Docs Home
Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi
okta.policy.RuleIdpDiscovery
Explore with Pulumi AI
Creates an IdP Discovery Policy Rule.
This resource allows you to create and configure an IdP Discovery Policy Rule.
If you receive the error ‘You do not have permission to access the feature you are requesting’ contact support and request feature flag ‘ADVANCED_SSO’ be applied to your org.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
//## All Okta orgs contain only one IdP Discovery Policy
const idpDiscoveryPolicy = okta.policy.getPolicy({
name: "Idp Discovery Policy",
type: "IDP_DISCOVERY",
});
const example = new okta.policy.RuleIdpDiscovery("example", {
policyId: idpDiscoveryPolicy.then(idpDiscoveryPolicy => idpDiscoveryPolicy.id),
name: "example",
idpId: "<idp id>",
idpType: "OIDC",
networkConnection: "ANYWHERE",
priority: 1,
status: "ACTIVE",
userIdentifierType: "ATTRIBUTE",
userIdentifierAttribute: "company",
appExcludes: [
{
id: "<app id>",
type: "APP",
},
{
name: "yahoo_mail",
type: "APP_TYPE",
},
],
appIncludes: [
{
id: "<app id>",
type: "APP",
},
{
name: "<app type name>",
type: "APP_TYPE",
},
],
platformIncludes: [{
type: "MOBILE",
osType: "OSX",
}],
userIdentifierPatterns: [{
matchType: "EQUALS",
value: "Articulate",
}],
});
import pulumi
import pulumi_okta as okta
### All Okta orgs contain only one IdP Discovery Policy
idp_discovery_policy = okta.policy.get_policy(name="Idp Discovery Policy",
type="IDP_DISCOVERY")
example = okta.policy.RuleIdpDiscovery("example",
policy_id=idp_discovery_policy.id,
name="example",
idp_id="<idp id>",
idp_type="OIDC",
network_connection="ANYWHERE",
priority=1,
status="ACTIVE",
user_identifier_type="ATTRIBUTE",
user_identifier_attribute="company",
app_excludes=[
{
"id": "<app id>",
"type": "APP",
},
{
"name": "yahoo_mail",
"type": "APP_TYPE",
},
],
app_includes=[
{
"id": "<app id>",
"type": "APP",
},
{
"name": "<app type name>",
"type": "APP_TYPE",
},
],
platform_includes=[{
"type": "MOBILE",
"os_type": "OSX",
}],
user_identifier_patterns=[{
"match_type": "EQUALS",
"value": "Articulate",
}])
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// ## All Okta orgs contain only one IdP Discovery Policy
idpDiscoveryPolicy, err := policy.GetPolicy(ctx, &policy.GetPolicyArgs{
Name: "Idp Discovery Policy",
Type: "IDP_DISCOVERY",
}, nil)
if err != nil {
return err
}
_, err = policy.NewRuleIdpDiscovery(ctx, "example", &policy.RuleIdpDiscoveryArgs{
PolicyId: pulumi.String(idpDiscoveryPolicy.Id),
Name: pulumi.String("example"),
IdpId: pulumi.String("<idp id>"),
IdpType: pulumi.String("OIDC"),
NetworkConnection: pulumi.String("ANYWHERE"),
Priority: pulumi.Int(1),
Status: pulumi.String("ACTIVE"),
UserIdentifierType: pulumi.String("ATTRIBUTE"),
UserIdentifierAttribute: pulumi.String("company"),
AppExcludes: policy.RuleIdpDiscoveryAppExcludeArray{
&policy.RuleIdpDiscoveryAppExcludeArgs{
Id: pulumi.String("<app id>"),
Type: pulumi.String("APP"),
},
&policy.RuleIdpDiscoveryAppExcludeArgs{
Name: pulumi.String("yahoo_mail"),
Type: pulumi.String("APP_TYPE"),
},
},
AppIncludes: policy.RuleIdpDiscoveryAppIncludeArray{
&policy.RuleIdpDiscoveryAppIncludeArgs{
Id: pulumi.String("<app id>"),
Type: pulumi.String("APP"),
},
&policy.RuleIdpDiscoveryAppIncludeArgs{
Name: pulumi.String("<app type name>"),
Type: pulumi.String("APP_TYPE"),
},
},
PlatformIncludes: policy.RuleIdpDiscoveryPlatformIncludeArray{
&policy.RuleIdpDiscoveryPlatformIncludeArgs{
Type: pulumi.String("MOBILE"),
OsType: pulumi.String("OSX"),
},
},
UserIdentifierPatterns: policy.RuleIdpDiscoveryUserIdentifierPatternArray{
&policy.RuleIdpDiscoveryUserIdentifierPatternArgs{
MatchType: pulumi.String("EQUALS"),
Value: pulumi.String("Articulate"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
//## All Okta orgs contain only one IdP Discovery Policy
var idpDiscoveryPolicy = Okta.Policy.GetPolicy.Invoke(new()
{
Name = "Idp Discovery Policy",
Type = "IDP_DISCOVERY",
});
var example = new Okta.Policy.RuleIdpDiscovery("example", new()
{
PolicyId = idpDiscoveryPolicy.Apply(getPolicyResult => getPolicyResult.Id),
Name = "example",
IdpId = "<idp id>",
IdpType = "OIDC",
NetworkConnection = "ANYWHERE",
Priority = 1,
Status = "ACTIVE",
UserIdentifierType = "ATTRIBUTE",
UserIdentifierAttribute = "company",
AppExcludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryAppExcludeArgs
{
Id = "<app id>",
Type = "APP",
},
new Okta.Policy.Inputs.RuleIdpDiscoveryAppExcludeArgs
{
Name = "yahoo_mail",
Type = "APP_TYPE",
},
},
AppIncludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryAppIncludeArgs
{
Id = "<app id>",
Type = "APP",
},
new Okta.Policy.Inputs.RuleIdpDiscoveryAppIncludeArgs
{
Name = "<app type name>",
Type = "APP_TYPE",
},
},
PlatformIncludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryPlatformIncludeArgs
{
Type = "MOBILE",
OsType = "OSX",
},
},
UserIdentifierPatterns = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryUserIdentifierPatternArgs
{
MatchType = "EQUALS",
Value = "Articulate",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.PolicyFunctions;
import com.pulumi.okta.policy.inputs.GetPolicyArgs;
import com.pulumi.okta.policy.RuleIdpDiscovery;
import com.pulumi.okta.policy.RuleIdpDiscoveryArgs;
import com.pulumi.okta.policy.inputs.RuleIdpDiscoveryAppExcludeArgs;
import com.pulumi.okta.policy.inputs.RuleIdpDiscoveryAppIncludeArgs;
import com.pulumi.okta.policy.inputs.RuleIdpDiscoveryPlatformIncludeArgs;
import com.pulumi.okta.policy.inputs.RuleIdpDiscoveryUserIdentifierPatternArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
//## All Okta orgs contain only one IdP Discovery Policy
final var idpDiscoveryPolicy = PolicyFunctions.getPolicy(GetPolicyArgs.builder()
.name("Idp Discovery Policy")
.type("IDP_DISCOVERY")
.build());
var example = new RuleIdpDiscovery("example", RuleIdpDiscoveryArgs.builder()
.policyId(idpDiscoveryPolicy.applyValue(getPolicyResult -> getPolicyResult.id()))
.name("example")
.idpId("<idp id>")
.idpType("OIDC")
.networkConnection("ANYWHERE")
.priority(1)
.status("ACTIVE")
.userIdentifierType("ATTRIBUTE")
.userIdentifierAttribute("company")
.appExcludes(
RuleIdpDiscoveryAppExcludeArgs.builder()
.id("<app id>")
.type("APP")
.build(),
RuleIdpDiscoveryAppExcludeArgs.builder()
.name("yahoo_mail")
.type("APP_TYPE")
.build())
.appIncludes(
RuleIdpDiscoveryAppIncludeArgs.builder()
.id("<app id>")
.type("APP")
.build(),
RuleIdpDiscoveryAppIncludeArgs.builder()
.name("<app type name>")
.type("APP_TYPE")
.build())
.platformIncludes(RuleIdpDiscoveryPlatformIncludeArgs.builder()
.type("MOBILE")
.osType("OSX")
.build())
.userIdentifierPatterns(RuleIdpDiscoveryUserIdentifierPatternArgs.builder()
.matchType("EQUALS")
.value("Articulate")
.build())
.build());
}
}
resources:
example:
type: okta:policy:RuleIdpDiscovery
properties:
policyId: ${idpDiscoveryPolicy.id}
name: example
idpId: <idp id>
idpType: OIDC
networkConnection: ANYWHERE
priority: 1
status: ACTIVE
userIdentifierType: ATTRIBUTE
userIdentifierAttribute: company
appExcludes:
- id: <app id>
type: APP
- name: yahoo_mail
type: APP_TYPE
appIncludes:
- id: <app id>
type: APP
- name: <app type name>
type: APP_TYPE
platformIncludes:
- type: MOBILE
osType: OSX
userIdentifierPatterns:
- matchType: EQUALS
value: Articulate
variables:
### All Okta orgs contain only one IdP Discovery Policy
idpDiscoveryPolicy:
fn::invoke:
function: okta:policy:getPolicy
arguments:
name: Idp Discovery Policy
type: IDP_DISCOVERY
Create RuleIdpDiscovery Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RuleIdpDiscovery(name: string, args?: RuleIdpDiscoveryArgs, opts?: CustomResourceOptions);@overload
def RuleIdpDiscovery(resource_name: str,
args: Optional[RuleIdpDiscoveryArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def RuleIdpDiscovery(resource_name: str,
opts: Optional[ResourceOptions] = None,
app_excludes: Optional[Sequence[RuleIdpDiscoveryAppExcludeArgs]] = None,
app_includes: Optional[Sequence[RuleIdpDiscoveryAppIncludeArgs]] = None,
idp_id: Optional[str] = None,
idp_type: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
platform_includes: Optional[Sequence[RuleIdpDiscoveryPlatformIncludeArgs]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
status: Optional[str] = None,
user_identifier_attribute: Optional[str] = None,
user_identifier_patterns: Optional[Sequence[RuleIdpDiscoveryUserIdentifierPatternArgs]] = None,
user_identifier_type: Optional[str] = None)func NewRuleIdpDiscovery(ctx *Context, name string, args *RuleIdpDiscoveryArgs, opts ...ResourceOption) (*RuleIdpDiscovery, error)public RuleIdpDiscovery(string name, RuleIdpDiscoveryArgs? args = null, CustomResourceOptions? opts = null)
public RuleIdpDiscovery(String name, RuleIdpDiscoveryArgs args)
public RuleIdpDiscovery(String name, RuleIdpDiscoveryArgs args, CustomResourceOptions options)
type: okta:policy:RuleIdpDiscovery
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RuleIdpDiscoveryArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RuleIdpDiscoveryArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RuleIdpDiscoveryArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleIdpDiscoveryArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RuleIdpDiscoveryArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ruleIdpDiscoveryResource = new Okta.Policy.RuleIdpDiscovery("ruleIdpDiscoveryResource", new()
{
AppExcludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryAppExcludeArgs
{
Type = "string",
Id = "string",
Name = "string",
},
},
AppIncludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryAppIncludeArgs
{
Type = "string",
Id = "string",
Name = "string",
},
},
IdpId = "string",
IdpType = "string",
Name = "string",
NetworkConnection = "string",
NetworkExcludes = new[]
{
"string",
},
NetworkIncludes = new[]
{
"string",
},
PlatformIncludes = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryPlatformIncludeArgs
{
OsExpression = "string",
OsType = "string",
Type = "string",
},
},
PolicyId = "string",
Priority = 0,
Status = "string",
UserIdentifierAttribute = "string",
UserIdentifierPatterns = new[]
{
new Okta.Policy.Inputs.RuleIdpDiscoveryUserIdentifierPatternArgs
{
MatchType = "string",
Value = "string",
},
},
UserIdentifierType = "string",
});
example, err := policy.NewRuleIdpDiscovery(ctx, "ruleIdpDiscoveryResource", &policy.RuleIdpDiscoveryArgs{
AppExcludes: policy.RuleIdpDiscoveryAppExcludeArray{
&policy.RuleIdpDiscoveryAppExcludeArgs{
Type: pulumi.String("string"),
Id: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
AppIncludes: policy.RuleIdpDiscoveryAppIncludeArray{
&policy.RuleIdpDiscoveryAppIncludeArgs{
Type: pulumi.String("string"),
Id: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
IdpId: pulumi.String("string"),
IdpType: pulumi.String("string"),
Name: pulumi.String("string"),
NetworkConnection: pulumi.String("string"),
NetworkExcludes: pulumi.StringArray{
pulumi.String("string"),
},
NetworkIncludes: pulumi.StringArray{
pulumi.String("string"),
},
PlatformIncludes: policy.RuleIdpDiscoveryPlatformIncludeArray{
&policy.RuleIdpDiscoveryPlatformIncludeArgs{
OsExpression: pulumi.String("string"),
OsType: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
PolicyId: pulumi.String("string"),
Priority: pulumi.Int(0),
Status: pulumi.String("string"),
UserIdentifierAttribute: pulumi.String("string"),
UserIdentifierPatterns: policy.RuleIdpDiscoveryUserIdentifierPatternArray{
&policy.RuleIdpDiscoveryUserIdentifierPatternArgs{
MatchType: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
UserIdentifierType: pulumi.String("string"),
})
var ruleIdpDiscoveryResource = new RuleIdpDiscovery("ruleIdpDiscoveryResource", RuleIdpDiscoveryArgs.builder()
.appExcludes(RuleIdpDiscoveryAppExcludeArgs.builder()
.type("string")
.id("string")
.name("string")
.build())
.appIncludes(RuleIdpDiscoveryAppIncludeArgs.builder()
.type("string")
.id("string")
.name("string")
.build())
.idpId("string")
.idpType("string")
.name("string")
.networkConnection("string")
.networkExcludes("string")
.networkIncludes("string")
.platformIncludes(RuleIdpDiscoveryPlatformIncludeArgs.builder()
.osExpression("string")
.osType("string")
.type("string")
.build())
.policyId("string")
.priority(0)
.status("string")
.userIdentifierAttribute("string")
.userIdentifierPatterns(RuleIdpDiscoveryUserIdentifierPatternArgs.builder()
.matchType("string")
.value("string")
.build())
.userIdentifierType("string")
.build());
rule_idp_discovery_resource = okta.policy.RuleIdpDiscovery("ruleIdpDiscoveryResource",
app_excludes=[{
"type": "string",
"id": "string",
"name": "string",
}],
app_includes=[{
"type": "string",
"id": "string",
"name": "string",
}],
idp_id="string",
idp_type="string",
name="string",
network_connection="string",
network_excludes=["string"],
network_includes=["string"],
platform_includes=[{
"os_expression": "string",
"os_type": "string",
"type": "string",
}],
policy_id="string",
priority=0,
status="string",
user_identifier_attribute="string",
user_identifier_patterns=[{
"match_type": "string",
"value": "string",
}],
user_identifier_type="string")
const ruleIdpDiscoveryResource = new okta.policy.RuleIdpDiscovery("ruleIdpDiscoveryResource", {
appExcludes: [{
type: "string",
id: "string",
name: "string",
}],
appIncludes: [{
type: "string",
id: "string",
name: "string",
}],
idpId: "string",
idpType: "string",
name: "string",
networkConnection: "string",
networkExcludes: ["string"],
networkIncludes: ["string"],
platformIncludes: [{
osExpression: "string",
osType: "string",
type: "string",
}],
policyId: "string",
priority: 0,
status: "string",
userIdentifierAttribute: "string",
userIdentifierPatterns: [{
matchType: "string",
value: "string",
}],
userIdentifierType: "string",
});
type: okta:policy:RuleIdpDiscovery
properties:
appExcludes:
- id: string
name: string
type: string
appIncludes:
- id: string
name: string
type: string
idpId: string
idpType: string
name: string
networkConnection: string
networkExcludes:
- string
networkIncludes:
- string
platformIncludes:
- osExpression: string
osType: string
type: string
policyId: string
priority: 0
status: string
userIdentifierAttribute: string
userIdentifierPatterns:
- matchType: string
value: string
userIdentifierType: string
RuleIdpDiscovery Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The RuleIdpDiscovery resource accepts the following input properties:
- App
Excludes List<RuleIdp Discovery App Exclude> - Applications to exclude in discovery. See
app_includefor details. - App
Includes List<RuleIdp Discovery App Include> - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Idp
Id string - The identifier for the Idp the rule should route to if all conditions are met.
- Idp
Type string - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - Network
Excludes List<string> - Required if
network_connection=ZONE. Indicates the network zones to exclude. - Network
Includes List<string> - Required if
network_connection=ZONE. Indicates the network zones to include. - Platform
Includes List<RuleIdp Discovery Platform Include> - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - User
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - User
Identifier List<RulePatterns Idp Discovery User Identifier Pattern> - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- User
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- App
Excludes []RuleIdp Discovery App Exclude Args - Applications to exclude in discovery. See
app_includefor details. - App
Includes []RuleIdp Discovery App Include Args - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Idp
Id string - The identifier for the Idp the rule should route to if all conditions are met.
- Idp
Type string - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - Network
Excludes []string - Required if
network_connection=ZONE. Indicates the network zones to exclude. - Network
Includes []string - Required if
network_connection=ZONE. Indicates the network zones to include. - Platform
Includes []RuleIdp Discovery Platform Include Args - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - User
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - User
Identifier []RulePatterns Idp Discovery User Identifier Pattern Args - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- User
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes List<RuleIdp Discovery App Exclude> - Applications to exclude in discovery. See
app_includefor details. - app
Includes List<RuleIdp Discovery App Include> - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Id String - The identifier for the Idp the rule should route to if all conditions are met.
- idp
Type String - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes List<String> - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
network_connection=ZONE. Indicates the network zones to include. - platform
Includes List<RuleIdp Discovery Platform Include> - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id String - Policy ID of the Rule
- priority Integer
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier StringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user
Identifier List<RulePatterns Idp Discovery User Identifier Pattern> - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier StringType - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes RuleIdp Discovery App Exclude[] - Applications to exclude in discovery. See
app_includefor details. - app
Includes RuleIdp Discovery App Include[] - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Id string - The identifier for the Idp the rule should route to if all conditions are met.
- idp
Type string - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name string
- Policy Rule Name
- network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes string[] - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network
Includes string[] - Required if
network_connection=ZONE. Indicates the network zones to include. - platform
Includes RuleIdp Discovery Platform Include[] - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user
Identifier RulePatterns Idp Discovery User Identifier Pattern[] - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- app_
excludes Sequence[RuleIdp Discovery App Exclude Args] - Applications to exclude in discovery. See
app_includefor details. - app_
includes Sequence[RuleIdp Discovery App Include Args] - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp_
id str - The identifier for the Idp the rule should route to if all conditions are met.
- idp_
type str - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name str
- Policy Rule Name
- network_
connection str - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network_
excludes Sequence[str] - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network_
includes Sequence[str] - Required if
network_connection=ZONE. Indicates the network zones to include. - platform_
includes Sequence[RuleIdp Discovery Platform Include Args] - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy_
id str - Policy ID of the Rule
- priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status str
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user_
identifier_ strattribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user_
identifier_ Sequence[Rulepatterns Idp Discovery User Identifier Pattern Args] - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user_
identifier_ strtype - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes List<Property Map> - Applications to exclude in discovery. See
app_includefor details. - app
Includes List<Property Map> - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Id String - The identifier for the Idp the rule should route to if all conditions are met.
- idp
Type String - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes List<String> - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
network_connection=ZONE. Indicates the network zones to include. - platform
Includes List<Property Map> - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id String - Policy ID of the Rule
- priority Number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier StringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user
Identifier List<Property Map>Patterns - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier StringType - One of:
IDENTIFIER,ATTRIBUTE
Outputs
All input properties are implicitly available as output properties. Additionally, the RuleIdpDiscovery resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing RuleIdpDiscovery Resource
Get an existing RuleIdpDiscovery resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RuleIdpDiscoveryState, opts?: CustomResourceOptions): RuleIdpDiscovery@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
app_excludes: Optional[Sequence[RuleIdpDiscoveryAppExcludeArgs]] = None,
app_includes: Optional[Sequence[RuleIdpDiscoveryAppIncludeArgs]] = None,
idp_id: Optional[str] = None,
idp_type: Optional[str] = None,
name: Optional[str] = None,
network_connection: Optional[str] = None,
network_excludes: Optional[Sequence[str]] = None,
network_includes: Optional[Sequence[str]] = None,
platform_includes: Optional[Sequence[RuleIdpDiscoveryPlatformIncludeArgs]] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
status: Optional[str] = None,
user_identifier_attribute: Optional[str] = None,
user_identifier_patterns: Optional[Sequence[RuleIdpDiscoveryUserIdentifierPatternArgs]] = None,
user_identifier_type: Optional[str] = None) -> RuleIdpDiscoveryfunc GetRuleIdpDiscovery(ctx *Context, name string, id IDInput, state *RuleIdpDiscoveryState, opts ...ResourceOption) (*RuleIdpDiscovery, error)public static RuleIdpDiscovery Get(string name, Input<string> id, RuleIdpDiscoveryState? state, CustomResourceOptions? opts = null)public static RuleIdpDiscovery get(String name, Output<String> id, RuleIdpDiscoveryState state, CustomResourceOptions options)resources: _: type: okta:policy:RuleIdpDiscovery get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- App
Excludes List<RuleIdp Discovery App Exclude> - Applications to exclude in discovery. See
app_includefor details. - App
Includes List<RuleIdp Discovery App Include> - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Idp
Id string - The identifier for the Idp the rule should route to if all conditions are met.
- Idp
Type string - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - Network
Excludes List<string> - Required if
network_connection=ZONE. Indicates the network zones to exclude. - Network
Includes List<string> - Required if
network_connection=ZONE. Indicates the network zones to include. - Platform
Includes List<RuleIdp Discovery Platform Include> - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - User
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - User
Identifier List<RulePatterns Idp Discovery User Identifier Pattern> - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- User
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- App
Excludes []RuleIdp Discovery App Exclude Args - Applications to exclude in discovery. See
app_includefor details. - App
Includes []RuleIdp Discovery App Include Args - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- Idp
Id string - The identifier for the Idp the rule should route to if all conditions are met.
- Idp
Type string - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - Name string
- Policy Rule Name
- Network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - Network
Excludes []string - Required if
network_connection=ZONE. Indicates the network zones to exclude. - Network
Includes []string - Required if
network_connection=ZONE. Indicates the network zones to include. - Platform
Includes []RuleIdp Discovery Platform Include Args - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- Policy
Id string - Policy ID of the Rule
- Priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- Status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - User
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - User
Identifier []RulePatterns Idp Discovery User Identifier Pattern Args - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- User
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes List<RuleIdp Discovery App Exclude> - Applications to exclude in discovery. See
app_includefor details. - app
Includes List<RuleIdp Discovery App Include> - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Id String - The identifier for the Idp the rule should route to if all conditions are met.
- idp
Type String - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes List<String> - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
network_connection=ZONE. Indicates the network zones to include. - platform
Includes List<RuleIdp Discovery Platform Include> - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id String - Policy ID of the Rule
- priority Integer
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier StringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user
Identifier List<RulePatterns Idp Discovery User Identifier Pattern> - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier StringType - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes RuleIdp Discovery App Exclude[] - Applications to exclude in discovery. See
app_includefor details. - app
Includes RuleIdp Discovery App Include[] - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Id string - The identifier for the Idp the rule should route to if all conditions are met.
- idp
Type string - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name string
- Policy Rule Name
- network
Connection string - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes string[] - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network
Includes string[] - Required if
network_connection=ZONE. Indicates the network zones to include. - platform
Includes RuleIdp Discovery Platform Include[] - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id string - Policy ID of the Rule
- priority number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status string
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier stringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user
Identifier RulePatterns Idp Discovery User Identifier Pattern[] - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier stringType - One of:
IDENTIFIER,ATTRIBUTE
- app_
excludes Sequence[RuleIdp Discovery App Exclude Args] - Applications to exclude in discovery. See
app_includefor details. - app_
includes Sequence[RuleIdp Discovery App Include Args] - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp_
id str - The identifier for the Idp the rule should route to if all conditions are met.
- idp_
type str - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name str
- Policy Rule Name
- network_
connection str - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network_
excludes Sequence[str] - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network_
includes Sequence[str] - Required if
network_connection=ZONE. Indicates the network zones to include. - platform_
includes Sequence[RuleIdp Discovery Platform Include Args] - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy_
id str - Policy ID of the Rule
- priority int
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status str
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user_
identifier_ strattribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user_
identifier_ Sequence[Rulepatterns Idp Discovery User Identifier Pattern Args] - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user_
identifier_ strtype - One of:
IDENTIFIER,ATTRIBUTE
- app
Excludes List<Property Map> - Applications to exclude in discovery. See
app_includefor details. - app
Includes List<Property Map> - Applications to include in discovery rule. - 'id' - (Optional) Use if 'type' is 'APP' to indicate the application id to include. - 'name' - (Optional) Use if the 'type' is 'APP_TYPE' to indicate the type of application(s) to include in instances where an entire group (i.e. 'yahoo_mail') of applications should be included. - 'type' - (Required) One of: 'APP', 'APP_TYPE'
- idp
Id String - The identifier for the Idp the rule should route to if all conditions are met.
- idp
Type String - Type of Idp. One of:
SAML2,IWA,AgentlessDSSO,X509,FACEBOOK,GOOGLE,LINKEDIN,MICROSOFT,OIDC. Default:OKTA - name String
- Policy Rule Name
- network
Connection String - Network selection mode:
ANYWHERE,ZONE,ON_NETWORK, orOFF_NETWORK. Default:ANYWHERE - network
Excludes List<String> - Required if
network_connection=ZONE. Indicates the network zones to exclude. - network
Includes List<String> - Required if
network_connection=ZONE. Indicates the network zones to include. - platform
Includes List<Property Map> - Platform to include in discovery rule. - 'type' - (Optional) One of: 'ANY', 'MOBILE', 'DESKTOP' - 'os_expression - (Optional) Only available when using os_type = 'OTHER' - 'os_type' - (Optional) One of: 'ANY', 'IOS', 'WINDOWS', 'ANDROID', 'OTHER', 'OSX'
- policy
Id String - Policy ID of the Rule
- priority Number
- Rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
- status String
- Policy Rule Status:
ACTIVEorINACTIVE. Default:ACTIVE - user
Identifier StringAttribute - Profile attribute matching can only have a single value that describes the type indicated in
user_identifier_type. This is the attribute or identifier that theuser_identifier_patternsare checked against. - user
Identifier List<Property Map>Patterns - Specifies a User Identifier pattern condition to match against. If 'match_type' of 'EXPRESSION' is used, only a single element can be set, otherwise multiple elements of matching patterns may be provided. - 'match_type' - (Optional) The kind of pattern. For regex, use 'EXPRESSION'. For simple string matches, use one of the following: 'SUFFIX', 'EQUALS', 'STARTS_WITH', 'CONTAINS' - 'value' - (Optional) The regex or simple match string to match against.
- user
Identifier StringType - One of:
IDENTIFIER,ATTRIBUTE
Supporting Types
RuleIdpDiscoveryAppExclude, RuleIdpDiscoveryAppExcludeArgs
RuleIdpDiscoveryAppInclude, RuleIdpDiscoveryAppIncludeArgs
RuleIdpDiscoveryPlatformInclude, RuleIdpDiscoveryPlatformIncludeArgs
- Os
Expression string - Only available with OTHER OS type
- Os
Type string - Type string
- Os
Expression string - Only available with OTHER OS type
- Os
Type string - Type string
- os
Expression String - Only available with OTHER OS type
- os
Type String - type String
- os
Expression string - Only available with OTHER OS type
- os
Type string - type string
- os_
expression str - Only available with OTHER OS type
- os_
type str - type str
- os
Expression String - Only available with OTHER OS type
- os
Type String - type String
RuleIdpDiscoveryUserIdentifierPattern, RuleIdpDiscoveryUserIdentifierPatternArgs
- match_
type str - value str
Import
$ pulumi import okta:policy/ruleIdpDiscovery:RuleIdpDiscovery example <policy_id>/<rule_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oktaTerraform Provider.