Okta v4.16.0, Apr 9 25

Okta v4.16.0 published on Wednesday, Apr 9, 2025 by Pulumi

okta.auth.ServerPolicyClaim

Explore with Pulumi AI

Okta v4.16.0 published on Wednesday, Apr 9, 2025 by Pulumi

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.auth.ServerPolicyRule("example", {
    authServerId: "<auth server id>",
    policyId: "<auth server policy id>",
    status: "ACTIVE",
    name: "example",
    priority: 1,
    groupWhitelists: ["<group ids>"],
    grantTypeWhitelists: ["implicit"],
});

import pulumi
import pulumi_okta as okta

example = okta.auth.ServerPolicyRule("example",
    auth_server_id="<auth server id>",
    policy_id="<auth server policy id>",
    status="ACTIVE",
    name="example",
    priority=1,
    group_whitelists=["<group ids>"],
    grant_type_whitelists=["implicit"])

package main

import (
	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/auth"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth.NewServerPolicyRule(ctx, "example", &auth.ServerPolicyRuleArgs{
			AuthServerId: pulumi.String("<auth server id>"),
			PolicyId:     pulumi.String("<auth server policy id>"),
			Status:       pulumi.String("ACTIVE"),
			Name:         pulumi.String("example"),
			Priority:     pulumi.Int(1),
			GroupWhitelists: pulumi.StringArray{
				pulumi.String("<group ids>"),
			},
			GrantTypeWhitelists: pulumi.StringArray{
				pulumi.String("implicit"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;

return await Deployment.RunAsync(() => 
{
    var example = new Okta.Auth.ServerPolicyRule("example", new()
    {
        AuthServerId = "<auth server id>",
        PolicyId = "<auth server policy id>",
        Status = "ACTIVE",
        Name = "example",
        Priority = 1,
        GroupWhitelists = new[]
        {
            "<group ids>",
        },
        GrantTypeWhitelists = new[]
        {
            "implicit",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.auth.ServerPolicyRule;
import com.pulumi.okta.auth.ServerPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ServerPolicyRule("example", ServerPolicyRuleArgs.builder()
            .authServerId("<auth server id>")
            .policyId("<auth server policy id>")
            .status("ACTIVE")
            .name("example")
            .priority(1)
            .groupWhitelists("<group ids>")
            .grantTypeWhitelists("implicit")
            .build());

    }
}

resources:
  example:
    type: okta:auth:ServerPolicyRule
    properties:
      authServerId: <auth server id>
      policyId: <auth server policy id>
      status: ACTIVE
      name: example
      priority: 1
      groupWhitelists:
        - <group ids>
      grantTypeWhitelists:
        - implicit

Create ServerPolicyClaim Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new ServerPolicyClaim(name: string, args: ServerPolicyClaimArgs, opts?: CustomResourceOptions);

@overload
def ServerPolicyClaim(resource_name: str,
                      args: ServerPolicyClaimArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def ServerPolicyClaim(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      access_token_lifetime_minutes: Optional[int] = None,
                      auth_server_id: Optional[str] = None,
                      grant_type_whitelists: Optional[Sequence[str]] = None,
                      group_blacklists: Optional[Sequence[str]] = None,
                      group_whitelists: Optional[Sequence[str]] = None,
                      inline_hook_id: Optional[str] = None,
                      name: Optional[str] = None,
                      policy_id: Optional[str] = None,
                      priority: Optional[int] = None,
                      refresh_token_lifetime_minutes: Optional[int] = None,
                      refresh_token_window_minutes: Optional[int] = None,
                      scope_whitelists: Optional[Sequence[str]] = None,
                      status: Optional[str] = None,
                      type: Optional[str] = None,
                      user_blacklists: Optional[Sequence[str]] = None,
                      user_whitelists: Optional[Sequence[str]] = None)

func NewServerPolicyClaim(ctx *Context, name string, args ServerPolicyClaimArgs, opts ...ResourceOption) (*ServerPolicyClaim, error)

public ServerPolicyClaim(string name, ServerPolicyClaimArgs args, CustomResourceOptions? opts = null)

public ServerPolicyClaim(String name, ServerPolicyClaimArgs args)
public ServerPolicyClaim(String name, ServerPolicyClaimArgs args, CustomResourceOptions options)

type: okta:auth:ServerPolicyClaim
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ServerPolicyClaimArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ServerPolicyClaimArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ServerPolicyClaimArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ServerPolicyClaimArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ServerPolicyClaimArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

ServerPolicyClaim Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ServerPolicyClaim resource accepts the following input properties:

AuthServerId string: Auth server ID
GrantTypeWhitelists List<string>: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
PolicyId string: Auth server policy ID
Priority int: Priority of the auth server policy rule
AccessTokenLifetimeMinutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
GroupBlacklists List<string>: Specifies a set of Groups whose Users are to be excluded.
GroupWhitelists List<string>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
InlineHookId string: The ID of the inline token to trigger.
Name string: Auth server policy rule name
RefreshTokenLifetimeMinutes int: Lifetime of refresh token.
RefreshTokenWindowMinutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
ScopeWhitelists List<string>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
Status string: Default to ACTIVE
Type string: Auth server policy rule type, unlikely this will be anything other then the default
UserBlacklists List<string>: Specifies a set of Users to be excluded.
UserWhitelists List<string>: Specifies a set of Users to be included.

AuthServerId string: Auth server ID
GrantTypeWhitelists []string: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
PolicyId string: Auth server policy ID
Priority int: Priority of the auth server policy rule
AccessTokenLifetimeMinutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
GroupBlacklists []string: Specifies a set of Groups whose Users are to be excluded.
GroupWhitelists []string: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
InlineHookId string: The ID of the inline token to trigger.
Name string: Auth server policy rule name
RefreshTokenLifetimeMinutes int: Lifetime of refresh token.
RefreshTokenWindowMinutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
ScopeWhitelists []string: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
Status string: Default to ACTIVE
Type string: Auth server policy rule type, unlikely this will be anything other then the default
UserBlacklists []string: Specifies a set of Users to be excluded.
UserWhitelists []string: Specifies a set of Users to be included.

authServerId String: Auth server ID
grantTypeWhitelists List<String>: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
policyId String: Auth server policy ID
priority Integer: Priority of the auth server policy rule
accessTokenLifetimeMinutes Integer: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
groupBlacklists List<String>: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists List<String>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inlineHookId String: The ID of the inline token to trigger.
name String: Auth server policy rule name
refreshTokenLifetimeMinutes Integer: Lifetime of refresh token.
refreshTokenWindowMinutes Integer: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scopeWhitelists List<String>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status String: Default to ACTIVE
type String: Auth server policy rule type, unlikely this will be anything other then the default
userBlacklists List<String>: Specifies a set of Users to be excluded.
userWhitelists List<String>: Specifies a set of Users to be included.

authServerId string: Auth server ID
grantTypeWhitelists string[]: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
policyId string: Auth server policy ID
priority number: Priority of the auth server policy rule
accessTokenLifetimeMinutes number: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
groupBlacklists string[]: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists string[]: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inlineHookId string: The ID of the inline token to trigger.
name string: Auth server policy rule name
refreshTokenLifetimeMinutes number: Lifetime of refresh token.
refreshTokenWindowMinutes number: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scopeWhitelists string[]: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status string: Default to ACTIVE
type string: Auth server policy rule type, unlikely this will be anything other then the default
userBlacklists string[]: Specifies a set of Users to be excluded.
userWhitelists string[]: Specifies a set of Users to be included.

auth_server_id str: Auth server ID
grant_type_whitelists Sequence[str]: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
policy_id str: Auth server policy ID
priority int: Priority of the auth server policy rule
access_token_lifetime_minutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
group_blacklists Sequence[str]: Specifies a set of Groups whose Users are to be excluded.
group_whitelists Sequence[str]: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inline_hook_id str: The ID of the inline token to trigger.
name str: Auth server policy rule name
refresh_token_lifetime_minutes int: Lifetime of refresh token.
refresh_token_window_minutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scope_whitelists Sequence[str]: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status str: Default to ACTIVE
type str: Auth server policy rule type, unlikely this will be anything other then the default
user_blacklists Sequence[str]: Specifies a set of Users to be excluded.
user_whitelists Sequence[str]: Specifies a set of Users to be included.

authServerId String: Auth server ID
grantTypeWhitelists List<String>: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
policyId String: Auth server policy ID
priority Number: Priority of the auth server policy rule
accessTokenLifetimeMinutes Number: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
groupBlacklists List<String>: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists List<String>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inlineHookId String: The ID of the inline token to trigger.
name String: Auth server policy rule name
refreshTokenLifetimeMinutes Number: Lifetime of refresh token.
refreshTokenWindowMinutes Number: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scopeWhitelists List<String>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status String: Default to ACTIVE
type String: Auth server policy rule type, unlikely this will be anything other then the default
userBlacklists List<String>: Specifies a set of Users to be excluded.
userWhitelists List<String>: Specifies a set of Users to be included.

Outputs

All input properties are implicitly available as output properties. Additionally, the ServerPolicyClaim resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
System bool: The rule is the system (default) rule for its associated policy

Id string: The provider-assigned unique ID for this managed resource.
System bool: The rule is the system (default) rule for its associated policy

id String: The provider-assigned unique ID for this managed resource.
system Boolean: The rule is the system (default) rule for its associated policy

id string: The provider-assigned unique ID for this managed resource.
system boolean: The rule is the system (default) rule for its associated policy

id str: The provider-assigned unique ID for this managed resource.
system bool: The rule is the system (default) rule for its associated policy

id String: The provider-assigned unique ID for this managed resource.
system Boolean: The rule is the system (default) rule for its associated policy

Look up Existing ServerPolicyClaim Resource

Get an existing ServerPolicyClaim resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: ServerPolicyClaimState, opts?: CustomResourceOptions): ServerPolicyClaim

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_token_lifetime_minutes: Optional[int] = None,
        auth_server_id: Optional[str] = None,
        grant_type_whitelists: Optional[Sequence[str]] = None,
        group_blacklists: Optional[Sequence[str]] = None,
        group_whitelists: Optional[Sequence[str]] = None,
        inline_hook_id: Optional[str] = None,
        name: Optional[str] = None,
        policy_id: Optional[str] = None,
        priority: Optional[int] = None,
        refresh_token_lifetime_minutes: Optional[int] = None,
        refresh_token_window_minutes: Optional[int] = None,
        scope_whitelists: Optional[Sequence[str]] = None,
        status: Optional[str] = None,
        system: Optional[bool] = None,
        type: Optional[str] = None,
        user_blacklists: Optional[Sequence[str]] = None,
        user_whitelists: Optional[Sequence[str]] = None) -> ServerPolicyClaim

func GetServerPolicyClaim(ctx *Context, name string, id IDInput, state *ServerPolicyClaimState, opts ...ResourceOption) (*ServerPolicyClaim, error)

public static ServerPolicyClaim Get(string name, Input<string> id, ServerPolicyClaimState? state, CustomResourceOptions? opts = null)

public static ServerPolicyClaim get(String name, Output<String> id, ServerPolicyClaimState state, CustomResourceOptions options)

resources:  _:    type: okta:auth:ServerPolicyClaim    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessTokenLifetimeMinutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
AuthServerId string: Auth server ID
GrantTypeWhitelists List<string>: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
GroupBlacklists List<string>: Specifies a set of Groups whose Users are to be excluded.
GroupWhitelists List<string>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
InlineHookId string: The ID of the inline token to trigger.
Name string: Auth server policy rule name
PolicyId string: Auth server policy ID
Priority int: Priority of the auth server policy rule
RefreshTokenLifetimeMinutes int: Lifetime of refresh token.
RefreshTokenWindowMinutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
ScopeWhitelists List<string>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
Status string: Default to ACTIVE
System bool: The rule is the system (default) rule for its associated policy
Type string: Auth server policy rule type, unlikely this will be anything other then the default
UserBlacklists List<string>: Specifies a set of Users to be excluded.
UserWhitelists List<string>: Specifies a set of Users to be included.

AccessTokenLifetimeMinutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
AuthServerId string: Auth server ID
GrantTypeWhitelists []string: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
GroupBlacklists []string: Specifies a set of Groups whose Users are to be excluded.
GroupWhitelists []string: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
InlineHookId string: The ID of the inline token to trigger.
Name string: Auth server policy rule name
PolicyId string: Auth server policy ID
Priority int: Priority of the auth server policy rule
RefreshTokenLifetimeMinutes int: Lifetime of refresh token.
RefreshTokenWindowMinutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
ScopeWhitelists []string: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
Status string: Default to ACTIVE
System bool: The rule is the system (default) rule for its associated policy
Type string: Auth server policy rule type, unlikely this will be anything other then the default
UserBlacklists []string: Specifies a set of Users to be excluded.
UserWhitelists []string: Specifies a set of Users to be included.

accessTokenLifetimeMinutes Integer: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
authServerId String: Auth server ID
grantTypeWhitelists List<String>: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
groupBlacklists List<String>: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists List<String>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inlineHookId String: The ID of the inline token to trigger.
name String: Auth server policy rule name
policyId String: Auth server policy ID
priority Integer: Priority of the auth server policy rule
refreshTokenLifetimeMinutes Integer: Lifetime of refresh token.
refreshTokenWindowMinutes Integer: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scopeWhitelists List<String>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status String: Default to ACTIVE
system Boolean: The rule is the system (default) rule for its associated policy
type String: Auth server policy rule type, unlikely this will be anything other then the default
userBlacklists List<String>: Specifies a set of Users to be excluded.
userWhitelists List<String>: Specifies a set of Users to be included.

accessTokenLifetimeMinutes number: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
authServerId string: Auth server ID
grantTypeWhitelists string[]: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
groupBlacklists string[]: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists string[]: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inlineHookId string: The ID of the inline token to trigger.
name string: Auth server policy rule name
policyId string: Auth server policy ID
priority number: Priority of the auth server policy rule
refreshTokenLifetimeMinutes number: Lifetime of refresh token.
refreshTokenWindowMinutes number: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scopeWhitelists string[]: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status string: Default to ACTIVE
system boolean: The rule is the system (default) rule for its associated policy
type string: Auth server policy rule type, unlikely this will be anything other then the default
userBlacklists string[]: Specifies a set of Users to be excluded.
userWhitelists string[]: Specifies a set of Users to be included.

access_token_lifetime_minutes int: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
auth_server_id str: Auth server ID
grant_type_whitelists Sequence[str]: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
group_blacklists Sequence[str]: Specifies a set of Groups whose Users are to be excluded.
group_whitelists Sequence[str]: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inline_hook_id str: The ID of the inline token to trigger.
name str: Auth server policy rule name
policy_id str: Auth server policy ID
priority int: Priority of the auth server policy rule
refresh_token_lifetime_minutes int: Lifetime of refresh token.
refresh_token_window_minutes int: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scope_whitelists Sequence[str]: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status str: Default to ACTIVE
system bool: The rule is the system (default) rule for its associated policy
type str: Auth server policy rule type, unlikely this will be anything other then the default
user_blacklists Sequence[str]: Specifies a set of Users to be excluded.
user_whitelists Sequence[str]: Specifies a set of Users to be included.

accessTokenLifetimeMinutes Number: Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is 60.
authServerId String: Auth server ID
grantTypeWhitelists List<String>: Accepted grant type values, authorization_code, implicit, password, client_credentials, urn:ietf:params:oauth:grant-type:saml2-bearer (Early Access Property), urn:ietf:params:oauth:grant-type:token-exchange (Early Access Property),urn:ietf:params:oauth:grant-type:device_code (Early Access Property), interaction_code (OIE only). For implicit value either user_whitelist or group_whitelist should be set.
groupBlacklists List<String>: Specifies a set of Groups whose Users are to be excluded.
groupWhitelists List<String>: Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: EVERYONE.
inlineHookId String: The ID of the inline token to trigger.
name String: Auth server policy rule name
policyId String: Auth server policy ID
priority Number: Priority of the auth server policy rule
refreshTokenLifetimeMinutes Number: Lifetime of refresh token.
refreshTokenWindowMinutes Number: Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is 10080 (7 days).refresh_token_window_minutes must be between access_token_lifetime_minutes and refresh_token_lifetime_minutes.
scopeWhitelists List<String>: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with *
status String: Default to ACTIVE
system Boolean: The rule is the system (default) rule for its associated policy
type String: Auth server policy rule type, unlikely this will be anything other then the default
userBlacklists List<String>: Specifies a set of Users to be excluded.
userWhitelists List<String>: Specifies a set of Users to be included.

Import

$ pulumi import okta:auth/serverPolicyClaim:ServerPolicyClaim example <auth_server_id>/<policy_id>/<policy_rule_id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Okta pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

Okta v4.16.0 published on Wednesday, Apr 9, 2025 by Pulumi

pulumi/pulumi-okta

okta.auth.ServerPolicyClaim

On this page

On this page

Example Usage

Create ServerPolicyClaim Resource

Constructor syntax

Parameters

ServerPolicyClaim Resource Properties

Inputs

Outputs

Look up Existing ServerPolicyClaim Resource

Import

Package Details

On this page

On this page