@pulumi/okta 4.6.2 → 4.6.3

package/policy/ruleIdpDiscovery.d.ts

@@ -1,6 +1,71 @@
 import * as pulumi from "@pulumi/pulumi";
 import * as inputs from "../types/input";
 import * as outputs from "../types/output";
+/**
+ * This resource allows you to create and configure an IdP Discovery Policy Rule.
+ *
+ * > If you receive the error `You do not have permission to access the feature
+ * you are requesting` contact support and
+ * request feature flag `ADVANCED_SSO` be applied to your org.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as okta from "@pulumi/okta";
+ *
+ * const idpDiscoveryPolicy = okta.policy.getPolicy({
+ *     name: "Idp Discovery Policy",
+ *     type: "IDP_DISCOVERY",
+ * });
+ * const example = new okta.policy.RuleIdpDiscovery("example", {
+ *     policyId: idpDiscoveryPolicy.then(idpDiscoveryPolicy => idpDiscoveryPolicy.id),
+ *     idpId: "<idp id>",
+ *     idpType: "OIDC",
+ *     networkConnection: "ANYWHERE",
+ *     priority: 1,
+ *     status: "ACTIVE",
+ *     userIdentifierType: "ATTRIBUTE",
+ *     userIdentifierAttribute: "company",
+ *     appExcludes: [
+ *         {
+ *             id: "<app id>",
+ *             type: "APP",
+ *         },
+ *         {
+ *             name: "yahoo_mail",
+ *             type: "APP_TYPE",
+ *         },
+ *     ],
+ *     appIncludes: [
+ *         {
+ *             id: "<app id>",
+ *             type: "APP",
+ *         },
+ *         {
+ *             name: "<app type name>",
+ *             type: "APP_TYPE",
+ *         },
+ *     ],
+ *     platformIncludes: [{
+ *         type: "MOBILE",
+ *         osType: "OSX",
+ *     }],
+ *     userIdentifierPatterns: [{
+ *         matchType: "EQUALS",
+ *         value: "Articulate",
+ *     }],
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * A Policy Rule can be imported via the Policy and Rule ID.
+ *
+ * ```sh
+ *  $ pulumi import okta:policy/ruleIdpDiscovery:RuleIdpDiscovery example &#60;policy id&#62;/&#60;rule id&#62;
+ * ```
+ */
 export declare class RuleIdpDiscovery extends pulumi.CustomResource {
     /**
      * Get an existing RuleIdpDiscovery resource's state with the given name, ID, and optional extra
@@ -18,46 +83,65 @@ export declare class RuleIdpDiscovery extends pulumi.CustomResource {
      */
     static isInstance(obj: any): obj is RuleIdpDiscovery;
     /**
-     * Applications to exclude in discovery rule
+     * Applications to exclude in discovery. See `appInclude` for details.
+     *
+     * ```typescript
+     * import * as pulumi from "@pulumi/pulumi";
+     * ```
      */
     readonly appExcludes: pulumi.Output<outputs.policy.RuleIdpDiscoveryAppExclude[] | undefined>;
     /**
-     * Applications to include in discovery rule
+     * Applications to include in discovery rule.
      */
     readonly appIncludes: pulumi.Output<outputs.policy.RuleIdpDiscoveryAppInclude[] | undefined>;
+    /**
+     * The identifier for the Idp the rule should route to if all conditions are met.
+     */
     readonly idpId: pulumi.Output<string | undefined>;
+    /**
+     * Type of Idp. One of: `"SAML2"`, `"IWA"`, `"AgentlessDSSO"`, `"X509"`, `"FACEBOOK"`, `"GOOGLE"`, `"LINKEDIN"`, `"MICROSOFT"`, `"OIDC"`
+     */
     readonly idpType: pulumi.Output<string | undefined>;
     /**
-     * Policy Rule Name
+     * Use if the `type` is `"APP_TYPE"` to indicate the type of application(s) to include in instances where an entire group (i.e. `yahooMail`) of applications should be included.
      */
     readonly name: pulumi.Output<string>;
     /**
-     * Network selection mode: ANYWHERE, ZONE, ON*NETWORK, or OFF*NETWORK.
+     * The network selection mode. One of `"ANYWEHRE"` or `"ZONE"`.
      */
     readonly networkConnection: pulumi.Output<string | undefined>;
     /**
-     * The zones to exclude
+     * Required if `networkConnection` = `"ZONE"`. Indicates the network zones to exclude.
      */
     readonly networkExcludes: pulumi.Output<string[] | undefined>;
     /**
-     * The zones to include
+     * Required if `networkConnection` = `"ZONE"`. Indicates the network zones to include.
      */
     readonly networkIncludes: pulumi.Output<string[] | undefined>;
     readonly platformIncludes: pulumi.Output<outputs.policy.RuleIdpDiscoveryPlatformInclude[] | undefined>;
     /**
-     * Policy ID of the Rule
+     * Policy ID.
      */
     readonly policyId: pulumi.Output<string | undefined>;
     /**
-     * Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
+     * Idp rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
      */
     readonly priority: pulumi.Output<number | undefined>;
     /**
-     * Policy Rule Status: ACTIVE or INACTIVE.
+     * Idp rule status: `"ACTIVE"` or `"INACTIVE"`. By default, it is `"ACTIVE"`.
      */
     readonly status: pulumi.Output<string | undefined>;
+    /**
+     * Profile attribute matching can only have a single value that describes the type indicated in `userIdentifierType`. This is the attribute or identifier that the `userIdentifierPatterns` are checked against.
+     */
     readonly userIdentifierAttribute: pulumi.Output<string | undefined>;
+    /**
+     * Specifies a User Identifier pattern condition to match against. If `matchType` of `"EXPRESSION"` is used, only a *single* element can be set, otherwise multiple elements of matching patterns may be provided.
+     */
     readonly userIdentifierPatterns: pulumi.Output<outputs.policy.RuleIdpDiscoveryUserIdentifierPattern[] | undefined>;
+    /**
+     * One of: `"IDENTIFIER"`, `"ATTRIBUTE"`
+     */
     readonly userIdentifierType: pulumi.Output<string | undefined>;
     /**
      * Create a RuleIdpDiscovery resource with the given unique name, arguments, and options.
@@ -73,46 +157,65 @@ export declare class RuleIdpDiscovery extends pulumi.CustomResource {
  */
 export interface RuleIdpDiscoveryState {
     /**
-     * Applications to exclude in discovery rule
+     * Applications to exclude in discovery. See `appInclude` for details.
+     *
+     * ```typescript
+     * import * as pulumi from "@pulumi/pulumi";
+     * ```
      */
     appExcludes?: pulumi.Input<pulumi.Input<inputs.policy.RuleIdpDiscoveryAppExclude>[]>;
     /**
-     * Applications to include in discovery rule
+     * Applications to include in discovery rule.
      */
     appIncludes?: pulumi.Input<pulumi.Input<inputs.policy.RuleIdpDiscoveryAppInclude>[]>;
+    /**
+     * The identifier for the Idp the rule should route to if all conditions are met.
+     */
     idpId?: pulumi.Input<string>;
+    /**
+     * Type of Idp. One of: `"SAML2"`, `"IWA"`, `"AgentlessDSSO"`, `"X509"`, `"FACEBOOK"`, `"GOOGLE"`, `"LINKEDIN"`, `"MICROSOFT"`, `"OIDC"`
+     */
     idpType?: pulumi.Input<string>;
     /**
-     * Policy Rule Name
+     * Use if the `type` is `"APP_TYPE"` to indicate the type of application(s) to include in instances where an entire group (i.e. `yahooMail`) of applications should be included.
      */
     name?: pulumi.Input<string>;
     /**
-     * Network selection mode: ANYWHERE, ZONE, ON*NETWORK, or OFF*NETWORK.
+     * The network selection mode. One of `"ANYWEHRE"` or `"ZONE"`.
      */
     networkConnection?: pulumi.Input<string>;
     /**
-     * The zones to exclude
+     * Required if `networkConnection` = `"ZONE"`. Indicates the network zones to exclude.
      */
     networkExcludes?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * The zones to include
+     * Required if `networkConnection` = `"ZONE"`. Indicates the network zones to include.
      */
     networkIncludes?: pulumi.Input<pulumi.Input<string>[]>;
     platformIncludes?: pulumi.Input<pulumi.Input<inputs.policy.RuleIdpDiscoveryPlatformInclude>[]>;
     /**
-     * Policy ID of the Rule
+     * Policy ID.
      */
     policyId?: pulumi.Input<string>;
     /**
-     * Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
+     * Idp rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
      */
     priority?: pulumi.Input<number>;
     /**
-     * Policy Rule Status: ACTIVE or INACTIVE.
+     * Idp rule status: `"ACTIVE"` or `"INACTIVE"`. By default, it is `"ACTIVE"`.
      */
     status?: pulumi.Input<string>;
+    /**
+     * Profile attribute matching can only have a single value that describes the type indicated in `userIdentifierType`. This is the attribute or identifier that the `userIdentifierPatterns` are checked against.
+     */
     userIdentifierAttribute?: pulumi.Input<string>;
+    /**
+     * Specifies a User Identifier pattern condition to match against. If `matchType` of `"EXPRESSION"` is used, only a *single* element can be set, otherwise multiple elements of matching patterns may be provided.
+     */
     userIdentifierPatterns?: pulumi.Input<pulumi.Input<inputs.policy.RuleIdpDiscoveryUserIdentifierPattern>[]>;
+    /**
+     * One of: `"IDENTIFIER"`, `"ATTRIBUTE"`
+     */
     userIdentifierType?: pulumi.Input<string>;
 }
 /**
@@ -120,45 +223,64 @@ export interface RuleIdpDiscoveryState {
  */
 export interface RuleIdpDiscoveryArgs {
     /**
-     * Applications to exclude in discovery rule
+     * Applications to exclude in discovery. See `appInclude` for details.
+     *
+     * ```typescript
+     * import * as pulumi from "@pulumi/pulumi";
+     * ```
      */
     appExcludes?: pulumi.Input<pulumi.Input<inputs.policy.RuleIdpDiscoveryAppExclude>[]>;
     /**
-     * Applications to include in discovery rule
+     * Applications to include in discovery rule.
      */
     appIncludes?: pulumi.Input<pulumi.Input<inputs.policy.RuleIdpDiscoveryAppInclude>[]>;
+    /**
+     * The identifier for the Idp the rule should route to if all conditions are met.
+     */
     idpId?: pulumi.Input<string>;
+    /**
+     * Type of Idp. One of: `"SAML2"`, `"IWA"`, `"AgentlessDSSO"`, `"X509"`, `"FACEBOOK"`, `"GOOGLE"`, `"LINKEDIN"`, `"MICROSOFT"`, `"OIDC"`
+     */
     idpType?: pulumi.Input<string>;
     /**
-     * Policy Rule Name
+     * Use if the `type` is `"APP_TYPE"` to indicate the type of application(s) to include in instances where an entire group (i.e. `yahooMail`) of applications should be included.
      */
     name?: pulumi.Input<string>;
     /**
-     * Network selection mode: ANYWHERE, ZONE, ON*NETWORK, or OFF*NETWORK.
+     * The network selection mode. One of `"ANYWEHRE"` or `"ZONE"`.
      */
     networkConnection?: pulumi.Input<string>;
     /**
-     * The zones to exclude
+     * Required if `networkConnection` = `"ZONE"`. Indicates the network zones to exclude.
      */
     networkExcludes?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * The zones to include
+     * Required if `networkConnection` = `"ZONE"`. Indicates the network zones to include.
      */
     networkIncludes?: pulumi.Input<pulumi.Input<string>[]>;
     platformIncludes?: pulumi.Input<pulumi.Input<inputs.policy.RuleIdpDiscoveryPlatformInclude>[]>;
     /**
-     * Policy ID of the Rule
+     * Policy ID.
      */
     policyId?: pulumi.Input<string>;
     /**
-     * Policy Rule Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
+     * Idp rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last (lowest) if not provided.
      */
     priority?: pulumi.Input<number>;
     /**
-     * Policy Rule Status: ACTIVE or INACTIVE.
+     * Idp rule status: `"ACTIVE"` or `"INACTIVE"`. By default, it is `"ACTIVE"`.
      */
     status?: pulumi.Input<string>;
+    /**
+     * Profile attribute matching can only have a single value that describes the type indicated in `userIdentifierType`. This is the attribute or identifier that the `userIdentifierPatterns` are checked against.
+     */
     userIdentifierAttribute?: pulumi.Input<string>;
+    /**
+     * Specifies a User Identifier pattern condition to match against. If `matchType` of `"EXPRESSION"` is used, only a *single* element can be set, otherwise multiple elements of matching patterns may be provided.
+     */
     userIdentifierPatterns?: pulumi.Input<pulumi.Input<inputs.policy.RuleIdpDiscoveryUserIdentifierPattern>[]>;
+    /**
+     * One of: `"IDENTIFIER"`, `"ATTRIBUTE"`
+     */
     userIdentifierType?: pulumi.Input<string>;
 }

package/policy/ruleIdpDiscovery.js

@@ -5,6 +5,71 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.RuleIdpDiscovery = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("../utilities");
+/**
+ * This resource allows you to create and configure an IdP Discovery Policy Rule.
+ *
+ * > If you receive the error `You do not have permission to access the feature
+ * you are requesting` contact support and
+ * request feature flag `ADVANCED_SSO` be applied to your org.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as okta from "@pulumi/okta";
+ *
+ * const idpDiscoveryPolicy = okta.policy.getPolicy({
+ *     name: "Idp Discovery Policy",
+ *     type: "IDP_DISCOVERY",
+ * });
+ * const example = new okta.policy.RuleIdpDiscovery("example", {
+ *     policyId: idpDiscoveryPolicy.then(idpDiscoveryPolicy => idpDiscoveryPolicy.id),
+ *     idpId: "<idp id>",
+ *     idpType: "OIDC",
+ *     networkConnection: "ANYWHERE",
+ *     priority: 1,
+ *     status: "ACTIVE",
+ *     userIdentifierType: "ATTRIBUTE",
+ *     userIdentifierAttribute: "company",
+ *     appExcludes: [
+ *         {
+ *             id: "<app id>",
+ *             type: "APP",
+ *         },
+ *         {
+ *             name: "yahoo_mail",
+ *             type: "APP_TYPE",
+ *         },
+ *     ],
+ *     appIncludes: [
+ *         {
+ *             id: "<app id>",
+ *             type: "APP",
+ *         },
+ *         {
+ *             name: "<app type name>",
+ *             type: "APP_TYPE",
+ *         },
+ *     ],
+ *     platformIncludes: [{
+ *         type: "MOBILE",
+ *         osType: "OSX",
+ *     }],
+ *     userIdentifierPatterns: [{
+ *         matchType: "EQUALS",
+ *         value: "Articulate",
+ *     }],
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * A Policy Rule can be imported via the Policy and Rule ID.
+ *
+ * ```sh
+ *  $ pulumi import okta:policy/ruleIdpDiscovery:RuleIdpDiscovery example &#60;policy id&#62;/&#60;rule id&#62;
+ * ```
+ */
 class RuleIdpDiscovery extends pulumi.CustomResource {
     /**
      * Get an existing RuleIdpDiscovery resource's state with the given name, ID, and optional extra

package/policy/ruleIdpDiscovery.js.map

@@ -1 +1 @@
-{"version":3,"file":"ruleIdpDiscovery.js","sourceRoot":"","sources":["../../policy/ruleIdpDiscovery.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,0CAA0C;AAE1C,MAAa,gBAAiB,SAAQ,MAAM,CAAC,cAAc;IACvD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA6B,EAAE,IAAmC;QAC3H,OAAO,IAAI,gBAAgB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACvE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,gBAAgB,CAAC,YAAY,CAAC;IACjE,CAAC;IAqDD,YAAY,IAAY,EAAE,WAA0D,EAAE,IAAmC;QACrH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAgD,CAAC;YAC/D,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;SACvF;aAAM;YACH,MAAM,IAAI,GAAG,WAA+C,CAAC;YAC7D,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;SACrF;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,gBAAgB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;;AAvHL,4CAwHC;AA1GG,gBAAgB;AACO,6BAAY,GAAG,+CAA+C,CAAC"}
+{"version":3,"file":"ruleIdpDiscovery.js","sourceRoot":"","sources":["../../policy/ruleIdpDiscovery.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgEG;AACH,MAAa,gBAAiB,SAAQ,MAAM,CAAC,cAAc;IACvD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA6B,EAAE,IAAmC;QAC3H,OAAO,IAAI,gBAAgB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACvE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,gBAAgB,CAAC,YAAY,CAAC;IACjE,CAAC;IAwED,YAAY,IAAY,EAAE,WAA0D,EAAE,IAAmC;QACrH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAgD,CAAC;YAC/D,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;SACvF;aAAM;YACH,MAAM,IAAI,GAAG,WAA+C,CAAC;YAC7D,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;SACrF;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,gBAAgB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;;AA1IL,4CA2IC;AA7HG,gBAAgB;AACO,6BAAY,GAAG,+CAA+C,CAAC"}

package/policy/ruleMfa.d.ts

@@ -1,6 +1,17 @@
 import * as pulumi from "@pulumi/pulumi";
 import * as inputs from "../types/input";
 import * as outputs from "../types/output";
+/**
+ * This resource allows you to create and configure an MFA Policy Rule.
+ *
+ * ## Import
+ *
+ * A Policy Rule can be imported via the Policy and Rule ID.
+ *
+ * ```sh
+ *  $ pulumi import okta:policy/ruleMfa:RuleMfa example <policy id>/<rule id>
+ * ```
+ */
 export declare class RuleMfa extends pulumi.CustomResource {
     /**
      * Get an existing RuleMfa resource's state with the given name, ID, and optional extra
@@ -22,31 +33,31 @@ export declare class RuleMfa extends pulumi.CustomResource {
      */
     readonly appExcludes: pulumi.Output<outputs.policy.RuleMfaAppExclude[] | undefined>;
     /**
-     * Applications to include
+     * Applications to include in discovery rule. **IMPORTANT**: this field is only available in Classic Organizations.
      */
     readonly appIncludes: pulumi.Output<outputs.policy.RuleMfaAppInclude[] | undefined>;
     /**
-     * Should the user be enrolled the first time they LOGIN, the next time they are CHALLENGED, or NEVER?
+     * When a user should be prompted for MFA. It can be `"CHALLENGE"`, `"LOGIN"`, or `"NEVER"`.
      */
     readonly enroll: pulumi.Output<string | undefined>;
     /**
-     * Policy Rule Name
+     * Use if the `type` is `"APP_TYPE"` to indicate the type of application(s) to include in instances where an entire group (i.e. `yahooMail`) of applications should be included.
      */
     readonly name: pulumi.Output<string>;
     /**
-     * Network selection mode: ANYWHERE, ZONE, ON*NETWORK, or OFF*NETWORK.
+     * Network selection mode: `"ANYWHERE"`, `"ZONE"`, `"ON_NETWORK"`, or `"OFF_NETWORK"`.
      */
     readonly networkConnection: pulumi.Output<string | undefined>;
     /**
-     * The zones to exclude
+     * The network zones to exclude. Conflicts with `networkIncludes`.
      */
     readonly networkExcludes: pulumi.Output<string[] | undefined>;
     /**
-     * The zones to include
+     * The network zones to include. Conflicts with `networkExcludes`.
      */
     readonly networkIncludes: pulumi.Output<string[] | undefined>;
     /**
-     * Policy ID of the Rule
+     * Policy ID.
      */
     readonly policyId: pulumi.Output<string | undefined>;
     /**
@@ -54,7 +65,7 @@ export declare class RuleMfa extends pulumi.CustomResource {
      */
     readonly priority: pulumi.Output<number | undefined>;
     /**
-     * Policy Rule Status: ACTIVE or INACTIVE.
+     * Policy Rule Status: `"ACTIVE"` or `"INACTIVE"`.
      */
     readonly status: pulumi.Output<string | undefined>;
     /**
@@ -79,31 +90,31 @@ export interface RuleMfaState {
      */
     appExcludes?: pulumi.Input<pulumi.Input<inputs.policy.RuleMfaAppExclude>[]>;
     /**
-     * Applications to include
+     * Applications to include in discovery rule. **IMPORTANT**: this field is only available in Classic Organizations.
      */
     appIncludes?: pulumi.Input<pulumi.Input<inputs.policy.RuleMfaAppInclude>[]>;
     /**
-     * Should the user be enrolled the first time they LOGIN, the next time they are CHALLENGED, or NEVER?
+     * When a user should be prompted for MFA. It can be `"CHALLENGE"`, `"LOGIN"`, or `"NEVER"`.
      */
     enroll?: pulumi.Input<string>;
     /**
-     * Policy Rule Name
+     * Use if the `type` is `"APP_TYPE"` to indicate the type of application(s) to include in instances where an entire group (i.e. `yahooMail`) of applications should be included.
      */
     name?: pulumi.Input<string>;
     /**
-     * Network selection mode: ANYWHERE, ZONE, ON*NETWORK, or OFF*NETWORK.
+     * Network selection mode: `"ANYWHERE"`, `"ZONE"`, `"ON_NETWORK"`, or `"OFF_NETWORK"`.
      */
     networkConnection?: pulumi.Input<string>;
     /**
-     * The zones to exclude
+     * The network zones to exclude. Conflicts with `networkIncludes`.
      */
     networkExcludes?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * The zones to include
+     * The network zones to include. Conflicts with `networkExcludes`.
      */
     networkIncludes?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * Policy ID of the Rule
+     * Policy ID.
      */
     policyId?: pulumi.Input<string>;
     /**
@@ -111,7 +122,7 @@ export interface RuleMfaState {
      */
     priority?: pulumi.Input<number>;
     /**
-     * Policy Rule Status: ACTIVE or INACTIVE.
+     * Policy Rule Status: `"ACTIVE"` or `"INACTIVE"`.
      */
     status?: pulumi.Input<string>;
     /**
@@ -128,31 +139,31 @@ export interface RuleMfaArgs {
      */
     appExcludes?: pulumi.Input<pulumi.Input<inputs.policy.RuleMfaAppExclude>[]>;
     /**
-     * Applications to include
+     * Applications to include in discovery rule. **IMPORTANT**: this field is only available in Classic Organizations.
      */
     appIncludes?: pulumi.Input<pulumi.Input<inputs.policy.RuleMfaAppInclude>[]>;
     /**
-     * Should the user be enrolled the first time they LOGIN, the next time they are CHALLENGED, or NEVER?
+     * When a user should be prompted for MFA. It can be `"CHALLENGE"`, `"LOGIN"`, or `"NEVER"`.
      */
     enroll?: pulumi.Input<string>;
     /**
-     * Policy Rule Name
+     * Use if the `type` is `"APP_TYPE"` to indicate the type of application(s) to include in instances where an entire group (i.e. `yahooMail`) of applications should be included.
      */
     name?: pulumi.Input<string>;
     /**
-     * Network selection mode: ANYWHERE, ZONE, ON*NETWORK, or OFF*NETWORK.
+     * Network selection mode: `"ANYWHERE"`, `"ZONE"`, `"ON_NETWORK"`, or `"OFF_NETWORK"`.
      */
     networkConnection?: pulumi.Input<string>;
     /**
-     * The zones to exclude
+     * The network zones to exclude. Conflicts with `networkIncludes`.
      */
     networkExcludes?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * The zones to include
+     * The network zones to include. Conflicts with `networkExcludes`.
      */
     networkIncludes?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * Policy ID of the Rule
+     * Policy ID.
      */
     policyId?: pulumi.Input<string>;
     /**
@@ -160,7 +171,7 @@ export interface RuleMfaArgs {
      */
     priority?: pulumi.Input<number>;
     /**
-     * Policy Rule Status: ACTIVE or INACTIVE.
+     * Policy Rule Status: `"ACTIVE"` or `"INACTIVE"`.
      */
     status?: pulumi.Input<string>;
     /**

package/policy/ruleMfa.js

@@ -5,6 +5,17 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.RuleMfa = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("../utilities");
+/**
+ * This resource allows you to create and configure an MFA Policy Rule.
+ *
+ * ## Import
+ *
+ * A Policy Rule can be imported via the Policy and Rule ID.
+ *
+ * ```sh
+ *  $ pulumi import okta:policy/ruleMfa:RuleMfa example <policy id>/<rule id>
+ * ```
+ */
 class RuleMfa extends pulumi.CustomResource {
     /**
      * Get an existing RuleMfa resource's state with the given name, ID, and optional extra

package/policy/ruleMfa.js.map

@@ -1 +1 @@
-{"version":3,"file":"ruleMfa.js","sourceRoot":"","sources":["../../policy/ruleMfa.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,0CAA0C;AAE1C,MAAa,OAAQ,SAAQ,MAAM,CAAC,cAAc;IAC9C;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAoB,EAAE,IAAmC;QAClH,OAAO,IAAI,OAAO,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC9D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,OAAO,CAAC,YAAY,CAAC;IACxD,CAAC;IAuDD,YAAY,IAAY,EAAE,WAAwC,EAAE,IAAmC;QACnG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAuC,CAAC;YACtD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/E;aAAM;YACH,MAAM,IAAI,GAAG,WAAsC,CAAC;YACpD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7E;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC5D,CAAC;;AAjHL,0BAkHC;AApGG,gBAAgB;AACO,oBAAY,GAAG,6BAA6B,CAAC"}
+{"version":3,"file":"ruleMfa.js","sourceRoot":"","sources":["../../policy/ruleMfa.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,0CAA0C;AAE1C;;;;;;;;;;GAUG;AACH,MAAa,OAAQ,SAAQ,MAAM,CAAC,cAAc;IAC9C;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAoB,EAAE,IAAmC;QAClH,OAAO,IAAI,OAAO,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC9D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,OAAO,CAAC,YAAY,CAAC;IACxD,CAAC;IAuDD,YAAY,IAAY,EAAE,WAAwC,EAAE,IAAmC;QACnG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAuC,CAAC;YACtD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/E;aAAM;YACH,MAAM,IAAI,GAAG,WAAsC,CAAC;YACpD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7E;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC5D,CAAC;;AAjHL,0BAkHC;AApGG,gBAAgB;AACO,oBAAY,GAAG,6BAA6B,CAAC"}