1. Packages
  2. Okta Provider
  3. API Docs
  4. AppSignonPolicyRule
Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi

okta.AppSignonPolicyRule

Explore with Pulumi AI

okta logo
Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi

    Manages a sign-on policy rules for the application.

    WARNING: This feature is only available as a part of the Identity Engine. Contact support for further information. This resource allows you to create and configure a sign-on policy rule for the application. A default or ‘Catch-all Rule’ sign-on policy rule can be imported and managed as a custom rule. The only difference is that these fields are immutable and can not be managed: ’network_connection’, ’network_excludes’, ’network_includes’, ‘platform_include’, ‘custom_expression’, ‘device_is_registered’, ‘device_is_managed’, ‘users_excluded’, ‘users_included’, ‘groups_excluded’, ‘groups_included’, ‘user_types_excluded’ and ‘user_types_included’.

    Create AppSignonPolicyRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AppSignonPolicyRule(name: string, args: AppSignonPolicyRuleArgs, opts?: CustomResourceOptions);
    @overload
    def AppSignonPolicyRule(resource_name: str,
                            args: AppSignonPolicyRuleArgs,
                            opts: Optional[ResourceOptions] = None)
    
    @overload
    def AppSignonPolicyRule(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            policy_id: Optional[str] = None,
                            network_excludes: Optional[Sequence[str]] = None,
                            user_types_includeds: Optional[Sequence[str]] = None,
                            device_assurances_includeds: Optional[Sequence[str]] = None,
                            device_is_managed: Optional[bool] = None,
                            device_is_registered: Optional[bool] = None,
                            factor_mode: Optional[str] = None,
                            groups_excludeds: Optional[Sequence[str]] = None,
                            groups_includeds: Optional[Sequence[str]] = None,
                            inactivity_period: Optional[str] = None,
                            name: Optional[str] = None,
                            users_includeds: Optional[Sequence[str]] = None,
                            custom_expression: Optional[str] = None,
                            constraints: Optional[Sequence[str]] = None,
                            platform_includes: Optional[Sequence[AppSignonPolicyRulePlatformIncludeArgs]] = None,
                            network_includes: Optional[Sequence[str]] = None,
                            priority: Optional[int] = None,
                            re_authentication_frequency: Optional[str] = None,
                            risk_score: Optional[str] = None,
                            status: Optional[str] = None,
                            type: Optional[str] = None,
                            user_types_excludeds: Optional[Sequence[str]] = None,
                            access: Optional[str] = None,
                            users_excludeds: Optional[Sequence[str]] = None,
                            network_connection: Optional[str] = None)
    func NewAppSignonPolicyRule(ctx *Context, name string, args AppSignonPolicyRuleArgs, opts ...ResourceOption) (*AppSignonPolicyRule, error)
    public AppSignonPolicyRule(string name, AppSignonPolicyRuleArgs args, CustomResourceOptions? opts = null)
    public AppSignonPolicyRule(String name, AppSignonPolicyRuleArgs args)
    public AppSignonPolicyRule(String name, AppSignonPolicyRuleArgs args, CustomResourceOptions options)
    
    type: okta:AppSignonPolicyRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AppSignonPolicyRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AppSignonPolicyRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AppSignonPolicyRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AppSignonPolicyRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AppSignonPolicyRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var appSignonPolicyRuleResource = new Okta.AppSignonPolicyRule("appSignonPolicyRuleResource", new()
    {
        PolicyId = "string",
        NetworkExcludes = new[]
        {
            "string",
        },
        UserTypesIncludeds = new[]
        {
            "string",
        },
        DeviceAssurancesIncludeds = new[]
        {
            "string",
        },
        DeviceIsManaged = false,
        DeviceIsRegistered = false,
        FactorMode = "string",
        GroupsExcludeds = new[]
        {
            "string",
        },
        GroupsIncludeds = new[]
        {
            "string",
        },
        InactivityPeriod = "string",
        Name = "string",
        UsersIncludeds = new[]
        {
            "string",
        },
        CustomExpression = "string",
        Constraints = new[]
        {
            "string",
        },
        PlatformIncludes = new[]
        {
            new Okta.Inputs.AppSignonPolicyRulePlatformIncludeArgs
            {
                OsExpression = "string",
                OsType = "string",
                Type = "string",
            },
        },
        NetworkIncludes = new[]
        {
            "string",
        },
        Priority = 0,
        ReAuthenticationFrequency = "string",
        RiskScore = "string",
        Status = "string",
        Type = "string",
        UserTypesExcludeds = new[]
        {
            "string",
        },
        Access = "string",
        UsersExcludeds = new[]
        {
            "string",
        },
        NetworkConnection = "string",
    });
    
    example, err := okta.NewAppSignonPolicyRule(ctx, "appSignonPolicyRuleResource", &okta.AppSignonPolicyRuleArgs{
    	PolicyId: pulumi.String("string"),
    	NetworkExcludes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	UserTypesIncludeds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	DeviceAssurancesIncludeds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	DeviceIsManaged:    pulumi.Bool(false),
    	DeviceIsRegistered: pulumi.Bool(false),
    	FactorMode:         pulumi.String("string"),
    	GroupsExcludeds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	GroupsIncludeds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	InactivityPeriod: pulumi.String("string"),
    	Name:             pulumi.String("string"),
    	UsersIncludeds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	CustomExpression: pulumi.String("string"),
    	Constraints: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	PlatformIncludes: okta.AppSignonPolicyRulePlatformIncludeArray{
    		&okta.AppSignonPolicyRulePlatformIncludeArgs{
    			OsExpression: pulumi.String("string"),
    			OsType:       pulumi.String("string"),
    			Type:         pulumi.String("string"),
    		},
    	},
    	NetworkIncludes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Priority:                  pulumi.Int(0),
    	ReAuthenticationFrequency: pulumi.String("string"),
    	RiskScore:                 pulumi.String("string"),
    	Status:                    pulumi.String("string"),
    	Type:                      pulumi.String("string"),
    	UserTypesExcludeds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Access: pulumi.String("string"),
    	UsersExcludeds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	NetworkConnection: pulumi.String("string"),
    })
    
    var appSignonPolicyRuleResource = new AppSignonPolicyRule("appSignonPolicyRuleResource", AppSignonPolicyRuleArgs.builder()
        .policyId("string")
        .networkExcludes("string")
        .userTypesIncludeds("string")
        .deviceAssurancesIncludeds("string")
        .deviceIsManaged(false)
        .deviceIsRegistered(false)
        .factorMode("string")
        .groupsExcludeds("string")
        .groupsIncludeds("string")
        .inactivityPeriod("string")
        .name("string")
        .usersIncludeds("string")
        .customExpression("string")
        .constraints("string")
        .platformIncludes(AppSignonPolicyRulePlatformIncludeArgs.builder()
            .osExpression("string")
            .osType("string")
            .type("string")
            .build())
        .networkIncludes("string")
        .priority(0)
        .reAuthenticationFrequency("string")
        .riskScore("string")
        .status("string")
        .type("string")
        .userTypesExcludeds("string")
        .access("string")
        .usersExcludeds("string")
        .networkConnection("string")
        .build());
    
    app_signon_policy_rule_resource = okta.AppSignonPolicyRule("appSignonPolicyRuleResource",
        policy_id="string",
        network_excludes=["string"],
        user_types_includeds=["string"],
        device_assurances_includeds=["string"],
        device_is_managed=False,
        device_is_registered=False,
        factor_mode="string",
        groups_excludeds=["string"],
        groups_includeds=["string"],
        inactivity_period="string",
        name="string",
        users_includeds=["string"],
        custom_expression="string",
        constraints=["string"],
        platform_includes=[{
            "os_expression": "string",
            "os_type": "string",
            "type": "string",
        }],
        network_includes=["string"],
        priority=0,
        re_authentication_frequency="string",
        risk_score="string",
        status="string",
        type="string",
        user_types_excludeds=["string"],
        access="string",
        users_excludeds=["string"],
        network_connection="string")
    
    const appSignonPolicyRuleResource = new okta.AppSignonPolicyRule("appSignonPolicyRuleResource", {
        policyId: "string",
        networkExcludes: ["string"],
        userTypesIncludeds: ["string"],
        deviceAssurancesIncludeds: ["string"],
        deviceIsManaged: false,
        deviceIsRegistered: false,
        factorMode: "string",
        groupsExcludeds: ["string"],
        groupsIncludeds: ["string"],
        inactivityPeriod: "string",
        name: "string",
        usersIncludeds: ["string"],
        customExpression: "string",
        constraints: ["string"],
        platformIncludes: [{
            osExpression: "string",
            osType: "string",
            type: "string",
        }],
        networkIncludes: ["string"],
        priority: 0,
        reAuthenticationFrequency: "string",
        riskScore: "string",
        status: "string",
        type: "string",
        userTypesExcludeds: ["string"],
        access: "string",
        usersExcludeds: ["string"],
        networkConnection: "string",
    });
    
    type: okta:AppSignonPolicyRule
    properties:
        access: string
        constraints:
            - string
        customExpression: string
        deviceAssurancesIncludeds:
            - string
        deviceIsManaged: false
        deviceIsRegistered: false
        factorMode: string
        groupsExcludeds:
            - string
        groupsIncludeds:
            - string
        inactivityPeriod: string
        name: string
        networkConnection: string
        networkExcludes:
            - string
        networkIncludes:
            - string
        platformIncludes:
            - osExpression: string
              osType: string
              type: string
        policyId: string
        priority: 0
        reAuthenticationFrequency: string
        riskScore: string
        status: string
        type: string
        userTypesExcludeds:
            - string
        userTypesIncludeds:
            - string
        usersExcludeds:
            - string
        usersIncludeds:
            - string
    

    AppSignonPolicyRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AppSignonPolicyRule resource accepts the following input properties:

    PolicyId string
    ID of the policy
    Access string
    Allow or deny access based on the rule conditions: ALLOW or DENY
    Constraints List<string>
    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
    CustomExpression string
    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
    DeviceAssurancesIncludeds List<string>
    List of device assurance IDs to include
    DeviceIsManaged bool
    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
    DeviceIsRegistered bool
    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
    FactorMode string
    The number of factors required to satisfy this assurance level
    GroupsExcludeds List<string>
    List of group IDs to exclude
    GroupsIncludeds List<string>
    List of group IDs to include
    InactivityPeriod string
    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
    Name string
    Policy Rule Name
    NetworkConnection string
    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
    NetworkExcludes List<string>
    The zones to exclude
    NetworkIncludes List<string>
    The zones to include
    PlatformIncludes List<AppSignonPolicyRulePlatformInclude>
    Priority int
    Priority of the rule.
    ReAuthenticationFrequency string
    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
    RiskScore string
    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
    Status string
    Status of the rule
    Type string
    The Verification Method type
    UserTypesExcludeds List<string>
    Set of User Type IDs to exclude
    UserTypesIncludeds List<string>
    Set of User Type IDs to include
    UsersExcludeds List<string>
    Set of User IDs to exclude
    UsersIncludeds List<string>
    Set of User IDs to include
    PolicyId string
    ID of the policy
    Access string
    Allow or deny access based on the rule conditions: ALLOW or DENY
    Constraints []string
    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
    CustomExpression string
    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
    DeviceAssurancesIncludeds []string
    List of device assurance IDs to include
    DeviceIsManaged bool
    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
    DeviceIsRegistered bool
    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
    FactorMode string
    The number of factors required to satisfy this assurance level
    GroupsExcludeds []string
    List of group IDs to exclude
    GroupsIncludeds []string
    List of group IDs to include
    InactivityPeriod string
    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
    Name string
    Policy Rule Name
    NetworkConnection string
    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
    NetworkExcludes []string
    The zones to exclude
    NetworkIncludes []string
    The zones to include
    PlatformIncludes []AppSignonPolicyRulePlatformIncludeArgs
    Priority int
    Priority of the rule.
    ReAuthenticationFrequency string
    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
    RiskScore string
    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
    Status string
    Status of the rule
    Type string
    The Verification Method type
    UserTypesExcludeds []string
    Set of User Type IDs to exclude
    UserTypesIncludeds []string
    Set of User Type IDs to include
    UsersExcludeds []string
    Set of User IDs to exclude
    UsersIncludeds []string
    Set of User IDs to include
    policyId String
    ID of the policy
    access String
    Allow or deny access based on the rule conditions: ALLOW or DENY
    constraints List<String>
    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
    customExpression String
    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
    deviceAssurancesIncludeds List<String>
    List of device assurance IDs to include
    deviceIsManaged Boolean
    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
    deviceIsRegistered Boolean
    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
    factorMode String
    The number of factors required to satisfy this assurance level
    groupsExcludeds List<String>
    List of group IDs to exclude
    groupsIncludeds List<String>
    List of group IDs to include
    inactivityPeriod String
    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
    name String
    Policy Rule Name
    networkConnection String
    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
    networkExcludes List<String>
    The zones to exclude
    networkIncludes List<String>
    The zones to include
    platformIncludes List<AppSignonPolicyRulePlatformInclude>
    priority Integer
    Priority of the rule.
    reAuthenticationFrequency String
    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
    riskScore String
    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
    status String
    Status of the rule
    type String
    The Verification Method type
    userTypesExcludeds List<String>
    Set of User Type IDs to exclude
    userTypesIncludeds List<String>
    Set of User Type IDs to include
    usersExcludeds List<String>
    Set of User IDs to exclude
    usersIncludeds List<String>
    Set of User IDs to include
    policyId string
    ID of the policy
    access string
    Allow or deny access based on the rule conditions: ALLOW or DENY
    constraints string[]
    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
    customExpression string
    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
    deviceAssurancesIncludeds string[]
    List of device assurance IDs to include
    deviceIsManaged boolean
    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
    deviceIsRegistered boolean
    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
    factorMode string
    The number of factors required to satisfy this assurance level
    groupsExcludeds string[]
    List of group IDs to exclude
    groupsIncludeds string[]
    List of group IDs to include
    inactivityPeriod string
    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
    name string
    Policy Rule Name
    networkConnection string
    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
    networkExcludes string[]
    The zones to exclude
    networkIncludes string[]
    The zones to include
    platformIncludes AppSignonPolicyRulePlatformInclude[]
    priority number
    Priority of the rule.
    reAuthenticationFrequency string
    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
    riskScore string
    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
    status string
    Status of the rule
    type string
    The Verification Method type
    userTypesExcludeds string[]
    Set of User Type IDs to exclude
    userTypesIncludeds string[]
    Set of User Type IDs to include
    usersExcludeds string[]
    Set of User IDs to exclude
    usersIncludeds string[]
    Set of User IDs to include
    policy_id str
    ID of the policy
    access str
    Allow or deny access based on the rule conditions: ALLOW or DENY
    constraints Sequence[str]
    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
    custom_expression str
    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
    device_assurances_includeds Sequence[str]
    List of device assurance IDs to include
    device_is_managed bool
    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
    device_is_registered bool
    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
    factor_mode str
    The number of factors required to satisfy this assurance level
    groups_excludeds Sequence[str]
    List of group IDs to exclude
    groups_includeds Sequence[str]
    List of group IDs to include
    inactivity_period str
    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
    name str
    Policy Rule Name
    network_connection str
    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
    network_excludes Sequence[str]
    The zones to exclude
    network_includes Sequence[str]
    The zones to include
    platform_includes Sequence[AppSignonPolicyRulePlatformIncludeArgs]
    priority int
    Priority of the rule.
    re_authentication_frequency str
    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
    risk_score str
    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
    status str
    Status of the rule
    type str
    The Verification Method type
    user_types_excludeds Sequence[str]
    Set of User Type IDs to exclude
    user_types_includeds Sequence[str]
    Set of User Type IDs to include
    users_excludeds Sequence[str]
    Set of User IDs to exclude
    users_includeds Sequence[str]
    Set of User IDs to include
    policyId String
    ID of the policy
    access String
    Allow or deny access based on the rule conditions: ALLOW or DENY
    constraints List<String>
    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
    customExpression String
    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
    deviceAssurancesIncludeds List<String>
    List of device assurance IDs to include
    deviceIsManaged Boolean
    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
    deviceIsRegistered Boolean
    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
    factorMode String
    The number of factors required to satisfy this assurance level
    groupsExcludeds List<String>
    List of group IDs to exclude
    groupsIncludeds List<String>
    List of group IDs to include
    inactivityPeriod String
    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
    name String
    Policy Rule Name
    networkConnection String
    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
    networkExcludes List<String>
    The zones to exclude
    networkIncludes List<String>
    The zones to include
    platformIncludes List<Property Map>
    priority Number
    Priority of the rule.
    reAuthenticationFrequency String
    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
    riskScore String
    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
    status String
    Status of the rule
    type String
    The Verification Method type
    userTypesExcludeds List<String>
    Set of User Type IDs to exclude
    userTypesIncludeds List<String>
    Set of User Type IDs to include
    usersExcludeds List<String>
    Set of User IDs to exclude
    usersIncludeds List<String>
    Set of User IDs to include

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AppSignonPolicyRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    System bool
    Often the Catch-all Rule this rule is the system (default) rule for its associated policy
    Id string
    The provider-assigned unique ID for this managed resource.
    System bool
    Often the Catch-all Rule this rule is the system (default) rule for its associated policy
    id String
    The provider-assigned unique ID for this managed resource.
    system Boolean
    Often the Catch-all Rule this rule is the system (default) rule for its associated policy
    id string
    The provider-assigned unique ID for this managed resource.
    system boolean
    Often the Catch-all Rule this rule is the system (default) rule for its associated policy
    id str
    The provider-assigned unique ID for this managed resource.
    system bool
    Often the Catch-all Rule this rule is the system (default) rule for its associated policy
    id String
    The provider-assigned unique ID for this managed resource.
    system Boolean
    Often the Catch-all Rule this rule is the system (default) rule for its associated policy

    Look up Existing AppSignonPolicyRule Resource

    Get an existing AppSignonPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AppSignonPolicyRuleState, opts?: CustomResourceOptions): AppSignonPolicyRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access: Optional[str] = None,
            constraints: Optional[Sequence[str]] = None,
            custom_expression: Optional[str] = None,
            device_assurances_includeds: Optional[Sequence[str]] = None,
            device_is_managed: Optional[bool] = None,
            device_is_registered: Optional[bool] = None,
            factor_mode: Optional[str] = None,
            groups_excludeds: Optional[Sequence[str]] = None,
            groups_includeds: Optional[Sequence[str]] = None,
            inactivity_period: Optional[str] = None,
            name: Optional[str] = None,
            network_connection: Optional[str] = None,
            network_excludes: Optional[Sequence[str]] = None,
            network_includes: Optional[Sequence[str]] = None,
            platform_includes: Optional[Sequence[AppSignonPolicyRulePlatformIncludeArgs]] = None,
            policy_id: Optional[str] = None,
            priority: Optional[int] = None,
            re_authentication_frequency: Optional[str] = None,
            risk_score: Optional[str] = None,
            status: Optional[str] = None,
            system: Optional[bool] = None,
            type: Optional[str] = None,
            user_types_excludeds: Optional[Sequence[str]] = None,
            user_types_includeds: Optional[Sequence[str]] = None,
            users_excludeds: Optional[Sequence[str]] = None,
            users_includeds: Optional[Sequence[str]] = None) -> AppSignonPolicyRule
    func GetAppSignonPolicyRule(ctx *Context, name string, id IDInput, state *AppSignonPolicyRuleState, opts ...ResourceOption) (*AppSignonPolicyRule, error)
    public static AppSignonPolicyRule Get(string name, Input<string> id, AppSignonPolicyRuleState? state, CustomResourceOptions? opts = null)
    public static AppSignonPolicyRule get(String name, Output<String> id, AppSignonPolicyRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Access string
    Allow or deny access based on the rule conditions: ALLOW or DENY
    Constraints List<string>
    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
    CustomExpression string
    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
    DeviceAssurancesIncludeds List<string>
    List of device assurance IDs to include
    DeviceIsManaged bool
    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
    DeviceIsRegistered bool
    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
    FactorMode string
    The number of factors required to satisfy this assurance level
    GroupsExcludeds List<string>
    List of group IDs to exclude
    GroupsIncludeds List<string>
    List of group IDs to include
    InactivityPeriod string
    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
    Name string
    Policy Rule Name
    NetworkConnection string
    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
    NetworkExcludes List<string>
    The zones to exclude
    NetworkIncludes List<string>
    The zones to include
    PlatformIncludes List<AppSignonPolicyRulePlatformInclude>
    PolicyId string
    ID of the policy
    Priority int
    Priority of the rule.
    ReAuthenticationFrequency string
    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
    RiskScore string
    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
    Status string
    Status of the rule
    System bool
    Often the Catch-all Rule this rule is the system (default) rule for its associated policy
    Type string
    The Verification Method type
    UserTypesExcludeds List<string>
    Set of User Type IDs to exclude
    UserTypesIncludeds List<string>
    Set of User Type IDs to include
    UsersExcludeds List<string>
    Set of User IDs to exclude
    UsersIncludeds List<string>
    Set of User IDs to include
    Access string
    Allow or deny access based on the rule conditions: ALLOW or DENY
    Constraints []string
    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
    CustomExpression string
    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
    DeviceAssurancesIncludeds []string
    List of device assurance IDs to include
    DeviceIsManaged bool
    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
    DeviceIsRegistered bool
    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
    FactorMode string
    The number of factors required to satisfy this assurance level
    GroupsExcludeds []string
    List of group IDs to exclude
    GroupsIncludeds []string
    List of group IDs to include
    InactivityPeriod string
    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
    Name string
    Policy Rule Name
    NetworkConnection string
    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
    NetworkExcludes []string
    The zones to exclude
    NetworkIncludes []string
    The zones to include
    PlatformIncludes []AppSignonPolicyRulePlatformIncludeArgs
    PolicyId string
    ID of the policy
    Priority int
    Priority of the rule.
    ReAuthenticationFrequency string
    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
    RiskScore string
    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
    Status string
    Status of the rule
    System bool
    Often the Catch-all Rule this rule is the system (default) rule for its associated policy
    Type string
    The Verification Method type
    UserTypesExcludeds []string
    Set of User Type IDs to exclude
    UserTypesIncludeds []string
    Set of User Type IDs to include
    UsersExcludeds []string
    Set of User IDs to exclude
    UsersIncludeds []string
    Set of User IDs to include
    access String
    Allow or deny access based on the rule conditions: ALLOW or DENY
    constraints List<String>
    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
    customExpression String
    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
    deviceAssurancesIncludeds List<String>
    List of device assurance IDs to include
    deviceIsManaged Boolean
    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
    deviceIsRegistered Boolean
    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
    factorMode String
    The number of factors required to satisfy this assurance level
    groupsExcludeds List<String>
    List of group IDs to exclude
    groupsIncludeds List<String>
    List of group IDs to include
    inactivityPeriod String
    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
    name String
    Policy Rule Name
    networkConnection String
    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
    networkExcludes List<String>
    The zones to exclude
    networkIncludes List<String>
    The zones to include
    platformIncludes List<AppSignonPolicyRulePlatformInclude>
    policyId String
    ID of the policy
    priority Integer
    Priority of the rule.
    reAuthenticationFrequency String
    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
    riskScore String
    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
    status String
    Status of the rule
    system Boolean
    Often the Catch-all Rule this rule is the system (default) rule for its associated policy
    type String
    The Verification Method type
    userTypesExcludeds List<String>
    Set of User Type IDs to exclude
    userTypesIncludeds List<String>
    Set of User Type IDs to include
    usersExcludeds List<String>
    Set of User IDs to exclude
    usersIncludeds List<String>
    Set of User IDs to include
    access string
    Allow or deny access based on the rule conditions: ALLOW or DENY
    constraints string[]
    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
    customExpression string
    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
    deviceAssurancesIncludeds string[]
    List of device assurance IDs to include
    deviceIsManaged boolean
    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
    deviceIsRegistered boolean
    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
    factorMode string
    The number of factors required to satisfy this assurance level
    groupsExcludeds string[]
    List of group IDs to exclude
    groupsIncludeds string[]
    List of group IDs to include
    inactivityPeriod string
    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
    name string
    Policy Rule Name
    networkConnection string
    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
    networkExcludes string[]
    The zones to exclude
    networkIncludes string[]
    The zones to include
    platformIncludes AppSignonPolicyRulePlatformInclude[]
    policyId string
    ID of the policy
    priority number
    Priority of the rule.
    reAuthenticationFrequency string
    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
    riskScore string
    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
    status string
    Status of the rule
    system boolean
    Often the Catch-all Rule this rule is the system (default) rule for its associated policy
    type string
    The Verification Method type
    userTypesExcludeds string[]
    Set of User Type IDs to exclude
    userTypesIncludeds string[]
    Set of User Type IDs to include
    usersExcludeds string[]
    Set of User IDs to exclude
    usersIncludeds string[]
    Set of User IDs to include
    access str
    Allow or deny access based on the rule conditions: ALLOW or DENY
    constraints Sequence[str]
    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
    custom_expression str
    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
    device_assurances_includeds Sequence[str]
    List of device assurance IDs to include
    device_is_managed bool
    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
    device_is_registered bool
    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
    factor_mode str
    The number of factors required to satisfy this assurance level
    groups_excludeds Sequence[str]
    List of group IDs to exclude
    groups_includeds Sequence[str]
    List of group IDs to include
    inactivity_period str
    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
    name str
    Policy Rule Name
    network_connection str
    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
    network_excludes Sequence[str]
    The zones to exclude
    network_includes Sequence[str]
    The zones to include
    platform_includes Sequence[AppSignonPolicyRulePlatformIncludeArgs]
    policy_id str
    ID of the policy
    priority int
    Priority of the rule.
    re_authentication_frequency str
    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
    risk_score str
    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
    status str
    Status of the rule
    system bool
    Often the Catch-all Rule this rule is the system (default) rule for its associated policy
    type str
    The Verification Method type
    user_types_excludeds Sequence[str]
    Set of User Type IDs to exclude
    user_types_includeds Sequence[str]
    Set of User Type IDs to include
    users_excludeds Sequence[str]
    Set of User IDs to exclude
    users_includeds Sequence[str]
    Set of User IDs to include
    access String
    Allow or deny access based on the rule conditions: ALLOW or DENY
    constraints List<String>
    An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
    customExpression String
    This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
    deviceAssurancesIncludeds List<String>
    List of device assurance IDs to include
    deviceIsManaged Boolean
    If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
    deviceIsRegistered Boolean
    If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
    factorMode String
    The number of factors required to satisfy this assurance level
    groupsExcludeds List<String>
    List of group IDs to exclude
    groupsIncludeds List<String>
    List of group IDs to include
    inactivityPeriod String
    The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
    name String
    Policy Rule Name
    networkConnection String
    Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
    networkExcludes List<String>
    The zones to exclude
    networkIncludes List<String>
    The zones to include
    platformIncludes List<Property Map>
    policyId String
    ID of the policy
    priority Number
    Priority of the rule.
    reAuthenticationFrequency String
    The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
    riskScore String
    The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
    status String
    Status of the rule
    system Boolean
    Often the Catch-all Rule this rule is the system (default) rule for its associated policy
    type String
    The Verification Method type
    userTypesExcludeds List<String>
    Set of User Type IDs to exclude
    userTypesIncludeds List<String>
    Set of User Type IDs to include
    usersExcludeds List<String>
    Set of User IDs to exclude
    usersIncludeds List<String>
    Set of User IDs to include

    Supporting Types

    AppSignonPolicyRulePlatformInclude, AppSignonPolicyRulePlatformIncludeArgs

    OsExpression string
    Only available with OTHER OS type
    OsType string
    Type string
    OsExpression string
    Only available with OTHER OS type
    OsType string
    Type string
    osExpression String
    Only available with OTHER OS type
    osType String
    type String
    osExpression string
    Only available with OTHER OS type
    osType string
    type string
    os_expression str
    Only available with OTHER OS type
    os_type str
    type str
    osExpression String
    Only available with OTHER OS type
    osType String
    type String

    Import

    $ pulumi import okta:index/appSignonPolicyRule:AppSignonPolicyRule example <policy_id>/<rule_id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Okta pulumi/pulumi-okta
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the okta Terraform Provider.
    okta logo
    Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi