Okta v4.11.0, Sep 17 24

Okta v4.11.0 published on Tuesday, Sep 17, 2024 by Pulumi

okta.AppSignonPolicyRule

Explore with Pulumi AI

Okta v4.11.0 published on Tuesday, Sep 17, 2024 by Pulumi

WARNING: This feature is only available as a part of the Identity Engine. Contact support for further information. This resource allows you to create and configure a sign-on policy rule for the application. A default or ‘Catch-all Rule’ sign-on policy rule can be imported and managed as a custom rule. The only difference is that these fields are immutable and can not be managed: ’network_connection’, ’network_excludes’, ’network_includes’, ‘platform_include’, ‘custom_expression’, ‘device_is_registered’, ‘device_is_managed’, ‘users_excluded’, ‘users_included’, ‘groups_excluded’, ‘groups_included’, ‘user_types_excluded’ and ‘user_types_included’.

Create AppSignonPolicyRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AppSignonPolicyRule(name: string, args: AppSignonPolicyRuleArgs, opts?: CustomResourceOptions);

@overload
def AppSignonPolicyRule(resource_name: str,
                        args: AppSignonPolicyRuleArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def AppSignonPolicyRule(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        policy_id: Optional[str] = None,
                        network_excludes: Optional[Sequence[str]] = None,
                        user_types_includeds: Optional[Sequence[str]] = None,
                        device_assurances_includeds: Optional[Sequence[str]] = None,
                        device_is_managed: Optional[bool] = None,
                        device_is_registered: Optional[bool] = None,
                        factor_mode: Optional[str] = None,
                        groups_excludeds: Optional[Sequence[str]] = None,
                        groups_includeds: Optional[Sequence[str]] = None,
                        inactivity_period: Optional[str] = None,
                        name: Optional[str] = None,
                        users_includeds: Optional[Sequence[str]] = None,
                        custom_expression: Optional[str] = None,
                        constraints: Optional[Sequence[str]] = None,
                        platform_includes: Optional[Sequence[AppSignonPolicyRulePlatformIncludeArgs]] = None,
                        network_includes: Optional[Sequence[str]] = None,
                        priority: Optional[int] = None,
                        re_authentication_frequency: Optional[str] = None,
                        risk_score: Optional[str] = None,
                        status: Optional[str] = None,
                        type: Optional[str] = None,
                        user_types_excludeds: Optional[Sequence[str]] = None,
                        access: Optional[str] = None,
                        users_excludeds: Optional[Sequence[str]] = None,
                        network_connection: Optional[str] = None)

func NewAppSignonPolicyRule(ctx *Context, name string, args AppSignonPolicyRuleArgs, opts ...ResourceOption) (*AppSignonPolicyRule, error)

public AppSignonPolicyRule(string name, AppSignonPolicyRuleArgs args, CustomResourceOptions? opts = null)

public AppSignonPolicyRule(String name, AppSignonPolicyRuleArgs args)
public AppSignonPolicyRule(String name, AppSignonPolicyRuleArgs args, CustomResourceOptions options)

type: okta:AppSignonPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AppSignonPolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AppSignonPolicyRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AppSignonPolicyRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AppSignonPolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AppSignonPolicyRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var appSignonPolicyRuleResource = new Okta.AppSignonPolicyRule("appSignonPolicyRuleResource", new()
{
    PolicyId = "string",
    NetworkExcludes = new[]
    {
        "string",
    },
    UserTypesIncludeds = new[]
    {
        "string",
    },
    DeviceAssurancesIncludeds = new[]
    {
        "string",
    },
    DeviceIsManaged = false,
    DeviceIsRegistered = false,
    FactorMode = "string",
    GroupsExcludeds = new[]
    {
        "string",
    },
    GroupsIncludeds = new[]
    {
        "string",
    },
    InactivityPeriod = "string",
    Name = "string",
    UsersIncludeds = new[]
    {
        "string",
    },
    CustomExpression = "string",
    Constraints = new[]
    {
        "string",
    },
    PlatformIncludes = new[]
    {
        new Okta.Inputs.AppSignonPolicyRulePlatformIncludeArgs
        {
            OsExpression = "string",
            OsType = "string",
            Type = "string",
        },
    },
    NetworkIncludes = new[]
    {
        "string",
    },
    Priority = 0,
    ReAuthenticationFrequency = "string",
    RiskScore = "string",
    Status = "string",
    Type = "string",
    UserTypesExcludeds = new[]
    {
        "string",
    },
    Access = "string",
    UsersExcludeds = new[]
    {
        "string",
    },
    NetworkConnection = "string",
});

example, err := okta.NewAppSignonPolicyRule(ctx, "appSignonPolicyRuleResource", &okta.AppSignonPolicyRuleArgs{
	PolicyId: pulumi.String("string"),
	NetworkExcludes: pulumi.StringArray{
		pulumi.String("string"),
	},
	UserTypesIncludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
	DeviceAssurancesIncludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
	DeviceIsManaged:    pulumi.Bool(false),
	DeviceIsRegistered: pulumi.Bool(false),
	FactorMode:         pulumi.String("string"),
	GroupsExcludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
	GroupsIncludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
	InactivityPeriod: pulumi.String("string"),
	Name:             pulumi.String("string"),
	UsersIncludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
	CustomExpression: pulumi.String("string"),
	Constraints: pulumi.StringArray{
		pulumi.String("string"),
	},
	PlatformIncludes: okta.AppSignonPolicyRulePlatformIncludeArray{
		&okta.AppSignonPolicyRulePlatformIncludeArgs{
			OsExpression: pulumi.String("string"),
			OsType:       pulumi.String("string"),
			Type:         pulumi.String("string"),
		},
	},
	NetworkIncludes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Priority:                  pulumi.Int(0),
	ReAuthenticationFrequency: pulumi.String("string"),
	RiskScore:                 pulumi.String("string"),
	Status:                    pulumi.String("string"),
	Type:                      pulumi.String("string"),
	UserTypesExcludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
	Access: pulumi.String("string"),
	UsersExcludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
	NetworkConnection: pulumi.String("string"),
})

var appSignonPolicyRuleResource = new AppSignonPolicyRule("appSignonPolicyRuleResource", AppSignonPolicyRuleArgs.builder()
    .policyId("string")
    .networkExcludes("string")
    .userTypesIncludeds("string")
    .deviceAssurancesIncludeds("string")
    .deviceIsManaged(false)
    .deviceIsRegistered(false)
    .factorMode("string")
    .groupsExcludeds("string")
    .groupsIncludeds("string")
    .inactivityPeriod("string")
    .name("string")
    .usersIncludeds("string")
    .customExpression("string")
    .constraints("string")
    .platformIncludes(AppSignonPolicyRulePlatformIncludeArgs.builder()
        .osExpression("string")
        .osType("string")
        .type("string")
        .build())
    .networkIncludes("string")
    .priority(0)
    .reAuthenticationFrequency("string")
    .riskScore("string")
    .status("string")
    .type("string")
    .userTypesExcludeds("string")
    .access("string")
    .usersExcludeds("string")
    .networkConnection("string")
    .build());

app_signon_policy_rule_resource = okta.AppSignonPolicyRule("appSignonPolicyRuleResource",
    policy_id="string",
    network_excludes=["string"],
    user_types_includeds=["string"],
    device_assurances_includeds=["string"],
    device_is_managed=False,
    device_is_registered=False,
    factor_mode="string",
    groups_excludeds=["string"],
    groups_includeds=["string"],
    inactivity_period="string",
    name="string",
    users_includeds=["string"],
    custom_expression="string",
    constraints=["string"],
    platform_includes=[okta.AppSignonPolicyRulePlatformIncludeArgs(
        os_expression="string",
        os_type="string",
        type="string",
    )],
    network_includes=["string"],
    priority=0,
    re_authentication_frequency="string",
    risk_score="string",
    status="string",
    type="string",
    user_types_excludeds=["string"],
    access="string",
    users_excludeds=["string"],
    network_connection="string")

const appSignonPolicyRuleResource = new okta.AppSignonPolicyRule("appSignonPolicyRuleResource", {
    policyId: "string",
    networkExcludes: ["string"],
    userTypesIncludeds: ["string"],
    deviceAssurancesIncludeds: ["string"],
    deviceIsManaged: false,
    deviceIsRegistered: false,
    factorMode: "string",
    groupsExcludeds: ["string"],
    groupsIncludeds: ["string"],
    inactivityPeriod: "string",
    name: "string",
    usersIncludeds: ["string"],
    customExpression: "string",
    constraints: ["string"],
    platformIncludes: [{
        osExpression: "string",
        osType: "string",
        type: "string",
    }],
    networkIncludes: ["string"],
    priority: 0,
    reAuthenticationFrequency: "string",
    riskScore: "string",
    status: "string",
    type: "string",
    userTypesExcludeds: ["string"],
    access: "string",
    usersExcludeds: ["string"],
    networkConnection: "string",
});

type: okta:AppSignonPolicyRule
properties:
    access: string
    constraints:
        - string
    customExpression: string
    deviceAssurancesIncludeds:
        - string
    deviceIsManaged: false
    deviceIsRegistered: false
    factorMode: string
    groupsExcludeds:
        - string
    groupsIncludeds:
        - string
    inactivityPeriod: string
    name: string
    networkConnection: string
    networkExcludes:
        - string
    networkIncludes:
        - string
    platformIncludes:
        - osExpression: string
          osType: string
          type: string
    policyId: string
    priority: 0
    reAuthenticationFrequency: string
    riskScore: string
    status: string
    type: string
    userTypesExcludeds:
        - string
    userTypesIncludeds:
        - string
    usersExcludeds:
        - string
    usersIncludeds:
        - string

AppSignonPolicyRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AppSignonPolicyRule resource accepts the following input properties:

PolicyId string: ID of the policy
Access string: Allow or deny access based on the rule conditions: ALLOW or DENY
Constraints List<string>: An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
CustomExpression string: This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
DeviceAssurancesIncludeds List<string>: List of device assurance IDs to include
DeviceIsManaged bool: If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
DeviceIsRegistered bool: If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
FactorMode string: The number of factors required to satisfy this assurance level
GroupsExcludeds List<string>: List of group IDs to exclude
GroupsIncludeds List<string>: List of group IDs to include
InactivityPeriod string: The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
Name string: Policy Rule Name
NetworkConnection string: Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
NetworkExcludes List<string>: The zones to exclude
NetworkIncludes List<string>: The zones to include
PlatformIncludes List<AppSignonPolicyRulePlatformInclude>
Priority int: Priority of the rule.
ReAuthenticationFrequency string: The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
RiskScore string: The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
Status string: Status of the rule
Type string: The Verification Method type
UserTypesExcludeds List<string>: Set of User Type IDs to exclude
UserTypesIncludeds List<string>: Set of User Type IDs to include
UsersExcludeds List<string>: Set of User IDs to exclude
UsersIncludeds List<string>: Set of User IDs to include

PolicyId string: ID of the policy
Access string: Allow or deny access based on the rule conditions: ALLOW or DENY
Constraints []string: An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
CustomExpression string: This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
DeviceAssurancesIncludeds []string: List of device assurance IDs to include
DeviceIsManaged bool: If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
DeviceIsRegistered bool: If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
FactorMode string: The number of factors required to satisfy this assurance level
GroupsExcludeds []string: List of group IDs to exclude
GroupsIncludeds []string: List of group IDs to include
InactivityPeriod string: The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
Name string: Policy Rule Name
NetworkConnection string: Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
NetworkExcludes []string: The zones to exclude
NetworkIncludes []string: The zones to include
PlatformIncludes []AppSignonPolicyRulePlatformIncludeArgs
Priority int: Priority of the rule.
ReAuthenticationFrequency string: The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
RiskScore string: The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
Status string: Status of the rule
Type string: The Verification Method type
UserTypesExcludeds []string: Set of User Type IDs to exclude
UserTypesIncludeds []string: Set of User Type IDs to include
UsersExcludeds []string: Set of User IDs to exclude
UsersIncludeds []string: Set of User IDs to include

policyId String: ID of the policy
access String: Allow or deny access based on the rule conditions: ALLOW or DENY
constraints List<String>: An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
customExpression String: This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
deviceAssurancesIncludeds List<String>: List of device assurance IDs to include
deviceIsManaged Boolean: If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
deviceIsRegistered Boolean: If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
factorMode String: The number of factors required to satisfy this assurance level
groupsExcludeds List<String>: List of group IDs to exclude
groupsIncludeds List<String>: List of group IDs to include
inactivityPeriod String: The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
name String: Policy Rule Name
networkConnection String: Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
networkExcludes List<String>: The zones to exclude
networkIncludes List<String>: The zones to include
platformIncludes List<AppSignonPolicyRulePlatformInclude>
priority Integer: Priority of the rule.
reAuthenticationFrequency String: The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
riskScore String: The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
status String: Status of the rule
type String: The Verification Method type
userTypesExcludeds List<String>: Set of User Type IDs to exclude
userTypesIncludeds List<String>: Set of User Type IDs to include
usersExcludeds List<String>: Set of User IDs to exclude
usersIncludeds List<String>: Set of User IDs to include

policyId string: ID of the policy
access string: Allow or deny access based on the rule conditions: ALLOW or DENY
constraints string[]: An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
customExpression string: This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
deviceAssurancesIncludeds string[]: List of device assurance IDs to include
deviceIsManaged boolean: If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
deviceIsRegistered boolean: If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
factorMode string: The number of factors required to satisfy this assurance level
groupsExcludeds string[]: List of group IDs to exclude
groupsIncludeds string[]: List of group IDs to include
inactivityPeriod string: The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
name string: Policy Rule Name
networkConnection string: Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
networkExcludes string[]: The zones to exclude
networkIncludes string[]: The zones to include
platformIncludes AppSignonPolicyRulePlatformInclude[]
priority number: Priority of the rule.
reAuthenticationFrequency string: The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
riskScore string: The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
status string: Status of the rule
type string: The Verification Method type
userTypesExcludeds string[]: Set of User Type IDs to exclude
userTypesIncludeds string[]: Set of User Type IDs to include
usersExcludeds string[]: Set of User IDs to exclude
usersIncludeds string[]: Set of User IDs to include

policy_id str: ID of the policy
access str: Allow or deny access based on the rule conditions: ALLOW or DENY
constraints Sequence[str]: An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
custom_expression str: This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
device_assurances_includeds Sequence[str]: List of device assurance IDs to include
device_is_managed bool: If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
device_is_registered bool: If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
factor_mode str: The number of factors required to satisfy this assurance level
groups_excludeds Sequence[str]: List of group IDs to exclude
groups_includeds Sequence[str]: List of group IDs to include
inactivity_period str: The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
name str: Policy Rule Name
network_connection str: Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
network_excludes Sequence[str]: The zones to exclude
network_includes Sequence[str]: The zones to include
platform_includes Sequence[AppSignonPolicyRulePlatformIncludeArgs]
priority int: Priority of the rule.
re_authentication_frequency str: The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
risk_score str: The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
status str: Status of the rule
type str: The Verification Method type
user_types_excludeds Sequence[str]: Set of User Type IDs to exclude
user_types_includeds Sequence[str]: Set of User Type IDs to include
users_excludeds Sequence[str]: Set of User IDs to exclude
users_includeds Sequence[str]: Set of User IDs to include

policyId String: ID of the policy
access String: Allow or deny access based on the rule conditions: ALLOW or DENY
constraints List<String>: An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
customExpression String: This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
deviceAssurancesIncludeds List<String>: List of device assurance IDs to include
deviceIsManaged Boolean: If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
deviceIsRegistered Boolean: If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
factorMode String: The number of factors required to satisfy this assurance level
groupsExcludeds List<String>: List of group IDs to exclude
groupsIncludeds List<String>: List of group IDs to include
inactivityPeriod String: The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
name String: Policy Rule Name
networkConnection String: Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
networkExcludes List<String>: The zones to exclude
networkIncludes List<String>: The zones to include
platformIncludes List<Property Map>
priority Number: Priority of the rule.
reAuthenticationFrequency String: The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
riskScore String: The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
status String: Status of the rule
type String: The Verification Method type
userTypesExcludeds List<String>: Set of User Type IDs to exclude
userTypesIncludeds List<String>: Set of User Type IDs to include
usersExcludeds List<String>: Set of User IDs to exclude
usersIncludeds List<String>: Set of User IDs to include

Outputs

All input properties are implicitly available as output properties. Additionally, the AppSignonPolicyRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
System bool: Often the Catch-all Rule this rule is the system (default) rule for its associated policy

Id string: The provider-assigned unique ID for this managed resource.
System bool: Often the Catch-all Rule this rule is the system (default) rule for its associated policy

id String: The provider-assigned unique ID for this managed resource.
system Boolean: Often the Catch-all Rule this rule is the system (default) rule for its associated policy

id string: The provider-assigned unique ID for this managed resource.
system boolean: Often the Catch-all Rule this rule is the system (default) rule for its associated policy

id str: The provider-assigned unique ID for this managed resource.
system bool: Often the Catch-all Rule this rule is the system (default) rule for its associated policy

id String: The provider-assigned unique ID for this managed resource.
system Boolean: Often the Catch-all Rule this rule is the system (default) rule for its associated policy

Look up Existing AppSignonPolicyRule Resource

Get an existing AppSignonPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AppSignonPolicyRuleState, opts?: CustomResourceOptions): AppSignonPolicyRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access: Optional[str] = None,
        constraints: Optional[Sequence[str]] = None,
        custom_expression: Optional[str] = None,
        device_assurances_includeds: Optional[Sequence[str]] = None,
        device_is_managed: Optional[bool] = None,
        device_is_registered: Optional[bool] = None,
        factor_mode: Optional[str] = None,
        groups_excludeds: Optional[Sequence[str]] = None,
        groups_includeds: Optional[Sequence[str]] = None,
        inactivity_period: Optional[str] = None,
        name: Optional[str] = None,
        network_connection: Optional[str] = None,
        network_excludes: Optional[Sequence[str]] = None,
        network_includes: Optional[Sequence[str]] = None,
        platform_includes: Optional[Sequence[AppSignonPolicyRulePlatformIncludeArgs]] = None,
        policy_id: Optional[str] = None,
        priority: Optional[int] = None,
        re_authentication_frequency: Optional[str] = None,
        risk_score: Optional[str] = None,
        status: Optional[str] = None,
        system: Optional[bool] = None,
        type: Optional[str] = None,
        user_types_excludeds: Optional[Sequence[str]] = None,
        user_types_includeds: Optional[Sequence[str]] = None,
        users_excludeds: Optional[Sequence[str]] = None,
        users_includeds: Optional[Sequence[str]] = None) -> AppSignonPolicyRule

func GetAppSignonPolicyRule(ctx *Context, name string, id IDInput, state *AppSignonPolicyRuleState, opts ...ResourceOption) (*AppSignonPolicyRule, error)

public static AppSignonPolicyRule Get(string name, Input<string> id, AppSignonPolicyRuleState? state, CustomResourceOptions? opts = null)

public static AppSignonPolicyRule get(String name, Output<String> id, AppSignonPolicyRuleState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Access string: Allow or deny access based on the rule conditions: ALLOW or DENY
Constraints List<string>: An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
CustomExpression string: This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
DeviceAssurancesIncludeds List<string>: List of device assurance IDs to include
DeviceIsManaged bool: If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
DeviceIsRegistered bool: If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
FactorMode string: The number of factors required to satisfy this assurance level
GroupsExcludeds List<string>: List of group IDs to exclude
GroupsIncludeds List<string>: List of group IDs to include
InactivityPeriod string: The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
Name string: Policy Rule Name
NetworkConnection string: Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
NetworkExcludes List<string>: The zones to exclude
NetworkIncludes List<string>: The zones to include
PlatformIncludes List<AppSignonPolicyRulePlatformInclude>
PolicyId string: ID of the policy
Priority int: Priority of the rule.
ReAuthenticationFrequency string: The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
RiskScore string: The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
Status string: Status of the rule
System bool: Often the Catch-all Rule this rule is the system (default) rule for its associated policy
Type string: The Verification Method type
UserTypesExcludeds List<string>: Set of User Type IDs to exclude
UserTypesIncludeds List<string>: Set of User Type IDs to include
UsersExcludeds List<string>: Set of User IDs to exclude
UsersIncludeds List<string>: Set of User IDs to include

Access string: Allow or deny access based on the rule conditions: ALLOW or DENY
Constraints []string: An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
CustomExpression string: This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
DeviceAssurancesIncludeds []string: List of device assurance IDs to include
DeviceIsManaged bool: If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
DeviceIsRegistered bool: If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
FactorMode string: The number of factors required to satisfy this assurance level
GroupsExcludeds []string: List of group IDs to exclude
GroupsIncludeds []string: List of group IDs to include
InactivityPeriod string: The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
Name string: Policy Rule Name
NetworkConnection string: Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
NetworkExcludes []string: The zones to exclude
NetworkIncludes []string: The zones to include
PlatformIncludes []AppSignonPolicyRulePlatformIncludeArgs
PolicyId string: ID of the policy
Priority int: Priority of the rule.
ReAuthenticationFrequency string: The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
RiskScore string: The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
Status string: Status of the rule
System bool: Often the Catch-all Rule this rule is the system (default) rule for its associated policy
Type string: The Verification Method type
UserTypesExcludeds []string: Set of User Type IDs to exclude
UserTypesIncludeds []string: Set of User Type IDs to include
UsersExcludeds []string: Set of User IDs to exclude
UsersIncludeds []string: Set of User IDs to include

access String: Allow or deny access based on the rule conditions: ALLOW or DENY
constraints List<String>: An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
customExpression String: This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
deviceAssurancesIncludeds List<String>: List of device assurance IDs to include
deviceIsManaged Boolean: If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
deviceIsRegistered Boolean: If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
factorMode String: The number of factors required to satisfy this assurance level
groupsExcludeds List<String>: List of group IDs to exclude
groupsIncludeds List<String>: List of group IDs to include
inactivityPeriod String: The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
name String: Policy Rule Name
networkConnection String: Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
networkExcludes List<String>: The zones to exclude
networkIncludes List<String>: The zones to include
platformIncludes List<AppSignonPolicyRulePlatformInclude>
policyId String: ID of the policy
priority Integer: Priority of the rule.
reAuthenticationFrequency String: The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
riskScore String: The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
status String: Status of the rule
system Boolean: Often the Catch-all Rule this rule is the system (default) rule for its associated policy
type String: The Verification Method type
userTypesExcludeds List<String>: Set of User Type IDs to exclude
userTypesIncludeds List<String>: Set of User Type IDs to include
usersExcludeds List<String>: Set of User IDs to exclude
usersIncludeds List<String>: Set of User IDs to include

access string: Allow or deny access based on the rule conditions: ALLOW or DENY
constraints string[]: An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
customExpression string: This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
deviceAssurancesIncludeds string[]: List of device assurance IDs to include
deviceIsManaged boolean: If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
deviceIsRegistered boolean: If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
factorMode string: The number of factors required to satisfy this assurance level
groupsExcludeds string[]: List of group IDs to exclude
groupsIncludeds string[]: List of group IDs to include
inactivityPeriod string: The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
name string: Policy Rule Name
networkConnection string: Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
networkExcludes string[]: The zones to exclude
networkIncludes string[]: The zones to include
platformIncludes AppSignonPolicyRulePlatformInclude[]
policyId string: ID of the policy
priority number: Priority of the rule.
reAuthenticationFrequency string: The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
riskScore string: The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
status string: Status of the rule
system boolean: Often the Catch-all Rule this rule is the system (default) rule for its associated policy
type string: The Verification Method type
userTypesExcludeds string[]: Set of User Type IDs to exclude
userTypesIncludeds string[]: Set of User Type IDs to include
usersExcludeds string[]: Set of User IDs to exclude
usersIncludeds string[]: Set of User IDs to include

access str: Allow or deny access based on the rule conditions: ALLOW or DENY
constraints Sequence[str]: An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
custom_expression str: This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
device_assurances_includeds Sequence[str]: List of device assurance IDs to include
device_is_managed bool: If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
device_is_registered bool: If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
factor_mode str: The number of factors required to satisfy this assurance level
groups_excludeds Sequence[str]: List of group IDs to exclude
groups_includeds Sequence[str]: List of group IDs to include
inactivity_period str: The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
name str: Policy Rule Name
network_connection str: Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
network_excludes Sequence[str]: The zones to exclude
network_includes Sequence[str]: The zones to include
platform_includes Sequence[AppSignonPolicyRulePlatformIncludeArgs]
policy_id str: ID of the policy
priority int: Priority of the rule.
re_authentication_frequency str: The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
risk_score str: The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
status str: Status of the rule
system bool: Often the Catch-all Rule this rule is the system (default) rule for its associated policy
type str: The Verification Method type
user_types_excludeds Sequence[str]: Set of User Type IDs to exclude
user_types_includeds Sequence[str]: Set of User Type IDs to include
users_excludeds Sequence[str]: Set of User IDs to exclude
users_includeds Sequence[str]: Set of User IDs to include

access String: Allow or deny access based on the rule conditions: ALLOW or DENY
constraints List<String>: An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
customExpression String: This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
deviceAssurancesIncludeds List<String>: List of device assurance IDs to include
deviceIsManaged Boolean: If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
deviceIsRegistered Boolean: If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
factorMode String: The number of factors required to satisfy this assurance level
groupsExcludeds List<String>: List of group IDs to exclude
groupsIncludeds List<String>: List of group IDs to include
inactivityPeriod String: The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
name String: Policy Rule Name
networkConnection String: Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
networkExcludes List<String>: The zones to exclude
networkIncludes List<String>: The zones to include
platformIncludes List<Property Map>
policyId String: ID of the policy
priority Number: Priority of the rule.
reAuthenticationFrequency String: The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
riskScore String: The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
status String: Status of the rule
system Boolean: Often the Catch-all Rule this rule is the system (default) rule for its associated policy
type String: The Verification Method type
userTypesExcludeds List<String>: Set of User Type IDs to exclude
userTypesIncludeds List<String>: Set of User Type IDs to include
usersExcludeds List<String>: Set of User IDs to exclude
usersIncludeds List<String>: Set of User IDs to include

Supporting Types

AppSignonPolicyRulePlatformInclude, AppSignonPolicyRulePlatformIncludeArgs

OsExpression string: Only available with OTHER OS type
OsType string
Type string

OsExpression string: Only available with OTHER OS type
OsType string
Type string

osExpression String: Only available with OTHER OS type
osType String
type String

osExpression string: Only available with OTHER OS type
osType string
type string

os_expression str: Only available with OTHER OS type
os_type str
type str

osExpression String: Only available with OTHER OS type
osType String
type String

Import

$ pulumi import okta:index/appSignonPolicyRule:AppSignonPolicyRule example <policy_id>/<rule_id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Okta pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

Okta v4.11.0 published on Tuesday, Sep 17, 2024 by Pulumi

pulumi/pulumi-okta

okta.AppSignonPolicyRule

On this page

On this page

Create AppSignonPolicyRule Resource

Constructor syntax

Parameters

Constructor example

AppSignonPolicyRule Resource Properties

Inputs

Outputs

Look up Existing AppSignonPolicyRule Resource

Supporting Types

AppSignonPolicyRulePlatformInclude, AppSignonPolicyRulePlatformIncludeArgs

Import

Package Details

On this page

On this page