1. Packages
  2. Okta
  3. API Docs
  4. policy
  5. RuleIdpDiscovery
Okta v4.9.2 published on Tuesday, Jun 25, 2024 by Pulumi

okta.policy.RuleIdpDiscovery

Explore with Pulumi AI

okta logo
Okta v4.9.2 published on Tuesday, Jun 25, 2024 by Pulumi

    Creates an IdP Discovery Policy Rule.

    This resource allows you to create and configure an IdP Discovery Policy Rule.

    If you receive the error ‘You do not have permission to access the feature you are requesting’ contact support and request feature flag ‘ADVANCED_SSO’ be applied to your org.

    Example Usage

    All Okta orgs contain only one IdP Discovery Policy

    data “okta.policy.getPolicy” “idp_discovery_policy” { name = “Idp Discovery Policy” type = “IDP_DISCOVERY” }

    resource “okta.policy.RuleIdpDiscovery” “example” { policy_id = data.okta_policy.idp_discovery_policy.id name = “example” idp_id = “” idp_type = “OIDC” network_connection = “ANYWHERE” priority = 1 status = “ACTIVE” user_identifier_type = “ATTRIBUTE” user_identifier_attribute = “company”

    app_exclude { id = “” type = “APP” }

    app_exclude { name = “yahoo_mail” type = “APP_TYPE” }

    app_include { id = “” type = “APP” }

    app_include { name = “” type = “APP_TYPE” }

    platform_include { type = “MOBILE” os_type = “OSX” }

    user_identifier_patterns { match_type = “EQUALS” value = “Articulate” } }

    
    
    
    ## Create RuleIdpDiscovery Resource {#create}
    
    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see [Resources](/docs/concepts/resources/).
    
    ### Constructor syntax
    <div>
    <pulumi-chooser type="language" options="csharp,go,typescript,python,yaml,java"></pulumi-chooser>
    </div>
    
    
    <div>
    <pulumi-choosable type="language" values="javascript,typescript">
    <div class="no-copy"><div class="highlight"><pre class="chroma"><code class="language-typescript" data-lang="typescript"><span class="k">new </span><span class="nx">RuleIdpDiscovery</span><span class="p">(</span><span class="nx">name</span><span class="p">:</span> <span class="nx">string</span><span class="p">,</span> <span class="nx">args</span><span class="p">?:</span> <span class="nx"><a href="#inputs">RuleIdpDiscoveryArgs</a></span><span class="p">,</span> <span class="nx">opts</span><span class="p">?:</span> <span class="nx"><a href="/docs/reference/pkg/nodejs/pulumi/pulumi/#CustomResourceOptions">CustomResourceOptions</a></span><span class="p">);</span></code></pre></div>
    </div></pulumi-choosable>
    </div>
    
    <div>
    <pulumi-choosable type="language" values="python">
    <div class="no-copy"><div class="highlight"><pre class="chroma"><code class="language-python" data-lang="python"><span class=nd>@overload</span>
    <span class="k">def </span><span class="nx">RuleIdpDiscovery</span><span class="p">(</span><span class="nx">resource_name</span><span class="p">:</span> <span class="nx">str</span><span class="p">,</span>
                         <span class="nx">args</span><span class="p">:</span> <span class="nx"><a href="#inputs">Optional[RuleIdpDiscoveryArgs]</a></span> = None<span class="p">,</span>
                         <span class="nx">opts</span><span class="p">:</span> <span class="nx"><a href="/docs/reference/pkg/python/pulumi/#pulumi.ResourceOptions">Optional[ResourceOptions]</a></span> = None<span class="p">)</span>
    <span></span>
    <span class=nd>@overload</span>
    <span class="k">def </span><span class="nx">RuleIdpDiscovery</span><span class="p">(</span><span class="nx">resource_name</span><span class="p">:</span> <span class="nx">str</span><span class="p">,</span>
                         <span class="nx">opts</span><span class="p">:</span> <span class="nx"><a href="/docs/reference/pkg/python/pulumi/#pulumi.ResourceOptions">Optional[ResourceOptions]</a></span> = None<span class="p">,</span>
                         <span class="nx">app_excludes</span><span class="p">:</span> <span class="nx">Optional[Sequence[RuleIdpDiscoveryAppExcludeArgs]]</span> = None<span class="p">,</span>
                         <span class="nx">app_includes</span><span class="p">:</span> <span class="nx">Optional[Sequence[RuleIdpDiscoveryAppIncludeArgs]]</span> = None<span class="p">,</span>
                         <span class="nx">idp_id</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
                         <span class="nx">idp_type</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
                         <span class="nx">name</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
                         <span class="nx">network_connection</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
                         <span class="nx">network_excludes</span><span class="p">:</span> <span class="nx">Optional[Sequence[str]]</span> = None<span class="p">,</span>
                         <span class="nx">network_includes</span><span class="p">:</span> <span class="nx">Optional[Sequence[str]]</span> = None<span class="p">,</span>
                         <span class="nx">platform_includes</span><span class="p">:</span> <span class="nx">Optional[Sequence[RuleIdpDiscoveryPlatformIncludeArgs]]</span> = None<span class="p">,</span>
                         <span class="nx">policy_id</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
                         <span class="nx">priority</span><span class="p">:</span> <span class="nx">Optional[int]</span> = None<span class="p">,</span>
                         <span class="nx">status</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
                         <span class="nx">user_identifier_attribute</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
                         <span class="nx">user_identifier_patterns</span><span class="p">:</span> <span class="nx">Optional[Sequence[RuleIdpDiscoveryUserIdentifierPatternArgs]]</span> = None<span class="p">,</span>
                         <span class="nx">user_identifier_type</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">)</span></code></pre></div>
    </div></pulumi-choosable>
    </div>
    
    <div>
    <pulumi-choosable type="language" values="go">
    <div class="no-copy"><div class="highlight"><pre class="chroma"><code class="language-go" data-lang="go"><span class="k">func </span><span class="nx">NewRuleIdpDiscovery</span><span class="p">(</span><span class="nx">ctx</span><span class="p"> *</span><span class="nx"><a href="https://pkg.go.dev/github.com/pulumi/pulumi/sdk/v3/go/pulumi?tab=doc#Context">Context</a></span><span class="p">,</span> <span class="nx">name</span><span class="p"> </span><span class="nx">string</span><span class="p">,</span> <span class="nx">args</span><span class="p"> *</span><span class="nx"><a href="#inputs">RuleIdpDiscoveryArgs</a></span><span class="p">,</span> <span class="nx">opts</span><span class="p"> ...</span><span class="nx"><a href="https://pkg.go.dev/github.com/pulumi/pulumi/sdk/v3/go/pulumi?tab=doc#ResourceOption">ResourceOption</a></span><span class="p">) (*<span class="nx">RuleIdpDiscovery</span>, error)</span></code></pre></div>
    </div></pulumi-choosable>
    </div>
    
    <div>
    <pulumi-choosable type="language" values="csharp">
    <div class="no-copy"><div class="highlight"><pre class="chroma"><code class="language-csharp" data-lang="csharp"><span class="k">public </span><span class="nx">RuleIdpDiscovery</span><span class="p">(</span><span class="nx">string</span><span class="p"> </span><span class="nx">name<span class="p">,</span> <span class="nx"><a href="#inputs">RuleIdpDiscoveryArgs</a></span><span class="p">? </span><span class="nx">args = null<span class="p">,</span> <span class="nx"><a href="/docs/reference/pkg/dotnet/Pulumi/Pulumi.CustomResourceOptions.html">CustomResourceOptions</a></span><span class="p">? </span><span class="nx">opts = null<span class="p">)</span></code></pre></div>
    </div></pulumi-choosable>
    </div>
    
    <div>
    <pulumi-choosable type="language" values="java">
    <div class="no-copy"><div class="highlight"><pre class="chroma">
    <code class="language-java" data-lang="java"><span class="k">public </span><span class="nx">RuleIdpDiscovery</span><span class="p">(</span><span class="nx">String</span><span class="p"> </span><span class="nx">name<span class="p">,</span> <span class="nx"><a href="#inputs">RuleIdpDiscoveryArgs</a></span><span class="p"> </span><span class="nx">args<span class="p">)</span>
    <span class="k">public </span><span class="nx">RuleIdpDiscovery</span><span class="p">(</span><span class="nx">String</span><span class="p"> </span><span class="nx">name<span class="p">,</span> <span class="nx"><a href="#inputs">RuleIdpDiscoveryArgs</a></span><span class="p"> </span><span class="nx">args<span class="p">,</span> <span class="nx">CustomResourceOptions</span><span class="p"> </span><span class="nx">options<span class="p">)</span>
    </code></pre></div></div>
    </pulumi-choosable>
    </div>
    
    <div>
    <pulumi-choosable type="language" values="yaml">
    <div class="no-copy"><div class="highlight"><pre class="chroma"><code class="language-yaml" data-lang="yaml">type: <span class="nx">okta:policy:RuleIdpDiscovery</span><span class="p"></span>
    <span class="p">properties</span><span class="p">: </span><span class="c">#&nbsp;The arguments to resource properties.</span>
    <span class="p"></span><span class="p">options</span><span class="p">: </span><span class="c">#&nbsp;Bag of options to control resource&#39;s behavior.</span>
    <span class="p"></span>
    </code></pre></div></div>
    </pulumi-choosable>
    </div>
    
    #### Parameters
    
    <div>
    <pulumi-choosable type="language" values="javascript,typescript">
    
    <dl class="resources-properties"><dt
            class="property-required" title="Required">
            <span>name</span>
            <span class="property-indicator"></span>
            <span class="property-type">string</span>
        </dt>
        <dd>The unique name of the resource.</dd><dt
            class="property-optional" title="Optional">
            <span>args</span>
            <span class="property-indicator"></span>
            <span class="property-type"><a href="#inputs">RuleIdpDiscoveryArgs</a></span>
        </dt>
        <dd>The arguments to resource properties.</dd><dt
            class="property-optional" title="Optional">
            <span>opts</span>
            <span class="property-indicator"></span>
            <span class="property-type"><a href="/docs/reference/pkg/nodejs/pulumi/pulumi/#CustomResourceOptions">CustomResourceOptions</a></span>
        </dt>
        <dd>Bag of options to control resource&#39;s behavior.</dd></dl>
    
    </pulumi-choosable>
    </div>
    
    <div>
    <pulumi-choosable type="language" values="python">
    
    <dl class="resources-properties"><dt
            class="property-required" title="Required">
            <span>resource_name</span>
            <span class="property-indicator"></span>
            <span class="property-type">str</span>
        </dt>
        <dd>The unique name of the resource.</dd><dt
            class="property-optional" title="Optional">
            <span>args</span>
            <span class="property-indicator"></span>
            <span class="property-type"><a href="#inputs">RuleIdpDiscoveryArgs</a></span>
        </dt>
        <dd>The arguments to resource properties.</dd><dt
            class="property-optional" title="Optional">
            <span>opts</span>
            <span class="property-indicator"></span>
            <span class="property-type"><a href="/docs/reference/pkg/python/pulumi/#pulumi.ResourceOptions">ResourceOptions</a></span>
        </dt>
        <dd>Bag of options to control resource&#39;s behavior.</dd></dl>
    
    </pulumi-choosable>
    </div>
    
    <div>
    <pulumi-choosable type="language" values="go">
    
    <dl class="resources-properties"><dt
            class="property-optional" title="Optional">
            <span>ctx</span>
            <span class="property-indicator"></span>
            <span class="property-type"><a href="https://pkg.go.dev/github.com/pulumi/pulumi/sdk/v3/go/pulumi?tab=doc#Context">Context</a></span>
        </dt>
        <dd>Context object for the current deployment.</dd><dt
            class="property-required" title="Required">
            <span>name</span>
            <span class="property-indicator"></span>
            <span class="property-type">string</span>
        </dt>
        <dd>The unique name of the resource.</dd><dt
            class="property-optional" title="Optional">
            <span>args</span>
            <span class="property-indicator"></span>
            <span class="property-type"><a href="#inputs">RuleIdpDiscoveryArgs</a></span>
        </dt>
        <dd>The arguments to resource properties.</dd><dt
            class="property-optional" title="Optional">
            <span>opts</span>
            <span class="property-indicator"></span>
            <span class="property-type"><a href="https://pkg.go.dev/github.com/pulumi/pulumi/sdk/v3/go/pulumi?tab=doc#ResourceOption">ResourceOption</a></span>
        </dt>
        <dd>Bag of options to control resource&#39;s behavior.</dd></dl>
    
    </pulumi-choosable>
    </div>
    
    <div>
    <pulumi-choosable type="language" values="csharp">
    
    <dl class="resources-properties"><dt
            class="property-required" title="Required">
            <span>name</span>
            <span class="property-indicator"></span>
            <span class="property-type">string</span>
        </dt>
        <dd>The unique name of the resource.</dd><dt
            class="property-optional" title="Optional">
            <span>args</span>
            <span class="property-indicator"></span>
            <span class="property-type"><a href="#inputs">RuleIdpDiscoveryArgs</a></span>
        </dt>
        <dd>The arguments to resource properties.</dd><dt
            class="property-optional" title="Optional">
            <span>opts</span>
            <span class="property-indicator"></span>
            <span class="property-type"><a href="/docs/reference/pkg/dotnet/Pulumi/Pulumi.CustomResourceOptions.html">CustomResourceOptions</a></span>
        </dt>
        <dd>Bag of options to control resource&#39;s behavior.</dd></dl>
    
    </pulumi-choosable>
    </div>
    
    <div>
    <pulumi-choosable type="language" values="java">
    
    <dl class="resources-properties"><dt
            class="property-required" title="Required">
            <span>name</span>
            <span class="property-indicator"></span>
            <span class="property-type">String</span>
        </dt>
        <dd>The unique name of the resource.</dd><dt
            class="property-required" title="Required">
            <span>args</span>
            <span class="property-indicator"></span>
            <span class="property-type"><a href="#inputs">RuleIdpDiscoveryArgs</a></span>
        </dt>
        <dd>The arguments to resource properties.</dd><dt
            class="property-optional" title="Optional">
            <span>options</span>
            <span class="property-indicator"></span>
            <span class="property-type">CustomResourceOptions</span>
        </dt>
        <dd>Bag of options to control resource&#39;s behavior.</dd></dl>
    
    </pulumi-choosable>
    </div>
    
    
    
    ### Constructor example
    
    The following reference example uses placeholder values for all [input properties](#inputs).
    <div>
    <pulumi-chooser type="language" options="csharp,go,typescript,python,yaml,java"></pulumi-chooser>
    </div>
    
    
    <div>
    <pulumi-choosable type="language" values="csharp">
    
    ```csharp
    var ruleIdpDiscoveryResource = new Okta.Policy.RuleIdpDiscovery("ruleIdpDiscoveryResource", new()
    {
        AppExcludes = new[]
        {
            new Okta.Policy.Inputs.RuleIdpDiscoveryAppExcludeArgs
            {
                Type = "string",
                Id = "string",
                Name = "string",
            },
        },
        AppIncludes = new[]
        {
            new Okta.Policy.Inputs.RuleIdpDiscoveryAppIncludeArgs
            {
                Type = "string",
                Id = "string",
                Name = "string",
            },
        },
        IdpId = "string",
        IdpType = "string",
        Name = "string",
        NetworkConnection = "string",
        NetworkExcludes = new[]
        {
            "string",
        },
        NetworkIncludes = new[]
        {
            "string",
        },
        PlatformIncludes = new[]
        {
            new Okta.Policy.Inputs.RuleIdpDiscoveryPlatformIncludeArgs
            {
                OsExpression = "string",
                OsType = "string",
                Type = "string",
            },
        },
        PolicyId = "string",
        Priority = 0,
        Status = "string",
        UserIdentifierAttribute = "string",
        UserIdentifierPatterns = new[]
        {
            new Okta.Policy.Inputs.RuleIdpDiscoveryUserIdentifierPatternArgs
            {
                MatchType = "string",
                Value = "string",
            },
        },
        UserIdentifierType = "string",
    });
    
    example, err := policy.NewRuleIdpDiscovery(ctx, "ruleIdpDiscoveryResource", &policy.RuleIdpDiscoveryArgs{
    	AppExcludes: policy.RuleIdpDiscoveryAppExcludeArray{
    		&policy.RuleIdpDiscoveryAppExcludeArgs{
    			Type: pulumi.String("string"),
    			Id:   pulumi.String("string"),
    			Name: pulumi.String("string"),
    		},
    	},
    	AppIncludes: policy.RuleIdpDiscoveryAppIncludeArray{
    		&policy.RuleIdpDiscoveryAppIncludeArgs{
    			Type: pulumi.String("string"),
    			Id:   pulumi.String("string"),
    			Name: pulumi.String("string"),
    		},
    	},
    	IdpId:             pulumi.String("string"),
    	IdpType:           pulumi.String("string"),
    	Name:              pulumi.String("string"),
    	NetworkConnection: pulumi.String("string"),
    	NetworkExcludes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	NetworkIncludes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	PlatformIncludes: policy.RuleIdpDiscoveryPlatformIncludeArray{
    		&policy.RuleIdpDiscoveryPlatformIncludeArgs{
    			OsExpression: pulumi.String("string"),
    			OsType:       pulumi.String("string"),
    			Type:         pulumi.String("string"),
    		},
    	},
    	PolicyId:                pulumi.String("string"),
    	Priority:                pulumi.Int(0),
    	Status:                  pulumi.String("string"),
    	UserIdentifierAttribute: pulumi.String("string"),
    	UserIdentifierPatterns: policy.RuleIdpDiscoveryUserIdentifierPatternArray{
    		&policy.RuleIdpDiscoveryUserIdentifierPatternArgs{
    			MatchType: pulumi.String("string"),
    			Value:     pulumi.String("string"),
    		},
    	},
    	UserIdentifierType: pulumi.String("string"),
    })
    
    var ruleIdpDiscoveryResource = new RuleIdpDiscovery("ruleIdpDiscoveryResource", RuleIdpDiscoveryArgs.builder()
        .appExcludes(RuleIdpDiscoveryAppExcludeArgs.builder()
            .type("string")
            .id("string")
            .name("string")
            .build())
        .appIncludes(RuleIdpDiscoveryAppIncludeArgs.builder()
            .type("string")
            .id("string")
            .name("string")
            .build())
        .idpId("string")
        .idpType("string")
        .name("string")
        .networkConnection("string")
        .networkExcludes("string")
        .networkIncludes("string")
        .platformIncludes(RuleIdpDiscoveryPlatformIncludeArgs.builder()
            .osExpression("string")
            .osType("string")
            .type("string")
            .build())
        .policyId("string")
        .priority(0)
        .status("string")
        .userIdentifierAttribute("string")
        .userIdentifierPatterns(RuleIdpDiscoveryUserIdentifierPatternArgs.builder()
            .matchType("string")
            .value("string")
            .build())
        .userIdentifierType("string")
        .build());
    
    rule_idp_discovery_resource = okta.policy.RuleIdpDiscovery("ruleIdpDiscoveryResource",
        app_excludes=[okta.policy.RuleIdpDiscoveryAppExcludeArgs(
            type="string",
            id="string",
            name="string",
        )],
        app_includes=[okta.policy.RuleIdpDiscoveryAppIncludeArgs(
            type="string",
            id="string",
            name="string",
        )],
        idp_id="string",
        idp_type="string",
        name="string",
        network_connection="string",
        network_excludes=["string"],
        network_includes=["string"],
        platform_includes=[okta.policy.RuleIdpDiscoveryPlatformIncludeArgs(
            os_expression="string",
            os_type="string",
            type="string",
        )],
        policy_id="string",
        priority=0,
        status="string",
        user_identifier_attribute="string",
        user_identifier_patterns=[okta.policy.RuleIdpDiscoveryUserIdentifierPatternArgs(
            match_type="string",
            value="string",
        )],
        user_identifier_type="string")
    
    const ruleIdpDiscoveryResource = new okta.policy.RuleIdpDiscovery("ruleIdpDiscoveryResource", {
        appExcludes: [{
            type: "string",
            id: "string",
            name: "string",
        }],
        appIncludes: [{
            type: "string",
            id: "string",
            name: "string",
        }],
        idpId: "string",
        idpType: "string",
        name: "string",
        networkConnection: "string",
        networkExcludes: ["string"],
        networkIncludes: ["string"],
        platformIncludes: [{
            osExpression: "string",
            osType: "string",
            type: "string",
        }],
        policyId: "string",
        priority: 0,
        status: "string",
        userIdentifierAttribute: "string",
        userIdentifierPatterns: [{
            matchType: "string",
            value: "string",
        }],
        userIdentifierType: "string",
    });
    
    type: okta:policy:RuleIdpDiscovery
    properties:
        appExcludes:
            - id: string
              name: string
              type: string
        appIncludes:
            - id: string
              name: string
              type: string
        idpId: string
        idpType: string
        name: string
        networkConnection: string
        networkExcludes:
            - string
        networkIncludes:
            - string
        platformIncludes:
            - osExpression: string
              osType: string
              type: string
        policyId: string
        priority: 0
        status: string
        userIdentifierAttribute: string
        userIdentifierPatterns:
            - matchType: string
              value: string
        userIdentifierType: string
    

    RuleIdpDiscovery Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The RuleIdpDiscovery resource accepts the following input properties:

    AppExcludes List<RuleIdpDiscoveryAppExclude>
    Applications to exclude in discovery. See app_include for details.
    AppIncludes List<RuleIdpDiscoveryAppInclude>
    Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
    IdpId string
    The identifier for the Idp the rule should route to if all conditions are met.
    IdpType string
    Type of Idp. One of: SAML2, IWA, AgentlessDSSO, X509, FACEBOOK, GOOGLE, LINKEDIN, MICROSOFT, OIDC. Default: OKTA
    Name string
    Policy Rule Name
    NetworkConnection string
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    NetworkExcludes List<string>
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    NetworkIncludes List<string>
    Required if network_connection = ZONE. Indicates the network zones to include.
    PlatformIncludes List<RuleIdpDiscoveryPlatformInclude>
    Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
    PolicyId string
    Policy ID of the Rule
    Priority int
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    Status string
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    UserIdentifierAttribute string
    Profile attribute matching can only have a single value that describes the type indicated in user_identifier_type. This is the attribute or identifier that the user_identifier_patterns are checked against.
    UserIdentifierPatterns List<RuleIdpDiscoveryUserIdentifierPattern>
    Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
    UserIdentifierType string
    One of: IDENTIFIER, ATTRIBUTE
    AppExcludes []RuleIdpDiscoveryAppExcludeArgs
    Applications to exclude in discovery. See app_include for details.
    AppIncludes []RuleIdpDiscoveryAppIncludeArgs
    Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
    IdpId string
    The identifier for the Idp the rule should route to if all conditions are met.
    IdpType string
    Type of Idp. One of: SAML2, IWA, AgentlessDSSO, X509, FACEBOOK, GOOGLE, LINKEDIN, MICROSOFT, OIDC. Default: OKTA
    Name string
    Policy Rule Name
    NetworkConnection string
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    NetworkExcludes []string
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    NetworkIncludes []string
    Required if network_connection = ZONE. Indicates the network zones to include.
    PlatformIncludes []RuleIdpDiscoveryPlatformIncludeArgs
    Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
    PolicyId string
    Policy ID of the Rule
    Priority int
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    Status string
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    UserIdentifierAttribute string
    Profile attribute matching can only have a single value that describes the type indicated in user_identifier_type. This is the attribute or identifier that the user_identifier_patterns are checked against.
    UserIdentifierPatterns []RuleIdpDiscoveryUserIdentifierPatternArgs
    Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
    UserIdentifierType string
    One of: IDENTIFIER, ATTRIBUTE
    appExcludes List<RuleIdpDiscoveryAppExclude>
    Applications to exclude in discovery. See app_include for details.
    appIncludes List<RuleIdpDiscoveryAppInclude>
    Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
    idpId String
    The identifier for the Idp the rule should route to if all conditions are met.
    idpType String
    Type of Idp. One of: SAML2, IWA, AgentlessDSSO, X509, FACEBOOK, GOOGLE, LINKEDIN, MICROSOFT, OIDC. Default: OKTA
    name String
    Policy Rule Name
    networkConnection String
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    networkExcludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    networkIncludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to include.
    platformIncludes List<RuleIdpDiscoveryPlatformInclude>
    Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
    policyId String
    Policy ID of the Rule
    priority Integer
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    status String
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    userIdentifierAttribute String
    Profile attribute matching can only have a single value that describes the type indicated in user_identifier_type. This is the attribute or identifier that the user_identifier_patterns are checked against.
    userIdentifierPatterns List<RuleIdpDiscoveryUserIdentifierPattern>
    Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
    userIdentifierType String
    One of: IDENTIFIER, ATTRIBUTE
    appExcludes RuleIdpDiscoveryAppExclude[]
    Applications to exclude in discovery. See app_include for details.
    appIncludes RuleIdpDiscoveryAppInclude[]
    Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
    idpId string
    The identifier for the Idp the rule should route to if all conditions are met.
    idpType string
    Type of Idp. One of: SAML2, IWA, AgentlessDSSO, X509, FACEBOOK, GOOGLE, LINKEDIN, MICROSOFT, OIDC. Default: OKTA
    name string
    Policy Rule Name
    networkConnection string
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    networkExcludes string[]
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    networkIncludes string[]
    Required if network_connection = ZONE. Indicates the network zones to include.
    platformIncludes RuleIdpDiscoveryPlatformInclude[]
    Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
    policyId string
    Policy ID of the Rule
    priority number
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    status string
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    userIdentifierAttribute string
    Profile attribute matching can only have a single value that describes the type indicated in user_identifier_type. This is the attribute or identifier that the user_identifier_patterns are checked against.
    userIdentifierPatterns RuleIdpDiscoveryUserIdentifierPattern[]
    Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
    userIdentifierType string
    One of: IDENTIFIER, ATTRIBUTE
    app_excludes Sequence[RuleIdpDiscoveryAppExcludeArgs]
    Applications to exclude in discovery. See app_include for details.
    app_includes Sequence[RuleIdpDiscoveryAppIncludeArgs]
    Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
    idp_id str
    The identifier for the Idp the rule should route to if all conditions are met.
    idp_type str
    Type of Idp. One of: SAML2, IWA, AgentlessDSSO, X509, FACEBOOK, GOOGLE, LINKEDIN, MICROSOFT, OIDC. Default: OKTA
    name str
    Policy Rule Name
    network_connection str
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    network_excludes Sequence[str]
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    network_includes Sequence[str]
    Required if network_connection = ZONE. Indicates the network zones to include.
    platform_includes Sequence[RuleIdpDiscoveryPlatformIncludeArgs]
    Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
    policy_id str
    Policy ID of the Rule
    priority int
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    status str
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    user_identifier_attribute str
    Profile attribute matching can only have a single value that describes the type indicated in user_identifier_type. This is the attribute or identifier that the user_identifier_patterns are checked against.
    user_identifier_patterns Sequence[RuleIdpDiscoveryUserIdentifierPatternArgs]
    Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
    user_identifier_type str
    One of: IDENTIFIER, ATTRIBUTE
    appExcludes List<Property Map>
    Applications to exclude in discovery. See app_include for details.
    appIncludes List<Property Map>
    Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
    idpId String
    The identifier for the Idp the rule should route to if all conditions are met.
    idpType String
    Type of Idp. One of: SAML2, IWA, AgentlessDSSO, X509, FACEBOOK, GOOGLE, LINKEDIN, MICROSOFT, OIDC. Default: OKTA
    name String
    Policy Rule Name
    networkConnection String
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    networkExcludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    networkIncludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to include.
    platformIncludes List<Property Map>
    Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
    policyId String
    Policy ID of the Rule
    priority Number
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    status String
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    userIdentifierAttribute String
    Profile attribute matching can only have a single value that describes the type indicated in user_identifier_type. This is the attribute or identifier that the user_identifier_patterns are checked against.
    userIdentifierPatterns List<Property Map>
    Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
    userIdentifierType String
    One of: IDENTIFIER, ATTRIBUTE

    Outputs

    All input properties are implicitly available as output properties. Additionally, the RuleIdpDiscovery resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing RuleIdpDiscovery Resource

    Get an existing RuleIdpDiscovery resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RuleIdpDiscoveryState, opts?: CustomResourceOptions): RuleIdpDiscovery
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            app_excludes: Optional[Sequence[RuleIdpDiscoveryAppExcludeArgs]] = None,
            app_includes: Optional[Sequence[RuleIdpDiscoveryAppIncludeArgs]] = None,
            idp_id: Optional[str] = None,
            idp_type: Optional[str] = None,
            name: Optional[str] = None,
            network_connection: Optional[str] = None,
            network_excludes: Optional[Sequence[str]] = None,
            network_includes: Optional[Sequence[str]] = None,
            platform_includes: Optional[Sequence[RuleIdpDiscoveryPlatformIncludeArgs]] = None,
            policy_id: Optional[str] = None,
            priority: Optional[int] = None,
            status: Optional[str] = None,
            user_identifier_attribute: Optional[str] = None,
            user_identifier_patterns: Optional[Sequence[RuleIdpDiscoveryUserIdentifierPatternArgs]] = None,
            user_identifier_type: Optional[str] = None) -> RuleIdpDiscovery
    func GetRuleIdpDiscovery(ctx *Context, name string, id IDInput, state *RuleIdpDiscoveryState, opts ...ResourceOption) (*RuleIdpDiscovery, error)
    public static RuleIdpDiscovery Get(string name, Input<string> id, RuleIdpDiscoveryState? state, CustomResourceOptions? opts = null)
    public static RuleIdpDiscovery get(String name, Output<String> id, RuleIdpDiscoveryState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AppExcludes List<RuleIdpDiscoveryAppExclude>
    Applications to exclude in discovery. See app_include for details.
    AppIncludes List<RuleIdpDiscoveryAppInclude>
    Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
    IdpId string
    The identifier for the Idp the rule should route to if all conditions are met.
    IdpType string
    Type of Idp. One of: SAML2, IWA, AgentlessDSSO, X509, FACEBOOK, GOOGLE, LINKEDIN, MICROSOFT, OIDC. Default: OKTA
    Name string
    Policy Rule Name
    NetworkConnection string
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    NetworkExcludes List<string>
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    NetworkIncludes List<string>
    Required if network_connection = ZONE. Indicates the network zones to include.
    PlatformIncludes List<RuleIdpDiscoveryPlatformInclude>
    Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
    PolicyId string
    Policy ID of the Rule
    Priority int
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    Status string
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    UserIdentifierAttribute string
    Profile attribute matching can only have a single value that describes the type indicated in user_identifier_type. This is the attribute or identifier that the user_identifier_patterns are checked against.
    UserIdentifierPatterns List<RuleIdpDiscoveryUserIdentifierPattern>
    Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
    UserIdentifierType string
    One of: IDENTIFIER, ATTRIBUTE
    AppExcludes []RuleIdpDiscoveryAppExcludeArgs
    Applications to exclude in discovery. See app_include for details.
    AppIncludes []RuleIdpDiscoveryAppIncludeArgs
    Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
    IdpId string
    The identifier for the Idp the rule should route to if all conditions are met.
    IdpType string
    Type of Idp. One of: SAML2, IWA, AgentlessDSSO, X509, FACEBOOK, GOOGLE, LINKEDIN, MICROSOFT, OIDC. Default: OKTA
    Name string
    Policy Rule Name
    NetworkConnection string
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    NetworkExcludes []string
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    NetworkIncludes []string
    Required if network_connection = ZONE. Indicates the network zones to include.
    PlatformIncludes []RuleIdpDiscoveryPlatformIncludeArgs
    Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
    PolicyId string
    Policy ID of the Rule
    Priority int
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    Status string
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    UserIdentifierAttribute string
    Profile attribute matching can only have a single value that describes the type indicated in user_identifier_type. This is the attribute or identifier that the user_identifier_patterns are checked against.
    UserIdentifierPatterns []RuleIdpDiscoveryUserIdentifierPatternArgs
    Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
    UserIdentifierType string
    One of: IDENTIFIER, ATTRIBUTE
    appExcludes List<RuleIdpDiscoveryAppExclude>
    Applications to exclude in discovery. See app_include for details.
    appIncludes List<RuleIdpDiscoveryAppInclude>
    Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
    idpId String
    The identifier for the Idp the rule should route to if all conditions are met.
    idpType String
    Type of Idp. One of: SAML2, IWA, AgentlessDSSO, X509, FACEBOOK, GOOGLE, LINKEDIN, MICROSOFT, OIDC. Default: OKTA
    name String
    Policy Rule Name
    networkConnection String
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    networkExcludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    networkIncludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to include.
    platformIncludes List<RuleIdpDiscoveryPlatformInclude>
    Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
    policyId String
    Policy ID of the Rule
    priority Integer
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    status String
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    userIdentifierAttribute String
    Profile attribute matching can only have a single value that describes the type indicated in user_identifier_type. This is the attribute or identifier that the user_identifier_patterns are checked against.
    userIdentifierPatterns List<RuleIdpDiscoveryUserIdentifierPattern>
    Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
    userIdentifierType String
    One of: IDENTIFIER, ATTRIBUTE
    appExcludes RuleIdpDiscoveryAppExclude[]
    Applications to exclude in discovery. See app_include for details.
    appIncludes RuleIdpDiscoveryAppInclude[]
    Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
    idpId string
    The identifier for the Idp the rule should route to if all conditions are met.
    idpType string
    Type of Idp. One of: SAML2, IWA, AgentlessDSSO, X509, FACEBOOK, GOOGLE, LINKEDIN, MICROSOFT, OIDC. Default: OKTA
    name string
    Policy Rule Name
    networkConnection string
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    networkExcludes string[]
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    networkIncludes string[]
    Required if network_connection = ZONE. Indicates the network zones to include.
    platformIncludes RuleIdpDiscoveryPlatformInclude[]
    Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
    policyId string
    Policy ID of the Rule
    priority number
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    status string
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    userIdentifierAttribute string
    Profile attribute matching can only have a single value that describes the type indicated in user_identifier_type. This is the attribute or identifier that the user_identifier_patterns are checked against.
    userIdentifierPatterns RuleIdpDiscoveryUserIdentifierPattern[]
    Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
    userIdentifierType string
    One of: IDENTIFIER, ATTRIBUTE
    app_excludes Sequence[RuleIdpDiscoveryAppExcludeArgs]
    Applications to exclude in discovery. See app_include for details.
    app_includes Sequence[RuleIdpDiscoveryAppIncludeArgs]
    Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
    idp_id str
    The identifier for the Idp the rule should route to if all conditions are met.
    idp_type str
    Type of Idp. One of: SAML2, IWA, AgentlessDSSO, X509, FACEBOOK, GOOGLE, LINKEDIN, MICROSOFT, OIDC. Default: OKTA
    name str
    Policy Rule Name
    network_connection str
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    network_excludes Sequence[str]
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    network_includes Sequence[str]
    Required if network_connection = ZONE. Indicates the network zones to include.
    platform_includes Sequence[RuleIdpDiscoveryPlatformIncludeArgs]
    Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
    policy_id str
    Policy ID of the Rule
    priority int
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    status str
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    user_identifier_attribute str
    Profile attribute matching can only have a single value that describes the type indicated in user_identifier_type. This is the attribute or identifier that the user_identifier_patterns are checked against.
    user_identifier_patterns Sequence[RuleIdpDiscoveryUserIdentifierPatternArgs]
    Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
    user_identifier_type str
    One of: IDENTIFIER, ATTRIBUTE
    appExcludes List<Property Map>
    Applications to exclude in discovery. See app_include for details.
    appIncludes List<Property Map>
    Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
    idpId String
    The identifier for the Idp the rule should route to if all conditions are met.
    idpType String
    Type of Idp. One of: SAML2, IWA, AgentlessDSSO, X509, FACEBOOK, GOOGLE, LINKEDIN, MICROSOFT, OIDC. Default: OKTA
    name String
    Policy Rule Name
    networkConnection String
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    networkExcludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    networkIncludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to include.
    platformIncludes List<Property Map>
    Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
    policyId String
    Policy ID of the Rule
    priority Number
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    status String
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    userIdentifierAttribute String
    Profile attribute matching can only have a single value that describes the type indicated in user_identifier_type. This is the attribute or identifier that the user_identifier_patterns are checked against.
    userIdentifierPatterns List<Property Map>
    Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
    userIdentifierType String
    One of: IDENTIFIER, ATTRIBUTE

    Supporting Types

    RuleIdpDiscoveryAppExclude, RuleIdpDiscoveryAppExcludeArgs

    Type string
    Id string
    Name string
    Type string
    Id string
    Name string
    type String
    id String
    name String
    type string
    id string
    name string
    type str
    id str
    name str
    type String
    id String
    name String

    RuleIdpDiscoveryAppInclude, RuleIdpDiscoveryAppIncludeArgs

    Type string
    Id string
    Name string
    Type string
    Id string
    Name string
    type String
    id String
    name String
    type string
    id string
    name string
    type str
    id str
    name str
    type String
    id String
    name String

    RuleIdpDiscoveryPlatformInclude, RuleIdpDiscoveryPlatformIncludeArgs

    OsExpression string
    Only available with OTHER OS type
    OsType string
    Type string
    OsExpression string
    Only available with OTHER OS type
    OsType string
    Type string
    osExpression String
    Only available with OTHER OS type
    osType String
    type String
    osExpression string
    Only available with OTHER OS type
    osType string
    type string
    os_expression str
    Only available with OTHER OS type
    os_type str
    type str
    osExpression String
    Only available with OTHER OS type
    osType String
    type String

    RuleIdpDiscoveryUserIdentifierPattern, RuleIdpDiscoveryUserIdentifierPatternArgs

    MatchType string
    Value string
    MatchType string
    Value string
    matchType String
    value String
    matchType string
    value string
    match_type str
    value str
    matchType String
    value String

    Import

    $ pulumi import okta:policy/ruleIdpDiscovery:RuleIdpDiscovery example &#60;policy id&#62;/&#60;rule id&#62;
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Okta pulumi/pulumi-okta
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the okta Terraform Provider.
    okta logo
    Okta v4.9.2 published on Tuesday, Jun 25, 2024 by Pulumi