policy_rules
Creates, updates, deletes, gets or lists a policy_rules resource.
Overview
| Name | policy_rules |
| Type | Resource |
| Id | okta.policies.policy_rules |
Fields
The following fields are returned by SELECT queries:
- list_policy_rules
- get_policy_rule
| Name | Datatype | Description |
|---|---|---|
id | string | Identifier for the rule |
name | string | Name of the rule |
_links | object | |
created | string (date-time) | Timestamp when the rule was created |
lastUpdated | string (date-time) | Timestamp when the rule was last modified |
priority | integer | Priority of the rule |
status | string | Whether or not the rule is active. Use the activate query parameter to set the status of a rule. |
system | boolean | Specifies whether Okta created the policy rule (system=true). You can't delete policy rules that have system set to true. |
type | string | Rule type |
| Name | Datatype | Description |
|---|---|---|
id | string | Identifier for the rule |
name | string | Name of the rule |
_links | object | |
created | string (date-time) | Timestamp when the rule was created |
lastUpdated | string (date-time) | Timestamp when the rule was last modified |
priority | integer | Priority of the rule |
status | string | Whether or not the rule is active. Use the activate query parameter to set the status of a rule. |
system | boolean | Specifies whether Okta created the policy rule (system=true). You can't delete policy rules that have system set to true. |
type | string | Rule type |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_policy_rules | select | subdomain | Lists all policy rules | |
get_policy_rule | select | subdomain | Retrieves a policy rule | |
create_policy_rule | insert | subdomain | activate | Creates a policy rule > Note: You can't create additional rules for the PROFILE_ENROLLMENT or POST_AUTH_SESSION policies. |
replace_policy_rule | replace | subdomain | Replaces the properties for a policy rule identified by policyId and ruleId | |
delete_policy_rule | delete | subdomain | Deletes a policy rule identified by policyId and ruleId | |
activate_policy_rule | exec | subdomain | Activates a policy rule identified by policyId and ruleId | |
deactivate_policy_rule | exec | subdomain | Deactivates a policy rule identified by policyId and ruleId |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
activate | boolean | Set this parameter to false to create an INACTIVE rule. |
SELECT examples
- list_policy_rules
- get_policy_rule
Lists all policy rules
SELECT
id,
name,
_links,
created,
lastUpdated,
priority,
status,
system,
type
FROM okta.policies.policy_rules
WHERE subdomain = '{{ subdomain }}' -- required
;
Retrieves a policy rule
SELECT
id,
name,
_links,
created,
lastUpdated,
priority,
status,
system,
type
FROM okta.policies.policy_rules
WHERE subdomain = '{{ subdomain }}' -- required
;
INSERT examples
- create_policy_rule
- Manifest
Creates a policy rule
> Note: You can't create additional rules for the PROFILE_ENROLLMENT or POST_AUTH_SESSION policies.
INSERT INTO okta.policies.policy_rules (
data__name,
data__priority,
data__status,
data__system,
data__type,
subdomain,
activate
)
SELECT
'{{ name }}',
{{ priority }},
'{{ status }}',
{{ system }},
'{{ type }}',
'{{ subdomain }}',
'{{ activate }}'
RETURNING
id,
name,
_links,
created,
lastUpdated,
priority,
status,
system,
type
;
# Description fields are for documentation purposes
- name: policy_rules
props:
- name: subdomain
value: string
description: Required parameter for the policy_rules resource.
- name: name
value: string
description: >
Name of the rule
- name: priority
value: integer
description: >
Priority of the rule
- name: status
value: string
description: >
Whether or not the rule is active. Use the `activate` query parameter to set the status of a rule.
valid_values: ['ACTIVE', 'INACTIVE']
- name: system
value: boolean
description: >
Specifies whether Okta created the policy rule (`system=true`). You can't delete policy rules that have `system` set to `true`.
default: false
- name: type
value: string
description: >
Rule type
valid_values: ['ACCESS_POLICY', 'DEVICE_SIGNAL_COLLECTION', 'ENTITY_RISK', 'IDP_DISCOVERY', 'MFA_ENROLL', 'PASSWORD', 'POST_AUTH_SESSION', 'PROFILE_ENROLLMENT', 'SIGN_ON']
- name: activate
value: boolean
description: Set this parameter to `false` to create an `INACTIVE` rule.
REPLACE examples
- replace_policy_rule
Replaces the properties for a policy rule identified by policyId and ruleId
REPLACE okta.policies.policy_rules
SET
data__name = '{{ name }}',
data__priority = {{ priority }},
data__status = '{{ status }}',
data__system = {{ system }},
data__type = '{{ type }}'
WHERE
subdomain = '{{ subdomain }}' --required
RETURNING
id,
name,
_links,
created,
lastUpdated,
priority,
status,
system,
type
;
DELETE examples
- delete_policy_rule
Deletes a policy rule identified by policyId and ruleId
DELETE FROM okta.policies.policy_rules
WHERE subdomain = '{{ subdomain }}' --required
;
Lifecycle Methods
- activate_policy_rule
- deactivate_policy_rule
Activates a policy rule identified by policyId and ruleId
EXEC okta.policies.policy_rules.activate_policy_rule
@subdomain='{{ subdomain }}' --required
;
Deactivates a policy rule identified by policyId and ruleId
EXEC okta.policies.policy_rules.deactivate_policy_rule
@subdomain='{{ subdomain }}' --required
;