Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi
published on Wednesday, Apr 29, 2026 by Pulumi
Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi
published on Wednesday, Apr 29, 2026 by Pulumi
Creates an IdP Discovery Policy Rule.
This resource allows you to create and configure an IdP Discovery Policy Rule.
If you receive the error ‘You do not have permission to access the feature you are requesting’ contact support and request feature flag ‘ADVANCED_SSO’ be applied to your org.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
//## All Okta orgs contain only one IdP Discovery Policy
const idpDiscoveryPolicy = okta.policy.getPolicy({
name: "Idp Discovery Policy",
type: "IDP_DISCOVERY",
});
// Example 1: Specific IdP routing - route to a named OIDC IdP
const example = new okta.policy.RuleIdpDiscovery("example", {
policyId: idpDiscoveryPolicy.then(idpDiscoveryPolicy => idpDiscoveryPolicy.id),
name: "example",
idpProviders: [{
id: "<idp id>",
type: "OIDC",
}],
networkConnection: "ANYWHERE",
priority: 1,
status: "ACTIVE",
userIdentifierType: "ATTRIBUTE",
userIdentifierAttribute: "company",
appExcludes: [
{
id: "<app id>",
type: "APP",
},
{
name: "yahoo_mail",
type: "APP_TYPE",
},
],
appIncludes: [
{
id: "<app id>",
type: "APP",
},
{
name: "<app type name>",
type: "APP_TYPE",
},
],
platformIncludes: [{
type: "MOBILE",
osType: "OSX",
}],
userIdentifierPatterns: [{
matchType: "EQUALS",
value: "Articulate",
}],
});
// Example 2: Dynamic IdP routing - select IdP based on an expression
const dynamicExample = new okta.policy.RuleIdpDiscovery("dynamic_example", {
policyId: idpDiscoveryPolicy.then(idpDiscoveryPolicy => idpDiscoveryPolicy.id),
name: "dynamic-idp-routing",
networkConnection: "ANYWHERE",
priority: 2,
status: "ACTIVE",
selectionType: "DYNAMIC",
providerExpression: "login.identifier.substringAfter('@')",
});
import pulumi
import pulumi_okta as okta
### All Okta orgs contain only one IdP Discovery Policy
idp_discovery_policy = okta.policy.get_policy(name="Idp Discovery Policy",
type="IDP_DISCOVERY")
# Example 1: Specific IdP routing - route to a named OIDC IdP
example = okta.policy.RuleIdpDiscovery("example",
policy_id=idp_discovery_policy.id,
name="example",
idp_providers=[{
"id": "<idp id>",
"type": "OIDC",
}],
network_connection="ANYWHERE",
priority=1,
status="ACTIVE",
user_identifier_type="ATTRIBUTE",
user_identifier_attribute="company",
app_excludes=[
{
"id": "<app id>",
"type": "APP",
},
{
"name": "yahoo_mail",
"type": "APP_TYPE",
},
],
app_includes=[
{
"id": "<app id>",
"type": "APP",
},
{
"name": "<app type name>",
"type": "APP_TYPE",
},
],
platform_includes=[{
"type": "MOBILE",
"os_type": "OSX",
}],
user_identifier_patterns=[{
"match_type": "EQUALS",
"value": "Articulate",
}])
# Example 2: Dynamic IdP routing - select IdP based on an expression
dynamic_example = okta.policy.RuleIdpDiscovery("dynamic_example",
policy_id=idp_discovery_policy.id,
name="dynamic-idp-routing",
network_connection="ANYWHERE",
priority=2,
status="ACTIVE",
selection_type="DYNAMIC",
provider_expression="login.identifier.substringAfter('@')")
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v6/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// ## All Okta orgs contain only one IdP Discovery Policy
idpDiscoveryPolicy, err := policy.GetPolicy(ctx, &policy.GetPolicyArgs{
Name: "Idp Discovery Policy",
Type: "IDP_DISCOVERY",
}, nil)
if err != nil {
return err
}
// Example 1: Specific IdP routing - route to a named OIDC IdP
_, err = policy.NewRuleIdpDiscovery(ctx, "example", &policy.RuleIdpDiscoveryArgs{
PolicyId: pulumi.String(pulumi.String(idpDiscoveryPolicy.Id)),
Name: pulumi.String("example"),
IdpProviders: policy.RuleIdpDiscoveryIdpProviderArray{
&policy.RuleIdpDiscoveryIdpProviderArgs{
Id: pulumi.String("<idp id>"),
Type: pulumi.String("OIDC"),
},
},
NetworkConnection: pulumi.String("ANYWHERE"),
Priority: pulumi.Int(1),
Status: pulumi.String("ACTIVE"),
UserIdentifierType: pulumi.String("ATTRIBUTE"),
UserIdentifierAttribute: pulumi.String("company"),
AppExcludes: policy.RuleIdpDiscoveryAppExcludeArray{
&policy.RuleIdpDiscoveryAppExcludeArgs{
Id: pulumi.String("<app id>"),
Type: pulumi.String("APP"),
},
&policy.RuleIdpDiscoveryAppExcludeArgs{
Name: pulumi.String("yahoo_mail"),
Type: pulumi.String("APP_TYPE"),
},
},
AppIncludes: policy.RuleIdpDiscoveryAppIncludeArray{
&policy.RuleIdpDiscoveryAppIncludeArgs{
Id: pulumi.String("<app id>"),
Type: pulumi.String("APP"),
},
&policy.RuleIdpDiscoveryAppIncludeArgs{
Name: pulumi.String("<app type name>"),
Type: pulumi.String("APP_TYPE"),
},
},
PlatformIncludes: policy.RuleIdpDiscoveryPlatformIncludeArray{
&policy.RuleIdpDiscoveryPlatformIncludeArgs{
Type: pulumi.String("MOBILE"),
OsType: pulumi.String("OSX"),
},
},
UserIdentifierPatterns: policy.RuleIdpDiscoveryUserIdentifierPatternArray{
&policy.RuleIdpDiscoveryUserIdentifierPatternArgs{
MatchType: pulumi.String("EQUALS"),
Value: pulumi.String("Articulate"),
},
},
})
if err != nil {
return err
}
// Example 2: Dynamic IdP routing - select IdP based on an expression
_, err = policy.NewRuleIdpDiscovery(ctx, "dynamic_example", &policy.RuleIdpDiscoveryArgs{
PolicyId: pulumi.String(pulumi.String(idpDiscoveryPolicy.Id)),
Name: pulumi.String("dynamic-idp-routing"),
NetworkConnection: pulumi.String("ANYWHERE"),
Priority: pulumi.Int(2),
Status: pulumi.String("ACTIVE"),
SelectionType: pulumi.String("DYNAMIC"),
ProviderExpression: pulumi.String("login.identifier.substringAfter('@')"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
//## All Okta orgs contain only one IdP Discovery Policy
var idpDiscoveryPolicy = Okta.Policy.GetPolicy.Invoke(new()
{
Name = "Idp Discovery Policy",
Type = "IDP_DISCOVERY",
});
// Example 1: Specific IdP routing - route to a named OIDC IdP
var example = new Okta.Policy.RuleIdpDiscovery("example", new()
{
PolicyId = idpDiscoveryPolicy.Apply(getPolicyResult => getPolicyResult.Id),
Name = "example",
IdpProviders = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryIdpProviderArgs
{
Id = "<idp id>",
Type = "OIDC",
},
},
NetworkConnection = "ANYWHERE",
Priority = 1,
Status = "ACTIVE",
UserIdentifierType = "ATTRIBUTE",
UserIdentifierAttribute = "company",
AppExcludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryAppExcludeArgs
{
Id = "<app id>",
Type = "APP",
},
new Okta.Policy.Inputs.RuleIdpDiscoveryAppExcludeArgs
{
Name = "yahoo_mail",
Type = "APP_TYPE",
},
},
AppIncludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryAppIncludeArgs
{
Id = "<app id>",
Type = "APP",
},
new Okta.Policy.Inputs.RuleIdpDiscoveryAppIncludeArgs
{
Name = "<app type name>",
Type = "APP_TYPE",
},
},
PlatformIncludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryPlatformIncludeArgs
{
Type = "MOBILE",
OsType = "OSX",
},
},
UserIdentifierPatterns = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryUserIdentifierPatternArgs
{
MatchType = "EQUALS",
Value = "Articulate",
},
},
});
// Example 2: Dynamic IdP routing - select IdP based on an expression
var dynamicExample = new Okta.Policy.RuleIdpDiscovery("dynamic_example", new()
{
PolicyId = idpDiscoveryPolicy.Apply(getPolicyResult => getPolicyResult.Id),
Name = "dynamic-idp-routing",
NetworkConnection = "ANYWHERE",
Priority = 2,
Status = "ACTIVE",
SelectionType = "DYNAMIC",
ProviderExpression = "login.identifier.substringAfter('@')",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetPolicyArgs;
import com.pulumi.okta.policy.RuleIdpDiscovery;
import com.pulumi.okta.policy.RuleIdpDiscoveryArgs;
import com.pulumi.okta.policy.inputs.RuleIdpDiscoveryIdpProviderArgs;
import com.pulumi.okta.policy.inputs.RuleIdpDiscoveryAppExcludeArgs;
import com.pulumi.okta.policy.inputs.RuleIdpDiscoveryAppIncludeArgs;
import com.pulumi.okta.policy.inputs.RuleIdpDiscoveryPlatformIncludeArgs;
import com.pulumi.okta.policy.inputs.RuleIdpDiscoveryUserIdentifierPatternArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
//## All Okta orgs contain only one IdP Discovery Policy
final var idpDiscoveryPolicy = PolicyFunctions.getPolicy(GetPolicyArgs.builder()
.name("Idp Discovery Policy")
.type("IDP_DISCOVERY")
.build());
// Example 1: Specific IdP routing - route to a named OIDC IdP
var example = new RuleIdpDiscovery("example", RuleIdpDiscoveryArgs.builder()
.policyId(idpDiscoveryPolicy.id())
.name("example")
.idpProviders(RuleIdpDiscoveryIdpProviderArgs.builder()
.id("<idp id>")
.type("OIDC")
.build())
.networkConnection("ANYWHERE")
.priority(1)
.status("ACTIVE")
.userIdentifierType("ATTRIBUTE")
.userIdentifierAttribute("company")
.appExcludes(
RuleIdpDiscoveryAppExcludeArgs.builder()
.id("<app id>")
.type("APP")
.build(),
RuleIdpDiscoveryAppExcludeArgs.builder()
.name("yahoo_mail")
.type("APP_TYPE")
.build())
.appIncludes(
RuleIdpDiscoveryAppIncludeArgs.builder()
.id("<app id>")
.type("APP")
.build(),
RuleIdpDiscoveryAppIncludeArgs.builder()
.name("<app type name>")
.type("APP_TYPE")
.build())
.platformIncludes(RuleIdpDiscoveryPlatformIncludeArgs.builder()
.type("MOBILE")
.osType("OSX")
.build())
.userIdentifierPatterns(RuleIdpDiscoveryUserIdentifierPatternArgs.builder()
.matchType("EQUALS")
.value("Articulate")
.build())
.build());
// Example 2: Dynamic IdP routing - select IdP based on an expression
var dynamicExample = new RuleIdpDiscovery("dynamicExample", RuleIdpDiscoveryArgs.builder()
.policyId(idpDiscoveryPolicy.id())
.name("dynamic-idp-routing")
.networkConnection("ANYWHERE")
.priority(2)
.status("ACTIVE")
.selectionType("DYNAMIC")
.providerExpression("login.identifier.substringAfter('@')")
.build());
}
}
resources:
# Example 1: Specific IdP routing - route to a named OIDC IdP
example:
type: okta:policy:RuleIdpDiscovery
properties:
policyId: ${idpDiscoveryPolicy.id}
name: example
idpProviders:
- id: <idp id>
type: OIDC
networkConnection: ANYWHERE
priority: 1
status: ACTIVE
userIdentifierType: ATTRIBUTE
userIdentifierAttribute: company
appExcludes:
- id: <app id>
type: APP
- name: yahoo_mail
type: APP_TYPE
appIncludes:
- id: <app id>
type: APP
- name: <app type name>
type: APP_TYPE
platformIncludes:
- type: MOBILE
osType: OSX
userIdentifierPatterns:
- matchType: EQUALS
value: Articulate
# Example 2: Dynamic IdP routing - select IdP based on an expression
dynamicExample:
type: okta:policy:RuleIdpDiscovery
name: dynamic_example
properties:
policyId: ${idpDiscoveryPolicy.id}
name: dynamic-idp-routing
networkConnection: ANYWHERE
priority: 2
status: ACTIVE
selectionType: DYNAMIC
providerExpression: login.identifier.substringAfter('@')
variables:
### All Okta orgs contain only one IdP Discovery Policy
idpDiscoveryPolicy:
fn::invoke:
function: okta:policy:getPolicy
arguments:
name: Idp Discovery Policy
type: IDP_DISCOVERY
Example coming soon!
Create RuleIdpDiscovery Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RuleIdpDiscovery(name: string, args?: RuleIdpDiscoveryArgs, opts?: CustomResourceOptions);@overload
def RuleIdpDiscovery(resource_name: str,
args: Optional[RuleIdpDiscoveryArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def RuleIdpDiscovery(resource_name: str,
opts: Optional[ResourceOptions] = None,
app_excludes: Optional[Sequence[RuleIdpDiscoveryAppExcludeArgs]] = None,
app_includes: Optional[Sequence[RuleIdpDiscoveryAppIncludeArgs]] = None,
idp_providers: Optional[Sequence[RuleIdpDiscoveryIdpProviderArgs]] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
platform_includes: Optional[Sequence[RuleIdpDiscoveryPlatformIncludeArgs]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
property_name: Optional[str] = None,
provider_expression: Optional[str] = None,
selection_type: Optional[str] = None,
should_fall_back_to_okta: Optional[bool] = None,
status: Optional[str] = None,
user_identifier_attribute: Optional[str] = None,
user_identifier_patterns: Optional[Sequence[RuleIdpDiscoveryUserIdentifierPatternArgs]] = None,
user_identifier_type: Optional[str] = None)func NewRuleIdpDiscovery(ctx *Context, name string, args *RuleIdpDiscoveryArgs, opts ...ResourceOption) (*RuleIdpDiscovery, error)public RuleIdpDiscovery(string name, RuleIdpDiscoveryArgs? args = null, CustomResourceOptions? opts = null)
public RuleIdpDiscovery(String name, RuleIdpDiscoveryArgs args)
public RuleIdpDiscovery(String name, RuleIdpDiscoveryArgs args, CustomResourceOptions options)
type: okta:policy:RuleIdpDiscovery
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "okta_policy_ruleidpdiscovery" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args RuleIdpDiscoveryArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RuleIdpDiscoveryArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RuleIdpDiscoveryArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleIdpDiscoveryArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RuleIdpDiscoveryArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ruleIdpDiscoveryResource = new Okta.Policy.RuleIdpDiscovery("ruleIdpDiscoveryResource", new()
{
AppExcludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryAppExcludeArgs
{
Type = "string",
Id = "string",
Name = "string",
},
},
AppIncludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryAppIncludeArgs
{
Type = "string",
Id = "string",
Name = "string",
},
},
IdpProviders = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryIdpProviderArgs
{
Id = "string",
Type = "string",
},
},
Name = "string",
NetworkConnection = "string",
NetworkExcludes = new[]
{
"string",
},
NetworkIncludes = new[]
{
"string",
},
PlatformIncludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryPlatformIncludeArgs
{
OsExpression = "string",
OsType = "string",
Type = "string",
},
},
PolicyId = "string",
Priority = 0,
PropertyName = "string",
ProviderExpression = "string",
SelectionType = "string",
ShouldFallBackToOkta = false,
Status = "string",
UserIdentifierAttribute = "string",
UserIdentifierPatterns = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryUserIdentifierPatternArgs
{
MatchType = "string",
Value = "string",
},
},
UserIdentifierType = "string",
});
example, err := policy.NewRuleIdpDiscovery(ctx, "ruleIdpDiscoveryResource", &policy.RuleIdpDiscoveryArgs{
AppExcludes: policy.RuleIdpDiscoveryAppExcludeArray{
&policy.RuleIdpDiscoveryAppExcludeArgs{
Type: pulumi.String("string"),
Id: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
AppIncludes: policy.RuleIdpDiscoveryAppIncludeArray{
&policy.RuleIdpDiscoveryAppIncludeArgs{
Type: pulumi.String("string"),
Id: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
IdpProviders: policy.RuleIdpDiscoveryIdpProviderArray{
&policy.RuleIdpDiscoveryIdpProviderArgs{
Id: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
NetworkConnection: pulumi.String("string"),
NetworkExcludes: pulumi.StringArray{
pulumi.String("string"),
},
NetworkIncludes: pulumi.StringArray{
pulumi.String("string"),
},
PlatformIncludes: policy.RuleIdpDiscoveryPlatformIncludeArray{
&policy.RuleIdpDiscoveryPlatformIncludeArgs{
OsExpression: pulumi.String("string"),
OsType: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
PolicyId: pulumi.String("string"),
Priority: pulumi.Int(0),
PropertyName: pulumi.String("string"),
ProviderExpression: pulumi.String("string"),
SelectionType: pulumi.String("string"),
ShouldFallBackToOkta: pulumi.Bool(false),
Status: pulumi.String("string"),
UserIdentifierAttribute: pulumi.String("string"),
UserIdentifierPatterns: policy.RuleIdpDiscoveryUserIdentifierPatternArray{
&policy.RuleIdpDiscoveryUserIdentifierPatternArgs{
MatchType: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
UserIdentifierType: pulumi.String("string"),
})
resource "okta_policy_ruleidpdiscovery" "ruleIdpDiscoveryResource" {
app_excludes {
type = "string"
id = "string"
name = "string"
}
app_includes {
type = "string"
id = "string"
name = "string"
}
idp_providers {
id = "string"
type = "string"
}
name = "string"
network_connection = "string"
network_excludes = ["string"]
network_includes = ["string"]
platform_includes {
os_expression = "string"
os_type = "string"
type = "string"
}
policy_id = "string"
priority = 0
property_name = "string"
provider_expression = "string"
selection_type = "string"
should_fall_back_to_okta = false
status = "string"
user_identifier_attribute = "string"
user_identifier_patterns {
match_type = "string"
value = "string"
}
user_identifier_type = "string"
}
var ruleIdpDiscoveryResource = new RuleIdpDiscovery("ruleIdpDiscoveryResource", RuleIdpDiscoveryArgs.builder()
.appExcludes(RuleIdpDiscoveryAppExcludeArgs.builder()
.type("string")
.id("string")
.name("string")
.build())
.appIncludes(RuleIdpDiscoveryAppIncludeArgs.builder()
.type("string")
.id("string")
.name("string")
.build())
.idpProviders(RuleIdpDiscoveryIdpProviderArgs.builder()
.id("string")
.type("string")
.build())
.name("string")
.networkConnection("string")
.networkExcludes("string")
.networkIncludes("string")
.platformIncludes(RuleIdpDiscoveryPlatformIncludeArgs.builder()
.osExpression("string")
.osType("string")
.type("string")
.build())
.policyId("string")
.priority(0)
.propertyName("string")
.providerExpression("string")
.selectionType("string")
.shouldFallBackToOkta(false)
.status("string")
.userIdentifierAttribute("string")
.userIdentifierPatterns(RuleIdpDiscoveryUserIdentifierPatternArgs.builder()
.matchType("string")
.value("string")
.build())
.userIdentifierType("string")
.build());
rule_idp_discovery_resource = okta.policy.RuleIdpDiscovery("ruleIdpDiscoveryResource",
app_excludes=[{
"type": "string",
"id": "string",
"name": "string",
}],
app_includes=[{
"type": "string",
"id": "string",
"name": "string",
}],
idp_providers=[{
"id": "string",
"type": "string",
}],
name="string",
network_connection="string",
network_excludes=["string"],
network_includes=["string"],
platform_includes=[{
"os_expression": "string",
"os_type": "string",
"type": "string",
}],
policy_id="string",
priority=0,
property_name="string",
provider_expression="string",
selection_type="string",
should_fall_back_to_okta=False,
status="string",
user_identifier_attribute="string",
user_identifier_patterns=[{
"match_type": "string",
"value": "string",
}],
user_identifier_type="string")
const ruleIdpDiscoveryResource = new okta.policy.RuleIdpDiscovery("ruleIdpDiscoveryResource", {
appExcludes: [{
type: "string",
id: "string",
name: "string",
}],
appIncludes: [{
type: "string",
id: "string",
name: "string",
}],
idpProviders: [{
id: "string",
type: "string",
}],
name: "string",
networkConnection: "string",
networkExcludes: ["string"],
networkIncludes: ["string"],
platformIncludes: [{
osExpression: "string",
osType: "string",
type: "string",
}],
policyId: "string",
priority: 0,
propertyName: "string",
providerExpression: "string",
selectionType: "string",
shouldFallBackToOkta: false,
status: "string",
userIdentifierAttribute: "string",
userIdentifierPatterns: [{
matchType: "string",
value: "string",
}],
userIdentifierType: "string",
});
type: okta:policy:RuleIdpDiscovery
properties:
appExcludes:
- id: string
name: string
type: string
appIncludes:
- id: string
name: string
type: string
idpProviders:
- id: string
type: string
name: string
networkConnection: string
networkExcludes:
- string
networkIncludes:
- string
platformIncludes:
- osExpression: string
osType: string
type: string
policyId: string
priority: 0
propertyName: string
providerExpression: string
selectionType: string
shouldFallBackToOkta: false
status: string
userIdentifierAttribute: string
userIdentifierPatterns:
- matchType: string
value: string
userIdentifierType: string
RuleIdpDiscovery Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The RuleIdpDiscovery resource accepts the following input properties:
- App
Excludes List<RuleIdp Discovery App Exclude> - Applications to exclude in discovery. See
appIncludefor details. - App
Includes List<RuleIdp Discovery App Include> - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Idp
Providers List<RuleIdp Discovery Idp Provider> - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - Network
Excludes List<string> - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - Network
Includes List<string> - Required if
networkConnection=ZONE. Indicates the network zones to include. - Platform
Includes List<RuleIdp Discovery Platform Include> - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Property
Name string - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - Provider
Expression string - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - Selection
Type string - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - Should
Fall boolBack To Okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - User
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - User
Identifier List<RulePatterns Idp Discovery User Identifier Pattern> - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- User
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- App
Excludes []RuleIdp Discovery App Exclude Args - Applications to exclude in discovery. See
appIncludefor details. - App
Includes []RuleIdp Discovery App Include Args - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Idp
Providers []RuleIdp Discovery Idp Provider Args - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - Network
Excludes []string - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - Network
Includes []string - Required if
networkConnection=ZONE. Indicates the network zones to include. - Platform
Includes []RuleIdp Discovery Platform Include Args - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Property
Name string - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - Provider
Expression string - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - Selection
Type string - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - Should
Fall boolBack To Okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - User
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - User
Identifier []RulePatterns Idp Discovery User Identifier Pattern Args - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- User
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- app_
excludes list(object) - Applications to exclude in discovery. See
appIncludefor details. - app_
includes list(object) - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp_
providers list(object) - name string
- Policy Rule Name
- network_
connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network_
excludes list(string) - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network_
includes list(string) - Required if
networkConnection=ZONE. Indicates the network zones to include. - platform_
includes list(object) - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy_
id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- property_
name string - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - provider_
expression string - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - selection_
type string - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - should_
fall_ boolback_ to_ okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user_
identifier_ stringattribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - user_
identifier_ list(object)patterns - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- user_
identifier_ stringtype - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes List<RuleIdp Discovery App Exclude> - Applications to exclude in discovery. See
appIncludefor details. - app
Includes List<RuleIdp Discovery App Include> - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Providers List<RuleIdp Discovery Idp Provider> - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to include. - platform
Includes List<RuleIdp Discovery Platform Include> - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id String - Policy ID of the Rule
- priority Integer
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- property
Name String - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - provider
Expression String - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - selection
Type String - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - should
Fall BooleanBack To Okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier StringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - user
Identifier List<RulePatterns Idp Discovery User Identifier Pattern> - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier StringType - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes RuleIdp Discovery App Exclude[] - Applications to exclude in discovery. See
appIncludefor details. - app
Includes RuleIdp Discovery App Include[] - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Providers RuleIdp Discovery Idp Provider[] - name string
- Policy Rule Name
- network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes string[] - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network
Includes string[] - Required if
networkConnection=ZONE. Indicates the network zones to include. - platform
Includes RuleIdp Discovery Platform Include[] - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- property
Name string - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - provider
Expression string - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - selection
Type string - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - should
Fall booleanBack To Okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - user
Identifier RulePatterns Idp Discovery User Identifier Pattern[] - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- app_
excludes Sequence[RuleIdp Discovery App Exclude Args] - Applications to exclude in discovery. See
appIncludefor details. - app_
includes Sequence[RuleIdp Discovery App Include Args] - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp_
providers Sequence[RuleIdp Discovery Idp Provider Args] - name str
- Policy Rule Name
- network_
connection str - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network_
excludes Sequence[str] - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network_
includes Sequence[str] - Required if
networkConnection=ZONE. Indicates the network zones to include. - platform_
includes Sequence[RuleIdp Discovery Platform Include Args] - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy_
id str - Policy ID of the Rule
- priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- property_
name str - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - provider_
expression str - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - selection_
type str - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - should_
fall_ boolback_ to_ okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - status str
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user_
identifier_ strattribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - user_
identifier_ Sequence[Rulepatterns Idp Discovery User Identifier Pattern Args] - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- user_
identifier_ strtype - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes List<Property Map> - Applications to exclude in discovery. See
appIncludefor details. - app
Includes List<Property Map> - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Providers List<Property Map> - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to include. - platform
Includes List<Property Map> - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id String - Policy ID of the Rule
- priority Number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- property
Name String - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - provider
Expression String - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - selection
Type String - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - should
Fall BooleanBack To Okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier StringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - user
Identifier List<Property Map>Patterns - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier StringType - One of:
IDENTIFIER,ATTRIBUTE
Outputs
All input properties are implicitly available as output properties. Additionally, the RuleIdpDiscovery resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing RuleIdpDiscovery Resource
Get an existing RuleIdpDiscovery resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RuleIdpDiscoveryState, opts?: CustomResourceOptions): RuleIdpDiscovery@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
app_excludes: Optional[Sequence[RuleIdpDiscoveryAppExcludeArgs]] = None,
app_includes: Optional[Sequence[RuleIdpDiscoveryAppIncludeArgs]] = None,
idp_providers: Optional[Sequence[RuleIdpDiscoveryIdpProviderArgs]] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
platform_includes: Optional[Sequence[RuleIdpDiscoveryPlatformIncludeArgs]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
property_name: Optional[str] = None,
provider_expression: Optional[str] = None,
selection_type: Optional[str] = None,
should_fall_back_to_okta: Optional[bool] = None,
status: Optional[str] = None,
user_identifier_attribute: Optional[str] = None,
user_identifier_patterns: Optional[Sequence[RuleIdpDiscoveryUserIdentifierPatternArgs]] = None,
user_identifier_type: Optional[str] = None) -> RuleIdpDiscoveryfunc GetRuleIdpDiscovery(ctx *Context, name string, id IDInput, state *RuleIdpDiscoveryState, opts ...ResourceOption) (*RuleIdpDiscovery, error)public static RuleIdpDiscovery Get(string name, Input<string> id, RuleIdpDiscoveryState? state, CustomResourceOptions? opts = null)public static RuleIdpDiscovery get(String name, Output<String> id, RuleIdpDiscoveryState state, CustomResourceOptions options)resources: _: type: okta:policy:RuleIdpDiscovery get: id: ${id}import {
to = okta_policy_ruleidpdiscovery.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- App
Excludes List<RuleIdp Discovery App Exclude> - Applications to exclude in discovery. See
appIncludefor details. - App
Includes List<RuleIdp Discovery App Include> - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Idp
Providers List<RuleIdp Discovery Idp Provider> - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - Network
Excludes List<string> - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - Network
Includes List<string> - Required if
networkConnection=ZONE. Indicates the network zones to include. - Platform
Includes List<RuleIdp Discovery Platform Include> - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Property
Name string - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - Provider
Expression string - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - Selection
Type string - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - Should
Fall boolBack To Okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - User
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - User
Identifier List<RulePatterns Idp Discovery User Identifier Pattern> - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- User
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- App
Excludes []RuleIdp Discovery App Exclude Args - Applications to exclude in discovery. See
appIncludefor details. - App
Includes []RuleIdp Discovery App Include Args - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Idp
Providers []RuleIdp Discovery Idp Provider Args - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - Network
Excludes []string - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - Network
Includes []string - Required if
networkConnection=ZONE. Indicates the network zones to include. - Platform
Includes []RuleIdp Discovery Platform Include Args - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Property
Name string - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - Provider
Expression string - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - Selection
Type string - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - Should
Fall boolBack To Okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - User
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - User
Identifier []RulePatterns Idp Discovery User Identifier Pattern Args - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- User
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- app_
excludes list(object) - Applications to exclude in discovery. See
appIncludefor details. - app_
includes list(object) - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp_
providers list(object) - name string
- Policy Rule Name
- network_
connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network_
excludes list(string) - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network_
includes list(string) - Required if
networkConnection=ZONE. Indicates the network zones to include. - platform_
includes list(object) - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy_
id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- property_
name string - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - provider_
expression string - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - selection_
type string - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - should_
fall_ boolback_ to_ okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user_
identifier_ stringattribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - user_
identifier_ list(object)patterns - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- user_
identifier_ stringtype - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes List<RuleIdp Discovery App Exclude> - Applications to exclude in discovery. See
appIncludefor details. - app
Includes List<RuleIdp Discovery App Include> - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Providers List<RuleIdp Discovery Idp Provider> - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to include. - platform
Includes List<RuleIdp Discovery Platform Include> - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id String - Policy ID of the Rule
- priority Integer
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- property
Name String - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - provider
Expression String - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - selection
Type String - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - should
Fall BooleanBack To Okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier StringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - user
Identifier List<RulePatterns Idp Discovery User Identifier Pattern> - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier StringType - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes RuleIdp Discovery App Exclude[] - Applications to exclude in discovery. See
appIncludefor details. - app
Includes RuleIdp Discovery App Include[] - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Providers RuleIdp Discovery Idp Provider[] - name string
- Policy Rule Name
- network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes string[] - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network
Includes string[] - Required if
networkConnection=ZONE. Indicates the network zones to include. - platform
Includes RuleIdp Discovery Platform Include[] - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- property
Name string - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - provider
Expression string - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - selection
Type string - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - should
Fall booleanBack To Okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - user
Identifier RulePatterns Idp Discovery User Identifier Pattern[] - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- app_
excludes Sequence[RuleIdp Discovery App Exclude Args] - Applications to exclude in discovery. See
appIncludefor details. - app_
includes Sequence[RuleIdp Discovery App Include Args] - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp_
providers Sequence[RuleIdp Discovery Idp Provider Args] - name str
- Policy Rule Name
- network_
connection str - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network_
excludes Sequence[str] - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network_
includes Sequence[str] - Required if
networkConnection=ZONE. Indicates the network zones to include. - platform_
includes Sequence[RuleIdp Discovery Platform Include Args] - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy_
id str - Policy ID of the Rule
- priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- property_
name str - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - provider_
expression str - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - selection_
type str - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - should_
fall_ boolback_ to_ okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - status str
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user_
identifier_ strattribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - user_
identifier_ Sequence[Rulepatterns Idp Discovery User Identifier Pattern Args] - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- user_
identifier_ strtype - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes List<Property Map> - Applications to exclude in discovery. See
appIncludefor details. - app
Includes List<Property Map> - Applications to include in discovery rule.
- 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include.
- 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included.
- 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Providers List<Property Map> - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to include. - platform
Includes List<Property Map> - Platform to include in discovery rule.
- 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP'
- 'os_expression - (Optional) Only available when using osType = 'OTHER'
- 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id String - Policy ID of the Rule
- priority Number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- property
Name String - The IdP property that the evaluated expression should match against when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].propertyNamein the API. If not set, the API default is used and the value is stored in state. - provider
Expression String - An Okta Expression Language expression that is evaluated against the Login Context and used to dynamically select an IdP. Only applicable when
selectionTypeisDYNAMIC. Maps toactions.idp.matchCriteria[0].providerExpressionin the API. Example:login.identifier.substringAfter('@') - selection
Type String - Determines how the IdP is selected. One of:
SPECIFIC,DYNAMIC. Default:SPECIFIC. WhenDYNAMIC, the IdP is selected based on the evaluatedproviderExpression. - should
Fall BooleanBack To Okta - Specifies whether to fall back to Okta if authentication with the matched IdP fails. Only applicable when
selectionTypeisDYNAMIC. Default:false. - status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier StringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
userIdentifierType. This is the attribute or identifier that theuserIdentifierPatternsare checked against. - user
Identifier List<Property Map>Patterns - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided.
- 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS'
- 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier StringType - One of:
IDENTIFIER,ATTRIBUTE
Supporting Types
RuleIdpDiscoveryAppExclude, RuleIdpDiscoveryAppExcludeArgs
RuleIdpDiscoveryAppInclude, RuleIdpDiscoveryAppIncludeArgs
RuleIdpDiscoveryIdpProvider, RuleIdpDiscoveryIdpProviderArgs
- Id string
- The identifier for the Idp the rule should route to if all conditions are met.
- Type string
- Type of IdP. One of:
AMAZON,APPLE,DISCORD,FACEBOOK,GITHUB,GITLAB,GOOGLE,IDV_CLEAR,IDV_INCODE,IDV_PERSONA,LINKEDIN,LOGINGOV,LOGINGOV_SANDBOX,MICROSOFT,OIDC,PAYPAL,PAYPAL_SANDBOX,SALESFORCE,SAML2,SPOTIFY,X509,XERO,YAHOO,YAHOOJP, Default:OKTA
- Id string
- The identifier for the Idp the rule should route to if all conditions are met.
- Type string
- Type of IdP. One of:
AMAZON,APPLE,DISCORD,FACEBOOK,GITHUB,GITLAB,GOOGLE,IDV_CLEAR,IDV_INCODE,IDV_PERSONA,LINKEDIN,LOGINGOV,LOGINGOV_SANDBOX,MICROSOFT,OIDC,PAYPAL,PAYPAL_SANDBOX,SALESFORCE,SAML2,SPOTIFY,X509,XERO,YAHOO,YAHOOJP, Default:OKTA
- id string
- The identifier for the Idp the rule should route to if all conditions are met.
- type string
- Type of IdP. One of:
AMAZON,APPLE,DISCORD,FACEBOOK,GITHUB,GITLAB,GOOGLE,IDV_CLEAR,IDV_INCODE,IDV_PERSONA,LINKEDIN,LOGINGOV,LOGINGOV_SANDBOX,MICROSOFT,OIDC,PAYPAL,PAYPAL_SANDBOX,SALESFORCE,SAML2,SPOTIFY,X509,XERO,YAHOO,YAHOOJP, Default:OKTA
- id String
- The identifier for the Idp the rule should route to if all conditions are met.
- type String
- Type of IdP. One of:
AMAZON,APPLE,DISCORD,FACEBOOK,GITHUB,GITLAB,GOOGLE,IDV_CLEAR,IDV_INCODE,IDV_PERSONA,LINKEDIN,LOGINGOV,LOGINGOV_SANDBOX,MICROSOFT,OIDC,PAYPAL,PAYPAL_SANDBOX,SALESFORCE,SAML2,SPOTIFY,X509,XERO,YAHOO,YAHOOJP, Default:OKTA
- id string
- The identifier for the Idp the rule should route to if all conditions are met.
- type string
- Type of IdP. One of:
AMAZON,APPLE,DISCORD,FACEBOOK,GITHUB,GITLAB,GOOGLE,IDV_CLEAR,IDV_INCODE,IDV_PERSONA,LINKEDIN,LOGINGOV,LOGINGOV_SANDBOX,MICROSOFT,OIDC,PAYPAL,PAYPAL_SANDBOX,SALESFORCE,SAML2,SPOTIFY,X509,XERO,YAHOO,YAHOOJP, Default:OKTA
- id str
- The identifier for the Idp the rule should route to if all conditions are met.
- type str
- Type of IdP. One of:
AMAZON,APPLE,DISCORD,FACEBOOK,GITHUB,GITLAB,GOOGLE,IDV_CLEAR,IDV_INCODE,IDV_PERSONA,LINKEDIN,LOGINGOV,LOGINGOV_SANDBOX,MICROSOFT,OIDC,PAYPAL,PAYPAL_SANDBOX,SALESFORCE,SAML2,SPOTIFY,X509,XERO,YAHOO,YAHOOJP, Default:OKTA
- id String
- The identifier for the Idp the rule should route to if all conditions are met.
- type String
- Type of IdP. One of:
AMAZON,APPLE,DISCORD,FACEBOOK,GITHUB,GITLAB,GOOGLE,IDV_CLEAR,IDV_INCODE,IDV_PERSONA,LINKEDIN,LOGINGOV,LOGINGOV_SANDBOX,MICROSOFT,OIDC,PAYPAL,PAYPAL_SANDBOX,SALESFORCE,SAML2,SPOTIFY,X509,XERO,YAHOO,YAHOOJP, Default:OKTA
RuleIdpDiscoveryPlatformInclude, RuleIdpDiscoveryPlatformIncludeArgs
- Os
Expression string - Only available with OTHER OS type
- Os
Type string - Type string
- Os
Expression string - Only available with OTHER OS type
- Os
Type string - Type string
- os_
expression string - Only available with OTHER OS type
- os_
type string - type string
- os
Expression String - Only available with OTHER OS type
- os
Type String - type String
- os
Expression string - Only available with OTHER OS type
- os
Type string - type string
- os_
expression str - Only available with OTHER OS type
- os_
type str - type str
- os
Expression String - Only available with OTHER OS type
- os
Type String - type String
RuleIdpDiscoveryUserIdentifierPattern, RuleIdpDiscoveryUserIdentifierPatternArgs
- match_
type string - value string
- match_
type str - value str
Import
$ pulumi import okta:policy/ruleIdpDiscovery:RuleIdpDiscovery example <policy_id>/<rule_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oktaTerraform Provider.
Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi
published on Wednesday, Apr 29, 2026 by Pulumi
