okta.AppSignonPolicyRule
WARNING: This feature is only available as a part of the Identity Engine. Contact support for further information.
This resource allows you to create and configure a sign-on policy rule for the application.
A default or Catch-all Rule
sign-on policy rule can be imported and managed as a custom rule.
The only difference is that these fields are immutable and can not be managed: network_connection
, network_excludes
,
network_includes
, platform_include
, custom_expression
, device_is_registered
, device_is_managed
, users_excluded
,
users_included
, groups_excluded
, groups_included
, user_types_excluded
and user_types_included
.
Example Usage
Example 1:
using System.Collections.Generic;
using System.Text.Json;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var test = new Okta.AppSignonPolicyRule("test", new()
{
PolicyId = data.Okta_app_signon_policy.Test.Id,
Constraints = new[]
{
JsonSerializer.Serialize(new Dictionary<string, object?>
{
["knowledge"] = new Dictionary<string, object?>
{
["types"] = new[]
{
"password",
},
},
}),
},
});
});
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-okta/sdk/v3/go/okta"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"knowledge": map[string]interface{}{
"types": []string{
"password",
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = okta.NewAppSignonPolicyRule(ctx, "test", &okta.AppSignonPolicyRuleArgs{
PolicyId: pulumi.Any(data.Okta_app_signon_policy.Test.Id),
Constraints: pulumi.StringArray{
pulumi.String(json0),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.AppSignonPolicyRule;
import com.pulumi.okta.AppSignonPolicyRuleArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new AppSignonPolicyRule("test", AppSignonPolicyRuleArgs.builder()
.policyId(data.okta_app_signon_policy().test().id())
.constraints(serializeJson(
jsonObject(
jsonProperty("knowledge", jsonObject(
jsonProperty("types", jsonArray("password"))
))
)))
.build());
}
}
import pulumi
import json
import pulumi_okta as okta
test = okta.AppSignonPolicyRule("test",
policy_id=data["okta_app_signon_policy"]["test"]["id"],
constraints=[json.dumps({
"knowledge": {
"types": ["password"],
},
})])
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const test = new okta.AppSignonPolicyRule("test", {
policyId: data.okta_app_signon_policy.test.id,
constraints: [JSON.stringify({
knowledge: {
types: ["password"],
},
})],
});
resources:
test:
type: okta:AppSignonPolicyRule
properties:
policyId: ${data.okta_app_signon_policy.test.id}
constraints:
- fn::toJSON:
knowledge:
types:
- password
block
using System.Collections.Generic;
using Pulumi;
return await Deployment.RunAsync(() =>
{
});
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
}
}
import pulumi
import * as pulumi from "@pulumi/pulumi";
{}
Example 2:
using System.Collections.Generic;
using System.Text.Json;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var test = new Okta.AppSignonPolicyRule("test", new()
{
PolicyId = data.Okta_app_signon_policy.Test.Id,
Constraints = new[]
{
JsonSerializer.Serialize(new Dictionary<string, object?>
{
["knowledge"] = new Dictionary<string, object?>
{
["reauthenticateIn"] = "PT2H",
["types"] = new[]
{
"password",
},
},
["possession"] = new Dictionary<string, object?>
{
["deviceBound"] = "REQUIRED",
["hardwareProtection"] = "REQUIRED",
},
}),
},
});
});
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-okta/sdk/v3/go/okta"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"knowledge": map[string]interface{}{
"reauthenticateIn": "PT2H",
"types": []string{
"password",
},
},
"possession": map[string]interface{}{
"deviceBound": "REQUIRED",
"hardwareProtection": "REQUIRED",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = okta.NewAppSignonPolicyRule(ctx, "test", &okta.AppSignonPolicyRuleArgs{
PolicyId: pulumi.Any(data.Okta_app_signon_policy.Test.Id),
Constraints: pulumi.StringArray{
pulumi.String(json0),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.AppSignonPolicyRule;
import com.pulumi.okta.AppSignonPolicyRuleArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new AppSignonPolicyRule("test", AppSignonPolicyRuleArgs.builder()
.policyId(data.okta_app_signon_policy().test().id())
.constraints(serializeJson(
jsonObject(
jsonProperty("knowledge", jsonObject(
jsonProperty("reauthenticateIn", "PT2H"),
jsonProperty("types", jsonArray("password"))
)),
jsonProperty("possession", jsonObject(
jsonProperty("deviceBound", "REQUIRED"),
jsonProperty("hardwareProtection", "REQUIRED")
))
)))
.build());
}
}
import pulumi
import json
import pulumi_okta as okta
test = okta.AppSignonPolicyRule("test",
policy_id=data["okta_app_signon_policy"]["test"]["id"],
constraints=[json.dumps({
"knowledge": {
"reauthenticateIn": "PT2H",
"types": ["password"],
},
"possession": {
"deviceBound": "REQUIRED",
"hardwareProtection": "REQUIRED",
},
})])
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const test = new okta.AppSignonPolicyRule("test", {
policyId: data.okta_app_signon_policy.test.id,
constraints: [JSON.stringify({
knowledge: {
reauthenticateIn: "PT2H",
types: ["password"],
},
possession: {
deviceBound: "REQUIRED",
hardwareProtection: "REQUIRED",
},
})],
});
resources:
test:
type: okta:AppSignonPolicyRule
properties:
policyId: ${data.okta_app_signon_policy.test.id}
constraints:
- fn::toJSON:
knowledge:
reauthenticateIn: PT2H
types:
- password
possession:
deviceBound: REQUIRED
hardwareProtection: REQUIRED
block
using System.Collections.Generic;
using Pulumi;
return await Deployment.RunAsync(() =>
{
});
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
}
}
import pulumi
import * as pulumi from "@pulumi/pulumi";
{}
Complex example
using System.Collections.Generic;
using System.Text.Json;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var testSaml = new Okta.App.Saml("testSaml", new()
{
Label = "testAcc_replace_with_uuid",
SsoUrl = "https://google.com",
Recipient = "https://here.com",
Destination = "https://its-about-the-journey.com",
Audience = "https://audience.com",
SubjectNameIdTemplate = "${user.userName}",
SubjectNameIdFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
ResponseSigned = true,
SignatureAlgorithm = "RSA_SHA256",
DigestAlgorithm = "SHA256",
HonorForceAuthn = false,
AuthnContextClassRef = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
SingleLogoutIssuer = "https://dunshire.okta.com",
SingleLogoutUrl = "https://dunshire.okta.com/logout",
SingleLogoutCertificate = @"MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV
BAgMBU1haW5lMRAwDgYDVQQHDAdDYXJpYm91MRcwFQYDVQQKDA5Tbm93bWFrZXJzIEluYzEUMBIG
A1UECwwLRW5naW5lZXJpbmcxDTALBgNVBAMMBFNub3cxIDAeBgkqhkiG9w0BCQEWEWVtYWlsQGV4
YW1wbGUuY29tMB4XDTIwMTIwMzIyNDY0M1oXDTMwMTIwMTIyNDY0M1owgY8xCzAJBgNVBAYTAlVT
MQ4wDAYDVQQIDAVNYWluZTEQMA4GA1UEBwwHQ2FyaWJvdTEXMBUGA1UECgwOU25vd21ha2VycyBJ
bmMxFDASBgNVBAsMC0VuZ2luZWVyaW5nMQ0wCwYDVQQDDARTbm93MSAwHgYJKoZIhvcNAQkBFhFl
bWFpbEBleGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANMmWDjXPdoa
PyzIENqeY9njLan2FqCbQPSestWUUcb6NhDsJVGSQ7XR+ozQA5TaJzbP7cAJUj8vCcbqMZsgOQAu
O/pzYyQEKptLmrGvPn7xkJ1A1xLkp2NY18cpDTeUPueJUoidZ9EJwEuyUZIktzxNNU1pA1lGijiu
2XNxs9d9JR/hm3tCu9Im8qLVB4JtX80YUa6QtlRjWR/H8a373AYCOASdoB3c57fIPD8ATDNy2w/c
fCVGiyKDMFB+GA/WTsZpOP3iohRp8ltAncSuzypcztb2iE+jijtTsiC9kUA2abAJqqpoCJubNShi
Vff4822czpziS44MV2guC9wANi8u3Uyl5MKsU95j01jzadKRP5S+2f0K+n8n4UoV9fnqZFyuGAKd
CJi9K6NlSAP+TgPe/JP9FOSuxQOHWJfmdLHdJD+evoKi9E55sr5lRFK0xU1Fj5Ld7zjC0pXPhtJf
sgjEZzD433AsHnRzvRT1KSNCPkLYomznZo5n9rWYgCQ8HcytlQDTesmKE+s05E/VSWNtH84XdDrt
ieXwfwhHfaABSu+WjZYxi9CXdFCSvXhsgufUcK4FbYAHl/ga/cJxZc52yFC7Pcq0u9O2BSCjYPdQ
DAHs9dhT1RhwVLM8RmoAzgxyyzau0gxnAlgSBD9FMW6dXqIHIp8yAAg9cRXhYRTNAgMBAAEwDQYJ
KoZIhvcNAQELBQADggIBADofEC1SvG8qa7pmKCjB/E9Sxhk3mvUO9Gq43xzwVb721Ng3VYf4vGU3
wLUwJeLt0wggnj26NJweN5T3q9T8UMxZhHSWvttEU3+S1nArRB0beti716HSlOCDx4wTmBu/D1MG
t/kZYFJw+zuzvAcbYct2pK69AQhD8xAIbQvqADJI7cCK3yRry+aWtppc58P81KYabUlCfFXfhJ9E
P72ffN4jVHpX3lxxYh7FKAdiKbY2FYzjsc7RdgKI1R3iAAZUCGBTvezNzaetGzTUjjl/g1tcVYij
ltH9ZOQBPlUMI88lxUxqgRTerpPmAJH00CACx4JFiZrweLM1trZyy06wNDQgLrqHr3EOagBF/O2h
hfTehNdVr6iq3YhKWBo4/+RL0RCzHMh4u86VbDDnDn4Y6HzLuyIAtBFoikoKM6UHTOa0Pqv2bBr5
wbkRkVUxl9yJJw/HmTCdfnsM9dTOJUKzEglnGF2184Gg+qJDZB6fSf0EAO1F6sTqiSswl+uHQZiy
DaZzyU7Gg5seKOZ20zTRaX3Ihj9Zij/ORnrARE7eM/usKMECp+7syUwAUKxDCZkGiUdskmOhhBGL
JtbyK3F2UvoJoLsm3pIcvMak9KwMjSTGJB47ABUP1+w+zGcNk0D5Co3IJ6QekiLfWJyQ+kKsWLKt
zOYQQatrnBagM7MI2/T4
",
AttributeStatements = new[]
{
new Okta.App.Inputs.SamlAttributeStatementArgs
{
Type = "GROUP",
Name = "groups",
FilterType = "REGEX",
FilterValue = ".*",
},
},
});
var testAppSignonPolicy = Okta.GetAppSignonPolicy.Invoke(new()
{
AppId = testSaml.Id,
});
var testUser = new List<Okta.User.User>();
for (var rangeIndex = 0; rangeIndex < 5; rangeIndex++)
{
var range = new { Value = rangeIndex };
testUser.Add(new Okta.User.User($"testUser-{range.Value}", new()
{
FirstName = "TestAcc",
LastName = "Smith",
Login = $"testAcc_{range.Value}@example.com",
Email = $"testAcc_{range.Value}@example.com",
}));
}
var @this = new List<Okta.Group.Group>();
for (var rangeIndex = 0; rangeIndex < 5; rangeIndex++)
{
var range = new { Value = rangeIndex };
@this.Add(new Okta.Group.Group($"this-{range.Value}", new()
{
Description = $"testAcc_{range.Value}",
}));
}
var testUserType = new Okta.User.UserType("testUserType", new()
{
DisplayName = "Terraform Acceptance Test User Type Updated",
Description = "Terraform Acceptance Test User Type Updated",
});
var testZone = new Okta.Network.Zone("testZone", new()
{
Type = "IP",
Gateways = new[]
{
"1.2.3.4/24",
"2.3.4.5-2.3.4.15",
},
Proxies = new[]
{
"2.2.3.4/24",
"3.3.4.5-3.3.4.15",
},
});
var @default = Okta.User.GetUserType.Invoke(new()
{
Name = "user",
});
var testAppSignonPolicyRule = new Okta.AppSignonPolicyRule("testAppSignonPolicyRule", new()
{
PolicyId = testAppSignonPolicy.Apply(getAppSignonPolicyResult => getAppSignonPolicyResult.Id),
Access = "ALLOW",
CustomExpression = "user.status == \"ACTIVE\"",
DeviceIsManaged = false,
DeviceIsRegistered = true,
FactorMode = "2FA",
GroupsExcludeds = new[]
{
@this[2].Id,
@this[3].Id,
@this[4].Id,
},
GroupsIncludeds = new[]
{
@this[0].Id,
@this[1].Id,
},
NetworkConnection = "ZONE",
NetworkIncludes = new[]
{
testZone.Id,
},
PlatformIncludes = new[]
{
new Okta.Inputs.AppSignonPolicyRulePlatformIncludeArgs
{
OsType = "ANDROID",
Type = "MOBILE",
},
new Okta.Inputs.AppSignonPolicyRulePlatformIncludeArgs
{
OsType = "IOS",
Type = "MOBILE",
},
new Okta.Inputs.AppSignonPolicyRulePlatformIncludeArgs
{
OsType = "MACOS",
Type = "DESKTOP",
},
new Okta.Inputs.AppSignonPolicyRulePlatformIncludeArgs
{
OsType = "OTHER",
Type = "DESKTOP",
},
new Okta.Inputs.AppSignonPolicyRulePlatformIncludeArgs
{
OsType = "OTHER",
Type = "MOBILE",
},
new Okta.Inputs.AppSignonPolicyRulePlatformIncludeArgs
{
OsType = "WINDOWS",
Type = "DESKTOP",
},
},
Priority = 98,
ReAuthenticationFrequency = "PT43800H",
Type = "ASSURANCE",
UserTypesExcludeds = new[]
{
testUserType.Id,
},
UserTypesIncludeds = new[]
{
@default.Apply(@default => @default.Apply(getUserTypeResult => getUserTypeResult.Id)),
},
UsersExcludeds = new[]
{
testUser[2].Id,
testUser[3].Id,
testUser[4].Id,
},
UsersIncludeds = new[]
{
testUser[0].Id,
testUser[1].Id,
},
Constraints = new[]
{
JsonSerializer.Serialize(new Dictionary<string, object?>
{
["knowledge"] = new Dictionary<string, object?>
{
["reauthenticateIn"] = "PT2H",
["types"] = new[]
{
"password",
},
},
["possession"] = new Dictionary<string, object?>
{
["deviceBound"] = "REQUIRED",
},
}),
JsonSerializer.Serialize(new Dictionary<string, object?>
{
["possession"] = new Dictionary<string, object?>
{
["deviceBound"] = "REQUIRED",
["hardwareProtection"] = "REQUIRED",
["userPresence"] = "OPTIONAL",
},
}),
},
});
});
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-okta/sdk/v3/go/okta"
"github.com/pulumi/pulumi-okta/sdk/v3/go/okta/app"
"github.com/pulumi/pulumi-okta/sdk/v3/go/okta/group"
"github.com/pulumi/pulumi-okta/sdk/v3/go/okta/network"
"github.com/pulumi/pulumi-okta/sdk/v3/go/okta/user"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
testSaml, err := app.NewSaml(ctx, "testSaml", &app.SamlArgs{
Label: pulumi.String("testAcc_replace_with_uuid"),
SsoUrl: pulumi.String("https://google.com"),
Recipient: pulumi.String("https://here.com"),
Destination: pulumi.String("https://its-about-the-journey.com"),
Audience: pulumi.String("https://audience.com"),
SubjectNameIdTemplate: pulumi.String("${user.userName}"),
SubjectNameIdFormat: pulumi.String("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"),
ResponseSigned: pulumi.Bool(true),
SignatureAlgorithm: pulumi.String("RSA_SHA256"),
DigestAlgorithm: pulumi.String("SHA256"),
HonorForceAuthn: pulumi.Bool(false),
AuthnContextClassRef: pulumi.String("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"),
SingleLogoutIssuer: pulumi.String("https://dunshire.okta.com"),
SingleLogoutUrl: pulumi.String("https://dunshire.okta.com/logout"),
SingleLogoutCertificate: pulumi.String("MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV
\nBAgMBU1haW5lMRAwDgYDVQQHDAdDYXJpYm91MRcwFQYDVQQKDA5Tbm93bWFrZXJzIEluYzEUMBIG
\nA1UECwwLRW5naW5lZXJpbmcxDTALBgNVBAMMBFNub3cxIDAeBgkqhkiG9w0BCQEWEWVtYWlsQGV4
\nYW1wbGUuY29tMB4XDTIwMTIwMzIyNDY0M1oXDTMwMTIwMTIyNDY0M1owgY8xCzAJBgNVBAYTAlVT
\nMQ4wDAYDVQQIDAVNYWluZTEQMA4GA1UEBwwHQ2FyaWJvdTEXMBUGA1UECgwOU25vd21ha2VycyBJ
\nbmMxFDASBgNVBAsMC0VuZ2luZWVyaW5nMQ0wCwYDVQQDDARTbm93MSAwHgYJKoZIhvcNAQkBFhFl
\nbWFpbEBleGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANMmWDjXPdoa
\nPyzIENqeY9njLan2FqCbQPSestWUUcb6NhDsJVGSQ7XR+ozQA5TaJzbP7cAJUj8vCcbqMZsgOQAu
\nO/pzYyQEKptLmrGvPn7xkJ1A1xLkp2NY18cpDTeUPueJUoidZ9EJwEuyUZIktzxNNU1pA1lGijiu
\n2XNxs9d9JR/hm3tCu9Im8qLVB4JtX80YUa6QtlRjWR/H8a373AYCOASdoB3c57fIPD8ATDNy2w/c
\nfCVGiyKDMFB+GA/WTsZpOP3iohRp8ltAncSuzypcztb2iE+jijtTsiC9kUA2abAJqqpoCJubNShi
\nVff4822czpziS44MV2guC9wANi8u3Uyl5MKsU95j01jzadKRP5S+2f0K+n8n4UoV9fnqZFyuGAKd
\nCJi9K6NlSAP+TgPe/JP9FOSuxQOHWJfmdLHdJD+evoKi9E55sr5lRFK0xU1Fj5Ld7zjC0pXPhtJf
\nsgjEZzD433AsHnRzvRT1KSNCPkLYomznZo5n9rWYgCQ8HcytlQDTesmKE+s05E/VSWNtH84XdDrt
\nieXwfwhHfaABSu+WjZYxi9CXdFCSvXhsgufUcK4FbYAHl/ga/cJxZc52yFC7Pcq0u9O2BSCjYPdQ
\nDAHs9dhT1RhwVLM8RmoAzgxyyzau0gxnAlgSBD9FMW6dXqIHIp8yAAg9cRXhYRTNAgMBAAEwDQYJ
\nKoZIhvcNAQELBQADggIBADofEC1SvG8qa7pmKCjB/E9Sxhk3mvUO9Gq43xzwVb721Ng3VYf4vGU3
\nwLUwJeLt0wggnj26NJweN5T3q9T8UMxZhHSWvttEU3+S1nArRB0beti716HSlOCDx4wTmBu/D1MG
\nt/kZYFJw+zuzvAcbYct2pK69AQhD8xAIbQvqADJI7cCK3yRry+aWtppc58P81KYabUlCfFXfhJ9E
\nP72ffN4jVHpX3lxxYh7FKAdiKbY2FYzjsc7RdgKI1R3iAAZUCGBTvezNzaetGzTUjjl/g1tcVYij
\nltH9ZOQBPlUMI88lxUxqgRTerpPmAJH00CACx4JFiZrweLM1trZyy06wNDQgLrqHr3EOagBF/O2h
\nhfTehNdVr6iq3YhKWBo4/+RL0RCzHMh4u86VbDDnDn4Y6HzLuyIAtBFoikoKM6UHTOa0Pqv2bBr5
\nwbkRkVUxl9yJJw/HmTCdfnsM9dTOJUKzEglnGF2184Gg+qJDZB6fSf0EAO1F6sTqiSswl+uHQZiy
\nDaZzyU7Gg5seKOZ20zTRaX3Ihj9Zij/ORnrARE7eM/usKMECp+7syUwAUKxDCZkGiUdskmOhhBGL
\nJtbyK3F2UvoJoLsm3pIcvMak9KwMjSTGJB47ABUP1+w+zGcNk0D5Co3IJ6QekiLfWJyQ+kKsWLKt
\nzOYQQatrnBagM7MI2/T4
\n"),
AttributeStatements: app.SamlAttributeStatementArray{
&app.SamlAttributeStatementArgs{
Type: pulumi.String("GROUP"),
Name: pulumi.String("groups"),
FilterType: pulumi.String("REGEX"),
FilterValue: pulumi.String(".*"),
},
},
})
if err != nil {
return err
}
testAppSignonPolicy := okta.LookupAppSignonPolicyOutput(ctx, okta.GetAppSignonPolicyOutputArgs{
AppId: testSaml.ID(),
}, nil)
var testUser []*user.User
for index := 0; index < 5; index++ {
key0 := index
val0 := index
__res, err := user.NewUser(ctx, fmt.Sprintf("testUser-%v", key0), &user.UserArgs{
FirstName: pulumi.String("TestAcc"),
LastName: pulumi.String("Smith"),
Login: pulumi.String(fmt.Sprintf("testAcc_%v@example.com", val0)),
Email: pulumi.String(fmt.Sprintf("testAcc_%v@example.com", val0)),
})
if err != nil {
return err
}
testUser = append(testUser, __res)
}
var this []*group.Group
for index := 0; index < 5; index++ {
key0 := index
val0 := index
__res, err := group.NewGroup(ctx, fmt.Sprintf("this-%v", key0), &group.GroupArgs{
Description: pulumi.String(fmt.Sprintf("testAcc_%v", val0)),
})
if err != nil {
return err
}
this = append(this, __res)
}
testUserType, err := user.NewUserType(ctx, "testUserType", &user.UserTypeArgs{
DisplayName: pulumi.String("Terraform Acceptance Test User Type Updated"),
Description: pulumi.String("Terraform Acceptance Test User Type Updated"),
})
if err != nil {
return err
}
testZone, err := network.NewZone(ctx, "testZone", &network.ZoneArgs{
Type: pulumi.String("IP"),
Gateways: pulumi.StringArray{
pulumi.String("1.2.3.4/24"),
pulumi.String("2.3.4.5-2.3.4.15"),
},
Proxies: pulumi.StringArray{
pulumi.String("2.2.3.4/24"),
pulumi.String("3.3.4.5-3.3.4.15"),
},
})
if err != nil {
return err
}
_default, err := user.LookupUserType(ctx, &user.LookupUserTypeArgs{
Name: "user",
}, nil)
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"knowledge": map[string]interface{}{
"reauthenticateIn": "PT2H",
"types": []string{
"password",
},
},
"possession": map[string]interface{}{
"deviceBound": "REQUIRED",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
tmpJSON1, err := json.Marshal(map[string]interface{}{
"possession": map[string]interface{}{
"deviceBound": "REQUIRED",
"hardwareProtection": "REQUIRED",
"userPresence": "OPTIONAL",
},
})
if err != nil {
return err
}
json1 := string(tmpJSON1)
_, err = okta.NewAppSignonPolicyRule(ctx, "testAppSignonPolicyRule", &okta.AppSignonPolicyRuleArgs{
PolicyId: testAppSignonPolicy.ApplyT(func(testAppSignonPolicy okta.GetAppSignonPolicyResult) (*string, error) {
return &testAppSignonPolicy.Id, nil
}).(pulumi.StringPtrOutput),
Access: pulumi.String("ALLOW"),
CustomExpression: pulumi.String("user.status == \"ACTIVE\""),
DeviceIsManaged: pulumi.Bool(false),
DeviceIsRegistered: pulumi.Bool(true),
FactorMode: pulumi.String("2FA"),
GroupsExcludeds: pulumi.StringArray{
this[2].ID(),
this[3].ID(),
this[4].ID(),
},
GroupsIncludeds: pulumi.StringArray{
this[0].ID(),
this[1].ID(),
},
NetworkConnection: pulumi.String("ZONE"),
NetworkIncludes: pulumi.StringArray{
testZone.ID(),
},
PlatformIncludes: okta.AppSignonPolicyRulePlatformIncludeArray{
&okta.AppSignonPolicyRulePlatformIncludeArgs{
OsType: pulumi.String("ANDROID"),
Type: pulumi.String("MOBILE"),
},
&okta.AppSignonPolicyRulePlatformIncludeArgs{
OsType: pulumi.String("IOS"),
Type: pulumi.String("MOBILE"),
},
&okta.AppSignonPolicyRulePlatformIncludeArgs{
OsType: pulumi.String("MACOS"),
Type: pulumi.String("DESKTOP"),
},
&okta.AppSignonPolicyRulePlatformIncludeArgs{
OsType: pulumi.String("OTHER"),
Type: pulumi.String("DESKTOP"),
},
&okta.AppSignonPolicyRulePlatformIncludeArgs{
OsType: pulumi.String("OTHER"),
Type: pulumi.String("MOBILE"),
},
&okta.AppSignonPolicyRulePlatformIncludeArgs{
OsType: pulumi.String("WINDOWS"),
Type: pulumi.String("DESKTOP"),
},
},
Priority: pulumi.Int(98),
ReAuthenticationFrequency: pulumi.String("PT43800H"),
Type: pulumi.String("ASSURANCE"),
UserTypesExcludeds: pulumi.StringArray{
testUserType.ID(),
},
UserTypesIncludeds: pulumi.StringArray{
*pulumi.String(_default.Id),
},
UsersExcludeds: pulumi.StringArray{
testUser[2].ID(),
testUser[3].ID(),
testUser[4].ID(),
},
UsersIncludeds: pulumi.StringArray{
testUser[0].ID(),
testUser[1].ID(),
},
Constraints: pulumi.StringArray{
pulumi.String(json0),
pulumi.String(json1),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.app.Saml;
import com.pulumi.okta.app.SamlArgs;
import com.pulumi.okta.app.inputs.SamlAttributeStatementArgs;
import com.pulumi.okta.OktaFunctions;
import com.pulumi.okta.inputs.GetAppSignonPolicyArgs;
import com.pulumi.okta.user.User;
import com.pulumi.okta.user.UserArgs;
import com.pulumi.okta.group.Group;
import com.pulumi.okta.group.GroupArgs;
import com.pulumi.okta.user.UserType;
import com.pulumi.okta.user.UserTypeArgs;
import com.pulumi.okta.network.Zone;
import com.pulumi.okta.network.ZoneArgs;
import com.pulumi.okta.user.UserFunctions;
import com.pulumi.okta.user.inputs.GetUserTypeArgs;
import com.pulumi.okta.AppSignonPolicyRule;
import com.pulumi.okta.AppSignonPolicyRuleArgs;
import com.pulumi.okta.inputs.AppSignonPolicyRulePlatformIncludeArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import com.pulumi.codegen.internal.KeyedValue;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testSaml = new Saml("testSaml", SamlArgs.builder()
.label("testAcc_replace_with_uuid")
.ssoUrl("https://google.com")
.recipient("https://here.com")
.destination("https://its-about-the-journey.com")
.audience("https://audience.com")
.subjectNameIdTemplate("${user.userName}")
.subjectNameIdFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
.responseSigned(true)
.signatureAlgorithm("RSA_SHA256")
.digestAlgorithm("SHA256")
.honorForceAuthn(false)
.authnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport")
.singleLogoutIssuer("https://dunshire.okta.com")
.singleLogoutUrl("https://dunshire.okta.com/logout")
.singleLogoutCertificate("""
MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV
BAgMBU1haW5lMRAwDgYDVQQHDAdDYXJpYm91MRcwFQYDVQQKDA5Tbm93bWFrZXJzIEluYzEUMBIG
A1UECwwLRW5naW5lZXJpbmcxDTALBgNVBAMMBFNub3cxIDAeBgkqhkiG9w0BCQEWEWVtYWlsQGV4
YW1wbGUuY29tMB4XDTIwMTIwMzIyNDY0M1oXDTMwMTIwMTIyNDY0M1owgY8xCzAJBgNVBAYTAlVT
MQ4wDAYDVQQIDAVNYWluZTEQMA4GA1UEBwwHQ2FyaWJvdTEXMBUGA1UECgwOU25vd21ha2VycyBJ
bmMxFDASBgNVBAsMC0VuZ2luZWVyaW5nMQ0wCwYDVQQDDARTbm93MSAwHgYJKoZIhvcNAQkBFhFl
bWFpbEBleGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANMmWDjXPdoa
PyzIENqeY9njLan2FqCbQPSestWUUcb6NhDsJVGSQ7XR+ozQA5TaJzbP7cAJUj8vCcbqMZsgOQAu
O/pzYyQEKptLmrGvPn7xkJ1A1xLkp2NY18cpDTeUPueJUoidZ9EJwEuyUZIktzxNNU1pA1lGijiu
2XNxs9d9JR/hm3tCu9Im8qLVB4JtX80YUa6QtlRjWR/H8a373AYCOASdoB3c57fIPD8ATDNy2w/c
fCVGiyKDMFB+GA/WTsZpOP3iohRp8ltAncSuzypcztb2iE+jijtTsiC9kUA2abAJqqpoCJubNShi
Vff4822czpziS44MV2guC9wANi8u3Uyl5MKsU95j01jzadKRP5S+2f0K+n8n4UoV9fnqZFyuGAKd
CJi9K6NlSAP+TgPe/JP9FOSuxQOHWJfmdLHdJD+evoKi9E55sr5lRFK0xU1Fj5Ld7zjC0pXPhtJf
sgjEZzD433AsHnRzvRT1KSNCPkLYomznZo5n9rWYgCQ8HcytlQDTesmKE+s05E/VSWNtH84XdDrt
ieXwfwhHfaABSu+WjZYxi9CXdFCSvXhsgufUcK4FbYAHl/ga/cJxZc52yFC7Pcq0u9O2BSCjYPdQ
DAHs9dhT1RhwVLM8RmoAzgxyyzau0gxnAlgSBD9FMW6dXqIHIp8yAAg9cRXhYRTNAgMBAAEwDQYJ
KoZIhvcNAQELBQADggIBADofEC1SvG8qa7pmKCjB/E9Sxhk3mvUO9Gq43xzwVb721Ng3VYf4vGU3
wLUwJeLt0wggnj26NJweN5T3q9T8UMxZhHSWvttEU3+S1nArRB0beti716HSlOCDx4wTmBu/D1MG
t/kZYFJw+zuzvAcbYct2pK69AQhD8xAIbQvqADJI7cCK3yRry+aWtppc58P81KYabUlCfFXfhJ9E
P72ffN4jVHpX3lxxYh7FKAdiKbY2FYzjsc7RdgKI1R3iAAZUCGBTvezNzaetGzTUjjl/g1tcVYij
ltH9ZOQBPlUMI88lxUxqgRTerpPmAJH00CACx4JFiZrweLM1trZyy06wNDQgLrqHr3EOagBF/O2h
hfTehNdVr6iq3YhKWBo4/+RL0RCzHMh4u86VbDDnDn4Y6HzLuyIAtBFoikoKM6UHTOa0Pqv2bBr5
wbkRkVUxl9yJJw/HmTCdfnsM9dTOJUKzEglnGF2184Gg+qJDZB6fSf0EAO1F6sTqiSswl+uHQZiy
DaZzyU7Gg5seKOZ20zTRaX3Ihj9Zij/ORnrARE7eM/usKMECp+7syUwAUKxDCZkGiUdskmOhhBGL
JtbyK3F2UvoJoLsm3pIcvMak9KwMjSTGJB47ABUP1+w+zGcNk0D5Co3IJ6QekiLfWJyQ+kKsWLKt
zOYQQatrnBagM7MI2/T4
""")
.attributeStatements(SamlAttributeStatementArgs.builder()
.type("GROUP")
.name("groups")
.filterType("REGEX")
.filterValue(".*")
.build())
.build());
final var testAppSignonPolicy = OktaFunctions.getAppSignonPolicy(GetAppSignonPolicyArgs.builder()
.appId(testSaml.id())
.build());
for (var i = 0; i < 5; i++) {
new User("testUser-" + i, UserArgs.builder()
.firstName("TestAcc")
.lastName("Smith")
.login(String.format("testAcc_%s@example.com", range.value()))
.email(String.format("testAcc_%s@example.com", range.value()))
.build());
}
for (var i = 0; i < 5; i++) {
new Group("this-" + i, GroupArgs.builder()
.description(String.format("testAcc_%s", range.value()))
.build());
}
var testUserType = new UserType("testUserType", UserTypeArgs.builder()
.displayName("Terraform Acceptance Test User Type Updated")
.description("Terraform Acceptance Test User Type Updated")
.build());
var testZone = new Zone("testZone", ZoneArgs.builder()
.type("IP")
.gateways(
"1.2.3.4/24",
"2.3.4.5-2.3.4.15")
.proxies(
"2.2.3.4/24",
"3.3.4.5-3.3.4.15")
.build());
final var default = UserFunctions.getUserType(GetUserTypeArgs.builder()
.name("user")
.build());
var testAppSignonPolicyRule = new AppSignonPolicyRule("testAppSignonPolicyRule", AppSignonPolicyRuleArgs.builder()
.policyId(testAppSignonPolicy.applyValue(getAppSignonPolicyResult -> getAppSignonPolicyResult).applyValue(testAppSignonPolicy -> testAppSignonPolicy.applyValue(getAppSignonPolicyResult -> getAppSignonPolicyResult.id())))
.access("ALLOW")
.customExpression("user.status == \"ACTIVE\"")
.deviceIsManaged(false)
.deviceIsRegistered(true)
.factorMode("2FA")
.groupsExcludeds(
this_[2].id(),
this_[3].id(),
this_[4].id())
.groupsIncludeds(
this_[0].id(),
this_[1].id())
.networkConnection("ZONE")
.networkIncludes(testZone.id())
.platformIncludes(
AppSignonPolicyRulePlatformIncludeArgs.builder()
.osType("ANDROID")
.type("MOBILE")
.build(),
AppSignonPolicyRulePlatformIncludeArgs.builder()
.osType("IOS")
.type("MOBILE")
.build(),
AppSignonPolicyRulePlatformIncludeArgs.builder()
.osType("MACOS")
.type("DESKTOP")
.build(),
AppSignonPolicyRulePlatformIncludeArgs.builder()
.osType("OTHER")
.type("DESKTOP")
.build(),
AppSignonPolicyRulePlatformIncludeArgs.builder()
.osType("OTHER")
.type("MOBILE")
.build(),
AppSignonPolicyRulePlatformIncludeArgs.builder()
.osType("WINDOWS")
.type("DESKTOP")
.build())
.priority(98)
.reAuthenticationFrequency("PT43800H")
.type("ASSURANCE")
.userTypesExcludeds(testUserType.id())
.userTypesIncludeds(default_.id())
.usersExcludeds(
testUser[2].id(),
testUser[3].id(),
testUser[4].id())
.usersIncludeds(
testUser[0].id(),
testUser[1].id())
.constraints(
serializeJson(
jsonObject(
jsonProperty("knowledge", jsonObject(
jsonProperty("reauthenticateIn", "PT2H"),
jsonProperty("types", jsonArray("password"))
)),
jsonProperty("possession", jsonObject(
jsonProperty("deviceBound", "REQUIRED")
))
)),
serializeJson(
jsonObject(
jsonProperty("possession", jsonObject(
jsonProperty("deviceBound", "REQUIRED"),
jsonProperty("hardwareProtection", "REQUIRED"),
jsonProperty("userPresence", "OPTIONAL")
))
)))
.build());
}
}
import pulumi
import json
import pulumi_okta as okta
test_saml = okta.app.Saml("testSaml",
label="testAcc_replace_with_uuid",
sso_url="https://google.com",
recipient="https://here.com",
destination="https://its-about-the-journey.com",
audience="https://audience.com",
subject_name_id_template="${user.userName}",
subject_name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
response_signed=True,
signature_algorithm="RSA_SHA256",
digest_algorithm="SHA256",
honor_force_authn=False,
authn_context_class_ref="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
single_logout_issuer="https://dunshire.okta.com",
single_logout_url="https://dunshire.okta.com/logout",
single_logout_certificate="""MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV
BAgMBU1haW5lMRAwDgYDVQQHDAdDYXJpYm91MRcwFQYDVQQKDA5Tbm93bWFrZXJzIEluYzEUMBIG
A1UECwwLRW5naW5lZXJpbmcxDTALBgNVBAMMBFNub3cxIDAeBgkqhkiG9w0BCQEWEWVtYWlsQGV4
YW1wbGUuY29tMB4XDTIwMTIwMzIyNDY0M1oXDTMwMTIwMTIyNDY0M1owgY8xCzAJBgNVBAYTAlVT
MQ4wDAYDVQQIDAVNYWluZTEQMA4GA1UEBwwHQ2FyaWJvdTEXMBUGA1UECgwOU25vd21ha2VycyBJ
bmMxFDASBgNVBAsMC0VuZ2luZWVyaW5nMQ0wCwYDVQQDDARTbm93MSAwHgYJKoZIhvcNAQkBFhFl
bWFpbEBleGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANMmWDjXPdoa
PyzIENqeY9njLan2FqCbQPSestWUUcb6NhDsJVGSQ7XR+ozQA5TaJzbP7cAJUj8vCcbqMZsgOQAu
O/pzYyQEKptLmrGvPn7xkJ1A1xLkp2NY18cpDTeUPueJUoidZ9EJwEuyUZIktzxNNU1pA1lGijiu
2XNxs9d9JR/hm3tCu9Im8qLVB4JtX80YUa6QtlRjWR/H8a373AYCOASdoB3c57fIPD8ATDNy2w/c
fCVGiyKDMFB+GA/WTsZpOP3iohRp8ltAncSuzypcztb2iE+jijtTsiC9kUA2abAJqqpoCJubNShi
Vff4822czpziS44MV2guC9wANi8u3Uyl5MKsU95j01jzadKRP5S+2f0K+n8n4UoV9fnqZFyuGAKd
CJi9K6NlSAP+TgPe/JP9FOSuxQOHWJfmdLHdJD+evoKi9E55sr5lRFK0xU1Fj5Ld7zjC0pXPhtJf
sgjEZzD433AsHnRzvRT1KSNCPkLYomznZo5n9rWYgCQ8HcytlQDTesmKE+s05E/VSWNtH84XdDrt
ieXwfwhHfaABSu+WjZYxi9CXdFCSvXhsgufUcK4FbYAHl/ga/cJxZc52yFC7Pcq0u9O2BSCjYPdQ
DAHs9dhT1RhwVLM8RmoAzgxyyzau0gxnAlgSBD9FMW6dXqIHIp8yAAg9cRXhYRTNAgMBAAEwDQYJ
KoZIhvcNAQELBQADggIBADofEC1SvG8qa7pmKCjB/E9Sxhk3mvUO9Gq43xzwVb721Ng3VYf4vGU3
wLUwJeLt0wggnj26NJweN5T3q9T8UMxZhHSWvttEU3+S1nArRB0beti716HSlOCDx4wTmBu/D1MG
t/kZYFJw+zuzvAcbYct2pK69AQhD8xAIbQvqADJI7cCK3yRry+aWtppc58P81KYabUlCfFXfhJ9E
P72ffN4jVHpX3lxxYh7FKAdiKbY2FYzjsc7RdgKI1R3iAAZUCGBTvezNzaetGzTUjjl/g1tcVYij
ltH9ZOQBPlUMI88lxUxqgRTerpPmAJH00CACx4JFiZrweLM1trZyy06wNDQgLrqHr3EOagBF/O2h
hfTehNdVr6iq3YhKWBo4/+RL0RCzHMh4u86VbDDnDn4Y6HzLuyIAtBFoikoKM6UHTOa0Pqv2bBr5
wbkRkVUxl9yJJw/HmTCdfnsM9dTOJUKzEglnGF2184Gg+qJDZB6fSf0EAO1F6sTqiSswl+uHQZiy
DaZzyU7Gg5seKOZ20zTRaX3Ihj9Zij/ORnrARE7eM/usKMECp+7syUwAUKxDCZkGiUdskmOhhBGL
JtbyK3F2UvoJoLsm3pIcvMak9KwMjSTGJB47ABUP1+w+zGcNk0D5Co3IJ6QekiLfWJyQ+kKsWLKt
zOYQQatrnBagM7MI2/T4
""",
attribute_statements=[okta.app.SamlAttributeStatementArgs(
type="GROUP",
name="groups",
filter_type="REGEX",
filter_value=".*",
)])
test_app_signon_policy = okta.get_app_signon_policy_output(app_id=test_saml.id)
test_user = []
for range in [{"value": i} for i in range(0, 5)]:
test_user.append(okta.user.User(f"testUser-{range['value']}",
first_name="TestAcc",
last_name="Smith",
login=f"testAcc_{range['value']}@example.com",
email=f"testAcc_{range['value']}@example.com"))
this = []
for range in [{"value": i} for i in range(0, 5)]:
this.append(okta.group.Group(f"this-{range['value']}", description=f"testAcc_{range['value']}"))
test_user_type = okta.user.UserType("testUserType",
display_name="Terraform Acceptance Test User Type Updated",
description="Terraform Acceptance Test User Type Updated")
test_zone = okta.network.Zone("testZone",
type="IP",
gateways=[
"1.2.3.4/24",
"2.3.4.5-2.3.4.15",
],
proxies=[
"2.2.3.4/24",
"3.3.4.5-3.3.4.15",
])
default = okta.user.get_user_type(name="user")
test_app_signon_policy_rule = okta.AppSignonPolicyRule("testAppSignonPolicyRule",
policy_id=test_app_signon_policy.id,
access="ALLOW",
custom_expression="user.status == \"ACTIVE\"",
device_is_managed=False,
device_is_registered=True,
factor_mode="2FA",
groups_excludeds=[
this[2].id,
this[3].id,
this[4].id,
],
groups_includeds=[
this[0].id,
this[1].id,
],
network_connection="ZONE",
network_includes=[test_zone.id],
platform_includes=[
okta.AppSignonPolicyRulePlatformIncludeArgs(
os_type="ANDROID",
type="MOBILE",
),
okta.AppSignonPolicyRulePlatformIncludeArgs(
os_type="IOS",
type="MOBILE",
),
okta.AppSignonPolicyRulePlatformIncludeArgs(
os_type="MACOS",
type="DESKTOP",
),
okta.AppSignonPolicyRulePlatformIncludeArgs(
os_type="OTHER",
type="DESKTOP",
),
okta.AppSignonPolicyRulePlatformIncludeArgs(
os_type="OTHER",
type="MOBILE",
),
okta.AppSignonPolicyRulePlatformIncludeArgs(
os_type="WINDOWS",
type="DESKTOP",
),
],
priority=98,
re_authentication_frequency="PT43800H",
type="ASSURANCE",
user_types_excludeds=[test_user_type.id],
user_types_includeds=[default.id],
users_excludeds=[
test_user[2].id,
test_user[3].id,
test_user[4].id,
],
users_includeds=[
test_user[0].id,
test_user[1].id,
],
constraints=[
json.dumps({
"knowledge": {
"reauthenticateIn": "PT2H",
"types": ["password"],
},
"possession": {
"deviceBound": "REQUIRED",
},
}),
json.dumps({
"possession": {
"deviceBound": "REQUIRED",
"hardwareProtection": "REQUIRED",
"userPresence": "OPTIONAL",
},
}),
])
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const testSaml = new okta.app.Saml("testSaml", {
label: "testAcc_replace_with_uuid",
ssoUrl: "https://google.com",
recipient: "https://here.com",
destination: "https://its-about-the-journey.com",
audience: "https://audience.com",
subjectNameIdTemplate: "${user.userName}",
subjectNameIdFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
responseSigned: true,
signatureAlgorithm: "RSA_SHA256",
digestAlgorithm: "SHA256",
honorForceAuthn: false,
authnContextClassRef: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
singleLogoutIssuer: "https://dunshire.okta.com",
singleLogoutUrl: "https://dunshire.okta.com/logout",
singleLogoutCertificate: `MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV
BAgMBU1haW5lMRAwDgYDVQQHDAdDYXJpYm91MRcwFQYDVQQKDA5Tbm93bWFrZXJzIEluYzEUMBIG
A1UECwwLRW5naW5lZXJpbmcxDTALBgNVBAMMBFNub3cxIDAeBgkqhkiG9w0BCQEWEWVtYWlsQGV4
YW1wbGUuY29tMB4XDTIwMTIwMzIyNDY0M1oXDTMwMTIwMTIyNDY0M1owgY8xCzAJBgNVBAYTAlVT
MQ4wDAYDVQQIDAVNYWluZTEQMA4GA1UEBwwHQ2FyaWJvdTEXMBUGA1UECgwOU25vd21ha2VycyBJ
bmMxFDASBgNVBAsMC0VuZ2luZWVyaW5nMQ0wCwYDVQQDDARTbm93MSAwHgYJKoZIhvcNAQkBFhFl
bWFpbEBleGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANMmWDjXPdoa
PyzIENqeY9njLan2FqCbQPSestWUUcb6NhDsJVGSQ7XR+ozQA5TaJzbP7cAJUj8vCcbqMZsgOQAu
O/pzYyQEKptLmrGvPn7xkJ1A1xLkp2NY18cpDTeUPueJUoidZ9EJwEuyUZIktzxNNU1pA1lGijiu
2XNxs9d9JR/hm3tCu9Im8qLVB4JtX80YUa6QtlRjWR/H8a373AYCOASdoB3c57fIPD8ATDNy2w/c
fCVGiyKDMFB+GA/WTsZpOP3iohRp8ltAncSuzypcztb2iE+jijtTsiC9kUA2abAJqqpoCJubNShi
Vff4822czpziS44MV2guC9wANi8u3Uyl5MKsU95j01jzadKRP5S+2f0K+n8n4UoV9fnqZFyuGAKd
CJi9K6NlSAP+TgPe/JP9FOSuxQOHWJfmdLHdJD+evoKi9E55sr5lRFK0xU1Fj5Ld7zjC0pXPhtJf
sgjEZzD433AsHnRzvRT1KSNCPkLYomznZo5n9rWYgCQ8HcytlQDTesmKE+s05E/VSWNtH84XdDrt
ieXwfwhHfaABSu+WjZYxi9CXdFCSvXhsgufUcK4FbYAHl/ga/cJxZc52yFC7Pcq0u9O2BSCjYPdQ
DAHs9dhT1RhwVLM8RmoAzgxyyzau0gxnAlgSBD9FMW6dXqIHIp8yAAg9cRXhYRTNAgMBAAEwDQYJ
KoZIhvcNAQELBQADggIBADofEC1SvG8qa7pmKCjB/E9Sxhk3mvUO9Gq43xzwVb721Ng3VYf4vGU3
wLUwJeLt0wggnj26NJweN5T3q9T8UMxZhHSWvttEU3+S1nArRB0beti716HSlOCDx4wTmBu/D1MG
t/kZYFJw+zuzvAcbYct2pK69AQhD8xAIbQvqADJI7cCK3yRry+aWtppc58P81KYabUlCfFXfhJ9E
P72ffN4jVHpX3lxxYh7FKAdiKbY2FYzjsc7RdgKI1R3iAAZUCGBTvezNzaetGzTUjjl/g1tcVYij
ltH9ZOQBPlUMI88lxUxqgRTerpPmAJH00CACx4JFiZrweLM1trZyy06wNDQgLrqHr3EOagBF/O2h
hfTehNdVr6iq3YhKWBo4/+RL0RCzHMh4u86VbDDnDn4Y6HzLuyIAtBFoikoKM6UHTOa0Pqv2bBr5
wbkRkVUxl9yJJw/HmTCdfnsM9dTOJUKzEglnGF2184Gg+qJDZB6fSf0EAO1F6sTqiSswl+uHQZiy
DaZzyU7Gg5seKOZ20zTRaX3Ihj9Zij/ORnrARE7eM/usKMECp+7syUwAUKxDCZkGiUdskmOhhBGL
JtbyK3F2UvoJoLsm3pIcvMak9KwMjSTGJB47ABUP1+w+zGcNk0D5Co3IJ6QekiLfWJyQ+kKsWLKt
zOYQQatrnBagM7MI2/T4
`,
attributeStatements: [{
type: "GROUP",
name: "groups",
filterType: "REGEX",
filterValue: ".*",
}],
});
const testAppSignonPolicy = okta.getAppSignonPolicyOutput({
appId: testSaml.id,
});
const testUser: okta.user.User[] = [];
for (const range = {value: 0}; range.value < 5; range.value++) {
testUser.push(new okta.user.User(`testUser-${range.value}`, {
firstName: "TestAcc",
lastName: "Smith",
login: `testAcc_${range.value}@example.com`,
email: `testAcc_${range.value}@example.com`,
}));
}
const _this: okta.group.Group[] = [];
for (const range = {value: 0}; range.value < 5; range.value++) {
_this.push(new okta.group.Group(`this-${range.value}`, {description: `testAcc_${range.value}`}));
}
const testUserType = new okta.user.UserType("testUserType", {
displayName: "Terraform Acceptance Test User Type Updated",
description: "Terraform Acceptance Test User Type Updated",
});
const testZone = new okta.network.Zone("testZone", {
type: "IP",
gateways: [
"1.2.3.4/24",
"2.3.4.5-2.3.4.15",
],
proxies: [
"2.2.3.4/24",
"3.3.4.5-3.3.4.15",
],
});
const default = okta.user.getUserType({
name: "user",
});
const testAppSignonPolicyRule = new okta.AppSignonPolicyRule("testAppSignonPolicyRule", {
policyId: testAppSignonPolicy.apply(testAppSignonPolicy => testAppSignonPolicy.id),
access: "ALLOW",
customExpression: "user.status == \"ACTIVE\"",
deviceIsManaged: false,
deviceIsRegistered: true,
factorMode: "2FA",
groupsExcludeds: [
_this[2].id,
_this[3].id,
_this[4].id,
],
groupsIncludeds: [
_this[0].id,
_this[1].id,
],
networkConnection: "ZONE",
networkIncludes: [testZone.id],
platformIncludes: [
{
osType: "ANDROID",
type: "MOBILE",
},
{
osType: "IOS",
type: "MOBILE",
},
{
osType: "MACOS",
type: "DESKTOP",
},
{
osType: "OTHER",
type: "DESKTOP",
},
{
osType: "OTHER",
type: "MOBILE",
},
{
osType: "WINDOWS",
type: "DESKTOP",
},
],
priority: 98,
reAuthenticationFrequency: "PT43800H",
type: "ASSURANCE",
userTypesExcludeds: [testUserType.id],
userTypesIncludeds: [_default.then(_default => _default.id)],
usersExcludeds: [
testUser[2].id,
testUser[3].id,
testUser[4].id,
],
usersIncludeds: [
testUser[0].id,
testUser[1].id,
],
constraints: [
JSON.stringify({
knowledge: {
reauthenticateIn: "PT2H",
types: ["password"],
},
possession: {
deviceBound: "REQUIRED",
},
}),
JSON.stringify({
possession: {
deviceBound: "REQUIRED",
hardwareProtection: "REQUIRED",
userPresence: "OPTIONAL",
},
}),
],
});
resources:
testSaml:
type: okta:app:Saml
properties:
label: testAcc_replace_with_uuid
ssoUrl: https://google.com
recipient: https://here.com
destination: https://its-about-the-journey.com
audience: https://audience.com
subjectNameIdTemplate: ${user.userName}
subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
responseSigned: true
signatureAlgorithm: RSA_SHA256
digestAlgorithm: SHA256
honorForceAuthn: false
authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
singleLogoutIssuer: https://dunshire.okta.com
singleLogoutUrl: https://dunshire.okta.com/logout
singleLogoutCertificate: "MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV\r\nBAgMBU1haW5lMRAwDgYDVQQHDAdDYXJpYm91MRcwFQYDVQQKDA5Tbm93bWFrZXJzIEluYzEUMBIG\r\nA1UECwwLRW5naW5lZXJpbmcxDTALBgNVBAMMBFNub3cxIDAeBgkqhkiG9w0BCQEWEWVtYWlsQGV4\r\nYW1wbGUuY29tMB4XDTIwMTIwMzIyNDY0M1oXDTMwMTIwMTIyNDY0M1owgY8xCzAJBgNVBAYTAlVT\r\nMQ4wDAYDVQQIDAVNYWluZTEQMA4GA1UEBwwHQ2FyaWJvdTEXMBUGA1UECgwOU25vd21ha2VycyBJ\r\nbmMxFDASBgNVBAsMC0VuZ2luZWVyaW5nMQ0wCwYDVQQDDARTbm93MSAwHgYJKoZIhvcNAQkBFhFl\r\nbWFpbEBleGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANMmWDjXPdoa\r\nPyzIENqeY9njLan2FqCbQPSestWUUcb6NhDsJVGSQ7XR+ozQA5TaJzbP7cAJUj8vCcbqMZsgOQAu\r\nO/pzYyQEKptLmrGvPn7xkJ1A1xLkp2NY18cpDTeUPueJUoidZ9EJwEuyUZIktzxNNU1pA1lGijiu\r\n2XNxs9d9JR/hm3tCu9Im8qLVB4JtX80YUa6QtlRjWR/H8a373AYCOASdoB3c57fIPD8ATDNy2w/c\r\nfCVGiyKDMFB+GA/WTsZpOP3iohRp8ltAncSuzypcztb2iE+jijtTsiC9kUA2abAJqqpoCJubNShi\r\nVff4822czpziS44MV2guC9wANi8u3Uyl5MKsU95j01jzadKRP5S+2f0K+n8n4UoV9fnqZFyuGAKd\r\nCJi9K6NlSAP+TgPe/JP9FOSuxQOHWJfmdLHdJD+evoKi9E55sr5lRFK0xU1Fj5Ld7zjC0pXPhtJf\r\nsgjEZzD433AsHnRzvRT1KSNCPkLYomznZo5n9rWYgCQ8HcytlQDTesmKE+s05E/VSWNtH84XdDrt\r\nieXwfwhHfaABSu+WjZYxi9CXdFCSvXhsgufUcK4FbYAHl/ga/cJxZc52yFC7Pcq0u9O2BSCjYPdQ\r\nDAHs9dhT1RhwVLM8RmoAzgxyyzau0gxnAlgSBD9FMW6dXqIHIp8yAAg9cRXhYRTNAgMBAAEwDQYJ\r\nKoZIhvcNAQELBQADggIBADofEC1SvG8qa7pmKCjB/E9Sxhk3mvUO9Gq43xzwVb721Ng3VYf4vGU3\r\nwLUwJeLt0wggnj26NJweN5T3q9T8UMxZhHSWvttEU3+S1nArRB0beti716HSlOCDx4wTmBu/D1MG\r\nt/kZYFJw+zuzvAcbYct2pK69AQhD8xAIbQvqADJI7cCK3yRry+aWtppc58P81KYabUlCfFXfhJ9E\r\nP72ffN4jVHpX3lxxYh7FKAdiKbY2FYzjsc7RdgKI1R3iAAZUCGBTvezNzaetGzTUjjl/g1tcVYij\r\nltH9ZOQBPlUMI88lxUxqgRTerpPmAJH00CACx4JFiZrweLM1trZyy06wNDQgLrqHr3EOagBF/O2h\r\nhfTehNdVr6iq3YhKWBo4/+RL0RCzHMh4u86VbDDnDn4Y6HzLuyIAtBFoikoKM6UHTOa0Pqv2bBr5\r\nwbkRkVUxl9yJJw/HmTCdfnsM9dTOJUKzEglnGF2184Gg+qJDZB6fSf0EAO1F6sTqiSswl+uHQZiy\r\nDaZzyU7Gg5seKOZ20zTRaX3Ihj9Zij/ORnrARE7eM/usKMECp+7syUwAUKxDCZkGiUdskmOhhBGL\r\nJtbyK3F2UvoJoLsm3pIcvMak9KwMjSTGJB47ABUP1+w+zGcNk0D5Co3IJ6QekiLfWJyQ+kKsWLKt\r\nzOYQQatrnBagM7MI2/T4\r\n"
attributeStatements:
- type: GROUP
name: groups
filterType: REGEX
filterValue: .*
testUser:
type: okta:user:User
properties:
firstName: TestAcc
lastName: Smith
login: testAcc_${range.value}@example.com
email: testAcc_${range.value}@example.com
options: {}
this:
type: okta:group:Group
properties:
description: testAcc_${range.value}
options: {}
testUserType:
type: okta:user:UserType
properties:
displayName: Terraform Acceptance Test User Type Updated
description: Terraform Acceptance Test User Type Updated
testZone:
type: okta:network:Zone
properties:
type: IP
gateways:
- 1.2.3.4/24
- 2.3.4.5-2.3.4.15
proxies:
- 2.2.3.4/24
- 3.3.4.5-3.3.4.15
testAppSignonPolicyRule:
type: okta:AppSignonPolicyRule
properties:
policyId: ${testAppSignonPolicy.id}
access: ALLOW
customExpression: user.status == "ACTIVE"
deviceIsManaged: false
deviceIsRegistered: true
factorMode: 2FA
groupsExcludeds:
- ${this[2].id}
- ${this[3].id}
- ${this[4].id}
groupsIncludeds:
- ${this[0].id}
- ${this[1].id}
networkConnection: ZONE
networkIncludes:
- ${testZone.id}
platformIncludes:
- osType: ANDROID
type: MOBILE
- osType: IOS
type: MOBILE
- osType: MACOS
type: DESKTOP
- osType: OTHER
type: DESKTOP
- osType: OTHER
type: MOBILE
- osType: WINDOWS
type: DESKTOP
priority: 98
reAuthenticationFrequency: PT43800H
type: ASSURANCE
userTypesExcludeds:
- ${testUserType.id}
userTypesIncludeds:
- ${default.id}
usersExcludeds:
- ${testUser[2].id}
- ${testUser[3].id}
- ${testUser[4].id}
usersIncludeds:
- ${testUser[0].id}
- ${testUser[1].id}
constraints:
- fn::toJSON:
knowledge:
reauthenticateIn: PT2H
types:
- password
possession:
deviceBound: REQUIRED
- fn::toJSON:
possession:
deviceBound: REQUIRED
hardwareProtection: REQUIRED
userPresence: OPTIONAL
variables:
testAppSignonPolicy:
fn::invoke:
Function: okta:getAppSignonPolicy
Arguments:
appId: ${testSaml.id}
default:
fn::invoke:
Function: okta:user:getUserType
Arguments:
name: user
Create AppSignonPolicyRule Resource
new AppSignonPolicyRule(name: string, args: AppSignonPolicyRuleArgs, opts?: CustomResourceOptions);
@overload
def AppSignonPolicyRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
access: Optional[str] = None,
constraints: Optional[Sequence[str]] = None,
custom_expression: Optional[str] = None,
device_is_managed: Optional[bool] = None,
device_is_registered: Optional[bool] = None,
factor_mode: Optional[str] = None,
groups_excludeds: Optional[Sequence[str]] = None,
groups_includeds: Optional[Sequence[str]] = None,
inactivity_period: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
platform_includes: Optional[Sequence[AppSignonPolicyRulePlatformIncludeArgs]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
re_authentication_frequency: Optional[str] = None,
status: Optional[str] = None,
type: Optional[str] = None,
user_types_excludeds: Optional[Sequence[str]] = None,
user_types_includeds: Optional[Sequence[str]] = None,
users_excludeds: Optional[Sequence[str]] = None,
users_includeds: Optional[Sequence[str]] = None)
@overload
def AppSignonPolicyRule(resource_name: str,
args: AppSignonPolicyRuleArgs,
opts: Optional[ResourceOptions] = None)
func NewAppSignonPolicyRule(ctx *Context, name string, args AppSignonPolicyRuleArgs, opts ...ResourceOption) (*AppSignonPolicyRule, error)
public AppSignonPolicyRule(string name, AppSignonPolicyRuleArgs args, CustomResourceOptions? opts = null)
public AppSignonPolicyRule(String name, AppSignonPolicyRuleArgs args)
public AppSignonPolicyRule(String name, AppSignonPolicyRuleArgs args, CustomResourceOptions options)
type: okta:AppSignonPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AppSignonPolicyRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AppSignonPolicyRule resource accepts the following input properties:
- Policy
Id string ID of the app sign-on policy.
- Access string
Allow or deny access based on the rule conditions. It can be set to
"ALLOW"
or"DENY"
. Default is"ALLOW"
.- Constraints List<string>
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class. Each element should be in JSON format.
- Custom
Expression string This is an advanced optional setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- Device
Is boolManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed,
device_is_registered
must also be included and must be set totrue
.- Device
Is boolRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device. Can only be set to
true
.- Factor
Mode string The number of factors required to satisfy this assurance level. It can be set to
"1FA"
or"2FA"
. Default is"2FA"
.- Groups
Excludeds List<string> List of groups IDs to be excluded.
- Groups
Includeds List<string> List of groups IDs to be included.
- Inactivity
Period string The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals. Default is
"PT1H"
.- Name string
Name of the policy rule.
- Network
Connection string Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
.- Network
Excludes List<string> List of network zones IDs to exclude. Conflicts with
network_includes
.- Network
Includes List<string> List of network zones IDs to include. Conflicts with
network_excludes
.- Platform
Includes List<AppSignon Policy Rule Platform Include Args> List of particular platforms or devices to match on.
- Priority int
Priority of the rule.
- Re
Authentication stringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals.
"PT0S"
- every sign-in attempt,"PT43800H"
- once per session. Default is"PT2H"
.- Status string
Status of the rule
- Type string
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.- User
Types List<string>Excludeds List of user types IDs to be excluded.
- User
Types List<string>Includeds List of user types IDs to be included.
- Users
Excludeds List<string> List of users IDs to be excluded.
- Users
Includeds List<string> List of users IDs to be included.
- Policy
Id string ID of the app sign-on policy.
- Access string
Allow or deny access based on the rule conditions. It can be set to
"ALLOW"
or"DENY"
. Default is"ALLOW"
.- Constraints []string
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class. Each element should be in JSON format.
- Custom
Expression string This is an advanced optional setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- Device
Is boolManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed,
device_is_registered
must also be included and must be set totrue
.- Device
Is boolRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device. Can only be set to
true
.- Factor
Mode string The number of factors required to satisfy this assurance level. It can be set to
"1FA"
or"2FA"
. Default is"2FA"
.- Groups
Excludeds []string List of groups IDs to be excluded.
- Groups
Includeds []string List of groups IDs to be included.
- Inactivity
Period string The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals. Default is
"PT1H"
.- Name string
Name of the policy rule.
- Network
Connection string Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
.- Network
Excludes []string List of network zones IDs to exclude. Conflicts with
network_includes
.- Network
Includes []string List of network zones IDs to include. Conflicts with
network_excludes
.- Platform
Includes []AppSignon Policy Rule Platform Include Args List of particular platforms or devices to match on.
- Priority int
Priority of the rule.
- Re
Authentication stringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals.
"PT0S"
- every sign-in attempt,"PT43800H"
- once per session. Default is"PT2H"
.- Status string
Status of the rule
- Type string
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.- User
Types []stringExcludeds List of user types IDs to be excluded.
- User
Types []stringIncludeds List of user types IDs to be included.
- Users
Excludeds []string List of users IDs to be excluded.
- Users
Includeds []string List of users IDs to be included.
- policy
Id String ID of the app sign-on policy.
- access String
Allow or deny access based on the rule conditions. It can be set to
"ALLOW"
or"DENY"
. Default is"ALLOW"
.- constraints List<String>
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class. Each element should be in JSON format.
- custom
Expression String This is an advanced optional setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Is BooleanManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed,
device_is_registered
must also be included and must be set totrue
.- device
Is BooleanRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device. Can only be set to
true
.- factor
Mode String The number of factors required to satisfy this assurance level. It can be set to
"1FA"
or"2FA"
. Default is"2FA"
.- groups
Excludeds List<String> List of groups IDs to be excluded.
- groups
Includeds List<String> List of groups IDs to be included.
- inactivity
Period String The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals. Default is
"PT1H"
.- name String
Name of the policy rule.
- network
Connection String Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
.- network
Excludes List<String> List of network zones IDs to exclude. Conflicts with
network_includes
.- network
Includes List<String> List of network zones IDs to include. Conflicts with
network_excludes
.- platform
Includes List<AppSignon Policy Rule Platform Include Args> List of particular platforms or devices to match on.
- priority Integer
Priority of the rule.
- re
Authentication StringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals.
"PT0S"
- every sign-in attempt,"PT43800H"
- once per session. Default is"PT2H"
.- status String
Status of the rule
- type String
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.- user
Types List<String>Excludeds List of user types IDs to be excluded.
- user
Types List<String>Includeds List of user types IDs to be included.
- users
Excludeds List<String> List of users IDs to be excluded.
- users
Includeds List<String> List of users IDs to be included.
- policy
Id string ID of the app sign-on policy.
- access string
Allow or deny access based on the rule conditions. It can be set to
"ALLOW"
or"DENY"
. Default is"ALLOW"
.- constraints string[]
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class. Each element should be in JSON format.
- custom
Expression string This is an advanced optional setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Is booleanManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed,
device_is_registered
must also be included and must be set totrue
.- device
Is booleanRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device. Can only be set to
true
.- factor
Mode string The number of factors required to satisfy this assurance level. It can be set to
"1FA"
or"2FA"
. Default is"2FA"
.- groups
Excludeds string[] List of groups IDs to be excluded.
- groups
Includeds string[] List of groups IDs to be included.
- inactivity
Period string The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals. Default is
"PT1H"
.- name string
Name of the policy rule.
- network
Connection string Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
.- network
Excludes string[] List of network zones IDs to exclude. Conflicts with
network_includes
.- network
Includes string[] List of network zones IDs to include. Conflicts with
network_excludes
.- platform
Includes AppSignon Policy Rule Platform Include Args[] List of particular platforms or devices to match on.
- priority number
Priority of the rule.
- re
Authentication stringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals.
"PT0S"
- every sign-in attempt,"PT43800H"
- once per session. Default is"PT2H"
.- status string
Status of the rule
- type string
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.- user
Types string[]Excludeds List of user types IDs to be excluded.
- user
Types string[]Includeds List of user types IDs to be included.
- users
Excludeds string[] List of users IDs to be excluded.
- users
Includeds string[] List of users IDs to be included.
- policy_
id str ID of the app sign-on policy.
- access str
Allow or deny access based on the rule conditions. It can be set to
"ALLOW"
or"DENY"
. Default is"ALLOW"
.- constraints Sequence[str]
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class. Each element should be in JSON format.
- custom_
expression str This is an advanced optional setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device_
is_ boolmanaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed,
device_is_registered
must also be included and must be set totrue
.- device_
is_ boolregistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device. Can only be set to
true
.- factor_
mode str The number of factors required to satisfy this assurance level. It can be set to
"1FA"
or"2FA"
. Default is"2FA"
.- groups_
excludeds Sequence[str] List of groups IDs to be excluded.
- groups_
includeds Sequence[str] List of groups IDs to be included.
- inactivity_
period str The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals. Default is
"PT1H"
.- name str
Name of the policy rule.
- network_
connection str Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
.- network_
excludes Sequence[str] List of network zones IDs to exclude. Conflicts with
network_includes
.- network_
includes Sequence[str] List of network zones IDs to include. Conflicts with
network_excludes
.- platform_
includes Sequence[AppSignon Policy Rule Platform Include Args] List of particular platforms or devices to match on.
- priority int
Priority of the rule.
- re_
authentication_ strfrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals.
"PT0S"
- every sign-in attempt,"PT43800H"
- once per session. Default is"PT2H"
.- status str
Status of the rule
- type str
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.- user_
types_ Sequence[str]excludeds List of user types IDs to be excluded.
- user_
types_ Sequence[str]includeds List of user types IDs to be included.
- users_
excludeds Sequence[str] List of users IDs to be excluded.
- users_
includeds Sequence[str] List of users IDs to be included.
- policy
Id String ID of the app sign-on policy.
- access String
Allow or deny access based on the rule conditions. It can be set to
"ALLOW"
or"DENY"
. Default is"ALLOW"
.- constraints List<String>
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class. Each element should be in JSON format.
- custom
Expression String This is an advanced optional setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Is BooleanManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed,
device_is_registered
must also be included and must be set totrue
.- device
Is BooleanRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device. Can only be set to
true
.- factor
Mode String The number of factors required to satisfy this assurance level. It can be set to
"1FA"
or"2FA"
. Default is"2FA"
.- groups
Excludeds List<String> List of groups IDs to be excluded.
- groups
Includeds List<String> List of groups IDs to be included.
- inactivity
Period String The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals. Default is
"PT1H"
.- name String
Name of the policy rule.
- network
Connection String Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
.- network
Excludes List<String> List of network zones IDs to exclude. Conflicts with
network_includes
.- network
Includes List<String> List of network zones IDs to include. Conflicts with
network_excludes
.- platform
Includes List<Property Map> List of particular platforms or devices to match on.
- priority Number
Priority of the rule.
- re
Authentication StringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals.
"PT0S"
- every sign-in attempt,"PT43800H"
- once per session. Default is"PT2H"
.- status String
Status of the rule
- type String
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.- user
Types List<String>Excludeds List of user types IDs to be excluded.
- user
Types List<String>Includeds List of user types IDs to be included.
- users
Excludeds List<String> List of users IDs to be excluded.
- users
Includeds List<String> List of users IDs to be included.
Outputs
All input properties are implicitly available as output properties. Additionally, the AppSignonPolicyRule resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing AppSignonPolicyRule Resource
Get an existing AppSignonPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AppSignonPolicyRuleState, opts?: CustomResourceOptions): AppSignonPolicyRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access: Optional[str] = None,
constraints: Optional[Sequence[str]] = None,
custom_expression: Optional[str] = None,
device_is_managed: Optional[bool] = None,
device_is_registered: Optional[bool] = None,
factor_mode: Optional[str] = None,
groups_excludeds: Optional[Sequence[str]] = None,
groups_includeds: Optional[Sequence[str]] = None,
inactivity_period: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
platform_includes: Optional[Sequence[AppSignonPolicyRulePlatformIncludeArgs]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
re_authentication_frequency: Optional[str] = None,
status: Optional[str] = None,
type: Optional[str] = None,
user_types_excludeds: Optional[Sequence[str]] = None,
user_types_includeds: Optional[Sequence[str]] = None,
users_excludeds: Optional[Sequence[str]] = None,
users_includeds: Optional[Sequence[str]] = None) -> AppSignonPolicyRule
func GetAppSignonPolicyRule(ctx *Context, name string, id IDInput, state *AppSignonPolicyRuleState, opts ...ResourceOption) (*AppSignonPolicyRule, error)
public static AppSignonPolicyRule Get(string name, Input<string> id, AppSignonPolicyRuleState? state, CustomResourceOptions? opts = null)
public static AppSignonPolicyRule get(String name, Output<String> id, AppSignonPolicyRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access string
Allow or deny access based on the rule conditions. It can be set to
"ALLOW"
or"DENY"
. Default is"ALLOW"
.- Constraints List<string>
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class. Each element should be in JSON format.
- Custom
Expression string This is an advanced optional setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- Device
Is boolManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed,
device_is_registered
must also be included and must be set totrue
.- Device
Is boolRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device. Can only be set to
true
.- Factor
Mode string The number of factors required to satisfy this assurance level. It can be set to
"1FA"
or"2FA"
. Default is"2FA"
.- Groups
Excludeds List<string> List of groups IDs to be excluded.
- Groups
Includeds List<string> List of groups IDs to be included.
- Inactivity
Period string The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals. Default is
"PT1H"
.- Name string
Name of the policy rule.
- Network
Connection string Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
.- Network
Excludes List<string> List of network zones IDs to exclude. Conflicts with
network_includes
.- Network
Includes List<string> List of network zones IDs to include. Conflicts with
network_excludes
.- Platform
Includes List<AppSignon Policy Rule Platform Include Args> List of particular platforms or devices to match on.
- Policy
Id string ID of the app sign-on policy.
- Priority int
Priority of the rule.
- Re
Authentication stringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals.
"PT0S"
- every sign-in attempt,"PT43800H"
- once per session. Default is"PT2H"
.- Status string
Status of the rule
- Type string
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.- User
Types List<string>Excludeds List of user types IDs to be excluded.
- User
Types List<string>Includeds List of user types IDs to be included.
- Users
Excludeds List<string> List of users IDs to be excluded.
- Users
Includeds List<string> List of users IDs to be included.
- Access string
Allow or deny access based on the rule conditions. It can be set to
"ALLOW"
or"DENY"
. Default is"ALLOW"
.- Constraints []string
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class. Each element should be in JSON format.
- Custom
Expression string This is an advanced optional setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- Device
Is boolManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed,
device_is_registered
must also be included and must be set totrue
.- Device
Is boolRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device. Can only be set to
true
.- Factor
Mode string The number of factors required to satisfy this assurance level. It can be set to
"1FA"
or"2FA"
. Default is"2FA"
.- Groups
Excludeds []string List of groups IDs to be excluded.
- Groups
Includeds []string List of groups IDs to be included.
- Inactivity
Period string The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals. Default is
"PT1H"
.- Name string
Name of the policy rule.
- Network
Connection string Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
.- Network
Excludes []string List of network zones IDs to exclude. Conflicts with
network_includes
.- Network
Includes []string List of network zones IDs to include. Conflicts with
network_excludes
.- Platform
Includes []AppSignon Policy Rule Platform Include Args List of particular platforms or devices to match on.
- Policy
Id string ID of the app sign-on policy.
- Priority int
Priority of the rule.
- Re
Authentication stringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals.
"PT0S"
- every sign-in attempt,"PT43800H"
- once per session. Default is"PT2H"
.- Status string
Status of the rule
- Type string
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.- User
Types []stringExcludeds List of user types IDs to be excluded.
- User
Types []stringIncludeds List of user types IDs to be included.
- Users
Excludeds []string List of users IDs to be excluded.
- Users
Includeds []string List of users IDs to be included.
- access String
Allow or deny access based on the rule conditions. It can be set to
"ALLOW"
or"DENY"
. Default is"ALLOW"
.- constraints List<String>
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class. Each element should be in JSON format.
- custom
Expression String This is an advanced optional setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Is BooleanManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed,
device_is_registered
must also be included and must be set totrue
.- device
Is BooleanRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device. Can only be set to
true
.- factor
Mode String The number of factors required to satisfy this assurance level. It can be set to
"1FA"
or"2FA"
. Default is"2FA"
.- groups
Excludeds List<String> List of groups IDs to be excluded.
- groups
Includeds List<String> List of groups IDs to be included.
- inactivity
Period String The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals. Default is
"PT1H"
.- name String
Name of the policy rule.
- network
Connection String Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
.- network
Excludes List<String> List of network zones IDs to exclude. Conflicts with
network_includes
.- network
Includes List<String> List of network zones IDs to include. Conflicts with
network_excludes
.- platform
Includes List<AppSignon Policy Rule Platform Include Args> List of particular platforms or devices to match on.
- policy
Id String ID of the app sign-on policy.
- priority Integer
Priority of the rule.
- re
Authentication StringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals.
"PT0S"
- every sign-in attempt,"PT43800H"
- once per session. Default is"PT2H"
.- status String
Status of the rule
- type String
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.- user
Types List<String>Excludeds List of user types IDs to be excluded.
- user
Types List<String>Includeds List of user types IDs to be included.
- users
Excludeds List<String> List of users IDs to be excluded.
- users
Includeds List<String> List of users IDs to be included.
- access string
Allow or deny access based on the rule conditions. It can be set to
"ALLOW"
or"DENY"
. Default is"ALLOW"
.- constraints string[]
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class. Each element should be in JSON format.
- custom
Expression string This is an advanced optional setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Is booleanManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed,
device_is_registered
must also be included and must be set totrue
.- device
Is booleanRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device. Can only be set to
true
.- factor
Mode string The number of factors required to satisfy this assurance level. It can be set to
"1FA"
or"2FA"
. Default is"2FA"
.- groups
Excludeds string[] List of groups IDs to be excluded.
- groups
Includeds string[] List of groups IDs to be included.
- inactivity
Period string The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals. Default is
"PT1H"
.- name string
Name of the policy rule.
- network
Connection string Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
.- network
Excludes string[] List of network zones IDs to exclude. Conflicts with
network_includes
.- network
Includes string[] List of network zones IDs to include. Conflicts with
network_excludes
.- platform
Includes AppSignon Policy Rule Platform Include Args[] List of particular platforms or devices to match on.
- policy
Id string ID of the app sign-on policy.
- priority number
Priority of the rule.
- re
Authentication stringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals.
"PT0S"
- every sign-in attempt,"PT43800H"
- once per session. Default is"PT2H"
.- status string
Status of the rule
- type string
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.- user
Types string[]Excludeds List of user types IDs to be excluded.
- user
Types string[]Includeds List of user types IDs to be included.
- users
Excludeds string[] List of users IDs to be excluded.
- users
Includeds string[] List of users IDs to be included.
- access str
Allow or deny access based on the rule conditions. It can be set to
"ALLOW"
or"DENY"
. Default is"ALLOW"
.- constraints Sequence[str]
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class. Each element should be in JSON format.
- custom_
expression str This is an advanced optional setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device_
is_ boolmanaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed,
device_is_registered
must also be included and must be set totrue
.- device_
is_ boolregistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device. Can only be set to
true
.- factor_
mode str The number of factors required to satisfy this assurance level. It can be set to
"1FA"
or"2FA"
. Default is"2FA"
.- groups_
excludeds Sequence[str] List of groups IDs to be excluded.
- groups_
includeds Sequence[str] List of groups IDs to be included.
- inactivity_
period str The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals. Default is
"PT1H"
.- name str
Name of the policy rule.
- network_
connection str Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
.- network_
excludes Sequence[str] List of network zones IDs to exclude. Conflicts with
network_includes
.- network_
includes Sequence[str] List of network zones IDs to include. Conflicts with
network_excludes
.- platform_
includes Sequence[AppSignon Policy Rule Platform Include Args] List of particular platforms or devices to match on.
- policy_
id str ID of the app sign-on policy.
- priority int
Priority of the rule.
- re_
authentication_ strfrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals.
"PT0S"
- every sign-in attempt,"PT43800H"
- once per session. Default is"PT2H"
.- status str
Status of the rule
- type str
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.- user_
types_ Sequence[str]excludeds List of user types IDs to be excluded.
- user_
types_ Sequence[str]includeds List of user types IDs to be included.
- users_
excludeds Sequence[str] List of users IDs to be excluded.
- users_
includeds Sequence[str] List of users IDs to be included.
- access String
Allow or deny access based on the rule conditions. It can be set to
"ALLOW"
or"DENY"
. Default is"ALLOW"
.- constraints List<String>
An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class. Each element should be in JSON format.
- custom
Expression String This is an advanced optional setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Is BooleanManaged If the device is managed. A device is managed if it's managed by a device management system. When managed is passed,
device_is_registered
must also be included and must be set totrue
.- device
Is BooleanRegistered If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device. Can only be set to
true
.- factor
Mode String The number of factors required to satisfy this assurance level. It can be set to
"1FA"
or"2FA"
. Default is"2FA"
.- groups
Excludeds List<String> List of groups IDs to be excluded.
- groups
Includeds List<String> List of groups IDs to be included.
- inactivity
Period String The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals. Default is
"PT1H"
.- name String
Name of the policy rule.
- network
Connection String Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
.- network
Excludes List<String> List of network zones IDs to exclude. Conflicts with
network_includes
.- network
Includes List<String> List of network zones IDs to include. Conflicts with
network_excludes
.- platform
Includes List<Property Map> List of particular platforms or devices to match on.
- policy
Id String ID of the app sign-on policy.
- priority Number
Priority of the rule.
- re
Authentication StringFrequency The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals.
"PT0S"
- every sign-in attempt,"PT43800H"
- once per session. Default is"PT2H"
.- status String
Status of the rule
- type String
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.- user
Types List<String>Excludeds List of user types IDs to be excluded.
- user
Types List<String>Includeds List of user types IDs to be included.
- users
Excludeds List<String> List of users IDs to be excluded.
- users
Includeds List<String> List of users IDs to be included.
Supporting Types
AppSignonPolicyRulePlatformInclude
- Os
Expression string Only available when using
os_type = "OTHER"
- Os
Type string One of:
"ANY"
,"IOS"
,"WINDOWS"
,"ANDROID"
,"OTHER"
,"OSX"
,"MACOS"
- Type string
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.
- Os
Expression string Only available when using
os_type = "OTHER"
- Os
Type string One of:
"ANY"
,"IOS"
,"WINDOWS"
,"ANDROID"
,"OTHER"
,"OSX"
,"MACOS"
- Type string
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.
- os
Expression String Only available when using
os_type = "OTHER"
- os
Type String One of:
"ANY"
,"IOS"
,"WINDOWS"
,"ANDROID"
,"OTHER"
,"OSX"
,"MACOS"
- type String
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.
- os
Expression string Only available when using
os_type = "OTHER"
- os
Type string One of:
"ANY"
,"IOS"
,"WINDOWS"
,"ANDROID"
,"OTHER"
,"OSX"
,"MACOS"
- type string
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.
- os_
expression str Only available when using
os_type = "OTHER"
- os_
type str One of:
"ANY"
,"IOS"
,"WINDOWS"
,"ANDROID"
,"OTHER"
,"OSX"
,"MACOS"
- type str
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.
- os
Expression String Only available when using
os_type = "OTHER"
- os
Type String One of:
"ANY"
,"IOS"
,"WINDOWS"
,"ANDROID"
,"OTHER"
,"OSX"
,"MACOS"
- type String
The Verification Method type. It can be set to
"ASSURANCE"
. Default is"ASSURANCE"
.
Import
Okta app sign-on policy rule can be imported via the Okta ID.
$ pulumi import okta:index/appSignonPolicyRule:AppSignonPolicyRule example <policy_id>/<rule_id>
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
okta
Terraform Provider.