1. Packages
  2. Okta Provider
  3. API Docs
  4. policy
  5. RuleSignon
Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi

okta.policy.RuleSignon

Explore with Pulumi AI

okta logo
Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi

    Creates a Sign On Policy Rule. In case Invalid condition type specified: riskScore. error is thrown, set risc_level to an empty string, since this feature is not enabled.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as okta from "@pulumi/okta";
    
    const test = new okta.policy.Signon("test", {
        name: "Example Policy",
        status: "ACTIVE",
        description: "Example Policy",
    });
    const newCity = okta.getBehaviour({
        name: "New City",
    });
    const example = new okta.policy.RuleSignon("example", {
        access: "CHALLENGE",
        authtype: "RADIUS",
        name: "Example Policy Rule",
        networkConnection: "ANYWHERE",
        policyId: exampleOktaPolicySignon.id,
        status: "ACTIVE",
        riscLevel: "HIGH",
        behaviors: [newCity.then(newCity => newCity.id)],
        factorSequences: [
            {
                primaryCriteriaFactorType: "token:hotp",
                primaryCriteriaProvider: "CUSTOM",
                secondaryCriterias: [
                    {
                        factorType: "token:software:totp",
                        provider: "OKTA",
                    },
                    {
                        factorType: "push",
                        provider: "OKTA",
                    },
                    {
                        factorType: "password",
                        provider: "OKTA",
                    },
                    {
                        factorType: "question",
                        provider: "OKTA",
                    },
                    {
                        factorType: "sms",
                        provider: "OKTA",
                    },
                    {
                        factorType: "token:software:totp",
                        provider: "GOOGLE",
                    },
                    {
                        factorType: "email",
                        provider: "OKTA",
                    },
                    {
                        factorType: "call",
                        provider: "OKTA",
                    },
                    {
                        factorType: "webauthn",
                        provider: "FIDO",
                    },
                    {
                        factorType: "token",
                        provider: "RSA",
                    },
                    {
                        factorType: "token",
                        provider: "SYMANTEC",
                    },
                ],
            },
            {
                primaryCriteriaFactorType: "token:software:totp",
                primaryCriteriaProvider: "OKTA",
            },
        ],
    });
    
    import pulumi
    import pulumi_okta as okta
    
    test = okta.policy.Signon("test",
        name="Example Policy",
        status="ACTIVE",
        description="Example Policy")
    new_city = okta.get_behaviour(name="New City")
    example = okta.policy.RuleSignon("example",
        access="CHALLENGE",
        authtype="RADIUS",
        name="Example Policy Rule",
        network_connection="ANYWHERE",
        policy_id=example_okta_policy_signon["id"],
        status="ACTIVE",
        risc_level="HIGH",
        behaviors=[new_city.id],
        factor_sequences=[
            {
                "primary_criteria_factor_type": "token:hotp",
                "primary_criteria_provider": "CUSTOM",
                "secondary_criterias": [
                    {
                        "factor_type": "token:software:totp",
                        "provider": "OKTA",
                    },
                    {
                        "factor_type": "push",
                        "provider": "OKTA",
                    },
                    {
                        "factor_type": "password",
                        "provider": "OKTA",
                    },
                    {
                        "factor_type": "question",
                        "provider": "OKTA",
                    },
                    {
                        "factor_type": "sms",
                        "provider": "OKTA",
                    },
                    {
                        "factor_type": "token:software:totp",
                        "provider": "GOOGLE",
                    },
                    {
                        "factor_type": "email",
                        "provider": "OKTA",
                    },
                    {
                        "factor_type": "call",
                        "provider": "OKTA",
                    },
                    {
                        "factor_type": "webauthn",
                        "provider": "FIDO",
                    },
                    {
                        "factor_type": "token",
                        "provider": "RSA",
                    },
                    {
                        "factor_type": "token",
                        "provider": "SYMANTEC",
                    },
                ],
            },
            {
                "primary_criteria_factor_type": "token:software:totp",
                "primary_criteria_provider": "OKTA",
            },
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta"
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := policy.NewSignon(ctx, "test", &policy.SignonArgs{
    			Name:        pulumi.String("Example Policy"),
    			Status:      pulumi.String("ACTIVE"),
    			Description: pulumi.String("Example Policy"),
    		})
    		if err != nil {
    			return err
    		}
    		newCity, err := okta.LookupBehaviour(ctx, &okta.LookupBehaviourArgs{
    			Name: pulumi.StringRef("New City"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = policy.NewRuleSignon(ctx, "example", &policy.RuleSignonArgs{
    			Access:            pulumi.String("CHALLENGE"),
    			Authtype:          pulumi.String("RADIUS"),
    			Name:              pulumi.String("Example Policy Rule"),
    			NetworkConnection: pulumi.String("ANYWHERE"),
    			PolicyId:          pulumi.Any(exampleOktaPolicySignon.Id),
    			Status:            pulumi.String("ACTIVE"),
    			RiscLevel:         pulumi.String("HIGH"),
    			Behaviors: pulumi.StringArray{
    				pulumi.String(newCity.Id),
    			},
    			FactorSequences: policy.RuleSignonFactorSequenceArray{
    				&policy.RuleSignonFactorSequenceArgs{
    					PrimaryCriteriaFactorType: pulumi.String("token:hotp"),
    					PrimaryCriteriaProvider:   pulumi.String("CUSTOM"),
    					SecondaryCriterias: policy.RuleSignonFactorSequenceSecondaryCriteriaArray{
    						&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
    							FactorType: pulumi.String("token:software:totp"),
    							Provider:   pulumi.String("OKTA"),
    						},
    						&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
    							FactorType: pulumi.String("push"),
    							Provider:   pulumi.String("OKTA"),
    						},
    						&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
    							FactorType: pulumi.String("password"),
    							Provider:   pulumi.String("OKTA"),
    						},
    						&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
    							FactorType: pulumi.String("question"),
    							Provider:   pulumi.String("OKTA"),
    						},
    						&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
    							FactorType: pulumi.String("sms"),
    							Provider:   pulumi.String("OKTA"),
    						},
    						&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
    							FactorType: pulumi.String("token:software:totp"),
    							Provider:   pulumi.String("GOOGLE"),
    						},
    						&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
    							FactorType: pulumi.String("email"),
    							Provider:   pulumi.String("OKTA"),
    						},
    						&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
    							FactorType: pulumi.String("call"),
    							Provider:   pulumi.String("OKTA"),
    						},
    						&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
    							FactorType: pulumi.String("webauthn"),
    							Provider:   pulumi.String("FIDO"),
    						},
    						&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
    							FactorType: pulumi.String("token"),
    							Provider:   pulumi.String("RSA"),
    						},
    						&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
    							FactorType: pulumi.String("token"),
    							Provider:   pulumi.String("SYMANTEC"),
    						},
    					},
    				},
    				&policy.RuleSignonFactorSequenceArgs{
    					PrimaryCriteriaFactorType: pulumi.String("token:software:totp"),
    					PrimaryCriteriaProvider:   pulumi.String("OKTA"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Okta = Pulumi.Okta;
    
    return await Deployment.RunAsync(() => 
    {
        var test = new Okta.Policy.Signon("test", new()
        {
            Name = "Example Policy",
            Status = "ACTIVE",
            Description = "Example Policy",
        });
    
        var newCity = Okta.GetBehaviour.Invoke(new()
        {
            Name = "New City",
        });
    
        var example = new Okta.Policy.RuleSignon("example", new()
        {
            Access = "CHALLENGE",
            Authtype = "RADIUS",
            Name = "Example Policy Rule",
            NetworkConnection = "ANYWHERE",
            PolicyId = exampleOktaPolicySignon.Id,
            Status = "ACTIVE",
            RiscLevel = "HIGH",
            Behaviors = new[]
            {
                newCity.Apply(getBehaviourResult => getBehaviourResult.Id),
            },
            FactorSequences = new[]
            {
                new Okta.Policy.Inputs.RuleSignonFactorSequenceArgs
                {
                    PrimaryCriteriaFactorType = "token:hotp",
                    PrimaryCriteriaProvider = "CUSTOM",
                    SecondaryCriterias = new[]
                    {
                        new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
                        {
                            FactorType = "token:software:totp",
                            Provider = "OKTA",
                        },
                        new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
                        {
                            FactorType = "push",
                            Provider = "OKTA",
                        },
                        new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
                        {
                            FactorType = "password",
                            Provider = "OKTA",
                        },
                        new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
                        {
                            FactorType = "question",
                            Provider = "OKTA",
                        },
                        new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
                        {
                            FactorType = "sms",
                            Provider = "OKTA",
                        },
                        new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
                        {
                            FactorType = "token:software:totp",
                            Provider = "GOOGLE",
                        },
                        new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
                        {
                            FactorType = "email",
                            Provider = "OKTA",
                        },
                        new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
                        {
                            FactorType = "call",
                            Provider = "OKTA",
                        },
                        new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
                        {
                            FactorType = "webauthn",
                            Provider = "FIDO",
                        },
                        new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
                        {
                            FactorType = "token",
                            Provider = "RSA",
                        },
                        new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
                        {
                            FactorType = "token",
                            Provider = "SYMANTEC",
                        },
                    },
                },
                new Okta.Policy.Inputs.RuleSignonFactorSequenceArgs
                {
                    PrimaryCriteriaFactorType = "token:software:totp",
                    PrimaryCriteriaProvider = "OKTA",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.okta.policy.Signon;
    import com.pulumi.okta.policy.SignonArgs;
    import com.pulumi.okta.OktaFunctions;
    import com.pulumi.okta.inputs.GetBehaviourArgs;
    import com.pulumi.okta.policy.RuleSignon;
    import com.pulumi.okta.policy.RuleSignonArgs;
    import com.pulumi.okta.policy.inputs.RuleSignonFactorSequenceArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var test = new Signon("test", SignonArgs.builder()
                .name("Example Policy")
                .status("ACTIVE")
                .description("Example Policy")
                .build());
    
            final var newCity = OktaFunctions.getBehaviour(GetBehaviourArgs.builder()
                .name("New City")
                .build());
    
            var example = new RuleSignon("example", RuleSignonArgs.builder()
                .access("CHALLENGE")
                .authtype("RADIUS")
                .name("Example Policy Rule")
                .networkConnection("ANYWHERE")
                .policyId(exampleOktaPolicySignon.id())
                .status("ACTIVE")
                .riscLevel("HIGH")
                .behaviors(newCity.applyValue(getBehaviourResult -> getBehaviourResult.id()))
                .factorSequences(            
                    RuleSignonFactorSequenceArgs.builder()
                        .primaryCriteriaFactorType("token:hotp")
                        .primaryCriteriaProvider("CUSTOM")
                        .secondaryCriterias(                    
                            RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
                                .factorType("token:software:totp")
                                .provider("OKTA")
                                .build(),
                            RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
                                .factorType("push")
                                .provider("OKTA")
                                .build(),
                            RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
                                .factorType("password")
                                .provider("OKTA")
                                .build(),
                            RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
                                .factorType("question")
                                .provider("OKTA")
                                .build(),
                            RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
                                .factorType("sms")
                                .provider("OKTA")
                                .build(),
                            RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
                                .factorType("token:software:totp")
                                .provider("GOOGLE")
                                .build(),
                            RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
                                .factorType("email")
                                .provider("OKTA")
                                .build(),
                            RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
                                .factorType("call")
                                .provider("OKTA")
                                .build(),
                            RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
                                .factorType("webauthn")
                                .provider("FIDO")
                                .build(),
                            RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
                                .factorType("token")
                                .provider("RSA")
                                .build(),
                            RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
                                .factorType("token")
                                .provider("SYMANTEC")
                                .build())
                        .build(),
                    RuleSignonFactorSequenceArgs.builder()
                        .primaryCriteriaFactorType("token:software:totp")
                        .primaryCriteriaProvider("OKTA")
                        .build())
                .build());
    
        }
    }
    
    resources:
      test:
        type: okta:policy:Signon
        properties:
          name: Example Policy
          status: ACTIVE
          description: Example Policy
      example:
        type: okta:policy:RuleSignon
        properties:
          access: CHALLENGE
          authtype: RADIUS
          name: Example Policy Rule
          networkConnection: ANYWHERE
          policyId: ${exampleOktaPolicySignon.id}
          status: ACTIVE
          riscLevel: HIGH
          behaviors:
            - ${newCity.id}
          factorSequences:
            - primaryCriteriaFactorType: token:hotp
              primaryCriteriaProvider: CUSTOM
              secondaryCriterias:
                - factorType: token:software:totp
                  provider: OKTA
                - factorType: push
                  provider: OKTA
                - factorType: password
                  provider: OKTA
                - factorType: question
                  provider: OKTA
                - factorType: sms
                  provider: OKTA
                - factorType: token:software:totp
                  provider: GOOGLE
                - factorType: email
                  provider: OKTA
                - factorType: call
                  provider: OKTA
                - factorType: webauthn
                  provider: FIDO
                - factorType: token
                  provider: RSA
                - factorType: token
                  provider: SYMANTEC
            - primaryCriteriaFactorType: token:software:totp
              primaryCriteriaProvider: OKTA
    variables:
      newCity:
        fn::invoke:
          Function: okta:getBehaviour
          Arguments:
            name: New City
    

    Create RuleSignon Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new RuleSignon(name: string, args?: RuleSignonArgs, opts?: CustomResourceOptions);
    @overload
    def RuleSignon(resource_name: str,
                   args: Optional[RuleSignonArgs] = None,
                   opts: Optional[ResourceOptions] = None)
    
    @overload
    def RuleSignon(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   access: Optional[str] = None,
                   authtype: Optional[str] = None,
                   behaviors: Optional[Sequence[str]] = None,
                   factor_sequences: Optional[Sequence[RuleSignonFactorSequenceArgs]] = None,
                   identity_provider: Optional[str] = None,
                   identity_provider_ids: Optional[Sequence[str]] = None,
                   mfa_lifetime: Optional[int] = None,
                   mfa_prompt: Optional[str] = None,
                   mfa_remember_device: Optional[bool] = None,
                   mfa_required: Optional[bool] = None,
                   name: Optional[str] = None,
                   network_connection: Optional[str] = None,
                   network_excludes: Optional[Sequence[str]] = None,
                   network_includes: Optional[Sequence[str]] = None,
                   policy_id: Optional[str] = None,
                   primary_factor: Optional[str] = None,
                   priority: Optional[int] = None,
                   risc_level: Optional[str] = None,
                   risk_level: Optional[str] = None,
                   session_idle: Optional[int] = None,
                   session_lifetime: Optional[int] = None,
                   session_persistent: Optional[bool] = None,
                   status: Optional[str] = None,
                   users_excludeds: Optional[Sequence[str]] = None)
    func NewRuleSignon(ctx *Context, name string, args *RuleSignonArgs, opts ...ResourceOption) (*RuleSignon, error)
    public RuleSignon(string name, RuleSignonArgs? args = null, CustomResourceOptions? opts = null)
    public RuleSignon(String name, RuleSignonArgs args)
    public RuleSignon(String name, RuleSignonArgs args, CustomResourceOptions options)
    
    type: okta:policy:RuleSignon
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args RuleSignonArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RuleSignonArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RuleSignonArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RuleSignonArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RuleSignonArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var ruleSignonResource = new Okta.Policy.RuleSignon("ruleSignonResource", new()
    {
        Access = "string",
        Authtype = "string",
        Behaviors = new[]
        {
            "string",
        },
        FactorSequences = new[]
        {
            new Okta.Policy.Inputs.RuleSignonFactorSequenceArgs
            {
                PrimaryCriteriaFactorType = "string",
                PrimaryCriteriaProvider = "string",
                SecondaryCriterias = new[]
                {
                    new Okta.Policy.Inputs.RuleSignonFactorSequenceSecondaryCriteriaArgs
                    {
                        FactorType = "string",
                        Provider = "string",
                    },
                },
            },
        },
        IdentityProvider = "string",
        IdentityProviderIds = new[]
        {
            "string",
        },
        MfaLifetime = 0,
        MfaPrompt = "string",
        MfaRememberDevice = false,
        MfaRequired = false,
        Name = "string",
        NetworkConnection = "string",
        NetworkExcludes = new[]
        {
            "string",
        },
        NetworkIncludes = new[]
        {
            "string",
        },
        PolicyId = "string",
        PrimaryFactor = "string",
        Priority = 0,
        RiskLevel = "string",
        SessionIdle = 0,
        SessionLifetime = 0,
        SessionPersistent = false,
        Status = "string",
        UsersExcludeds = new[]
        {
            "string",
        },
    });
    
    example, err := policy.NewRuleSignon(ctx, "ruleSignonResource", &policy.RuleSignonArgs{
    	Access:   pulumi.String("string"),
    	Authtype: pulumi.String("string"),
    	Behaviors: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	FactorSequences: policy.RuleSignonFactorSequenceArray{
    		&policy.RuleSignonFactorSequenceArgs{
    			PrimaryCriteriaFactorType: pulumi.String("string"),
    			PrimaryCriteriaProvider:   pulumi.String("string"),
    			SecondaryCriterias: policy.RuleSignonFactorSequenceSecondaryCriteriaArray{
    				&policy.RuleSignonFactorSequenceSecondaryCriteriaArgs{
    					FactorType: pulumi.String("string"),
    					Provider:   pulumi.String("string"),
    				},
    			},
    		},
    	},
    	IdentityProvider: pulumi.String("string"),
    	IdentityProviderIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	MfaLifetime:       pulumi.Int(0),
    	MfaPrompt:         pulumi.String("string"),
    	MfaRememberDevice: pulumi.Bool(false),
    	MfaRequired:       pulumi.Bool(false),
    	Name:              pulumi.String("string"),
    	NetworkConnection: pulumi.String("string"),
    	NetworkExcludes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	NetworkIncludes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	PolicyId:          pulumi.String("string"),
    	PrimaryFactor:     pulumi.String("string"),
    	Priority:          pulumi.Int(0),
    	RiskLevel:         pulumi.String("string"),
    	SessionIdle:       pulumi.Int(0),
    	SessionLifetime:   pulumi.Int(0),
    	SessionPersistent: pulumi.Bool(false),
    	Status:            pulumi.String("string"),
    	UsersExcludeds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    })
    
    var ruleSignonResource = new RuleSignon("ruleSignonResource", RuleSignonArgs.builder()
        .access("string")
        .authtype("string")
        .behaviors("string")
        .factorSequences(RuleSignonFactorSequenceArgs.builder()
            .primaryCriteriaFactorType("string")
            .primaryCriteriaProvider("string")
            .secondaryCriterias(RuleSignonFactorSequenceSecondaryCriteriaArgs.builder()
                .factorType("string")
                .provider("string")
                .build())
            .build())
        .identityProvider("string")
        .identityProviderIds("string")
        .mfaLifetime(0)
        .mfaPrompt("string")
        .mfaRememberDevice(false)
        .mfaRequired(false)
        .name("string")
        .networkConnection("string")
        .networkExcludes("string")
        .networkIncludes("string")
        .policyId("string")
        .primaryFactor("string")
        .priority(0)
        .riskLevel("string")
        .sessionIdle(0)
        .sessionLifetime(0)
        .sessionPersistent(false)
        .status("string")
        .usersExcludeds("string")
        .build());
    
    rule_signon_resource = okta.policy.RuleSignon("ruleSignonResource",
        access="string",
        authtype="string",
        behaviors=["string"],
        factor_sequences=[{
            "primary_criteria_factor_type": "string",
            "primary_criteria_provider": "string",
            "secondary_criterias": [{
                "factor_type": "string",
                "provider": "string",
            }],
        }],
        identity_provider="string",
        identity_provider_ids=["string"],
        mfa_lifetime=0,
        mfa_prompt="string",
        mfa_remember_device=False,
        mfa_required=False,
        name="string",
        network_connection="string",
        network_excludes=["string"],
        network_includes=["string"],
        policy_id="string",
        primary_factor="string",
        priority=0,
        risk_level="string",
        session_idle=0,
        session_lifetime=0,
        session_persistent=False,
        status="string",
        users_excludeds=["string"])
    
    const ruleSignonResource = new okta.policy.RuleSignon("ruleSignonResource", {
        access: "string",
        authtype: "string",
        behaviors: ["string"],
        factorSequences: [{
            primaryCriteriaFactorType: "string",
            primaryCriteriaProvider: "string",
            secondaryCriterias: [{
                factorType: "string",
                provider: "string",
            }],
        }],
        identityProvider: "string",
        identityProviderIds: ["string"],
        mfaLifetime: 0,
        mfaPrompt: "string",
        mfaRememberDevice: false,
        mfaRequired: false,
        name: "string",
        networkConnection: "string",
        networkExcludes: ["string"],
        networkIncludes: ["string"],
        policyId: "string",
        primaryFactor: "string",
        priority: 0,
        riskLevel: "string",
        sessionIdle: 0,
        sessionLifetime: 0,
        sessionPersistent: false,
        status: "string",
        usersExcludeds: ["string"],
    });
    
    type: okta:policy:RuleSignon
    properties:
        access: string
        authtype: string
        behaviors:
            - string
        factorSequences:
            - primaryCriteriaFactorType: string
              primaryCriteriaProvider: string
              secondaryCriterias:
                - factorType: string
                  provider: string
        identityProvider: string
        identityProviderIds:
            - string
        mfaLifetime: 0
        mfaPrompt: string
        mfaRememberDevice: false
        mfaRequired: false
        name: string
        networkConnection: string
        networkExcludes:
            - string
        networkIncludes:
            - string
        policyId: string
        primaryFactor: string
        priority: 0
        riskLevel: string
        sessionIdle: 0
        sessionLifetime: 0
        sessionPersistent: false
        status: string
        usersExcludeds:
            - string
    

    RuleSignon Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The RuleSignon resource accepts the following input properties:

    Access string
    Allow or deny access based on the rule conditions: ALLOW, DENY or CHALLENGE. Default: ALLOW
    Authtype string
    Authentication entrypoint: ANY, RADIUS or LDAP_INTERFACE. Default: ANY
    Behaviors List<string>
    List of behavior IDs
    FactorSequences List<RuleSignonFactorSequence>
    Auth factor sequences. Should be set if 'access = "CHALLENGE"'. - 'primary_criteria_provider' - (Required) Primary provider of the auth section. - 'primary_criteria_factor_type' - (Required) Primary factor type of the auth section. - 'secondary_criteria' - (Optional) Additional authentication steps. - 'provider' - (Required) Provider of the additional authentication step. - 'factor_type' - (Required) Factor type of the additional authentication step.
    IdentityProvider string
    Apply rule based on the IdP used: ANY, OKTA or SPECIFIC_IDP. Default: ANY. > WARNING: Use of identity_provider requires a feature flag to be enabled.
    IdentityProviderIds List<string>
    When identity_provider is SPECIFIC_IDP then this is the list of IdP IDs to apply the rule on
    MfaLifetime int
    Elapsed time before the next MFA challenge
    MfaPrompt string
    Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt: DEVICE, SESSION orALWAYS.
    MfaRememberDevice bool
    Remember MFA device. Default: false
    MfaRequired bool
    Require MFA. Default: false
    Name string
    Policy Rule Name
    NetworkConnection string
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    NetworkExcludes List<string>
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    NetworkIncludes List<string>
    Required if network_connection = ZONE. Indicates the network zones to include.
    PolicyId string
    Policy ID of the Rule
    PrimaryFactor string
    Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values: PASSWORD_IDP_ANY_FACTOR, PASSWORD_IDP.
    Priority int
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    RiscLevel string
    Risc level: ANY, LOW, MEDIUM or HIGH. Default: ANY

    Deprecated: Attribute typo, switch to risk_level instead. Default: ANY

    RiskLevel string
    Risk level: ANY, LOW, MEDIUM or HIGH. Default: ANY
    SessionIdle int
    Max minutes a session can be idle. Default: 120
    SessionLifetime int
    Max minutes a session is active: Disable = 0. Default: 120
    SessionPersistent bool
    Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies. Default: false
    Status string
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    UsersExcludeds List<string>
    Set of User IDs to Exclude
    Access string
    Allow or deny access based on the rule conditions: ALLOW, DENY or CHALLENGE. Default: ALLOW
    Authtype string
    Authentication entrypoint: ANY, RADIUS or LDAP_INTERFACE. Default: ANY
    Behaviors []string
    List of behavior IDs
    FactorSequences []RuleSignonFactorSequenceArgs
    Auth factor sequences. Should be set if 'access = "CHALLENGE"'. - 'primary_criteria_provider' - (Required) Primary provider of the auth section. - 'primary_criteria_factor_type' - (Required) Primary factor type of the auth section. - 'secondary_criteria' - (Optional) Additional authentication steps. - 'provider' - (Required) Provider of the additional authentication step. - 'factor_type' - (Required) Factor type of the additional authentication step.
    IdentityProvider string
    Apply rule based on the IdP used: ANY, OKTA or SPECIFIC_IDP. Default: ANY. > WARNING: Use of identity_provider requires a feature flag to be enabled.
    IdentityProviderIds []string
    When identity_provider is SPECIFIC_IDP then this is the list of IdP IDs to apply the rule on
    MfaLifetime int
    Elapsed time before the next MFA challenge
    MfaPrompt string
    Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt: DEVICE, SESSION orALWAYS.
    MfaRememberDevice bool
    Remember MFA device. Default: false
    MfaRequired bool
    Require MFA. Default: false
    Name string
    Policy Rule Name
    NetworkConnection string
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    NetworkExcludes []string
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    NetworkIncludes []string
    Required if network_connection = ZONE. Indicates the network zones to include.
    PolicyId string
    Policy ID of the Rule
    PrimaryFactor string
    Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values: PASSWORD_IDP_ANY_FACTOR, PASSWORD_IDP.
    Priority int
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    RiscLevel string
    Risc level: ANY, LOW, MEDIUM or HIGH. Default: ANY

    Deprecated: Attribute typo, switch to risk_level instead. Default: ANY

    RiskLevel string
    Risk level: ANY, LOW, MEDIUM or HIGH. Default: ANY
    SessionIdle int
    Max minutes a session can be idle. Default: 120
    SessionLifetime int
    Max minutes a session is active: Disable = 0. Default: 120
    SessionPersistent bool
    Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies. Default: false
    Status string
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    UsersExcludeds []string
    Set of User IDs to Exclude
    access String
    Allow or deny access based on the rule conditions: ALLOW, DENY or CHALLENGE. Default: ALLOW
    authtype String
    Authentication entrypoint: ANY, RADIUS or LDAP_INTERFACE. Default: ANY
    behaviors List<String>
    List of behavior IDs
    factorSequences List<RuleSignonFactorSequence>
    Auth factor sequences. Should be set if 'access = "CHALLENGE"'. - 'primary_criteria_provider' - (Required) Primary provider of the auth section. - 'primary_criteria_factor_type' - (Required) Primary factor type of the auth section. - 'secondary_criteria' - (Optional) Additional authentication steps. - 'provider' - (Required) Provider of the additional authentication step. - 'factor_type' - (Required) Factor type of the additional authentication step.
    identityProvider String
    Apply rule based on the IdP used: ANY, OKTA or SPECIFIC_IDP. Default: ANY. > WARNING: Use of identity_provider requires a feature flag to be enabled.
    identityProviderIds List<String>
    When identity_provider is SPECIFIC_IDP then this is the list of IdP IDs to apply the rule on
    mfaLifetime Integer
    Elapsed time before the next MFA challenge
    mfaPrompt String
    Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt: DEVICE, SESSION orALWAYS.
    mfaRememberDevice Boolean
    Remember MFA device. Default: false
    mfaRequired Boolean
    Require MFA. Default: false
    name String
    Policy Rule Name
    networkConnection String
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    networkExcludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    networkIncludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to include.
    policyId String
    Policy ID of the Rule
    primaryFactor String
    Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values: PASSWORD_IDP_ANY_FACTOR, PASSWORD_IDP.
    priority Integer
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    riscLevel String
    Risc level: ANY, LOW, MEDIUM or HIGH. Default: ANY

    Deprecated: Attribute typo, switch to risk_level instead. Default: ANY

    riskLevel String
    Risk level: ANY, LOW, MEDIUM or HIGH. Default: ANY
    sessionIdle Integer
    Max minutes a session can be idle. Default: 120
    sessionLifetime Integer
    Max minutes a session is active: Disable = 0. Default: 120
    sessionPersistent Boolean
    Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies. Default: false
    status String
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    usersExcludeds List<String>
    Set of User IDs to Exclude
    access string
    Allow or deny access based on the rule conditions: ALLOW, DENY or CHALLENGE. Default: ALLOW
    authtype string
    Authentication entrypoint: ANY, RADIUS or LDAP_INTERFACE. Default: ANY
    behaviors string[]
    List of behavior IDs
    factorSequences RuleSignonFactorSequence[]
    Auth factor sequences. Should be set if 'access = "CHALLENGE"'. - 'primary_criteria_provider' - (Required) Primary provider of the auth section. - 'primary_criteria_factor_type' - (Required) Primary factor type of the auth section. - 'secondary_criteria' - (Optional) Additional authentication steps. - 'provider' - (Required) Provider of the additional authentication step. - 'factor_type' - (Required) Factor type of the additional authentication step.
    identityProvider string
    Apply rule based on the IdP used: ANY, OKTA or SPECIFIC_IDP. Default: ANY. > WARNING: Use of identity_provider requires a feature flag to be enabled.
    identityProviderIds string[]
    When identity_provider is SPECIFIC_IDP then this is the list of IdP IDs to apply the rule on
    mfaLifetime number
    Elapsed time before the next MFA challenge
    mfaPrompt string
    Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt: DEVICE, SESSION orALWAYS.
    mfaRememberDevice boolean
    Remember MFA device. Default: false
    mfaRequired boolean
    Require MFA. Default: false
    name string
    Policy Rule Name
    networkConnection string
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    networkExcludes string[]
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    networkIncludes string[]
    Required if network_connection = ZONE. Indicates the network zones to include.
    policyId string
    Policy ID of the Rule
    primaryFactor string
    Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values: PASSWORD_IDP_ANY_FACTOR, PASSWORD_IDP.
    priority number
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    riscLevel string
    Risc level: ANY, LOW, MEDIUM or HIGH. Default: ANY

    Deprecated: Attribute typo, switch to risk_level instead. Default: ANY

    riskLevel string
    Risk level: ANY, LOW, MEDIUM or HIGH. Default: ANY
    sessionIdle number
    Max minutes a session can be idle. Default: 120
    sessionLifetime number
    Max minutes a session is active: Disable = 0. Default: 120
    sessionPersistent boolean
    Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies. Default: false
    status string
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    usersExcludeds string[]
    Set of User IDs to Exclude
    access str
    Allow or deny access based on the rule conditions: ALLOW, DENY or CHALLENGE. Default: ALLOW
    authtype str
    Authentication entrypoint: ANY, RADIUS or LDAP_INTERFACE. Default: ANY
    behaviors Sequence[str]
    List of behavior IDs
    factor_sequences Sequence[RuleSignonFactorSequenceArgs]
    Auth factor sequences. Should be set if 'access = "CHALLENGE"'. - 'primary_criteria_provider' - (Required) Primary provider of the auth section. - 'primary_criteria_factor_type' - (Required) Primary factor type of the auth section. - 'secondary_criteria' - (Optional) Additional authentication steps. - 'provider' - (Required) Provider of the additional authentication step. - 'factor_type' - (Required) Factor type of the additional authentication step.
    identity_provider str
    Apply rule based on the IdP used: ANY, OKTA or SPECIFIC_IDP. Default: ANY. > WARNING: Use of identity_provider requires a feature flag to be enabled.
    identity_provider_ids Sequence[str]
    When identity_provider is SPECIFIC_IDP then this is the list of IdP IDs to apply the rule on
    mfa_lifetime int
    Elapsed time before the next MFA challenge
    mfa_prompt str
    Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt: DEVICE, SESSION orALWAYS.
    mfa_remember_device bool
    Remember MFA device. Default: false
    mfa_required bool
    Require MFA. Default: false
    name str
    Policy Rule Name
    network_connection str
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    network_excludes Sequence[str]
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    network_includes Sequence[str]
    Required if network_connection = ZONE. Indicates the network zones to include.
    policy_id str
    Policy ID of the Rule
    primary_factor str
    Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values: PASSWORD_IDP_ANY_FACTOR, PASSWORD_IDP.
    priority int
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    risc_level str
    Risc level: ANY, LOW, MEDIUM or HIGH. Default: ANY

    Deprecated: Attribute typo, switch to risk_level instead. Default: ANY

    risk_level str
    Risk level: ANY, LOW, MEDIUM or HIGH. Default: ANY
    session_idle int
    Max minutes a session can be idle. Default: 120
    session_lifetime int
    Max minutes a session is active: Disable = 0. Default: 120
    session_persistent bool
    Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies. Default: false
    status str
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    users_excludeds Sequence[str]
    Set of User IDs to Exclude
    access String
    Allow or deny access based on the rule conditions: ALLOW, DENY or CHALLENGE. Default: ALLOW
    authtype String
    Authentication entrypoint: ANY, RADIUS or LDAP_INTERFACE. Default: ANY
    behaviors List<String>
    List of behavior IDs
    factorSequences List<Property Map>
    Auth factor sequences. Should be set if 'access = "CHALLENGE"'. - 'primary_criteria_provider' - (Required) Primary provider of the auth section. - 'primary_criteria_factor_type' - (Required) Primary factor type of the auth section. - 'secondary_criteria' - (Optional) Additional authentication steps. - 'provider' - (Required) Provider of the additional authentication step. - 'factor_type' - (Required) Factor type of the additional authentication step.
    identityProvider String
    Apply rule based on the IdP used: ANY, OKTA or SPECIFIC_IDP. Default: ANY. > WARNING: Use of identity_provider requires a feature flag to be enabled.
    identityProviderIds List<String>
    When identity_provider is SPECIFIC_IDP then this is the list of IdP IDs to apply the rule on
    mfaLifetime Number
    Elapsed time before the next MFA challenge
    mfaPrompt String
    Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt: DEVICE, SESSION orALWAYS.
    mfaRememberDevice Boolean
    Remember MFA device. Default: false
    mfaRequired Boolean
    Require MFA. Default: false
    name String
    Policy Rule Name
    networkConnection String
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    networkExcludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    networkIncludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to include.
    policyId String
    Policy ID of the Rule
    primaryFactor String
    Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values: PASSWORD_IDP_ANY_FACTOR, PASSWORD_IDP.
    priority Number
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    riscLevel String
    Risc level: ANY, LOW, MEDIUM or HIGH. Default: ANY

    Deprecated: Attribute typo, switch to risk_level instead. Default: ANY

    riskLevel String
    Risk level: ANY, LOW, MEDIUM or HIGH. Default: ANY
    sessionIdle Number
    Max minutes a session can be idle. Default: 120
    sessionLifetime Number
    Max minutes a session is active: Disable = 0. Default: 120
    sessionPersistent Boolean
    Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies. Default: false
    status String
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    usersExcludeds List<String>
    Set of User IDs to Exclude

    Outputs

    All input properties are implicitly available as output properties. Additionally, the RuleSignon resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing RuleSignon Resource

    Get an existing RuleSignon resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RuleSignonState, opts?: CustomResourceOptions): RuleSignon
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access: Optional[str] = None,
            authtype: Optional[str] = None,
            behaviors: Optional[Sequence[str]] = None,
            factor_sequences: Optional[Sequence[RuleSignonFactorSequenceArgs]] = None,
            identity_provider: Optional[str] = None,
            identity_provider_ids: Optional[Sequence[str]] = None,
            mfa_lifetime: Optional[int] = None,
            mfa_prompt: Optional[str] = None,
            mfa_remember_device: Optional[bool] = None,
            mfa_required: Optional[bool] = None,
            name: Optional[str] = None,
            network_connection: Optional[str] = None,
            network_excludes: Optional[Sequence[str]] = None,
            network_includes: Optional[Sequence[str]] = None,
            policy_id: Optional[str] = None,
            primary_factor: Optional[str] = None,
            priority: Optional[int] = None,
            risc_level: Optional[str] = None,
            risk_level: Optional[str] = None,
            session_idle: Optional[int] = None,
            session_lifetime: Optional[int] = None,
            session_persistent: Optional[bool] = None,
            status: Optional[str] = None,
            users_excludeds: Optional[Sequence[str]] = None) -> RuleSignon
    func GetRuleSignon(ctx *Context, name string, id IDInput, state *RuleSignonState, opts ...ResourceOption) (*RuleSignon, error)
    public static RuleSignon Get(string name, Input<string> id, RuleSignonState? state, CustomResourceOptions? opts = null)
    public static RuleSignon get(String name, Output<String> id, RuleSignonState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Access string
    Allow or deny access based on the rule conditions: ALLOW, DENY or CHALLENGE. Default: ALLOW
    Authtype string
    Authentication entrypoint: ANY, RADIUS or LDAP_INTERFACE. Default: ANY
    Behaviors List<string>
    List of behavior IDs
    FactorSequences List<RuleSignonFactorSequence>
    Auth factor sequences. Should be set if 'access = "CHALLENGE"'. - 'primary_criteria_provider' - (Required) Primary provider of the auth section. - 'primary_criteria_factor_type' - (Required) Primary factor type of the auth section. - 'secondary_criteria' - (Optional) Additional authentication steps. - 'provider' - (Required) Provider of the additional authentication step. - 'factor_type' - (Required) Factor type of the additional authentication step.
    IdentityProvider string
    Apply rule based on the IdP used: ANY, OKTA or SPECIFIC_IDP. Default: ANY. > WARNING: Use of identity_provider requires a feature flag to be enabled.
    IdentityProviderIds List<string>
    When identity_provider is SPECIFIC_IDP then this is the list of IdP IDs to apply the rule on
    MfaLifetime int
    Elapsed time before the next MFA challenge
    MfaPrompt string
    Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt: DEVICE, SESSION orALWAYS.
    MfaRememberDevice bool
    Remember MFA device. Default: false
    MfaRequired bool
    Require MFA. Default: false
    Name string
    Policy Rule Name
    NetworkConnection string
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    NetworkExcludes List<string>
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    NetworkIncludes List<string>
    Required if network_connection = ZONE. Indicates the network zones to include.
    PolicyId string
    Policy ID of the Rule
    PrimaryFactor string
    Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values: PASSWORD_IDP_ANY_FACTOR, PASSWORD_IDP.
    Priority int
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    RiscLevel string
    Risc level: ANY, LOW, MEDIUM or HIGH. Default: ANY

    Deprecated: Attribute typo, switch to risk_level instead. Default: ANY

    RiskLevel string
    Risk level: ANY, LOW, MEDIUM or HIGH. Default: ANY
    SessionIdle int
    Max minutes a session can be idle. Default: 120
    SessionLifetime int
    Max minutes a session is active: Disable = 0. Default: 120
    SessionPersistent bool
    Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies. Default: false
    Status string
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    UsersExcludeds List<string>
    Set of User IDs to Exclude
    Access string
    Allow or deny access based on the rule conditions: ALLOW, DENY or CHALLENGE. Default: ALLOW
    Authtype string
    Authentication entrypoint: ANY, RADIUS or LDAP_INTERFACE. Default: ANY
    Behaviors []string
    List of behavior IDs
    FactorSequences []RuleSignonFactorSequenceArgs
    Auth factor sequences. Should be set if 'access = "CHALLENGE"'. - 'primary_criteria_provider' - (Required) Primary provider of the auth section. - 'primary_criteria_factor_type' - (Required) Primary factor type of the auth section. - 'secondary_criteria' - (Optional) Additional authentication steps. - 'provider' - (Required) Provider of the additional authentication step. - 'factor_type' - (Required) Factor type of the additional authentication step.
    IdentityProvider string
    Apply rule based on the IdP used: ANY, OKTA or SPECIFIC_IDP. Default: ANY. > WARNING: Use of identity_provider requires a feature flag to be enabled.
    IdentityProviderIds []string
    When identity_provider is SPECIFIC_IDP then this is the list of IdP IDs to apply the rule on
    MfaLifetime int
    Elapsed time before the next MFA challenge
    MfaPrompt string
    Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt: DEVICE, SESSION orALWAYS.
    MfaRememberDevice bool
    Remember MFA device. Default: false
    MfaRequired bool
    Require MFA. Default: false
    Name string
    Policy Rule Name
    NetworkConnection string
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    NetworkExcludes []string
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    NetworkIncludes []string
    Required if network_connection = ZONE. Indicates the network zones to include.
    PolicyId string
    Policy ID of the Rule
    PrimaryFactor string
    Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values: PASSWORD_IDP_ANY_FACTOR, PASSWORD_IDP.
    Priority int
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    RiscLevel string
    Risc level: ANY, LOW, MEDIUM or HIGH. Default: ANY

    Deprecated: Attribute typo, switch to risk_level instead. Default: ANY

    RiskLevel string
    Risk level: ANY, LOW, MEDIUM or HIGH. Default: ANY
    SessionIdle int
    Max minutes a session can be idle. Default: 120
    SessionLifetime int
    Max minutes a session is active: Disable = 0. Default: 120
    SessionPersistent bool
    Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies. Default: false
    Status string
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    UsersExcludeds []string
    Set of User IDs to Exclude
    access String
    Allow or deny access based on the rule conditions: ALLOW, DENY or CHALLENGE. Default: ALLOW
    authtype String
    Authentication entrypoint: ANY, RADIUS or LDAP_INTERFACE. Default: ANY
    behaviors List<String>
    List of behavior IDs
    factorSequences List<RuleSignonFactorSequence>
    Auth factor sequences. Should be set if 'access = "CHALLENGE"'. - 'primary_criteria_provider' - (Required) Primary provider of the auth section. - 'primary_criteria_factor_type' - (Required) Primary factor type of the auth section. - 'secondary_criteria' - (Optional) Additional authentication steps. - 'provider' - (Required) Provider of the additional authentication step. - 'factor_type' - (Required) Factor type of the additional authentication step.
    identityProvider String
    Apply rule based on the IdP used: ANY, OKTA or SPECIFIC_IDP. Default: ANY. > WARNING: Use of identity_provider requires a feature flag to be enabled.
    identityProviderIds List<String>
    When identity_provider is SPECIFIC_IDP then this is the list of IdP IDs to apply the rule on
    mfaLifetime Integer
    Elapsed time before the next MFA challenge
    mfaPrompt String
    Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt: DEVICE, SESSION orALWAYS.
    mfaRememberDevice Boolean
    Remember MFA device. Default: false
    mfaRequired Boolean
    Require MFA. Default: false
    name String
    Policy Rule Name
    networkConnection String
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    networkExcludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    networkIncludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to include.
    policyId String
    Policy ID of the Rule
    primaryFactor String
    Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values: PASSWORD_IDP_ANY_FACTOR, PASSWORD_IDP.
    priority Integer
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    riscLevel String
    Risc level: ANY, LOW, MEDIUM or HIGH. Default: ANY

    Deprecated: Attribute typo, switch to risk_level instead. Default: ANY

    riskLevel String
    Risk level: ANY, LOW, MEDIUM or HIGH. Default: ANY
    sessionIdle Integer
    Max minutes a session can be idle. Default: 120
    sessionLifetime Integer
    Max minutes a session is active: Disable = 0. Default: 120
    sessionPersistent Boolean
    Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies. Default: false
    status String
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    usersExcludeds List<String>
    Set of User IDs to Exclude
    access string
    Allow or deny access based on the rule conditions: ALLOW, DENY or CHALLENGE. Default: ALLOW
    authtype string
    Authentication entrypoint: ANY, RADIUS or LDAP_INTERFACE. Default: ANY
    behaviors string[]
    List of behavior IDs
    factorSequences RuleSignonFactorSequence[]
    Auth factor sequences. Should be set if 'access = "CHALLENGE"'. - 'primary_criteria_provider' - (Required) Primary provider of the auth section. - 'primary_criteria_factor_type' - (Required) Primary factor type of the auth section. - 'secondary_criteria' - (Optional) Additional authentication steps. - 'provider' - (Required) Provider of the additional authentication step. - 'factor_type' - (Required) Factor type of the additional authentication step.
    identityProvider string
    Apply rule based on the IdP used: ANY, OKTA or SPECIFIC_IDP. Default: ANY. > WARNING: Use of identity_provider requires a feature flag to be enabled.
    identityProviderIds string[]
    When identity_provider is SPECIFIC_IDP then this is the list of IdP IDs to apply the rule on
    mfaLifetime number
    Elapsed time before the next MFA challenge
    mfaPrompt string
    Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt: DEVICE, SESSION orALWAYS.
    mfaRememberDevice boolean
    Remember MFA device. Default: false
    mfaRequired boolean
    Require MFA. Default: false
    name string
    Policy Rule Name
    networkConnection string
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    networkExcludes string[]
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    networkIncludes string[]
    Required if network_connection = ZONE. Indicates the network zones to include.
    policyId string
    Policy ID of the Rule
    primaryFactor string
    Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values: PASSWORD_IDP_ANY_FACTOR, PASSWORD_IDP.
    priority number
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    riscLevel string
    Risc level: ANY, LOW, MEDIUM or HIGH. Default: ANY

    Deprecated: Attribute typo, switch to risk_level instead. Default: ANY

    riskLevel string
    Risk level: ANY, LOW, MEDIUM or HIGH. Default: ANY
    sessionIdle number
    Max minutes a session can be idle. Default: 120
    sessionLifetime number
    Max minutes a session is active: Disable = 0. Default: 120
    sessionPersistent boolean
    Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies. Default: false
    status string
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    usersExcludeds string[]
    Set of User IDs to Exclude
    access str
    Allow or deny access based on the rule conditions: ALLOW, DENY or CHALLENGE. Default: ALLOW
    authtype str
    Authentication entrypoint: ANY, RADIUS or LDAP_INTERFACE. Default: ANY
    behaviors Sequence[str]
    List of behavior IDs
    factor_sequences Sequence[RuleSignonFactorSequenceArgs]
    Auth factor sequences. Should be set if 'access = "CHALLENGE"'. - 'primary_criteria_provider' - (Required) Primary provider of the auth section. - 'primary_criteria_factor_type' - (Required) Primary factor type of the auth section. - 'secondary_criteria' - (Optional) Additional authentication steps. - 'provider' - (Required) Provider of the additional authentication step. - 'factor_type' - (Required) Factor type of the additional authentication step.
    identity_provider str
    Apply rule based on the IdP used: ANY, OKTA or SPECIFIC_IDP. Default: ANY. > WARNING: Use of identity_provider requires a feature flag to be enabled.
    identity_provider_ids Sequence[str]
    When identity_provider is SPECIFIC_IDP then this is the list of IdP IDs to apply the rule on
    mfa_lifetime int
    Elapsed time before the next MFA challenge
    mfa_prompt str
    Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt: DEVICE, SESSION orALWAYS.
    mfa_remember_device bool
    Remember MFA device. Default: false
    mfa_required bool
    Require MFA. Default: false
    name str
    Policy Rule Name
    network_connection str
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    network_excludes Sequence[str]
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    network_includes Sequence[str]
    Required if network_connection = ZONE. Indicates the network zones to include.
    policy_id str
    Policy ID of the Rule
    primary_factor str
    Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values: PASSWORD_IDP_ANY_FACTOR, PASSWORD_IDP.
    priority int
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    risc_level str
    Risc level: ANY, LOW, MEDIUM or HIGH. Default: ANY

    Deprecated: Attribute typo, switch to risk_level instead. Default: ANY

    risk_level str
    Risk level: ANY, LOW, MEDIUM or HIGH. Default: ANY
    session_idle int
    Max minutes a session can be idle. Default: 120
    session_lifetime int
    Max minutes a session is active: Disable = 0. Default: 120
    session_persistent bool
    Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies. Default: false
    status str
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    users_excludeds Sequence[str]
    Set of User IDs to Exclude
    access String
    Allow or deny access based on the rule conditions: ALLOW, DENY or CHALLENGE. Default: ALLOW
    authtype String
    Authentication entrypoint: ANY, RADIUS or LDAP_INTERFACE. Default: ANY
    behaviors List<String>
    List of behavior IDs
    factorSequences List<Property Map>
    Auth factor sequences. Should be set if 'access = "CHALLENGE"'. - 'primary_criteria_provider' - (Required) Primary provider of the auth section. - 'primary_criteria_factor_type' - (Required) Primary factor type of the auth section. - 'secondary_criteria' - (Optional) Additional authentication steps. - 'provider' - (Required) Provider of the additional authentication step. - 'factor_type' - (Required) Factor type of the additional authentication step.
    identityProvider String
    Apply rule based on the IdP used: ANY, OKTA or SPECIFIC_IDP. Default: ANY. > WARNING: Use of identity_provider requires a feature flag to be enabled.
    identityProviderIds List<String>
    When identity_provider is SPECIFIC_IDP then this is the list of IdP IDs to apply the rule on
    mfaLifetime Number
    Elapsed time before the next MFA challenge
    mfaPrompt String
    Prompt for MFA based on the device used, a factor session lifetime, or every sign-on attempt: DEVICE, SESSION orALWAYS.
    mfaRememberDevice Boolean
    Remember MFA device. Default: false
    mfaRequired Boolean
    Require MFA. Default: false
    name String
    Policy Rule Name
    networkConnection String
    Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK. Default: ANYWHERE
    networkExcludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to exclude.
    networkIncludes List<String>
    Required if network_connection = ZONE. Indicates the network zones to include.
    policyId String
    Policy ID of the Rule
    primaryFactor String
    Rule's primary factor. WARNING Ony works as a part of the Identity Engine. Valid values: PASSWORD_IDP_ANY_FACTOR, PASSWORD_IDP.
    priority Number
    Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
    riscLevel String
    Risc level: ANY, LOW, MEDIUM or HIGH. Default: ANY

    Deprecated: Attribute typo, switch to risk_level instead. Default: ANY

    riskLevel String
    Risk level: ANY, LOW, MEDIUM or HIGH. Default: ANY
    sessionIdle Number
    Max minutes a session can be idle. Default: 120
    sessionLifetime Number
    Max minutes a session is active: Disable = 0. Default: 120
    sessionPersistent Boolean
    Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies. Default: false
    status String
    Policy Rule Status: ACTIVE or INACTIVE. Default: ACTIVE
    usersExcludeds List<String>
    Set of User IDs to Exclude

    Supporting Types

    RuleSignonFactorSequence, RuleSignonFactorSequenceArgs

    RuleSignonFactorSequenceSecondaryCriteria, RuleSignonFactorSequenceSecondaryCriteriaArgs

    FactorType string
    Type of a Factor
    Provider string
    Factor provider
    FactorType string
    Type of a Factor
    Provider string
    Factor provider
    factorType String
    Type of a Factor
    provider String
    Factor provider
    factorType string
    Type of a Factor
    provider string
    Factor provider
    factor_type str
    Type of a Factor
    provider str
    Factor provider
    factorType String
    Type of a Factor
    provider String
    Factor provider

    Import

    $ pulumi import okta:policy/ruleSignon:RuleSignon example <policy_id>/<rule_id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Okta pulumi/pulumi-okta
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the okta Terraform Provider.
    okta logo
    Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi