okta.auth.ServerPolicyRule
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const example = new okta.auth.ServerPolicyRule("example", {
authServerId: "<auth server id>",
policyId: "<auth server policy id>",
status: "ACTIVE",
name: "example",
priority: 1,
groupWhitelists: ["<group ids>"],
grantTypeWhitelists: ["implicit"],
});
import pulumi
import pulumi_okta as okta
example = okta.auth.ServerPolicyRule("example",
auth_server_id="<auth server id>",
policy_id="<auth server policy id>",
status="ACTIVE",
name="example",
priority=1,
group_whitelists=["<group ids>"],
grant_type_whitelists=["implicit"])
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/auth"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth.NewServerPolicyRule(ctx, "example", &auth.ServerPolicyRuleArgs{
AuthServerId: pulumi.String("<auth server id>"),
PolicyId: pulumi.String("<auth server policy id>"),
Status: pulumi.String("ACTIVE"),
Name: pulumi.String("example"),
Priority: pulumi.Int(1),
GroupWhitelists: pulumi.StringArray{
pulumi.String("<group ids>"),
},
GrantTypeWhitelists: pulumi.StringArray{
pulumi.String("implicit"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var example = new Okta.Auth.ServerPolicyRule("example", new()
{
AuthServerId = "<auth server id>",
PolicyId = "<auth server policy id>",
Status = "ACTIVE",
Name = "example",
Priority = 1,
GroupWhitelists = new[]
{
"<group ids>",
},
GrantTypeWhitelists = new[]
{
"implicit",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.auth.ServerPolicyRule;
import com.pulumi.okta.auth.ServerPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerPolicyRule("example", ServerPolicyRuleArgs.builder()
.authServerId("<auth server id>")
.policyId("<auth server policy id>")
.status("ACTIVE")
.name("example")
.priority(1)
.groupWhitelists("<group ids>")
.grantTypeWhitelists("implicit")
.build());
}
}
resources:
example:
type: okta:auth:ServerPolicyRule
properties:
authServerId: <auth server id>
policyId: <auth server policy id>
status: ACTIVE
name: example
priority: 1
groupWhitelists:
- <group ids>
grantTypeWhitelists:
- implicit
Create ServerPolicyRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServerPolicyRule(name: string, args: ServerPolicyRuleArgs, opts?: CustomResourceOptions);
@overload
def ServerPolicyRule(resource_name: str,
args: ServerPolicyRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServerPolicyRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
policy_id: Optional[str] = None,
auth_server_id: Optional[str] = None,
grant_type_whitelists: Optional[Sequence[str]] = None,
priority: Optional[int] = None,
group_whitelists: Optional[Sequence[str]] = None,
inline_hook_id: Optional[str] = None,
name: Optional[str] = None,
access_token_lifetime_minutes: Optional[int] = None,
group_blacklists: Optional[Sequence[str]] = None,
refresh_token_lifetime_minutes: Optional[int] = None,
refresh_token_window_minutes: Optional[int] = None,
scope_whitelists: Optional[Sequence[str]] = None,
status: Optional[str] = None,
type: Optional[str] = None,
user_blacklists: Optional[Sequence[str]] = None,
user_whitelists: Optional[Sequence[str]] = None)
func NewServerPolicyRule(ctx *Context, name string, args ServerPolicyRuleArgs, opts ...ResourceOption) (*ServerPolicyRule, error)
public ServerPolicyRule(string name, ServerPolicyRuleArgs args, CustomResourceOptions? opts = null)
public ServerPolicyRule(String name, ServerPolicyRuleArgs args)
public ServerPolicyRule(String name, ServerPolicyRuleArgs args, CustomResourceOptions options)
type: okta:auth:ServerPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServerPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServerPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServerPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServerPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServerPolicyRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var serverPolicyRuleResource = new Okta.Auth.ServerPolicyRule("serverPolicyRuleResource", new()
{
PolicyId = "string",
AuthServerId = "string",
GrantTypeWhitelists = new[]
{
"string",
},
Priority = 0,
GroupWhitelists = new[]
{
"string",
},
InlineHookId = "string",
Name = "string",
AccessTokenLifetimeMinutes = 0,
GroupBlacklists = new[]
{
"string",
},
RefreshTokenLifetimeMinutes = 0,
RefreshTokenWindowMinutes = 0,
ScopeWhitelists = new[]
{
"string",
},
Status = "string",
Type = "string",
UserBlacklists = new[]
{
"string",
},
UserWhitelists = new[]
{
"string",
},
});
example, err := auth.NewServerPolicyRule(ctx, "serverPolicyRuleResource", &auth.ServerPolicyRuleArgs{
PolicyId: pulumi.String("string"),
AuthServerId: pulumi.String("string"),
GrantTypeWhitelists: pulumi.StringArray{
pulumi.String("string"),
},
Priority: pulumi.Int(0),
GroupWhitelists: pulumi.StringArray{
pulumi.String("string"),
},
InlineHookId: pulumi.String("string"),
Name: pulumi.String("string"),
AccessTokenLifetimeMinutes: pulumi.Int(0),
GroupBlacklists: pulumi.StringArray{
pulumi.String("string"),
},
RefreshTokenLifetimeMinutes: pulumi.Int(0),
RefreshTokenWindowMinutes: pulumi.Int(0),
ScopeWhitelists: pulumi.StringArray{
pulumi.String("string"),
},
Status: pulumi.String("string"),
Type: pulumi.String("string"),
UserBlacklists: pulumi.StringArray{
pulumi.String("string"),
},
UserWhitelists: pulumi.StringArray{
pulumi.String("string"),
},
})
var serverPolicyRuleResource = new ServerPolicyRule("serverPolicyRuleResource", ServerPolicyRuleArgs.builder()
.policyId("string")
.authServerId("string")
.grantTypeWhitelists("string")
.priority(0)
.groupWhitelists("string")
.inlineHookId("string")
.name("string")
.accessTokenLifetimeMinutes(0)
.groupBlacklists("string")
.refreshTokenLifetimeMinutes(0)
.refreshTokenWindowMinutes(0)
.scopeWhitelists("string")
.status("string")
.type("string")
.userBlacklists("string")
.userWhitelists("string")
.build());
server_policy_rule_resource = okta.auth.ServerPolicyRule("serverPolicyRuleResource",
policy_id="string",
auth_server_id="string",
grant_type_whitelists=["string"],
priority=0,
group_whitelists=["string"],
inline_hook_id="string",
name="string",
access_token_lifetime_minutes=0,
group_blacklists=["string"],
refresh_token_lifetime_minutes=0,
refresh_token_window_minutes=0,
scope_whitelists=["string"],
status="string",
type="string",
user_blacklists=["string"],
user_whitelists=["string"])
const serverPolicyRuleResource = new okta.auth.ServerPolicyRule("serverPolicyRuleResource", {
policyId: "string",
authServerId: "string",
grantTypeWhitelists: ["string"],
priority: 0,
groupWhitelists: ["string"],
inlineHookId: "string",
name: "string",
accessTokenLifetimeMinutes: 0,
groupBlacklists: ["string"],
refreshTokenLifetimeMinutes: 0,
refreshTokenWindowMinutes: 0,
scopeWhitelists: ["string"],
status: "string",
type: "string",
userBlacklists: ["string"],
userWhitelists: ["string"],
});
type: okta:auth:ServerPolicyRule
properties:
accessTokenLifetimeMinutes: 0
authServerId: string
grantTypeWhitelists:
- string
groupBlacklists:
- string
groupWhitelists:
- string
inlineHookId: string
name: string
policyId: string
priority: 0
refreshTokenLifetimeMinutes: 0
refreshTokenWindowMinutes: 0
scopeWhitelists:
- string
status: string
type: string
userBlacklists:
- string
userWhitelists:
- string
ServerPolicyRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ServerPolicyRule resource accepts the following input properties:
- Auth
Server stringId - Auth server ID
- Grant
Type List<string>Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - Policy
Id string - Auth server policy ID
- Priority int
- Priority of the auth server policy rule
- Access
Token intLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - Group
Blacklists List<string> - Specifies a set of Groups whose Users are to be excluded.
- Group
Whitelists List<string> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - Inline
Hook stringId - The ID of the inline token to trigger.
- Name string
- Auth server policy rule name
- Refresh
Token intLifetime Minutes - Lifetime of refresh token.
- Refresh
Token intWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - Scope
Whitelists List<string> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- Status string
- Default to
ACTIVE
- Type string
- Auth server policy rule type, unlikely this will be anything other then the default
- User
Blacklists List<string> - Specifies a set of Users to be excluded.
- User
Whitelists List<string> - Specifies a set of Users to be included.
- Auth
Server stringId - Auth server ID
- Grant
Type []stringWhitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - Policy
Id string - Auth server policy ID
- Priority int
- Priority of the auth server policy rule
- Access
Token intLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - Group
Blacklists []string - Specifies a set of Groups whose Users are to be excluded.
- Group
Whitelists []string - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - Inline
Hook stringId - The ID of the inline token to trigger.
- Name string
- Auth server policy rule name
- Refresh
Token intLifetime Minutes - Lifetime of refresh token.
- Refresh
Token intWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - Scope
Whitelists []string - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- Status string
- Default to
ACTIVE
- Type string
- Auth server policy rule type, unlikely this will be anything other then the default
- User
Blacklists []string - Specifies a set of Users to be excluded.
- User
Whitelists []string - Specifies a set of Users to be included.
- auth
Server StringId - Auth server ID
- grant
Type List<String>Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - policy
Id String - Auth server policy ID
- priority Integer
- Priority of the auth server policy rule
- access
Token IntegerLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - group
Blacklists List<String> - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists List<String> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline
Hook StringId - The ID of the inline token to trigger.
- name String
- Auth server policy rule name
- refresh
Token IntegerLifetime Minutes - Lifetime of refresh token.
- refresh
Token IntegerWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope
Whitelists List<String> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status String
- Default to
ACTIVE
- type String
- Auth server policy rule type, unlikely this will be anything other then the default
- user
Blacklists List<String> - Specifies a set of Users to be excluded.
- user
Whitelists List<String> - Specifies a set of Users to be included.
- auth
Server stringId - Auth server ID
- grant
Type string[]Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - policy
Id string - Auth server policy ID
- priority number
- Priority of the auth server policy rule
- access
Token numberLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - group
Blacklists string[] - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists string[] - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline
Hook stringId - The ID of the inline token to trigger.
- name string
- Auth server policy rule name
- refresh
Token numberLifetime Minutes - Lifetime of refresh token.
- refresh
Token numberWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope
Whitelists string[] - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status string
- Default to
ACTIVE
- type string
- Auth server policy rule type, unlikely this will be anything other then the default
- user
Blacklists string[] - Specifies a set of Users to be excluded.
- user
Whitelists string[] - Specifies a set of Users to be included.
- auth_
server_ strid - Auth server ID
- grant_
type_ Sequence[str]whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - policy_
id str - Auth server policy ID
- priority int
- Priority of the auth server policy rule
- access_
token_ intlifetime_ minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - group_
blacklists Sequence[str] - Specifies a set of Groups whose Users are to be excluded.
- group_
whitelists Sequence[str] - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline_
hook_ strid - The ID of the inline token to trigger.
- name str
- Auth server policy rule name
- refresh_
token_ intlifetime_ minutes - Lifetime of refresh token.
- refresh_
token_ intwindow_ minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope_
whitelists Sequence[str] - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status str
- Default to
ACTIVE
- type str
- Auth server policy rule type, unlikely this will be anything other then the default
- user_
blacklists Sequence[str] - Specifies a set of Users to be excluded.
- user_
whitelists Sequence[str] - Specifies a set of Users to be included.
- auth
Server StringId - Auth server ID
- grant
Type List<String>Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - policy
Id String - Auth server policy ID
- priority Number
- Priority of the auth server policy rule
- access
Token NumberLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - group
Blacklists List<String> - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists List<String> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline
Hook StringId - The ID of the inline token to trigger.
- name String
- Auth server policy rule name
- refresh
Token NumberLifetime Minutes - Lifetime of refresh token.
- refresh
Token NumberWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope
Whitelists List<String> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status String
- Default to
ACTIVE
- type String
- Auth server policy rule type, unlikely this will be anything other then the default
- user
Blacklists List<String> - Specifies a set of Users to be excluded.
- user
Whitelists List<String> - Specifies a set of Users to be included.
Outputs
All input properties are implicitly available as output properties. Additionally, the ServerPolicyRule resource produces the following output properties:
Look up Existing ServerPolicyRule Resource
Get an existing ServerPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServerPolicyRuleState, opts?: CustomResourceOptions): ServerPolicyRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_token_lifetime_minutes: Optional[int] = None,
auth_server_id: Optional[str] = None,
grant_type_whitelists: Optional[Sequence[str]] = None,
group_blacklists: Optional[Sequence[str]] = None,
group_whitelists: Optional[Sequence[str]] = None,
inline_hook_id: Optional[str] = None,
name: Optional[str] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
refresh_token_lifetime_minutes: Optional[int] = None,
refresh_token_window_minutes: Optional[int] = None,
scope_whitelists: Optional[Sequence[str]] = None,
status: Optional[str] = None,
system: Optional[bool] = None,
type: Optional[str] = None,
user_blacklists: Optional[Sequence[str]] = None,
user_whitelists: Optional[Sequence[str]] = None) -> ServerPolicyRule
func GetServerPolicyRule(ctx *Context, name string, id IDInput, state *ServerPolicyRuleState, opts ...ResourceOption) (*ServerPolicyRule, error)
public static ServerPolicyRule Get(string name, Input<string> id, ServerPolicyRuleState? state, CustomResourceOptions? opts = null)
public static ServerPolicyRule get(String name, Output<String> id, ServerPolicyRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Token intLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - Auth
Server stringId - Auth server ID
- Grant
Type List<string>Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - Group
Blacklists List<string> - Specifies a set of Groups whose Users are to be excluded.
- Group
Whitelists List<string> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - Inline
Hook stringId - The ID of the inline token to trigger.
- Name string
- Auth server policy rule name
- Policy
Id string - Auth server policy ID
- Priority int
- Priority of the auth server policy rule
- Refresh
Token intLifetime Minutes - Lifetime of refresh token.
- Refresh
Token intWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - Scope
Whitelists List<string> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- Status string
- Default to
ACTIVE
- System bool
- The rule is the system (default) rule for its associated policy
- Type string
- Auth server policy rule type, unlikely this will be anything other then the default
- User
Blacklists List<string> - Specifies a set of Users to be excluded.
- User
Whitelists List<string> - Specifies a set of Users to be included.
- Access
Token intLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - Auth
Server stringId - Auth server ID
- Grant
Type []stringWhitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - Group
Blacklists []string - Specifies a set of Groups whose Users are to be excluded.
- Group
Whitelists []string - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - Inline
Hook stringId - The ID of the inline token to trigger.
- Name string
- Auth server policy rule name
- Policy
Id string - Auth server policy ID
- Priority int
- Priority of the auth server policy rule
- Refresh
Token intLifetime Minutes - Lifetime of refresh token.
- Refresh
Token intWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - Scope
Whitelists []string - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- Status string
- Default to
ACTIVE
- System bool
- The rule is the system (default) rule for its associated policy
- Type string
- Auth server policy rule type, unlikely this will be anything other then the default
- User
Blacklists []string - Specifies a set of Users to be excluded.
- User
Whitelists []string - Specifies a set of Users to be included.
- access
Token IntegerLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - auth
Server StringId - Auth server ID
- grant
Type List<String>Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - group
Blacklists List<String> - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists List<String> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline
Hook StringId - The ID of the inline token to trigger.
- name String
- Auth server policy rule name
- policy
Id String - Auth server policy ID
- priority Integer
- Priority of the auth server policy rule
- refresh
Token IntegerLifetime Minutes - Lifetime of refresh token.
- refresh
Token IntegerWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope
Whitelists List<String> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status String
- Default to
ACTIVE
- system Boolean
- The rule is the system (default) rule for its associated policy
- type String
- Auth server policy rule type, unlikely this will be anything other then the default
- user
Blacklists List<String> - Specifies a set of Users to be excluded.
- user
Whitelists List<String> - Specifies a set of Users to be included.
- access
Token numberLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - auth
Server stringId - Auth server ID
- grant
Type string[]Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - group
Blacklists string[] - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists string[] - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline
Hook stringId - The ID of the inline token to trigger.
- name string
- Auth server policy rule name
- policy
Id string - Auth server policy ID
- priority number
- Priority of the auth server policy rule
- refresh
Token numberLifetime Minutes - Lifetime of refresh token.
- refresh
Token numberWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope
Whitelists string[] - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status string
- Default to
ACTIVE
- system boolean
- The rule is the system (default) rule for its associated policy
- type string
- Auth server policy rule type, unlikely this will be anything other then the default
- user
Blacklists string[] - Specifies a set of Users to be excluded.
- user
Whitelists string[] - Specifies a set of Users to be included.
- access_
token_ intlifetime_ minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - auth_
server_ strid - Auth server ID
- grant_
type_ Sequence[str]whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - group_
blacklists Sequence[str] - Specifies a set of Groups whose Users are to be excluded.
- group_
whitelists Sequence[str] - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline_
hook_ strid - The ID of the inline token to trigger.
- name str
- Auth server policy rule name
- policy_
id str - Auth server policy ID
- priority int
- Priority of the auth server policy rule
- refresh_
token_ intlifetime_ minutes - Lifetime of refresh token.
- refresh_
token_ intwindow_ minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope_
whitelists Sequence[str] - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status str
- Default to
ACTIVE
- system bool
- The rule is the system (default) rule for its associated policy
- type str
- Auth server policy rule type, unlikely this will be anything other then the default
- user_
blacklists Sequence[str] - Specifies a set of Users to be excluded.
- user_
whitelists Sequence[str] - Specifies a set of Users to be included.
- access
Token NumberLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - auth
Server StringId - Auth server ID
- grant
Type List<String>Whitelists - Accepted grant type values,
authorization_code
,implicit
,password
,client_credentials
,urn:ietf:params:oauth:grant-type:saml2-bearer
(Early Access Property),urn:ietf:params:oauth:grant-type:token-exchange
(Early Access Property),urn:ietf:params:oauth:grant-type:device_code
(Early Access Property),interaction_code
(OIE only). Forimplicit
value eitheruser_whitelist
orgroup_whitelist
should be set. - group
Blacklists List<String> - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists List<String> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
EVERYONE
. - inline
Hook StringId - The ID of the inline token to trigger.
- name String
- Auth server policy rule name
- policy
Id String - Auth server policy ID
- priority Number
- Priority of the auth server policy rule
- refresh
Token NumberLifetime Minutes - Lifetime of refresh token.
- refresh
Token NumberWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days).refresh_token_window_minutes
must be betweenaccess_token_lifetime_minutes
andrefresh_token_lifetime_minutes
. - scope
Whitelists List<String> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
*
- status String
- Default to
ACTIVE
- system Boolean
- The rule is the system (default) rule for its associated policy
- type String
- Auth server policy rule type, unlikely this will be anything other then the default
- user
Blacklists List<String> - Specifies a set of Users to be excluded.
- user
Whitelists List<String> - Specifies a set of Users to be included.
Import
$ pulumi import okta:auth/serverPolicyRule:ServerPolicyRule example <auth server id>/<policy id>/<policy rule id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.