Okta v4.11.0, Sep 17 24

Okta v4.11.0 published on Tuesday, Sep 17, 2024 by Pulumi

okta.policy.RuleMfa

Explore with Pulumi AI

Okta v4.11.0 published on Tuesday, Sep 17, 2024 by Pulumi

Create RuleMfa Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new RuleMfa(name: string, args?: RuleMfaArgs, opts?: CustomResourceOptions);

@overload
def RuleMfa(resource_name: str,
            args: Optional[RuleMfaArgs] = None,
            opts: Optional[ResourceOptions] = None)

@overload
def RuleMfa(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            app_excludes: Optional[Sequence[RuleMfaAppExcludeArgs]] = None,
            app_includes: Optional[Sequence[RuleMfaAppIncludeArgs]] = None,
            enroll: Optional[str] = None,
            name: Optional[str] = None,
            network_connection: Optional[str] = None,
            network_excludes: Optional[Sequence[str]] = None,
            network_includes: Optional[Sequence[str]] = None,
            policy_id: Optional[str] = None,
            priority: Optional[int] = None,
            status: Optional[str] = None,
            users_excludeds: Optional[Sequence[str]] = None)

func NewRuleMfa(ctx *Context, name string, args *RuleMfaArgs, opts ...ResourceOption) (*RuleMfa, error)

public RuleMfa(string name, RuleMfaArgs? args = null, CustomResourceOptions? opts = null)

public RuleMfa(String name, RuleMfaArgs args)
public RuleMfa(String name, RuleMfaArgs args, CustomResourceOptions options)

type: okta:policy:RuleMfa
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args RuleMfaArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args RuleMfaArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args RuleMfaArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RuleMfaArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args RuleMfaArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var ruleMfaResource = new Okta.Policy.RuleMfa("ruleMfaResource", new()
{
    AppExcludes = new[]
    {
        new Okta.Policy.Inputs.RuleMfaAppExcludeArgs
        {
            Type = "string",
            Id = "string",
            Name = "string",
        },
    },
    AppIncludes = new[]
    {
        new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
        {
            Type = "string",
            Id = "string",
            Name = "string",
        },
    },
    Enroll = "string",
    Name = "string",
    NetworkConnection = "string",
    NetworkExcludes = new[]
    {
        "string",
    },
    NetworkIncludes = new[]
    {
        "string",
    },
    PolicyId = "string",
    Priority = 0,
    Status = "string",
    UsersExcludeds = new[]
    {
        "string",
    },
});

example, err := policy.NewRuleMfa(ctx, "ruleMfaResource", &policy.RuleMfaArgs{
	AppExcludes: policy.RuleMfaAppExcludeArray{
		&policy.RuleMfaAppExcludeArgs{
			Type: pulumi.String("string"),
			Id:   pulumi.String("string"),
			Name: pulumi.String("string"),
		},
	},
	AppIncludes: policy.RuleMfaAppIncludeArray{
		&policy.RuleMfaAppIncludeArgs{
			Type: pulumi.String("string"),
			Id:   pulumi.String("string"),
			Name: pulumi.String("string"),
		},
	},
	Enroll:            pulumi.String("string"),
	Name:              pulumi.String("string"),
	NetworkConnection: pulumi.String("string"),
	NetworkExcludes: pulumi.StringArray{
		pulumi.String("string"),
	},
	NetworkIncludes: pulumi.StringArray{
		pulumi.String("string"),
	},
	PolicyId: pulumi.String("string"),
	Priority: pulumi.Int(0),
	Status:   pulumi.String("string"),
	UsersExcludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var ruleMfaResource = new RuleMfa("ruleMfaResource", RuleMfaArgs.builder()
    .appExcludes(RuleMfaAppExcludeArgs.builder()
        .type("string")
        .id("string")
        .name("string")
        .build())
    .appIncludes(RuleMfaAppIncludeArgs.builder()
        .type("string")
        .id("string")
        .name("string")
        .build())
    .enroll("string")
    .name("string")
    .networkConnection("string")
    .networkExcludes("string")
    .networkIncludes("string")
    .policyId("string")
    .priority(0)
    .status("string")
    .usersExcludeds("string")
    .build());

rule_mfa_resource = okta.policy.RuleMfa("ruleMfaResource",
    app_excludes=[okta.policy.RuleMfaAppExcludeArgs(
        type="string",
        id="string",
        name="string",
    )],
    app_includes=[okta.policy.RuleMfaAppIncludeArgs(
        type="string",
        id="string",
        name="string",
    )],
    enroll="string",
    name="string",
    network_connection="string",
    network_excludes=["string"],
    network_includes=["string"],
    policy_id="string",
    priority=0,
    status="string",
    users_excludeds=["string"])

const ruleMfaResource = new okta.policy.RuleMfa("ruleMfaResource", {
    appExcludes: [{
        type: "string",
        id: "string",
        name: "string",
    }],
    appIncludes: [{
        type: "string",
        id: "string",
        name: "string",
    }],
    enroll: "string",
    name: "string",
    networkConnection: "string",
    networkExcludes: ["string"],
    networkIncludes: ["string"],
    policyId: "string",
    priority: 0,
    status: "string",
    usersExcludeds: ["string"],
});

type: okta:policy:RuleMfa
properties:
    appExcludes:
        - id: string
          name: string
          type: string
    appIncludes:
        - id: string
          name: string
          type: string
    enroll: string
    name: string
    networkConnection: string
    networkExcludes:
        - string
    networkIncludes:
        - string
    policyId: string
    priority: 0
    status: string
    usersExcludeds:
        - string

RuleMfa Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The RuleMfa resource accepts the following input properties:

AppExcludes List<RuleMfaAppExclude>

Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

AppIncludes List<RuleMfaAppInclude>

Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

Enroll string

When a user should be prompted for MFA. It can be CHALLENGE, LOGIN, or NEVER.

Name string

Policy Rule Name

NetworkConnection string

Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE

NetworkExcludes List<string>

Required if network_connection = ZONE. Indicates the network zones to exclude.

NetworkIncludes List<string>

Required if network_connection = ZONE. Indicates the network zones to include.

PolicyId string

Policy ID of the Rule

Priority int

Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.

Status string

Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE

UsersExcludeds List<string>

Set of User IDs to Exclude

AppExcludes []RuleMfaAppExcludeArgs

Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

AppIncludes []RuleMfaAppIncludeArgs

Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

Enroll string

When a user should be prompted for MFA. It can be CHALLENGE, LOGIN, or NEVER.

Name string

Policy Rule Name

NetworkConnection string

Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE

NetworkExcludes []string

Required if network_connection = ZONE. Indicates the network zones to exclude.

NetworkIncludes []string

Required if network_connection = ZONE. Indicates the network zones to include.

PolicyId string

Policy ID of the Rule

Priority int

Status string

Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE

UsersExcludeds []string

Set of User IDs to Exclude

appExcludes List<RuleMfaAppExclude>

Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

appIncludes List<RuleMfaAppInclude>

Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

enroll String

When a user should be prompted for MFA. It can be CHALLENGE, LOGIN, or NEVER.

name String

Policy Rule Name

networkConnection String

Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE

networkExcludes List<String>

Required if network_connection = ZONE. Indicates the network zones to exclude.

networkIncludes List<String>

Required if network_connection = ZONE. Indicates the network zones to include.

policyId String

Policy ID of the Rule

priority Integer

status String

Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE

usersExcludeds List<String>

Set of User IDs to Exclude

appExcludes RuleMfaAppExclude[]

Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

appIncludes RuleMfaAppInclude[]

Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

enroll string

When a user should be prompted for MFA. It can be CHALLENGE, LOGIN, or NEVER.

name string

Policy Rule Name

networkConnection string

Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE

networkExcludes string[]

Required if network_connection = ZONE. Indicates the network zones to exclude.

networkIncludes string[]

Required if network_connection = ZONE. Indicates the network zones to include.

policyId string

Policy ID of the Rule

priority number

status string

Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE

usersExcludeds string[]

Set of User IDs to Exclude

app_excludes Sequence[RuleMfaAppExcludeArgs]

Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

app_includes Sequence[RuleMfaAppIncludeArgs]

Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

enroll str

When a user should be prompted for MFA. It can be CHALLENGE, LOGIN, or NEVER.

name str

Policy Rule Name

network_connection str

Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE

network_excludes Sequence[str]

Required if network_connection = ZONE. Indicates the network zones to exclude.

network_includes Sequence[str]

Required if network_connection = ZONE. Indicates the network zones to include.

policy_id str

Policy ID of the Rule

priority int

status str

Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE

users_excludeds Sequence[str]

Set of User IDs to Exclude

appExcludes List<Property Map>

Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

appIncludes List<Property Map>

Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

enroll String

When a user should be prompted for MFA. It can be CHALLENGE, LOGIN, or NEVER.

name String

Policy Rule Name

networkConnection String

Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE

networkExcludes List<String>

Required if network_connection = ZONE. Indicates the network zones to exclude.

networkIncludes List<String>

Required if network_connection = ZONE. Indicates the network zones to include.

policyId String

Policy ID of the Rule

priority Number

status String

Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE

usersExcludeds List<String>

Set of User IDs to Exclude

Outputs

All input properties are implicitly available as output properties. Additionally, the RuleMfa resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing RuleMfa Resource

Get an existing RuleMfa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RuleMfaState, opts?: CustomResourceOptions): RuleMfa

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        app_excludes: Optional[Sequence[RuleMfaAppExcludeArgs]] = None,
        app_includes: Optional[Sequence[RuleMfaAppIncludeArgs]] = None,
        enroll: Optional[str] = None,
        name: Optional[str] = None,
        network_connection: Optional[str] = None,
        network_excludes: Optional[Sequence[str]] = None,
        network_includes: Optional[Sequence[str]] = None,
        policy_id: Optional[str] = None,
        priority: Optional[int] = None,
        status: Optional[str] = None,
        users_excludeds: Optional[Sequence[str]] = None) -> RuleMfa

func GetRuleMfa(ctx *Context, name string, id IDInput, state *RuleMfaState, opts ...ResourceOption) (*RuleMfa, error)

public static RuleMfa Get(string name, Input<string> id, RuleMfaState? state, CustomResourceOptions? opts = null)

public static RuleMfa get(String name, Output<String> id, RuleMfaState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AppExcludes List<RuleMfaAppExclude>

Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

AppIncludes List<RuleMfaAppInclude>

Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

Enroll string

When a user should be prompted for MFA. It can be CHALLENGE, LOGIN, or NEVER.

Name string

Policy Rule Name

NetworkConnection string

Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE

NetworkExcludes List<string>

Required if network_connection = ZONE. Indicates the network zones to exclude.

NetworkIncludes List<string>

Required if network_connection = ZONE. Indicates the network zones to include.

PolicyId string

Policy ID of the Rule

Priority int

Status string

Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE

UsersExcludeds List<string>

Set of User IDs to Exclude

AppExcludes []RuleMfaAppExcludeArgs

Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

AppIncludes []RuleMfaAppIncludeArgs

Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

Enroll string

When a user should be prompted for MFA. It can be CHALLENGE, LOGIN, or NEVER.

Name string

Policy Rule Name

NetworkConnection string

Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE

NetworkExcludes []string

Required if network_connection = ZONE. Indicates the network zones to exclude.

NetworkIncludes []string

Required if network_connection = ZONE. Indicates the network zones to include.

PolicyId string

Policy ID of the Rule

Priority int

Status string

Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE

UsersExcludeds []string

Set of User IDs to Exclude

appExcludes List<RuleMfaAppExclude>

Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

appIncludes List<RuleMfaAppInclude>

Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

enroll String

When a user should be prompted for MFA. It can be CHALLENGE, LOGIN, or NEVER.

name String

Policy Rule Name

networkConnection String

Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE

networkExcludes List<String>

Required if network_connection = ZONE. Indicates the network zones to exclude.

networkIncludes List<String>

Required if network_connection = ZONE. Indicates the network zones to include.

policyId String

Policy ID of the Rule

priority Integer

status String

Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE

usersExcludeds List<String>

Set of User IDs to Exclude

appExcludes RuleMfaAppExclude[]

Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

appIncludes RuleMfaAppInclude[]

Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

enroll string

When a user should be prompted for MFA. It can be CHALLENGE, LOGIN, or NEVER.

name string

Policy Rule Name

networkConnection string

Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE

networkExcludes string[]

Required if network_connection = ZONE. Indicates the network zones to exclude.

networkIncludes string[]

Required if network_connection = ZONE. Indicates the network zones to include.

policyId string

Policy ID of the Rule

priority number

status string

Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE

usersExcludeds string[]

Set of User IDs to Exclude

app_excludes Sequence[RuleMfaAppExcludeArgs]

Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

app_includes Sequence[RuleMfaAppIncludeArgs]

Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

enroll str

When a user should be prompted for MFA. It can be CHALLENGE, LOGIN, or NEVER.

name str

Policy Rule Name

network_connection str

Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE

network_excludes Sequence[str]

Required if network_connection = ZONE. Indicates the network zones to exclude.

network_includes Sequence[str]

Required if network_connection = ZONE. Indicates the network zones to include.

policy_id str

Policy ID of the Rule

priority int

status str

Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE

users_excludeds Sequence[str]

Set of User IDs to Exclude

appExcludes List<Property Map>

Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

appIncludes List<Property Map>

Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'

(Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'

enroll String

When a user should be prompted for MFA. It can be CHALLENGE, LOGIN, or NEVER.

name String

Policy Rule Name

networkConnection String

Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE

networkExcludes List<String>

Required if network_connection = ZONE. Indicates the network zones to exclude.

networkIncludes List<String>

Required if network_connection = ZONE. Indicates the network zones to include.

policyId String

Policy ID of the Rule

priority Number

status String

Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE

usersExcludeds List<String>

Set of User IDs to Exclude

Supporting Types

RuleMfaAppExclude, RuleMfaAppExcludeArgs

Type string
Id string
Name string

Type string
Id string
Name string

type String
id String
name String

type string
id string
name string

type str
id str
name str

type String
id String
name String

RuleMfaAppInclude, RuleMfaAppIncludeArgs

Type string
Id string
Name string

Type string
Id string
Name string

type String
id String
name String

type string
id string
name string

type str
id str
name str

type String
id String
name String

Import

$ pulumi import okta:policy/ruleMfa:RuleMfa example <policy_id>/<rule_id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Okta pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

Okta v4.11.0 published on Tuesday, Sep 17, 2024 by Pulumi

pulumi/pulumi-okta

okta.policy.RuleMfa

On this page

On this page

Create RuleMfa Resource

Constructor syntax

Parameters

Constructor example

RuleMfa Resource Properties

Inputs

Outputs

Look up Existing RuleMfa Resource

Supporting Types

RuleMfaAppExclude, RuleMfaAppExcludeArgs

RuleMfaAppInclude, RuleMfaAppIncludeArgs

Import

Package Details

On this page

On this page