okta.policy.getRulePassword

Okta v6.6.0, Apr 29 26

Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const password = okta.policy.getDefaultPolicy({
    type: "PASSWORD",
});
const exampleRulePassword = new okta.policy.RulePassword("example", {
    policyId: password.then(password => password.id),
    name: "My Password Rule",
});
const example = pulumi.all([password, exampleRulePassword.id]).apply(([password, id]) => okta.policy.getRulePasswordOutput({
    policyId: password.id,
    id: id,
}));

import pulumi
import pulumi_okta as okta

password = okta.policy.get_default_policy(type="PASSWORD")
example_rule_password = okta.policy.RulePassword("example",
    policy_id=password.id,
    name="My Password Rule")
example = example_rule_password.id.apply(lambda id: okta.policy.get_rule_password(policy_id=password.id,
    id=id))

package main

import (
	"github.com/pulumi/pulumi-okta/sdk/v6/go/okta/policy"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		password, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
			Type: "PASSWORD",
		}, nil)
		if err != nil {
			return err
		}
		exampleRulePassword, err := policy.NewRulePassword(ctx, "example", &policy.RulePasswordArgs{
			PolicyId: pulumi.String(pulumi.String(password.Id)),
			Name:     pulumi.String("My Password Rule"),
		})
		if err != nil {
			return err
		}
		_ = exampleRulePassword.ID().ApplyT(func(id string) (policy.GetRulePasswordResult, error) {
			return policy.GetRulePasswordResult(policy.LookupRulePassword(ctx, &policy.LookupRulePasswordArgs{
				PolicyId: password.Id,
				Id:       id,
			}, nil)), nil
		}).(policy.GetRulePasswordResultOutput)
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;

return await Deployment.RunAsync(() => 
{
    var password = Okta.Policy.GetDefaultPolicy.Invoke(new()
    {
        Type = "PASSWORD",
    });

    var exampleRulePassword = new Okta.Policy.RulePassword("example", new()
    {
        PolicyId = password.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
        Name = "My Password Rule",
    });

    var example = Okta.Policy.GetRulePassword.Invoke(new()
    {
        PolicyId = password.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
        Id = exampleRulePassword.Id,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
import com.pulumi.okta.policy.RulePassword;
import com.pulumi.okta.policy.RulePasswordArgs;
import com.pulumi.okta.policy.inputs.GetRulePasswordArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var password = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
            .type("PASSWORD")
            .build());

        var exampleRulePassword = new RulePassword("exampleRulePassword", RulePasswordArgs.builder()
            .policyId(password.id())
            .name("My Password Rule")
            .build());

        final var example = exampleRulePassword.id().applyValue(_id -> PolicyFunctions.getRulePassword(GetRulePasswordArgs.builder()
            .policyId(password.id())
            .id(_id)
            .build()));

    }
}

resources:
  exampleRulePassword:
    type: okta:policy:RulePassword
    name: example
    properties:
      policyId: ${password.id}
      name: My Password Rule
variables:
  password:
    fn::invoke:
      function: okta:policy:getDefaultPolicy
      arguments:
        type: PASSWORD
  example:
    fn::invoke:
      function: okta:policy:getRulePassword
      arguments:
        policyId: ${password.id}
        id: ${exampleRulePassword.id}

Example coming soon!

Using getRulePassword

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getRulePassword(args: GetRulePasswordArgs, opts?: InvokeOptions): Promise<GetRulePasswordResult>
function getRulePasswordOutput(args: GetRulePasswordOutputArgs, opts?: InvokeOptions): Output<GetRulePasswordResult>

def get_rule_password(id: Optional[str] = None,
                      name: Optional[str] = None,
                      policy_id: Optional[str] = None,
                      opts: Optional[InvokeOptions] = None) -> GetRulePasswordResult
def get_rule_password_output(id: pulumi.Input[Optional[str]] = None,
                      name: pulumi.Input[Optional[str]] = None,
                      policy_id: pulumi.Input[Optional[str]] = None,
                      opts: Optional[InvokeOptions] = None) -> Output[GetRulePasswordResult]

func LookupRulePassword(ctx *Context, args *LookupRulePasswordArgs, opts ...InvokeOption) (*LookupRulePasswordResult, error)
func LookupRulePasswordOutput(ctx *Context, args *LookupRulePasswordOutputArgs, opts ...InvokeOption) LookupRulePasswordResultOutput

> Note: This function is named LookupRulePassword in the Go SDK.

public static class GetRulePassword 
{
    public static Task<GetRulePasswordResult> InvokeAsync(GetRulePasswordArgs args, InvokeOptions? opts = null)
    public static Output<GetRulePasswordResult> Invoke(GetRulePasswordInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetRulePasswordResult> getRulePassword(GetRulePasswordArgs args, InvokeOptions options)
public static Output<GetRulePasswordResult> getRulePassword(GetRulePasswordArgs args, InvokeOptions options)

fn::invoke:
  function: okta:policy/getRulePassword:getRulePassword
  arguments:
    # arguments dictionary

data "okta_policy_getrulepassword" "name" {
    # arguments
}

The following arguments are supported:

Id string: The ID of this resource.
PolicyId string: ID of the Policy owning this rule.
Name string: Name of the rule.

Id string: The ID of this resource.
PolicyId string: ID of the Policy owning this rule.
Name string: Name of the rule.

id string: The ID of this resource.
policy_id string: ID of the Policy owning this rule.
name string: Name of the rule.

id String: The ID of this resource.
policyId String: ID of the Policy owning this rule.
name String: Name of the rule.

id string: The ID of this resource.
policyId string: ID of the Policy owning this rule.
name string: Name of the rule.

id str: The ID of this resource.
policy_id str: ID of the Policy owning this rule.
name str: Name of the rule.

id String: The ID of this resource.
policyId String: ID of the Policy owning this rule.
name String: Name of the rule.

getRulePassword Result

The following output properties are available:

GroupsExcludeds List<string>
GroupsIncludeds List<string>
Id string: The ID of this resource.
Name string: Name of the rule.
NetworkConnection string: Network selection mode: ANYWHERE, ZONE.
NetworkExcludes List<string>: Network zones to exclude (when networkConnection = ZONE).
NetworkIncludes List<string>: Network zones to include (when networkConnection = ZONE).
PasswordChange string: Whether a user is allowed to change their password: ALLOW or DENY.
PasswordReset string: Whether a user is allowed to reset their password: ALLOW or DENY.
PasswordResetAccessControl string: Whether SSPR access is governed by an authentication policy or legacy behavior. Options: LEGACY, AUTH_POLICY.
PasswordResetRequirements List<GetRulePasswordPasswordResetRequirement>: Self-service password reset (SSPR) requirement settings.
PasswordUnlock string: Whether a user is allowed to unlock their account: ALLOW or DENY.
PolicyId string: ID of the Policy owning this rule.
Priority int: Priority of the rule.
Status string: Status of the rule: ACTIVE or INACTIVE.
UsersExcludeds List<string>: User IDs excluded from this rule.
UsersIncludeds List<string>

GroupsExcludeds []string
GroupsIncludeds []string
Id string: The ID of this resource.
Name string: Name of the rule.
NetworkConnection string: Network selection mode: ANYWHERE, ZONE.
NetworkExcludes []string: Network zones to exclude (when networkConnection = ZONE).
NetworkIncludes []string: Network zones to include (when networkConnection = ZONE).
PasswordChange string: Whether a user is allowed to change their password: ALLOW or DENY.
PasswordReset string: Whether a user is allowed to reset their password: ALLOW or DENY.
PasswordResetAccessControl string: Whether SSPR access is governed by an authentication policy or legacy behavior. Options: LEGACY, AUTH_POLICY.
PasswordResetRequirements []GetRulePasswordPasswordResetRequirement: Self-service password reset (SSPR) requirement settings.
PasswordUnlock string: Whether a user is allowed to unlock their account: ALLOW or DENY.
PolicyId string: ID of the Policy owning this rule.
Priority int: Priority of the rule.
Status string: Status of the rule: ACTIVE or INACTIVE.
UsersExcludeds []string: User IDs excluded from this rule.
UsersIncludeds []string

groups_excludeds list(string)
groups_includeds list(string)
id string: The ID of this resource.
name string: Name of the rule.
network_connection string: Network selection mode: ANYWHERE, ZONE.
network_excludes list(string): Network zones to exclude (when networkConnection = ZONE).
network_includes list(string): Network zones to include (when networkConnection = ZONE).
password_change string: Whether a user is allowed to change their password: ALLOW or DENY.
password_reset string: Whether a user is allowed to reset their password: ALLOW or DENY.
password_reset_access_control string: Whether SSPR access is governed by an authentication policy or legacy behavior. Options: LEGACY, AUTH_POLICY.
password_reset_requirements list(object): Self-service password reset (SSPR) requirement settings.
password_unlock string: Whether a user is allowed to unlock their account: ALLOW or DENY.
policy_id string: ID of the Policy owning this rule.
priority number: Priority of the rule.
status string: Status of the rule: ACTIVE or INACTIVE.
users_excludeds list(string): User IDs excluded from this rule.
users_includeds list(string)

groupsExcludeds List<String>
groupsIncludeds List<String>
id String: The ID of this resource.
name String: Name of the rule.
networkConnection String: Network selection mode: ANYWHERE, ZONE.
networkExcludes List<String>: Network zones to exclude (when networkConnection = ZONE).
networkIncludes List<String>: Network zones to include (when networkConnection = ZONE).
passwordChange String: Whether a user is allowed to change their password: ALLOW or DENY.
passwordReset String: Whether a user is allowed to reset their password: ALLOW or DENY.
passwordResetAccessControl String: Whether SSPR access is governed by an authentication policy or legacy behavior. Options: LEGACY, AUTH_POLICY.
passwordResetRequirements List<GetRulePasswordPasswordResetRequirement>: Self-service password reset (SSPR) requirement settings.
passwordUnlock String: Whether a user is allowed to unlock their account: ALLOW or DENY.
policyId String: ID of the Policy owning this rule.
priority Integer: Priority of the rule.
status String: Status of the rule: ACTIVE or INACTIVE.
usersExcludeds List<String>: User IDs excluded from this rule.
usersIncludeds List<String>

groupsExcludeds string[]
groupsIncludeds string[]
id string: The ID of this resource.
name string: Name of the rule.
networkConnection string: Network selection mode: ANYWHERE, ZONE.
networkExcludes string[]: Network zones to exclude (when networkConnection = ZONE).
networkIncludes string[]: Network zones to include (when networkConnection = ZONE).
passwordChange string: Whether a user is allowed to change their password: ALLOW or DENY.
passwordReset string: Whether a user is allowed to reset their password: ALLOW or DENY.
passwordResetAccessControl string: Whether SSPR access is governed by an authentication policy or legacy behavior. Options: LEGACY, AUTH_POLICY.
passwordResetRequirements GetRulePasswordPasswordResetRequirement[]: Self-service password reset (SSPR) requirement settings.
passwordUnlock string: Whether a user is allowed to unlock their account: ALLOW or DENY.
policyId string: ID of the Policy owning this rule.
priority number: Priority of the rule.
status string: Status of the rule: ACTIVE or INACTIVE.
usersExcludeds string[]: User IDs excluded from this rule.
usersIncludeds string[]

groups_excludeds Sequence[str]
groups_includeds Sequence[str]
id str: The ID of this resource.
name str: Name of the rule.
network_connection str: Network selection mode: ANYWHERE, ZONE.
network_excludes Sequence[str]: Network zones to exclude (when networkConnection = ZONE).
network_includes Sequence[str]: Network zones to include (when networkConnection = ZONE).
password_change str: Whether a user is allowed to change their password: ALLOW or DENY.
password_reset str: Whether a user is allowed to reset their password: ALLOW or DENY.
password_reset_access_control str: Whether SSPR access is governed by an authentication policy or legacy behavior. Options: LEGACY, AUTH_POLICY.
password_reset_requirements Sequence[GetRulePasswordPasswordResetRequirement]: Self-service password reset (SSPR) requirement settings.
password_unlock str: Whether a user is allowed to unlock their account: ALLOW or DENY.
policy_id str: ID of the Policy owning this rule.
priority int: Priority of the rule.
status str: Status of the rule: ACTIVE or INACTIVE.
users_excludeds Sequence[str]: User IDs excluded from this rule.
users_includeds Sequence[str]

groupsExcludeds List<String>
groupsIncludeds List<String>
id String: The ID of this resource.
name String: Name of the rule.
networkConnection String: Network selection mode: ANYWHERE, ZONE.
networkExcludes List<String>: Network zones to exclude (when networkConnection = ZONE).
networkIncludes List<String>: Network zones to include (when networkConnection = ZONE).
passwordChange String: Whether a user is allowed to change their password: ALLOW or DENY.
passwordReset String: Whether a user is allowed to reset their password: ALLOW or DENY.
passwordResetAccessControl String: Whether SSPR access is governed by an authentication policy or legacy behavior. Options: LEGACY, AUTH_POLICY.
passwordResetRequirements List<Property Map>: Self-service password reset (SSPR) requirement settings.
passwordUnlock String: Whether a user is allowed to unlock their account: ALLOW or DENY.
policyId String: ID of the Policy owning this rule.
priority Number: Priority of the rule.
status String: Status of the rule: ACTIVE or INACTIVE.
usersExcludeds List<String>: User IDs excluded from this rule.
usersIncludeds List<String>

Supporting Types

GetRulePasswordPasswordResetRequirement

MethodConstraints List<GetRulePasswordPasswordResetRequirementMethodConstraint>: Constraints on the values specified in primaryMethods.
PrimaryMethods List<string>: Authenticator methods allowed for the initial authentication step of password recovery.
StepUpEnabled bool: Whether a secondary authenticator is required for password reset.
StepUpMethods List<string>: Authenticator methods required for the secondary authentication step of password recovery. Items value: securityQuestion.

MethodConstraints []GetRulePasswordPasswordResetRequirementMethodConstraint: Constraints on the values specified in primaryMethods.
PrimaryMethods []string: Authenticator methods allowed for the initial authentication step of password recovery.
StepUpEnabled bool: Whether a secondary authenticator is required for password reset.
StepUpMethods []string: Authenticator methods required for the secondary authentication step of password recovery. Items value: securityQuestion.

method_constraints list(object): Constraints on the values specified in primaryMethods.
primary_methods list(string): Authenticator methods allowed for the initial authentication step of password recovery.
step_up_enabled bool: Whether a secondary authenticator is required for password reset.
step_up_methods list(string): Authenticator methods required for the secondary authentication step of password recovery. Items value: securityQuestion.

methodConstraints List<GetRulePasswordPasswordResetRequirementMethodConstraint>: Constraints on the values specified in primaryMethods.
primaryMethods List<String>: Authenticator methods allowed for the initial authentication step of password recovery.
stepUpEnabled Boolean: Whether a secondary authenticator is required for password reset.
stepUpMethods List<String>: Authenticator methods required for the secondary authentication step of password recovery. Items value: securityQuestion.

methodConstraints GetRulePasswordPasswordResetRequirementMethodConstraint[]: Constraints on the values specified in primaryMethods.
primaryMethods string[]: Authenticator methods allowed for the initial authentication step of password recovery.
stepUpEnabled boolean: Whether a secondary authenticator is required for password reset.
stepUpMethods string[]: Authenticator methods required for the secondary authentication step of password recovery. Items value: securityQuestion.

method_constraints Sequence[GetRulePasswordPasswordResetRequirementMethodConstraint]: Constraints on the values specified in primaryMethods.
primary_methods Sequence[str]: Authenticator methods allowed for the initial authentication step of password recovery.
step_up_enabled bool: Whether a secondary authenticator is required for password reset.
step_up_methods Sequence[str]: Authenticator methods required for the secondary authentication step of password recovery. Items value: securityQuestion.

methodConstraints List<Property Map>: Constraints on the values specified in primaryMethods.
primaryMethods List<String>: Authenticator methods allowed for the initial authentication step of password recovery.
stepUpEnabled Boolean: Whether a secondary authenticator is required for password reset.
stepUpMethods List<String>: Authenticator methods required for the secondary authentication step of password recovery. Items value: securityQuestion.

GetRulePasswordPasswordResetRequirementMethodConstraint

AllowedAuthenticators List<string>: Keys of the authenticators allowed for this method (e.g. googleOtp).
Method string: The method to constrain (e.g. otp).

AllowedAuthenticators []string: Keys of the authenticators allowed for this method (e.g. googleOtp).
Method string: The method to constrain (e.g. otp).

allowed_authenticators list(string): Keys of the authenticators allowed for this method (e.g. googleOtp).
method string: The method to constrain (e.g. otp).

allowedAuthenticators List<String>: Keys of the authenticators allowed for this method (e.g. googleOtp).
method String: The method to constrain (e.g. otp).

allowedAuthenticators string[]: Keys of the authenticators allowed for this method (e.g. googleOtp).
method string: The method to constrain (e.g. otp).

allowed_authenticators Sequence[str]: Keys of the authenticators allowed for this method (e.g. googleOtp).
method str: The method to constrain (e.g. otp).

allowedAuthenticators List<String>: Keys of the authenticators allowed for this method (e.g. googleOtp).
method String: The method to constrain (e.g. otp).

Package Details

Repository: Okta pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

okta.policy.getRulePassword

On this page

On this page

Example Usage

Using getRulePassword

getRulePassword Result

Supporting Types

GetRulePasswordPasswordResetRequirement

GetRulePasswordPasswordResetRequirementMethodConstraint

Package Details

On this page

On this page