okta.PostAuthSessionPolicyRule

Okta v6.4.0, Mar 28 26

Viewing docs for Okta v6.4.0
published on Saturday, Mar 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

Viewing docs for Okta v6.4.0
published on Saturday, Mar 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

Example Usage

{{tffile “examples/resources/okta_post_auth_session_policy_rule/resource.tf”}}

Lifecycle

Create: Returns an error with the import command to use
Update: Updates the rule configuration in Okta
Delete: Removes the rule from Terraform state only (the rule remains in Okta)

Create PostAuthSessionPolicyRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new PostAuthSessionPolicyRule(name: string, args: PostAuthSessionPolicyRuleArgs, opts?: CustomResourceOptions);

@overload
def PostAuthSessionPolicyRule(resource_name: str,
                              args: PostAuthSessionPolicyRuleArgs,
                              opts: Optional[ResourceOptions] = None)

@overload
def PostAuthSessionPolicyRule(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              policy_id: Optional[str] = None,
                              groups_excludeds: Optional[Sequence[str]] = None,
                              groups_includeds: Optional[Sequence[str]] = None,
                              name: Optional[str] = None,
                              status: Optional[str] = None,
                              terminate_session: Optional[bool] = None,
                              users_excludeds: Optional[Sequence[str]] = None,
                              workflow_id: Optional[str] = None)

func NewPostAuthSessionPolicyRule(ctx *Context, name string, args PostAuthSessionPolicyRuleArgs, opts ...ResourceOption) (*PostAuthSessionPolicyRule, error)

public PostAuthSessionPolicyRule(string name, PostAuthSessionPolicyRuleArgs args, CustomResourceOptions? opts = null)

public PostAuthSessionPolicyRule(String name, PostAuthSessionPolicyRuleArgs args)
public PostAuthSessionPolicyRule(String name, PostAuthSessionPolicyRuleArgs args, CustomResourceOptions options)

type: okta:PostAuthSessionPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PostAuthSessionPolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PostAuthSessionPolicyRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PostAuthSessionPolicyRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PostAuthSessionPolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PostAuthSessionPolicyRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var postAuthSessionPolicyRuleResource = new Okta.Index.PostAuthSessionPolicyRule("postAuthSessionPolicyRuleResource", new()
{
    PolicyId = "string",
    GroupsExcludeds = new[]
    {
        "string",
    },
    GroupsIncludeds = new[]
    {
        "string",
    },
    Name = "string",
    Status = "string",
    TerminateSession = false,
    UsersExcludeds = new[]
    {
        "string",
    },
    WorkflowId = "string",
});

example, err := okta.NewPostAuthSessionPolicyRule(ctx, "postAuthSessionPolicyRuleResource", &okta.PostAuthSessionPolicyRuleArgs{
	PolicyId: pulumi.String("string"),
	GroupsExcludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
	GroupsIncludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
	Name:             pulumi.String("string"),
	Status:           pulumi.String("string"),
	TerminateSession: pulumi.Bool(false),
	UsersExcludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
	WorkflowId: pulumi.String("string"),
})

var postAuthSessionPolicyRuleResource = new PostAuthSessionPolicyRule("postAuthSessionPolicyRuleResource", PostAuthSessionPolicyRuleArgs.builder()
    .policyId("string")
    .groupsExcludeds("string")
    .groupsIncludeds("string")
    .name("string")
    .status("string")
    .terminateSession(false)
    .usersExcludeds("string")
    .workflowId("string")
    .build());

post_auth_session_policy_rule_resource = okta.PostAuthSessionPolicyRule("postAuthSessionPolicyRuleResource",
    policy_id="string",
    groups_excludeds=["string"],
    groups_includeds=["string"],
    name="string",
    status="string",
    terminate_session=False,
    users_excludeds=["string"],
    workflow_id="string")

const postAuthSessionPolicyRuleResource = new okta.PostAuthSessionPolicyRule("postAuthSessionPolicyRuleResource", {
    policyId: "string",
    groupsExcludeds: ["string"],
    groupsIncludeds: ["string"],
    name: "string",
    status: "string",
    terminateSession: false,
    usersExcludeds: ["string"],
    workflowId: "string",
});

type: okta:PostAuthSessionPolicyRule
properties:
    groupsExcludeds:
        - string
    groupsIncludeds:
        - string
    name: string
    policyId: string
    status: string
    terminateSession: false
    usersExcludeds:
        - string
    workflowId: string

PostAuthSessionPolicyRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The PostAuthSessionPolicyRule resource accepts the following input properties:

PolicyId string: ID of the Post Auth Session Policy. Use the okta.getPostAuthSessionPolicy data source to get this ID.
GroupsExcludeds List<string>: List of group IDs to exclude from this rule.
GroupsIncludeds List<string>: List of group IDs to include in this rule.
Name string: Name of the policy rule.
Status string: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.
TerminateSession bool: When true, terminates the user's session when a policy failure is detected. Default is false.
UsersExcludeds List<string>: List of user IDs to exclude from this rule.
WorkflowId string: ID of the Okta Workflow to run when a policy failure is detected.

PolicyId string: ID of the Post Auth Session Policy. Use the okta.getPostAuthSessionPolicy data source to get this ID.
GroupsExcludeds []string: List of group IDs to exclude from this rule.
GroupsIncludeds []string: List of group IDs to include in this rule.
Name string: Name of the policy rule.
Status string: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.
TerminateSession bool: When true, terminates the user's session when a policy failure is detected. Default is false.
UsersExcludeds []string: List of user IDs to exclude from this rule.
WorkflowId string: ID of the Okta Workflow to run when a policy failure is detected.

policyId String: ID of the Post Auth Session Policy. Use the okta.getPostAuthSessionPolicy data source to get this ID.
groupsExcludeds List<String>: List of group IDs to exclude from this rule.
groupsIncludeds List<String>: List of group IDs to include in this rule.
name String: Name of the policy rule.
status String: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.
terminateSession Boolean: When true, terminates the user's session when a policy failure is detected. Default is false.
usersExcludeds List<String>: List of user IDs to exclude from this rule.
workflowId String: ID of the Okta Workflow to run when a policy failure is detected.

policyId string: ID of the Post Auth Session Policy. Use the okta.getPostAuthSessionPolicy data source to get this ID.
groupsExcludeds string[]: List of group IDs to exclude from this rule.
groupsIncludeds string[]: List of group IDs to include in this rule.
name string: Name of the policy rule.
status string: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.
terminateSession boolean: When true, terminates the user's session when a policy failure is detected. Default is false.
usersExcludeds string[]: List of user IDs to exclude from this rule.
workflowId string: ID of the Okta Workflow to run when a policy failure is detected.

policy_id str: ID of the Post Auth Session Policy. Use the okta.getPostAuthSessionPolicy data source to get this ID.
groups_excludeds Sequence[str]: List of group IDs to exclude from this rule.
groups_includeds Sequence[str]: List of group IDs to include in this rule.
name str: Name of the policy rule.
status str: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.
terminate_session bool: When true, terminates the user's session when a policy failure is detected. Default is false.
users_excludeds Sequence[str]: List of user IDs to exclude from this rule.
workflow_id str: ID of the Okta Workflow to run when a policy failure is detected.

policyId String: ID of the Post Auth Session Policy. Use the okta.getPostAuthSessionPolicy data source to get this ID.
groupsExcludeds List<String>: List of group IDs to exclude from this rule.
groupsIncludeds List<String>: List of group IDs to include in this rule.
name String: Name of the policy rule.
status String: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.
terminateSession Boolean: When true, terminates the user's session when a policy failure is detected. Default is false.
usersExcludeds List<String>: List of user IDs to exclude from this rule.
workflowId String: ID of the Okta Workflow to run when a policy failure is detected.

Outputs

All input properties are implicitly available as output properties. Additionally, the PostAuthSessionPolicyRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing PostAuthSessionPolicyRule Resource

Get an existing PostAuthSessionPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PostAuthSessionPolicyRuleState, opts?: CustomResourceOptions): PostAuthSessionPolicyRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        groups_excludeds: Optional[Sequence[str]] = None,
        groups_includeds: Optional[Sequence[str]] = None,
        name: Optional[str] = None,
        policy_id: Optional[str] = None,
        status: Optional[str] = None,
        terminate_session: Optional[bool] = None,
        users_excludeds: Optional[Sequence[str]] = None,
        workflow_id: Optional[str] = None) -> PostAuthSessionPolicyRule

func GetPostAuthSessionPolicyRule(ctx *Context, name string, id IDInput, state *PostAuthSessionPolicyRuleState, opts ...ResourceOption) (*PostAuthSessionPolicyRule, error)

public static PostAuthSessionPolicyRule Get(string name, Input<string> id, PostAuthSessionPolicyRuleState? state, CustomResourceOptions? opts = null)

public static PostAuthSessionPolicyRule get(String name, Output<String> id, PostAuthSessionPolicyRuleState state, CustomResourceOptions options)

resources:  _:    type: okta:PostAuthSessionPolicyRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

GroupsExcludeds List<string>: List of group IDs to exclude from this rule.
GroupsIncludeds List<string>: List of group IDs to include in this rule.
Name string: Name of the policy rule.
PolicyId string: ID of the Post Auth Session Policy. Use the okta.getPostAuthSessionPolicy data source to get this ID.
Status string: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.
TerminateSession bool: When true, terminates the user's session when a policy failure is detected. Default is false.
UsersExcludeds List<string>: List of user IDs to exclude from this rule.
WorkflowId string: ID of the Okta Workflow to run when a policy failure is detected.

GroupsExcludeds []string: List of group IDs to exclude from this rule.
GroupsIncludeds []string: List of group IDs to include in this rule.
Name string: Name of the policy rule.
PolicyId string: ID of the Post Auth Session Policy. Use the okta.getPostAuthSessionPolicy data source to get this ID.
Status string: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.
TerminateSession bool: When true, terminates the user's session when a policy failure is detected. Default is false.
UsersExcludeds []string: List of user IDs to exclude from this rule.
WorkflowId string: ID of the Okta Workflow to run when a policy failure is detected.

groupsExcludeds List<String>: List of group IDs to exclude from this rule.
groupsIncludeds List<String>: List of group IDs to include in this rule.
name String: Name of the policy rule.
policyId String: ID of the Post Auth Session Policy. Use the okta.getPostAuthSessionPolicy data source to get this ID.
status String: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.
terminateSession Boolean: When true, terminates the user's session when a policy failure is detected. Default is false.
usersExcludeds List<String>: List of user IDs to exclude from this rule.
workflowId String: ID of the Okta Workflow to run when a policy failure is detected.

groupsExcludeds string[]: List of group IDs to exclude from this rule.
groupsIncludeds string[]: List of group IDs to include in this rule.
name string: Name of the policy rule.
policyId string: ID of the Post Auth Session Policy. Use the okta.getPostAuthSessionPolicy data source to get this ID.
status string: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.
terminateSession boolean: When true, terminates the user's session when a policy failure is detected. Default is false.
usersExcludeds string[]: List of user IDs to exclude from this rule.
workflowId string: ID of the Okta Workflow to run when a policy failure is detected.

groups_excludeds Sequence[str]: List of group IDs to exclude from this rule.
groups_includeds Sequence[str]: List of group IDs to include in this rule.
name str: Name of the policy rule.
policy_id str: ID of the Post Auth Session Policy. Use the okta.getPostAuthSessionPolicy data source to get this ID.
status str: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.
terminate_session bool: When true, terminates the user's session when a policy failure is detected. Default is false.
users_excludeds Sequence[str]: List of user IDs to exclude from this rule.
workflow_id str: ID of the Okta Workflow to run when a policy failure is detected.

groupsExcludeds List<String>: List of group IDs to exclude from this rule.
groupsIncludeds List<String>: List of group IDs to include in this rule.
name String: Name of the policy rule.
policyId String: ID of the Post Auth Session Policy. Use the okta.getPostAuthSessionPolicy data source to get this ID.
status String: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.
terminateSession Boolean: When true, terminates the user's session when a policy failure is detected. Default is false.
usersExcludeds List<String>: List of user IDs to exclude from this rule.
workflowId String: ID of the Okta Workflow to run when a policy failure is detected.

Import

Before using this resource, you must import the existing rule:

{{codefile “shell” “examples/resources/okta_post_auth_session_policy_rule/import.sh”}}

When you run pulumi up without importing first, the error message will include the exact import command with the correct policy and rule IDs.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Okta pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

Viewing docs for Okta v6.4.0
published on Saturday, Mar 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

okta.PostAuthSessionPolicyRule

On this page

On this page

Example Usage

Lifecycle

Create PostAuthSessionPolicyRule Resource

Constructor syntax

Parameters

Constructor example

PostAuthSessionPolicyRule Resource Properties

Inputs

Outputs

Look up Existing PostAuthSessionPolicyRule Resource

Import

Package Details

On this page

On this page