okta.policy.RuleMfa
Explore with Pulumi AI
Creates an MFA Policy Rule. This resource allows you to create and configure an MFA Policy Rule.
Create RuleMfa Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RuleMfa(name: string, args?: RuleMfaArgs, opts?: CustomResourceOptions);@overload
def RuleMfa(resource_name: str,
            args: Optional[RuleMfaArgs] = None,
            opts: Optional[ResourceOptions] = None)
@overload
def RuleMfa(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            app_excludes: Optional[Sequence[RuleMfaAppExcludeArgs]] = None,
            app_includes: Optional[Sequence[RuleMfaAppIncludeArgs]] = None,
            enroll: Optional[str] = None,
            name: Optional[str] = None,
            network_connection: Optional[str] = None,
            network_excludes: Optional[Sequence[str]] = None,
            network_includes: Optional[Sequence[str]] = None,
            policy_id: Optional[str] = None,
            priority: Optional[int] = None,
            status: Optional[str] = None,
            users_excludeds: Optional[Sequence[str]] = None)func NewRuleMfa(ctx *Context, name string, args *RuleMfaArgs, opts ...ResourceOption) (*RuleMfa, error)public RuleMfa(string name, RuleMfaArgs? args = null, CustomResourceOptions? opts = null)
public RuleMfa(String name, RuleMfaArgs args)
public RuleMfa(String name, RuleMfaArgs args, CustomResourceOptions options)
type: okta:policy:RuleMfa
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RuleMfaArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ruleMfaResource = new Okta.Policy.RuleMfa("ruleMfaResource", new()
{
    AppExcludes = new[]
    {
        new Okta.Policy.Inputs.RuleMfaAppExcludeArgs
        {
            Type = "string",
            Id = "string",
            Name = "string",
        },
    },
    AppIncludes = new[]
    {
        new Okta.Policy.Inputs.RuleMfaAppIncludeArgs
        {
            Type = "string",
            Id = "string",
            Name = "string",
        },
    },
    Enroll = "string",
    Name = "string",
    NetworkConnection = "string",
    NetworkExcludes = new[]
    {
        "string",
    },
    NetworkIncludes = new[]
    {
        "string",
    },
    PolicyId = "string",
    Priority = 0,
    Status = "string",
    UsersExcludeds = new[]
    {
        "string",
    },
});
example, err := policy.NewRuleMfa(ctx, "ruleMfaResource", &policy.RuleMfaArgs{
	AppExcludes: policy.RuleMfaAppExcludeArray{
		&policy.RuleMfaAppExcludeArgs{
			Type: pulumi.String("string"),
			Id:   pulumi.String("string"),
			Name: pulumi.String("string"),
		},
	},
	AppIncludes: policy.RuleMfaAppIncludeArray{
		&policy.RuleMfaAppIncludeArgs{
			Type: pulumi.String("string"),
			Id:   pulumi.String("string"),
			Name: pulumi.String("string"),
		},
	},
	Enroll:            pulumi.String("string"),
	Name:              pulumi.String("string"),
	NetworkConnection: pulumi.String("string"),
	NetworkExcludes: pulumi.StringArray{
		pulumi.String("string"),
	},
	NetworkIncludes: pulumi.StringArray{
		pulumi.String("string"),
	},
	PolicyId: pulumi.String("string"),
	Priority: pulumi.Int(0),
	Status:   pulumi.String("string"),
	UsersExcludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
})
var ruleMfaResource = new RuleMfa("ruleMfaResource", RuleMfaArgs.builder()
    .appExcludes(RuleMfaAppExcludeArgs.builder()
        .type("string")
        .id("string")
        .name("string")
        .build())
    .appIncludes(RuleMfaAppIncludeArgs.builder()
        .type("string")
        .id("string")
        .name("string")
        .build())
    .enroll("string")
    .name("string")
    .networkConnection("string")
    .networkExcludes("string")
    .networkIncludes("string")
    .policyId("string")
    .priority(0)
    .status("string")
    .usersExcludeds("string")
    .build());
rule_mfa_resource = okta.policy.RuleMfa("ruleMfaResource",
    app_excludes=[{
        "type": "string",
        "id": "string",
        "name": "string",
    }],
    app_includes=[{
        "type": "string",
        "id": "string",
        "name": "string",
    }],
    enroll="string",
    name="string",
    network_connection="string",
    network_excludes=["string"],
    network_includes=["string"],
    policy_id="string",
    priority=0,
    status="string",
    users_excludeds=["string"])
const ruleMfaResource = new okta.policy.RuleMfa("ruleMfaResource", {
    appExcludes: [{
        type: "string",
        id: "string",
        name: "string",
    }],
    appIncludes: [{
        type: "string",
        id: "string",
        name: "string",
    }],
    enroll: "string",
    name: "string",
    networkConnection: "string",
    networkExcludes: ["string"],
    networkIncludes: ["string"],
    policyId: "string",
    priority: 0,
    status: "string",
    usersExcludeds: ["string"],
});
type: okta:policy:RuleMfa
properties:
    appExcludes:
        - id: string
          name: string
          type: string
    appIncludes:
        - id: string
          name: string
          type: string
    enroll: string
    name: string
    networkConnection: string
    networkExcludes:
        - string
    networkIncludes:
        - string
    policyId: string
    priority: 0
    status: string
    usersExcludeds:
        - string
RuleMfa Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The RuleMfa resource accepts the following input properties:
- AppExcludes List<RuleMfa App Exclude> 
- Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- AppIncludes List<RuleMfa App Include> 
- Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- Enroll string
- When a user should be prompted for MFA. It can be CHALLENGE,LOGIN, orNEVER.
- Name string
- Policy Rule Name
- NetworkConnection string
- Network selection mode: ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE
- NetworkExcludes List<string>
- Required if network_connection=ZONE. Indicates the network zones to exclude.
- NetworkIncludes List<string>
- Required if network_connection=ZONE. Indicates the network zones to include.
- PolicyId string
- Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status: ACTIVEorINACTIVE. Default:ACTIVE
- UsersExcludeds List<string>
- Set of User IDs to Exclude
- AppExcludes []RuleMfa App Exclude Args 
- Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- AppIncludes []RuleMfa App Include Args 
- Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- Enroll string
- When a user should be prompted for MFA. It can be CHALLENGE,LOGIN, orNEVER.
- Name string
- Policy Rule Name
- NetworkConnection string
- Network selection mode: ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE
- NetworkExcludes []string
- Required if network_connection=ZONE. Indicates the network zones to exclude.
- NetworkIncludes []string
- Required if network_connection=ZONE. Indicates the network zones to include.
- PolicyId string
- Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status: ACTIVEorINACTIVE. Default:ACTIVE
- UsersExcludeds []string
- Set of User IDs to Exclude
- appExcludes List<RuleMfa App Exclude> 
- Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- appIncludes List<RuleMfa App Include> 
- Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- enroll String
- When a user should be prompted for MFA. It can be CHALLENGE,LOGIN, orNEVER.
- name String
- Policy Rule Name
- networkConnection String
- Network selection mode: ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE
- networkExcludes List<String>
- Required if network_connection=ZONE. Indicates the network zones to exclude.
- networkIncludes List<String>
- Required if network_connection=ZONE. Indicates the network zones to include.
- policyId String
- Policy ID of the Rule
- priority Integer
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status: ACTIVEorINACTIVE. Default:ACTIVE
- usersExcludeds List<String>
- Set of User IDs to Exclude
- appExcludes RuleMfa App Exclude[] 
- Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- appIncludes RuleMfa App Include[] 
- Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- enroll string
- When a user should be prompted for MFA. It can be CHALLENGE,LOGIN, orNEVER.
- name string
- Policy Rule Name
- networkConnection string
- Network selection mode: ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE
- networkExcludes string[]
- Required if network_connection=ZONE. Indicates the network zones to exclude.
- networkIncludes string[]
- Required if network_connection=ZONE. Indicates the network zones to include.
- policyId string
- Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status string
- Policy Rule Status: ACTIVEorINACTIVE. Default:ACTIVE
- usersExcludeds string[]
- Set of User IDs to Exclude
- app_excludes Sequence[RuleMfa App Exclude Args] 
- Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- app_includes Sequence[RuleMfa App Include Args] 
- Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- enroll str
- When a user should be prompted for MFA. It can be CHALLENGE,LOGIN, orNEVER.
- name str
- Policy Rule Name
- network_connection str
- Network selection mode: ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE
- network_excludes Sequence[str]
- Required if network_connection=ZONE. Indicates the network zones to exclude.
- network_includes Sequence[str]
- Required if network_connection=ZONE. Indicates the network zones to include.
- policy_id str
- Policy ID of the Rule
- priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status str
- Policy Rule Status: ACTIVEorINACTIVE. Default:ACTIVE
- users_excludeds Sequence[str]
- Set of User IDs to Exclude
- appExcludes List<Property Map>
- Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- appIncludes List<Property Map>
- Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- enroll String
- When a user should be prompted for MFA. It can be CHALLENGE,LOGIN, orNEVER.
- name String
- Policy Rule Name
- networkConnection String
- Network selection mode: ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE
- networkExcludes List<String>
- Required if network_connection=ZONE. Indicates the network zones to exclude.
- networkIncludes List<String>
- Required if network_connection=ZONE. Indicates the network zones to include.
- policyId String
- Policy ID of the Rule
- priority Number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status: ACTIVEorINACTIVE. Default:ACTIVE
- usersExcludeds List<String>
- Set of User IDs to Exclude
Outputs
All input properties are implicitly available as output properties. Additionally, the RuleMfa resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing RuleMfa Resource
Get an existing RuleMfa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RuleMfaState, opts?: CustomResourceOptions): RuleMfa@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        app_excludes: Optional[Sequence[RuleMfaAppExcludeArgs]] = None,
        app_includes: Optional[Sequence[RuleMfaAppIncludeArgs]] = None,
        enroll: Optional[str] = None,
        name: Optional[str] = None,
        network_connection: Optional[str] = None,
        network_excludes: Optional[Sequence[str]] = None,
        network_includes: Optional[Sequence[str]] = None,
        policy_id: Optional[str] = None,
        priority: Optional[int] = None,
        status: Optional[str] = None,
        users_excludeds: Optional[Sequence[str]] = None) -> RuleMfafunc GetRuleMfa(ctx *Context, name string, id IDInput, state *RuleMfaState, opts ...ResourceOption) (*RuleMfa, error)public static RuleMfa Get(string name, Input<string> id, RuleMfaState? state, CustomResourceOptions? opts = null)public static RuleMfa get(String name, Output<String> id, RuleMfaState state, CustomResourceOptions options)resources:  _:    type: okta:policy:RuleMfa    get:      id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- AppExcludes List<RuleMfa App Exclude> 
- Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- AppIncludes List<RuleMfa App Include> 
- Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- Enroll string
- When a user should be prompted for MFA. It can be CHALLENGE,LOGIN, orNEVER.
- Name string
- Policy Rule Name
- NetworkConnection string
- Network selection mode: ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE
- NetworkExcludes List<string>
- Required if network_connection=ZONE. Indicates the network zones to exclude.
- NetworkIncludes List<string>
- Required if network_connection=ZONE. Indicates the network zones to include.
- PolicyId string
- Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status: ACTIVEorINACTIVE. Default:ACTIVE
- UsersExcludeds List<string>
- Set of User IDs to Exclude
- AppExcludes []RuleMfa App Exclude Args 
- Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- AppIncludes []RuleMfa App Include Args 
- Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- Enroll string
- When a user should be prompted for MFA. It can be CHALLENGE,LOGIN, orNEVER.
- Name string
- Policy Rule Name
- NetworkConnection string
- Network selection mode: ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE
- NetworkExcludes []string
- Required if network_connection=ZONE. Indicates the network zones to exclude.
- NetworkIncludes []string
- Required if network_connection=ZONE. Indicates the network zones to include.
- PolicyId string
- Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status: ACTIVEorINACTIVE. Default:ACTIVE
- UsersExcludeds []string
- Set of User IDs to Exclude
- appExcludes List<RuleMfa App Exclude> 
- Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- appIncludes List<RuleMfa App Include> 
- Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- enroll String
- When a user should be prompted for MFA. It can be CHALLENGE,LOGIN, orNEVER.
- name String
- Policy Rule Name
- networkConnection String
- Network selection mode: ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE
- networkExcludes List<String>
- Required if network_connection=ZONE. Indicates the network zones to exclude.
- networkIncludes List<String>
- Required if network_connection=ZONE. Indicates the network zones to include.
- policyId String
- Policy ID of the Rule
- priority Integer
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status: ACTIVEorINACTIVE. Default:ACTIVE
- usersExcludeds List<String>
- Set of User IDs to Exclude
- appExcludes RuleMfa App Exclude[] 
- Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- appIncludes RuleMfa App Include[] 
- Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- enroll string
- When a user should be prompted for MFA. It can be CHALLENGE,LOGIN, orNEVER.
- name string
- Policy Rule Name
- networkConnection string
- Network selection mode: ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE
- networkExcludes string[]
- Required if network_connection=ZONE. Indicates the network zones to exclude.
- networkIncludes string[]
- Required if network_connection=ZONE. Indicates the network zones to include.
- policyId string
- Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status string
- Policy Rule Status: ACTIVEorINACTIVE. Default:ACTIVE
- usersExcludeds string[]
- Set of User IDs to Exclude
- app_excludes Sequence[RuleMfa App Exclude Args] 
- Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- app_includes Sequence[RuleMfa App Include Args] 
- Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- enroll str
- When a user should be prompted for MFA. It can be CHALLENGE,LOGIN, orNEVER.
- name str
- Policy Rule Name
- network_connection str
- Network selection mode: ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE
- network_excludes Sequence[str]
- Required if network_connection=ZONE. Indicates the network zones to exclude.
- network_includes Sequence[str]
- Required if network_connection=ZONE. Indicates the network zones to include.
- policy_id str
- Policy ID of the Rule
- priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status str
- Policy Rule Status: ACTIVEorINACTIVE. Default:ACTIVE
- users_excludeds Sequence[str]
- Set of User IDs to Exclude
- appExcludes List<Property Map>
- Applications to exclude in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- appIncludes List<Property Map>
- Applications to include in discovery rule. IMPORTANT: this field is only available in Classic Organizations. - 'id'- (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
 
- enroll String
- When a user should be prompted for MFA. It can be CHALLENGE,LOGIN, orNEVER.
- name String
- Policy Rule Name
- networkConnection String
- Network selection mode: ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE
- networkExcludes List<String>
- Required if network_connection=ZONE. Indicates the network zones to exclude.
- networkIncludes List<String>
- Required if network_connection=ZONE. Indicates the network zones to include.
- policyId String
- Policy ID of the Rule
- priority Number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status: ACTIVEorINACTIVE. Default:ACTIVE
- usersExcludeds List<String>
- Set of User IDs to Exclude
Supporting Types
RuleMfaAppExclude, RuleMfaAppExcludeArgs        
RuleMfaAppInclude, RuleMfaAppIncludeArgs        
Import
$ pulumi import okta:policy/ruleMfa:RuleMfa example <policy_id>/<rule_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the oktaTerraform Provider.