Docs Home
Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi
okta.AppSignonPolicyRule
Explore with Pulumi AI
Manages a sign-on policy rules for the application.
WARNING: This feature is only available as a part of the Identity Engine. Contact support for further information. This resource allows you to create and configure a sign-on policy rule for the application. A default or ‘Catch-all Rule’ sign-on policy rule can be imported and managed as a custom rule. The only difference is that these fields are immutable and can not be managed: ’network_connection’, ’network_excludes’, ’network_includes’, ‘platform_include’, ‘custom_expression’, ‘device_is_registered’, ‘device_is_managed’, ‘users_excluded’, ‘users_included’, ‘groups_excluded’, ‘groups_included’, ‘user_types_excluded’ and ‘user_types_included’.
Create AppSignonPolicyRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AppSignonPolicyRule(name: string, args: AppSignonPolicyRuleArgs, opts?: CustomResourceOptions);@overload
def AppSignonPolicyRule(resource_name: str,
args: AppSignonPolicyRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AppSignonPolicyRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
policy_id: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
user_types_includeds: Optional[Sequence[str]] = None,
device_assurances_includeds: Optional[Sequence[str]] = None,
device_is_managed: Optional[bool] = None,
device_is_registered: Optional[bool] = None,
factor_mode: Optional[str] = None,
groups_excludeds: Optional[Sequence[str]] = None,
groups_includeds: Optional[Sequence[str]] = None,
inactivity_period: Optional[str] = None,
name: Optional[str] = None,
users_includeds: Optional[Sequence[str]] = None,
custom_expression: Optional[str] = None,
constraints: Optional[Sequence[str]] = None,
platform_includes: Optional[Sequence[AppSignonPolicyRulePlatformIncludeArgs]] = None,
network_includes: Optional[Sequence[str]] = None,
priority: Optional[int] = None,
re_authentication_frequency: Optional[str] = None,
risk_score: Optional[str] = None,
status: Optional[str] = None,
type: Optional[str] = None,
user_types_excludeds: Optional[Sequence[str]] = None,
access: Optional[str] = None,
users_excludeds: Optional[Sequence[str]] = None,
network_connection: Optional[str] = None)func NewAppSignonPolicyRule(ctx *Context, name string, args AppSignonPolicyRuleArgs, opts ...ResourceOption) (*AppSignonPolicyRule, error)public AppSignonPolicyRule(string name, AppSignonPolicyRuleArgs args, CustomResourceOptions? opts = null)
public AppSignonPolicyRule(String name, AppSignonPolicyRuleArgs args)
public AppSignonPolicyRule(String name, AppSignonPolicyRuleArgs args, CustomResourceOptions options)
type: okta:AppSignonPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AppSignonPolicyRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var appSignonPolicyRuleResource = new Okta.AppSignonPolicyRule("appSignonPolicyRuleResource", new()
{
PolicyId = "string",
NetworkExcludes = new[]
{
"string",
},
UserTypesIncludeds = new[]
{
"string",
},
DeviceAssurancesIncludeds = new[]
{
"string",
},
DeviceIsManaged = false,
DeviceIsRegistered = false,
FactorMode = "string",
GroupsExcludeds = new[]
{
"string",
},
GroupsIncludeds = new[]
{
"string",
},
InactivityPeriod = "string",
Name = "string",
UsersIncludeds = new[]
{
"string",
},
CustomExpression = "string",
Constraints = new[]
{
"string",
},
PlatformIncludes = new[]
{
new Okta.Inputs.AppSignonPolicyRulePlatformIncludeArgs
{
OsExpression = "string",
OsType = "string",
Type = "string",
},
},
NetworkIncludes = new[]
{
"string",
},
Priority = 0,
ReAuthenticationFrequency = "string",
RiskScore = "string",
Status = "string",
Type = "string",
UserTypesExcludeds = new[]
{
"string",
},
Access = "string",
UsersExcludeds = new[]
{
"string",
},
NetworkConnection = "string",
});
example, err := okta.NewAppSignonPolicyRule(ctx, "appSignonPolicyRuleResource", &okta.AppSignonPolicyRuleArgs{
PolicyId: pulumi.String("string"),
NetworkExcludes: pulumi.StringArray{
pulumi.String("string"),
},
UserTypesIncludeds: pulumi.StringArray{
pulumi.String("string"),
},
DeviceAssurancesIncludeds: pulumi.StringArray{
pulumi.String("string"),
},
DeviceIsManaged: pulumi.Bool(false),
DeviceIsRegistered: pulumi.Bool(false),
FactorMode: pulumi.String("string"),
GroupsExcludeds: pulumi.StringArray{
pulumi.String("string"),
},
GroupsIncludeds: pulumi.StringArray{
pulumi.String("string"),
},
InactivityPeriod: pulumi.String("string"),
Name: pulumi.String("string"),
UsersIncludeds: pulumi.StringArray{
pulumi.String("string"),
},
CustomExpression: pulumi.String("string"),
Constraints: pulumi.StringArray{
pulumi.String("string"),
},
PlatformIncludes: okta.AppSignonPolicyRulePlatformIncludeArray{
&okta.AppSignonPolicyRulePlatformIncludeArgs{
OsExpression: pulumi.String("string"),
OsType: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
NetworkIncludes: pulumi.StringArray{
pulumi.String("string"),
},
Priority: pulumi.Int(0),
ReAuthenticationFrequency: pulumi.String("string"),
RiskScore: pulumi.String("string"),
Status: pulumi.String("string"),
Type: pulumi.String("string"),
UserTypesExcludeds: pulumi.StringArray{
pulumi.String("string"),
},
Access: pulumi.String("string"),
UsersExcludeds: pulumi.StringArray{
pulumi.String("string"),
},
NetworkConnection: pulumi.String("string"),
})
var appSignonPolicyRuleResource = new AppSignonPolicyRule("appSignonPolicyRuleResource", AppSignonPolicyRuleArgs.builder()
.policyId("string")
.networkExcludes("string")
.userTypesIncludeds("string")
.deviceAssurancesIncludeds("string")
.deviceIsManaged(false)
.deviceIsRegistered(false)
.factorMode("string")
.groupsExcludeds("string")
.groupsIncludeds("string")
.inactivityPeriod("string")
.name("string")
.usersIncludeds("string")
.customExpression("string")
.constraints("string")
.platformIncludes(AppSignonPolicyRulePlatformIncludeArgs.builder()
.osExpression("string")
.osType("string")
.type("string")
.build())
.networkIncludes("string")
.priority(0)
.reAuthenticationFrequency("string")
.riskScore("string")
.status("string")
.type("string")
.userTypesExcludeds("string")
.access("string")
.usersExcludeds("string")
.networkConnection("string")
.build());
app_signon_policy_rule_resource = okta.AppSignonPolicyRule("appSignonPolicyRuleResource",
policy_id="string",
network_excludes=["string"],
user_types_includeds=["string"],
device_assurances_includeds=["string"],
device_is_managed=False,
device_is_registered=False,
factor_mode="string",
groups_excludeds=["string"],
groups_includeds=["string"],
inactivity_period="string",
name="string",
users_includeds=["string"],
custom_expression="string",
constraints=["string"],
platform_includes=[{
"os_expression": "string",
"os_type": "string",
"type": "string",
}],
network_includes=["string"],
priority=0,
re_authentication_frequency="string",
risk_score="string",
status="string",
type="string",
user_types_excludeds=["string"],
access="string",
users_excludeds=["string"],
network_connection="string")
const appSignonPolicyRuleResource = new okta.AppSignonPolicyRule("appSignonPolicyRuleResource", {
policyId: "string",
networkExcludes: ["string"],
userTypesIncludeds: ["string"],
deviceAssurancesIncludeds: ["string"],
deviceIsManaged: false,
deviceIsRegistered: false,
factorMode: "string",
groupsExcludeds: ["string"],
groupsIncludeds: ["string"],
inactivityPeriod: "string",
name: "string",
usersIncludeds: ["string"],
customExpression: "string",
constraints: ["string"],
platformIncludes: [{
osExpression: "string",
osType: "string",
type: "string",
}],
networkIncludes: ["string"],
priority: 0,
reAuthenticationFrequency: "string",
riskScore: "string",
status: "string",
type: "string",
userTypesExcludeds: ["string"],
access: "string",
usersExcludeds: ["string"],
networkConnection: "string",
});
type: okta:AppSignonPolicyRule
properties:
access: string
constraints:
- string
customExpression: string
deviceAssurancesIncludeds:
- string
deviceIsManaged: false
deviceIsRegistered: false
factorMode: string
groupsExcludeds:
- string
groupsIncludeds:
- string
inactivityPeriod: string
name: string
networkConnection: string
networkExcludes:
- string
networkIncludes:
- string
platformIncludes:
- osExpression: string
osType: string
type: string
policyId: string
priority: 0
reAuthenticationFrequency: string
riskScore: string
status: string
type: string
userTypesExcludeds:
- string
userTypesIncludeds:
- string
usersExcludeds:
- string
usersIncludeds:
- string
AppSignonPolicyRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AppSignonPolicyRule resource accepts the following input properties:
- Policy
Id string - ID of the policy
- Access string
- Allow or deny access based on the rule conditions: ALLOW or DENY
- Constraints List<string>
- An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- Custom
Expression string - This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- Device
Assurances List<string>Includeds - List of device assurance IDs to include
- Device
Is boolManaged - If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- Device
Is boolRegistered - If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- Factor
Mode string - The number of factors required to satisfy this assurance level
- Groups
Excludeds List<string> - List of group IDs to exclude
- Groups
Includeds List<string> - List of group IDs to include
- Inactivity
Period string - The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- Name string
- Policy Rule Name
- Network
Connection string - Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- Network
Excludes List<string> - The zones to exclude
- Network
Includes List<string> - The zones to include
- Platform
Includes List<AppSignon Policy Rule Platform Include> - Priority int
- Priority of the rule.
- Re
Authentication stringFrequency - The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- Risk
Score string - The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- Status string
- Status of the rule
- Type string
- The Verification Method type
- User
Types List<string>Excludeds - Set of User Type IDs to exclude
- User
Types List<string>Includeds - Set of User Type IDs to include
- Users
Excludeds List<string> - Set of User IDs to exclude
- Users
Includeds List<string> - Set of User IDs to include
- Policy
Id string - ID of the policy
- Access string
- Allow or deny access based on the rule conditions: ALLOW or DENY
- Constraints []string
- An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- Custom
Expression string - This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- Device
Assurances []stringIncludeds - List of device assurance IDs to include
- Device
Is boolManaged - If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- Device
Is boolRegistered - If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- Factor
Mode string - The number of factors required to satisfy this assurance level
- Groups
Excludeds []string - List of group IDs to exclude
- Groups
Includeds []string - List of group IDs to include
- Inactivity
Period string - The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- Name string
- Policy Rule Name
- Network
Connection string - Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- Network
Excludes []string - The zones to exclude
- Network
Includes []string - The zones to include
- Platform
Includes []AppSignon Policy Rule Platform Include Args - Priority int
- Priority of the rule.
- Re
Authentication stringFrequency - The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- Risk
Score string - The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- Status string
- Status of the rule
- Type string
- The Verification Method type
- User
Types []stringExcludeds - Set of User Type IDs to exclude
- User
Types []stringIncludeds - Set of User Type IDs to include
- Users
Excludeds []string - Set of User IDs to exclude
- Users
Includeds []string - Set of User IDs to include
- policy
Id String - ID of the policy
- access String
- Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints List<String>
- An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom
Expression String - This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Assurances List<String>Includeds - List of device assurance IDs to include
- device
Is BooleanManaged - If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device
Is BooleanRegistered - If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor
Mode String - The number of factors required to satisfy this assurance level
- groups
Excludeds List<String> - List of group IDs to exclude
- groups
Includeds List<String> - List of group IDs to include
- inactivity
Period String - The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name String
- Policy Rule Name
- network
Connection String - Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network
Excludes List<String> - The zones to exclude
- network
Includes List<String> - The zones to include
- platform
Includes List<AppSignon Policy Rule Platform Include> - priority Integer
- Priority of the rule.
- re
Authentication StringFrequency - The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk
Score String - The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status String
- Status of the rule
- type String
- The Verification Method type
- user
Types List<String>Excludeds - Set of User Type IDs to exclude
- user
Types List<String>Includeds - Set of User Type IDs to include
- users
Excludeds List<String> - Set of User IDs to exclude
- users
Includeds List<String> - Set of User IDs to include
- policy
Id string - ID of the policy
- access string
- Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints string[]
- An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom
Expression string - This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Assurances string[]Includeds - List of device assurance IDs to include
- device
Is booleanManaged - If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device
Is booleanRegistered - If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor
Mode string - The number of factors required to satisfy this assurance level
- groups
Excludeds string[] - List of group IDs to exclude
- groups
Includeds string[] - List of group IDs to include
- inactivity
Period string - The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name string
- Policy Rule Name
- network
Connection string - Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network
Excludes string[] - The zones to exclude
- network
Includes string[] - The zones to include
- platform
Includes AppSignon Policy Rule Platform Include[] - priority number
- Priority of the rule.
- re
Authentication stringFrequency - The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk
Score string - The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status string
- Status of the rule
- type string
- The Verification Method type
- user
Types string[]Excludeds - Set of User Type IDs to exclude
- user
Types string[]Includeds - Set of User Type IDs to include
- users
Excludeds string[] - Set of User IDs to exclude
- users
Includeds string[] - Set of User IDs to include
- policy_
id str - ID of the policy
- access str
- Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints Sequence[str]
- An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom_
expression str - This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device_
assurances_ Sequence[str]includeds - List of device assurance IDs to include
- device_
is_ boolmanaged - If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device_
is_ boolregistered - If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor_
mode str - The number of factors required to satisfy this assurance level
- groups_
excludeds Sequence[str] - List of group IDs to exclude
- groups_
includeds Sequence[str] - List of group IDs to include
- inactivity_
period str - The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name str
- Policy Rule Name
- network_
connection str - Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network_
excludes Sequence[str] - The zones to exclude
- network_
includes Sequence[str] - The zones to include
- platform_
includes Sequence[AppSignon Policy Rule Platform Include Args] - priority int
- Priority of the rule.
- re_
authentication_ strfrequency - The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk_
score str - The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status str
- Status of the rule
- type str
- The Verification Method type
- user_
types_ Sequence[str]excludeds - Set of User Type IDs to exclude
- user_
types_ Sequence[str]includeds - Set of User Type IDs to include
- users_
excludeds Sequence[str] - Set of User IDs to exclude
- users_
includeds Sequence[str] - Set of User IDs to include
- policy
Id String - ID of the policy
- access String
- Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints List<String>
- An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom
Expression String - This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Assurances List<String>Includeds - List of device assurance IDs to include
- device
Is BooleanManaged - If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device
Is BooleanRegistered - If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor
Mode String - The number of factors required to satisfy this assurance level
- groups
Excludeds List<String> - List of group IDs to exclude
- groups
Includeds List<String> - List of group IDs to include
- inactivity
Period String - The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name String
- Policy Rule Name
- network
Connection String - Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network
Excludes List<String> - The zones to exclude
- network
Includes List<String> - The zones to include
- platform
Includes List<Property Map> - priority Number
- Priority of the rule.
- re
Authentication StringFrequency - The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk
Score String - The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status String
- Status of the rule
- type String
- The Verification Method type
- user
Types List<String>Excludeds - Set of User Type IDs to exclude
- user
Types List<String>Includeds - Set of User Type IDs to include
- users
Excludeds List<String> - Set of User IDs to exclude
- users
Includeds List<String> - Set of User IDs to include
Outputs
All input properties are implicitly available as output properties. Additionally, the AppSignonPolicyRule resource produces the following output properties:
Look up Existing AppSignonPolicyRule Resource
Get an existing AppSignonPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AppSignonPolicyRuleState, opts?: CustomResourceOptions): AppSignonPolicyRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access: Optional[str] = None,
constraints: Optional[Sequence[str]] = None,
custom_expression: Optional[str] = None,
device_assurances_includeds: Optional[Sequence[str]] = None,
device_is_managed: Optional[bool] = None,
device_is_registered: Optional[bool] = None,
factor_mode: Optional[str] = None,
groups_excludeds: Optional[Sequence[str]] = None,
groups_includeds: Optional[Sequence[str]] = None,
inactivity_period: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
platform_includes: Optional[Sequence[AppSignonPolicyRulePlatformIncludeArgs]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
re_authentication_frequency: Optional[str] = None,
risk_score: Optional[str] = None,
status: Optional[str] = None,
system: Optional[bool] = None,
type: Optional[str] = None,
user_types_excludeds: Optional[Sequence[str]] = None,
user_types_includeds: Optional[Sequence[str]] = None,
users_excludeds: Optional[Sequence[str]] = None,
users_includeds: Optional[Sequence[str]] = None) -> AppSignonPolicyRulefunc GetAppSignonPolicyRule(ctx *Context, name string, id IDInput, state *AppSignonPolicyRuleState, opts ...ResourceOption) (*AppSignonPolicyRule, error)public static AppSignonPolicyRule Get(string name, Input<string> id, AppSignonPolicyRuleState? state, CustomResourceOptions? opts = null)public static AppSignonPolicyRule get(String name, Output<String> id, AppSignonPolicyRuleState state, CustomResourceOptions options)resources: _: type: okta:AppSignonPolicyRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access string
- Allow or deny access based on the rule conditions: ALLOW or DENY
- Constraints List<string>
- An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- Custom
Expression string - This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- Device
Assurances List<string>Includeds - List of device assurance IDs to include
- Device
Is boolManaged - If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- Device
Is boolRegistered - If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- Factor
Mode string - The number of factors required to satisfy this assurance level
- Groups
Excludeds List<string> - List of group IDs to exclude
- Groups
Includeds List<string> - List of group IDs to include
- Inactivity
Period string - The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- Name string
- Policy Rule Name
- Network
Connection string - Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- Network
Excludes List<string> - The zones to exclude
- Network
Includes List<string> - The zones to include
- Platform
Includes List<AppSignon Policy Rule Platform Include> - Policy
Id string - ID of the policy
- Priority int
- Priority of the rule.
- Re
Authentication stringFrequency - The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- Risk
Score string - The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- Status string
- Status of the rule
- System bool
- Often the
Catch-all Rulethis rule is the system (default) rule for its associated policy - Type string
- The Verification Method type
- User
Types List<string>Excludeds - Set of User Type IDs to exclude
- User
Types List<string>Includeds - Set of User Type IDs to include
- Users
Excludeds List<string> - Set of User IDs to exclude
- Users
Includeds List<string> - Set of User IDs to include
- Access string
- Allow or deny access based on the rule conditions: ALLOW or DENY
- Constraints []string
- An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- Custom
Expression string - This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- Device
Assurances []stringIncludeds - List of device assurance IDs to include
- Device
Is boolManaged - If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- Device
Is boolRegistered - If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- Factor
Mode string - The number of factors required to satisfy this assurance level
- Groups
Excludeds []string - List of group IDs to exclude
- Groups
Includeds []string - List of group IDs to include
- Inactivity
Period string - The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- Name string
- Policy Rule Name
- Network
Connection string - Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- Network
Excludes []string - The zones to exclude
- Network
Includes []string - The zones to include
- Platform
Includes []AppSignon Policy Rule Platform Include Args - Policy
Id string - ID of the policy
- Priority int
- Priority of the rule.
- Re
Authentication stringFrequency - The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- Risk
Score string - The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- Status string
- Status of the rule
- System bool
- Often the
Catch-all Rulethis rule is the system (default) rule for its associated policy - Type string
- The Verification Method type
- User
Types []stringExcludeds - Set of User Type IDs to exclude
- User
Types []stringIncludeds - Set of User Type IDs to include
- Users
Excludeds []string - Set of User IDs to exclude
- Users
Includeds []string - Set of User IDs to include
- access String
- Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints List<String>
- An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom
Expression String - This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Assurances List<String>Includeds - List of device assurance IDs to include
- device
Is BooleanManaged - If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device
Is BooleanRegistered - If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor
Mode String - The number of factors required to satisfy this assurance level
- groups
Excludeds List<String> - List of group IDs to exclude
- groups
Includeds List<String> - List of group IDs to include
- inactivity
Period String - The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name String
- Policy Rule Name
- network
Connection String - Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network
Excludes List<String> - The zones to exclude
- network
Includes List<String> - The zones to include
- platform
Includes List<AppSignon Policy Rule Platform Include> - policy
Id String - ID of the policy
- priority Integer
- Priority of the rule.
- re
Authentication StringFrequency - The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk
Score String - The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status String
- Status of the rule
- system Boolean
- Often the
Catch-all Rulethis rule is the system (default) rule for its associated policy - type String
- The Verification Method type
- user
Types List<String>Excludeds - Set of User Type IDs to exclude
- user
Types List<String>Includeds - Set of User Type IDs to include
- users
Excludeds List<String> - Set of User IDs to exclude
- users
Includeds List<String> - Set of User IDs to include
- access string
- Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints string[]
- An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom
Expression string - This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Assurances string[]Includeds - List of device assurance IDs to include
- device
Is booleanManaged - If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device
Is booleanRegistered - If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor
Mode string - The number of factors required to satisfy this assurance level
- groups
Excludeds string[] - List of group IDs to exclude
- groups
Includeds string[] - List of group IDs to include
- inactivity
Period string - The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name string
- Policy Rule Name
- network
Connection string - Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network
Excludes string[] - The zones to exclude
- network
Includes string[] - The zones to include
- platform
Includes AppSignon Policy Rule Platform Include[] - policy
Id string - ID of the policy
- priority number
- Priority of the rule.
- re
Authentication stringFrequency - The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk
Score string - The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status string
- Status of the rule
- system boolean
- Often the
Catch-all Rulethis rule is the system (default) rule for its associated policy - type string
- The Verification Method type
- user
Types string[]Excludeds - Set of User Type IDs to exclude
- user
Types string[]Includeds - Set of User Type IDs to include
- users
Excludeds string[] - Set of User IDs to exclude
- users
Includeds string[] - Set of User IDs to include
- access str
- Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints Sequence[str]
- An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom_
expression str - This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device_
assurances_ Sequence[str]includeds - List of device assurance IDs to include
- device_
is_ boolmanaged - If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device_
is_ boolregistered - If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor_
mode str - The number of factors required to satisfy this assurance level
- groups_
excludeds Sequence[str] - List of group IDs to exclude
- groups_
includeds Sequence[str] - List of group IDs to include
- inactivity_
period str - The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name str
- Policy Rule Name
- network_
connection str - Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network_
excludes Sequence[str] - The zones to exclude
- network_
includes Sequence[str] - The zones to include
- platform_
includes Sequence[AppSignon Policy Rule Platform Include Args] - policy_
id str - ID of the policy
- priority int
- Priority of the rule.
- re_
authentication_ strfrequency - The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk_
score str - The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status str
- Status of the rule
- system bool
- Often the
Catch-all Rulethis rule is the system (default) rule for its associated policy - type str
- The Verification Method type
- user_
types_ Sequence[str]excludeds - Set of User Type IDs to exclude
- user_
types_ Sequence[str]includeds - Set of User Type IDs to include
- users_
excludeds Sequence[str] - Set of User IDs to exclude
- users_
includeds Sequence[str] - Set of User IDs to include
- access String
- Allow or deny access based on the rule conditions: ALLOW or DENY
- constraints List<String>
- An array that contains nested Authenticator Constraint objects that are organized by the Authenticator class
- custom
Expression String - This is an optional advanced setting. If the expression is formatted incorrectly or conflicts with conditions set above, the rule may not match any users.
- device
Assurances List<String>Includeds - List of device assurance IDs to include
- device
Is BooleanManaged - If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.
- device
Is BooleanRegistered - If the device is registered. A device is registered if the User enrolls with Okta Verify that is installed on the device.
- factor
Mode String - The number of factors required to satisfy this assurance level
- groups
Excludeds List<String> - List of group IDs to exclude
- groups
Includeds List<String> - List of group IDs to include
- inactivity
Period String - The inactivity duration after which the end user must re-authenticate. Use the ISO 8601 Period format for recurring time intervals.
- name String
- Policy Rule Name
- network
Connection String - Network selection mode: ANYWHERE, ZONE, ONNETWORK, or OFFNETWORK.
- network
Excludes List<String> - The zones to exclude
- network
Includes List<String> - The zones to include
- platform
Includes List<Property Map> - policy
Id String - ID of the policy
- priority Number
- Priority of the rule.
- re
Authentication StringFrequency - The duration after which the end user must re-authenticate, regardless of user activity. Use the ISO 8601 Period format for recurring time intervals. PT0S - Every sign-in attempt, PT43800H - Once per session
- risk
Score String - The risk score specifies a particular level of risk to match on: ANY, LOW, MEDIUM, HIGH
- status String
- Status of the rule
- system Boolean
- Often the
Catch-all Rulethis rule is the system (default) rule for its associated policy - type String
- The Verification Method type
- user
Types List<String>Excludeds - Set of User Type IDs to exclude
- user
Types List<String>Includeds - Set of User Type IDs to include
- users
Excludeds List<String> - Set of User IDs to exclude
- users
Includeds List<String> - Set of User IDs to include
Supporting Types
AppSignonPolicyRulePlatformInclude, AppSignonPolicyRulePlatformIncludeArgs
- Os
Expression string - Only available with OTHER OS type
- Os
Type string - Type string
- Os
Expression string - Only available with OTHER OS type
- Os
Type string - Type string
- os
Expression String - Only available with OTHER OS type
- os
Type String - type String
- os
Expression string - Only available with OTHER OS type
- os
Type string - type string
- os_
expression str - Only available with OTHER OS type
- os_
type str - type str
- os
Expression String - Only available with OTHER OS type
- os
Type String - type String
Import
$ pulumi import okta:index/appSignonPolicyRule:AppSignonPolicyRule example <policy_id>/<rule_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oktaTerraform Provider.