okta.policy.RuleSignon
Explore with Pulumi AI
Creates a Sign On Policy Rule. In case Invalid condition type specified: riskScore.
error is thrown, set risc_level
to an empty string, since this feature is not enabled.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var test = new Okta.Policy.Signon("test", new()
{
Status = "ACTIVE",
Description = "Example Policy",
});
var newCity = Okta.GetBehaviour.Invoke(new()
{
Name = "New City",
});
var example = new Okta.Policy.RuleSignon("example", new()
{
Access = "CHALLENGE",
Authtype = "RADIUS",
NetworkConnection = "ANYWHERE",
PolicyId = okta_policy_signon.Example.Id,
Status = "ACTIVE",
RiscLevel = "HIGH",
Behaviors = new[]
{
newCity.Apply(getBehaviourResult => getBehaviourResult.Id),
},
FactorSequences = new[]
{
new Okta.Policy.Inputs.RuleSignonFactorSequenceArgs
{
PrimaryCriteriaFactorType = "token:hotp",
PrimaryCriteriaProvider = "CUSTOM",
SecondaryCriterias = new[]
{
new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
{
FactorType = "token:software:totp",
Provider = "OKTA",
},
new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
{
FactorType = "push",
Provider = "OKTA",
},
new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
{
FactorType = "password",
Provider = "OKTA",
},
new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
{
FactorType = "question",
Provider = "OKTA",
},
new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
{
FactorType = "sms",
Provider = "OKTA",
},
new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
{
FactorType = "token:software:totp",
Provider = "GOOGLE",
},
new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
{
FactorType = "email",
Provider = "OKTA",
},
new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
{
FactorType = "call",
Provider = "OKTA",
},
new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
{
FactorType = "webauthn",
Provider = "FIDO",
},
new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
{
FactorType = "token",
Provider = "RSA",
},
new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
{
FactorType = "token",
Provider = "SYMANTEC",
},
},
},
new Okta.Policy.Inputs.RuleSignonFactorSequenceArgs
{
PrimaryCriteriaFactorType = "token:software:totp",
PrimaryCriteriaProvider = "OKTA",
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta"
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := policy.NewSignon(ctx, "test", &policy.SignonArgs{
Status: pulumi.String("ACTIVE"),
Description: pulumi.String("Example Policy"),
})
if err != nil {
return err
}
newCity, err := okta.LookupBehaviour(ctx, &okta.LookupBehaviourArgs{
Name: pulumi.StringRef("New City"),
}, nil)
if err != nil {
return err
}
_, err = policy.NewRuleSignon(ctx, "example", &policy.RuleSignonArgs{
Access: pulumi.String("CHALLENGE"),
Authtype: pulumi.String("RADIUS"),
NetworkConnection: pulumi.String("ANYWHERE"),
PolicyId: pulumi.Any(okta_policy_signon.Example.Id),
Status: pulumi.String("ACTIVE"),
RiscLevel: pulumi.String("HIGH"),
Behaviors: pulumi.StringArray{
*pulumi.String(newCity.Id),
},
FactorSequences: policy.RuleSignonFactorSequenceArray{
&policy.RuleSignonFactorSequenceArgs{
PrimaryCriteriaFactorType: pulumi.String("token:hotp"),
PrimaryCriteriaProvider: pulumi.String("CUSTOM"),
SecondaryCriterias: policy.RuleSignonFactorSequenceSecondaryCriteriaArray{
&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
FactorType: pulumi.String("token:software:totp"),
Provider: pulumi.String("OKTA"),
},
&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
FactorType: pulumi.String("push"),
Provider: pulumi.String("OKTA"),
},
&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
FactorType: pulumi.String("password"),
Provider: pulumi.String("OKTA"),
},
&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
FactorType: pulumi.String("question"),
Provider: pulumi.String("OKTA"),
},
&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
FactorType: pulumi.String("sms"),
Provider: pulumi.String("OKTA"),
},
&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
FactorType: pulumi.String("token:software:totp"),
Provider: pulumi.String("GOOGLE"),
},
&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
FactorType: pulumi.String("email"),
Provider: pulumi.String("OKTA"),
},
&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
FactorType: pulumi.String("call"),
Provider: pulumi.String("OKTA"),
},
&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
FactorType: pulumi.String("webauthn"),
Provider: pulumi.String("FIDO"),
},
&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
FactorType: pulumi.String("token"),
Provider: pulumi.String("RSA"),
},
&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
FactorType: pulumi.String("token"),
Provider: pulumi.String("SYMANTEC"),
},
},
},
&policy.RuleSignonFactorSequenceArgs{
PrimaryCriteriaFactorType: pulumi.String("token:software:totp"),
PrimaryCriteriaProvider: pulumi.String("OKTA"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.Signon;
import com.pulumi.okta.policy.SignonArgs;
import com.pulumi.okta.OktaFunctions;
import com.pulumi.okta.inputs.GetBehaviourArgs;
import com.pulumi.okta.policy.RuleSignon;
import com.pulumi.okta.policy.RuleSignonArgs;
import com.pulumi.okta.policy.inputs.RuleSignonFactorSequenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new Signon("test", SignonArgs.builder()
.status("ACTIVE")
.description("Example Policy")
.build());
final var newCity = OktaFunctions.getBehaviour(GetBehaviourArgs.builder()
.name("New City")
.build());
var example = new RuleSignon("example", RuleSignonArgs.builder()
.access("CHALLENGE")
.authtype("RADIUS")
.networkConnection("ANYWHERE")
.policyId(okta_policy_signon.example().id())
.status("ACTIVE")
.riscLevel("HIGH")
.behaviors(newCity.applyValue(getBehaviourResult -> getBehaviourResult.id()))
.factorSequences(
RuleSignonFactorSequenceArgs.builder()
.primaryCriteriaFactorType("token:hotp")
.primaryCriteriaProvider("CUSTOM")
.secondaryCriterias(
RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
.factorType("token:software:totp")
.provider("OKTA")
.build(),
RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
.factorType("push")
.provider("OKTA")
.build(),
RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
.factorType("password")
.provider("OKTA")
.build(),
RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
.factorType("question")
.provider("OKTA")
.build(),
RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
.factorType("sms")
.provider("OKTA")
.build(),
RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
.factorType("token:software:totp")
.provider("GOOGLE")
.build(),
RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
.factorType("email")
.provider("OKTA")
.build(),
RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
.factorType("call")
.provider("OKTA")
.build(),
RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
.factorType("webauthn")
.provider("FIDO")
.build(),
RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
.factorType("token")
.provider("RSA")
.build(),
RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
.factorType("token")
.provider("SYMANTEC")
.build())
.build(),
RuleSignonFactorSequenceArgs.builder()
.primaryCriteriaFactorType("token:software:totp")
.primaryCriteriaProvider("OKTA")
.build())
.build());
}
}
import pulumi
import pulumi_okta as okta
test = okta.policy.Signon("test",
status="ACTIVE",
description="Example Policy")
new_city = okta.get_behaviour(name="New City")
example = okta.policy.RuleSignon("example",
access="CHALLENGE",
authtype="RADIUS",
network_connection="ANYWHERE",
policy_id=okta_policy_signon["example"]["id"],
status="ACTIVE",
risc_level="HIGH",
behaviors=[new_city.id],
factor_sequences=[
okta.policy.RuleSignonFactorSequenceArgs(
primary_criteria_factor_type="token:hotp",
primary_criteria_provider="CUSTOM",
secondary_criterias=[
okta.policy.RuleSignonFactorSequenceSecondaryCriteriaArgs(
factor_type="token:software:totp",
provider="OKTA",
),
okta.policy.RuleSignonFactorSequenceSecondaryCriteriaArgs(
factor_type="push",
provider="OKTA",
),
okta.policy.RuleSignonFactorSequenceSecondaryCriteriaArgs(
factor_type="password",
provider="OKTA",
),
okta.policy.RuleSignonFactorSequenceSecondaryCriteriaArgs(
factor_type="question",
provider="OKTA",
),
okta.policy.RuleSignonFactorSequenceSecondaryCriteriaArgs(
factor_type="sms",
provider="OKTA",
),
okta.policy.RuleSignonFactorSequenceSecondaryCriteriaArgs(
factor_type="token:software:totp",
provider="GOOGLE",
),
okta.policy.RuleSignonFactorSequenceSecondaryCriteriaArgs(
factor_type="email",
provider="OKTA",
),
okta.policy.RuleSignonFactorSequenceSecondaryCriteriaArgs(
factor_type="call",
provider="OKTA",
),
okta.policy.RuleSignonFactorSequenceSecondaryCriteriaArgs(
factor_type="webauthn",
provider="FIDO",
),
okta.policy.RuleSignonFactorSequenceSecondaryCriteriaArgs(
factor_type="token",
provider="RSA",
),
okta.policy.RuleSignonFactorSequenceSecondaryCriteriaArgs(
factor_type="token",
provider="SYMANTEC",
),
],
),
okta.policy.RuleSignonFactorSequenceArgs(
primary_criteria_factor_type="token:software:totp",
primary_criteria_provider="OKTA",
),
])
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const test = new okta.policy.Signon("test", {
status: "ACTIVE",
description: "Example Policy",
});
const newCity = okta.getBehaviour({
name: "New City",
});
const example = new okta.policy.RuleSignon("example", {
access: "CHALLENGE",
authtype: "RADIUS",
networkConnection: "ANYWHERE",
policyId: okta_policy_signon.example.id,
status: "ACTIVE",
riscLevel: "HIGH",
behaviors: [newCity.then(newCity => newCity.id)],
factorSequences: [
{
primaryCriteriaFactorType: "token:hotp",
primaryCriteriaProvider: "CUSTOM",
secondaryCriterias: [
{
factorType: "token:software:totp",
provider: "OKTA",
},
{
factorType: "push",
provider: "OKTA",
},
{
factorType: "password",
provider: "OKTA",
},
{
factorType: "question",
provider: "OKTA",
},
{
factorType: "sms",
provider: "OKTA",
},
{
factorType: "token:software:totp",
provider: "GOOGLE",
},
{
factorType: "email",
provider: "OKTA",
},
{
factorType: "call",
provider: "OKTA",
},
{
factorType: "webauthn",
provider: "FIDO",
},
{
factorType: "token",
provider: "RSA",
},
{
factorType: "token",
provider: "SYMANTEC",
},
],
},
{
primaryCriteriaFactorType: "token:software:totp",
primaryCriteriaProvider: "OKTA",
},
],
});
resources:
test:
type: okta:policy:Signon
properties:
status: ACTIVE
description: Example Policy
example:
type: okta:policy:RuleSignon
properties:
access: CHALLENGE
authtype: RADIUS
networkConnection: ANYWHERE
policyId: ${okta_policy_signon.example.id}
status: ACTIVE
riscLevel: HIGH
behaviors:
- ${newCity.id}
factorSequences:
- primaryCriteriaFactorType: token:hotp
primaryCriteriaProvider: CUSTOM
secondaryCriterias:
- factorType: token:software:totp
provider: OKTA
- factorType: push
provider: OKTA
- factorType: password
provider: OKTA
- factorType: question
provider: OKTA
- factorType: sms
provider: OKTA
- factorType: token:software:totp
provider: GOOGLE
- factorType: email
provider: OKTA
- factorType: call
provider: OKTA
- factorType: webauthn
provider: FIDO
- factorType: token
provider: RSA
- factorType: token
provider: SYMANTEC
- primaryCriteriaFactorType: token:software:totp
primaryCriteriaProvider: OKTA
variables:
newCity:
fn::invoke:
Function: okta:getBehaviour
Arguments:
name: New City
Create RuleSignon Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RuleSignon(name: string, args?: RuleSignonArgs, opts?: CustomResourceOptions);
@overload
def RuleSignon(resource_name: str,
args: Optional[RuleSignonArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def RuleSignon(resource_name: str,
opts: Optional[ResourceOptions] = None,
access: Optional[str] = None,
authtype: Optional[str] = None,
behaviors: Optional[Sequence[str]] = None,
factor_sequences: Optional[Sequence[RuleSignonFactorSequenceArgs]] = None,
identity_provider: Optional[str] = None,
identity_provider_ids: Optional[Sequence[str]] = None,
mfa_lifetime: Optional[int] = None,
mfa_prompt: Optional[str] = None,
mfa_remember_device: Optional[bool] = None,
mfa_required: Optional[bool] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
policy_id: Optional[str] = None,
primary_factor: Optional[str] = None,
priority: Optional[int] = None,
risc_level: Optional[str] = None,
session_idle: Optional[int] = None,
session_lifetime: Optional[int] = None,
session_persistent: Optional[bool] = None,
status: Optional[str] = None,
users_excludeds: Optional[Sequence[str]] = None)
func NewRuleSignon(ctx *Context, name string, args *RuleSignonArgs, opts ...ResourceOption) (*RuleSignon, error)
public RuleSignon(string name, RuleSignonArgs? args = null, CustomResourceOptions? opts = null)
public RuleSignon(String name, RuleSignonArgs args)
public RuleSignon(String name, RuleSignonArgs args, CustomResourceOptions options)
type: okta:policy:RuleSignon
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RuleSignonArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RuleSignonArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RuleSignonArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleSignonArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RuleSignonArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var ruleSignonResource = new Okta.Policy.RuleSignon("ruleSignonResource", new()
{
Access = "string",
Authtype = "string",
Behaviors = new[]
{
"string",
},
FactorSequences = new[]
{
new Okta.Policy.Inputs.RuleSignonFactorSequenceArgs
{
PrimaryCriteriaFactorType = "string",
PrimaryCriteriaProvider = "string",
SecondaryCriterias = new[]
{
new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
{
FactorType = "string",
Provider = "string",
},
},
},
},
IdentityProvider = "string",
IdentityProviderIds = new[]
{
"string",
},
MfaLifetime = 0,
MfaPrompt = "string",
MfaRememberDevice = false,
MfaRequired = false,
Name = "string",
NetworkConnection = "string",
NetworkExcludes = new[]
{
"string",
},
NetworkIncludes = new[]
{
"string",
},
PolicyId = "string",
PrimaryFactor = "string",
Priority = 0,
RiscLevel = "string",
SessionIdle = 0,
SessionLifetime = 0,
SessionPersistent = false,
Status = "string",
UsersExcludeds = new[]
{
"string",
},
});
example, err := policy.NewRuleSignon(ctx, "ruleSignonResource", &policy.RuleSignonArgs{
Access: pulumi.String("string"),
Authtype: pulumi.String("string"),
Behaviors: pulumi.StringArray{
pulumi.String("string"),
},
FactorSequences: policy.RuleSignonFactorSequenceArray{
&policy.RuleSignonFactorSequenceArgs{
PrimaryCriteriaFactorType: pulumi.String("string"),
PrimaryCriteriaProvider: pulumi.String("string"),
SecondaryCriterias: policy.RuleSignonFactorSequenceSecondaryCriteriaArray{
&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
FactorType: pulumi.String("string"),
Provider: pulumi.String("string"),
},
},
},
},
IdentityProvider: pulumi.String("string"),
IdentityProviderIds: pulumi.StringArray{
pulumi.String("string"),
},
MfaLifetime: pulumi.Int(0),
MfaPrompt: pulumi.String("string"),
MfaRememberDevice: pulumi.Bool(false),
MfaRequired: pulumi.Bool(false),
Name: pulumi.String("string"),
NetworkConnection: pulumi.String("string"),
NetworkExcludes: pulumi.StringArray{
pulumi.String("string"),
},
NetworkIncludes: pulumi.StringArray{
pulumi.String("string"),
},
PolicyId: pulumi.String("string"),
PrimaryFactor: pulumi.String("string"),
Priority: pulumi.Int(0),
RiscLevel: pulumi.String("string"),
SessionIdle: pulumi.Int(0),
SessionLifetime: pulumi.Int(0),
SessionPersistent: pulumi.Bool(false),
Status: pulumi.String("string"),
UsersExcludeds: pulumi.StringArray{
pulumi.String("string"),
},
})
var ruleSignonResource = new RuleSignon("ruleSignonResource", RuleSignonArgs.builder()
.access("string")
.authtype("string")
.behaviors("string")
.factorSequences(RuleSignonFactorSequenceArgs.builder()
.primaryCriteriaFactorType("string")
.primaryCriteriaProvider("string")
.secondaryCriterias(RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
.factorType("string")
.provider("string")
.build())
.build())
.identityProvider("string")
.identityProviderIds("string")
.mfaLifetime(0)
.mfaPrompt("string")
.mfaRememberDevice(false)
.mfaRequired(false)
.name("string")
.networkConnection("string")
.networkExcludes("string")
.networkIncludes("string")
.policyId("string")
.primaryFactor("string")
.priority(0)
.riscLevel("string")
.sessionIdle(0)
.sessionLifetime(0)
.sessionPersistent(false)
.status("string")
.usersExcludeds("string")
.build());
rule_signon_resource = okta.policy.RuleSignon("ruleSignonResource",
access="string",
authtype="string",
behaviors=["string"],
factor_sequences=[okta.policy.RuleSignonFactorSequenceArgs(
primary_criteria_factor_type="string",
primary_criteria_provider="string",
secondary_criterias=[okta.policy.RuleSignonFactorSequenceSecondaryCriteriaArgs(
factor_type="string",
provider="string",
)],
)],
identity_provider="string",
identity_provider_ids=["string"],
mfa_lifetime=0,
mfa_prompt="string",
mfa_remember_device=False,
mfa_required=False,
name="string",
network_connection="string",
network_excludes=["string"],
network_includes=["string"],
policy_id="string",
primary_factor="string",
priority=0,
risc_level="string",
session_idle=0,
session_lifetime=0,
session_persistent=False,
status="string",
users_excludeds=["string"])
const ruleSignonResource = new okta.policy.RuleSignon("ruleSignonResource", {
access: "string",
authtype: "string",
behaviors: ["string"],
factorSequences: [{
primaryCriteriaFactorType: "string",
primaryCriteriaProvider: "string",
secondaryCriterias: [{
factorType: "string",
provider: "string",
}],
}],
identityProvider: "string",
identityProviderIds: ["string"],
mfaLifetime: 0,
mfaPrompt: "string",
mfaRememberDevice: false,
mfaRequired: false,
name: "string",
networkConnection: "string",
networkExcludes: ["string"],
networkIncludes: ["string"],
policyId: "string",
primaryFactor: "string",
priority: 0,
riscLevel: "string",
sessionIdle: 0,
sessionLifetime: 0,
sessionPersistent: false,
status: "string",
usersExcludeds: ["string"],
});
type: okta:policy:RuleSignon
properties:
access: string
authtype: string
behaviors:
- string
factorSequences:
- primaryCriteriaFactorType: string
primaryCriteriaProvider: string
secondaryCriterias:
- factorType: string
provider: string
identityProvider: string
identityProviderIds:
- string
mfaLifetime: 0
mfaPrompt: string
mfaRememberDevice: false
mfaRequired: false
name: string
networkConnection: string
networkExcludes:
- string
networkIncludes:
- string
policyId: string
primaryFactor: string
priority: 0
riscLevel: string
sessionIdle: 0
sessionLifetime: 0
sessionPersistent: false
status: string
usersExcludeds:
- string
RuleSignon Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The RuleSignon resource accepts the following input properties:
- Access string
- Allow or deny access based on the rule conditions:
"ALLOW"
,"DENY"
or"CHALLENGE"
. The default is"ALLOW"
. - Authtype string
- Authentication entrypoint:
"ANY"
,"LDAP_INTERFACE"
or"RADIUS"
. - Behaviors List<string>
- List of behavior IDs.
- Factor
Sequences List<RuleSignon Factor Sequence> - Auth factor sequences. Should be set if
access = "CHALLENGE"
. - Identity
Provider string Defines the identity provider for this rule. Valid values are
"ANY"
,"OKTA"
, and"SPECIFIC_IDP"
.WARNING: Use of
identity_provider
requires a feature flag to be enabled.- Identity
Provider List<string>Ids - When identity_provider is
"SPECIFIC_IDP"
then this is the list of IdP IDs to apply the rule on. - Mfa
Lifetime int - Elapsed time before the next MFA challenge.
- Mfa
Prompt string - Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt:
"DEVICE"
,"SESSION"
or"ALWAYS"
. - Mfa
Remember boolDevice - Remember MFA device. The default
false
. - Mfa
Required bool - Require MFA. By default is
false
. - Name string
- Policy Rule Name.
- Network
Connection string - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - Network
Excludes List<string> - The network zones to exclude. Conflicts with
network_includes
. - Network
Includes List<string> - The network zones to include. Conflicts with
network_excludes
. - Policy
Id string - Policy ID.
- Primary
Factor string - Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values:
"PASSWORD_IDP_ANY_FACTOR"
,"PASSWORD_IDP"
. - Priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Risc
Level string - Risc level:
"ANY"
,"LOW"
,"MEDIUM"
or"HIGH"
. Default is"ANY"
. It can be also set to an empty string in caseRISC_SCORING
org feature flag is disabled. - Session
Idle int - Max minutes a session can be idle.,
- Session
Lifetime int - Max minutes a session is active: Disable = 0.
- Session
Persistent bool - Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.
- Status string
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - Users
Excludeds List<string> - The list of user IDs that would be excluded when rules are processed.
- Access string
- Allow or deny access based on the rule conditions:
"ALLOW"
,"DENY"
or"CHALLENGE"
. The default is"ALLOW"
. - Authtype string
- Authentication entrypoint:
"ANY"
,"LDAP_INTERFACE"
or"RADIUS"
. - Behaviors []string
- List of behavior IDs.
- Factor
Sequences []RuleSignon Factor Sequence Args - Auth factor sequences. Should be set if
access = "CHALLENGE"
. - Identity
Provider string Defines the identity provider for this rule. Valid values are
"ANY"
,"OKTA"
, and"SPECIFIC_IDP"
.WARNING: Use of
identity_provider
requires a feature flag to be enabled.- Identity
Provider []stringIds - When identity_provider is
"SPECIFIC_IDP"
then this is the list of IdP IDs to apply the rule on. - Mfa
Lifetime int - Elapsed time before the next MFA challenge.
- Mfa
Prompt string - Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt:
"DEVICE"
,"SESSION"
or"ALWAYS"
. - Mfa
Remember boolDevice - Remember MFA device. The default
false
. - Mfa
Required bool - Require MFA. By default is
false
. - Name string
- Policy Rule Name.
- Network
Connection string - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - Network
Excludes []string - The network zones to exclude. Conflicts with
network_includes
. - Network
Includes []string - The network zones to include. Conflicts with
network_excludes
. - Policy
Id string - Policy ID.
- Primary
Factor string - Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values:
"PASSWORD_IDP_ANY_FACTOR"
,"PASSWORD_IDP"
. - Priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Risc
Level string - Risc level:
"ANY"
,"LOW"
,"MEDIUM"
or"HIGH"
. Default is"ANY"
. It can be also set to an empty string in caseRISC_SCORING
org feature flag is disabled. - Session
Idle int - Max minutes a session can be idle.,
- Session
Lifetime int - Max minutes a session is active: Disable = 0.
- Session
Persistent bool - Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.
- Status string
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - Users
Excludeds []string - The list of user IDs that would be excluded when rules are processed.
- access String
- Allow or deny access based on the rule conditions:
"ALLOW"
,"DENY"
or"CHALLENGE"
. The default is"ALLOW"
. - authtype String
- Authentication entrypoint:
"ANY"
,"LDAP_INTERFACE"
or"RADIUS"
. - behaviors List<String>
- List of behavior IDs.
- factor
Sequences List<RuleSignon Factor Sequence> - Auth factor sequences. Should be set if
access = "CHALLENGE"
. - identity
Provider String Defines the identity provider for this rule. Valid values are
"ANY"
,"OKTA"
, and"SPECIFIC_IDP"
.WARNING: Use of
identity_provider
requires a feature flag to be enabled.- identity
Provider List<String>Ids - When identity_provider is
"SPECIFIC_IDP"
then this is the list of IdP IDs to apply the rule on. - mfa
Lifetime Integer - Elapsed time before the next MFA challenge.
- mfa
Prompt String - Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt:
"DEVICE"
,"SESSION"
or"ALWAYS"
. - mfa
Remember BooleanDevice - Remember MFA device. The default
false
. - mfa
Required Boolean - Require MFA. By default is
false
. - name String
- Policy Rule Name.
- network
Connection String - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network
Excludes List<String> - The network zones to exclude. Conflicts with
network_includes
. - network
Includes List<String> - The network zones to include. Conflicts with
network_excludes
. - policy
Id String - Policy ID.
- primary
Factor String - Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values:
"PASSWORD_IDP_ANY_FACTOR"
,"PASSWORD_IDP"
. - priority Integer
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- risc
Level String - Risc level:
"ANY"
,"LOW"
,"MEDIUM"
or"HIGH"
. Default is"ANY"
. It can be also set to an empty string in caseRISC_SCORING
org feature flag is disabled. - session
Idle Integer - Max minutes a session can be idle.,
- session
Lifetime Integer - Max minutes a session is active: Disable = 0.
- session
Persistent Boolean - Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.
- status String
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users
Excludeds List<String> - The list of user IDs that would be excluded when rules are processed.
- access string
- Allow or deny access based on the rule conditions:
"ALLOW"
,"DENY"
or"CHALLENGE"
. The default is"ALLOW"
. - authtype string
- Authentication entrypoint:
"ANY"
,"LDAP_INTERFACE"
or"RADIUS"
. - behaviors string[]
- List of behavior IDs.
- factor
Sequences RuleSignon Factor Sequence[] - Auth factor sequences. Should be set if
access = "CHALLENGE"
. - identity
Provider string Defines the identity provider for this rule. Valid values are
"ANY"
,"OKTA"
, and"SPECIFIC_IDP"
.WARNING: Use of
identity_provider
requires a feature flag to be enabled.- identity
Provider string[]Ids - When identity_provider is
"SPECIFIC_IDP"
then this is the list of IdP IDs to apply the rule on. - mfa
Lifetime number - Elapsed time before the next MFA challenge.
- mfa
Prompt string - Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt:
"DEVICE"
,"SESSION"
or"ALWAYS"
. - mfa
Remember booleanDevice - Remember MFA device. The default
false
. - mfa
Required boolean - Require MFA. By default is
false
. - name string
- Policy Rule Name.
- network
Connection string - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network
Excludes string[] - The network zones to exclude. Conflicts with
network_includes
. - network
Includes string[] - The network zones to include. Conflicts with
network_excludes
. - policy
Id string - Policy ID.
- primary
Factor string - Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values:
"PASSWORD_IDP_ANY_FACTOR"
,"PASSWORD_IDP"
. - priority number
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- risc
Level string - Risc level:
"ANY"
,"LOW"
,"MEDIUM"
or"HIGH"
. Default is"ANY"
. It can be also set to an empty string in caseRISC_SCORING
org feature flag is disabled. - session
Idle number - Max minutes a session can be idle.,
- session
Lifetime number - Max minutes a session is active: Disable = 0.
- session
Persistent boolean - Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.
- status string
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users
Excludeds string[] - The list of user IDs that would be excluded when rules are processed.
- access str
- Allow or deny access based on the rule conditions:
"ALLOW"
,"DENY"
or"CHALLENGE"
. The default is"ALLOW"
. - authtype str
- Authentication entrypoint:
"ANY"
,"LDAP_INTERFACE"
or"RADIUS"
. - behaviors Sequence[str]
- List of behavior IDs.
- factor_
sequences Sequence[RuleSignon Factor Sequence Args] - Auth factor sequences. Should be set if
access = "CHALLENGE"
. - identity_
provider str Defines the identity provider for this rule. Valid values are
"ANY"
,"OKTA"
, and"SPECIFIC_IDP"
.WARNING: Use of
identity_provider
requires a feature flag to be enabled.- identity_
provider_ Sequence[str]ids - When identity_provider is
"SPECIFIC_IDP"
then this is the list of IdP IDs to apply the rule on. - mfa_
lifetime int - Elapsed time before the next MFA challenge.
- mfa_
prompt str - Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt:
"DEVICE"
,"SESSION"
or"ALWAYS"
. - mfa_
remember_ booldevice - Remember MFA device. The default
false
. - mfa_
required bool - Require MFA. By default is
false
. - name str
- Policy Rule Name.
- network_
connection str - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network_
excludes Sequence[str] - The network zones to exclude. Conflicts with
network_includes
. - network_
includes Sequence[str] - The network zones to include. Conflicts with
network_excludes
. - policy_
id str - Policy ID.
- primary_
factor str - Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values:
"PASSWORD_IDP_ANY_FACTOR"
,"PASSWORD_IDP"
. - priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- risc_
level str - Risc level:
"ANY"
,"LOW"
,"MEDIUM"
or"HIGH"
. Default is"ANY"
. It can be also set to an empty string in caseRISC_SCORING
org feature flag is disabled. - session_
idle int - Max minutes a session can be idle.,
- session_
lifetime int - Max minutes a session is active: Disable = 0.
- session_
persistent bool - Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.
- status str
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users_
excludeds Sequence[str] - The list of user IDs that would be excluded when rules are processed.
- access String
- Allow or deny access based on the rule conditions:
"ALLOW"
,"DENY"
or"CHALLENGE"
. The default is"ALLOW"
. - authtype String
- Authentication entrypoint:
"ANY"
,"LDAP_INTERFACE"
or"RADIUS"
. - behaviors List<String>
- List of behavior IDs.
- factor
Sequences List<Property Map> - Auth factor sequences. Should be set if
access = "CHALLENGE"
. - identity
Provider String Defines the identity provider for this rule. Valid values are
"ANY"
,"OKTA"
, and"SPECIFIC_IDP"
.WARNING: Use of
identity_provider
requires a feature flag to be enabled.- identity
Provider List<String>Ids - When identity_provider is
"SPECIFIC_IDP"
then this is the list of IdP IDs to apply the rule on. - mfa
Lifetime Number - Elapsed time before the next MFA challenge.
- mfa
Prompt String - Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt:
"DEVICE"
,"SESSION"
or"ALWAYS"
. - mfa
Remember BooleanDevice - Remember MFA device. The default
false
. - mfa
Required Boolean - Require MFA. By default is
false
. - name String
- Policy Rule Name.
- network
Connection String - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network
Excludes List<String> - The network zones to exclude. Conflicts with
network_includes
. - network
Includes List<String> - The network zones to include. Conflicts with
network_excludes
. - policy
Id String - Policy ID.
- primary
Factor String - Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values:
"PASSWORD_IDP_ANY_FACTOR"
,"PASSWORD_IDP"
. - priority Number
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- risc
Level String - Risc level:
"ANY"
,"LOW"
,"MEDIUM"
or"HIGH"
. Default is"ANY"
. It can be also set to an empty string in caseRISC_SCORING
org feature flag is disabled. - session
Idle Number - Max minutes a session can be idle.,
- session
Lifetime Number - Max minutes a session is active: Disable = 0.
- session
Persistent Boolean - Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.
- status String
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users
Excludeds List<String> - The list of user IDs that would be excluded when rules are processed.
Outputs
All input properties are implicitly available as output properties. Additionally, the RuleSignon resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing RuleSignon Resource
Get an existing RuleSignon resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RuleSignonState, opts?: CustomResourceOptions): RuleSignon
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access: Optional[str] = None,
authtype: Optional[str] = None,
behaviors: Optional[Sequence[str]] = None,
factor_sequences: Optional[Sequence[RuleSignonFactorSequenceArgs]] = None,
identity_provider: Optional[str] = None,
identity_provider_ids: Optional[Sequence[str]] = None,
mfa_lifetime: Optional[int] = None,
mfa_prompt: Optional[str] = None,
mfa_remember_device: Optional[bool] = None,
mfa_required: Optional[bool] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
policy_id: Optional[str] = None,
primary_factor: Optional[str] = None,
priority: Optional[int] = None,
risc_level: Optional[str] = None,
session_idle: Optional[int] = None,
session_lifetime: Optional[int] = None,
session_persistent: Optional[bool] = None,
status: Optional[str] = None,
users_excludeds: Optional[Sequence[str]] = None) -> RuleSignon
func GetRuleSignon(ctx *Context, name string, id IDInput, state *RuleSignonState, opts ...ResourceOption) (*RuleSignon, error)
public static RuleSignon Get(string name, Input<string> id, RuleSignonState? state, CustomResourceOptions? opts = null)
public static RuleSignon get(String name, Output<String> id, RuleSignonState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access string
- Allow or deny access based on the rule conditions:
"ALLOW"
,"DENY"
or"CHALLENGE"
. The default is"ALLOW"
. - Authtype string
- Authentication entrypoint:
"ANY"
,"LDAP_INTERFACE"
or"RADIUS"
. - Behaviors List<string>
- List of behavior IDs.
- Factor
Sequences List<RuleSignon Factor Sequence> - Auth factor sequences. Should be set if
access = "CHALLENGE"
. - Identity
Provider string Defines the identity provider for this rule. Valid values are
"ANY"
,"OKTA"
, and"SPECIFIC_IDP"
.WARNING: Use of
identity_provider
requires a feature flag to be enabled.- Identity
Provider List<string>Ids - When identity_provider is
"SPECIFIC_IDP"
then this is the list of IdP IDs to apply the rule on. - Mfa
Lifetime int - Elapsed time before the next MFA challenge.
- Mfa
Prompt string - Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt:
"DEVICE"
,"SESSION"
or"ALWAYS"
. - Mfa
Remember boolDevice - Remember MFA device. The default
false
. - Mfa
Required bool - Require MFA. By default is
false
. - Name string
- Policy Rule Name.
- Network
Connection string - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - Network
Excludes List<string> - The network zones to exclude. Conflicts with
network_includes
. - Network
Includes List<string> - The network zones to include. Conflicts with
network_excludes
. - Policy
Id string - Policy ID.
- Primary
Factor string - Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values:
"PASSWORD_IDP_ANY_FACTOR"
,"PASSWORD_IDP"
. - Priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Risc
Level string - Risc level:
"ANY"
,"LOW"
,"MEDIUM"
or"HIGH"
. Default is"ANY"
. It can be also set to an empty string in caseRISC_SCORING
org feature flag is disabled. - Session
Idle int - Max minutes a session can be idle.,
- Session
Lifetime int - Max minutes a session is active: Disable = 0.
- Session
Persistent bool - Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.
- Status string
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - Users
Excludeds List<string> - The list of user IDs that would be excluded when rules are processed.
- Access string
- Allow or deny access based on the rule conditions:
"ALLOW"
,"DENY"
or"CHALLENGE"
. The default is"ALLOW"
. - Authtype string
- Authentication entrypoint:
"ANY"
,"LDAP_INTERFACE"
or"RADIUS"
. - Behaviors []string
- List of behavior IDs.
- Factor
Sequences []RuleSignon Factor Sequence Args - Auth factor sequences. Should be set if
access = "CHALLENGE"
. - Identity
Provider string Defines the identity provider for this rule. Valid values are
"ANY"
,"OKTA"
, and"SPECIFIC_IDP"
.WARNING: Use of
identity_provider
requires a feature flag to be enabled.- Identity
Provider []stringIds - When identity_provider is
"SPECIFIC_IDP"
then this is the list of IdP IDs to apply the rule on. - Mfa
Lifetime int - Elapsed time before the next MFA challenge.
- Mfa
Prompt string - Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt:
"DEVICE"
,"SESSION"
or"ALWAYS"
. - Mfa
Remember boolDevice - Remember MFA device. The default
false
. - Mfa
Required bool - Require MFA. By default is
false
. - Name string
- Policy Rule Name.
- Network
Connection string - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - Network
Excludes []string - The network zones to exclude. Conflicts with
network_includes
. - Network
Includes []string - The network zones to include. Conflicts with
network_excludes
. - Policy
Id string - Policy ID.
- Primary
Factor string - Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values:
"PASSWORD_IDP_ANY_FACTOR"
,"PASSWORD_IDP"
. - Priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- Risc
Level string - Risc level:
"ANY"
,"LOW"
,"MEDIUM"
or"HIGH"
. Default is"ANY"
. It can be also set to an empty string in caseRISC_SCORING
org feature flag is disabled. - Session
Idle int - Max minutes a session can be idle.,
- Session
Lifetime int - Max minutes a session is active: Disable = 0.
- Session
Persistent bool - Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.
- Status string
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - Users
Excludeds []string - The list of user IDs that would be excluded when rules are processed.
- access String
- Allow or deny access based on the rule conditions:
"ALLOW"
,"DENY"
or"CHALLENGE"
. The default is"ALLOW"
. - authtype String
- Authentication entrypoint:
"ANY"
,"LDAP_INTERFACE"
or"RADIUS"
. - behaviors List<String>
- List of behavior IDs.
- factor
Sequences List<RuleSignon Factor Sequence> - Auth factor sequences. Should be set if
access = "CHALLENGE"
. - identity
Provider String Defines the identity provider for this rule. Valid values are
"ANY"
,"OKTA"
, and"SPECIFIC_IDP"
.WARNING: Use of
identity_provider
requires a feature flag to be enabled.- identity
Provider List<String>Ids - When identity_provider is
"SPECIFIC_IDP"
then this is the list of IdP IDs to apply the rule on. - mfa
Lifetime Integer - Elapsed time before the next MFA challenge.
- mfa
Prompt String - Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt:
"DEVICE"
,"SESSION"
or"ALWAYS"
. - mfa
Remember BooleanDevice - Remember MFA device. The default
false
. - mfa
Required Boolean - Require MFA. By default is
false
. - name String
- Policy Rule Name.
- network
Connection String - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network
Excludes List<String> - The network zones to exclude. Conflicts with
network_includes
. - network
Includes List<String> - The network zones to include. Conflicts with
network_excludes
. - policy
Id String - Policy ID.
- primary
Factor String - Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values:
"PASSWORD_IDP_ANY_FACTOR"
,"PASSWORD_IDP"
. - priority Integer
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- risc
Level String - Risc level:
"ANY"
,"LOW"
,"MEDIUM"
or"HIGH"
. Default is"ANY"
. It can be also set to an empty string in caseRISC_SCORING
org feature flag is disabled. - session
Idle Integer - Max minutes a session can be idle.,
- session
Lifetime Integer - Max minutes a session is active: Disable = 0.
- session
Persistent Boolean - Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.
- status String
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users
Excludeds List<String> - The list of user IDs that would be excluded when rules are processed.
- access string
- Allow or deny access based on the rule conditions:
"ALLOW"
,"DENY"
or"CHALLENGE"
. The default is"ALLOW"
. - authtype string
- Authentication entrypoint:
"ANY"
,"LDAP_INTERFACE"
or"RADIUS"
. - behaviors string[]
- List of behavior IDs.
- factor
Sequences RuleSignon Factor Sequence[] - Auth factor sequences. Should be set if
access = "CHALLENGE"
. - identity
Provider string Defines the identity provider for this rule. Valid values are
"ANY"
,"OKTA"
, and"SPECIFIC_IDP"
.WARNING: Use of
identity_provider
requires a feature flag to be enabled.- identity
Provider string[]Ids - When identity_provider is
"SPECIFIC_IDP"
then this is the list of IdP IDs to apply the rule on. - mfa
Lifetime number - Elapsed time before the next MFA challenge.
- mfa
Prompt string - Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt:
"DEVICE"
,"SESSION"
or"ALWAYS"
. - mfa
Remember booleanDevice - Remember MFA device. The default
false
. - mfa
Required boolean - Require MFA. By default is
false
. - name string
- Policy Rule Name.
- network
Connection string - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network
Excludes string[] - The network zones to exclude. Conflicts with
network_includes
. - network
Includes string[] - The network zones to include. Conflicts with
network_excludes
. - policy
Id string - Policy ID.
- primary
Factor string - Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values:
"PASSWORD_IDP_ANY_FACTOR"
,"PASSWORD_IDP"
. - priority number
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- risc
Level string - Risc level:
"ANY"
,"LOW"
,"MEDIUM"
or"HIGH"
. Default is"ANY"
. It can be also set to an empty string in caseRISC_SCORING
org feature flag is disabled. - session
Idle number - Max minutes a session can be idle.,
- session
Lifetime number - Max minutes a session is active: Disable = 0.
- session
Persistent boolean - Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.
- status string
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users
Excludeds string[] - The list of user IDs that would be excluded when rules are processed.
- access str
- Allow or deny access based on the rule conditions:
"ALLOW"
,"DENY"
or"CHALLENGE"
. The default is"ALLOW"
. - authtype str
- Authentication entrypoint:
"ANY"
,"LDAP_INTERFACE"
or"RADIUS"
. - behaviors Sequence[str]
- List of behavior IDs.
- factor_
sequences Sequence[RuleSignon Factor Sequence Args] - Auth factor sequences. Should be set if
access = "CHALLENGE"
. - identity_
provider str Defines the identity provider for this rule. Valid values are
"ANY"
,"OKTA"
, and"SPECIFIC_IDP"
.WARNING: Use of
identity_provider
requires a feature flag to be enabled.- identity_
provider_ Sequence[str]ids - When identity_provider is
"SPECIFIC_IDP"
then this is the list of IdP IDs to apply the rule on. - mfa_
lifetime int - Elapsed time before the next MFA challenge.
- mfa_
prompt str - Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt:
"DEVICE"
,"SESSION"
or"ALWAYS"
. - mfa_
remember_ booldevice - Remember MFA device. The default
false
. - mfa_
required bool - Require MFA. By default is
false
. - name str
- Policy Rule Name.
- network_
connection str - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network_
excludes Sequence[str] - The network zones to exclude. Conflicts with
network_includes
. - network_
includes Sequence[str] - The network zones to include. Conflicts with
network_excludes
. - policy_
id str - Policy ID.
- primary_
factor str - Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values:
"PASSWORD_IDP_ANY_FACTOR"
,"PASSWORD_IDP"
. - priority int
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- risc_
level str - Risc level:
"ANY"
,"LOW"
,"MEDIUM"
or"HIGH"
. Default is"ANY"
. It can be also set to an empty string in caseRISC_SCORING
org feature flag is disabled. - session_
idle int - Max minutes a session can be idle.,
- session_
lifetime int - Max minutes a session is active: Disable = 0.
- session_
persistent bool - Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.
- status str
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users_
excludeds Sequence[str] - The list of user IDs that would be excluded when rules are processed.
- access String
- Allow or deny access based on the rule conditions:
"ALLOW"
,"DENY"
or"CHALLENGE"
. The default is"ALLOW"
. - authtype String
- Authentication entrypoint:
"ANY"
,"LDAP_INTERFACE"
or"RADIUS"
. - behaviors List<String>
- List of behavior IDs.
- factor
Sequences List<Property Map> - Auth factor sequences. Should be set if
access = "CHALLENGE"
. - identity
Provider String Defines the identity provider for this rule. Valid values are
"ANY"
,"OKTA"
, and"SPECIFIC_IDP"
.WARNING: Use of
identity_provider
requires a feature flag to be enabled.- identity
Provider List<String>Ids - When identity_provider is
"SPECIFIC_IDP"
then this is the list of IdP IDs to apply the rule on. - mfa
Lifetime Number - Elapsed time before the next MFA challenge.
- mfa
Prompt String - Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt:
"DEVICE"
,"SESSION"
or"ALWAYS"
. - mfa
Remember BooleanDevice - Remember MFA device. The default
false
. - mfa
Required Boolean - Require MFA. By default is
false
. - name String
- Policy Rule Name.
- network
Connection String - Network selection mode:
"ANYWHERE"
,"ZONE"
,"ON_NETWORK"
, or"OFF_NETWORK"
. - network
Excludes List<String> - The network zones to exclude. Conflicts with
network_includes
. - network
Includes List<String> - The network zones to include. Conflicts with
network_excludes
. - policy
Id String - Policy ID.
- primary
Factor String - Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values:
"PASSWORD_IDP_ANY_FACTOR"
,"PASSWORD_IDP"
. - priority Number
- Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
- risc
Level String - Risc level:
"ANY"
,"LOW"
,"MEDIUM"
or"HIGH"
. Default is"ANY"
. It can be also set to an empty string in caseRISC_SCORING
org feature flag is disabled. - session
Idle Number - Max minutes a session can be idle.,
- session
Lifetime Number - Max minutes a session is active: Disable = 0.
- session
Persistent Boolean - Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.
- status String
- Policy Rule Status:
"ACTIVE"
or"INACTIVE"
. - users
Excludeds List<String> - The list of user IDs that would be excluded when rules are processed.
Supporting Types
RuleSignonFactorSequence, RuleSignonFactorSequenceArgs
- Primary
Criteria stringFactor Type - Primary factor type of the auth section.
- Primary
Criteria stringProvider - Primary provider of the auth section.
- Secondary
Criterias List<RuleSignon Factor Sequence Secondary Criteria> - Additional authentication steps.
- Primary
Criteria stringFactor Type - Primary factor type of the auth section.
- Primary
Criteria stringProvider - Primary provider of the auth section.
- Secondary
Criterias []RuleSignon Factor Sequence Secondary Criteria - Additional authentication steps.
- primary
Criteria StringFactor Type - Primary factor type of the auth section.
- primary
Criteria StringProvider - Primary provider of the auth section.
- secondary
Criterias List<RuleSignon Factor Sequence Secondary Criteria> - Additional authentication steps.
- primary
Criteria stringFactor Type - Primary factor type of the auth section.
- primary
Criteria stringProvider - Primary provider of the auth section.
- secondary
Criterias RuleSignon Factor Sequence Secondary Criteria[] - Additional authentication steps.
- primary_
criteria_ strfactor_ type - Primary factor type of the auth section.
- primary_
criteria_ strprovider - Primary provider of the auth section.
- secondary_
criterias Sequence[RuleSignon Factor Sequence Secondary Criteria] - Additional authentication steps.
- primary
Criteria StringFactor Type - Primary factor type of the auth section.
- primary
Criteria StringProvider - Primary provider of the auth section.
- secondary
Criterias List<Property Map> - Additional authentication steps.
RuleSignonFactorSequenceSecondaryCriteria, RuleSignonFactorSequenceSecondaryCriteriaArgs
- Factor
Type string - Factor type of the additional authentication step.
- Provider string
- Provider of the additional authentication step.
- Factor
Type string - Factor type of the additional authentication step.
- Provider string
- Provider of the additional authentication step.
- factor
Type String - Factor type of the additional authentication step.
- provider String
- Provider of the additional authentication step.
- factor
Type string - Factor type of the additional authentication step.
- provider string
- Provider of the additional authentication step.
- factor_
type str - Factor type of the additional authentication step.
- provider str
- Provider of the additional authentication step.
- factor
Type String - Factor type of the additional authentication step.
- provider String
- Provider of the additional authentication step.
Import
A Policy Rule can be imported via the Policy and Rule ID.
$ pulumi import okta:policy/ruleSignon:RuleSignon example <policy id>/<rule id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.