okta.SessionViolationPolicyRule

Okta v6.6.0, Apr 29 26

Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = okta.getSessionViolationPolicy({});
const exampleSessionViolationPolicyRule = new okta.SessionViolationPolicyRule("example", {
    policyId: example.then(example => example.id),
    name: "Session Violation Rule",
    minRiskLevel: "HIGH",
    policyEvaluationEnabled: true,
});

import pulumi
import pulumi_okta as okta

example = okta.get_session_violation_policy()
example_session_violation_policy_rule = okta.SessionViolationPolicyRule("example",
    policy_id=example.id,
    name="Session Violation Rule",
    min_risk_level="HIGH",
    policy_evaluation_enabled=True)

package main

import (
	"github.com/pulumi/pulumi-okta/sdk/v6/go/okta"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := okta.GetSessionViolationPolicy(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		_, err = okta.NewSessionViolationPolicyRule(ctx, "example", &okta.SessionViolationPolicyRuleArgs{
			PolicyId:                pulumi.String(pulumi.String(example.Id)),
			Name:                    pulumi.String("Session Violation Rule"),
			MinRiskLevel:            pulumi.String("HIGH"),
			PolicyEvaluationEnabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;

return await Deployment.RunAsync(() => 
{
    var example = Okta.Index.GetSessionViolationPolicy.Invoke();

    var exampleSessionViolationPolicyRule = new Okta.Index.SessionViolationPolicyRule("example", new()
    {
        PolicyId = example.Apply(getSessionViolationPolicyResult => getSessionViolationPolicyResult.Id),
        Name = "Session Violation Rule",
        MinRiskLevel = "HIGH",
        PolicyEvaluationEnabled = true,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.OktaFunctions;
import com.pulumi.okta.SessionViolationPolicyRule;
import com.pulumi.okta.SessionViolationPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = OktaFunctions.getSessionViolationPolicy(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);

        var exampleSessionViolationPolicyRule = new SessionViolationPolicyRule("exampleSessionViolationPolicyRule", SessionViolationPolicyRuleArgs.builder()
            .policyId(example.id())
            .name("Session Violation Rule")
            .minRiskLevel("HIGH")
            .policyEvaluationEnabled(true)
            .build());

    }
}

resources:
  exampleSessionViolationPolicyRule:
    type: okta:SessionViolationPolicyRule
    name: example
    properties:
      policyId: ${example.id}
      name: Session Violation Rule
      minRiskLevel: HIGH
      policyEvaluationEnabled: true
variables:
  example:
    fn::invoke:
      function: okta:getSessionViolationPolicy
      arguments: {}

Lifecycle

Create: Returns an error with the import command to use
Update: Updates the rule configuration in Okta
Delete: Removes the rule from Terraform state only (the rule remains in Okta)

Create SessionViolationPolicyRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SessionViolationPolicyRule(name: string, args: SessionViolationPolicyRuleArgs, opts?: CustomResourceOptions);

@overload
def SessionViolationPolicyRule(resource_name: str,
                               args: SessionViolationPolicyRuleArgs,
                               opts: Optional[ResourceOptions] = None)

@overload
def SessionViolationPolicyRule(resource_name: str,
                               opts: Optional[ResourceOptions] = None,
                               min_risk_level: Optional[str] = None,
                               policy_id: Optional[str] = None,
                               name: Optional[str] = None,
                               network_connection: Optional[str] = None,
                               network_excludes: Optional[Sequence[str]] = None,
                               network_includes: Optional[Sequence[str]] = None,
                               policy_evaluation_enabled: Optional[bool] = None,
                               priority: Optional[int] = None,
                               status: Optional[str] = None)

func NewSessionViolationPolicyRule(ctx *Context, name string, args SessionViolationPolicyRuleArgs, opts ...ResourceOption) (*SessionViolationPolicyRule, error)

public SessionViolationPolicyRule(string name, SessionViolationPolicyRuleArgs args, CustomResourceOptions? opts = null)

public SessionViolationPolicyRule(String name, SessionViolationPolicyRuleArgs args)
public SessionViolationPolicyRule(String name, SessionViolationPolicyRuleArgs args, CustomResourceOptions options)

type: okta:SessionViolationPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SessionViolationPolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SessionViolationPolicyRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SessionViolationPolicyRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SessionViolationPolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SessionViolationPolicyRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

SessionViolationPolicyRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SessionViolationPolicyRule resource accepts the following input properties:

MinRiskLevel string: The minimum risk level that triggers the rule. Valid values: LOW, MEDIUM, HIGH.
PolicyId string: ID of the Session Violation Detection Policy. Use the okta.getSessionViolationPolicy data source to get this ID.
Name string: Name of the policy rule.
NetworkConnection string: Network selection mode. Valid values: ANYWHERE, ZONE, ON_NETWORK, OFF_NETWORK.
NetworkExcludes List<string>: List of network zone IDs to exclude. Required when networkConnection is set to ZONE.
NetworkIncludes List<string>: List of network zone IDs to include. Required when networkConnection is set to ZONE.
PolicyEvaluationEnabled bool: When true, the sign-on policies of the session are evaluated when a session violation is detected. Default is true.
Priority int: Priority of the rule. Rules are evaluated in priority order.
Status string: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.

MinRiskLevel string: The minimum risk level that triggers the rule. Valid values: LOW, MEDIUM, HIGH.
PolicyId string: ID of the Session Violation Detection Policy. Use the okta.getSessionViolationPolicy data source to get this ID.
Name string: Name of the policy rule.
NetworkConnection string: Network selection mode. Valid values: ANYWHERE, ZONE, ON_NETWORK, OFF_NETWORK.
NetworkExcludes []string: List of network zone IDs to exclude. Required when networkConnection is set to ZONE.
NetworkIncludes []string: List of network zone IDs to include. Required when networkConnection is set to ZONE.
PolicyEvaluationEnabled bool: When true, the sign-on policies of the session are evaluated when a session violation is detected. Default is true.
Priority int: Priority of the rule. Rules are evaluated in priority order.
Status string: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.

minRiskLevel String: The minimum risk level that triggers the rule. Valid values: LOW, MEDIUM, HIGH.
policyId String: ID of the Session Violation Detection Policy. Use the okta.getSessionViolationPolicy data source to get this ID.
name String: Name of the policy rule.
networkConnection String: Network selection mode. Valid values: ANYWHERE, ZONE, ON_NETWORK, OFF_NETWORK.
networkExcludes List<String>: List of network zone IDs to exclude. Required when networkConnection is set to ZONE.
networkIncludes List<String>: List of network zone IDs to include. Required when networkConnection is set to ZONE.
policyEvaluationEnabled Boolean: When true, the sign-on policies of the session are evaluated when a session violation is detected. Default is true.
priority Integer: Priority of the rule. Rules are evaluated in priority order.
status String: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.

minRiskLevel string: The minimum risk level that triggers the rule. Valid values: LOW, MEDIUM, HIGH.
policyId string: ID of the Session Violation Detection Policy. Use the okta.getSessionViolationPolicy data source to get this ID.
name string: Name of the policy rule.
networkConnection string: Network selection mode. Valid values: ANYWHERE, ZONE, ON_NETWORK, OFF_NETWORK.
networkExcludes string[]: List of network zone IDs to exclude. Required when networkConnection is set to ZONE.
networkIncludes string[]: List of network zone IDs to include. Required when networkConnection is set to ZONE.
policyEvaluationEnabled boolean: When true, the sign-on policies of the session are evaluated when a session violation is detected. Default is true.
priority number: Priority of the rule. Rules are evaluated in priority order.
status string: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.

min_risk_level str: The minimum risk level that triggers the rule. Valid values: LOW, MEDIUM, HIGH.
policy_id str: ID of the Session Violation Detection Policy. Use the okta.getSessionViolationPolicy data source to get this ID.
name str: Name of the policy rule.
network_connection str: Network selection mode. Valid values: ANYWHERE, ZONE, ON_NETWORK, OFF_NETWORK.
network_excludes Sequence[str]: List of network zone IDs to exclude. Required when networkConnection is set to ZONE.
network_includes Sequence[str]: List of network zone IDs to include. Required when networkConnection is set to ZONE.
policy_evaluation_enabled bool: When true, the sign-on policies of the session are evaluated when a session violation is detected. Default is true.
priority int: Priority of the rule. Rules are evaluated in priority order.
status str: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.

minRiskLevel String: The minimum risk level that triggers the rule. Valid values: LOW, MEDIUM, HIGH.
policyId String: ID of the Session Violation Detection Policy. Use the okta.getSessionViolationPolicy data source to get this ID.
name String: Name of the policy rule.
networkConnection String: Network selection mode. Valid values: ANYWHERE, ZONE, ON_NETWORK, OFF_NETWORK.
networkExcludes List<String>: List of network zone IDs to exclude. Required when networkConnection is set to ZONE.
networkIncludes List<String>: List of network zone IDs to include. Required when networkConnection is set to ZONE.
policyEvaluationEnabled Boolean: When true, the sign-on policies of the session are evaluated when a session violation is detected. Default is true.
priority Number: Priority of the rule. Rules are evaluated in priority order.
status String: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.

Outputs

All input properties are implicitly available as output properties. Additionally, the SessionViolationPolicyRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SessionViolationPolicyRule Resource

Get an existing SessionViolationPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SessionViolationPolicyRuleState, opts?: CustomResourceOptions): SessionViolationPolicyRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        min_risk_level: Optional[str] = None,
        name: Optional[str] = None,
        network_connection: Optional[str] = None,
        network_excludes: Optional[Sequence[str]] = None,
        network_includes: Optional[Sequence[str]] = None,
        policy_evaluation_enabled: Optional[bool] = None,
        policy_id: Optional[str] = None,
        priority: Optional[int] = None,
        status: Optional[str] = None) -> SessionViolationPolicyRule

func GetSessionViolationPolicyRule(ctx *Context, name string, id IDInput, state *SessionViolationPolicyRuleState, opts ...ResourceOption) (*SessionViolationPolicyRule, error)

public static SessionViolationPolicyRule Get(string name, Input<string> id, SessionViolationPolicyRuleState? state, CustomResourceOptions? opts = null)

public static SessionViolationPolicyRule get(String name, Output<String> id, SessionViolationPolicyRuleState state, CustomResourceOptions options)

resources:  _:    type: okta:SessionViolationPolicyRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

MinRiskLevel string: The minimum risk level that triggers the rule. Valid values: LOW, MEDIUM, HIGH.
Name string: Name of the policy rule.
NetworkConnection string: Network selection mode. Valid values: ANYWHERE, ZONE, ON_NETWORK, OFF_NETWORK.
NetworkExcludes List<string>: List of network zone IDs to exclude. Required when networkConnection is set to ZONE.
NetworkIncludes List<string>: List of network zone IDs to include. Required when networkConnection is set to ZONE.
PolicyEvaluationEnabled bool: When true, the sign-on policies of the session are evaluated when a session violation is detected. Default is true.
PolicyId string: ID of the Session Violation Detection Policy. Use the okta.getSessionViolationPolicy data source to get this ID.
Priority int: Priority of the rule. Rules are evaluated in priority order.
Status string: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.

MinRiskLevel string: The minimum risk level that triggers the rule. Valid values: LOW, MEDIUM, HIGH.
Name string: Name of the policy rule.
NetworkConnection string: Network selection mode. Valid values: ANYWHERE, ZONE, ON_NETWORK, OFF_NETWORK.
NetworkExcludes []string: List of network zone IDs to exclude. Required when networkConnection is set to ZONE.
NetworkIncludes []string: List of network zone IDs to include. Required when networkConnection is set to ZONE.
PolicyEvaluationEnabled bool: When true, the sign-on policies of the session are evaluated when a session violation is detected. Default is true.
PolicyId string: ID of the Session Violation Detection Policy. Use the okta.getSessionViolationPolicy data source to get this ID.
Priority int: Priority of the rule. Rules are evaluated in priority order.
Status string: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.

minRiskLevel String: The minimum risk level that triggers the rule. Valid values: LOW, MEDIUM, HIGH.
name String: Name of the policy rule.
networkConnection String: Network selection mode. Valid values: ANYWHERE, ZONE, ON_NETWORK, OFF_NETWORK.
networkExcludes List<String>: List of network zone IDs to exclude. Required when networkConnection is set to ZONE.
networkIncludes List<String>: List of network zone IDs to include. Required when networkConnection is set to ZONE.
policyEvaluationEnabled Boolean: When true, the sign-on policies of the session are evaluated when a session violation is detected. Default is true.
policyId String: ID of the Session Violation Detection Policy. Use the okta.getSessionViolationPolicy data source to get this ID.
priority Integer: Priority of the rule. Rules are evaluated in priority order.
status String: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.

minRiskLevel string: The minimum risk level that triggers the rule. Valid values: LOW, MEDIUM, HIGH.
name string: Name of the policy rule.
networkConnection string: Network selection mode. Valid values: ANYWHERE, ZONE, ON_NETWORK, OFF_NETWORK.
networkExcludes string[]: List of network zone IDs to exclude. Required when networkConnection is set to ZONE.
networkIncludes string[]: List of network zone IDs to include. Required when networkConnection is set to ZONE.
policyEvaluationEnabled boolean: When true, the sign-on policies of the session are evaluated when a session violation is detected. Default is true.
policyId string: ID of the Session Violation Detection Policy. Use the okta.getSessionViolationPolicy data source to get this ID.
priority number: Priority of the rule. Rules are evaluated in priority order.
status string: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.

min_risk_level str: The minimum risk level that triggers the rule. Valid values: LOW, MEDIUM, HIGH.
name str: Name of the policy rule.
network_connection str: Network selection mode. Valid values: ANYWHERE, ZONE, ON_NETWORK, OFF_NETWORK.
network_excludes Sequence[str]: List of network zone IDs to exclude. Required when networkConnection is set to ZONE.
network_includes Sequence[str]: List of network zone IDs to include. Required when networkConnection is set to ZONE.
policy_evaluation_enabled bool: When true, the sign-on policies of the session are evaluated when a session violation is detected. Default is true.
policy_id str: ID of the Session Violation Detection Policy. Use the okta.getSessionViolationPolicy data source to get this ID.
priority int: Priority of the rule. Rules are evaluated in priority order.
status str: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.

minRiskLevel String: The minimum risk level that triggers the rule. Valid values: LOW, MEDIUM, HIGH.
name String: Name of the policy rule.
networkConnection String: Network selection mode. Valid values: ANYWHERE, ZONE, ON_NETWORK, OFF_NETWORK.
networkExcludes List<String>: List of network zone IDs to exclude. Required when networkConnection is set to ZONE.
networkIncludes List<String>: List of network zone IDs to include. Required when networkConnection is set to ZONE.
policyEvaluationEnabled Boolean: When true, the sign-on policies of the session are evaluated when a session violation is detected. Default is true.
policyId String: ID of the Session Violation Detection Policy. Use the okta.getSessionViolationPolicy data source to get this ID.
priority Number: Priority of the rule. Rules are evaluated in priority order.
status String: Status of the rule: ACTIVE or INACTIVE. Default is ACTIVE.

Import

Before using this resource, you must import the existing rule:

{{codefile “shell” “examples/resources/okta_session_violation_policy_rule/import.sh”}}

Use the okta.getSessionViolationPolicy data source to retrieve the policyId and ruleId needed for the import command.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Okta pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

Viewing docs for Okta v6.6.0
published on Wednesday, Apr 29, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

okta.SessionViolationPolicyRule

On this page

On this page

Example Usage

Lifecycle

Create SessionViolationPolicyRule Resource

Constructor syntax

Parameters

SessionViolationPolicyRule Resource Properties

Inputs

Outputs

Look up Existing SessionViolationPolicyRule Resource

Import

Package Details

On this page

On this page