rules
Creates, updates, deletes, gets or lists a rules resource.
Overview
| Name | rules |
| Type | Resource |
| Id | okta.groups.rules |
Fields
The following fields are returned by SELECT queries:
- list_group_rules
- get_group_rule
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the group rule |
name | string | Name of the group rule |
actions | object | Defines which users and groups to assign |
conditions | object | Defines group rule conditions |
created | string (date-time) | Creation date for group rule |
lastUpdated | string (date-time) | Date group rule was last updated |
status | string | Status of group rule |
type | string | Type to indicate a group rule operation. Only group_rule is allowed. |
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the group rule |
name | string | Name of the group rule |
actions | object | Defines which users and groups to assign |
conditions | object | Defines group rule conditions |
created | string (date-time) | Creation date for group rule |
lastUpdated | string (date-time) | Date group rule was last updated |
status | string | Status of group rule |
type | string | Type to indicate a group rule operation. Only group_rule is allowed. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_group_rules | select | subdomain | limit, after, search, expand | Lists all group rules for your org |
get_group_rule | select | subdomain | expand | Retrieves a specific group rule by ID from your org |
create_group_rule | insert | subdomain | Creates a group rule to dynamically add users to the specified group if they match the condition > Note: Group rules are created with the status set to 'INACTIVE'. | |
replace_group_rule | replace | subdomain | Replaces a group rule > Notes: You can only update rules with a group whose status is set to 'INACTIVE'.> > You currently can't update the action section. | |
delete_group_rule | delete | subdomain | removeUsers | Deletes a specific group rule by groupRuleId |
activate_group_rule | exec | subdomain | Activates a specific group rule by ID from your org | |
deactivate_group_rule | exec | subdomain | Deactivates a specific group rule by ID from your org |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
after | string | Specifies the pagination cursor for the next page of rules |
expand | string | If specified as groupIdToGroupNameMap, then show group names |
limit | integer (int32) | Specifies the number of rule results in a page |
removeUsers | boolean | If set to true, removes users from groups assigned by this rule |
search | string | Specifies the keyword to search rules for |
SELECT examples
- list_group_rules
- get_group_rule
Lists all group rules for your org
SELECT
id,
name,
actions,
conditions,
created,
lastUpdated,
status,
type
FROM okta.groups.rules
WHERE subdomain = '{{ subdomain }}' -- required
AND limit = '{{ limit }}'
AND after = '{{ after }}'
AND search = '{{ search }}'
AND expand = '{{ expand }}';
Retrieves a specific group rule by ID from your org
SELECT
id,
name,
actions,
conditions,
created,
lastUpdated,
status,
type
FROM okta.groups.rules
WHERE subdomain = '{{ subdomain }}' -- required
AND expand = '{{ expand }}';
INSERT examples
- create_group_rule
- Manifest
Creates a group rule to dynamically add users to the specified group if they match the condition
> Note: Group rules are created with the status set to 'INACTIVE'.
INSERT INTO okta.groups.rules (
data__actions,
data__conditions,
data__name,
data__type,
subdomain
)
SELECT
'{{ actions }}',
'{{ conditions }}',
'{{ name }}',
'{{ type }}',
'{{ subdomain }}'
RETURNING
id,
name,
actions,
conditions,
created,
lastUpdated,
status,
type
;
# Description fields are for documentation purposes
- name: rules
props:
- name: subdomain
value: string
description: Required parameter for the rules resource.
- name: actions
value: object
description: >
Defines which users and groups to assign
- name: conditions
value: object
description: >
Defines group rule conditions
- name: name
value: string
description: >
Name of the group rule
- name: type
value: string
valid_values: ['group_rule']
REPLACE examples
- replace_group_rule
Replaces a group rule
> Notes: You can only update rules with a group whose status is set to 'INACTIVE'.
>
> You currently can't update the action section.
REPLACE okta.groups.rules
SET
data__actions = '{{ actions }}',
data__conditions = '{{ conditions }}',
data__name = '{{ name }}',
data__status = '{{ status }}',
data__type = '{{ type }}'
WHERE
subdomain = '{{ subdomain }}' --required
RETURNING
id,
name,
actions,
conditions,
created,
lastUpdated,
status,
type;
DELETE examples
- delete_group_rule
Deletes a specific group rule by groupRuleId
DELETE FROM okta.groups.rules
WHERE subdomain = '{{ subdomain }}' --required
AND removeUsers = '{{ removeUsers }}';
Lifecycle Methods
- activate_group_rule
- deactivate_group_rule
Activates a specific group rule by ID from your org
EXEC okta.groups.rules.activate_group_rule
@subdomain='{{ subdomain }}' --required;
Deactivates a specific group rule by ID from your org
EXEC okta.groups.rules.deactivate_group_rule
@subdomain='{{ subdomain }}' --required;