Okta v4.15.0, Mar 7 25

Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi

okta.auth.ServerPolicyRule

Explore with Pulumi AI

Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.auth.ServerPolicyRule("example", {
    authServerId: "<auth server id>",
    policyId: "<auth server policy id>",
    status: "ACTIVE",
    name: "example",
    priority: 1,
    groupWhitelists: ["<group ids>"],
    grantTypeWhitelists: ["implicit"],
});

import pulumi
import pulumi_okta as okta

example = okta.auth.ServerPolicyRule("example",
    auth_server_id="<auth server id>",
    policy_id="<auth server policy id>",
    status="ACTIVE",
    name="example",
    priority=1,
    group_whitelists=["<group ids>"],
    grant_type_whitelists=["implicit"])

package main

import (
	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/auth"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth.NewServerPolicyRule(ctx, "example", &auth.ServerPolicyRuleArgs{
			AuthServerId: pulumi.String("<auth server id>"),
			PolicyId:     pulumi.String("<auth server policy id>"),
			Status:       pulumi.String("ACTIVE"),
			Name:         pulumi.String("example"),
			Priority:     pulumi.Int(1),
			GroupWhitelists: pulumi.StringArray{
				pulumi.String("<group ids>"),
			},
			GrantTypeWhitelists: pulumi.StringArray{
				pulumi.String("implicit"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;

return await Deployment.RunAsync(() => 
{
    var example = new Okta.Auth.ServerPolicyRule("example", new()
    {
        AuthServerId = "<auth server id>",
        PolicyId = "<auth server policy id>",
        Status = "ACTIVE",
        Name = "example",
        Priority = 1,
        GroupWhitelists = new[]
        {
            "<group ids>",
        },
        GrantTypeWhitelists = new[]
        {
            "implicit",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.auth.ServerPolicyRule;
import com.pulumi.okta.auth.ServerPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ServerPolicyRule("example", ServerPolicyRuleArgs.builder()
            .authServerId("<auth server id>")
            .policyId("<auth server policy id>")
            .status("ACTIVE")
            .name("example")
            .priority(1)
            .groupWhitelists("<group ids>")
            .grantTypeWhitelists("implicit")
            .build());

    }
}

resources:
  example:
    type: okta:auth:ServerPolicyRule
    properties:
      authServerId: <auth server id>
      policyId: <auth server policy id>
      status: ACTIVE
      name: example
      priority: 1
      groupWhitelists:
        - <group ids>
      grantTypeWhitelists:
        - implicit

Create ServerPolicyRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ServerPolicyRule(name: string, args: ServerPolicyRuleArgs, opts?: CustomResourceOptions);

@overload
def ServerPolicyRule(resource_name: str,
                     args: ServerPolicyRuleArgs,
                     opts: Optional[ResourceOptions] = None)

@overload
def ServerPolicyRule(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     policy_id: Optional[str] = None,
                     auth_server_id: Optional[str] = None,
                     grant_type_whitelists: Optional[Sequence[str]] = None,
                     priority: Optional[int] = None,
                     group_whitelists: Optional[Sequence[str]] = None,
                     inline_hook_id: Optional[str] = None,
                     name: Optional[str] = None,
                     access_token_lifetime_minutes: Optional[int] = None,
                     group_blacklists: Optional[Sequence[str]] = None,
                     refresh_token_lifetime_minutes: Optional[int] = None,
                     refresh_token_window_minutes: Optional[int] = None,
                     scope_whitelists: Optional[Sequence[str]] = None,
                     status: Optional[str] = None,
                     type: Optional[str] = None,
                     user_blacklists: Optional[Sequence[str]] = None,
                     user_whitelists: Optional[Sequence[str]] = None)

func NewServerPolicyRule(ctx *Context, name string, args ServerPolicyRuleArgs, opts ...ResourceOption) (*ServerPolicyRule, error)

public ServerPolicyRule(string name, ServerPolicyRuleArgs args, CustomResourceOptions? opts = null)

public ServerPolicyRule(String name, ServerPolicyRuleArgs args)
public ServerPolicyRule(String name, ServerPolicyRuleArgs args, CustomResourceOptions options)

type: okta:auth:ServerPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ServerPolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ServerPolicyRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ServerPolicyRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ServerPolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ServerPolicyRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var serverPolicyRuleResource = new Okta.Auth.ServerPolicyRule("serverPolicyRuleResource", new()
{
    PolicyId = "string",
    AuthServerId = "string",
    GrantTypeWhitelists = new[]
    {
        "string",
    },
    Priority = 0,
    GroupWhitelists = new[]
    {
        "string",
    },
    InlineHookId = "string",
    Name = "string",
    AccessTokenLifetimeMinutes = 0,
    GroupBlacklists = new[]
    {
        "string",
    },
    RefreshTokenLifetimeMinutes = 0,
    RefreshTokenWindowMinutes = 0,
    ScopeWhitelists = new[]
    {
        "string",
    },
    Status = "string",
    Type = "string",
    UserBlacklists = new[]
    {
        "string",
    },
    UserWhitelists = new[]
    {
        "string",
    },
});

example, err := auth.NewServerPolicyRule(ctx, "serverPolicyRuleResource", &auth.ServerPolicyRuleArgs{
	PolicyId:     pulumi.String("string"),
	AuthServerId: pulumi.String("string"),
	GrantTypeWhitelists: pulumi.StringArray{
		pulumi.String("string"),
	},
	Priority: pulumi.Int(0),
	GroupWhitelists: pulumi.StringArray{
		pulumi.String("string"),
	},
	InlineHookId:               pulumi.String("string"),
	Name:                       pulumi.String("string"),
	AccessTokenLifetimeMinutes: pulumi.Int(0),
	GroupBlacklists: pulumi.StringArray{
		pulumi.String("string"),
	},
	RefreshTokenLifetimeMinutes: pulumi.Int(0),
	RefreshTokenWindowMinutes:   pulumi.Int(0),
	ScopeWhitelists: pulumi.StringArray{
		pulumi.String("string"),
	},
	Status: pulumi.String("string"),
	Type:   pulumi.String("string"),
	UserBlacklists: pulumi.StringArray{
		pulumi.String("string"),
	},
	UserWhitelists: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var serverPolicyRuleResource = new ServerPolicyRule("serverPolicyRuleResource", ServerPolicyRuleArgs.builder()
    .policyId("string")
    .authServerId("string")
    .grantTypeWhitelists("string")
    .priority(0)
    .groupWhitelists("string")
    .inlineHookId("string")
    .name("string")
    .accessTokenLifetimeMinutes(0)
    .groupBlacklists("string")
    .refreshTokenLifetimeMinutes(0)
    .refreshTokenWindowMinutes(0)
    .scopeWhitelists("string")
    .status("string")
    .type("string")
    .userBlacklists("string")
    .userWhitelists("string")
    .build());

server_policy_rule_resource = okta.auth.ServerPolicyRule("serverPolicyRuleResource",
    policy_id="string",
    auth_server_id="string",
    grant_type_whitelists=["string"],
    priority=0,
    group_whitelists=["string"],
    inline_hook_id="string",
    name="string",
    access_token_lifetime_minutes=0,
    group_blacklists=["string"],
    refresh_token_lifetime_minutes=0,
    refresh_token_window_minutes=0,
    scope_whitelists=["string"],
    status="string",
    type="string",
    user_blacklists=["string"],
    user_whitelists=["string"])

const serverPolicyRuleResource = new okta.auth.ServerPolicyRule("serverPolicyRuleResource", {
    policyId: "string",
    authServerId: "string",
    grantTypeWhitelists: ["string"],
    priority: 0,
    groupWhitelists: ["string"],
    inlineHookId: "string",
    name: "string",
    accessTokenLifetimeMinutes: 0,
    groupBlacklists: ["string"],
    refreshTokenLifetimeMinutes: 0,
    refreshTokenWindowMinutes: 0,
    scopeWhitelists: ["string"],
    status: "string",
    type: "string",
    userBlacklists: ["string"],
    userWhitelists: ["string"],
});

type: okta:auth:ServerPolicyRule
properties:
    accessTokenLifetimeMinutes: 0
    authServerId: string
    grantTypeWhitelists:
        - string
    groupBlacklists:
        - string
    groupWhitelists:
        - string
    inlineHookId: string
    name: string
    policyId: string
    priority: 0
    refreshTokenLifetimeMinutes: 0
    refreshTokenWindowMinutes: 0
    scopeWhitelists:
        - string
    status: string
    type: string
    userBlacklists:
        - string
    userWhitelists:
        - string

ServerPolicyRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ServerPolicyRule resource accepts the following input properties:

AuthServerId string: Auth server ID
GrantTypeWhitelists List<string>: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
PolicyId string: Auth server policy ID
Priority int: Priority of the auth server policy rule
AccessTokenLifetimeMinutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
GroupBlacklists List<string>: Specifies a set of Groups whose Users are to be excluded.
GroupWhitelists List<string>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
InlineHookId string: The ID of the inline token to trigger.
Name string: Auth server policy rule name
RefreshTokenLifetimeMinutes int: Lifetime of refresh token.
RefreshTokenWindowMinutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
ScopeWhitelists List<string>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
Status string: Default to ACTIVE
Type string: Auth server policy rule type, unlikely this will be anything other then the default
UserBlacklists List<string>: Specifies a set of Users to be excluded.
UserWhitelists List<string>: Specifies a set of Users to be included.

AuthServerId string: Auth server ID
GrantTypeWhitelists []string: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
PolicyId string: Auth server policy ID
Priority int: Priority of the auth server policy rule
AccessTokenLifetimeMinutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
GroupBlacklists []string: Specifies a set of Groups whose Users are to be excluded.
GroupWhitelists []string: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
InlineHookId string: The ID of the inline token to trigger.
Name string: Auth server policy rule name
RefreshTokenLifetimeMinutes int: Lifetime of refresh token.
RefreshTokenWindowMinutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
ScopeWhitelists []string: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
Status string: Default to ACTIVE
Type string: Auth server policy rule type, unlikely this will be anything other then the default
UserBlacklists []string: Specifies a set of Users to be excluded.
UserWhitelists []string: Specifies a set of Users to be included.

authServerId String: Auth server ID
grantTypeWhitelists List<String>: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
policyId String: Auth server policy ID
priority Integer: Priority of the auth server policy rule
accessTokenLifetimeMinutes Integer: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
groupBlacklists List<String>: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists List<String>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inlineHookId String: The ID of the inline token to trigger.
name String: Auth server policy rule name
refreshTokenLifetimeMinutes Integer: Lifetime of refresh token.
refreshTokenWindowMinutes Integer: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scopeWhitelists List<String>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status String: Default to ACTIVE
type String: Auth server policy rule type, unlikely this will be anything other then the default
userBlacklists List<String>: Specifies a set of Users to be excluded.
userWhitelists List<String>: Specifies a set of Users to be included.

authServerId string: Auth server ID
grantTypeWhitelists string[]: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
policyId string: Auth server policy ID
priority number: Priority of the auth server policy rule
accessTokenLifetimeMinutes number: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
groupBlacklists string[]: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists string[]: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inlineHookId string: The ID of the inline token to trigger.
name string: Auth server policy rule name
refreshTokenLifetimeMinutes number: Lifetime of refresh token.
refreshTokenWindowMinutes number: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scopeWhitelists string[]: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status string: Default to ACTIVE
type string: Auth server policy rule type, unlikely this will be anything other then the default
userBlacklists string[]: Specifies a set of Users to be excluded.
userWhitelists string[]: Specifies a set of Users to be included.

auth_server_id str: Auth server ID
grant_type_whitelists Sequence[str]: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
policy_id str: Auth server policy ID
priority int: Priority of the auth server policy rule
access_token_lifetime_minutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
group_blacklists Sequence[str]: Specifies a set of Groups whose Users are to be excluded.
group_whitelists Sequence[str]: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inline_hook_id str: The ID of the inline token to trigger.
name str: Auth server policy rule name
refresh_token_lifetime_minutes int: Lifetime of refresh token.
refresh_token_window_minutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scope_whitelists Sequence[str]: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status str: Default to ACTIVE
type str: Auth server policy rule type, unlikely this will be anything other then the default
user_blacklists Sequence[str]: Specifies a set of Users to be excluded.
user_whitelists Sequence[str]: Specifies a set of Users to be included.

authServerId String: Auth server ID
grantTypeWhitelists List<String>: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
policyId String: Auth server policy ID
priority Number: Priority of the auth server policy rule
accessTokenLifetimeMinutes Number: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
groupBlacklists List<String>: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists List<String>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inlineHookId String: The ID of the inline token to trigger.
name String: Auth server policy rule name
refreshTokenLifetimeMinutes Number: Lifetime of refresh token.
refreshTokenWindowMinutes Number: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scopeWhitelists List<String>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status String: Default to ACTIVE
type String: Auth server policy rule type, unlikely this will be anything other then the default
userBlacklists List<String>: Specifies a set of Users to be excluded.
userWhitelists List<String>: Specifies a set of Users to be included.

Outputs

All input properties are implicitly available as output properties. Additionally, the ServerPolicyRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
System bool: The rule is the system (default) rule for its associated policy

Id string: The provider-assigned unique ID for this managed resource.
System bool: The rule is the system (default) rule for its associated policy

id String: The provider-assigned unique ID for this managed resource.
system Boolean: The rule is the system (default) rule for its associated policy

id string: The provider-assigned unique ID for this managed resource.
system boolean: The rule is the system (default) rule for its associated policy

id str: The provider-assigned unique ID for this managed resource.
system bool: The rule is the system (default) rule for its associated policy

id String: The provider-assigned unique ID for this managed resource.
system Boolean: The rule is the system (default) rule for its associated policy

Look up Existing ServerPolicyRule Resource

Get an existing ServerPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ServerPolicyRuleState, opts?: CustomResourceOptions): ServerPolicyRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_token_lifetime_minutes: Optional[int] = None,
        auth_server_id: Optional[str] = None,
        grant_type_whitelists: Optional[Sequence[str]] = None,
        group_blacklists: Optional[Sequence[str]] = None,
        group_whitelists: Optional[Sequence[str]] = None,
        inline_hook_id: Optional[str] = None,
        name: Optional[str] = None,
        policy_id: Optional[str] = None,
        priority: Optional[int] = None,
        refresh_token_lifetime_minutes: Optional[int] = None,
        refresh_token_window_minutes: Optional[int] = None,
        scope_whitelists: Optional[Sequence[str]] = None,
        status: Optional[str] = None,
        system: Optional[bool] = None,
        type: Optional[str] = None,
        user_blacklists: Optional[Sequence[str]] = None,
        user_whitelists: Optional[Sequence[str]] = None) -> ServerPolicyRule

func GetServerPolicyRule(ctx *Context, name string, id IDInput, state *ServerPolicyRuleState, opts ...ResourceOption) (*ServerPolicyRule, error)

public static ServerPolicyRule Get(string name, Input<string> id, ServerPolicyRuleState? state, CustomResourceOptions? opts = null)

public static ServerPolicyRule get(String name, Output<String> id, ServerPolicyRuleState state, CustomResourceOptions options)

resources:  _:    type: okta:auth:ServerPolicyRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessTokenLifetimeMinutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
AuthServerId string: Auth server ID
GrantTypeWhitelists List<string>: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
GroupBlacklists List<string>: Specifies a set of Groups whose Users are to be excluded.
GroupWhitelists List<string>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
InlineHookId string: The ID of the inline token to trigger.
Name string: Auth server policy rule name
PolicyId string: Auth server policy ID
Priority int: Priority of the auth server policy rule
RefreshTokenLifetimeMinutes int: Lifetime of refresh token.
RefreshTokenWindowMinutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
ScopeWhitelists List<string>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
Status string: Default to ACTIVE
System bool: The rule is the system (default) rule for its associated policy
Type string: Auth server policy rule type, unlikely this will be anything other then the default
UserBlacklists List<string>: Specifies a set of Users to be excluded.
UserWhitelists List<string>: Specifies a set of Users to be included.

AccessTokenLifetimeMinutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
AuthServerId string: Auth server ID
GrantTypeWhitelists []string: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
GroupBlacklists []string: Specifies a set of Groups whose Users are to be excluded.
GroupWhitelists []string: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
InlineHookId string: The ID of the inline token to trigger.
Name string: Auth server policy rule name
PolicyId string: Auth server policy ID
Priority int: Priority of the auth server policy rule
RefreshTokenLifetimeMinutes int: Lifetime of refresh token.
RefreshTokenWindowMinutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
ScopeWhitelists []string: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
Status string: Default to ACTIVE
System bool: The rule is the system (default) rule for its associated policy
Type string: Auth server policy rule type, unlikely this will be anything other then the default
UserBlacklists []string: Specifies a set of Users to be excluded.
UserWhitelists []string: Specifies a set of Users to be included.

accessTokenLifetimeMinutes Integer: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
authServerId String: Auth server ID
grantTypeWhitelists List<String>: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
groupBlacklists List<String>: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists List<String>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inlineHookId String: The ID of the inline token to trigger.
name String: Auth server policy rule name
policyId String: Auth server policy ID
priority Integer: Priority of the auth server policy rule
refreshTokenLifetimeMinutes Integer: Lifetime of refresh token.
refreshTokenWindowMinutes Integer: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scopeWhitelists List<String>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status String: Default to ACTIVE
system Boolean: The rule is the system (default) rule for its associated policy
type String: Auth server policy rule type, unlikely this will be anything other then the default
userBlacklists List<String>: Specifies a set of Users to be excluded.
userWhitelists List<String>: Specifies a set of Users to be included.

accessTokenLifetimeMinutes number: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
authServerId string: Auth server ID
grantTypeWhitelists string[]: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
groupBlacklists string[]: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists string[]: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inlineHookId string: The ID of the inline token to trigger.
name string: Auth server policy rule name
policyId string: Auth server policy ID
priority number: Priority of the auth server policy rule
refreshTokenLifetimeMinutes number: Lifetime of refresh token.
refreshTokenWindowMinutes number: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scopeWhitelists string[]: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status string: Default to ACTIVE
system boolean: The rule is the system (default) rule for its associated policy
type string: Auth server policy rule type, unlikely this will be anything other then the default
userBlacklists string[]: Specifies a set of Users to be excluded.
userWhitelists string[]: Specifies a set of Users to be included.

access_token_lifetime_minutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
auth_server_id str: Auth server ID
grant_type_whitelists Sequence[str]: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
group_blacklists Sequence[str]: Specifies a set of Groups whose Users are to be excluded.
group_whitelists Sequence[str]: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inline_hook_id str: The ID of the inline token to trigger.
name str: Auth server policy rule name
policy_id str: Auth server policy ID
priority int: Priority of the auth server policy rule
refresh_token_lifetime_minutes int: Lifetime of refresh token.
refresh_token_window_minutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scope_whitelists Sequence[str]: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status str: Default to ACTIVE
system bool: The rule is the system (default) rule for its associated policy
type str: Auth server policy rule type, unlikely this will be anything other then the default
user_blacklists Sequence[str]: Specifies a set of Users to be excluded.
user_whitelists Sequence[str]: Specifies a set of Users to be included.

accessTokenLifetimeMinutes Number: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
authServerId String: Auth server ID
grantTypeWhitelists List<String>: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
groupBlacklists List<String>: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists List<String>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inlineHookId String: The ID of the inline token to trigger.
name String: Auth server policy rule name
policyId String: Auth server policy ID
priority Number: Priority of the auth server policy rule
refreshTokenLifetimeMinutes Number: Lifetime of refresh token.
refreshTokenWindowMinutes Number: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scopeWhitelists List<String>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status String: Default to ACTIVE
system Boolean: The rule is the system (default) rule for its associated policy
type String: Auth server policy rule type, unlikely this will be anything other then the default
userBlacklists List<String>: Specifies a set of Users to be excluded.
userWhitelists List<String>: Specifies a set of Users to be included.

Import

$ pulumi import okta:auth/serverPolicyRule:ServerPolicyRule example <auth_server_id>/<policy_id>/<policy_rule_id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Okta pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-okta

okta.auth.ServerPolicyRule

On this page

On this page

Example Usage

Create ServerPolicyRule Resource

Constructor syntax

Parameters

Constructor example

ServerPolicyRule Resource Properties

Inputs

Outputs

Look up Existing ServerPolicyRule Resource

Import

Package Details

On this page

On this page