Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi
published on Wednesday, Apr 29, 2026 by Pulumi
Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi
published on Wednesday, Apr 29, 2026 by Pulumi
Creates a Password Policy Rule. This resource allows you to create and configure a Password Policy Rule.
Example Usage
AUTH_POLICY access control (delegates SSPR to authentication policy rules)
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const exampleAuthPolicy = new okta.policy.RulePassword("example_auth_policy", {
policyId: "<policy_id>",
name: "example_auth_policy_rule",
status: "ACTIVE",
passwordChange: "ALLOW",
passwordReset: "ALLOW",
passwordUnlock: "DENY",
passwordResetAccessControl: "AUTH_POLICY",
});
import pulumi
import pulumi_okta as okta
example_auth_policy = okta.policy.RulePassword("example_auth_policy",
policy_id="<policy_id>",
name="example_auth_policy_rule",
status="ACTIVE",
password_change="ALLOW",
password_reset="ALLOW",
password_unlock="DENY",
password_reset_access_control="AUTH_POLICY")
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v6/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := policy.NewRulePassword(ctx, "example_auth_policy", &policy.RulePasswordArgs{
PolicyId: pulumi.String("<policy_id>"),
Name: pulumi.String("example_auth_policy_rule"),
Status: pulumi.String("ACTIVE"),
PasswordChange: pulumi.String("ALLOW"),
PasswordReset: pulumi.String("ALLOW"),
PasswordUnlock: pulumi.String("DENY"),
PasswordResetAccessControl: pulumi.String("AUTH_POLICY"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var exampleAuthPolicy = new Okta.Policy.RulePassword("example_auth_policy", new()
{
PolicyId = "<policy_id>",
Name = "example_auth_policy_rule",
Status = "ACTIVE",
PasswordChange = "ALLOW",
PasswordReset = "ALLOW",
PasswordUnlock = "DENY",
PasswordResetAccessControl = "AUTH_POLICY",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.RulePassword;
import com.pulumi.okta.policy.RulePasswordArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleAuthPolicy = new RulePassword("exampleAuthPolicy", RulePasswordArgs.builder()
.policyId("<policy_id>")
.name("example_auth_policy_rule")
.status("ACTIVE")
.passwordChange("ALLOW")
.passwordReset("ALLOW")
.passwordUnlock("DENY")
.passwordResetAccessControl("AUTH_POLICY")
.build());
}
}
resources:
exampleAuthPolicy:
type: okta:policy:RulePassword
name: example_auth_policy
properties:
policyId: <policy_id>
name: example_auth_policy_rule
status: ACTIVE
passwordChange: ALLOW
passwordReset: ALLOW
passwordUnlock: DENY
passwordResetAccessControl: AUTH_POLICY
Example coming soon!
LEGACY access control with primary methods and step-up
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const exampleLegacy = new okta.policy.RulePassword("example_legacy", {
policyId: "<policy_id>",
name: "example_legacy_rule",
status: "ACTIVE",
passwordChange: "ALLOW",
passwordReset: "ALLOW",
passwordUnlock: "DENY",
passwordResetAccessControl: "LEGACY",
passwordResetRequirement: {
methodConstraints: [{
method: "otp",
allowedAuthenticators: ["google_otp"],
}],
primaryMethods: [
"otp",
"email",
],
stepUpEnabled: true,
stepUpMethods: ["security_question"],
},
});
import pulumi
import pulumi_okta as okta
example_legacy = okta.policy.RulePassword("example_legacy",
policy_id="<policy_id>",
name="example_legacy_rule",
status="ACTIVE",
password_change="ALLOW",
password_reset="ALLOW",
password_unlock="DENY",
password_reset_access_control="LEGACY",
password_reset_requirement={
"method_constraints": [{
"method": "otp",
"allowed_authenticators": ["google_otp"],
}],
"primary_methods": [
"otp",
"email",
],
"step_up_enabled": True,
"step_up_methods": ["security_question"],
})
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v6/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := policy.NewRulePassword(ctx, "example_legacy", &policy.RulePasswordArgs{
PolicyId: pulumi.String("<policy_id>"),
Name: pulumi.String("example_legacy_rule"),
Status: pulumi.String("ACTIVE"),
PasswordChange: pulumi.String("ALLOW"),
PasswordReset: pulumi.String("ALLOW"),
PasswordUnlock: pulumi.String("DENY"),
PasswordResetAccessControl: pulumi.String("LEGACY"),
PasswordResetRequirement: &policy.RulePasswordPasswordResetRequirementArgs{
MethodConstraints: policy.RulePasswordPasswordResetRequirementMethodConstraintArray{
&policy.RulePasswordPasswordResetRequirementMethodConstraintArgs{
Method: pulumi.String("otp"),
AllowedAuthenticators: pulumi.StringArray{
pulumi.String("google_otp"),
},
},
},
PrimaryMethods: pulumi.StringArray{
pulumi.String("otp"),
pulumi.String("email"),
},
StepUpEnabled: pulumi.Bool(true),
StepUpMethods: pulumi.StringArray{
pulumi.String("security_question"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var exampleLegacy = new Okta.Policy.RulePassword("example_legacy", new()
{
PolicyId = "<policy_id>",
Name = "example_legacy_rule",
Status = "ACTIVE",
PasswordChange = "ALLOW",
PasswordReset = "ALLOW",
PasswordUnlock = "DENY",
PasswordResetAccessControl = "LEGACY",
PasswordResetRequirement = new Okta.Policy.Inputs.RulePasswordPasswordResetRequirementArgs
{
MethodConstraints = new[]
{
new Okta.Policy.Inputs.RulePasswordPasswordResetRequirementMethodConstraintArgs
{
Method = "otp",
AllowedAuthenticators = new[]
{
"google_otp",
},
},
},
PrimaryMethods = new[]
{
"otp",
"email",
},
StepUpEnabled = true,
StepUpMethods = new[]
{
"security_question",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.RulePassword;
import com.pulumi.okta.policy.RulePasswordArgs;
import com.pulumi.okta.policy.inputs.RulePasswordPasswordResetRequirementArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleLegacy = new RulePassword("exampleLegacy", RulePasswordArgs.builder()
.policyId("<policy_id>")
.name("example_legacy_rule")
.status("ACTIVE")
.passwordChange("ALLOW")
.passwordReset("ALLOW")
.passwordUnlock("DENY")
.passwordResetAccessControl("LEGACY")
.passwordResetRequirement(RulePasswordPasswordResetRequirementArgs.builder()
.methodConstraints(RulePasswordPasswordResetRequirementMethodConstraintArgs.builder()
.method("otp")
.allowedAuthenticators("google_otp")
.build())
.primaryMethods(
"otp",
"email")
.stepUpEnabled(true)
.stepUpMethods("security_question")
.build())
.build());
}
}
resources:
exampleLegacy:
type: okta:policy:RulePassword
name: example_legacy
properties:
policyId: <policy_id>
name: example_legacy_rule
status: ACTIVE
passwordChange: ALLOW
passwordReset: ALLOW
passwordUnlock: DENY
passwordResetAccessControl: LEGACY
passwordResetRequirement:
methodConstraints:
- method: otp
allowedAuthenticators:
- google_otp
primaryMethods:
- otp
- email
stepUpEnabled: true
stepUpMethods:
- security_question
Example coming soon!
Create RulePassword Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RulePassword(name: string, args?: RulePasswordArgs, opts?: CustomResourceOptions);@overload
def RulePassword(resource_name: str,
args: Optional[RulePasswordArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def RulePassword(resource_name: str,
opts: Optional[ResourceOptions] = None,
groups_excludeds: Optional[Sequence[str]] = None,
groups_includeds: Optional[Sequence[str]] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
password_change: Optional[str] = None,
password_reset: Optional[str] = None,
password_reset_access_control: Optional[str] = None,
password_reset_requirement: Optional[RulePasswordPasswordResetRequirementArgs] = None,
password_unlock: Optional[str] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
status: Optional[str] = None,
users_excludeds: Optional[Sequence[str]] = None,
users_includeds: Optional[Sequence[str]] = None)func NewRulePassword(ctx *Context, name string, args *RulePasswordArgs, opts ...ResourceOption) (*RulePassword, error)public RulePassword(string name, RulePasswordArgs? args = null, CustomResourceOptions? opts = null)
public RulePassword(String name, RulePasswordArgs args)
public RulePassword(String name, RulePasswordArgs args, CustomResourceOptions options)
type: okta:policy:RulePassword
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "okta_policy_rulepassword" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args RulePasswordArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RulePasswordArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RulePasswordArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RulePasswordArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RulePasswordArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var rulePasswordResource = new Okta.Policy.RulePassword("rulePasswordResource", new()
{
GroupsExcludeds = new[]
{
"string",
},
GroupsIncludeds = new[]
{
"string",
},
Name = "string",
NetworkConnection = "string",
NetworkExcludes = new[]
{
"string",
},
NetworkIncludes = new[]
{
"string",
},
PasswordChange = "string",
PasswordReset = "string",
PasswordResetAccessControl = "string",
PasswordResetRequirement = new Okta.Policy.Inputs.RulePasswordPasswordResetRequirementArgs
{
MethodConstraints = new[]
{
new Okta.Policy.Inputs.RulePasswordPasswordResetRequirementMethodConstraintArgs
{
Method = "string",
AllowedAuthenticators = new[]
{
"string",
},
},
},
PrimaryMethods = new[]
{
"string",
},
StepUpEnabled = false,
StepUpMethods = new[]
{
"string",
},
},
PasswordUnlock = "string",
PolicyId = "string",
Priority = 0,
Status = "string",
UsersExcludeds = new[]
{
"string",
},
UsersIncludeds = new[]
{
"string",
},
});
example, err := policy.NewRulePassword(ctx, "rulePasswordResource", &policy.RulePasswordArgs{
GroupsExcludeds: pulumi.StringArray{
pulumi.String("string"),
},
GroupsIncludeds: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
NetworkConnection: pulumi.String("string"),
NetworkExcludes: pulumi.StringArray{
pulumi.String("string"),
},
NetworkIncludes: pulumi.StringArray{
pulumi.String("string"),
},
PasswordChange: pulumi.String("string"),
PasswordReset: pulumi.String("string"),
PasswordResetAccessControl: pulumi.String("string"),
PasswordResetRequirement: &policy.RulePasswordPasswordResetRequirementArgs{
MethodConstraints: policy.RulePasswordPasswordResetRequirementMethodConstraintArray{
&policy.RulePasswordPasswordResetRequirementMethodConstraintArgs{
Method: pulumi.String("string"),
AllowedAuthenticators: pulumi.StringArray{
pulumi.String("string"),
},
},
},
PrimaryMethods: pulumi.StringArray{
pulumi.String("string"),
},
StepUpEnabled: pulumi.Bool(false),
StepUpMethods: pulumi.StringArray{
pulumi.String("string"),
},
},
PasswordUnlock: pulumi.String("string"),
PolicyId: pulumi.String("string"),
Priority: pulumi.Int(0),
Status: pulumi.String("string"),
UsersExcludeds: pulumi.StringArray{
pulumi.String("string"),
},
UsersIncludeds: pulumi.StringArray{
pulumi.String("string"),
},
})
resource "okta_policy_rulepassword" "rulePasswordResource" {
groups_excludeds = ["string"]
groups_includeds = ["string"]
name = "string"
network_connection = "string"
network_excludes = ["string"]
network_includes = ["string"]
password_change = "string"
password_reset = "string"
password_reset_access_control = "string"
password_reset_requirement = {
method_constraints = [{
"method" = "string"
"allowedAuthenticators" = ["string"]
}]
primary_methods = ["string"]
step_up_enabled = false
step_up_methods = ["string"]
}
password_unlock = "string"
policy_id = "string"
priority = 0
status = "string"
users_excludeds = ["string"]
users_includeds = ["string"]
}
var rulePasswordResource = new RulePassword("rulePasswordResource", RulePasswordArgs.builder()
.groupsExcludeds("string")
.groupsIncludeds("string")
.name("string")
.networkConnection("string")
.networkExcludes("string")
.networkIncludes("string")
.passwordChange("string")
.passwordReset("string")
.passwordResetAccessControl("string")
.passwordResetRequirement(RulePasswordPasswordResetRequirementArgs.builder()
.methodConstraints(RulePasswordPasswordResetRequirementMethodConstraintArgs.builder()
.method("string")
.allowedAuthenticators("string")
.build())
.primaryMethods("string")
.stepUpEnabled(false)
.stepUpMethods("string")
.build())
.passwordUnlock("string")
.policyId("string")
.priority(0)
.status("string")
.usersExcludeds("string")
.usersIncludeds("string")
.build());
rule_password_resource = okta.policy.RulePassword("rulePasswordResource",
groups_excludeds=["string"],
groups_includeds=["string"],
name="string",
network_connection="string",
network_excludes=["string"],
network_includes=["string"],
password_change="string",
password_reset="string",
password_reset_access_control="string",
password_reset_requirement={
"method_constraints": [{
"method": "string",
"allowed_authenticators": ["string"],
}],
"primary_methods": ["string"],
"step_up_enabled": False,
"step_up_methods": ["string"],
},
password_unlock="string",
policy_id="string",
priority=0,
status="string",
users_excludeds=["string"],
users_includeds=["string"])
const rulePasswordResource = new okta.policy.RulePassword("rulePasswordResource", {
groupsExcludeds: ["string"],
groupsIncludeds: ["string"],
name: "string",
networkConnection: "string",
networkExcludes: ["string"],
networkIncludes: ["string"],
passwordChange: "string",
passwordReset: "string",
passwordResetAccessControl: "string",
passwordResetRequirement: {
methodConstraints: [{
method: "string",
allowedAuthenticators: ["string"],
}],
primaryMethods: ["string"],
stepUpEnabled: false,
stepUpMethods: ["string"],
},
passwordUnlock: "string",
policyId: "string",
priority: 0,
status: "string",
usersExcludeds: ["string"],
usersIncludeds: ["string"],
});
type: okta:policy:RulePassword
properties:
groupsExcludeds:
- string
groupsIncludeds:
- string
name: string
networkConnection: string
networkExcludes:
- string
networkIncludes:
- string
passwordChange: string
passwordReset: string
passwordResetAccessControl: string
passwordResetRequirement:
methodConstraints:
- allowedAuthenticators:
- string
method: string
primaryMethods:
- string
stepUpEnabled: false
stepUpMethods:
- string
passwordUnlock: string
policyId: string
priority: 0
status: string
usersExcludeds:
- string
usersIncludeds:
- string
RulePassword Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The RulePassword resource accepts the following input properties:
- Groups
Excludeds List<string> - Set of Group IDs to exclude from this rule.
- Groups
Includeds List<string> - Set of Group IDs to include in this rule.
- Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - Network
Excludes List<string> - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - Network
Includes List<string> - Required if
networkConnection=ZONE. Indicates the network zones to include. - Password
Change string - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - Password
Reset string - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - Password
Reset stringAccess Control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - Password
Reset RuleRequirement Password Password Reset Requirement - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - Password
Unlock string - Allow or deny a user to unlock. Default:
DENY - Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - Users
Excludeds List<string> - Set of User IDs to Exclude
- Users
Includeds List<string> - Set of User IDs to include in this rule.
- Groups
Excludeds []string - Set of Group IDs to exclude from this rule.
- Groups
Includeds []string - Set of Group IDs to include in this rule.
- Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - Network
Excludes []string - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - Network
Includes []string - Required if
networkConnection=ZONE. Indicates the network zones to include. - Password
Change string - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - Password
Reset string - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - Password
Reset stringAccess Control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - Password
Reset RuleRequirement Password Password Reset Requirement Args - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - Password
Unlock string - Allow or deny a user to unlock. Default:
DENY - Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - Users
Excludeds []string - Set of User IDs to Exclude
- Users
Includeds []string - Set of User IDs to include in this rule.
- groups_
excludeds list(string) - Set of Group IDs to exclude from this rule.
- groups_
includeds list(string) - Set of Group IDs to include in this rule.
- name string
- Policy Rule Name
- network_
connection string - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - network_
excludes list(string) - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network_
includes list(string) - Required if
networkConnection=ZONE. Indicates the network zones to include. - password_
change string - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - password_
reset string - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - password_
reset_ stringaccess_ control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - password_
reset_ objectrequirement - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - password_
unlock string - Allow or deny a user to unlock. Default:
DENY - policy_
id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - users_
excludeds list(string) - Set of User IDs to Exclude
- users_
includeds list(string) - Set of User IDs to include in this rule.
- groups
Excludeds List<String> - Set of Group IDs to exclude from this rule.
- groups
Includeds List<String> - Set of Group IDs to include in this rule.
- name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - network
Excludes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to include. - password
Change String - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - password
Reset String - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - password
Reset StringAccess Control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - password
Reset RuleRequirement Password Password Reset Requirement - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - password
Unlock String - Allow or deny a user to unlock. Default:
DENY - policy
Id String - Policy ID of the Rule
- priority Integer
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - users
Excludeds List<String> - Set of User IDs to Exclude
- users
Includeds List<String> - Set of User IDs to include in this rule.
- groups
Excludeds string[] - Set of Group IDs to exclude from this rule.
- groups
Includeds string[] - Set of Group IDs to include in this rule.
- name string
- Policy Rule Name
- network
Connection string - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - network
Excludes string[] - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network
Includes string[] - Required if
networkConnection=ZONE. Indicates the network zones to include. - password
Change string - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - password
Reset string - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - password
Reset stringAccess Control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - password
Reset RuleRequirement Password Password Reset Requirement - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - password
Unlock string - Allow or deny a user to unlock. Default:
DENY - policy
Id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - users
Excludeds string[] - Set of User IDs to Exclude
- users
Includeds string[] - Set of User IDs to include in this rule.
- groups_
excludeds Sequence[str] - Set of Group IDs to exclude from this rule.
- groups_
includeds Sequence[str] - Set of Group IDs to include in this rule.
- name str
- Policy Rule Name
- network_
connection str - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - network_
excludes Sequence[str] - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network_
includes Sequence[str] - Required if
networkConnection=ZONE. Indicates the network zones to include. - password_
change str - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - password_
reset str - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - password_
reset_ straccess_ control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - password_
reset_ Rulerequirement Password Password Reset Requirement Args - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - password_
unlock str - Allow or deny a user to unlock. Default:
DENY - policy_
id str - Policy ID of the Rule
- priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status str
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - users_
excludeds Sequence[str] - Set of User IDs to Exclude
- users_
includeds Sequence[str] - Set of User IDs to include in this rule.
- groups
Excludeds List<String> - Set of Group IDs to exclude from this rule.
- groups
Includeds List<String> - Set of Group IDs to include in this rule.
- name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - network
Excludes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to include. - password
Change String - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - password
Reset String - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - password
Reset StringAccess Control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - password
Reset Property MapRequirement - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - password
Unlock String - Allow or deny a user to unlock. Default:
DENY - policy
Id String - Policy ID of the Rule
- priority Number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - users
Excludeds List<String> - Set of User IDs to Exclude
- users
Includeds List<String> - Set of User IDs to include in this rule.
Outputs
All input properties are implicitly available as output properties. Additionally, the RulePassword resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing RulePassword Resource
Get an existing RulePassword resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RulePasswordState, opts?: CustomResourceOptions): RulePassword@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
groups_excludeds: Optional[Sequence[str]] = None,
groups_includeds: Optional[Sequence[str]] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
password_change: Optional[str] = None,
password_reset: Optional[str] = None,
password_reset_access_control: Optional[str] = None,
password_reset_requirement: Optional[RulePasswordPasswordResetRequirementArgs] = None,
password_unlock: Optional[str] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
status: Optional[str] = None,
users_excludeds: Optional[Sequence[str]] = None,
users_includeds: Optional[Sequence[str]] = None) -> RulePasswordfunc GetRulePassword(ctx *Context, name string, id IDInput, state *RulePasswordState, opts ...ResourceOption) (*RulePassword, error)public static RulePassword Get(string name, Input<string> id, RulePasswordState? state, CustomResourceOptions? opts = null)public static RulePassword get(String name, Output<String> id, RulePasswordState state, CustomResourceOptions options)resources: _: type: okta:policy:RulePassword get: id: ${id}import {
to = okta_policy_rulepassword.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Groups
Excludeds List<string> - Set of Group IDs to exclude from this rule.
- Groups
Includeds List<string> - Set of Group IDs to include in this rule.
- Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - Network
Excludes List<string> - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - Network
Includes List<string> - Required if
networkConnection=ZONE. Indicates the network zones to include. - Password
Change string - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - Password
Reset string - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - Password
Reset stringAccess Control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - Password
Reset RuleRequirement Password Password Reset Requirement - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - Password
Unlock string - Allow or deny a user to unlock. Default:
DENY - Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - Users
Excludeds List<string> - Set of User IDs to Exclude
- Users
Includeds List<string> - Set of User IDs to include in this rule.
- Groups
Excludeds []string - Set of Group IDs to exclude from this rule.
- Groups
Includeds []string - Set of Group IDs to include in this rule.
- Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - Network
Excludes []string - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - Network
Includes []string - Required if
networkConnection=ZONE. Indicates the network zones to include. - Password
Change string - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - Password
Reset string - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - Password
Reset stringAccess Control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - Password
Reset RuleRequirement Password Password Reset Requirement Args - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - Password
Unlock string - Allow or deny a user to unlock. Default:
DENY - Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - Users
Excludeds []string - Set of User IDs to Exclude
- Users
Includeds []string - Set of User IDs to include in this rule.
- groups_
excludeds list(string) - Set of Group IDs to exclude from this rule.
- groups_
includeds list(string) - Set of Group IDs to include in this rule.
- name string
- Policy Rule Name
- network_
connection string - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - network_
excludes list(string) - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network_
includes list(string) - Required if
networkConnection=ZONE. Indicates the network zones to include. - password_
change string - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - password_
reset string - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - password_
reset_ stringaccess_ control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - password_
reset_ objectrequirement - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - password_
unlock string - Allow or deny a user to unlock. Default:
DENY - policy_
id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - users_
excludeds list(string) - Set of User IDs to Exclude
- users_
includeds list(string) - Set of User IDs to include in this rule.
- groups
Excludeds List<String> - Set of Group IDs to exclude from this rule.
- groups
Includeds List<String> - Set of Group IDs to include in this rule.
- name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - network
Excludes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to include. - password
Change String - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - password
Reset String - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - password
Reset StringAccess Control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - password
Reset RuleRequirement Password Password Reset Requirement - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - password
Unlock String - Allow or deny a user to unlock. Default:
DENY - policy
Id String - Policy ID of the Rule
- priority Integer
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - users
Excludeds List<String> - Set of User IDs to Exclude
- users
Includeds List<String> - Set of User IDs to include in this rule.
- groups
Excludeds string[] - Set of Group IDs to exclude from this rule.
- groups
Includeds string[] - Set of Group IDs to include in this rule.
- name string
- Policy Rule Name
- network
Connection string - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - network
Excludes string[] - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network
Includes string[] - Required if
networkConnection=ZONE. Indicates the network zones to include. - password
Change string - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - password
Reset string - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - password
Reset stringAccess Control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - password
Reset RuleRequirement Password Password Reset Requirement - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - password
Unlock string - Allow or deny a user to unlock. Default:
DENY - policy
Id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - users
Excludeds string[] - Set of User IDs to Exclude
- users
Includeds string[] - Set of User IDs to include in this rule.
- groups_
excludeds Sequence[str] - Set of Group IDs to exclude from this rule.
- groups_
includeds Sequence[str] - Set of Group IDs to include in this rule.
- name str
- Policy Rule Name
- network_
connection str - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - network_
excludes Sequence[str] - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network_
includes Sequence[str] - Required if
networkConnection=ZONE. Indicates the network zones to include. - password_
change str - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - password_
reset str - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - password_
reset_ straccess_ control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - password_
reset_ Rulerequirement Password Password Reset Requirement Args - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - password_
unlock str - Allow or deny a user to unlock. Default:
DENY - policy_
id str - Policy ID of the Rule
- priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status str
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - users_
excludeds Sequence[str] - Set of User IDs to Exclude
- users_
includeds Sequence[str] - Set of User IDs to include in this rule.
- groups
Excludeds List<String> - Set of Group IDs to exclude from this rule.
- groups
Includeds List<String> - Set of Group IDs to include in this rule.
- name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE. Default:ANYWHERE - network
Excludes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
networkConnection=ZONE. Indicates the network zones to include. - password
Change String - Allow or deny a user to change their password:
ALLOWorDENY. Default:ALLOW - password
Reset String - Allow or deny a user to reset their password:
ALLOWorDENY. Default:ALLOW - password
Reset StringAccess Control - Determines whether the Self-Service Password Reset (SSPR) access is governed by an authentication policy or legacy behavior. Options:
LEGACY,AUTH_POLICY. - password
Reset Property MapRequirement - Self-service password reset (SSPR) requirement settings. Use only when
passwordResetAccessControl = "LEGACY". - password
Unlock String - Allow or deny a user to unlock. Default:
DENY - policy
Id String - Policy ID of the Rule
- priority Number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - users
Excludeds List<String> - Set of User IDs to Exclude
- users
Includeds List<String> - Set of User IDs to include in this rule.
Supporting Types
RulePasswordPasswordResetRequirement, RulePasswordPasswordResetRequirementArgs
- Method
Constraints List<RulePassword Password Reset Requirement Method Constraint> - Constraints on the values specified in the
primaryMethodsset. Specifying a constraint limits methods to specific authenticator(s). Currently, Google OTP is the only accepted constraint. Theotpmethod requires a constraint. - Primary
Methods List<string> - Authenticator methods allowed for the initial authentication step of password recovery. Method
otprequires a constraint limiting it to a Google authenticator. Options:otp,push,sms,email,voice. - Step
Up boolEnabled - Whether a secondary authenticator is required for password reset (
stepUp.required). The following are three valid configurations:required=false,required=truewith no methods to use any SSO authenticator, andrequired=truewithsecurityQuestionas the method. Default:false. - Step
Up List<string>Methods - Authenticator methods required for the secondary authentication step of password recovery. Specify only when
stepUpEnabled = trueandsecurityQuestionis permitted for the secondary authentication. Items value:securityQuestion.
- Method
Constraints []RulePassword Password Reset Requirement Method Constraint - Constraints on the values specified in the
primaryMethodsset. Specifying a constraint limits methods to specific authenticator(s). Currently, Google OTP is the only accepted constraint. Theotpmethod requires a constraint. - Primary
Methods []string - Authenticator methods allowed for the initial authentication step of password recovery. Method
otprequires a constraint limiting it to a Google authenticator. Options:otp,push,sms,email,voice. - Step
Up boolEnabled - Whether a secondary authenticator is required for password reset (
stepUp.required). The following are three valid configurations:required=false,required=truewith no methods to use any SSO authenticator, andrequired=truewithsecurityQuestionas the method. Default:false. - Step
Up []stringMethods - Authenticator methods required for the secondary authentication step of password recovery. Specify only when
stepUpEnabled = trueandsecurityQuestionis permitted for the secondary authentication. Items value:securityQuestion.
- method_
constraints list(object) - Constraints on the values specified in the
primaryMethodsset. Specifying a constraint limits methods to specific authenticator(s). Currently, Google OTP is the only accepted constraint. Theotpmethod requires a constraint. - primary_
methods list(string) - Authenticator methods allowed for the initial authentication step of password recovery. Method
otprequires a constraint limiting it to a Google authenticator. Options:otp,push,sms,email,voice. - step_
up_ boolenabled - Whether a secondary authenticator is required for password reset (
stepUp.required). The following are three valid configurations:required=false,required=truewith no methods to use any SSO authenticator, andrequired=truewithsecurityQuestionas the method. Default:false. - step_
up_ list(string)methods - Authenticator methods required for the secondary authentication step of password recovery. Specify only when
stepUpEnabled = trueandsecurityQuestionis permitted for the secondary authentication. Items value:securityQuestion.
- method
Constraints List<RulePassword Password Reset Requirement Method Constraint> - Constraints on the values specified in the
primaryMethodsset. Specifying a constraint limits methods to specific authenticator(s). Currently, Google OTP is the only accepted constraint. Theotpmethod requires a constraint. - primary
Methods List<String> - Authenticator methods allowed for the initial authentication step of password recovery. Method
otprequires a constraint limiting it to a Google authenticator. Options:otp,push,sms,email,voice. - step
Up BooleanEnabled - Whether a secondary authenticator is required for password reset (
stepUp.required). The following are three valid configurations:required=false,required=truewith no methods to use any SSO authenticator, andrequired=truewithsecurityQuestionas the method. Default:false. - step
Up List<String>Methods - Authenticator methods required for the secondary authentication step of password recovery. Specify only when
stepUpEnabled = trueandsecurityQuestionis permitted for the secondary authentication. Items value:securityQuestion.
- method
Constraints RulePassword Password Reset Requirement Method Constraint[] - Constraints on the values specified in the
primaryMethodsset. Specifying a constraint limits methods to specific authenticator(s). Currently, Google OTP is the only accepted constraint. Theotpmethod requires a constraint. - primary
Methods string[] - Authenticator methods allowed for the initial authentication step of password recovery. Method
otprequires a constraint limiting it to a Google authenticator. Options:otp,push,sms,email,voice. - step
Up booleanEnabled - Whether a secondary authenticator is required for password reset (
stepUp.required). The following are three valid configurations:required=false,required=truewith no methods to use any SSO authenticator, andrequired=truewithsecurityQuestionas the method. Default:false. - step
Up string[]Methods - Authenticator methods required for the secondary authentication step of password recovery. Specify only when
stepUpEnabled = trueandsecurityQuestionis permitted for the secondary authentication. Items value:securityQuestion.
- method_
constraints Sequence[RulePassword Password Reset Requirement Method Constraint] - Constraints on the values specified in the
primaryMethodsset. Specifying a constraint limits methods to specific authenticator(s). Currently, Google OTP is the only accepted constraint. Theotpmethod requires a constraint. - primary_
methods Sequence[str] - Authenticator methods allowed for the initial authentication step of password recovery. Method
otprequires a constraint limiting it to a Google authenticator. Options:otp,push,sms,email,voice. - step_
up_ boolenabled - Whether a secondary authenticator is required for password reset (
stepUp.required). The following are three valid configurations:required=false,required=truewith no methods to use any SSO authenticator, andrequired=truewithsecurityQuestionas the method. Default:false. - step_
up_ Sequence[str]methods - Authenticator methods required for the secondary authentication step of password recovery. Specify only when
stepUpEnabled = trueandsecurityQuestionis permitted for the secondary authentication. Items value:securityQuestion.
- method
Constraints List<Property Map> - Constraints on the values specified in the
primaryMethodsset. Specifying a constraint limits methods to specific authenticator(s). Currently, Google OTP is the only accepted constraint. Theotpmethod requires a constraint. - primary
Methods List<String> - Authenticator methods allowed for the initial authentication step of password recovery. Method
otprequires a constraint limiting it to a Google authenticator. Options:otp,push,sms,email,voice. - step
Up BooleanEnabled - Whether a secondary authenticator is required for password reset (
stepUp.required). The following are three valid configurations:required=false,required=truewith no methods to use any SSO authenticator, andrequired=truewithsecurityQuestionas the method. Default:false. - step
Up List<String>Methods - Authenticator methods required for the secondary authentication step of password recovery. Specify only when
stepUpEnabled = trueandsecurityQuestionis permitted for the secondary authentication. Items value:securityQuestion.
RulePasswordPasswordResetRequirementMethodConstraint, RulePasswordPasswordResetRequirementMethodConstraintArgs
- Method string
- The method to constrain (e.g.
otp). - Allowed
Authenticators List<string> - Keys of the authenticators allowed for this method (e.g.
googleOtp).
- Method string
- The method to constrain (e.g.
otp). - Allowed
Authenticators []string - Keys of the authenticators allowed for this method (e.g.
googleOtp).
- method string
- The method to constrain (e.g.
otp). - allowed_
authenticators list(string) - Keys of the authenticators allowed for this method (e.g.
googleOtp).
- method String
- The method to constrain (e.g.
otp). - allowed
Authenticators List<String> - Keys of the authenticators allowed for this method (e.g.
googleOtp).
- method string
- The method to constrain (e.g.
otp). - allowed
Authenticators string[] - Keys of the authenticators allowed for this method (e.g.
googleOtp).
- method str
- The method to constrain (e.g.
otp). - allowed_
authenticators Sequence[str] - Keys of the authenticators allowed for this method (e.g.
googleOtp).
- method String
- The method to constrain (e.g.
otp). - allowed
Authenticators List<String> - Keys of the authenticators allowed for this method (e.g.
googleOtp).
Import
$ pulumi import okta:policy/rulePassword:RulePassword example <policy_id>/<rule_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oktaTerraform Provider.
Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi
published on Wednesday, Apr 29, 2026 by Pulumi
