Okta v4.11.0 published on Tuesday, Sep 17, 2024 by Pulumi
okta.auth.ServerPolicyClaim
Explore with Pulumi AI
Deprecated: okta.auth/serverpolicyclaim.ServerPolicyClaim has been deprecated in favor of okta.auth/serverpolicyrule.ServerPolicyRule
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const example = new okta.auth.ServerPolicyRule("example", {
authServerId: "<auth server id>",
policyId: "<auth server policy id>",
status: "ACTIVE",
name: "example",
priority: 1,
groupWhitelists: ["<group ids>"],
grantTypeWhitelists: ["implicit"],
});
import pulumi
import pulumi_okta as okta
example = okta.auth.ServerPolicyRule("example",
auth_server_id="<auth server id>",
policy_id="<auth server policy id>",
status="ACTIVE",
name="example",
priority=1,
group_whitelists=["<group ids>"],
grant_type_whitelists=["implicit"])
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/auth"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth.NewServerPolicyRule(ctx, "example", &auth.ServerPolicyRuleArgs{
AuthServerId: pulumi.String("<auth server id>"),
PolicyId: pulumi.String("<auth server policy id>"),
Status: pulumi.String("ACTIVE"),
Name: pulumi.String("example"),
Priority: pulumi.Int(1),
GroupWhitelists: pulumi.StringArray{
pulumi.String("<group ids>"),
},
GrantTypeWhitelists: pulumi.StringArray{
pulumi.String("implicit"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var example = new Okta.Auth.ServerPolicyRule("example", new()
{
AuthServerId = "<auth server id>",
PolicyId = "<auth server policy id>",
Status = "ACTIVE",
Name = "example",
Priority = 1,
GroupWhitelists = new[]
{
"<group ids>",
},
GrantTypeWhitelists = new[]
{
"implicit",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.auth.ServerPolicyRule;
import com.pulumi.okta.auth.ServerPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerPolicyRule("example", ServerPolicyRuleArgs.builder()
.authServerId("<auth server id>")
.policyId("<auth server policy id>")
.status("ACTIVE")
.name("example")
.priority(1)
.groupWhitelists("<group ids>")
.grantTypeWhitelists("implicit")
.build());
}
}
resources:
example:
type: okta:auth:ServerPolicyRule
properties:
authServerId: <auth server id>
policyId: <auth server policy id>
status: ACTIVE
name: example
priority: 1
groupWhitelists:
- <group ids>
grantTypeWhitelists:
- implicit
Create ServerPolicyClaim Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServerPolicyClaim(name: string, args: ServerPolicyClaimArgs, opts?: CustomResourceOptions);
@overload
def ServerPolicyClaim(resource_name: str,
args: ServerPolicyClaimArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServerPolicyClaim(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_token_lifetime_minutes: Optional[int] = None,
auth_server_id: Optional[str] = None,
grant_type_whitelists: Optional[Sequence[str]] = None,
group_blacklists: Optional[Sequence[str]] = None,
group_whitelists: Optional[Sequence[str]] = None,
inline_hook_id: Optional[str] = None,
name: Optional[str] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
refresh_token_lifetime_minutes: Optional[int] = None,
refresh_token_window_minutes: Optional[int] = None,
scope_whitelists: Optional[Sequence[str]] = None,
status: Optional[str] = None,
type: Optional[str] = None,
user_blacklists: Optional[Sequence[str]] = None,
user_whitelists: Optional[Sequence[str]] = None)
func NewServerPolicyClaim(ctx *Context, name string, args ServerPolicyClaimArgs, opts ...ResourceOption) (*ServerPolicyClaim, error)
public ServerPolicyClaim(string name, ServerPolicyClaimArgs args, CustomResourceOptions? opts = null)
public ServerPolicyClaim(String name, ServerPolicyClaimArgs args)
public ServerPolicyClaim(String name, ServerPolicyClaimArgs args, CustomResourceOptions options)
type: okta:auth:ServerPolicyClaim
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServerPolicyClaimArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServerPolicyClaimArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServerPolicyClaimArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServerPolicyClaimArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServerPolicyClaimArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
ServerPolicyClaim Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ServerPolicyClaim resource accepts the following input properties:
- Auth
Server stringId - Auth server ID
- Grant
Type List<string>Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - Policy
Id string - Auth server policy ID
- Priority int
- Priority of the auth server policy rule
- Access
Token intLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - Group
Blacklists List<string> - Specifies a set of Groups whose Users are to be excluded.
- Group
Whitelists List<string> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - Inline
Hook stringId - The ID of the inline token to trigger.
- Name string
- Auth server policy rule name
- Refresh
Token intLifetime Minutes - Lifetime of refresh token.
- Refresh
Token intWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - Scope
Whitelists List<string> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- Status string
- Default to
ACTIVE
- Type string
- Auth server policy rule type, unlikely this will be anything other then the default
- User
Blacklists List<string> - Specifies a set of Users to be excluded.
- User
Whitelists List<string> - Specifies a set of Users to be included.
- Auth
Server stringId - Auth server ID
- Grant
Type []stringWhitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - Policy
Id string - Auth server policy ID
- Priority int
- Priority of the auth server policy rule
- Access
Token intLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - Group
Blacklists []string - Specifies a set of Groups whose Users are to be excluded.
- Group
Whitelists []string - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - Inline
Hook stringId - The ID of the inline token to trigger.
- Name string
- Auth server policy rule name
- Refresh
Token intLifetime Minutes - Lifetime of refresh token.
- Refresh
Token intWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - Scope
Whitelists []string - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- Status string
- Default to
ACTIVE
- Type string
- Auth server policy rule type, unlikely this will be anything other then the default
- User
Blacklists []string - Specifies a set of Users to be excluded.
- User
Whitelists []string - Specifies a set of Users to be included.
- auth
Server StringId - Auth server ID
- grant
Type List<String>Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - policy
Id String - Auth server policy ID
- priority Integer
- Priority of the auth server policy rule
- access
Token IntegerLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - group
Blacklists List<String> - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists List<String> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline
Hook StringId - The ID of the inline token to trigger.
- name String
- Auth server policy rule name
- refresh
Token IntegerLifetime Minutes - Lifetime of refresh token.
- refresh
Token IntegerWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope
Whitelists List<String> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status String
- Default to
ACTIVE
- type String
- Auth server policy rule type, unlikely this will be anything other then the default
- user
Blacklists List<String> - Specifies a set of Users to be excluded.
- user
Whitelists List<String> - Specifies a set of Users to be included.
- auth
Server stringId - Auth server ID
- grant
Type string[]Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - policy
Id string - Auth server policy ID
- priority number
- Priority of the auth server policy rule
- access
Token numberLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - group
Blacklists string[] - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists string[] - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline
Hook stringId - The ID of the inline token to trigger.
- name string
- Auth server policy rule name
- refresh
Token numberLifetime Minutes - Lifetime of refresh token.
- refresh
Token numberWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope
Whitelists string[] - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status string
- Default to
ACTIVE
- type string
- Auth server policy rule type, unlikely this will be anything other then the default
- user
Blacklists string[] - Specifies a set of Users to be excluded.
- user
Whitelists string[] - Specifies a set of Users to be included.
- auth_
server_ strid - Auth server ID
- grant_
type_ Sequence[str]whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - policy_
id str - Auth server policy ID
- priority int
- Priority of the auth server policy rule
- access_
token_ intlifetime_ minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - group_
blacklists Sequence[str] - Specifies a set of Groups whose Users are to be excluded.
- group_
whitelists Sequence[str] - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline_
hook_ strid - The ID of the inline token to trigger.
- name str
- Auth server policy rule name
- refresh_
token_ intlifetime_ minutes - Lifetime of refresh token.
- refresh_
token_ intwindow_ minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope_
whitelists Sequence[str] - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status str
- Default to
ACTIVE
- type str
- Auth server policy rule type, unlikely this will be anything other then the default
- user_
blacklists Sequence[str] - Specifies a set of Users to be excluded.
- user_
whitelists Sequence[str] - Specifies a set of Users to be included.
- auth
Server StringId - Auth server ID
- grant
Type List<String>Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - policy
Id String - Auth server policy ID
- priority Number
- Priority of the auth server policy rule
- access
Token NumberLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - group
Blacklists List<String> - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists List<String> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline
Hook StringId - The ID of the inline token to trigger.
- name String
- Auth server policy rule name
- refresh
Token NumberLifetime Minutes - Lifetime of refresh token.
- refresh
Token NumberWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope
Whitelists List<String> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status String
- Default to
ACTIVE
- type String
- Auth server policy rule type, unlikely this will be anything other then the default
- user
Blacklists List<String> - Specifies a set of Users to be excluded.
- user
Whitelists List<String> - Specifies a set of Users to be included.
Outputs
All input properties are implicitly available as output properties. Additionally, the ServerPolicyClaim resource produces the following output properties:
Look up Existing ServerPolicyClaim Resource
Get an existing ServerPolicyClaim resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServerPolicyClaimState, opts?: CustomResourceOptions): ServerPolicyClaim
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_token_lifetime_minutes: Optional[int] = None,
auth_server_id: Optional[str] = None,
grant_type_whitelists: Optional[Sequence[str]] = None,
group_blacklists: Optional[Sequence[str]] = None,
group_whitelists: Optional[Sequence[str]] = None,
inline_hook_id: Optional[str] = None,
name: Optional[str] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
refresh_token_lifetime_minutes: Optional[int] = None,
refresh_token_window_minutes: Optional[int] = None,
scope_whitelists: Optional[Sequence[str]] = None,
status: Optional[str] = None,
system: Optional[bool] = None,
type: Optional[str] = None,
user_blacklists: Optional[Sequence[str]] = None,
user_whitelists: Optional[Sequence[str]] = None) -> ServerPolicyClaim
func GetServerPolicyClaim(ctx *Context, name string, id IDInput, state *ServerPolicyClaimState, opts ...ResourceOption) (*ServerPolicyClaim, error)
public static ServerPolicyClaim Get(string name, Input<string> id, ServerPolicyClaimState? state, CustomResourceOptions? opts = null)
public static ServerPolicyClaim get(String name, Output<String> id, ServerPolicyClaimState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Token intLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - Auth
Server stringId - Auth server ID
- Grant
Type List<string>Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - Group
Blacklists List<string> - Specifies a set of Groups whose Users are to be excluded.
- Group
Whitelists List<string> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - Inline
Hook stringId - The ID of the inline token to trigger.
- Name string
- Auth server policy rule name
- Policy
Id string - Auth server policy ID
- Priority int
- Priority of the auth server policy rule
- Refresh
Token intLifetime Minutes - Lifetime of refresh token.
- Refresh
Token intWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - Scope
Whitelists List<string> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- Status string
- Default to
ACTIVE
- System bool
- The rule is the system (default) rule for its associated policy
- Type string
- Auth server policy rule type, unlikely this will be anything other then the default
- User
Blacklists List<string> - Specifies a set of Users to be excluded.
- User
Whitelists List<string> - Specifies a set of Users to be included.
- Access
Token intLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - Auth
Server stringId - Auth server ID
- Grant
Type []stringWhitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - Group
Blacklists []string - Specifies a set of Groups whose Users are to be excluded.
- Group
Whitelists []string - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - Inline
Hook stringId - The ID of the inline token to trigger.
- Name string
- Auth server policy rule name
- Policy
Id string - Auth server policy ID
- Priority int
- Priority of the auth server policy rule
- Refresh
Token intLifetime Minutes - Lifetime of refresh token.
- Refresh
Token intWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - Scope
Whitelists []string - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- Status string
- Default to
ACTIVE
- System bool
- The rule is the system (default) rule for its associated policy
- Type string
- Auth server policy rule type, unlikely this will be anything other then the default
- User
Blacklists []string - Specifies a set of Users to be excluded.
- User
Whitelists []string - Specifies a set of Users to be included.
- access
Token IntegerLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - auth
Server StringId - Auth server ID
- grant
Type List<String>Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - group
Blacklists List<String> - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists List<String> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline
Hook StringId - The ID of the inline token to trigger.
- name String
- Auth server policy rule name
- policy
Id String - Auth server policy ID
- priority Integer
- Priority of the auth server policy rule
- refresh
Token IntegerLifetime Minutes - Lifetime of refresh token.
- refresh
Token IntegerWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope
Whitelists List<String> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status String
- Default to
ACTIVE
- system Boolean
- The rule is the system (default) rule for its associated policy
- type String
- Auth server policy rule type, unlikely this will be anything other then the default
- user
Blacklists List<String> - Specifies a set of Users to be excluded.
- user
Whitelists List<String> - Specifies a set of Users to be included.
- access
Token numberLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - auth
Server stringId - Auth server ID
- grant
Type string[]Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - group
Blacklists string[] - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists string[] - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline
Hook stringId - The ID of the inline token to trigger.
- name string
- Auth server policy rule name
- policy
Id string - Auth server policy ID
- priority number
- Priority of the auth server policy rule
- refresh
Token numberLifetime Minutes - Lifetime of refresh token.
- refresh
Token numberWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope
Whitelists string[] - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status string
- Default to
ACTIVE
- system boolean
- The rule is the system (default) rule for its associated policy
- type string
- Auth server policy rule type, unlikely this will be anything other then the default
- user
Blacklists string[] - Specifies a set of Users to be excluded.
- user
Whitelists string[] - Specifies a set of Users to be included.
- access_
token_ intlifetime_ minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - auth_
server_ strid - Auth server ID
- grant_
type_ Sequence[str]whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - group_
blacklists Sequence[str] - Specifies a set of Groups whose Users are to be excluded.
- group_
whitelists Sequence[str] - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline_
hook_ strid - The ID of the inline token to trigger.
- name str
- Auth server policy rule name
- policy_
id str - Auth server policy ID
- priority int
- Priority of the auth server policy rule
- refresh_
token_ intlifetime_ minutes - Lifetime of refresh token.
- refresh_
token_ intwindow_ minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope_
whitelists Sequence[str] - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status str
- Default to
ACTIVE
- system bool
- The rule is the system (default) rule for its associated policy
- type str
- Auth server policy rule type, unlikely this will be anything other then the default
- user_
blacklists Sequence[str] - Specifies a set of Users to be excluded.
- user_
whitelists Sequence[str] - Specifies a set of Users to be included.
- access
Token NumberLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - auth
Server StringId - Auth server ID
- grant
Type List<String>Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - group
Blacklists List<String> - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists List<String> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline
Hook StringId - The ID of the inline token to trigger.
- name String
- Auth server policy rule name
- policy
Id String - Auth server policy ID
- priority Number
- Priority of the auth server policy rule
- refresh
Token NumberLifetime Minutes - Lifetime of refresh token.
- refresh
Token NumberWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope
Whitelists List<String> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status String
- Default to
ACTIVE
- system Boolean
- The rule is the system (default) rule for its associated policy
- type String
- Auth server policy rule type, unlikely this will be anything other then the default
- user
Blacklists List<String> - Specifies a set of Users to be excluded.
- user
Whitelists List<String> - Specifies a set of Users to be included.
Import
$ pulumi import okta:auth/serverPolicyClaim:ServerPolicyClaim example <auth_server_id>/<policy_id>/<policy_rule_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.