Docs
PackagesOkta v4.8.1 published on Thursday, Apr 18, 2024 by Pulumi
okta.policy.RuleMfa
Explore with Pulumi AI
This resource allows you to create and configure an MFA Policy Rule.
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
import com.pulumi.okta.app.OAuth;
import com.pulumi.okta.app.OAuthArgs;
import com.pulumi.okta.policy.RuleMfa;
import com.pulumi.okta.policy.RuleMfaArgs;
import com.pulumi.okta.policy.inputs.RuleMfaAppIncludeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
.type("MFA_ENROLL")
.build());
var exampleOAuth = new OAuth("exampleOAuth", OAuthArgs.builder()
.label("My App")
.type("web")
.grantTypes("authorization_code")
.redirectUris("http://localhost:8000")
.responseTypes("code")
.skipGroups(true)
.build());
var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()
.policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
.status("ACTIVE")
.enroll("LOGIN")
.appIncludes(
RuleMfaAppIncludeArgs.builder()
.id(exampleOAuth.id())
.type("APP")
.build(),
RuleMfaAppIncludeArgs.builder()
.type("APP_TYPE")
.name("yahoo_mail")
.build())
.build());
}
}
resources:
exampleRuleMfa:
type: okta:policy:RuleMfa
properties:
policyId: ${exampleDefaultPolicy.id}
status: ACTIVE
enroll: LOGIN
appIncludes:
- id: ${exampleOAuth.id}
type: APP
- type: APP_TYPE
name: yahoo_mail
exampleOAuth:
type: okta:app:OAuth
properties:
label: My App
type: web
grantTypes:
- authorization_code
redirectUris:
- http://localhost:8000
responseTypes:
- code
skipGroups: true
variables:
exampleDefaultPolicy:
fn::invoke:
Function: okta:policy:getDefaultPolicy
Arguments:
type: MFA_ENROLL
Unchecked Okta and checked Applications (with Any application that supports MFA enrollment option) checkboxes in the User is accessing section corresponds to the following config:
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
type: "MFA_ENROLL",
});
const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {
policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id),
appExcludes: [{
name: "okta",
type: "APP_TYPE",
}],
});
import pulumi
import pulumi_okta as okta
example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa",
policy_id=example_default_policy.id,
app_excludes=[okta.policy.RuleMfaAppExcludeArgs(
name="okta",
type="APP_TYPE",
)])
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
Type: "MFA_ENROLL",
}, nil)
if err != nil {
return err
}
_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
PolicyId: pulumi.String(exampleDefaultPolicy.Id),
AppExcludes: policy.RuleMfaAppExcludeArray{
&policy.RuleMfaAppExcludeArgs{
Name: pulumi.String("okta"),
Type: pulumi.String("APP_TYPE"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
{
Type = "MFA_ENROLL",
});
var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
{
PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
AppExcludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppExcludeArgs
{
Name = "okta",
Type = "APP_TYPE",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
import com.pulumi.okta.policy.RuleMfa;
import com.pulumi.okta.policy.RuleMfaArgs;
import com.pulumi.okta.policy.inputs.RuleMfaAppExcludeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
.type("MFA_ENROLL")
.build());
var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()
.policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
.appExcludes(RuleMfaAppExcludeArgs.builder()
.name("okta")
.type("APP_TYPE")
.build())
.build());
}
}
resources:
exampleRuleMfa:
type: okta:policy:RuleMfa
properties:
policyId: ${exampleDefaultPolicy.id}
appExcludes:
- name: okta
type: APP_TYPE
variables:
exampleDefaultPolicy:
fn::invoke:
Function: okta:policy:getDefaultPolicy
Arguments:
type: MFA_ENROLL
Unchecked Okta and checked Applications (with Specific applications option) checkboxes in the User is accessing section corresponds to the following config:
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
type: "MFA_ENROLL",
});
const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {
policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id),
appExcludes: [{
name: "okta",
type: "APP_TYPE",
}],
appIncludes: [{
id: "some_app_id",
type: "APP",
}],
});
import pulumi
import pulumi_okta as okta
example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa",
policy_id=example_default_policy.id,
app_excludes=[okta.policy.RuleMfaAppExcludeArgs(
name="okta",
type="APP_TYPE",
)],
app_includes=[okta.policy.RuleMfaAppIncludeArgs(
id="some_app_id",
type="APP",
)])
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
Type: "MFA_ENROLL",
}, nil)
if err != nil {
return err
}
_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
PolicyId: pulumi.String(exampleDefaultPolicy.Id),
AppExcludes: policy.RuleMfaAppExcludeArray{
&policy.RuleMfaAppExcludeArgs{
Name: pulumi.String("okta"),
Type: pulumi.String("APP_TYPE"),
},
},
AppIncludes: policy.RuleMfaAppIncludeArray{
&policy.RuleMfaAppIncludeArgs{
Id: pulumi.String("some_app_id"),
Type: pulumi.String("APP"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
{
Type = "MFA_ENROLL",
});
var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
{
PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
AppExcludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppExcludeArgs
{
Name = "okta",
Type = "APP_TYPE",
},
},
AppIncludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
{
Id = "some_app_id",
Type = "APP",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
import com.pulumi.okta.policy.RuleMfa;
import com.pulumi.okta.policy.RuleMfaArgs;
import com.pulumi.okta.policy.inputs.RuleMfaAppExcludeArgs;
import com.pulumi.okta.policy.inputs.RuleMfaAppIncludeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
.type("MFA_ENROLL")
.build());
var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()
.policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
.appExcludes(RuleMfaAppExcludeArgs.builder()
.name("okta")
.type("APP_TYPE")
.build())
.appIncludes(RuleMfaAppIncludeArgs.builder()
.id("some_app_id")
.type("APP")
.build())
.build());
}
}
resources:
exampleRuleMfa:
type: okta:policy:RuleMfa
properties:
policyId: ${exampleDefaultPolicy.id}
appExcludes:
- name: okta
type: APP_TYPE
appIncludes:
- id: some_app_id
type: APP
variables:
exampleDefaultPolicy:
fn::invoke:
Function: okta:policy:getDefaultPolicy
Arguments:
type: MFA_ENROLL
Checked Okta and unchecked Applications checkboxes in the User is accessing section corresponds to the following config:
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
type: "MFA_ENROLL",
});
const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {
policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id),
appIncludes: [{
name: "okta",
type: "APP_TYPE",
}],
});
import pulumi
import pulumi_okta as okta
example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa",
policy_id=example_default_policy.id,
app_includes=[okta.policy.RuleMfaAppIncludeArgs(
name="okta",
type="APP_TYPE",
)])
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
Type: "MFA_ENROLL",
}, nil)
if err != nil {
return err
}
_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
PolicyId: pulumi.String(exampleDefaultPolicy.Id),
AppIncludes: policy.RuleMfaAppIncludeArray{
&policy.RuleMfaAppIncludeArgs{
Name: pulumi.String("okta"),
Type: pulumi.String("APP_TYPE"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
{
Type = "MFA_ENROLL",
});
var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
{
PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
AppIncludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
{
Name = "okta",
Type = "APP_TYPE",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
import com.pulumi.okta.policy.RuleMfa;
import com.pulumi.okta.policy.RuleMfaArgs;
import com.pulumi.okta.policy.inputs.RuleMfaAppIncludeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
.type("MFA_ENROLL")
.build());
var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()
.policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
.appIncludes(RuleMfaAppIncludeArgs.builder()
.name("okta")
.type("APP_TYPE")
.build())
.build());
}
}
resources:
exampleRuleMfa:
type: okta:policy:RuleMfa
properties:
policyId: ${exampleDefaultPolicy.id}
appIncludes:
- name: okta
type: APP_TYPE
variables:
exampleDefaultPolicy:
fn::invoke:
Function: okta:policy:getDefaultPolicy
Arguments:
type: MFA_ENROLL
Checked Okta and checked Applications (with Any application that supports MFA enrollment option) checkboxes in the User is accessing section corresponds to the following config:
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
type: "MFA_ENROLL",
});
const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id)});
import pulumi
import pulumi_okta as okta
example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa", policy_id=example_default_policy.id)
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
Type: "MFA_ENROLL",
}, nil)
if err != nil {
return err
}
_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
PolicyId: pulumi.String(exampleDefaultPolicy.Id),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
{
Type = "MFA_ENROLL",
});
var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
{
PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
import com.pulumi.okta.policy.RuleMfa;
import com.pulumi.okta.policy.RuleMfaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
.type("MFA_ENROLL")
.build());
var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()
.policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
.build());
}
}
resources:
exampleRuleMfa:
type: okta:policy:RuleMfa
properties:
policyId: ${exampleDefaultPolicy.id}
variables:
exampleDefaultPolicy:
fn::invoke:
Function: okta:policy:getDefaultPolicy
Arguments:
type: MFA_ENROLL
Checked Okta and checked Applications (with Specific applications option) checkboxes in the User is accessing section corresponds to the following config:
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const exampleDefaultPolicy = okta.policy.getDefaultPolicy({
type: "MFA_ENROLL",
});
const exampleRuleMfa = new okta.policy.RuleMfa("exampleRuleMfa", {
policyId: exampleDefaultPolicy.then(exampleDefaultPolicy => exampleDefaultPolicy.id),
appIncludes: [
{
name: "okta",
type: "APP_TYPE",
},
{
id: "some_app_id",
type: "APP",
},
],
});
import pulumi
import pulumi_okta as okta
example_default_policy = okta.policy.get_default_policy(type="MFA_ENROLL")
example_rule_mfa = okta.policy.RuleMfa("exampleRuleMfa",
policy_id=example_default_policy.id,
app_includes=[
okta.policy.RuleMfaAppIncludeArgs(
name="okta",
type="APP_TYPE",
),
okta.policy.RuleMfaAppIncludeArgs(
id="some_app_id",
type="APP",
),
])
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDefaultPolicy, err := policy.GetDefaultPolicy(ctx, &policy.GetDefaultPolicyArgs{
Type: "MFA_ENROLL",
}, nil)
if err != nil {
return err
}
_, err = policy.NewRuleMfa(ctx, "exampleRuleMfa", &policy.RuleMfaArgs{
PolicyId: pulumi.String(exampleDefaultPolicy.Id),
AppIncludes: policy.RuleMfaAppIncludeArray{
&policy.RuleMfaAppIncludeArgs{
Name: pulumi.String("okta"),
Type: pulumi.String("APP_TYPE"),
},
&policy.RuleMfaAppIncludeArgs{
Id: pulumi.String("some_app_id"),
Type: pulumi.String("APP"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var exampleDefaultPolicy = Okta.Policy.GetDefaultPolicy.Invoke(new()
{
Type = "MFA_ENROLL",
});
var exampleRuleMfa = new Okta.Policy.RuleMfa("exampleRuleMfa", new()
{
PolicyId = exampleDefaultPolicy.Apply(getDefaultPolicyResult => getDefaultPolicyResult.Id),
AppIncludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
{
Name = "okta",
Type = "APP_TYPE",
},
new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
{
Id = "some_app_id",
Type = "APP",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetDefaultPolicyArgs;
import com.pulumi.okta.policy.RuleMfa;
import com.pulumi.okta.policy.RuleMfaArgs;
import com.pulumi.okta.policy.inputs.RuleMfaAppIncludeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDefaultPolicy = PolicyFunctions.getDefaultPolicy(GetDefaultPolicyArgs.builder()
.type("MFA_ENROLL")
.build());
var exampleRuleMfa = new RuleMfa("exampleRuleMfa", RuleMfaArgs.builder()
.policyId(exampleDefaultPolicy.applyValue(getDefaultPolicyResult -> getDefaultPolicyResult.id()))
.appIncludes(
RuleMfaAppIncludeArgs.builder()
.name("okta")
.type("APP_TYPE")
.build(),
RuleMfaAppIncludeArgs.builder()
.id("some_app_id")
.type("APP")
.build())
.build());
}
}
resources:
exampleRuleMfa:
type: okta:policy:RuleMfa
properties:
policyId: ${exampleDefaultPolicy.id}
appIncludes:
- name: okta
type: APP_TYPE
- id: some_app_id
type: APP
variables:
exampleDefaultPolicy:
fn::invoke:
Function: okta:policy:getDefaultPolicy
Arguments:
type: MFA_ENROLL
Create RuleMfa Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RuleMfa(name: string, args?: RuleMfaArgs, opts?: CustomResourceOptions);@overload
def RuleMfa(resource_name: str,
args: Optional[RuleMfaArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def RuleMfa(resource_name: str,
opts: Optional[ResourceOptions] = None,
app_excludes: Optional[Sequence[RuleMfaAppExcludeArgs]] = None,
app_includes: Optional[Sequence[RuleMfaAppIncludeArgs]] = None,
enroll: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
status: Optional[str] = None,
users_excludeds: Optional[Sequence[str]] = None)func NewRuleMfa(ctx *Context, name string, args *RuleMfaArgs, opts ...ResourceOption) (*RuleMfa, error)public RuleMfa(string name, RuleMfaArgs? args = null, CustomResourceOptions? opts = null)
public RuleMfa(String name, RuleMfaArgs args)
public RuleMfa(String name, RuleMfaArgs args, CustomResourceOptions options)
type: okta:policy:RuleMfa
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var ruleMfaResource = new Okta.Policy.RuleMfa("ruleMfaResource", new()
{
AppExcludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppExcludeArgs
{
Type = "string",
Id = "string",
Name = "string",
},
},
AppIncludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
{
Type = "string",
Id = "string",
Name = "string",
},
},
Enroll = "string",
Name = "string",
NetworkConnection = "string",
NetworkExcludes = new[]
{
"string",
},
NetworkIncludes = new[]
{
"string",
},
PolicyId = "string",
Priority = 0,
Status = "string",
UsersExcludeds = new[]
{
"string",
},
});
example, err := policy.NewRuleMfa(ctx, "ruleMfaResource", &policy.RuleMfaArgs{
AppExcludes: policy.RuleMfaAppExcludeArray{
&policy.RuleMfaAppExcludeArgs{
Type: pulumi.String("string"),
Id: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
AppIncludes: policy.RuleMfaAppIncludeArray{
&policy.RuleMfaAppIncludeArgs{
Type: pulumi.String("string"),
Id: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
Enroll: pulumi.String("string"),
Name: pulumi.String("string"),
NetworkConnection: pulumi.String("string"),
NetworkExcludes: pulumi.StringArray{
pulumi.String("string"),
},
NetworkIncludes: pulumi.StringArray{
pulumi.String("string"),
},
PolicyId: pulumi.String("string"),
Priority: pulumi.Int(0),
Status: pulumi.String("string"),
UsersExcludeds: pulumi.StringArray{
pulumi.String("string"),
},
})
var ruleMfaResource = new RuleMfa("ruleMfaResource", RuleMfaArgs.builder()
.appExcludes(RuleMfaAppExcludeArgs.builder()
.type("string")
.id("string")
.name("string")
.build())
.appIncludes(RuleMfaAppIncludeArgs.builder()
.type("string")
.id("string")
.name("string")
.build())
.enroll("string")
.name("string")
.networkConnection("string")
.networkExcludes("string")
.networkIncludes("string")
.policyId("string")
.priority(0)
.status("string")
.usersExcludeds("string")
.build());
rule_mfa_resource = okta.policy.RuleMfa("ruleMfaResource",
app_excludes=[okta.policy.RuleMfaAppExcludeArgs(
type="string",
id="string",
name="string",
)],
app_includes=[okta.policy.RuleMfaAppIncludeArgs(
type="string",
id="string",
name="string",
)],
enroll="string",
name="string",
network_connection="string",
network_excludes=["string"],
network_includes=["string"],
policy_id="string",
priority=0,
status="string",
users_excludeds=["string"])
const ruleMfaResource = new okta.policy.RuleMfa("ruleMfaResource", {
appExcludes: [{
type: "string",
id: "string",
name: "string",
}],
appIncludes: [{
type: "string",
id: "string",
name: "string",
}],
enroll: "string",
name: "string",
networkConnection: "string",
networkExcludes: ["string"],
networkIncludes: ["string"],
policyId: "string",
priority: 0,
status: "string",
usersExcludeds: ["string"],
});
type: okta:policy:RuleMfa
properties:
appExcludes:
- id: string
name: string
type: string
appIncludes:
- id: string
name: string
type: string
enroll: string
name: string
networkConnection: string
networkExcludes:
- string
networkIncludes:
- string
policyId: string
priority: 0
status: string
usersExcludeds:
- string
RuleMfa Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The RuleMfa resource accepts the following input properties:
- App
Excludes List<RuleMfa App Exclude> - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- App
Includes List<RuleMfa App Include> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- Enroll string
- When a user should be prompted for MFA. It can be
"CHALLENGE","LOGIN", or"NEVER". - Name string
- Use if the
typeis"APP_TYPE"to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail) of applications should be included. - Network
Connection string - Network selection mode:
"ANYWHERE","ZONE","ON_NETWORK", or"OFF_NETWORK". - Network
Excludes List<string> - The network zones to exclude. Conflicts with
network_includes. - Network
Includes List<string> - The network zones to include. Conflicts with
network_excludes. - Policy
Id string - Policy ID.
- Priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Status string
- Policy Rule Status:
"ACTIVE"or"INACTIVE". - Users
Excludeds List<string> - Set of User IDs to Exclude
- App
Excludes []RuleMfa App Exclude Args - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- App
Includes []RuleMfa App Include Args - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- Enroll string
- When a user should be prompted for MFA. It can be
"CHALLENGE","LOGIN", or"NEVER". - Name string
- Use if the
typeis"APP_TYPE"to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail) of applications should be included. - Network
Connection string - Network selection mode:
"ANYWHERE","ZONE","ON_NETWORK", or"OFF_NETWORK". - Network
Excludes []string - The network zones to exclude. Conflicts with
network_includes. - Network
Includes []string - The network zones to include. Conflicts with
network_excludes. - Policy
Id string - Policy ID.
- Priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Status string
- Policy Rule Status:
"ACTIVE"or"INACTIVE". - Users
Excludeds []string - Set of User IDs to Exclude
- app
Excludes List<RuleMfa App Exclude> - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app
Includes List<RuleMfa App Include> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll String
- When a user should be prompted for MFA. It can be
"CHALLENGE","LOGIN", or"NEVER". - name String
- Use if the
typeis"APP_TYPE"to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail) of applications should be included. - network
Connection String - Network selection mode:
"ANYWHERE","ZONE","ON_NETWORK", or"OFF_NETWORK". - network
Excludes List<String> - The network zones to exclude. Conflicts with
network_includes. - network
Includes List<String> - The network zones to include. Conflicts with
network_excludes. - policy
Id String - Policy ID.
- priority Integer
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status String
- Policy Rule Status:
"ACTIVE"or"INACTIVE". - users
Excludeds List<String> - Set of User IDs to Exclude
- app
Excludes RuleMfa App Exclude[] - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app
Includes RuleMfa App Include[] - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll string
- When a user should be prompted for MFA. It can be
"CHALLENGE","LOGIN", or"NEVER". - name string
- Use if the
typeis"APP_TYPE"to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail) of applications should be included. - network
Connection string - Network selection mode:
"ANYWHERE","ZONE","ON_NETWORK", or"OFF_NETWORK". - network
Excludes string[] - The network zones to exclude. Conflicts with
network_includes. - network
Includes string[] - The network zones to include. Conflicts with
network_excludes. - policy
Id string - Policy ID.
- priority number
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status string
- Policy Rule Status:
"ACTIVE"or"INACTIVE". - users
Excludeds string[] - Set of User IDs to Exclude
- app_
excludes Sequence[RuleMfa App Exclude Args] - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app_
includes Sequence[RuleMfa App Include Args] - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll str
- When a user should be prompted for MFA. It can be
"CHALLENGE","LOGIN", or"NEVER". - name str
- Use if the
typeis"APP_TYPE"to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail) of applications should be included. - network_
connection str - Network selection mode:
"ANYWHERE","ZONE","ON_NETWORK", or"OFF_NETWORK". - network_
excludes Sequence[str] - The network zones to exclude. Conflicts with
network_includes. - network_
includes Sequence[str] - The network zones to include. Conflicts with
network_excludes. - policy_
id str - Policy ID.
- priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status str
- Policy Rule Status:
"ACTIVE"or"INACTIVE". - users_
excludeds Sequence[str] - Set of User IDs to Exclude
- app
Excludes List<Property Map> - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app
Includes List<Property Map> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll String
- When a user should be prompted for MFA. It can be
"CHALLENGE","LOGIN", or"NEVER". - name String
- Use if the
typeis"APP_TYPE"to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail) of applications should be included. - network
Connection String - Network selection mode:
"ANYWHERE","ZONE","ON_NETWORK", or"OFF_NETWORK". - network
Excludes List<String> - The network zones to exclude. Conflicts with
network_includes. - network
Includes List<String> - The network zones to include. Conflicts with
network_excludes. - policy
Id String - Policy ID.
- priority Number
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status String
- Policy Rule Status:
"ACTIVE"or"INACTIVE". - users
Excludeds List<String> - Set of User IDs to Exclude
Outputs
All input properties are implicitly available as output properties. Additionally, the RuleMfa resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing RuleMfa Resource
Get an existing RuleMfa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RuleMfaState, opts?: CustomResourceOptions): RuleMfa@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
app_excludes: Optional[Sequence[RuleMfaAppExcludeArgs]] = None,
app_includes: Optional[Sequence[RuleMfaAppIncludeArgs]] = None,
enroll: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
status: Optional[str] = None,
users_excludeds: Optional[Sequence[str]] = None) -> RuleMfafunc GetRuleMfa(ctx *Context, name string, id IDInput, state *RuleMfaState, opts ...ResourceOption) (*RuleMfa, error)public static RuleMfa Get(string name, Input<string> id, RuleMfaState? state, CustomResourceOptions? opts = null)public static RuleMfa get(String name, Output<String> id, RuleMfaState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- App
Excludes List<RuleMfa App Exclude> - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- App
Includes List<RuleMfa App Include> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- Enroll string
- When a user should be prompted for MFA. It can be
"CHALLENGE","LOGIN", or"NEVER". - Name string
- Use if the
typeis"APP_TYPE"to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail) of applications should be included. - Network
Connection string - Network selection mode:
"ANYWHERE","ZONE","ON_NETWORK", or"OFF_NETWORK". - Network
Excludes List<string> - The network zones to exclude. Conflicts with
network_includes. - Network
Includes List<string> - The network zones to include. Conflicts with
network_excludes. - Policy
Id string - Policy ID.
- Priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Status string
- Policy Rule Status:
"ACTIVE"or"INACTIVE". - Users
Excludeds List<string> - Set of User IDs to Exclude
- App
Excludes []RuleMfa App Exclude Args - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- App
Includes []RuleMfa App Include Args - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- Enroll string
- When a user should be prompted for MFA. It can be
"CHALLENGE","LOGIN", or"NEVER". - Name string
- Use if the
typeis"APP_TYPE"to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail) of applications should be included. - Network
Connection string - Network selection mode:
"ANYWHERE","ZONE","ON_NETWORK", or"OFF_NETWORK". - Network
Excludes []string - The network zones to exclude. Conflicts with
network_includes. - Network
Includes []string - The network zones to include. Conflicts with
network_excludes. - Policy
Id string - Policy ID.
- Priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Status string
- Policy Rule Status:
"ACTIVE"or"INACTIVE". - Users
Excludeds []string - Set of User IDs to Exclude
- app
Excludes List<RuleMfa App Exclude> - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app
Includes List<RuleMfa App Include> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll String
- When a user should be prompted for MFA. It can be
"CHALLENGE","LOGIN", or"NEVER". - name String
- Use if the
typeis"APP_TYPE"to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail) of applications should be included. - network
Connection String - Network selection mode:
"ANYWHERE","ZONE","ON_NETWORK", or"OFF_NETWORK". - network
Excludes List<String> - The network zones to exclude. Conflicts with
network_includes. - network
Includes List<String> - The network zones to include. Conflicts with
network_excludes. - policy
Id String - Policy ID.
- priority Integer
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status String
- Policy Rule Status:
"ACTIVE"or"INACTIVE". - users
Excludeds List<String> - Set of User IDs to Exclude
- app
Excludes RuleMfa App Exclude[] - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app
Includes RuleMfa App Include[] - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll string
- When a user should be prompted for MFA. It can be
"CHALLENGE","LOGIN", or"NEVER". - name string
- Use if the
typeis"APP_TYPE"to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail) of applications should be included. - network
Connection string - Network selection mode:
"ANYWHERE","ZONE","ON_NETWORK", or"OFF_NETWORK". - network
Excludes string[] - The network zones to exclude. Conflicts with
network_includes. - network
Includes string[] - The network zones to include. Conflicts with
network_excludes. - policy
Id string - Policy ID.
- priority number
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status string
- Policy Rule Status:
"ACTIVE"or"INACTIVE". - users
Excludeds string[] - Set of User IDs to Exclude
- app_
excludes Sequence[RuleMfa App Exclude Args] - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app_
includes Sequence[RuleMfa App Include Args] - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll str
- When a user should be prompted for MFA. It can be
"CHALLENGE","LOGIN", or"NEVER". - name str
- Use if the
typeis"APP_TYPE"to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail) of applications should be included. - network_
connection str - Network selection mode:
"ANYWHERE","ZONE","ON_NETWORK", or"OFF_NETWORK". - network_
excludes Sequence[str] - The network zones to exclude. Conflicts with
network_includes. - network_
includes Sequence[str] - The network zones to include. Conflicts with
network_excludes. - policy_
id str - Policy ID.
- priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status str
- Policy Rule Status:
"ACTIVE"or"INACTIVE". - users_
excludeds Sequence[str] - Set of User IDs to Exclude
- app
Excludes List<Property Map> - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app
Includes List<Property Map> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations.
- enroll String
- When a user should be prompted for MFA. It can be
"CHALLENGE","LOGIN", or"NEVER". - name String
- Use if the
typeis"APP_TYPE"to indicate the type of application(s) to include in instances where an entire group (i.e.yahoo_mail) of applications should be included. - network
Connection String - Network selection mode:
"ANYWHERE","ZONE","ON_NETWORK", or"OFF_NETWORK". - network
Excludes List<String> - The network zones to exclude. Conflicts with
network_includes. - network
Includes List<String> - The network zones to include. Conflicts with
network_excludes. - policy
Id String - Policy ID.
- priority Number
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- status String
- Policy Rule Status:
"ACTIVE"or"INACTIVE". - users
Excludeds List<String> - Set of User IDs to Exclude
Supporting Types
RuleMfaAppExclude, RuleMfaAppExcludeArgs
RuleMfaAppInclude, RuleMfaAppIncludeArgs
Import
A Policy Rule can be imported via the Policy and Rule ID.
$ pulumi import okta:policy/ruleMfa:RuleMfa example <policy id>/<rule id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oktaTerraform Provider.