1. Packages
  2. Okta
  3. API Docs
  4. AppSignonPolicyRule
Okta v4.6.2 published on Thursday, Nov 30, 2023 by Pulumi

okta.AppSignonPolicyRule

Explore with Pulumi AI

okta logo
Okta v4.6.2 published on Thursday, Nov 30, 2023 by Pulumi

    Create AppSignonPolicyRule Resource

    new AppSignonPolicyRule(name: string, args: AppSignonPolicyRuleArgs, opts?: CustomResourceOptions);
    @overload
    def AppSignonPolicyRule(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            access: Optional[str] = None,
                            constraints: Optional[Sequence[str]] = None,
                            custom_expression: Optional[str] = None,
                            device_assurances_includeds: Optional[Sequence[str]] = None,
                            device_is_managed: Optional[bool] = None,
                            device_is_registered: Optional[bool] = None,
                            factor_mode: Optional[str] = None,
                            groups_excludeds: Optional[Sequence[str]] = None,
                            groups_includeds: Optional[Sequence[str]] = None,
                            inactivity_period: Optional[str] = None,
                            name: Optional[str] = None,
                            network_connection: Optional[str] = None,
                            network_excludes: Optional[Sequence[str]] = None,
                            network_includes: Optional[Sequence[str]] = None,
                            platform_includes: Optional[Sequence[AppSignonPolicyRulePlatformIncludeArgs]] = None,
                            policy_id: Optional[str] = None,
                            priority: Optional[int] = None,
                            re_authentication_frequency: Optional[str] = None,
                            risk_score: Optional[str] = None,
                            status: Optional[str] = None,
                            type: Optional[str] = None,
                            user_types_excludeds: Optional[Sequence[str]] = None,
                            user_types_includeds: Optional[Sequence[str]] = None,
                            users_excludeds: Optional[Sequence[str]] = None,
                            users_includeds: Optional[Sequence[str]] = None)
    @overload
    def AppSignonPolicyRule(resource_name: str,
                            args: AppSignonPolicyRuleArgs,
                            opts: Optional[ResourceOptions] = None)
    func NewAppSignonPolicyRule(ctx *Context, name string, args AppSignonPolicyRuleArgs, opts ...ResourceOption) (*AppSignonPolicyRule, error)
    public AppSignonPolicyRule(string name, AppSignonPolicyRuleArgs args, CustomResourceOptions? opts = null)
    public AppSignonPolicyRule(String name, AppSignonPolicyRuleArgs args)
    public AppSignonPolicyRule(String name, AppSignonPolicyRuleArgs args, CustomResourceOptions options)
    
    type: okta:AppSignonPolicyRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AppSignonPolicyRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AppSignonPolicyRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AppSignonPolicyRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AppSignonPolicyRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AppSignonPolicyRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AppSignonPolicyRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AppSignonPolicyRule resource accepts the following input properties:

    PolicyId string

    ID of the policy

    Access string

    Allow or deny access based on the rule conditions: ALLOW or DENY

    Constraints List<string>

    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class

    CustomExpression string

    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.

    DeviceAssurancesIncludeds List<string>

    List of device assurance IDs to include

    DeviceIsManaged bool

    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.

    DeviceIsRegistered bool

    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.

    FactorMode string

    The number of factors required to satisfy this assurance level

    GroupsExcludeds List<string>

    List of group IDs to exclude

    GroupsIncludeds List<string>

    List of group IDs to include

    InactivityPeriod string

    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.

    Name string

    Policy Rule Name

    NetworkConnection string

    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.

    NetworkExcludes List<string>

    The zones to exclude

    NetworkIncludes List<string>

    The zones to include

    PlatformIncludes List<AppSignonPolicyRulePlatformInclude>
    Priority int

    Priority of the rule.

    ReAuthenticationFrequency string

    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session

    RiskScore string

    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH

    Status string

    Status of the rule

    Type string

    The Verification Method type

    UserTypesExcludeds List<string>

    Set of User Type IDs to exclude

    UserTypesIncludeds List<string>

    Set of User Type IDs to include

    UsersExcludeds List<string>

    Set of User IDs to exclude

    UsersIncludeds List<string>

    Set of User IDs to include

    PolicyId string

    ID of the policy

    Access string

    Allow or deny access based on the rule conditions: ALLOW or DENY

    Constraints []string

    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class

    CustomExpression string

    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.

    DeviceAssurancesIncludeds []string

    List of device assurance IDs to include

    DeviceIsManaged bool

    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.

    DeviceIsRegistered bool

    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.

    FactorMode string

    The number of factors required to satisfy this assurance level

    GroupsExcludeds []string

    List of group IDs to exclude

    GroupsIncludeds []string

    List of group IDs to include

    InactivityPeriod string

    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.

    Name string

    Policy Rule Name

    NetworkConnection string

    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.

    NetworkExcludes []string

    The zones to exclude

    NetworkIncludes []string

    The zones to include

    PlatformIncludes []AppSignonPolicyRulePlatformIncludeArgs
    Priority int

    Priority of the rule.

    ReAuthenticationFrequency string

    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session

    RiskScore string

    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH

    Status string

    Status of the rule

    Type string

    The Verification Method type

    UserTypesExcludeds []string

    Set of User Type IDs to exclude

    UserTypesIncludeds []string

    Set of User Type IDs to include

    UsersExcludeds []string

    Set of User IDs to exclude

    UsersIncludeds []string

    Set of User IDs to include

    policyId String

    ID of the policy

    access String

    Allow or deny access based on the rule conditions: ALLOW or DENY

    constraints List<String>

    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class

    customExpression String

    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.

    deviceAssurancesIncludeds List<String>

    List of device assurance IDs to include

    deviceIsManaged Boolean

    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.

    deviceIsRegistered Boolean

    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.

    factorMode String

    The number of factors required to satisfy this assurance level

    groupsExcludeds List<String>

    List of group IDs to exclude

    groupsIncludeds List<String>

    List of group IDs to include

    inactivityPeriod String

    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.

    name String

    Policy Rule Name

    networkConnection String

    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.

    networkExcludes List<String>

    The zones to exclude

    networkIncludes List<String>

    The zones to include

    platformIncludes List<AppSignonPolicyRulePlatformInclude>
    priority Integer

    Priority of the rule.

    reAuthenticationFrequency String

    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session

    riskScore String

    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH

    status String

    Status of the rule

    type String

    The Verification Method type

    userTypesExcludeds List<String>

    Set of User Type IDs to exclude

    userTypesIncludeds List<String>

    Set of User Type IDs to include

    usersExcludeds List<String>

    Set of User IDs to exclude

    usersIncludeds List<String>

    Set of User IDs to include

    policyId string

    ID of the policy

    access string

    Allow or deny access based on the rule conditions: ALLOW or DENY

    constraints string[]

    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class

    customExpression string

    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.

    deviceAssurancesIncludeds string[]

    List of device assurance IDs to include

    deviceIsManaged boolean

    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.

    deviceIsRegistered boolean

    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.

    factorMode string

    The number of factors required to satisfy this assurance level

    groupsExcludeds string[]

    List of group IDs to exclude

    groupsIncludeds string[]

    List of group IDs to include

    inactivityPeriod string

    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.

    name string

    Policy Rule Name

    networkConnection string

    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.

    networkExcludes string[]

    The zones to exclude

    networkIncludes string[]

    The zones to include

    platformIncludes AppSignonPolicyRulePlatformInclude[]
    priority number

    Priority of the rule.

    reAuthenticationFrequency string

    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session

    riskScore string

    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH

    status string

    Status of the rule

    type string

    The Verification Method type

    userTypesExcludeds string[]

    Set of User Type IDs to exclude

    userTypesIncludeds string[]

    Set of User Type IDs to include

    usersExcludeds string[]

    Set of User IDs to exclude

    usersIncludeds string[]

    Set of User IDs to include

    policy_id str

    ID of the policy

    access str

    Allow or deny access based on the rule conditions: ALLOW or DENY

    constraints Sequence[str]

    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class

    custom_expression str

    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.

    device_assurances_includeds Sequence[str]

    List of device assurance IDs to include

    device_is_managed bool

    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.

    device_is_registered bool

    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.

    factor_mode str

    The number of factors required to satisfy this assurance level

    groups_excludeds Sequence[str]

    List of group IDs to exclude

    groups_includeds Sequence[str]

    List of group IDs to include

    inactivity_period str

    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.

    name str

    Policy Rule Name

    network_connection str

    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.

    network_excludes Sequence[str]

    The zones to exclude

    network_includes Sequence[str]

    The zones to include

    platform_includes Sequence[AppSignonPolicyRulePlatformIncludeArgs]
    priority int

    Priority of the rule.

    re_authentication_frequency str

    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session

    risk_score str

    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH

    status str

    Status of the rule

    type str

    The Verification Method type

    user_types_excludeds Sequence[str]

    Set of User Type IDs to exclude

    user_types_includeds Sequence[str]

    Set of User Type IDs to include

    users_excludeds Sequence[str]

    Set of User IDs to exclude

    users_includeds Sequence[str]

    Set of User IDs to include

    policyId String

    ID of the policy

    access String

    Allow or deny access based on the rule conditions: ALLOW or DENY

    constraints List<String>

    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class

    customExpression String

    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.

    deviceAssurancesIncludeds List<String>

    List of device assurance IDs to include

    deviceIsManaged Boolean

    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.

    deviceIsRegistered Boolean

    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.

    factorMode String

    The number of factors required to satisfy this assurance level

    groupsExcludeds List<String>

    List of group IDs to exclude

    groupsIncludeds List<String>

    List of group IDs to include

    inactivityPeriod String

    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.

    name String

    Policy Rule Name

    networkConnection String

    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.

    networkExcludes List<String>

    The zones to exclude

    networkIncludes List<String>

    The zones to include

    platformIncludes List<Property Map>
    priority Number

    Priority of the rule.

    reAuthenticationFrequency String

    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session

    riskScore String

    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH

    status String

    Status of the rule

    type String

    The Verification Method type

    userTypesExcludeds List<String>

    Set of User Type IDs to exclude

    userTypesIncludeds List<String>

    Set of User Type IDs to include

    usersExcludeds List<String>

    Set of User IDs to exclude

    usersIncludeds List<String>

    Set of User IDs to include

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AppSignonPolicyRule resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    System bool

    Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy

    Id string

    The provider-assigned unique ID for this managed resource.

    System bool

    Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy

    id String

    The provider-assigned unique ID for this managed resource.

    system Boolean

    Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy

    id string

    The provider-assigned unique ID for this managed resource.

    system boolean

    Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy

    id str

    The provider-assigned unique ID for this managed resource.

    system bool

    Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy

    id String

    The provider-assigned unique ID for this managed resource.

    system Boolean

    Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy

    Look up Existing AppSignonPolicyRule Resource

    Get an existing AppSignonPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AppSignonPolicyRuleState, opts?: CustomResourceOptions): AppSignonPolicyRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access: Optional[str] = None,
            constraints: Optional[Sequence[str]] = None,
            custom_expression: Optional[str] = None,
            device_assurances_includeds: Optional[Sequence[str]] = None,
            device_is_managed: Optional[bool] = None,
            device_is_registered: Optional[bool] = None,
            factor_mode: Optional[str] = None,
            groups_excludeds: Optional[Sequence[str]] = None,
            groups_includeds: Optional[Sequence[str]] = None,
            inactivity_period: Optional[str] = None,
            name: Optional[str] = None,
            network_connection: Optional[str] = None,
            network_excludes: Optional[Sequence[str]] = None,
            network_includes: Optional[Sequence[str]] = None,
            platform_includes: Optional[Sequence[AppSignonPolicyRulePlatformIncludeArgs]] = None,
            policy_id: Optional[str] = None,
            priority: Optional[int] = None,
            re_authentication_frequency: Optional[str] = None,
            risk_score: Optional[str] = None,
            status: Optional[str] = None,
            system: Optional[bool] = None,
            type: Optional[str] = None,
            user_types_excludeds: Optional[Sequence[str]] = None,
            user_types_includeds: Optional[Sequence[str]] = None,
            users_excludeds: Optional[Sequence[str]] = None,
            users_includeds: Optional[Sequence[str]] = None) -> AppSignonPolicyRule
    func GetAppSignonPolicyRule(ctx *Context, name string, id IDInput, state *AppSignonPolicyRuleState, opts ...ResourceOption) (*AppSignonPolicyRule, error)
    public static AppSignonPolicyRule Get(string name, Input<string> id, AppSignonPolicyRuleState? state, CustomResourceOptions? opts = null)
    public static AppSignonPolicyRule get(String name, Output<String> id, AppSignonPolicyRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Access string

    Allow or deny access based on the rule conditions: ALLOW or DENY

    Constraints List<string>

    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class

    CustomExpression string

    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.

    DeviceAssurancesIncludeds List<string>

    List of device assurance IDs to include

    DeviceIsManaged bool

    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.

    DeviceIsRegistered bool

    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.

    FactorMode string

    The number of factors required to satisfy this assurance level

    GroupsExcludeds List<string>

    List of group IDs to exclude

    GroupsIncludeds List<string>

    List of group IDs to include

    InactivityPeriod string

    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.

    Name string

    Policy Rule Name

    NetworkConnection string

    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.

    NetworkExcludes List<string>

    The zones to exclude

    NetworkIncludes List<string>

    The zones to include

    PlatformIncludes List<AppSignonPolicyRulePlatformInclude>
    PolicyId string

    ID of the policy

    Priority int

    Priority of the rule.

    ReAuthenticationFrequency string

    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session

    RiskScore string

    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH

    Status string

    Status of the rule

    System bool

    Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy

    Type string

    The Verification Method type

    UserTypesExcludeds List<string>

    Set of User Type IDs to exclude

    UserTypesIncludeds List<string>

    Set of User Type IDs to include

    UsersExcludeds List<string>

    Set of User IDs to exclude

    UsersIncludeds List<string>

    Set of User IDs to include

    Access string

    Allow or deny access based on the rule conditions: ALLOW or DENY

    Constraints []string

    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class

    CustomExpression string

    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.

    DeviceAssurancesIncludeds []string

    List of device assurance IDs to include

    DeviceIsManaged bool

    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.

    DeviceIsRegistered bool

    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.

    FactorMode string

    The number of factors required to satisfy this assurance level

    GroupsExcludeds []string

    List of group IDs to exclude

    GroupsIncludeds []string

    List of group IDs to include

    InactivityPeriod string

    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.

    Name string

    Policy Rule Name

    NetworkConnection string

    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.

    NetworkExcludes []string

    The zones to exclude

    NetworkIncludes []string

    The zones to include

    PlatformIncludes []AppSignonPolicyRulePlatformIncludeArgs
    PolicyId string

    ID of the policy

    Priority int

    Priority of the rule.

    ReAuthenticationFrequency string

    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session

    RiskScore string

    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH

    Status string

    Status of the rule

    System bool

    Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy

    Type string

    The Verification Method type

    UserTypesExcludeds []string

    Set of User Type IDs to exclude

    UserTypesIncludeds []string

    Set of User Type IDs to include

    UsersExcludeds []string

    Set of User IDs to exclude

    UsersIncludeds []string

    Set of User IDs to include

    access String

    Allow or deny access based on the rule conditions: ALLOW or DENY

    constraints List<String>

    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class

    customExpression String

    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.

    deviceAssurancesIncludeds List<String>

    List of device assurance IDs to include

    deviceIsManaged Boolean

    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.

    deviceIsRegistered Boolean

    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.

    factorMode String

    The number of factors required to satisfy this assurance level

    groupsExcludeds List<String>

    List of group IDs to exclude

    groupsIncludeds List<String>

    List of group IDs to include

    inactivityPeriod String

    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.

    name String

    Policy Rule Name

    networkConnection String

    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.

    networkExcludes List<String>

    The zones to exclude

    networkIncludes List<String>

    The zones to include

    platformIncludes List<AppSignonPolicyRulePlatformInclude>
    policyId String

    ID of the policy

    priority Integer

    Priority of the rule.

    reAuthenticationFrequency String

    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session

    riskScore String

    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH

    status String

    Status of the rule

    system Boolean

    Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy

    type String

    The Verification Method type

    userTypesExcludeds List<String>

    Set of User Type IDs to exclude

    userTypesIncludeds List<String>

    Set of User Type IDs to include

    usersExcludeds List<String>

    Set of User IDs to exclude

    usersIncludeds List<String>

    Set of User IDs to include

    access string

    Allow or deny access based on the rule conditions: ALLOW or DENY

    constraints string[]

    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class

    customExpression string

    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.

    deviceAssurancesIncludeds string[]

    List of device assurance IDs to include

    deviceIsManaged boolean

    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.

    deviceIsRegistered boolean

    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.

    factorMode string

    The number of factors required to satisfy this assurance level

    groupsExcludeds string[]

    List of group IDs to exclude

    groupsIncludeds string[]

    List of group IDs to include

    inactivityPeriod string

    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.

    name string

    Policy Rule Name

    networkConnection string

    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.

    networkExcludes string[]

    The zones to exclude

    networkIncludes string[]

    The zones to include

    platformIncludes AppSignonPolicyRulePlatformInclude[]
    policyId string

    ID of the policy

    priority number

    Priority of the rule.

    reAuthenticationFrequency string

    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session

    riskScore string

    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH

    status string

    Status of the rule

    system boolean

    Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy

    type string

    The Verification Method type

    userTypesExcludeds string[]

    Set of User Type IDs to exclude

    userTypesIncludeds string[]

    Set of User Type IDs to include

    usersExcludeds string[]

    Set of User IDs to exclude

    usersIncludeds string[]

    Set of User IDs to include

    access str

    Allow or deny access based on the rule conditions: ALLOW or DENY

    constraints Sequence[str]

    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class

    custom_expression str

    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.

    device_assurances_includeds Sequence[str]

    List of device assurance IDs to include

    device_is_managed bool

    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.

    device_is_registered bool

    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.

    factor_mode str

    The number of factors required to satisfy this assurance level

    groups_excludeds Sequence[str]

    List of group IDs to exclude

    groups_includeds Sequence[str]

    List of group IDs to include

    inactivity_period str

    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.

    name str

    Policy Rule Name

    network_connection str

    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.

    network_excludes Sequence[str]

    The zones to exclude

    network_includes Sequence[str]

    The zones to include

    platform_includes Sequence[AppSignonPolicyRulePlatformIncludeArgs]
    policy_id str

    ID of the policy

    priority int

    Priority of the rule.

    re_authentication_frequency str

    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session

    risk_score str

    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH

    status str

    Status of the rule

    system bool

    Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy

    type str

    The Verification Method type

    user_types_excludeds Sequence[str]

    Set of User Type IDs to exclude

    user_types_includeds Sequence[str]

    Set of User Type IDs to include

    users_excludeds Sequence[str]

    Set of User IDs to exclude

    users_includeds Sequence[str]

    Set of User IDs to include

    access String

    Allow or deny access based on the rule conditions: ALLOW or DENY

    constraints List<String>

    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class

    customExpression String

    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.

    deviceAssurancesIncludeds List<String>

    List of device assurance IDs to include

    deviceIsManaged Boolean

    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.

    deviceIsRegistered Boolean

    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.

    factorMode String

    The number of factors required to satisfy this assurance level

    groupsExcludeds List<String>

    List of group IDs to exclude

    groupsIncludeds List<String>

    List of group IDs to include

    inactivityPeriod String

    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.

    name String

    Policy Rule Name

    networkConnection String

    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.

    networkExcludes List<String>

    The zones to exclude

    networkIncludes List<String>

    The zones to include

    platformIncludes List<Property Map>
    policyId String

    ID of the policy

    priority Number

    Priority of the rule.

    reAuthenticationFrequency String

    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session

    riskScore String

    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH

    status String

    Status of the rule

    system Boolean

    Often the "Catch-all Rule" this rule is the system (default) rule for its associated policy

    type String

    The Verification Method type

    userTypesExcludeds List<String>

    Set of User Type IDs to exclude

    userTypesIncludeds List<String>

    Set of User Type IDs to include

    usersExcludeds List<String>

    Set of User IDs to exclude

    usersIncludeds List<String>

    Set of User IDs to include

    Supporting Types

    AppSignonPolicyRulePlatformInclude, AppSignonPolicyRulePlatformIncludeArgs

    OsExpression string

    Only available with OTHER OS type

    OsType string
    Type string
    OsExpression string

    Only available with OTHER OS type

    OsType string
    Type string
    osExpression String

    Only available with OTHER OS type

    osType String
    type String
    osExpression string

    Only available with OTHER OS type

    osType string
    type string
    os_expression str

    Only available with OTHER OS type

    os_type str
    type str
    osExpression String

    Only available with OTHER OS type

    osType String
    type String

    Package Details

    Repository
    Okta pulumi/pulumi-okta
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the okta Terraform Provider.

    okta logo
    Okta v4.6.2 published on Thursday, Nov 30, 2023 by Pulumi