Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi
published on Wednesday, Apr 29, 2026 by Pulumi
Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi
published on Wednesday, Apr 29, 2026 by Pulumi
Manages an Entity Risk Policy Rule. Entity Risk Policy rules define automated responses to identity threats detected by Okta’s Identity Threat Protection (ITP).
NOTE: Entity Risk Policy is automatically created when Identity Threat Protection (ITP) is enabled. Use the
okta.getEntityRiskPolicydata source to get the policy ID. The default policy rule (priority 99) cannot be imported or modified.
Example Usage
Basic Rule - Terminate Sessions on High Risk
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const example = okta.getEntityRiskPolicy({});
const highRisk = new okta.EntityRiskPolicyRule("high_risk", {
policyId: example.then(example => example.id),
name: "High Risk - Terminate Sessions",
riskLevel: "HIGH",
terminateAllSessions: true,
});
import pulumi
import pulumi_okta as okta
example = okta.get_entity_risk_policy()
high_risk = okta.EntityRiskPolicyRule("high_risk",
policy_id=example.id,
name="High Risk - Terminate Sessions",
risk_level="HIGH",
terminate_all_sessions=True)
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v6/go/okta"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := okta.GetEntityRiskPolicy(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
_, err = okta.NewEntityRiskPolicyRule(ctx, "high_risk", &okta.EntityRiskPolicyRuleArgs{
PolicyId: pulumi.String(pulumi.String(example.Id)),
Name: pulumi.String("High Risk - Terminate Sessions"),
RiskLevel: pulumi.String("HIGH"),
TerminateAllSessions: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var example = Okta.Index.GetEntityRiskPolicy.Invoke();
var highRisk = new Okta.Index.EntityRiskPolicyRule("high_risk", new()
{
PolicyId = example.Apply(getEntityRiskPolicyResult => getEntityRiskPolicyResult.Id),
Name = "High Risk - Terminate Sessions",
RiskLevel = "HIGH",
TerminateAllSessions = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.OktaFunctions;
import com.pulumi.okta.EntityRiskPolicyRule;
import com.pulumi.okta.EntityRiskPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = OktaFunctions.getEntityRiskPolicy(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var highRisk = new EntityRiskPolicyRule("highRisk", EntityRiskPolicyRuleArgs.builder()
.policyId(example.id())
.name("High Risk - Terminate Sessions")
.riskLevel("HIGH")
.terminateAllSessions(true)
.build());
}
}
resources:
highRisk:
type: okta:EntityRiskPolicyRule
name: high_risk
properties:
policyId: ${example.id}
name: High Risk - Terminate Sessions
riskLevel: HIGH
terminateAllSessions: true
variables:
example:
fn::invoke:
function: okta:getEntityRiskPolicy
arguments: {}
Rule with Group Targeting
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const example = okta.getEntityRiskPolicy({});
const privilegedUsers = okta.group.getGroup({
name: "Privileged Users",
});
const privilegedHighRisk = new okta.EntityRiskPolicyRule("privileged_high_risk", {
policyId: example.then(example => example.id),
name: "Privileged Users - High Risk",
riskLevel: "HIGH",
terminateAllSessions: true,
groupsIncludeds: [privilegedUsers.then(privilegedUsers => privilegedUsers.id)],
});
import pulumi
import pulumi_okta as okta
example = okta.get_entity_risk_policy()
privileged_users = okta.group.get_group(name="Privileged Users")
privileged_high_risk = okta.EntityRiskPolicyRule("privileged_high_risk",
policy_id=example.id,
name="Privileged Users - High Risk",
risk_level="HIGH",
terminate_all_sessions=True,
groups_includeds=[privileged_users.id])
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v6/go/okta"
"github.com/pulumi/pulumi-okta/sdk/v6/go/okta/group"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := okta.GetEntityRiskPolicy(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
privilegedUsers, err := group.LookupGroup(ctx, &group.LookupGroupArgs{
Name: pulumi.StringRef("Privileged Users"),
}, nil)
if err != nil {
return err
}
_, err = okta.NewEntityRiskPolicyRule(ctx, "privileged_high_risk", &okta.EntityRiskPolicyRuleArgs{
PolicyId: pulumi.String(pulumi.String(example.Id)),
Name: pulumi.String("Privileged Users - High Risk"),
RiskLevel: pulumi.String("HIGH"),
TerminateAllSessions: pulumi.Bool(true),
GroupsIncludeds: pulumi.StringArray{
pulumi.String(pulumi.String(privilegedUsers.Id)),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var example = Okta.Index.GetEntityRiskPolicy.Invoke();
var privilegedUsers = Okta.Group.GetGroup.Invoke(new()
{
Name = "Privileged Users",
});
var privilegedHighRisk = new Okta.Index.EntityRiskPolicyRule("privileged_high_risk", new()
{
PolicyId = example.Apply(getEntityRiskPolicyResult => getEntityRiskPolicyResult.Id),
Name = "Privileged Users - High Risk",
RiskLevel = "HIGH",
TerminateAllSessions = true,
GroupsIncludeds = new[]
{
privilegedUsers.Apply(getGroupResult => getGroupResult.Id),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.OktaFunctions;
import com.pulumi.okta.group.GroupFunctions;
import com.pulumi.okta.group.inputs.GetGroupArgs;
import com.pulumi.okta.EntityRiskPolicyRule;
import com.pulumi.okta.EntityRiskPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = OktaFunctions.getEntityRiskPolicy(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
final var privilegedUsers = GroupFunctions.getGroup(GetGroupArgs.builder()
.name("Privileged Users")
.build());
var privilegedHighRisk = new EntityRiskPolicyRule("privilegedHighRisk", EntityRiskPolicyRuleArgs.builder()
.policyId(example.id())
.name("Privileged Users - High Risk")
.riskLevel("HIGH")
.terminateAllSessions(true)
.groupsIncludeds(privilegedUsers.id())
.build());
}
}
resources:
privilegedHighRisk:
type: okta:EntityRiskPolicyRule
name: privileged_high_risk
properties:
policyId: ${example.id}
name: Privileged Users - High Risk
riskLevel: HIGH
terminateAllSessions: true
groupsIncludeds:
- ${privilegedUsers.id}
variables:
example:
fn::invoke:
function: okta:getEntityRiskPolicy
arguments: {}
privilegedUsers:
fn::invoke:
function: okta:group:getGroup
arguments:
name: Privileged Users
Rule with Workflow Integration
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const example = okta.getEntityRiskPolicy({});
const workflowRule = new okta.EntityRiskPolicyRule("workflow_rule", {
policyId: example.then(example => example.id),
name: "Low Risk - Run Workflow",
riskLevel: "LOW",
workflowId: "your-workflow-id",
});
import pulumi
import pulumi_okta as okta
example = okta.get_entity_risk_policy()
workflow_rule = okta.EntityRiskPolicyRule("workflow_rule",
policy_id=example.id,
name="Low Risk - Run Workflow",
risk_level="LOW",
workflow_id="your-workflow-id")
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v6/go/okta"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := okta.GetEntityRiskPolicy(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
_, err = okta.NewEntityRiskPolicyRule(ctx, "workflow_rule", &okta.EntityRiskPolicyRuleArgs{
PolicyId: pulumi.String(pulumi.String(example.Id)),
Name: pulumi.String("Low Risk - Run Workflow"),
RiskLevel: pulumi.String("LOW"),
WorkflowId: pulumi.String("your-workflow-id"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var example = Okta.Index.GetEntityRiskPolicy.Invoke();
var workflowRule = new Okta.Index.EntityRiskPolicyRule("workflow_rule", new()
{
PolicyId = example.Apply(getEntityRiskPolicyResult => getEntityRiskPolicyResult.Id),
Name = "Low Risk - Run Workflow",
RiskLevel = "LOW",
WorkflowId = "your-workflow-id",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.OktaFunctions;
import com.pulumi.okta.EntityRiskPolicyRule;
import com.pulumi.okta.EntityRiskPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = OktaFunctions.getEntityRiskPolicy(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var workflowRule = new EntityRiskPolicyRule("workflowRule", EntityRiskPolicyRuleArgs.builder()
.policyId(example.id())
.name("Low Risk - Run Workflow")
.riskLevel("LOW")
.workflowId("your-workflow-id")
.build());
}
}
resources:
workflowRule:
type: okta:EntityRiskPolicyRule
name: workflow_rule
properties:
policyId: ${example.id}
name: Low Risk - Run Workflow
riskLevel: LOW
workflowId: your-workflow-id
variables:
example:
fn::invoke:
function: okta:getEntityRiskPolicy
arguments: {}
Create EntityRiskPolicyRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new EntityRiskPolicyRule(name: string, args: EntityRiskPolicyRuleArgs, opts?: CustomResourceOptions);@overload
def EntityRiskPolicyRule(resource_name: str,
args: EntityRiskPolicyRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def EntityRiskPolicyRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
policy_id: Optional[str] = None,
risk_level: Optional[str] = None,
groups_excludeds: Optional[Sequence[str]] = None,
groups_includeds: Optional[Sequence[str]] = None,
name: Optional[str] = None,
priority: Optional[int] = None,
status: Optional[str] = None,
terminate_all_sessions: Optional[bool] = None,
users_excludeds: Optional[Sequence[str]] = None,
users_includeds: Optional[Sequence[str]] = None,
workflow_id: Optional[str] = None)func NewEntityRiskPolicyRule(ctx *Context, name string, args EntityRiskPolicyRuleArgs, opts ...ResourceOption) (*EntityRiskPolicyRule, error)public EntityRiskPolicyRule(string name, EntityRiskPolicyRuleArgs args, CustomResourceOptions? opts = null)
public EntityRiskPolicyRule(String name, EntityRiskPolicyRuleArgs args)
public EntityRiskPolicyRule(String name, EntityRiskPolicyRuleArgs args, CustomResourceOptions options)
type: okta:EntityRiskPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args EntityRiskPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args EntityRiskPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args EntityRiskPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args EntityRiskPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args EntityRiskPolicyRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
EntityRiskPolicyRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The EntityRiskPolicyRule resource accepts the following input properties:
- Policy
Id string - ID of the Entity Risk Policy. Use the
okta.getEntityRiskPolicydata source to get this ID. - Risk
Level string - Risk level to match. Valid values:
HIGH,MEDIUM,LOW,ANY. - Groups
Excludeds List<string> - List of group IDs to exclude from this rule.
- Groups
Includeds List<string> - List of group IDs to include in this rule.
- Name string
- Name of the policy rule.
- Priority int
- Priority of the rule. Rules are evaluated in priority order.
- Status string
- Status of the rule. Valid values:
ACTIVE,INACTIVE. Default:ACTIVE. - Terminate
All boolSessions - When true, terminates all active sessions for the user when a risk event is detected. Default:
false. - Users
Excludeds List<string> - List of user IDs to exclude from this rule.
- Users
Includeds List<string> - List of user IDs to include from this rule.
- Workflow
Id string - ID of the Okta Workflow to run when a risk event is detected.
- Policy
Id string - ID of the Entity Risk Policy. Use the
okta.getEntityRiskPolicydata source to get this ID. - Risk
Level string - Risk level to match. Valid values:
HIGH,MEDIUM,LOW,ANY. - Groups
Excludeds []string - List of group IDs to exclude from this rule.
- Groups
Includeds []string - List of group IDs to include in this rule.
- Name string
- Name of the policy rule.
- Priority int
- Priority of the rule. Rules are evaluated in priority order.
- Status string
- Status of the rule. Valid values:
ACTIVE,INACTIVE. Default:ACTIVE. - Terminate
All boolSessions - When true, terminates all active sessions for the user when a risk event is detected. Default:
false. - Users
Excludeds []string - List of user IDs to exclude from this rule.
- Users
Includeds []string - List of user IDs to include from this rule.
- Workflow
Id string - ID of the Okta Workflow to run when a risk event is detected.
- policy
Id String - ID of the Entity Risk Policy. Use the
okta.getEntityRiskPolicydata source to get this ID. - risk
Level String - Risk level to match. Valid values:
HIGH,MEDIUM,LOW,ANY. - groups
Excludeds List<String> - List of group IDs to exclude from this rule.
- groups
Includeds List<String> - List of group IDs to include in this rule.
- name String
- Name of the policy rule.
- priority Integer
- Priority of the rule. Rules are evaluated in priority order.
- status String
- Status of the rule. Valid values:
ACTIVE,INACTIVE. Default:ACTIVE. - terminate
All BooleanSessions - When true, terminates all active sessions for the user when a risk event is detected. Default:
false. - users
Excludeds List<String> - List of user IDs to exclude from this rule.
- users
Includeds List<String> - List of user IDs to include from this rule.
- workflow
Id String - ID of the Okta Workflow to run when a risk event is detected.
- policy
Id string - ID of the Entity Risk Policy. Use the
okta.getEntityRiskPolicydata source to get this ID. - risk
Level string - Risk level to match. Valid values:
HIGH,MEDIUM,LOW,ANY. - groups
Excludeds string[] - List of group IDs to exclude from this rule.
- groups
Includeds string[] - List of group IDs to include in this rule.
- name string
- Name of the policy rule.
- priority number
- Priority of the rule. Rules are evaluated in priority order.
- status string
- Status of the rule. Valid values:
ACTIVE,INACTIVE. Default:ACTIVE. - terminate
All booleanSessions - When true, terminates all active sessions for the user when a risk event is detected. Default:
false. - users
Excludeds string[] - List of user IDs to exclude from this rule.
- users
Includeds string[] - List of user IDs to include from this rule.
- workflow
Id string - ID of the Okta Workflow to run when a risk event is detected.
- policy_
id str - ID of the Entity Risk Policy. Use the
okta.getEntityRiskPolicydata source to get this ID. - risk_
level str - Risk level to match. Valid values:
HIGH,MEDIUM,LOW,ANY. - groups_
excludeds Sequence[str] - List of group IDs to exclude from this rule.
- groups_
includeds Sequence[str] - List of group IDs to include in this rule.
- name str
- Name of the policy rule.
- priority int
- Priority of the rule. Rules are evaluated in priority order.
- status str
- Status of the rule. Valid values:
ACTIVE,INACTIVE. Default:ACTIVE. - terminate_
all_ boolsessions - When true, terminates all active sessions for the user when a risk event is detected. Default:
false. - users_
excludeds Sequence[str] - List of user IDs to exclude from this rule.
- users_
includeds Sequence[str] - List of user IDs to include from this rule.
- workflow_
id str - ID of the Okta Workflow to run when a risk event is detected.
- policy
Id String - ID of the Entity Risk Policy. Use the
okta.getEntityRiskPolicydata source to get this ID. - risk
Level String - Risk level to match. Valid values:
HIGH,MEDIUM,LOW,ANY. - groups
Excludeds List<String> - List of group IDs to exclude from this rule.
- groups
Includeds List<String> - List of group IDs to include in this rule.
- name String
- Name of the policy rule.
- priority Number
- Priority of the rule. Rules are evaluated in priority order.
- status String
- Status of the rule. Valid values:
ACTIVE,INACTIVE. Default:ACTIVE. - terminate
All BooleanSessions - When true, terminates all active sessions for the user when a risk event is detected. Default:
false. - users
Excludeds List<String> - List of user IDs to exclude from this rule.
- users
Includeds List<String> - List of user IDs to include from this rule.
- workflow
Id String - ID of the Okta Workflow to run when a risk event is detected.
Outputs
All input properties are implicitly available as output properties. Additionally, the EntityRiskPolicyRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing EntityRiskPolicyRule Resource
Get an existing EntityRiskPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: EntityRiskPolicyRuleState, opts?: CustomResourceOptions): EntityRiskPolicyRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
groups_excludeds: Optional[Sequence[str]] = None,
groups_includeds: Optional[Sequence[str]] = None,
name: Optional[str] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
risk_level: Optional[str] = None,
status: Optional[str] = None,
terminate_all_sessions: Optional[bool] = None,
users_excludeds: Optional[Sequence[str]] = None,
users_includeds: Optional[Sequence[str]] = None,
workflow_id: Optional[str] = None) -> EntityRiskPolicyRulefunc GetEntityRiskPolicyRule(ctx *Context, name string, id IDInput, state *EntityRiskPolicyRuleState, opts ...ResourceOption) (*EntityRiskPolicyRule, error)public static EntityRiskPolicyRule Get(string name, Input<string> id, EntityRiskPolicyRuleState? state, CustomResourceOptions? opts = null)public static EntityRiskPolicyRule get(String name, Output<String> id, EntityRiskPolicyRuleState state, CustomResourceOptions options)resources: _: type: okta:EntityRiskPolicyRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Groups
Excludeds List<string> - List of group IDs to exclude from this rule.
- Groups
Includeds List<string> - List of group IDs to include in this rule.
- Name string
- Name of the policy rule.
- Policy
Id string - ID of the Entity Risk Policy. Use the
okta.getEntityRiskPolicydata source to get this ID. - Priority int
- Priority of the rule. Rules are evaluated in priority order.
- Risk
Level string - Risk level to match. Valid values:
HIGH,MEDIUM,LOW,ANY. - Status string
- Status of the rule. Valid values:
ACTIVE,INACTIVE. Default:ACTIVE. - Terminate
All boolSessions - When true, terminates all active sessions for the user when a risk event is detected. Default:
false. - Users
Excludeds List<string> - List of user IDs to exclude from this rule.
- Users
Includeds List<string> - List of user IDs to include from this rule.
- Workflow
Id string - ID of the Okta Workflow to run when a risk event is detected.
- Groups
Excludeds []string - List of group IDs to exclude from this rule.
- Groups
Includeds []string - List of group IDs to include in this rule.
- Name string
- Name of the policy rule.
- Policy
Id string - ID of the Entity Risk Policy. Use the
okta.getEntityRiskPolicydata source to get this ID. - Priority int
- Priority of the rule. Rules are evaluated in priority order.
- Risk
Level string - Risk level to match. Valid values:
HIGH,MEDIUM,LOW,ANY. - Status string
- Status of the rule. Valid values:
ACTIVE,INACTIVE. Default:ACTIVE. - Terminate
All boolSessions - When true, terminates all active sessions for the user when a risk event is detected. Default:
false. - Users
Excludeds []string - List of user IDs to exclude from this rule.
- Users
Includeds []string - List of user IDs to include from this rule.
- Workflow
Id string - ID of the Okta Workflow to run when a risk event is detected.
- groups
Excludeds List<String> - List of group IDs to exclude from this rule.
- groups
Includeds List<String> - List of group IDs to include in this rule.
- name String
- Name of the policy rule.
- policy
Id String - ID of the Entity Risk Policy. Use the
okta.getEntityRiskPolicydata source to get this ID. - priority Integer
- Priority of the rule. Rules are evaluated in priority order.
- risk
Level String - Risk level to match. Valid values:
HIGH,MEDIUM,LOW,ANY. - status String
- Status of the rule. Valid values:
ACTIVE,INACTIVE. Default:ACTIVE. - terminate
All BooleanSessions - When true, terminates all active sessions for the user when a risk event is detected. Default:
false. - users
Excludeds List<String> - List of user IDs to exclude from this rule.
- users
Includeds List<String> - List of user IDs to include from this rule.
- workflow
Id String - ID of the Okta Workflow to run when a risk event is detected.
- groups
Excludeds string[] - List of group IDs to exclude from this rule.
- groups
Includeds string[] - List of group IDs to include in this rule.
- name string
- Name of the policy rule.
- policy
Id string - ID of the Entity Risk Policy. Use the
okta.getEntityRiskPolicydata source to get this ID. - priority number
- Priority of the rule. Rules are evaluated in priority order.
- risk
Level string - Risk level to match. Valid values:
HIGH,MEDIUM,LOW,ANY. - status string
- Status of the rule. Valid values:
ACTIVE,INACTIVE. Default:ACTIVE. - terminate
All booleanSessions - When true, terminates all active sessions for the user when a risk event is detected. Default:
false. - users
Excludeds string[] - List of user IDs to exclude from this rule.
- users
Includeds string[] - List of user IDs to include from this rule.
- workflow
Id string - ID of the Okta Workflow to run when a risk event is detected.
- groups_
excludeds Sequence[str] - List of group IDs to exclude from this rule.
- groups_
includeds Sequence[str] - List of group IDs to include in this rule.
- name str
- Name of the policy rule.
- policy_
id str - ID of the Entity Risk Policy. Use the
okta.getEntityRiskPolicydata source to get this ID. - priority int
- Priority of the rule. Rules are evaluated in priority order.
- risk_
level str - Risk level to match. Valid values:
HIGH,MEDIUM,LOW,ANY. - status str
- Status of the rule. Valid values:
ACTIVE,INACTIVE. Default:ACTIVE. - terminate_
all_ boolsessions - When true, terminates all active sessions for the user when a risk event is detected. Default:
false. - users_
excludeds Sequence[str] - List of user IDs to exclude from this rule.
- users_
includeds Sequence[str] - List of user IDs to include from this rule.
- workflow_
id str - ID of the Okta Workflow to run when a risk event is detected.
- groups
Excludeds List<String> - List of group IDs to exclude from this rule.
- groups
Includeds List<String> - List of group IDs to include in this rule.
- name String
- Name of the policy rule.
- policy
Id String - ID of the Entity Risk Policy. Use the
okta.getEntityRiskPolicydata source to get this ID. - priority Number
- Priority of the rule. Rules are evaluated in priority order.
- risk
Level String - Risk level to match. Valid values:
HIGH,MEDIUM,LOW,ANY. - status String
- Status of the rule. Valid values:
ACTIVE,INACTIVE. Default:ACTIVE. - terminate
All BooleanSessions - When true, terminates all active sessions for the user when a risk event is detected. Default:
false. - users
Excludeds List<String> - List of user IDs to exclude from this rule.
- users
Includeds List<String> - List of user IDs to include from this rule.
- workflow
Id String - ID of the Okta Workflow to run when a risk event is detected.
Import
Entity Risk Policy Rules can be imported using the format <policy_id>/<rule_id>:
$ pulumi import okta:index/entityRiskPolicyRule:EntityRiskPolicyRule example 00p1234567890/0pr1234567890
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oktaTerraform Provider.
Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi
published on Wednesday, Apr 29, 2026 by Pulumi
