okta.policy.RuleMfa
Explore with Pulumi AI
Creates an MFA Policy Rule. This resource allows you to create and configure an MFA Policy Rule.
Create RuleMfa Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RuleMfa(name: string, args?: RuleMfaArgs, opts?: CustomResourceOptions);
@overload
def RuleMfa(resource_name: str,
args: Optional[RuleMfaArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def RuleMfa(resource_name: str,
opts: Optional[ResourceOptions] = None,
app_excludes: Optional[Sequence[RuleMfaAppExcludeArgs]] = None,
app_includes: Optional[Sequence[RuleMfaAppIncludeArgs]] = None,
enroll: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
status: Optional[str] = None,
users_excludeds: Optional[Sequence[str]] = None)
func NewRuleMfa(ctx *Context, name string, args *RuleMfaArgs, opts ...ResourceOption) (*RuleMfa, error)
public RuleMfa(string name, RuleMfaArgs? args = null, CustomResourceOptions? opts = null)
public RuleMfa(String name, RuleMfaArgs args)
public RuleMfa(String name, RuleMfaArgs args, CustomResourceOptions options)
type: okta:policy:RuleMfa
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ruleMfaResource = new Okta.Policy.RuleMfa("ruleMfaResource", new()
{
AppExcludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppExcludeArgs
{
Type = "string",
Id = "string",
Name = "string",
},
},
AppIncludes = new[]
{
new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
{
Type = "string",
Id = "string",
Name = "string",
},
},
Enroll = "string",
Name = "string",
NetworkConnection = "string",
NetworkExcludes = new[]
{
"string",
},
NetworkIncludes = new[]
{
"string",
},
PolicyId = "string",
Priority = 0,
Status = "string",
UsersExcludeds = new[]
{
"string",
},
});
example, err := policy.NewRuleMfa(ctx, "ruleMfaResource", &policy.RuleMfaArgs{
AppExcludes: policy.RuleMfaAppExcludeArray{
&policy.RuleMfaAppExcludeArgs{
Type: pulumi.String("string"),
Id: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
AppIncludes: policy.RuleMfaAppIncludeArray{
&policy.RuleMfaAppIncludeArgs{
Type: pulumi.String("string"),
Id: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
Enroll: pulumi.String("string"),
Name: pulumi.String("string"),
NetworkConnection: pulumi.String("string"),
NetworkExcludes: pulumi.StringArray{
pulumi.String("string"),
},
NetworkIncludes: pulumi.StringArray{
pulumi.String("string"),
},
PolicyId: pulumi.String("string"),
Priority: pulumi.Int(0),
Status: pulumi.String("string"),
UsersExcludeds: pulumi.StringArray{
pulumi.String("string"),
},
})
var ruleMfaResource = new RuleMfa("ruleMfaResource", RuleMfaArgs.builder()
.appExcludes(RuleMfaAppExcludeArgs.builder()
.type("string")
.id("string")
.name("string")
.build())
.appIncludes(RuleMfaAppIncludeArgs.builder()
.type("string")
.id("string")
.name("string")
.build())
.enroll("string")
.name("string")
.networkConnection("string")
.networkExcludes("string")
.networkIncludes("string")
.policyId("string")
.priority(0)
.status("string")
.usersExcludeds("string")
.build());
rule_mfa_resource = okta.policy.RuleMfa("ruleMfaResource",
app_excludes=[{
"type": "string",
"id": "string",
"name": "string",
}],
app_includes=[{
"type": "string",
"id": "string",
"name": "string",
}],
enroll="string",
name="string",
network_connection="string",
network_excludes=["string"],
network_includes=["string"],
policy_id="string",
priority=0,
status="string",
users_excludeds=["string"])
const ruleMfaResource = new okta.policy.RuleMfa("ruleMfaResource", {
appExcludes: [{
type: "string",
id: "string",
name: "string",
}],
appIncludes: [{
type: "string",
id: "string",
name: "string",
}],
enroll: "string",
name: "string",
networkConnection: "string",
networkExcludes: ["string"],
networkIncludes: ["string"],
policyId: "string",
priority: 0,
status: "string",
usersExcludeds: ["string"],
});
type: okta:policy:RuleMfa
properties:
appExcludes:
- id: string
name: string
type: string
appIncludes:
- id: string
name: string
type: string
enroll: string
name: string
networkConnection: string
networkExcludes:
- string
networkIncludes:
- string
policyId: string
priority: 0
status: string
usersExcludeds:
- string
RuleMfa Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The RuleMfa resource accepts the following input properties:
- App
Excludes List<RuleMfa App Exclude> - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- App
Includes List<RuleMfa App Include> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Enroll string
- When a user should be prompted for MFA. It can be
CHALLENGE
,LOGIN
, orNEVER
. - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE
,ZONE
,ON_NETWORK
, orOFF_NETWORK
. Default:ANYWHERE
- Network
Excludes List<string> - Required if
network_connection
=ZONE
. Indicates the network zones to exclude. - Network
Includes List<string> - Required if
network_connection
=ZONE
. Indicates the network zones to include. - Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Users
Excludeds List<string> - Set of User IDs to Exclude
- App
Excludes []RuleMfa App Exclude Args - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- App
Includes []RuleMfa App Include Args - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Enroll string
- When a user should be prompted for MFA. It can be
CHALLENGE
,LOGIN
, orNEVER
. - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE
,ZONE
,ON_NETWORK
, orOFF_NETWORK
. Default:ANYWHERE
- Network
Excludes []string - Required if
network_connection
=ZONE
. Indicates the network zones to exclude. - Network
Includes []string - Required if
network_connection
=ZONE
. Indicates the network zones to include. - Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Users
Excludeds []string - Set of User IDs to Exclude
- app
Excludes List<RuleMfa App Exclude> - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app
Includes List<RuleMfa App Include> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- enroll String
- When a user should be prompted for MFA. It can be
CHALLENGE
,LOGIN
, orNEVER
. - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE
,ZONE
,ON_NETWORK
, orOFF_NETWORK
. Default:ANYWHERE
- network
Excludes List<String> - Required if
network_connection
=ZONE
. Indicates the network zones to exclude. - network
Includes List<String> - Required if
network_connection
=ZONE
. Indicates the network zones to include. - policy
Id String - Policy ID of the Rule
- priority Integer
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- users
Excludeds List<String> - Set of User IDs to Exclude
- app
Excludes RuleMfa App Exclude[] - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app
Includes RuleMfa App Include[] - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- enroll string
- When a user should be prompted for MFA. It can be
CHALLENGE
,LOGIN
, orNEVER
. - name string
- Policy Rule Name
- network
Connection string - Network selection mode:
ANYWHERE
,ZONE
,ON_NETWORK
, orOFF_NETWORK
. Default:ANYWHERE
- network
Excludes string[] - Required if
network_connection
=ZONE
. Indicates the network zones to exclude. - network
Includes string[] - Required if
network_connection
=ZONE
. Indicates the network zones to include. - policy
Id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status string
- Policy Rule Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- users
Excludeds string[] - Set of User IDs to Exclude
- app_
excludes Sequence[RuleMfa App Exclude Args] - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app_
includes Sequence[RuleMfa App Include Args] - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- enroll str
- When a user should be prompted for MFA. It can be
CHALLENGE
,LOGIN
, orNEVER
. - name str
- Policy Rule Name
- network_
connection str - Network selection mode:
ANYWHERE
,ZONE
,ON_NETWORK
, orOFF_NETWORK
. Default:ANYWHERE
- network_
excludes Sequence[str] - Required if
network_connection
=ZONE
. Indicates the network zones to exclude. - network_
includes Sequence[str] - Required if
network_connection
=ZONE
. Indicates the network zones to include. - policy_
id str - Policy ID of the Rule
- priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status str
- Policy Rule Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- users_
excludeds Sequence[str] - Set of User IDs to Exclude
- app
Excludes List<Property Map> - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app
Includes List<Property Map> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- enroll String
- When a user should be prompted for MFA. It can be
CHALLENGE
,LOGIN
, orNEVER
. - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE
,ZONE
,ON_NETWORK
, orOFF_NETWORK
. Default:ANYWHERE
- network
Excludes List<String> - Required if
network_connection
=ZONE
. Indicates the network zones to exclude. - network
Includes List<String> - Required if
network_connection
=ZONE
. Indicates the network zones to include. - policy
Id String - Policy ID of the Rule
- priority Number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- users
Excludeds List<String> - Set of User IDs to Exclude
Outputs
All input properties are implicitly available as output properties. Additionally, the RuleMfa resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing RuleMfa Resource
Get an existing RuleMfa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RuleMfaState, opts?: CustomResourceOptions): RuleMfa
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
app_excludes: Optional[Sequence[RuleMfaAppExcludeArgs]] = None,
app_includes: Optional[Sequence[RuleMfaAppIncludeArgs]] = None,
enroll: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
status: Optional[str] = None,
users_excludeds: Optional[Sequence[str]] = None) -> RuleMfa
func GetRuleMfa(ctx *Context, name string, id IDInput, state *RuleMfaState, opts ...ResourceOption) (*RuleMfa, error)
public static RuleMfa Get(string name, Input<string> id, RuleMfaState? state, CustomResourceOptions? opts = null)
public static RuleMfa get(String name, Output<String> id, RuleMfaState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- App
Excludes List<RuleMfa App Exclude> - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- App
Includes List<RuleMfa App Include> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Enroll string
- When a user should be prompted for MFA. It can be
CHALLENGE
,LOGIN
, orNEVER
. - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE
,ZONE
,ON_NETWORK
, orOFF_NETWORK
. Default:ANYWHERE
- Network
Excludes List<string> - Required if
network_connection
=ZONE
. Indicates the network zones to exclude. - Network
Includes List<string> - Required if
network_connection
=ZONE
. Indicates the network zones to include. - Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Users
Excludeds List<string> - Set of User IDs to Exclude
- App
Excludes []RuleMfa App Exclude Args - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- App
Includes []RuleMfa App Include Args - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Enroll string
- When a user should be prompted for MFA. It can be
CHALLENGE
,LOGIN
, orNEVER
. - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE
,ZONE
,ON_NETWORK
, orOFF_NETWORK
. Default:ANYWHERE
- Network
Excludes []string - Required if
network_connection
=ZONE
. Indicates the network zones to exclude. - Network
Includes []string - Required if
network_connection
=ZONE
. Indicates the network zones to include. - Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- Users
Excludeds []string - Set of User IDs to Exclude
- app
Excludes List<RuleMfa App Exclude> - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app
Includes List<RuleMfa App Include> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- enroll String
- When a user should be prompted for MFA. It can be
CHALLENGE
,LOGIN
, orNEVER
. - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE
,ZONE
,ON_NETWORK
, orOFF_NETWORK
. Default:ANYWHERE
- network
Excludes List<String> - Required if
network_connection
=ZONE
. Indicates the network zones to exclude. - network
Includes List<String> - Required if
network_connection
=ZONE
. Indicates the network zones to include. - policy
Id String - Policy ID of the Rule
- priority Integer
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- users
Excludeds List<String> - Set of User IDs to Exclude
- app
Excludes RuleMfa App Exclude[] - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app
Includes RuleMfa App Include[] - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- enroll string
- When a user should be prompted for MFA. It can be
CHALLENGE
,LOGIN
, orNEVER
. - name string
- Policy Rule Name
- network
Connection string - Network selection mode:
ANYWHERE
,ZONE
,ON_NETWORK
, orOFF_NETWORK
. Default:ANYWHERE
- network
Excludes string[] - Required if
network_connection
=ZONE
. Indicates the network zones to exclude. - network
Includes string[] - Required if
network_connection
=ZONE
. Indicates the network zones to include. - policy
Id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status string
- Policy Rule Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- users
Excludeds string[] - Set of User IDs to Exclude
- app_
excludes Sequence[RuleMfa App Exclude Args] - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app_
includes Sequence[RuleMfa App Include Args] - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- enroll str
- When a user should be prompted for MFA. It can be
CHALLENGE
,LOGIN
, orNEVER
. - name str
- Policy Rule Name
- network_
connection str - Network selection mode:
ANYWHERE
,ZONE
,ON_NETWORK
, orOFF_NETWORK
. Default:ANYWHERE
- network_
excludes Sequence[str] - Required if
network_connection
=ZONE
. Indicates the network zones to exclude. - network_
includes Sequence[str] - Required if
network_connection
=ZONE
. Indicates the network zones to include. - policy_
id str - Policy ID of the Rule
- priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status str
- Policy Rule Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- users_
excludeds Sequence[str] - Set of User IDs to Exclude
- app
Excludes List<Property Map> - Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- app
Includes List<Property Map> - Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'
- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- enroll String
- When a user should be prompted for MFA. It can be
CHALLENGE
,LOGIN
, orNEVER
. - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE
,ZONE
,ON_NETWORK
, orOFF_NETWORK
. Default:ANYWHERE
- network
Excludes List<String> - Required if
network_connection
=ZONE
. Indicates the network zones to exclude. - network
Includes List<String> - Required if
network_connection
=ZONE
. Indicates the network zones to include. - policy
Id String - Policy ID of the Rule
- priority Number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVE
orINACTIVE
. Default:ACTIVE
- users
Excludeds List<String> - Set of User IDs to Exclude
Supporting Types
RuleMfaAppExclude, RuleMfaAppExcludeArgs
RuleMfaAppInclude, RuleMfaAppIncludeArgs
Import
$ pulumi import okta:policy/ruleMfa:RuleMfa example <policy_id>/<rule_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.