Docs
PackagesOkta v4.9.2 published on Tuesday, Jun 25, 2024 by Pulumi
okta.policy.RuleIdpDiscovery
Explore with Pulumi AI
Creates an IdP Discovery Policy Rule.
This resource allows you to create and configure an IdP Discovery Policy Rule.
If you receive the error ‘You do not have permission to access the feature you are requesting’ contact support and request feature flag ‘ADVANCED_SSO’ be applied to your org.
Example Usage
All Okta orgs contain only one IdP Discovery Policy
data “okta.policy.getPolicy” “idp_discovery_policy” { name = “Idp Discovery Policy” type = “IDP_DISCOVERY” }
resource “okta.policy.RuleIdpDiscovery” “example” {
policy_id = data.okta_policy.idp_discovery_policy.id
name = “example”
idp_id = “
app_exclude {
id = “
app_exclude { name = “yahoo_mail” type = “APP_TYPE” }
app_include {
id = “
app_include {
name = “
platform_include { type = “MOBILE” os_type = “OSX” }
user_identifier_patterns { match_type = “EQUALS” value = “Articulate” } }
## Create RuleIdpDiscovery Resource {#create}
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see [Resources](/docs/concepts/resources/).
### Constructor syntax
<div>
<pulumi-chooser type="language" options="typescript,python,go,csharp,java,yaml"></pulumi-chooser>
</div>
<div>
<pulumi-choosable type="language" values="javascript,typescript">
<div class="no-copy"><div class="highlight"><pre class="chroma"><code class="language-typescript" data-lang="typescript"><span class="k">new </span><span class="nx">RuleIdpDiscovery</span><span class="p">(</span><span class="nx">name</span><span class="p">:</span> <span class="nx">string</span><span class="p">,</span> <span class="nx">args</span><span class="p">?:</span> <span class="nx"><a href="#inputs">RuleIdpDiscoveryArgs</a></span><span class="p">,</span> <span class="nx">opts</span><span class="p">?:</span> <span class="nx"><a href="/docs/reference/pkg/nodejs/pulumi/pulumi/#CustomResourceOptions">CustomResourceOptions</a></span><span class="p">);</span></code></pre></div>
</div></pulumi-choosable>
</div>
<div>
<pulumi-choosable type="language" values="python">
<div class="no-copy"><div class="highlight"><pre class="chroma"><code class="language-python" data-lang="python"><span class=nd>@overload</span>
<span class="k">def </span><span class="nx">RuleIdpDiscovery</span><span class="p">(</span><span class="nx">resource_name</span><span class="p">:</span> <span class="nx">str</span><span class="p">,</span>
<span class="nx">args</span><span class="p">:</span> <span class="nx"><a href="#inputs">Optional[RuleIdpDiscoveryArgs]</a></span> = None<span class="p">,</span>
<span class="nx">opts</span><span class="p">:</span> <span class="nx"><a href="/docs/reference/pkg/python/pulumi/#pulumi.ResourceOptions">Optional[ResourceOptions]</a></span> = None<span class="p">)</span>
<span></span>
<span class=nd>@overload</span>
<span class="k">def </span><span class="nx">RuleIdpDiscovery</span><span class="p">(</span><span class="nx">resource_name</span><span class="p">:</span> <span class="nx">str</span><span class="p">,</span>
<span class="nx">opts</span><span class="p">:</span> <span class="nx"><a href="/docs/reference/pkg/python/pulumi/#pulumi.ResourceOptions">Optional[ResourceOptions]</a></span> = None<span class="p">,</span>
<span class="nx">app_excludes</span><span class="p">:</span> <span class="nx">Optional[Sequence[RuleIdpDiscoveryAppExcludeArgs]]</span> = None<span class="p">,</span>
<span class="nx">app_includes</span><span class="p">:</span> <span class="nx">Optional[Sequence[RuleIdpDiscoveryAppIncludeArgs]]</span> = None<span class="p">,</span>
<span class="nx">idp_id</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
<span class="nx">idp_type</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
<span class="nx">name</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
<span class="nx">network_connection</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
<span class="nx">network_excludes</span><span class="p">:</span> <span class="nx">Optional[Sequence[str]]</span> = None<span class="p">,</span>
<span class="nx">network_includes</span><span class="p">:</span> <span class="nx">Optional[Sequence[str]]</span> = None<span class="p">,</span>
<span class="nx">platform_includes</span><span class="p">:</span> <span class="nx">Optional[Sequence[RuleIdpDiscoveryPlatformIncludeArgs]]</span> = None<span class="p">,</span>
<span class="nx">policy_id</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
<span class="nx">priority</span><span class="p">:</span> <span class="nx">Optional[int]</span> = None<span class="p">,</span>
<span class="nx">status</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
<span class="nx">user_identifier_attribute</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">,</span>
<span class="nx">user_identifier_patterns</span><span class="p">:</span> <span class="nx">Optional[Sequence[RuleIdpDiscoveryUserIdentifierPatternArgs]]</span> = None<span class="p">,</span>
<span class="nx">user_identifier_type</span><span class="p">:</span> <span class="nx">Optional[str]</span> = None<span class="p">)</span></code></pre></div>
</div></pulumi-choosable>
</div>
<div>
<pulumi-choosable type="language" values="go">
<div class="no-copy"><div class="highlight"><pre class="chroma"><code class="language-go" data-lang="go"><span class="k">func </span><span class="nx">NewRuleIdpDiscovery</span><span class="p">(</span><span class="nx">ctx</span><span class="p"> *</span><span class="nx"><a href="https://pkg.go.dev/github.com/pulumi/pulumi/sdk/v3/go/pulumi?tab=doc#Context">Context</a></span><span class="p">,</span> <span class="nx">name</span><span class="p"> </span><span class="nx">string</span><span class="p">,</span> <span class="nx">args</span><span class="p"> *</span><span class="nx"><a href="#inputs">RuleIdpDiscoveryArgs</a></span><span class="p">,</span> <span class="nx">opts</span><span class="p"> ...</span><span class="nx"><a href="https://pkg.go.dev/github.com/pulumi/pulumi/sdk/v3/go/pulumi?tab=doc#ResourceOption">ResourceOption</a></span><span class="p">) (*<span class="nx">RuleIdpDiscovery</span>, error)</span></code></pre></div>
</div></pulumi-choosable>
</div>
<div>
<pulumi-choosable type="language" values="csharp">
<div class="no-copy"><div class="highlight"><pre class="chroma"><code class="language-csharp" data-lang="csharp"><span class="k">public </span><span class="nx">RuleIdpDiscovery</span><span class="p">(</span><span class="nx">string</span><span class="p"> </span><span class="nx">name<span class="p">,</span> <span class="nx"><a href="#inputs">RuleIdpDiscoveryArgs</a></span><span class="p">? </span><span class="nx">args = null<span class="p">,</span> <span class="nx"><a href="/docs/reference/pkg/dotnet/Pulumi/Pulumi.CustomResourceOptions.html">CustomResourceOptions</a></span><span class="p">? </span><span class="nx">opts = null<span class="p">)</span></code></pre></div>
</div></pulumi-choosable>
</div>
<div>
<pulumi-choosable type="language" values="java">
<div class="no-copy"><div class="highlight"><pre class="chroma">
<code class="language-java" data-lang="java"><span class="k">public </span><span class="nx">RuleIdpDiscovery</span><span class="p">(</span><span class="nx">String</span><span class="p"> </span><span class="nx">name<span class="p">,</span> <span class="nx"><a href="#inputs">RuleIdpDiscoveryArgs</a></span><span class="p"> </span><span class="nx">args<span class="p">)</span>
<span class="k">public </span><span class="nx">RuleIdpDiscovery</span><span class="p">(</span><span class="nx">String</span><span class="p"> </span><span class="nx">name<span class="p">,</span> <span class="nx"><a href="#inputs">RuleIdpDiscoveryArgs</a></span><span class="p"> </span><span class="nx">args<span class="p">,</span> <span class="nx">CustomResourceOptions</span><span class="p"> </span><span class="nx">options<span class="p">)</span>
</code></pre></div></div>
</pulumi-choosable>
</div>
<div>
<pulumi-choosable type="language" values="yaml">
<div class="no-copy"><div class="highlight"><pre class="chroma"><code class="language-yaml" data-lang="yaml">type: <span class="nx">okta:policy:RuleIdpDiscovery</span><span class="p"></span>
<span class="p">properties</span><span class="p">: </span><span class="c"># The arguments to resource properties.</span>
<span class="p"></span><span class="p">options</span><span class="p">: </span><span class="c"># Bag of options to control resource's behavior.</span>
<span class="p"></span>
</code></pre></div></div>
</pulumi-choosable>
</div>
#### Parameters
<div>
<pulumi-choosable type="language" values="javascript,typescript">
<dl class="resources-properties"><dt
class="property-required" title="Required">
<span>name</span>
<span class="property-indicator"></span>
<span class="property-type">string</span>
</dt>
<dd>The unique name of the resource.</dd><dt
class="property-optional" title="Optional">
<span>args</span>
<span class="property-indicator"></span>
<span class="property-type"><a href="#inputs">RuleIdpDiscoveryArgs</a></span>
</dt>
<dd>The arguments to resource properties.</dd><dt
class="property-optional" title="Optional">
<span>opts</span>
<span class="property-indicator"></span>
<span class="property-type"><a href="/docs/reference/pkg/nodejs/pulumi/pulumi/#CustomResourceOptions">CustomResourceOptions</a></span>
</dt>
<dd>Bag of options to control resource's behavior.</dd></dl>
</pulumi-choosable>
</div>
<div>
<pulumi-choosable type="language" values="python">
<dl class="resources-properties"><dt
class="property-required" title="Required">
<span>resource_name</span>
<span class="property-indicator"></span>
<span class="property-type">str</span>
</dt>
<dd>The unique name of the resource.</dd><dt
class="property-optional" title="Optional">
<span>args</span>
<span class="property-indicator"></span>
<span class="property-type"><a href="#inputs">RuleIdpDiscoveryArgs</a></span>
</dt>
<dd>The arguments to resource properties.</dd><dt
class="property-optional" title="Optional">
<span>opts</span>
<span class="property-indicator"></span>
<span class="property-type"><a href="/docs/reference/pkg/python/pulumi/#pulumi.ResourceOptions">ResourceOptions</a></span>
</dt>
<dd>Bag of options to control resource's behavior.</dd></dl>
</pulumi-choosable>
</div>
<div>
<pulumi-choosable type="language" values="go">
<dl class="resources-properties"><dt
class="property-optional" title="Optional">
<span>ctx</span>
<span class="property-indicator"></span>
<span class="property-type"><a href="https://pkg.go.dev/github.com/pulumi/pulumi/sdk/v3/go/pulumi?tab=doc#Context">Context</a></span>
</dt>
<dd>Context object for the current deployment.</dd><dt
class="property-required" title="Required">
<span>name</span>
<span class="property-indicator"></span>
<span class="property-type">string</span>
</dt>
<dd>The unique name of the resource.</dd><dt
class="property-optional" title="Optional">
<span>args</span>
<span class="property-indicator"></span>
<span class="property-type"><a href="#inputs">RuleIdpDiscoveryArgs</a></span>
</dt>
<dd>The arguments to resource properties.</dd><dt
class="property-optional" title="Optional">
<span>opts</span>
<span class="property-indicator"></span>
<span class="property-type"><a href="https://pkg.go.dev/github.com/pulumi/pulumi/sdk/v3/go/pulumi?tab=doc#ResourceOption">ResourceOption</a></span>
</dt>
<dd>Bag of options to control resource's behavior.</dd></dl>
</pulumi-choosable>
</div>
<div>
<pulumi-choosable type="language" values="csharp">
<dl class="resources-properties"><dt
class="property-required" title="Required">
<span>name</span>
<span class="property-indicator"></span>
<span class="property-type">string</span>
</dt>
<dd>The unique name of the resource.</dd><dt
class="property-optional" title="Optional">
<span>args</span>
<span class="property-indicator"></span>
<span class="property-type"><a href="#inputs">RuleIdpDiscoveryArgs</a></span>
</dt>
<dd>The arguments to resource properties.</dd><dt
class="property-optional" title="Optional">
<span>opts</span>
<span class="property-indicator"></span>
<span class="property-type"><a href="/docs/reference/pkg/dotnet/Pulumi/Pulumi.CustomResourceOptions.html">CustomResourceOptions</a></span>
</dt>
<dd>Bag of options to control resource's behavior.</dd></dl>
</pulumi-choosable>
</div>
<div>
<pulumi-choosable type="language" values="java">
<dl class="resources-properties"><dt
class="property-required" title="Required">
<span>name</span>
<span class="property-indicator"></span>
<span class="property-type">String</span>
</dt>
<dd>The unique name of the resource.</dd><dt
class="property-required" title="Required">
<span>args</span>
<span class="property-indicator"></span>
<span class="property-type"><a href="#inputs">RuleIdpDiscoveryArgs</a></span>
</dt>
<dd>The arguments to resource properties.</dd><dt
class="property-optional" title="Optional">
<span>options</span>
<span class="property-indicator"></span>
<span class="property-type">CustomResourceOptions</span>
</dt>
<dd>Bag of options to control resource's behavior.</dd></dl>
</pulumi-choosable>
</div>
### Constructor example
The following reference example uses placeholder values for all [input properties](#inputs).
<div>
<pulumi-chooser type="language" options="typescript,python,go,csharp,java,yaml"></pulumi-chooser>
</div>
<div>
<pulumi-choosable type="language" values="csharp">
```csharp
var ruleIdpDiscoveryResource = new Okta.Policy.RuleIdpDiscovery("ruleIdpDiscoveryResource", new()
{
AppExcludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryAppExcludeArgs
{
Type = "string",
Id = "string",
Name = "string",
},
},
AppIncludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryAppIncludeArgs
{
Type = "string",
Id = "string",
Name = "string",
},
},
IdpId = "string",
IdpType = "string",
Name = "string",
NetworkConnection = "string",
NetworkExcludes = new[]
{
"string",
},
NetworkIncludes = new[]
{
"string",
},
PlatformIncludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryPlatformIncludeArgs
{
OsExpression = "string",
OsType = "string",
Type = "string",
},
},
PolicyId = "string",
Priority = 0,
Status = "string",
UserIdentifierAttribute = "string",
UserIdentifierPatterns = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryUserIdentifierPatternArgs
{
MatchType = "string",
Value = "string",
},
},
UserIdentifierType = "string",
});
example, err := policy.NewRuleIdpDiscovery(ctx, "ruleIdpDiscoveryResource", &policy.RuleIdpDiscoveryArgs{
AppExcludes: policy.RuleIdpDiscoveryAppExcludeArray{
&policy.RuleIdpDiscoveryAppExcludeArgs{
Type: pulumi.String("string"),
Id: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
AppIncludes: policy.RuleIdpDiscoveryAppIncludeArray{
&policy.RuleIdpDiscoveryAppIncludeArgs{
Type: pulumi.String("string"),
Id: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
IdpId: pulumi.String("string"),
IdpType: pulumi.String("string"),
Name: pulumi.String("string"),
NetworkConnection: pulumi.String("string"),
NetworkExcludes: pulumi.StringArray{
pulumi.String("string"),
},
NetworkIncludes: pulumi.StringArray{
pulumi.String("string"),
},
PlatformIncludes: policy.RuleIdpDiscoveryPlatformIncludeArray{
&policy.RuleIdpDiscoveryPlatformIncludeArgs{
OsExpression: pulumi.String("string"),
OsType: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
PolicyId: pulumi.String("string"),
Priority: pulumi.Int(0),
Status: pulumi.String("string"),
UserIdentifierAttribute: pulumi.String("string"),
UserIdentifierPatterns: policy.RuleIdpDiscoveryUserIdentifierPatternArray{
&policy.RuleIdpDiscoveryUserIdentifierPatternArgs{
MatchType: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
UserIdentifierType: pulumi.String("string"),
})
var ruleIdpDiscoveryResource = new RuleIdpDiscovery("ruleIdpDiscoveryResource", RuleIdpDiscoveryArgs.builder()
.appExcludes(RuleIdpDiscoveryAppExcludeArgs.builder()
.type("string")
.id("string")
.name("string")
.build())
.appIncludes(RuleIdpDiscoveryAppIncludeArgs.builder()
.type("string")
.id("string")
.name("string")
.build())
.idpId("string")
.idpType("string")
.name("string")
.networkConnection("string")
.networkExcludes("string")
.networkIncludes("string")
.platformIncludes(RuleIdpDiscoveryPlatformIncludeArgs.builder()
.osExpression("string")
.osType("string")
.type("string")
.build())
.policyId("string")
.priority(0)
.status("string")
.userIdentifierAttribute("string")
.userIdentifierPatterns(RuleIdpDiscoveryUserIdentifierPatternArgs.builder()
.matchType("string")
.value("string")
.build())
.userIdentifierType("string")
.build());
rule_idp_discovery_resource = okta.policy.RuleIdpDiscovery("ruleIdpDiscoveryResource",
app_excludes=[okta.policy.RuleIdpDiscoveryAppExcludeArgs(
type="string",
id="string",
name="string",
)],
app_includes=[okta.policy.RuleIdpDiscoveryAppIncludeArgs(
type="string",
id="string",
name="string",
)],
idp_id="string",
idp_type="string",
name="string",
network_connection="string",
network_excludes=["string"],
network_includes=["string"],
platform_includes=[okta.policy.RuleIdpDiscoveryPlatformIncludeArgs(
os_expression="string",
os_type="string",
type="string",
)],
policy_id="string",
priority=0,
status="string",
user_identifier_attribute="string",
user_identifier_patterns=[okta.policy.RuleIdpDiscoveryUserIdentifierPatternArgs(
match_type="string",
value="string",
)],
user_identifier_type="string")
const ruleIdpDiscoveryResource = new okta.policy.RuleIdpDiscovery("ruleIdpDiscoveryResource", {
appExcludes: [{
type: "string",
id: "string",
name: "string",
}],
appIncludes: [{
type: "string",
id: "string",
name: "string",
}],
idpId: "string",
idpType: "string",
name: "string",
networkConnection: "string",
networkExcludes: ["string"],
networkIncludes: ["string"],
platformIncludes: [{
osExpression: "string",
osType: "string",
type: "string",
}],
policyId: "string",
priority: 0,
status: "string",
userIdentifierAttribute: "string",
userIdentifierPatterns: [{
matchType: "string",
value: "string",
}],
userIdentifierType: "string",
});
type: okta:policy:RuleIdpDiscovery
properties:
appExcludes:
- id: string
name: string
type: string
appIncludes:
- id: string
name: string
type: string
idpId: string
idpType: string
name: string
networkConnection: string
networkExcludes:
- string
networkIncludes:
- string
platformIncludes:
- osExpression: string
osType: string
type: string
policyId: string
priority: 0
status: string
userIdentifierAttribute: string
userIdentifierPatterns:
- matchType: string
value: string
userIdentifierType: string
RuleIdpDiscovery Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The RuleIdpDiscovery resource accepts the following input properties:
- App
Excludes List<RuleIdp Discovery App Exclude> - Applications to exclude in discovery. See
app_includefor details. - App
Includes List<RuleIdp Discovery App Include> - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Idp
Id string - The identifier for the Idp the rule should route to if all conditions are met.
- Idp
Type string - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - Network
Excludes List<string> - Required if
network_connection=ZONE. Indicates the network zones to exclude. - Network
Includes List<string> - Required if
network_connection=ZONE. Indicates the network zones to include. - Platform
Includes List<RuleIdp Discovery Platform Include> - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - User
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - User
Identifier List<RulePatterns Idp Discovery User Identifier Pattern> - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- User
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- App
Excludes []RuleIdp Discovery App Exclude Args - Applications to exclude in discovery. See
app_includefor details. - App
Includes []RuleIdp Discovery App Include Args - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Idp
Id string - The identifier for the Idp the rule should route to if all conditions are met.
- Idp
Type string - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - Network
Excludes []string - Required if
network_connection=ZONE. Indicates the network zones to exclude. - Network
Includes []string - Required if
network_connection=ZONE. Indicates the network zones to include. - Platform
Includes []RuleIdp Discovery Platform Include Args - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - User
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - User
Identifier []RulePatterns Idp Discovery User Identifier Pattern Args - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- User
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes List<RuleIdp Discovery App Exclude> - Applications to exclude in discovery. See
app_includefor details. - app
Includes List<RuleIdp Discovery App Include> - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Id String - The identifier for the Idp the rule should route to if all conditions are met.
- idp
Type String - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes List<String> - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
network_connection=ZONE. Indicates the network zones to include. - platform
Includes List<RuleIdp Discovery Platform Include> - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id String - Policy ID of the Rule
- priority Integer
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier StringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user
Identifier List<RulePatterns Idp Discovery User Identifier Pattern> - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier StringType - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes RuleIdp Discovery App Exclude[] - Applications to exclude in discovery. See
app_includefor details. - app
Includes RuleIdp Discovery App Include[] - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Id string - The identifier for the Idp the rule should route to if all conditions are met.
- idp
Type string - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name string
- Policy Rule Name
- network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes string[] - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network
Includes string[] - Required if
network_connection=ZONE. Indicates the network zones to include. - platform
Includes RuleIdp Discovery Platform Include[] - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user
Identifier RulePatterns Idp Discovery User Identifier Pattern[] - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- app_
excludes Sequence[RuleIdp Discovery App Exclude Args] - Applications to exclude in discovery. See
app_includefor details. - app_
includes Sequence[RuleIdp Discovery App Include Args] - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp_
id str - The identifier for the Idp the rule should route to if all conditions are met.
- idp_
type str - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name str
- Policy Rule Name
- network_
connection str - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network_
excludes Sequence[str] - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network_
includes Sequence[str] - Required if
network_connection=ZONE. Indicates the network zones to include. - platform_
includes Sequence[RuleIdp Discovery Platform Include Args] - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy_
id str - Policy ID of the Rule
- priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status str
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user_
identifier_ strattribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user_
identifier_ Sequence[Rulepatterns Idp Discovery User Identifier Pattern Args] - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user_
identifier_ strtype - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes List<Property Map> - Applications to exclude in discovery. See
app_includefor details. - app
Includes List<Property Map> - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Id String - The identifier for the Idp the rule should route to if all conditions are met.
- idp
Type String - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes List<String> - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
network_connection=ZONE. Indicates the network zones to include. - platform
Includes List<Property Map> - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id String - Policy ID of the Rule
- priority Number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier StringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user
Identifier List<Property Map>Patterns - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier StringType - One of:
IDENTIFIER,ATTRIBUTE
Outputs
All input properties are implicitly available as output properties. Additionally, the RuleIdpDiscovery resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing RuleIdpDiscovery Resource
Get an existing RuleIdpDiscovery resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RuleIdpDiscoveryState, opts?: CustomResourceOptions): RuleIdpDiscovery@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
app_excludes: Optional[Sequence[RuleIdpDiscoveryAppExcludeArgs]] = None,
app_includes: Optional[Sequence[RuleIdpDiscoveryAppIncludeArgs]] = None,
idp_id: Optional[str] = None,
idp_type: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
platform_includes: Optional[Sequence[RuleIdpDiscoveryPlatformIncludeArgs]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
status: Optional[str] = None,
user_identifier_attribute: Optional[str] = None,
user_identifier_patterns: Optional[Sequence[RuleIdpDiscoveryUserIdentifierPatternArgs]] = None,
user_identifier_type: Optional[str] = None) -> RuleIdpDiscoveryfunc GetRuleIdpDiscovery(ctx *Context, name string, id IDInput, state *RuleIdpDiscoveryState, opts ...ResourceOption) (*RuleIdpDiscovery, error)public static RuleIdpDiscovery Get(string name, Input<string> id, RuleIdpDiscoveryState? state, CustomResourceOptions? opts = null)public static RuleIdpDiscovery get(String name, Output<String> id, RuleIdpDiscoveryState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- App
Excludes List<RuleIdp Discovery App Exclude> - Applications to exclude in discovery. See
app_includefor details. - App
Includes List<RuleIdp Discovery App Include> - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Idp
Id string - The identifier for the Idp the rule should route to if all conditions are met.
- Idp
Type string - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - Network
Excludes List<string> - Required if
network_connection=ZONE. Indicates the network zones to exclude. - Network
Includes List<string> - Required if
network_connection=ZONE. Indicates the network zones to include. - Platform
Includes List<RuleIdp Discovery Platform Include> - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - User
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - User
Identifier List<RulePatterns Idp Discovery User Identifier Pattern> - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- User
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- App
Excludes []RuleIdp Discovery App Exclude Args - Applications to exclude in discovery. See
app_includefor details. - App
Includes []RuleIdp Discovery App Include Args - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Idp
Id string - The identifier for the Idp the rule should route to if all conditions are met.
- Idp
Type string - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - Network
Excludes []string - Required if
network_connection=ZONE. Indicates the network zones to exclude. - Network
Includes []string - Required if
network_connection=ZONE. Indicates the network zones to include. - Platform
Includes []RuleIdp Discovery Platform Include Args - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - User
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - User
Identifier []RulePatterns Idp Discovery User Identifier Pattern Args - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- User
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes List<RuleIdp Discovery App Exclude> - Applications to exclude in discovery. See
app_includefor details. - app
Includes List<RuleIdp Discovery App Include> - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Id String - The identifier for the Idp the rule should route to if all conditions are met.
- idp
Type String - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes List<String> - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
network_connection=ZONE. Indicates the network zones to include. - platform
Includes List<RuleIdp Discovery Platform Include> - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id String - Policy ID of the Rule
- priority Integer
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier StringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user
Identifier List<RulePatterns Idp Discovery User Identifier Pattern> - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier StringType - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes RuleIdp Discovery App Exclude[] - Applications to exclude in discovery. See
app_includefor details. - app
Includes RuleIdp Discovery App Include[] - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Id string - The identifier for the Idp the rule should route to if all conditions are met.
- idp
Type string - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name string
- Policy Rule Name
- network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes string[] - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network
Includes string[] - Required if
network_connection=ZONE. Indicates the network zones to include. - platform
Includes RuleIdp Discovery Platform Include[] - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user
Identifier RulePatterns Idp Discovery User Identifier Pattern[] - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- app_
excludes Sequence[RuleIdp Discovery App Exclude Args] - Applications to exclude in discovery. See
app_includefor details. - app_
includes Sequence[RuleIdp Discovery App Include Args] - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp_
id str - The identifier for the Idp the rule should route to if all conditions are met.
- idp_
type str - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name str
- Policy Rule Name
- network_
connection str - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network_
excludes Sequence[str] - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network_
includes Sequence[str] - Required if
network_connection=ZONE. Indicates the network zones to include. - platform_
includes Sequence[RuleIdp Discovery Platform Include Args] - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy_
id str - Policy ID of the Rule
- priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status str
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user_
identifier_ strattribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user_
identifier_ Sequence[Rulepatterns Idp Discovery User Identifier Pattern Args] - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user_
identifier_ strtype - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes List<Property Map> - Applications to exclude in discovery. See
app_includefor details. - app
Includes List<Property Map> - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Id String - The identifier for the Idp the rule should route to if all conditions are met.
- idp
Type String - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes List<String> - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
network_connection=ZONE. Indicates the network zones to include. - platform
Includes List<Property Map> - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id String - Policy ID of the Rule
- priority Number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier StringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user
Identifier List<Property Map>Patterns - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier StringType - One of:
IDENTIFIER,ATTRIBUTE
Supporting Types
RuleIdpDiscoveryAppExclude, RuleIdpDiscoveryAppExcludeArgs
RuleIdpDiscoveryAppInclude, RuleIdpDiscoveryAppIncludeArgs
RuleIdpDiscoveryPlatformInclude, RuleIdpDiscoveryPlatformIncludeArgs
- Os
Expression string - Only available with OTHER OS type
- Os
Type string - Type string
- Os
Expression string - Only available with OTHER OS type
- Os
Type string - Type string
- os
Expression String - Only available with OTHER OS type
- os
Type String - type String
- os
Expression string - Only available with OTHER OS type
- os
Type string - type string
- os_
expression str - Only available with OTHER OS type
- os_
type str - type str
- os
Expression String - Only available with OTHER OS type
- os
Type String - type String
RuleIdpDiscoveryUserIdentifierPattern, RuleIdpDiscoveryUserIdentifierPatternArgs
- match_
type str - value str
Import
$ pulumi import okta:policy/ruleIdpDiscovery:RuleIdpDiscovery example <policy id>/<rule id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oktaTerraform Provider.