okta.AppSignonPolicyRule
Explore with Pulumi AI
Create AppSignonPolicyRule Resource
new AppSignonPolicyRule(name: string, args: AppSignonPolicyRuleArgs, opts?: CustomResourceOptions);
@overload
def AppSignonPolicyRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
access: Optional[str] = None,
constraints: Optional[Sequence[str]] = None,
custom_expression: Optional[str] = None,
device_assurances_includeds: Optional[Sequence[str]] = None,
device_is_managed: Optional[bool] = None,
device_is_registered: Optional[bool] = None,
factor_mode: Optional[str] = None,
groups_excludeds: Optional[Sequence[str]] = None,
groups_includeds: Optional[Sequence[str]] = None,
inactivity_period: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
platform_includes: Optional[Sequence[AppSignonPolicyRulePlatformIncludeArgs]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
re_authentication_frequency: Optional[str] = None,
risk_score: Optional[str] = None,
status: Optional[str] = None,
type: Optional[str] = None,
user_types_excludeds: Optional[Sequence[str]] = None,
user_types_includeds: Optional[Sequence[str]] = None,
users_excludeds: Optional[Sequence[str]] = None,
users_includeds: Optional[Sequence[str]] = None)
@overload
def AppSignonPolicyRule(resource_name: str,
args: AppSignonPolicyRuleArgs,
opts: Optional[ResourceOptions] = None)
func NewAppSignonPolicyRule(ctx *Context, name string, args AppSignonPolicyRuleArgs, opts ...ResourceOption) (*AppSignonPolicyRule, error)
public AppSignonPolicyRule(string name, AppSignonPolicyRuleArgs args, CustomResourceOptions? opts = null)
public AppSignonPolicyRule(String name, AppSignonPolicyRuleArgs args)
public AppSignonPolicyRule(String name, AppSignonPolicyRuleArgs args, CustomResourceOptions options)
type: okta:AppSignonPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AppSignonPolicyRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AppSignonPolicyRule resource accepts the following input properties:
- Policy
Id string ID of the policy
- Access string
Allow or deny access based on the rule conditions: ALLOW or DENY
- Constraints List<string>
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- Custom
Expression string This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- Device
Assurances List<string>Includeds List of device assurance IDs to include
- Device
Is boolManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- Device
Is boolRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- Factor
Mode string The number of factors required to satisfy this assurance level
- Groups
Excludeds List<string> List of group IDs to exclude
- Groups
Includeds List<string> List of group IDs to include
- Inactivity
Period string The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- Name string
Policy Rule Name
- Network
Connection string Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- Network
Excludes List<string> The zones to exclude
- Network
Includes List<string> The zones to include
- Platform
Includes List<AppSignon Policy Rule Platform Include> - Priority int
Priority of the rule.
- Re
Authentication stringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- Risk
Score string The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- Status string
Status of the rule
- Type string
The Verification Method type
- User
Types List<string>Excludeds Set of User Type IDs to exclude
- User
Types List<string>Includeds Set of User Type IDs to include
- Users
Excludeds List<string> Set of User IDs to exclude
- Users
Includeds List<string> Set of User IDs to include
- Policy
Id string ID of the policy
- Access string
Allow or deny access based on the rule conditions: ALLOW or DENY
- Constraints []string
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- Custom
Expression string This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- Device
Assurances []stringIncludeds List of device assurance IDs to include
- Device
Is boolManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- Device
Is boolRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- Factor
Mode string The number of factors required to satisfy this assurance level
- Groups
Excludeds []string List of group IDs to exclude
- Groups
Includeds []string List of group IDs to include
- Inactivity
Period string The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- Name string
Policy Rule Name
- Network
Connection string Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- Network
Excludes []string The zones to exclude
- Network
Includes []string The zones to include
- Platform
Includes []AppSignon Policy Rule Platform Include Args - Priority int
Priority of the rule.
- Re
Authentication stringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- Risk
Score string The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- Status string
Status of the rule
- Type string
The Verification Method type
- User
Types []stringExcludeds Set of User Type IDs to exclude
- User
Types []stringIncludeds Set of User Type IDs to include
- Users
Excludeds []string Set of User IDs to exclude
- Users
Includeds []string Set of User IDs to include
- policy
Id String ID of the policy
- access String
Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints List<String>
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom
Expression String This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Assurances List<String>Includeds List of device assurance IDs to include
- device
Is BooleanManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device
Is BooleanRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor
Mode String The number of factors required to satisfy this assurance level
- groups
Excludeds List<String> List of group IDs to exclude
- groups
Includeds List<String> List of group IDs to include
- inactivity
Period String The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name String
Policy Rule Name
- network
Connection String Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network
Excludes List<String> The zones to exclude
- network
Includes List<String> The zones to include
- platform
Includes List<AppSignon Policy Rule Platform Include> - priority Integer
Priority of the rule.
- re
Authentication StringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk
Score String The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status String
Status of the rule
- type String
The Verification Method type
- user
Types List<String>Excludeds Set of User Type IDs to exclude
- user
Types List<String>Includeds Set of User Type IDs to include
- users
Excludeds List<String> Set of User IDs to exclude
- users
Includeds List<String> Set of User IDs to include
- policy
Id string ID of the policy
- access string
Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints string[]
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom
Expression string This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Assurances string[]Includeds List of device assurance IDs to include
- device
Is booleanManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device
Is booleanRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor
Mode string The number of factors required to satisfy this assurance level
- groups
Excludeds string[] List of group IDs to exclude
- groups
Includeds string[] List of group IDs to include
- inactivity
Period string The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name string
Policy Rule Name
- network
Connection string Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network
Excludes string[] The zones to exclude
- network
Includes string[] The zones to include
- platform
Includes AppSignon Policy Rule Platform Include[] - priority number
Priority of the rule.
- re
Authentication stringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk
Score string The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status string
Status of the rule
- type string
The Verification Method type
- user
Types string[]Excludeds Set of User Type IDs to exclude
- user
Types string[]Includeds Set of User Type IDs to include
- users
Excludeds string[] Set of User IDs to exclude
- users
Includeds string[] Set of User IDs to include
- policy_
id str ID of the policy
- access str
Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints Sequence[str]
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom_
expression str This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device_
assurances_ Sequence[str]includeds List of device assurance IDs to include
- device_
is_ boolmanaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device_
is_ boolregistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor_
mode str The number of factors required to satisfy this assurance level
- groups_
excludeds Sequence[str] List of group IDs to exclude
- groups_
includeds Sequence[str] List of group IDs to include
- inactivity_
period str The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name str
Policy Rule Name
- network_
connection str Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network_
excludes Sequence[str] The zones to exclude
- network_
includes Sequence[str] The zones to include
- platform_
includes Sequence[AppSignon Policy Rule Platform Include Args] - priority int
Priority of the rule.
- re_
authentication_ strfrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk_
score str The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status str
Status of the rule
- type str
The Verification Method type
- user_
types_ Sequence[str]excludeds Set of User Type IDs to exclude
- user_
types_ Sequence[str]includeds Set of User Type IDs to include
- users_
excludeds Sequence[str] Set of User IDs to exclude
- users_
includeds Sequence[str] Set of User IDs to include
- policy
Id String ID of the policy
- access String
Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints List<String>
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom
Expression String This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Assurances List<String>Includeds List of device assurance IDs to include
- device
Is BooleanManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device
Is BooleanRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor
Mode String The number of factors required to satisfy this assurance level
- groups
Excludeds List<String> List of group IDs to exclude
- groups
Includeds List<String> List of group IDs to include
- inactivity
Period String The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name String
Policy Rule Name
- network
Connection String Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network
Excludes List<String> The zones to exclude
- network
Includes List<String> The zones to include
- platform
Includes List<Property Map> - priority Number
Priority of the rule.
- re
Authentication StringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk
Score String The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status String
Status of the rule
- type String
The Verification Method type
- user
Types List<String>Excludeds Set of User Type IDs to exclude
- user
Types List<String>Includeds Set of User Type IDs to include
- users
Excludeds List<String> Set of User IDs to exclude
- users
Includeds List<String> Set of User IDs to include
Outputs
All input properties are implicitly available as output properties. Additionally, the AppSignonPolicyRule resource produces the following output properties:
Look up Existing AppSignonPolicyRule Resource
Get an existing AppSignonPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AppSignonPolicyRuleState, opts?: CustomResourceOptions): AppSignonPolicyRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access: Optional[str] = None,
constraints: Optional[Sequence[str]] = None,
custom_expression: Optional[str] = None,
device_assurances_includeds: Optional[Sequence[str]] = None,
device_is_managed: Optional[bool] = None,
device_is_registered: Optional[bool] = None,
factor_mode: Optional[str] = None,
groups_excludeds: Optional[Sequence[str]] = None,
groups_includeds: Optional[Sequence[str]] = None,
inactivity_period: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
platform_includes: Optional[Sequence[AppSignonPolicyRulePlatformIncludeArgs]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
re_authentication_frequency: Optional[str] = None,
risk_score: Optional[str] = None,
status: Optional[str] = None,
system: Optional[bool] = None,
type: Optional[str] = None,
user_types_excludeds: Optional[Sequence[str]] = None,
user_types_includeds: Optional[Sequence[str]] = None,
users_excludeds: Optional[Sequence[str]] = None,
users_includeds: Optional[Sequence[str]] = None) -> AppSignonPolicyRule
func GetAppSignonPolicyRule(ctx *Context, name string, id IDInput, state *AppSignonPolicyRuleState, opts ...ResourceOption) (*AppSignonPolicyRule, error)
public static AppSignonPolicyRule Get(string name, Input<string> id, AppSignonPolicyRuleState? state, CustomResourceOptions? opts = null)
public static AppSignonPolicyRule get(String name, Output<String> id, AppSignonPolicyRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access string
Allow or deny access based on the rule conditions: ALLOW or DENY
- Constraints List<string>
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- Custom
Expression string This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- Device
Assurances List<string>Includeds List of device assurance IDs to include
- Device
Is boolManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- Device
Is boolRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- Factor
Mode string The number of factors required to satisfy this assurance level
- Groups
Excludeds List<string> List of group IDs to exclude
- Groups
Includeds List<string> List of group IDs to include
- Inactivity
Period string The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- Name string
Policy Rule Name
- Network
Connection string Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- Network
Excludes List<string> The zones to exclude
- Network
Includes List<string> The zones to include
- Platform
Includes List<AppSignon Policy Rule Platform Include> - Policy
Id string ID of the policy
- Priority int
Priority of the rule.
- Re
Authentication stringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- Risk
Score string The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- Status string
Status of the rule
- System bool
Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy
- Type string
The Verification Method type
- User
Types List<string>Excludeds Set of User Type IDs to exclude
- User
Types List<string>Includeds Set of User Type IDs to include
- Users
Excludeds List<string> Set of User IDs to exclude
- Users
Includeds List<string> Set of User IDs to include
- Access string
Allow or deny access based on the rule conditions: ALLOW or DENY
- Constraints []string
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- Custom
Expression string This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- Device
Assurances []stringIncludeds List of device assurance IDs to include
- Device
Is boolManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- Device
Is boolRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- Factor
Mode string The number of factors required to satisfy this assurance level
- Groups
Excludeds []string List of group IDs to exclude
- Groups
Includeds []string List of group IDs to include
- Inactivity
Period string The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- Name string
Policy Rule Name
- Network
Connection string Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- Network
Excludes []string The zones to exclude
- Network
Includes []string The zones to include
- Platform
Includes []AppSignon Policy Rule Platform Include Args - Policy
Id string ID of the policy
- Priority int
Priority of the rule.
- Re
Authentication stringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- Risk
Score string The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- Status string
Status of the rule
- System bool
Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy
- Type string
The Verification Method type
- User
Types []stringExcludeds Set of User Type IDs to exclude
- User
Types []stringIncludeds Set of User Type IDs to include
- Users
Excludeds []string Set of User IDs to exclude
- Users
Includeds []string Set of User IDs to include
- access String
Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints List<String>
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom
Expression String This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Assurances List<String>Includeds List of device assurance IDs to include
- device
Is BooleanManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device
Is BooleanRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor
Mode String The number of factors required to satisfy this assurance level
- groups
Excludeds List<String> List of group IDs to exclude
- groups
Includeds List<String> List of group IDs to include
- inactivity
Period String The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name String
Policy Rule Name
- network
Connection String Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network
Excludes List<String> The zones to exclude
- network
Includes List<String> The zones to include
- platform
Includes List<AppSignon Policy Rule Platform Include> - policy
Id String ID of the policy
- priority Integer
Priority of the rule.
- re
Authentication StringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk
Score String The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status String
Status of the rule
- system Boolean
Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy
- type String
The Verification Method type
- user
Types List<String>Excludeds Set of User Type IDs to exclude
- user
Types List<String>Includeds Set of User Type IDs to include
- users
Excludeds List<String> Set of User IDs to exclude
- users
Includeds List<String> Set of User IDs to include
- access string
Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints string[]
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom
Expression string This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Assurances string[]Includeds List of device assurance IDs to include
- device
Is booleanManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device
Is booleanRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor
Mode string The number of factors required to satisfy this assurance level
- groups
Excludeds string[] List of group IDs to exclude
- groups
Includeds string[] List of group IDs to include
- inactivity
Period string The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name string
Policy Rule Name
- network
Connection string Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network
Excludes string[] The zones to exclude
- network
Includes string[] The zones to include
- platform
Includes AppSignon Policy Rule Platform Include[] - policy
Id string ID of the policy
- priority number
Priority of the rule.
- re
Authentication stringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk
Score string The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status string
Status of the rule
- system boolean
Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy
- type string
The Verification Method type
- user
Types string[]Excludeds Set of User Type IDs to exclude
- user
Types string[]Includeds Set of User Type IDs to include
- users
Excludeds string[] Set of User IDs to exclude
- users
Includeds string[] Set of User IDs to include
- access str
Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints Sequence[str]
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom_
expression str This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device_
assurances_ Sequence[str]includeds List of device assurance IDs to include
- device_
is_ boolmanaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device_
is_ boolregistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor_
mode str The number of factors required to satisfy this assurance level
- groups_
excludeds Sequence[str] List of group IDs to exclude
- groups_
includeds Sequence[str] List of group IDs to include
- inactivity_
period str The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name str
Policy Rule Name
- network_
connection str Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network_
excludes Sequence[str] The zones to exclude
- network_
includes Sequence[str] The zones to include
- platform_
includes Sequence[AppSignon Policy Rule Platform Include Args] - policy_
id str ID of the policy
- priority int
Priority of the rule.
- re_
authentication_ strfrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk_
score str The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status str
Status of the rule
- system bool
Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy
- type str
The Verification Method type
- user_
types_ Sequence[str]excludeds Set of User Type IDs to exclude
- user_
types_ Sequence[str]includeds Set of User Type IDs to include
- users_
excludeds Sequence[str] Set of User IDs to exclude
- users_
includeds Sequence[str] Set of User IDs to include
- access String
Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints List<String>
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom
Expression String This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Assurances List<String>Includeds List of device assurance IDs to include
- device
Is BooleanManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device
Is BooleanRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor
Mode String The number of factors required to satisfy this assurance level
- groups
Excludeds List<String> List of group IDs to exclude
- groups
Includeds List<String> List of group IDs to include
- inactivity
Period String The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name String
Policy Rule Name
- network
Connection String Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network
Excludes List<String> The zones to exclude
- network
Includes List<String> The zones to include
- platform
Includes List<Property Map> - policy
Id String ID of the policy
- priority Number
Priority of the rule.
- re
Authentication StringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk
Score String The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status String
Status of the rule
- system Boolean
Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy
- type String
The Verification Method type
- user
Types List<String>Excludeds Set of User Type IDs to exclude
- user
Types List<String>Includeds Set of User Type IDs to include
- users
Excludeds List<String> Set of User IDs to exclude
- users
Includeds List<String> Set of User IDs to include
Supporting Types
AppSignonPolicyRulePlatformInclude, AppSignonPolicyRulePlatformIncludeArgs
- Os
Expression string Only available with OTHER OS type
- Os
Type string - Type string
- Os
Expression string Only available with OTHER OS type
- Os
Type string - Type string
- os
Expression String Only available with OTHER OS type
- os
Type String - type String
- os
Expression string Only available with OTHER OS type
- os
Type string - type string
- os_
expression str Only available with OTHER OS type
- os_
type str - type str
- os
Expression String Only available with OTHER OS type
- os
Type String - type String
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
okta
Terraform Provider.