1. Docs
2. Reference
3. API
4. @pulumi/okta
5. policy

Module policy

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-okta repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-okta repo.

Resources

• Mfa
• Password
• RuleIdpDiscovery
• RuleMfa
• RulePassword
• RuleSignon
• Signon

Functions

• getDefaultPolicy
• getPolicy

Others

• GetDefaultPolicyArgs
• GetDefaultPolicyResult
• GetPolicyArgs
• GetPolicyResult
• MfaArgs
• MfaState
• PasswordArgs
• PasswordState
• RuleIdpDiscoveryArgs
• RuleIdpDiscoveryState
• RuleMfaArgs
• RuleMfaState
• RulePasswordArgs
• RulePasswordState
• RuleSignonArgs
• RuleSignonState
• SignonArgs
• SignonState

Resources

Resource Mfa

class Mfa extends CustomResource

Creates an MFA Policy.

This resource allows you to create and configure an MFA Policy.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.policy.Mfa("example", {
    description: "Example",
    groupsIncludeds: [okta_group_everyone.id],
    oktaOtp: {
        enroll: "REQUIRED",
    },
    status: "ACTIVE",
});

constructor

new Mfa(name: string, args?: MfaArgs, opts?: pulumi.CustomResourceOptions)

Create a Mfa resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MfaState, opts?: pulumi.CustomResourceOptions): Mfa

Get an existing Mfa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Mfa

Returns true if the given object is an instance of Mfa. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

Policy Description.

property duo

public duo: pulumi.Output<MfaDuo | undefined>;

DUO MFA policy settings.

property fidoU2f

public fidoU2f: pulumi.Output<MfaFidoU2f | undefined>;

Fido U2F MFA policy settings.

property fidoWebauthn

public fidoWebauthn: pulumi.Output<MfaFidoWebauthn | undefined>;

Fido Web Authn MFA policy settings.

property googleOtp

public googleOtp: pulumi.Output<MfaGoogleOtp | undefined>;

Google OTP MFA policy settings.

property groupsIncludeds

public groupsIncludeds: pulumi.Output<string[] | undefined>;

List of Group IDs to Include.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Policy Name.

property oktaCall

public oktaCall: pulumi.Output<MfaOktaCall | undefined>;

Okta Call MFA policy settings.

property oktaOtp

public oktaOtp: pulumi.Output<MfaOktaOtp | undefined>;

Okta OTP MFA policy settings.

property oktaPassword

public oktaPassword: pulumi.Output<MfaOktaPassword | undefined>;

Okta Password MFA policy settings.

property oktaPush

public oktaPush: pulumi.Output<MfaOktaPush | undefined>;

Okta Push MFA policy settings.

property oktaQuestion

public oktaQuestion: pulumi.Output<MfaOktaQuestion | undefined>;

Okta Question MFA policy settings.

property oktaSms

public oktaSms: pulumi.Output<MfaOktaSms | undefined>;

Okta SMS MFA policy settings.

property priority

public priority: pulumi.Output<number | undefined>;

Priority of the policy.

property rsaToken

public rsaToken: pulumi.Output<MfaRsaToken | undefined>;

RSA Token MFA policy settings.

property status

public status: pulumi.Output<string | undefined>;

Policy Status: "ACTIVE" or "INACTIVE".

property symantecVip

public symantecVip: pulumi.Output<MfaSymantecVip | undefined>;

Symantec VIP MFA policy settings.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property yubikeyToken

public yubikeyToken: pulumi.Output<MfaYubikeyToken | undefined>;

Yubikey Token MFA policy settings.

Resource Password

class Password extends CustomResource

Creates a Password Policy.

This resource allows you to create and configure a Password Policy.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.policy.Password("example", {
    description: "Example",
    groupsIncludeds: [okta_group_everyone.id],
    passwordHistoryCount: 4,
    status: "ACTIVE",
});

constructor

new Password(name: string, args?: PasswordArgs, opts?: pulumi.CustomResourceOptions)

Create a Password resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PasswordState, opts?: pulumi.CustomResourceOptions): Password

Get an existing Password resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Password

Returns true if the given object is an instance of Password. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property authProvider

public authProvider: pulumi.Output<string | undefined>;

Authentication Provider: "OKTA" or "ACTIVE_DIRECTORY". Default is "OKTA".

property description

public description: pulumi.Output<string | undefined>;

Policy Description.

property emailRecovery

public emailRecovery: pulumi.Output<string | undefined>;

Enable or disable email password recovery: ACTIVE or INACTIVE.

property groupsIncludeds

public groupsIncludeds: pulumi.Output<string[] | undefined>;

List of Group IDs to Include.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Policy Name.

property passwordAutoUnlockMinutes

public passwordAutoUnlockMinutes: pulumi.Output<number | undefined>;

Number of minutes before a locked account is unlocked: 0 = no limit.

property passwordDictionaryLookup

public passwordDictionaryLookup: pulumi.Output<boolean | undefined>;

Check Passwords Against Common Password Dictionary.

property passwordExcludeFirstName

public passwordExcludeFirstName: pulumi.Output<boolean | undefined>;

User firstName attribute must be excluded from the password.

property passwordExcludeLastName

public passwordExcludeLastName: pulumi.Output<boolean | undefined>;

User lastName attribute must be excluded from the password.

property passwordExcludeUsername

public passwordExcludeUsername: pulumi.Output<boolean | undefined>;

If the user name must be excluded from the password.

property passwordExpireWarnDays

public passwordExpireWarnDays: pulumi.Output<number | undefined>;

Length in days a user will be warned before password expiry: 0 = no warning.

property passwordHistoryCount

public passwordHistoryCount: pulumi.Output<number | undefined>;

Number of distinct passwords that must be created before they can be reused: 0 = none.

property passwordMaxAgeDays

public passwordMaxAgeDays: pulumi.Output<number | undefined>;

Length in days a password is valid before expiry: 0 = no limit.“,

property passwordMaxLockoutAttempts

public passwordMaxLockoutAttempts: pulumi.Output<number | undefined>;

Number of unsuccessful login attempts allowed before lockout: 0 = no limit.

property passwordMinAgeMinutes

public passwordMinAgeMinutes: pulumi.Output<number | undefined>;

Minimum time interval in minutes between password changes: 0 = no limit.

property passwordMinLength

public passwordMinLength: pulumi.Output<number | undefined>;

Minimum password length. Default is 8.

property passwordMinLowercase

public passwordMinLowercase: pulumi.Output<number | undefined>;

Minimum number of lower case characters in password.

property passwordMinNumber

public passwordMinNumber: pulumi.Output<number | undefined>;

Minimum number of numbers in password.

property passwordMinSymbol

public passwordMinSymbol: pulumi.Output<number | undefined>;

Minimum number of symbols in password.

property passwordMinUppercase

public passwordMinUppercase: pulumi.Output<number | undefined>;

Minimum number of upper case characters in password.

property passwordShowLockoutFailures

public passwordShowLockoutFailures: pulumi.Output<boolean | undefined>;

If a user should be informed when their account is locked.

property priority

public priority: pulumi.Output<number | undefined>;

Priority of the policy.

property questionMinLength

public questionMinLength: pulumi.Output<number | undefined>;

Min length of the password recovery question answer.

property questionRecovery

public questionRecovery: pulumi.Output<string | undefined>;

Enable or disable security question password recovery: ACTIVE or INACTIVE.

property recoveryEmailToken

public recoveryEmailToken: pulumi.Output<number | undefined>;

Lifetime in minutes of the recovery email token.

property skipUnlock

public skipUnlock: pulumi.Output<boolean | undefined>;

When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.

property smsRecovery

public smsRecovery: pulumi.Output<string | undefined>;

Enable or disable SMS password recovery: ACTIVE or INACTIVE.

property status

public status: pulumi.Output<string | undefined>;

Policy Status: "ACTIVE" or "INACTIVE".

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource RuleIdpDiscovery

class RuleIdpDiscovery extends CustomResource

Creates an IdP Discovery Policy Rule.

This resource allows you to create and configure an IdP Discovery Policy Rule.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.policy.RuleIdpDiscovery("example", {
    idpId: "<idp id>",
    idpType: "SAML2",
    policyid: "<policy id>",
    priority: 1,
    userIdentifierAttribute: "company",
    userIdentifierPatterns: [{
        matchType: "EQUALS",
        value: "Articulate",
    }],
    userIdentifierType: "ATTRIBUTE",
});

constructor

new RuleIdpDiscovery(name: string, args: RuleIdpDiscoveryArgs, opts?: pulumi.CustomResourceOptions)

Create a RuleIdpDiscovery resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RuleIdpDiscoveryState, opts?: pulumi.CustomResourceOptions): RuleIdpDiscovery

Get an existing RuleIdpDiscovery resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RuleIdpDiscovery

Returns true if the given object is an instance of RuleIdpDiscovery. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appExcludes

public appExcludes: pulumi.Output<RuleIdpDiscoveryAppExclude[] | undefined>;

Applications to exclude in discovery rule

property appIncludes

public appIncludes: pulumi.Output<RuleIdpDiscoveryAppInclude[] | undefined>;

Applications to include in discovery rule

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property idpId

public idpId: pulumi.Output<string | undefined>;

property idpType

public idpType: pulumi.Output<string | undefined>;

property name

public name: pulumi.Output<string>;

Policy Rule Name.

property networkConnection

public networkConnection: pulumi.Output<string | undefined>;

Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".

property networkExcludes

public networkExcludes: pulumi.Output<string[] | undefined>;

The network zones to exclude. Conflicts with networkIncludes.

property networkIncludes

public networkIncludes: pulumi.Output<string[] | undefined>;

The network zones to include. Conflicts with networkExcludes.

property platformIncludes

public platformIncludes: pulumi.Output<RuleIdpDiscoveryPlatformInclude[] | undefined>;

property policyid

public policyid: pulumi.Output<string>;

Policy ID.

property priority

public priority: pulumi.Output<number | undefined>;

Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.

property status

public status: pulumi.Output<string | undefined>;

Policy Rule Status: "ACTIVE" or "INACTIVE".

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userIdentifierAttribute

public userIdentifierAttribute: pulumi.Output<string | undefined>;

property userIdentifierPatterns

public userIdentifierPatterns: pulumi.Output<RuleIdpDiscoveryUserIdentifierPattern[] | undefined>;

property userIdentifierType

public userIdentifierType: pulumi.Output<string | undefined>;

Resource RuleMfa

class RuleMfa extends CustomResource

Creates an MFA Policy Rule.

This resource allows you to create and configure an MFA Policy Rule.

constructor

new RuleMfa(name: string, args: RuleMfaArgs, opts?: pulumi.CustomResourceOptions)

Create a RuleMfa resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RuleMfaState, opts?: pulumi.CustomResourceOptions): RuleMfa

Get an existing RuleMfa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RuleMfa

Returns true if the given object is an instance of RuleMfa. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property enroll

public enroll: pulumi.Output<string | undefined>;

When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Policy Rule Name.

property networkConnection

public networkConnection: pulumi.Output<string | undefined>;

Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".

property networkExcludes

public networkExcludes: pulumi.Output<string[] | undefined>;

The network zones to exclude. Conflicts with networkIncludes.

property networkIncludes

public networkIncludes: pulumi.Output<string[] | undefined>;

The network zones to include. Conflicts with networkExcludes.

property policyid

public policyid: pulumi.Output<string>;

Policy ID.

property priority

public priority: pulumi.Output<number | undefined>;

Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.

property status

public status: pulumi.Output<string | undefined>;

Policy Rule Status: "ACTIVE" or "INACTIVE".

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property usersExcludeds

public usersExcludeds: pulumi.Output<string[] | undefined>;

Set of User IDs to Exclude

Resource RulePassword

class RulePassword extends CustomResource

Creates a Password Policy Rule.

This resource allows you to create and configure a Password Policy Rule.

constructor

new RulePassword(name: string, args: RulePasswordArgs, opts?: pulumi.CustomResourceOptions)

Create a RulePassword resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RulePasswordState, opts?: pulumi.CustomResourceOptions): RulePassword

Get an existing RulePassword resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RulePassword

Returns true if the given object is an instance of RulePassword. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Policy Rule Name.

property networkConnection

public networkConnection: pulumi.Output<string | undefined>;

Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".

property networkExcludes

public networkExcludes: pulumi.Output<string[] | undefined>;

The network zones to exclude. Conflicts with networkIncludes.

property networkIncludes

public networkIncludes: pulumi.Output<string[] | undefined>;

The network zones to include. Conflicts with networkExcludes.

property passwordChange

public passwordChange: pulumi.Output<string | undefined>;

Allow or deny a user to change their password: "ALLOW" or "DENY". By default it is "ALLOW".

property passwordReset

public passwordReset: pulumi.Output<string | undefined>;

Allow or deny a user to reset their password: "ALLOW" or "DENY". By default it is "ALLOW".

property passwordUnlock

public passwordUnlock: pulumi.Output<string | undefined>;

Allow or deny a user to unlock: "ALLOW" or "DENY". By default it is "DENY",

property policyid

public policyid: pulumi.Output<string>;

Policy ID.

property priority

public priority: pulumi.Output<number | undefined>;

Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.

property status

public status: pulumi.Output<string | undefined>;

Policy Rule Status: "ACTIVE" or "INACTIVE".

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property usersExcludeds

public usersExcludeds: pulumi.Output<string[] | undefined>;

Set of User IDs to Exclude

Resource RuleSignon

class RuleSignon extends CustomResource

Creates a Sign On Policy Rule.

constructor

new RuleSignon(name: string, args: RuleSignonArgs, opts?: pulumi.CustomResourceOptions)

Create a RuleSignon resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RuleSignonState, opts?: pulumi.CustomResourceOptions): RuleSignon

Get an existing RuleSignon resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RuleSignon

Returns true if the given object is an instance of RuleSignon. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property access

public access: pulumi.Output<string | undefined>;

Allow or deny access based on the rule conditions: "ALLOW" or "DENY". The default is "ALLOW".

property authtype

public authtype: pulumi.Output<string | undefined>;

Authentication entrypoint: "ANY" or "RADIUS".

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property mfaLifetime

public mfaLifetime: pulumi.Output<number | undefined>;

Elapsed time before the next MFA challenge.

property mfaPrompt

public mfaPrompt: pulumi.Output<string | undefined>;

Prompt for MFA based on the device used, a factor session lifetime, or every sign on attempt: "DEVICE", "SESSION" or "ALWAYS".

property mfaRememberDevice

public mfaRememberDevice: pulumi.Output<boolean | undefined>;

Remember MFA device. The default false.

property mfaRequired

public mfaRequired: pulumi.Output<boolean | undefined>;

Require MFA. By default is false.

property name

public name: pulumi.Output<string>;

Policy Rule Name.

property networkConnection

public networkConnection: pulumi.Output<string | undefined>;

Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".

property networkExcludes

public networkExcludes: pulumi.Output<string[] | undefined>;

The network zones to exclude. Conflicts with networkIncludes.

property networkIncludes

public networkIncludes: pulumi.Output<string[] | undefined>;

The network zones to include. Conflicts with networkExcludes.

property policyid

public policyid: pulumi.Output<string>;

Policy ID.

property priority

public priority: pulumi.Output<number | undefined>;

Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.

property sessionIdle

public sessionIdle: pulumi.Output<number | undefined>;

Max minutes a session can be idle.“,

property sessionLifetime

public sessionLifetime: pulumi.Output<number | undefined>;

Max minutes a session is active: Disable = 0.

property sessionPersistent

public sessionPersistent: pulumi.Output<boolean | undefined>;

Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.

property status

public status: pulumi.Output<string | undefined>;

Policy Rule Status: "ACTIVE" or "INACTIVE".

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property usersExcludeds

public usersExcludeds: pulumi.Output<string[] | undefined>;

Set of User IDs to Exclude

Resource Signon

class Signon extends CustomResource

Creates a Sign On Policy.

This resource allows you to create and configure a Sign On Policy.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.policy.Signon("example", {
    description: "Example",
    groupsIncludeds: [okta_group_everyone.id],
    status: "ACTIVE",
});

constructor

new Signon(name: string, args?: SignonArgs, opts?: pulumi.CustomResourceOptions)

Create a Signon resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SignonState, opts?: pulumi.CustomResourceOptions): Signon

Get an existing Signon resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Signon

Returns true if the given object is an instance of Signon. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

Policy Description.

property groupsIncludeds

public groupsIncludeds: pulumi.Output<string[] | undefined>;

List of Group IDs to Include.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Policy Name.

property priority

public priority: pulumi.Output<number | undefined>;

Priority of the policy.

property status

public status: pulumi.Output<string | undefined>;

Policy Status: "ACTIVE" or "INACTIVE".

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getDefaultPolicy

getDefaultPolicy(args: GetDefaultPolicyArgs, opts?: pulumi.InvokeOptions): Promise<GetDefaultPolicyResult>

Use this data source to retrieve a “Default” policy from Okta. This same thing can be achieved using the okta.policy.getPolicy with name = "Default", this is simply a shortcut.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = pulumi.output(okta.policy.getDefaultPolicy({
    type: "PASSWORD",
}, { async: true }));

Function getPolicy

getPolicy(args: GetPolicyArgs, opts?: pulumi.InvokeOptions): Promise<GetPolicyResult>

Use this data source to retrieve a policy from Okta.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = pulumi.output(okta.policy.getPolicy({
    name: "Password Policy Example",
    type: "PASSWORD",
}, { async: true }));

Others

interface GetDefaultPolicyArgs

interface GetDefaultPolicyArgs

A collection of arguments for invoking getDefaultPolicy.

property type

type: string;

type of policy to retrieve.

interface GetDefaultPolicyResult

interface GetDefaultPolicyResult

A collection of values returned by getDefaultPolicy.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property type

type: string;

type of policy.

interface GetPolicyArgs

interface GetPolicyArgs

A collection of arguments for invoking getPolicy.

property name

name: string;

name of policy to retrieve.

property type

type: string;

type of policy to retrieve.

interface GetPolicyResult

interface GetPolicyResult

A collection of values returned by getPolicy.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name: string;

name of policy.

property type

type: string;

type of policy.

interface MfaArgs

interface MfaArgs

The set of arguments for constructing a Mfa resource.

property description

description?: pulumi.Input<string>;

Policy Description.

property duo

duo?: pulumi.Input<MfaDuo>;

DUO MFA policy settings.

property fidoU2f

fidoU2f?: pulumi.Input<MfaFidoU2f>;

Fido U2F MFA policy settings.

property fidoWebauthn

fidoWebauthn?: pulumi.Input<MfaFidoWebauthn>;

Fido Web Authn MFA policy settings.

property googleOtp

googleOtp?: pulumi.Input<MfaGoogleOtp>;

Google OTP MFA policy settings.

property groupsIncludeds

groupsIncludeds?: pulumi.Input<pulumi.Input<string>[]>;

List of Group IDs to Include.

property name

name?: pulumi.Input<string>;

Policy Name.

property oktaCall

oktaCall?: pulumi.Input<MfaOktaCall>;

Okta Call MFA policy settings.

property oktaOtp

oktaOtp?: pulumi.Input<MfaOktaOtp>;

Okta OTP MFA policy settings.

property oktaPassword

oktaPassword?: pulumi.Input<MfaOktaPassword>;

Okta Password MFA policy settings.

property oktaPush

oktaPush?: pulumi.Input<MfaOktaPush>;

Okta Push MFA policy settings.

property oktaQuestion

oktaQuestion?: pulumi.Input<MfaOktaQuestion>;

Okta Question MFA policy settings.

property oktaSms

oktaSms?: pulumi.Input<MfaOktaSms>;

Okta SMS MFA policy settings.

property priority

priority?: pulumi.Input<number>;

Priority of the policy.

property rsaToken

rsaToken?: pulumi.Input<MfaRsaToken>;

RSA Token MFA policy settings.

property status

status?: pulumi.Input<string>;

Policy Status: "ACTIVE" or "INACTIVE".

property symantecVip

symantecVip?: pulumi.Input<MfaSymantecVip>;

Symantec VIP MFA policy settings.

property yubikeyToken

yubikeyToken?: pulumi.Input<MfaYubikeyToken>;

Yubikey Token MFA policy settings.

interface MfaState

interface MfaState

Input properties used for looking up and filtering Mfa resources.

property description

description?: pulumi.Input<string>;

Policy Description.

property duo

duo?: pulumi.Input<MfaDuo>;

DUO MFA policy settings.

property fidoU2f

fidoU2f?: pulumi.Input<MfaFidoU2f>;

Fido U2F MFA policy settings.

property fidoWebauthn

fidoWebauthn?: pulumi.Input<MfaFidoWebauthn>;

Fido Web Authn MFA policy settings.

property googleOtp

googleOtp?: pulumi.Input<MfaGoogleOtp>;

Google OTP MFA policy settings.

property groupsIncludeds

groupsIncludeds?: pulumi.Input<pulumi.Input<string>[]>;

List of Group IDs to Include.

property name

name?: pulumi.Input<string>;

Policy Name.

property oktaCall

oktaCall?: pulumi.Input<MfaOktaCall>;

Okta Call MFA policy settings.

property oktaOtp

oktaOtp?: pulumi.Input<MfaOktaOtp>;

Okta OTP MFA policy settings.

property oktaPassword

oktaPassword?: pulumi.Input<MfaOktaPassword>;

Okta Password MFA policy settings.

property oktaPush

oktaPush?: pulumi.Input<MfaOktaPush>;

Okta Push MFA policy settings.

property oktaQuestion

oktaQuestion?: pulumi.Input<MfaOktaQuestion>;

Okta Question MFA policy settings.

property oktaSms

oktaSms?: pulumi.Input<MfaOktaSms>;

Okta SMS MFA policy settings.

property priority

priority?: pulumi.Input<number>;

Priority of the policy.

property rsaToken

rsaToken?: pulumi.Input<MfaRsaToken>;

RSA Token MFA policy settings.

property status

status?: pulumi.Input<string>;

Policy Status: "ACTIVE" or "INACTIVE".

property symantecVip

symantecVip?: pulumi.Input<MfaSymantecVip>;

Symantec VIP MFA policy settings.

property yubikeyToken

yubikeyToken?: pulumi.Input<MfaYubikeyToken>;

Yubikey Token MFA policy settings.

interface PasswordArgs

interface PasswordArgs

The set of arguments for constructing a Password resource.

property authProvider

authProvider?: pulumi.Input<string>;

Authentication Provider: "OKTA" or "ACTIVE_DIRECTORY". Default is "OKTA".

property description

description?: pulumi.Input<string>;

Policy Description.

property emailRecovery

emailRecovery?: pulumi.Input<string>;

Enable or disable email password recovery: ACTIVE or INACTIVE.

property groupsIncludeds

groupsIncludeds?: pulumi.Input<pulumi.Input<string>[]>;

List of Group IDs to Include.

property name

name?: pulumi.Input<string>;

Policy Name.

property passwordAutoUnlockMinutes

passwordAutoUnlockMinutes?: pulumi.Input<number>;

Number of minutes before a locked account is unlocked: 0 = no limit.

property passwordDictionaryLookup

passwordDictionaryLookup?: pulumi.Input<boolean>;

Check Passwords Against Common Password Dictionary.

property passwordExcludeFirstName

passwordExcludeFirstName?: pulumi.Input<boolean>;

User firstName attribute must be excluded from the password.

property passwordExcludeLastName

passwordExcludeLastName?: pulumi.Input<boolean>;

User lastName attribute must be excluded from the password.

property passwordExcludeUsername

passwordExcludeUsername?: pulumi.Input<boolean>;

If the user name must be excluded from the password.

property passwordExpireWarnDays

passwordExpireWarnDays?: pulumi.Input<number>;

Length in days a user will be warned before password expiry: 0 = no warning.

property passwordHistoryCount

passwordHistoryCount?: pulumi.Input<number>;

Number of distinct passwords that must be created before they can be reused: 0 = none.

property passwordMaxAgeDays

passwordMaxAgeDays?: pulumi.Input<number>;

Length in days a password is valid before expiry: 0 = no limit.“,

property passwordMaxLockoutAttempts

passwordMaxLockoutAttempts?: pulumi.Input<number>;

Number of unsuccessful login attempts allowed before lockout: 0 = no limit.

property passwordMinAgeMinutes

passwordMinAgeMinutes?: pulumi.Input<number>;

Minimum time interval in minutes between password changes: 0 = no limit.

property passwordMinLength

passwordMinLength?: pulumi.Input<number>;

Minimum password length. Default is 8.

property passwordMinLowercase

passwordMinLowercase?: pulumi.Input<number>;

Minimum number of lower case characters in password.

property passwordMinNumber

passwordMinNumber?: pulumi.Input<number>;

Minimum number of numbers in password.

property passwordMinSymbol

passwordMinSymbol?: pulumi.Input<number>;

Minimum number of symbols in password.

property passwordMinUppercase

passwordMinUppercase?: pulumi.Input<number>;

Minimum number of upper case characters in password.

property passwordShowLockoutFailures

passwordShowLockoutFailures?: pulumi.Input<boolean>;

If a user should be informed when their account is locked.

property priority

priority?: pulumi.Input<number>;

Priority of the policy.

property questionMinLength

questionMinLength?: pulumi.Input<number>;

Min length of the password recovery question answer.

property questionRecovery

questionRecovery?: pulumi.Input<string>;

Enable or disable security question password recovery: ACTIVE or INACTIVE.

property recoveryEmailToken

recoveryEmailToken?: pulumi.Input<number>;

Lifetime in minutes of the recovery email token.

property skipUnlock

skipUnlock?: pulumi.Input<boolean>;

When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.

property smsRecovery

smsRecovery?: pulumi.Input<string>;

Enable or disable SMS password recovery: ACTIVE or INACTIVE.

property status

status?: pulumi.Input<string>;

Policy Status: "ACTIVE" or "INACTIVE".

interface PasswordState

interface PasswordState

Input properties used for looking up and filtering Password resources.

property authProvider

authProvider?: pulumi.Input<string>;

Authentication Provider: "OKTA" or "ACTIVE_DIRECTORY". Default is "OKTA".

property description

description?: pulumi.Input<string>;

Policy Description.

property emailRecovery

emailRecovery?: pulumi.Input<string>;

Enable or disable email password recovery: ACTIVE or INACTIVE.

property groupsIncludeds

groupsIncludeds?: pulumi.Input<pulumi.Input<string>[]>;

List of Group IDs to Include.

property name

name?: pulumi.Input<string>;

Policy Name.

property passwordAutoUnlockMinutes

passwordAutoUnlockMinutes?: pulumi.Input<number>;

Number of minutes before a locked account is unlocked: 0 = no limit.

property passwordDictionaryLookup

passwordDictionaryLookup?: pulumi.Input<boolean>;

Check Passwords Against Common Password Dictionary.

property passwordExcludeFirstName

passwordExcludeFirstName?: pulumi.Input<boolean>;

User firstName attribute must be excluded from the password.

property passwordExcludeLastName

passwordExcludeLastName?: pulumi.Input<boolean>;

User lastName attribute must be excluded from the password.

property passwordExcludeUsername

passwordExcludeUsername?: pulumi.Input<boolean>;

If the user name must be excluded from the password.

property passwordExpireWarnDays

passwordExpireWarnDays?: pulumi.Input<number>;

Length in days a user will be warned before password expiry: 0 = no warning.

property passwordHistoryCount

passwordHistoryCount?: pulumi.Input<number>;

Number of distinct passwords that must be created before they can be reused: 0 = none.

property passwordMaxAgeDays

passwordMaxAgeDays?: pulumi.Input<number>;

Length in days a password is valid before expiry: 0 = no limit.“,

property passwordMaxLockoutAttempts

passwordMaxLockoutAttempts?: pulumi.Input<number>;

Number of unsuccessful login attempts allowed before lockout: 0 = no limit.

property passwordMinAgeMinutes

passwordMinAgeMinutes?: pulumi.Input<number>;

Minimum time interval in minutes between password changes: 0 = no limit.

property passwordMinLength

passwordMinLength?: pulumi.Input<number>;

Minimum password length. Default is 8.

property passwordMinLowercase

passwordMinLowercase?: pulumi.Input<number>;

Minimum number of lower case characters in password.

property passwordMinNumber

passwordMinNumber?: pulumi.Input<number>;

Minimum number of numbers in password.

property passwordMinSymbol

passwordMinSymbol?: pulumi.Input<number>;

Minimum number of symbols in password.

property passwordMinUppercase

passwordMinUppercase?: pulumi.Input<number>;

Minimum number of upper case characters in password.

property passwordShowLockoutFailures

passwordShowLockoutFailures?: pulumi.Input<boolean>;

If a user should be informed when their account is locked.

property priority

priority?: pulumi.Input<number>;

Priority of the policy.

property questionMinLength

questionMinLength?: pulumi.Input<number>;

Min length of the password recovery question answer.

property questionRecovery

questionRecovery?: pulumi.Input<string>;

Enable or disable security question password recovery: ACTIVE or INACTIVE.

property recoveryEmailToken

recoveryEmailToken?: pulumi.Input<number>;

Lifetime in minutes of the recovery email token.

property skipUnlock

skipUnlock?: pulumi.Input<boolean>;

When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.

property smsRecovery

smsRecovery?: pulumi.Input<string>;

Enable or disable SMS password recovery: ACTIVE or INACTIVE.

property status

status?: pulumi.Input<string>;

Policy Status: "ACTIVE" or "INACTIVE".

interface RuleIdpDiscoveryArgs

interface RuleIdpDiscoveryArgs

The set of arguments for constructing a RuleIdpDiscovery resource.

property appExcludes

appExcludes?: pulumi.Input<pulumi.Input<RuleIdpDiscoveryAppExclude>[]>;

Applications to exclude in discovery rule

property appIncludes

appIncludes?: pulumi.Input<pulumi.Input<RuleIdpDiscoveryAppInclude>[]>;

Applications to include in discovery rule

property idpId

idpId?: pulumi.Input<string>;

property idpType

idpType?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

Policy Rule Name.

property networkConnection

networkConnection?: pulumi.Input<string>;

Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".

property networkExcludes

networkExcludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to exclude. Conflicts with networkIncludes.

property networkIncludes

networkIncludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to include. Conflicts with networkExcludes.

property platformIncludes

platformIncludes?: pulumi.Input<pulumi.Input<RuleIdpDiscoveryPlatformInclude>[]>;

property policyid

policyid: pulumi.Input<string>;

Policy ID.

property priority

priority?: pulumi.Input<number>;

Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.

property status

status?: pulumi.Input<string>;

Policy Rule Status: "ACTIVE" or "INACTIVE".

property userIdentifierAttribute

userIdentifierAttribute?: pulumi.Input<string>;

property userIdentifierPatterns

userIdentifierPatterns?: pulumi.Input<pulumi.Input<RuleIdpDiscoveryUserIdentifierPattern>[]>;

property userIdentifierType

userIdentifierType?: pulumi.Input<string>;

interface RuleIdpDiscoveryState

interface RuleIdpDiscoveryState

Input properties used for looking up and filtering RuleIdpDiscovery resources.

property appExcludes

appExcludes?: pulumi.Input<pulumi.Input<RuleIdpDiscoveryAppExclude>[]>;

Applications to exclude in discovery rule

property appIncludes

appIncludes?: pulumi.Input<pulumi.Input<RuleIdpDiscoveryAppInclude>[]>;

Applications to include in discovery rule

property idpId

idpId?: pulumi.Input<string>;

property idpType

idpType?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

Policy Rule Name.

property networkConnection

networkConnection?: pulumi.Input<string>;

Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".

property networkExcludes

networkExcludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to exclude. Conflicts with networkIncludes.

property networkIncludes

networkIncludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to include. Conflicts with networkExcludes.

property platformIncludes

platformIncludes?: pulumi.Input<pulumi.Input<RuleIdpDiscoveryPlatformInclude>[]>;

property policyid

policyid?: pulumi.Input<string>;

Policy ID.

property priority

priority?: pulumi.Input<number>;

Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.

property status

status?: pulumi.Input<string>;

Policy Rule Status: "ACTIVE" or "INACTIVE".

property userIdentifierAttribute

userIdentifierAttribute?: pulumi.Input<string>;

property userIdentifierPatterns

userIdentifierPatterns?: pulumi.Input<pulumi.Input<RuleIdpDiscoveryUserIdentifierPattern>[]>;

property userIdentifierType

userIdentifierType?: pulumi.Input<string>;

interface RuleMfaArgs

interface RuleMfaArgs

The set of arguments for constructing a RuleMfa resource.

property enroll

enroll?: pulumi.Input<string>;

When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".

property name

name?: pulumi.Input<string>;

Policy Rule Name.

property networkConnection

networkConnection?: pulumi.Input<string>;

Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".

property networkExcludes

networkExcludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to exclude. Conflicts with networkIncludes.

property networkIncludes

networkIncludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to include. Conflicts with networkExcludes.

property policyid

policyid: pulumi.Input<string>;

Policy ID.

property priority

priority?: pulumi.Input<number>;

Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.

property status

status?: pulumi.Input<string>;

Policy Rule Status: "ACTIVE" or "INACTIVE".

property usersExcludeds

usersExcludeds?: pulumi.Input<pulumi.Input<string>[]>;

Set of User IDs to Exclude

interface RuleMfaState

interface RuleMfaState

Input properties used for looking up and filtering RuleMfa resources.

property enroll

enroll?: pulumi.Input<string>;

When a user should be prompted for MFA. It can be "CHALLENGE", "LOGIN", or "NEVER".

property name

name?: pulumi.Input<string>;

Policy Rule Name.

property networkConnection

networkConnection?: pulumi.Input<string>;

Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".

property networkExcludes

networkExcludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to exclude. Conflicts with networkIncludes.

property networkIncludes

networkIncludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to include. Conflicts with networkExcludes.

property policyid

policyid?: pulumi.Input<string>;

Policy ID.

property priority

priority?: pulumi.Input<number>;

Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.

property status

status?: pulumi.Input<string>;

Policy Rule Status: "ACTIVE" or "INACTIVE".

property usersExcludeds

usersExcludeds?: pulumi.Input<pulumi.Input<string>[]>;

Set of User IDs to Exclude

interface RulePasswordArgs

interface RulePasswordArgs

The set of arguments for constructing a RulePassword resource.

property name

name?: pulumi.Input<string>;

Policy Rule Name.

property networkConnection

networkConnection?: pulumi.Input<string>;

Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".

property networkExcludes

networkExcludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to exclude. Conflicts with networkIncludes.

property networkIncludes

networkIncludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to include. Conflicts with networkExcludes.

property passwordChange

passwordChange?: pulumi.Input<string>;

Allow or deny a user to change their password: "ALLOW" or "DENY". By default it is "ALLOW".

property passwordReset

passwordReset?: pulumi.Input<string>;

Allow or deny a user to reset their password: "ALLOW" or "DENY". By default it is "ALLOW".

property passwordUnlock

passwordUnlock?: pulumi.Input<string>;

Allow or deny a user to unlock: "ALLOW" or "DENY". By default it is "DENY",

property policyid

policyid: pulumi.Input<string>;

Policy ID.

property priority

priority?: pulumi.Input<number>;

Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.

property status

status?: pulumi.Input<string>;

Policy Rule Status: "ACTIVE" or "INACTIVE".

property usersExcludeds

usersExcludeds?: pulumi.Input<pulumi.Input<string>[]>;

Set of User IDs to Exclude

interface RulePasswordState

interface RulePasswordState

Input properties used for looking up and filtering RulePassword resources.

property name

name?: pulumi.Input<string>;

Policy Rule Name.

property networkConnection

networkConnection?: pulumi.Input<string>;

Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".

property networkExcludes

networkExcludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to exclude. Conflicts with networkIncludes.

property networkIncludes

networkIncludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to include. Conflicts with networkExcludes.

property passwordChange

passwordChange?: pulumi.Input<string>;

Allow or deny a user to change their password: "ALLOW" or "DENY". By default it is "ALLOW".

property passwordReset

passwordReset?: pulumi.Input<string>;

Allow or deny a user to reset their password: "ALLOW" or "DENY". By default it is "ALLOW".

property passwordUnlock

passwordUnlock?: pulumi.Input<string>;

Allow or deny a user to unlock: "ALLOW" or "DENY". By default it is "DENY",

property policyid

policyid?: pulumi.Input<string>;

Policy ID.

property priority

priority?: pulumi.Input<number>;

Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.

property status

status?: pulumi.Input<string>;

Policy Rule Status: "ACTIVE" or "INACTIVE".

property usersExcludeds

usersExcludeds?: pulumi.Input<pulumi.Input<string>[]>;

Set of User IDs to Exclude

interface RuleSignonArgs

interface RuleSignonArgs

The set of arguments for constructing a RuleSignon resource.

property access

access?: pulumi.Input<string>;

Allow or deny access based on the rule conditions: "ALLOW" or "DENY". The default is "ALLOW".

property authtype

authtype?: pulumi.Input<string>;

Authentication entrypoint: "ANY" or "RADIUS".

property mfaLifetime

mfaLifetime?: pulumi.Input<number>;

Elapsed time before the next MFA challenge.

property mfaPrompt

mfaPrompt?: pulumi.Input<string>;

Prompt for MFA based on the device used, a factor session lifetime, or every sign on attempt: "DEVICE", "SESSION" or "ALWAYS".

property mfaRememberDevice

mfaRememberDevice?: pulumi.Input<boolean>;

Remember MFA device. The default false.

property mfaRequired

mfaRequired?: pulumi.Input<boolean>;

Require MFA. By default is false.

property name

name?: pulumi.Input<string>;

Policy Rule Name.

property networkConnection

networkConnection?: pulumi.Input<string>;

Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".

property networkExcludes

networkExcludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to exclude. Conflicts with networkIncludes.

property networkIncludes

networkIncludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to include. Conflicts with networkExcludes.

property policyid

policyid: pulumi.Input<string>;

Policy ID.

property priority

priority?: pulumi.Input<number>;

Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.

property sessionIdle

sessionIdle?: pulumi.Input<number>;

Max minutes a session can be idle.“,

property sessionLifetime

sessionLifetime?: pulumi.Input<number>;

Max minutes a session is active: Disable = 0.

property sessionPersistent

sessionPersistent?: pulumi.Input<boolean>;

Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.

property status

status?: pulumi.Input<string>;

Policy Rule Status: "ACTIVE" or "INACTIVE".

property usersExcludeds

usersExcludeds?: pulumi.Input<pulumi.Input<string>[]>;

Set of User IDs to Exclude

interface RuleSignonState

interface RuleSignonState

Input properties used for looking up and filtering RuleSignon resources.

property access

access?: pulumi.Input<string>;

Allow or deny access based on the rule conditions: "ALLOW" or "DENY". The default is "ALLOW".

property authtype

authtype?: pulumi.Input<string>;

Authentication entrypoint: "ANY" or "RADIUS".

property mfaLifetime

mfaLifetime?: pulumi.Input<number>;

Elapsed time before the next MFA challenge.

property mfaPrompt

mfaPrompt?: pulumi.Input<string>;

Prompt for MFA based on the device used, a factor session lifetime, or every sign on attempt: "DEVICE", "SESSION" or "ALWAYS".

property mfaRememberDevice

mfaRememberDevice?: pulumi.Input<boolean>;

Remember MFA device. The default false.

property mfaRequired

mfaRequired?: pulumi.Input<boolean>;

Require MFA. By default is false.

property name

name?: pulumi.Input<string>;

Policy Rule Name.

property networkConnection

networkConnection?: pulumi.Input<string>;

Network selection mode: "ANYWHERE", "ZONE", "ON_NETWORK", or "OFF_NETWORK".

property networkExcludes

networkExcludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to exclude. Conflicts with networkIncludes.

property networkIncludes

networkIncludes?: pulumi.Input<pulumi.Input<string>[]>;

The network zones to include. Conflicts with networkExcludes.

property policyid

policyid?: pulumi.Input<string>;

Policy ID.

property priority

priority?: pulumi.Input<number>;

Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.

property sessionIdle

sessionIdle?: pulumi.Input<number>;

Max minutes a session can be idle.“,

property sessionLifetime

sessionLifetime?: pulumi.Input<number>;

Max minutes a session is active: Disable = 0.

property sessionPersistent

sessionPersistent?: pulumi.Input<boolean>;

Whether session cookies will last across browser sessions. Okta Administrators can never have persistent session cookies.

property status

status?: pulumi.Input<string>;

Policy Rule Status: "ACTIVE" or "INACTIVE".

property usersExcludeds

usersExcludeds?: pulumi.Input<pulumi.Input<string>[]>;

Set of User IDs to Exclude

interface SignonArgs

interface SignonArgs

The set of arguments for constructing a Signon resource.

property description

description?: pulumi.Input<string>;

Policy Description.

property groupsIncludeds

groupsIncludeds?: pulumi.Input<pulumi.Input<string>[]>;

List of Group IDs to Include.

property name

name?: pulumi.Input<string>;

Policy Name.

property priority

priority?: pulumi.Input<number>;

Priority of the policy.

property status

status?: pulumi.Input<string>;

Policy Status: "ACTIVE" or "INACTIVE".

interface SignonState

interface SignonState

Input properties used for looking up and filtering Signon resources.

property description

description?: pulumi.Input<string>;

Policy Description.

property groupsIncludeds

groupsIncludeds?: pulumi.Input<pulumi.Input<string>[]>;

List of Group IDs to Include.

property name

name?: pulumi.Input<string>;

Policy Name.

property priority

priority?: pulumi.Input<number>;

Priority of the policy.

property status

status?: pulumi.Input<string>;

Policy Status: "ACTIVE" or "INACTIVE".