account.
    userName string
    (String) userName of the user.
    description str
    (String) optional description.
    email str
    (String) email of the user.
    iam_id str
    (String) The iam_id of the user.
    mfa str
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name str
    (String) name of the user account.
    user_name str
    (String) userName of the user.
    description String
    (String) optional description.
    email String
    (String) email of the user.
    iamId String
    (String) The iam_id of the user.
    mfa String
    (String) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name String
    (String) name of the user account.
    userName String
    (String) userName of the user.

    Package Details

    Repository
    ibm ibm-cloud/terraform-provider-ibm
    License
    Notes
    This Pulumi package is based on the ibm Terraform Provider.
    ibm logo
    ibm 1.85.0-beta0 published on Wednesday, Oct 29, 2025 by ibm-cloud
    ibm-cloud/terraform-provider-ibm
      Meet Neo: Your AI Platform Teammate