@pulumi/okta 5.3.0-alpha.1759905974 → 6.0.0-alpha.1759992240

package/types/output.d.ts

@@ -41,6 +41,303 @@ export interface AppUserSchemaPropertyOneOf {
      */
     title: string;
 }
+export interface CampaignNotificationSettings {
+    /**
+     * To indicate whether a notification should be sent to the reviewer when a given reviewer level period is about to end.
+     */
+    notifyReviewPeriodEnd: boolean;
+    /**
+     * To indicate whether a notification should be sent to the reviewers when campaign has come to an end.
+     */
+    notifyReviewerAtCampaignEnd: boolean;
+    /**
+     * To indicate whether a notification should be sent to the reviewer during the midpoint of the review process.
+     */
+    notifyReviewerDuringMidpointOfReview: boolean;
+    /**
+     * To indicate whether a notification should be sent to the reviewer when the review is overdue.
+     */
+    notifyReviewerWhenOverdue: boolean;
+    /**
+     * To indicate whether a notification should be sent to the reviewer when actionable reviews are assigned.
+     */
+    notifyReviewerWhenReviewAssigned: boolean;
+    /**
+     * Specifies times (in seconds) to send reminders to reviewers before the campaign closes. Max 3 values. Example: [86400, 172800, 604800]
+     */
+    remindersReviewerBeforeCampaignCloseInSecs: number[];
+}
+export interface CampaignPrincipalScopeSettings {
+    /**
+     * An array of Okta user IDs excluded from access certification or the campaign. This field is optional. A maximum of 50 users can be specified in the array.
+     */
+    excludedUserIds?: string[];
+    /**
+     * An array of Okta group IDs included from access certification or the campaign. userIds, groupIds or userScopeExpression is required if campaign type is USER. A maximum of 5 groups can be specified in the array.
+     */
+    groupIds?: string[];
+    /**
+     * If set to true, only active Okta users are included in the campaign.
+     */
+    includeOnlyActiveUsers: boolean;
+    /**
+     * If set to true, only includes users that have at least one SOD conflict that was caused due to entitlement(s) within Campaign scope.
+     */
+    onlyIncludeUsersWithSodConflicts: boolean;
+    predefinedInactiveUsersScopes?: outputs.CampaignPrincipalScopeSettingsPredefinedInactiveUsersScope[];
+    /**
+     * Specifies the type for principal_scope_settings.
+     */
+    type: string;
+    /**
+     * An array of Okta user IDs included from access certification or the campaign. userIds, groupIds or userScopeExpression is required if campaign type is USER. A maximum of 100 users can be specified in the array.
+     */
+    userIds?: string[];
+    /**
+     * The Okta expression language user expression on the resourceSettings to include users in the campaign.
+     */
+    userScopeExpression?: string;
+}
+export interface CampaignPrincipalScopeSettingsPredefinedInactiveUsersScope {
+    /**
+     * The duration the users have not used single sign on (SSO) to access their account within the specific time frame. Minimum 30 days and maximum 365 days are supported.
+     */
+    inactiveDays?: number;
+}
+export interface CampaignRemediationSettings {
+    /**
+     * Specifies the action by default if the reviewer approves access. NO_ACTION indicates there is no remediation action and the user retains access.
+     */
+    accessApproved: string;
+    /**
+     * Specifies the action if the reviewer revokes access. NO_ACTION indicates the user retains the same access. DENY indicates the user will have their access revoked as long as they are not assigned to a group through Group Rules.
+     */
+    accessRevoked: string;
+    autoRemediationSettings?: outputs.CampaignRemediationSettingsAutoRemediationSettings;
+    /**
+     * Specifies the action if the reviewer doesn't respond to the request or if the campaign is closed before an action is taken.
+     */
+    noResponse: string;
+}
+export interface CampaignRemediationSettingsAutoRemediationSettings {
+    /**
+     * If true, all indirect assignments will be included in the campaign. If false, only direct assignments will be included.
+     */
+    includeAllIndirectAssignments?: boolean;
+    includeOnlies?: outputs.CampaignRemediationSettingsAutoRemediationSettingsIncludeOnly[];
+}
+export interface CampaignRemediationSettingsAutoRemediationSettingsIncludeOnly {
+    /**
+     * The ID of the resource to include in the campaign.
+     */
+    resourceId?: string;
+    /**
+     * The type of the resource to include in the campaign. Valid values are 'APPLICATION', 'GROUP', 'ENTITLEMENT', 'ENTITLEMENT_BUNDLE'.
+     */
+    resourceType?: string;
+}
+export interface CampaignResourceSettings {
+    /**
+     * An array of resources that are excluded from the review.
+     */
+    excludedResources?: outputs.CampaignResourceSettingsExcludedResource[];
+    /**
+     * Include admin roles.
+     */
+    includeAdminRoles: boolean;
+    /**
+     * Include entitlements for this application. This property is only applicable if resourceType = APPLICATION and Entitlement Management is enabled.
+     */
+    includeEntitlements: boolean;
+    /**
+     * Only include individually assigned apps. This is only applicable if campaign type is USER.
+     */
+    individuallyAssignedAppsOnly: boolean;
+    /**
+     * Only include individually assigned groups. This is only applicable if campaign type is USER.
+     */
+    individuallyAssignedGroupsOnly: boolean;
+    /**
+     * Only include out-of-policy entitlements. Only applicable if resourceType = APPLICATION and Entitlement Management is enabled.
+     */
+    onlyIncludeOutOfPolicyEntitlements: boolean;
+    /**
+     * Represents a resource that will be part of Access certifications. If the app is enabled for Access Certifications, it's possible to review entitlements and entitlement bundles.
+     */
+    targetResources?: outputs.CampaignResourceSettingsTargetResource[];
+    /**
+     * The type of Okta resource.
+     */
+    type: string;
+}
+export interface CampaignResourceSettingsExcludedResource {
+    /**
+     * The ID of the resource to exclude in the campaign.
+     */
+    resourceId?: string;
+    /**
+     * The type of resource to exclude in the campaign.
+     */
+    resourceType?: string;
+}
+export interface CampaignResourceSettingsTargetResource {
+    /**
+     * An array of entitlement bundles for this application.
+     */
+    entitlementBundles?: outputs.CampaignResourceSettingsTargetResourceEntitlementBundle[];
+    /**
+     * An array of entitlements associated with resourceId that should be chosen as target when creating reviews
+     */
+    entitlements?: outputs.CampaignResourceSettingsTargetResourceEntitlement[];
+    /**
+     * Include all entitlements and entitlement bundles for this application. Only applicable if the resourcetype = APPLICATION and Entitlement Management is enabled.
+     */
+    includeAllEntitlementsAndBundles: boolean;
+    /**
+     * The resource ID that is being reviewed.
+     */
+    resourceId: string;
+    /**
+     * The type of Okta resource.
+     */
+    resourceType: string;
+}
+export interface CampaignResourceSettingsTargetResourceEntitlement {
+    /**
+     * Campaign id
+     */
+    id: string;
+    /**
+     * Whether to include all entitlement values. If false we must provide the values property.
+     */
+    includeAllValues?: boolean;
+    values?: outputs.CampaignResourceSettingsTargetResourceEntitlementValue[];
+}
+export interface CampaignResourceSettingsTargetResourceEntitlementBundle {
+    /**
+     * Campaign id
+     */
+    id: string;
+}
+export interface CampaignResourceSettingsTargetResourceEntitlementValue {
+    /**
+     * Campaign id
+     */
+    id: string;
+}
+export interface CampaignReviewerSettings {
+    /**
+     * When approving or revoking review items, bulk actions are disabled if true.
+     */
+    bulkDecisionDisabled: boolean;
+    /**
+     * The ID of the fallback reviewer. Required when the type=`REVIEWER_EXPRESSION` or type=`RESOURCE_OWNER`
+     */
+    fallbackReviewerId?: string;
+    /**
+     * When approving or revoking review items, a justification is required if true.
+     */
+    justificationRequired: boolean;
+    /**
+     * Reassignment is disabled for reviewers if true.
+     */
+    reassignmentDisabled: boolean;
+    /**
+     * The ID of the reviewer group to which the reviewer is assigned.
+     */
+    reviewerGroupId?: string;
+    reviewerId?: string;
+    /**
+     * Definition of reviewer level for a given campaign. Each reviewer level defines the kind of reviewer who is going to review.
+     */
+    reviewerLevels?: outputs.CampaignReviewerSettingsReviewerLevel[];
+    /**
+     * This property is required when type=`USER`
+     */
+    reviewerScopeExpression?: string;
+    /**
+     * This property is required to be true for resource-centric campaigns when the Okta Admin Console is one of the resources.
+     */
+    selfReviewDisabled: boolean;
+    /**
+     * Identifies the kind of reviewer for Access Certification.
+     */
+    type: string;
+}
+export interface CampaignReviewerSettingsReviewerLevel {
+    /**
+     * Required when the type=`REVIEWER_EXPRESSION` or type=`RESOURCE_OWNER`
+     */
+    fallbackReviewerId: string;
+    /**
+     * The ID of the reviewer group to which the reviewer is assigned.This property is required when type=`GROUP`
+     */
+    reviewerGroupId: string;
+    /**
+     * The ID of the reviewer to which the reviewer is assigned.This property is required when type=`USER`.
+     */
+    reviewerId?: string;
+    /**
+     * This property is required when type=`REVIEWER_EXPRESSION`
+     */
+    reviewerScopeExpression: string;
+    /**
+     * This property is used to prevent self review.
+     */
+    selfReviewDisabled: boolean;
+    /**
+     * The rules for which the reviews can move to that level.
+     */
+    startReviews?: outputs.CampaignReviewerSettingsReviewerLevelStartReview[];
+    /**
+     * Identifies the kind of reviewer.
+     */
+    type: string;
+}
+export interface CampaignReviewerSettingsReviewerLevelStartReview {
+    /**
+     * The day of the campaign when the review starts. 0 means the first day of the campaign.
+     */
+    onDay: number;
+    /**
+     * The condition for which, the lower level reviews will move to that level for further review.
+     */
+    when: string;
+}
+export interface CampaignScheduleSettings {
+    /**
+     * The duration (in days) that the campaign is active.
+     */
+    durationInDays: number;
+    endDate?: string;
+    recurrences?: outputs.CampaignScheduleSettingsRecurrence[];
+    /**
+     * The date on which the campaign is supposed to start. Accepts date in ISO 8601 format.
+     */
+    startDate: string;
+    /**
+     * The time zone in which the campaign is active.
+     */
+    timeZone: string;
+    /**
+     * The type of campaign being scheduled.
+     */
+    type: string;
+}
+export interface CampaignScheduleSettingsRecurrence {
+    /**
+     * Specifies when the recurring schedule can have an end.
+     */
+    ends?: string;
+    /**
+     * Recurrence interval specified according to ISO8061 notation for durations.
+     */
+    interval: string;
+    /**
+     * Specifies when the recurring schedule can have an end.
+     */
+    repeatOnType?: string;
+}
 export interface CustomizedSigninPageContentSecurityPolicySetting {
     /**
      * enforced or report_only
@@ -124,6 +421,79 @@ export interface EmailSenderDnsRecord {
      */
     value: string;
 }
+export interface EndUserMyRequestsRequesterFieldValue {
+    /**
+     * The ID of a requesterField. This identifies the specific field in the approval system.
+     */
+    id: string;
+    /**
+     * A human-readable description of requesterField. It's used for display purposes and is optional.
+     */
+    label?: string;
+    /**
+     * Type of value for the requester field. Valid values: `DURATION`, `ISO_DATE`, `MULTISELECT`, `OKTA_USER_ID`, `SELECT`, `TEXT`.
+     */
+    type?: string;
+    /**
+     * The value of requesterField, which depends on the type of the field. Used for single-value fields.
+     */
+    value?: string;
+    /**
+     * The values of requesterField with the type MULTISELECT. If the field type is MULTISELECT, this property is required instead of `value`.
+     */
+    values?: string[];
+}
+export interface EntitlementBundleEntitlement {
+    /**
+     * The ID of the entitlement.
+     */
+    id: string;
+    values?: outputs.EntitlementBundleEntitlementValue[];
+}
+export interface EntitlementBundleEntitlementValue {
+    /**
+     * The ID of the entitlement value.
+     */
+    id: string;
+}
+export interface EntitlementBundleTarget {
+    /**
+     * The Okta app ID of the resource.
+     */
+    externalId: string;
+    /**
+     * The type of resource.
+     */
+    type: string;
+}
+export interface EntitlementParent {
+    /**
+     * The Okta app ID of the resource.
+     */
+    externalId: string;
+    /**
+     * The type of resource.
+     */
+    type: string;
+}
+export interface EntitlementValue {
+    /**
+     * The description of an entitlement value.
+     */
+    description?: string;
+    /**
+     * The value of an entitlement property value.
+     */
+    externalValue?: string;
+    /**
+     * Collection of entitlement values.
+     */
+    id: string;
+    /**
+     * The display name for an entitlement value.
+     */
+    name?: string;
+}
 export interface EventHookHeader {
     key?: string;
     value?: string;
@@ -234,6 +604,250 @@ export interface GetBrandsBrand {
      */
     removePoweredByOkta: boolean;
 }
+export interface GetCampaignNotificationSettings {
+    notifyReviewPeriodEnd: boolean;
+    notifyReviewerAtCampaignEnd: boolean;
+    notifyReviewerDuringMidpointOfReview: boolean;
+    notifyReviewerWhenOverdue: boolean;
+    notifyReviewerWhenReviewAssigned: boolean;
+    remindersReviewerBeforeCampaignCloseInSecs: number[];
+}
+export interface GetCampaignPrincipalScopeSettings {
+    excludedUserIds: string[];
+    groupIds: string[];
+    includeOnlyActiveUsers: boolean;
+    onlyIncludeUsersWithSodConflicts: boolean;
+    predefinedInactiveUsersScopes?: outputs.GetCampaignPrincipalScopeSettingsPredefinedInactiveUsersScope[];
+    type: string;
+    userIds: string[];
+    userScopeExpression: string;
+}
+export interface GetCampaignPrincipalScopeSettingsPredefinedInactiveUsersScope {
+    inactiveDays: number;
+}
+export interface GetCampaignRemediationSettings {
+    /**
+     * Specifies the action by default if the reviewer approves access. NO_ACTION indicates there is no remediation action and the user retains access.
+     */
+    accessApproved: string;
+    /**
+     * Specifies the action if the reviewer revokes access. NO_ACTION indicates the user retains the same access. DENY indicates the user will have their access revoked as long as they are not assigned to a group through Group Rules.
+     */
+    accessRevoked: string;
+    autoRemediationSettings?: outputs.GetCampaignRemediationSettingsAutoRemediationSettings;
+    /**
+     * Specifies the action if the reviewer doesn't respond to the request.
+     */
+    noResponse: string;
+}
+export interface GetCampaignRemediationSettingsAutoRemediationSettings {
+    /**
+     * When a group is selected to be automatically remediated.
+     */
+    includeAllIndirectAssignments: boolean;
+    /**
+     * An array of resources to be automatically remediated.
+     */
+    includeOnlies?: outputs.GetCampaignRemediationSettingsAutoRemediationSettingsIncludeOnly[];
+}
+export interface GetCampaignRemediationSettingsAutoRemediationSettingsIncludeOnly {
+    /**
+     * The resource ID of the target resource When type = GROUP, it will point to the group ID.
+     */
+    resourceId: string;
+    /**
+     * The type of the resource to be automatically remediated. Only GROUP is supported.
+     */
+    resourceType: string;
+}
+export interface GetCampaignResourceSettings {
+    /**
+     * An array of resources that are excluded from the review.
+     */
+    excludedResources?: outputs.GetCampaignResourceSettingsExcludedResource[];
+    /**
+     * Include admin roles.
+     */
+    includeAdminRoles: boolean;
+    /**
+     * Include entitlements for this application.
+     */
+    includeEntitlements: boolean;
+    /**
+     * Only include individually assigned groups.
+     */
+    individuallyAssignedAppsOnly: boolean;
+    /**
+     * Only include individually assigned groups.
+     */
+    individuallyAssignedGroupsOnly: boolean;
+    /**
+     * Only include out-of-policy entitlements.
+     */
+    onlyIncludeOutOfPolicyEntitlements: boolean;
+    /**
+     * Represents a resource that will be part of Access certifications.
+     */
+    targetResources?: outputs.GetCampaignResourceSettingsTargetResource[];
+    /**
+     * The type of Okta resource.
+     */
+    type: string;
+}
+export interface GetCampaignResourceSettingsExcludedResource {
+    /**
+     * Okta specific resource ID.
+     */
+    resourceId: string;
+    /**
+     * The type of Okta resource.
+     */
+    resourceType: string;
+}
+export interface GetCampaignResourceSettingsTargetResource {
+    /**
+     * An array of entitlement bundles associated with resourceId that should be chosen as target when creating reviews.
+     */
+    entitlementBundles?: outputs.GetCampaignResourceSettingsTargetResourceEntitlementBundle[];
+    entitlements?: outputs.GetCampaignResourceSettingsTargetResourceEntitlement[];
+    /**
+     * Include all entitlements and entitlement bundles for this application.
+     */
+    includeAllEntitlementsAndBundles: boolean;
+    /**
+     * The resource ID that is being reviewed.
+     */
+    resourceId: string;
+    /**
+     * The type of Okta resource.
+     */
+    resourceType: string;
+}
+export interface GetCampaignResourceSettingsTargetResourceEntitlement {
+    /**
+     * The ID of this resource.
+     */
+    id: string;
+    /**
+     * Whether to include all values for this entitlement.
+     */
+    includeAllValues: boolean;
+    /**
+     * Entitlement value ids
+     */
+    values?: outputs.GetCampaignResourceSettingsTargetResourceEntitlementValue[];
+}
+export interface GetCampaignResourceSettingsTargetResourceEntitlementBundle {
+    /**
+     * The ID of this resource.
+     */
+    id: string;
+}
+export interface GetCampaignResourceSettingsTargetResourceEntitlementValue {
+    /**
+     * The ID of this resource.
+     */
+    id: string;
+}
+export interface GetCampaignReviewerSettings {
+    bulkDecisionDisabled: boolean;
+    fallbackReviewerId: string;
+    justificationRequired: boolean;
+    reassignmentDisabled: boolean;
+    reviewerGroupId: string;
+    reviewerId: string;
+    reviewerLevels?: outputs.GetCampaignReviewerSettingsReviewerLevel[];
+    reviewerScopeExpression: string;
+    selfReviewDisabled: boolean;
+    type: string;
+}
+export interface GetCampaignReviewerSettingsReviewerLevel {
+    fallbackReviewerId: string;
+    reviewerGroupId: string;
+    reviewerId: string;
+    reviewerScopeExpression: string;
+    selfReviewDisabled: boolean;
+    startReviews?: outputs.GetCampaignReviewerSettingsReviewerLevelStartReview[];
+    type: string;
+}
+export interface GetCampaignReviewerSettingsReviewerLevelStartReview {
+    onDay: number;
+    when: string;
+}
+export interface GetCampaignScheduleSettings {
+    durationInDays: number;
+    endDate: string;
+    recurrences?: outputs.GetCampaignScheduleSettingsRecurrence[];
+    startDate: string;
+    timeZone: string;
+    type: string;
+}
+export interface GetCampaignScheduleSettingsRecurrence {
+    ends: string;
+    interval: string;
+    repeatOnType: string;
+}
+export interface GetCatalogEntryDefaultCounts {
+    /**
+     * Collection resource counts.
+     */
+    resourceCounts?: outputs.GetCatalogEntryDefaultCountsResourceCounts;
+}
+export interface GetCatalogEntryDefaultCountsResourceCounts {
+    /**
+     * Number of app resources in a collection.
+     */
+    applications: number;
+}
+export interface GetCatalogEntryDefaultLinks {
+    /**
+     * A link to the catalog entry itself.
+     */
+    self?: outputs.GetCatalogEntryDefaultLinksSelf;
+}
+export interface GetCatalogEntryDefaultLinksSelf {
+    /**
+     * Contains the absolute API URL for retrieving this catalog entry resource.
+     */
+    href: string;
+}
+export interface GetCatalogEntryUserAccessRequestFieldsData {
+    /**
+     * Valid choices when type is SELECT or MULTISELECT.
+     */
+    choices?: outputs.GetCatalogEntryUserAccessRequestFieldsDataChoice[];
+    id: string;
+    /**
+     * Label of the requester field.
+     */
+    label: string;
+    /**
+     * The maximum value allowed for this field. Only applies to DURATION fields.
+     */
+    maximumValue: string;
+    /**
+     * Indicates this field is immutable.
+     */
+    readOnly: boolean;
+    /**
+     * Indicates whether a value to this field is required to advance the request.
+     */
+    required: boolean;
+    /**
+     * Type of value for the requester field.
+     */
+    type: string;
+    /**
+     * An admin configured value for this field. Only applies to DURATION fields.
+     */
+    value: string;
+}
+export interface GetCatalogEntryUserAccessRequestFieldsDataChoice {
+    /**
+     * Valid choice.
+     */
+    choice: string;
+}
 export interface GetDefaultSigninPageContentSecurityPolicySetting {
     /**
      * enforced or report_only
@@ -360,9 +974,192 @@ export interface GetEmailCustomizationsEmailCustomization {
      */
     links: string;
     /**
-     * The subject of the customization
+     * The subject of the customization
+     */
+    subject: string;
+}
+export interface GetEndUserMyRequestsRequested {
+    /**
+     * ID of the access scope
+     */
+    accessScopeId: string;
+    /**
+     * The access scope type
+     */
+    accessScopeType: string;
+    /**
+     * The ID of the catalog entry for which the request was made.
+     */
+    entryId: string;
+    /**
+     * The requested resource ID
+     */
+    resourceId: string;
+    /**
+     * The requested resource type.
+     */
+    resourceType: string;
+}
+export interface GetEndUserMyRequestsRequestedBy {
+    /**
+     * The Okta user id
+     */
+    externalId: string;
+    /**
+     * The type of principal
+     */
+    type: string;
+}
+export interface GetEndUserMyRequestsRequestedFor {
+    /**
+     * The Okta user id
+     */
+    externalId: string;
+    /**
+     * The type of principal
+     */
+    type: string;
+}
+export interface GetEndUserMyRequestsRequesterFieldValue {
+    /**
+     * The ID of the requester field.
+     */
+    id: string;
+    /**
+     * A human-readable description of the requester field.
+     */
+    label?: string;
+    /**
+     * Type of value for the requester field. Valid values: `DURATION`, `ISO_DATE`, `MULTISELECT`, `OKTA_USER_ID`, `SELECT`, `TEXT`.
+     */
+    type?: string;
+    /**
+     * The value of the requester field (for single-value fields).
+     */
+    value?: string;
+    /**
+     * The values of the requester field (for MULTISELECT type fields).
+     */
+    values?: string[];
+}
+export interface GetEndUserMyRequestsRiskAssessment {
+    /**
+     * Whether request submission is allowed or restricted in the risk settings.
+     */
+    requestSubmissionType?: string;
+    /**
+     * An array of resources that are excluded from the review.
+     */
+    riskRules?: outputs.GetEndUserMyRequestsRiskAssessmentRiskRule[];
+}
+export interface GetEndUserMyRequestsRiskAssessmentRiskRule {
+    /**
+     * The human readable description.
+     */
+    description?: string;
+    /**
+     * The name of a resource rule causing a conflict.
+     */
+    name?: string;
+    /**
+     * Human readable name of the resource.
+     */
+    resourceName?: string;
+}
+export interface GetEntitlementBundleEntitlement {
+    /**
+     * The data type of the entitlement property.
+     */
+    dataType: string;
+    /**
+     * The description of an entitlement property.
+     */
+    description: string;
+    /**
+     * The value of an entitlement property.
+     */
+    externalValue: string;
+    /**
+     * The ID of this resource.
+     */
+    id: string;
+    /**
+     * The property that determines if the entitlement property can hold multiple values.
+     */
+    multiValue: boolean;
+    /**
+     * The display name for an entitlement bundle.
+     */
+    name: string;
+    /**
+     * The property that determines if the entitlement property is a required attribute.
+     */
+    required: boolean;
+    values?: outputs.GetEntitlementBundleEntitlementValue[];
+}
+export interface GetEntitlementBundleEntitlementValue {
+    /**
+     * The description of an entitlement property.
+     */
+    description: string;
+    /**
+     * The read-only id of an entitlement property value in the downstream application.
+     */
+    externalId: string;
+    /**
+     * The value of an entitlement property value.
+     */
+    externalValue: string;
+    /**
+     * The ID of this resource.
+     */
+    id: string;
+    /**
+     * The display name for an entitlement bundle.
+     */
+    name: string;
+}
+export interface GetEntitlementBundleTarget {
+    /**
+     * The Okta app.id of the resource.
+     */
+    externalId: string;
+    /**
+     * The type of the resource.
+     */
+    type: string;
+}
+export interface GetEntitlementParent {
+    /**
+     * The Okta app.id of the resource.
+     */
+    externalId: string;
+    /**
+     * The type of resource.
+     */
+    type: string;
+}
+export interface GetEntitlementValue {
+    /**
+     * The description of an entitlement value.
+     */
+    description: string;
+    /**
+     * The id of the entitlement value.
+     */
+    externalId: string;
+    /**
+     * The value of an entitlement property value.
+     */
+    externalValue: string;
+    /**
+     * The ID of this resource.
+     */
+    id: string;
+    /**
+     * The name of the entitlement value.
      */
-    subject: string;
+    name: string;
 }
 export interface GetFeaturesFeature {
     description: string;
@@ -446,6 +1243,327 @@ export interface GetOrgMetadataSettings {
      */
     omEnabled: boolean;
 }
+export interface GetPrincipalEntitlementsData {
+    /**
+     * The data type of the entitlement property.
+     */
+    dataType: string;
+    /**
+     * The description of an entitlement property.
+     */
+    description: string;
+    /**
+     * The value of an entitlement property.
+     */
+    externalValue: string;
+    /**
+     * The id property of an entitlement.
+     */
+    id: string;
+    /**
+     * The property that determines if the entitlement property can hold multiple values.
+     */
+    multiValue: boolean;
+    /**
+     * The display name for an entitlement property.
+     */
+    name: string;
+    /**
+     * Representation of a resource.
+     */
+    parent?: outputs.GetPrincipalEntitlementsDataParent;
+    /**
+     * The Okta app instance, in ORN format.
+     */
+    parentResourceOrn: string;
+    /**
+     * The property that determines if the entitlement property is a required attribute
+     */
+    required: boolean;
+    /**
+     * Representation of a principal.
+     */
+    targetPrincipal?: outputs.GetPrincipalEntitlementsDataTargetPrincipal;
+    /**
+     * The Okta user id in ORN format.
+     */
+    targetPrincipalOrn: string;
+    /**
+     * Collection of entitlement values.
+     */
+    values?: outputs.GetPrincipalEntitlementsDataValue[];
+}
+export interface GetPrincipalEntitlementsDataParent {
+    /**
+     * The Okta id of the resource.
+     */
+    externalId: string;
+    /**
+     * The type of the resource.
+     */
+    type: string;
+}
+export interface GetPrincipalEntitlementsDataTargetPrincipal {
+    /**
+     * The Okta user id.
+     */
+    externalId: string;
+    /**
+     * The type of principal.
+     */
+    type: string;
+}
+export interface GetPrincipalEntitlementsDataValue {
+    /**
+     * The description of an entitlement property.
+     */
+    description: string;
+    /**
+     * The value of an entitlement property value.
+     */
+    externalValue: string;
+    /**
+     * The id of an entitlement value.
+     */
+    id: string;
+    /**
+     * The name of an entitlement value.
+     */
+    name: string;
+}
+export interface GetPrincipalEntitlementsParent {
+    externalId: string;
+    type: string;
+}
+export interface GetPrincipalEntitlementsTargetPrincipal {
+    externalId: string;
+    type: string;
+}
+export interface GetRequestConditionAccessScopeSettings {
+    /**
+     * List of groups/entitlement bundles.
+     */
+    ids?: outputs.GetRequestConditionAccessScopeSettingsId[];
+    type: string;
+}
+export interface GetRequestConditionAccessScopeSettingsId {
+    /**
+     * Request condition id.
+     */
+    id: string;
+}
+export interface GetRequestConditionRequesterSettings {
+    /**
+     * List of teams/groups ids.
+     */
+    ids?: outputs.GetRequestConditionRequesterSettingsId[];
+    type: string;
+}
+export interface GetRequestConditionRequesterSettingsId {
+    /**
+     * Request condition id.
+     */
+    id: string;
+}
+export interface GetRequestSettingOrganizationRequestExperience {
+    experienceType: string;
+}
+export interface GetRequestSettingResourceRequestOnBehalfOfSettings {
+    allowed: boolean;
+    onlyFors?: outputs.GetRequestSettingResourceRequestOnBehalfOfSettingsOnlyFor[];
+}
+export interface GetRequestSettingResourceRequestOnBehalfOfSettingsOnlyFor {
+    type: string;
+}
+export interface GetRequestSettingResourceRiskSettings {
+    /**
+     * Default risk settings that are valid for an access request when a risk has been detected for the resource and requesting user.
+     */
+    defaultSetting?: outputs.GetRequestSettingResourceRiskSettingsDefaultSetting;
+}
+export interface GetRequestSettingResourceRiskSettingsDefaultSetting {
+    accessDurationSettings?: outputs.GetRequestSettingResourceRiskSettingsDefaultSettingAccessDurationSettings;
+    approvalSequenceId: string;
+    errors: string[];
+    requestSubmissionType: string;
+}
+export interface GetRequestSettingResourceRiskSettingsDefaultSettingAccessDurationSettings {
+    duration: string;
+    type: string;
+}
+export interface GetRequestSettingResourceValidAccessDurationSettings {
+    /**
+     * The maximum value allowed for a request condition or risk setting.
+     */
+    maximumDays: number;
+    /**
+     * The maximum value allowed for a request condition or risk setting.
+     */
+    maximumHours: number;
+    /**
+     * The maximum value allowed for a request condition or risk setting.
+     */
+    maximumWeeks: number;
+    /**
+     * Whether accessDurationSetting must be included in the request conditions or risk settings for the specified resource.
+     */
+    required: boolean;
+    /**
+     * Access duration settings that are eligible to be added to a request condition or risk settings for the specified resource.
+     */
+    supportedTypes?: outputs.GetRequestSettingResourceValidAccessDurationSettingsSupportedType[];
+}
+export interface GetRequestSettingResourceValidAccessDurationSettingsSupportedType {
+    type: string;
+}
+export interface GetRequestSettingResourceValidAccessScopeSetting {
+    type: string;
+}
+export interface GetRequestSettingResourceValidRequesterSetting {
+    type: string;
+}
+export interface GetRequestV2Requested {
+    /**
+     * The ID of the access scope associated with the resource.
+     */
+    accessScopeId: string;
+    /**
+     * The access scope type.
+     */
+    accessScopeType: string;
+    /**
+     * The ID of the resource catalog entry.
+     */
+    entryId: string;
+    /**
+     * The ID of the requested resource.
+     */
+    resourceId: string;
+    /**
+     * The requested resource type.
+     */
+    resourceType: string;
+    /**
+     * The type of the resource.
+     */
+    type: string;
+}
+export interface GetRequestV2RequestedBy {
+    /**
+     * The Okta user id.
+     */
+    externalId: string;
+    /**
+     * The type of principal.
+     */
+    type: string;
+}
+export interface GetRequestV2RequestedFor {
+    /**
+     * The ID of the Okta user.
+     */
+    externalId: string;
+    /**
+     * The type of principal.
+     */
+    type: string;
+}
+export interface GetReviewAllReviewerLevel {
+    /**
+     * The ISO 8601 formatted date and time when the resource was created.
+     */
+    created: string;
+    /**
+     * The id of user who created the resource.
+     */
+    createdBy: string;
+    /**
+     * The decision taken by the reviewer. Will be `UNASSIGNED` if no decision is made.
+     */
+    decision: string;
+    /**
+     * The ID of  review.
+     */
+    id: string;
+    /**
+     * The ISO 8601 formatted date and time when the object was last updated.
+     */
+    lastUpdated: string;
+    /**
+     * The id of user who last updated the object.
+     */
+    lastUpdatedBy: string;
+    reviewerGroupProfile?: outputs.GetReviewAllReviewerLevelReviewerGroupProfile;
+    reviewerLevel: string;
+    reviewerProfile?: outputs.GetReviewAllReviewerLevelReviewerProfile;
+    /**
+     * The type of reviewer to which the review is assigned.
+     */
+    reviewerType: string;
+}
+export interface GetReviewAllReviewerLevelReviewerGroupProfile {
+    globalName: string;
+    groupId: string;
+    groupType: string;
+    name: string;
+}
+export interface GetReviewAllReviewerLevelReviewerProfile {
+    email: string;
+    firstName: string;
+    /**
+     * The ID of  review.
+     */
+    id: string;
+    lastName: string;
+    status: string;
+}
+export interface GetReviewEntitlementBundle {
+    /**
+     * The ID of  review.
+     */
+    id: string;
+    name: string;
+}
+export interface GetReviewEntitlementValue {
+    /**
+     * The ID of  review.
+     */
+    id: string;
+    name: string;
+}
+export interface GetReviewLinks {
+    reassignReviewHref: string;
+    selfHref: string;
+}
+export interface GetReviewNote {
+    /**
+     * The ID of  review.
+     */
+    id: string;
+    note: string;
+}
+export interface GetReviewPrincipalProfile {
+    email: string;
+    firstName: string;
+    /**
+     * The ID of  review.
+     */
+    id: string;
+    lastName: string;
+    login: string;
+    status: string;
+}
+export interface GetReviewReviewerProfile {
+    email: string;
+    firstName: string;
+    /**
+     * The ID of  review.
+     */
+    id: string;
+    lastName: string;
+    login: string;
+    status: string;
+}
 export interface GetTemplatesEmailTemplate {
     /**
      * Link relations for this object - JSON HAL - Discoverable resources related to the email template
@@ -631,6 +1749,149 @@ export interface PreviewSigninPageWidgetCustomizations {
     usernameLabel?: string;
     widgetGeneration: string;
 }
+export interface RateLimitingUseCaseModeOverrides {
+    loginPage?: string;
+    oauth2Authorize?: string;
+    oieAppIntent?: string;
+}
+export interface RequestConditionAccessDurationSettings {
+    /**
+     * The duration set by the admin for access durations. Use ISO8061 notation for duration values.
+     */
+    duration?: string;
+    type?: string;
+}
+export interface RequestConditionAccessScopeSettings {
+    /**
+     * List of groups/entitlement bundles.
+     */
+    ids?: outputs.RequestConditionAccessScopeSettingsId[];
+    type: string;
+}
+export interface RequestConditionAccessScopeSettingsId {
+    /**
+     * Request condition id.
+     */
+    id?: string;
+}
+export interface RequestConditionRequesterSettings {
+    /**
+     * List of teams/groups ids.
+     */
+    ids?: outputs.RequestConditionRequesterSettingsId[];
+    type: string;
+}
+export interface RequestConditionRequesterSettingsId {
+    /**
+     * Request condition id.
+     */
+    id?: string;
+}
+export interface RequestSettingResourceRequestOnBehalfOfSettings {
+    /**
+     * Indicates that users who can request this resource could also request for another requester of the same resource. This property can only be true.
+     */
+    allowed: boolean;
+    /**
+     * Which requesters the resource requester can request on behalf of. Enum: `DIRECT_REPORT`.
+     */
+    onlyFors?: outputs.RequestSettingResourceRequestOnBehalfOfSettingsOnlyFor[];
+}
+export interface RequestSettingResourceRequestOnBehalfOfSettingsOnlyFor {
+    /**
+     * Which requesters the resource requester can request on behalf of. If onlyFor is not specified then any requester may request a resource on the behalf of any other user
+     */
+    type: string;
+}
+export interface RequestSettingResourceRiskSettings {
+    /**
+     * Default risk settings that are valid for an access request when a risk has been detected for the resource and requesting user.
+     */
+    defaultSetting?: outputs.RequestSettingResourceRiskSettingsDefaultSetting;
+}
+export interface RequestSettingResourceRiskSettingsDefaultSetting {
+    /**
+     * Settings that control who may specify the access duration allowed by this request condition or risk settings, as well as what duration may be requested.
+     */
+    accessDurationSettings?: outputs.RequestSettingResourceRiskSettingsDefaultSettingAccessDurationSettings;
+    /**
+     * The ID of the approval sequence.
+     */
+    approvalSequenceId?: string;
+    errors: string[];
+    requestSubmissionType: string;
+}
+export interface RequestSettingResourceRiskSettingsDefaultSettingAccessDurationSettings {
+    /**
+     * The duration set by the admin for access durations. Use ISO8061 notation for duration values.
+     */
+    duration?: string;
+    /**
+     * Enum: `ADMIN_FIXED_DURATION`, `REQUESTER_SPECIFIED_DURATION`.
+     */
+    type?: string;
+}
+export interface RequestV2Requested {
+    /**
+     * The ID of the access scope associated with the resource.
+     */
+    accessScopeId: string;
+    /**
+     * The access scope type.
+     */
+    accessScopeType: string;
+    /**
+     * The ID of the resource catalog entry.
+     */
+    entryId: string;
+    /**
+     * The ID of the requested resource.
+     */
+    resourceId: string;
+    /**
+     * The requested resource type.
+     */
+    resourceType: string;
+    /**
+     * The type of the resource.
+     */
+    type: string;
+}
+export interface RequestV2RequestedFor {
+    /**
+     * The ID of the Okta user.
+     */
+    externalId: string;
+    /**
+     * The type of principal.
+     */
+    type: string;
+}
+export interface RequestV2RequesterFieldValue {
+    /**
+     * The ID of a requester field.
+     */
+    id?: string;
+    /**
+     * A human-readable description of requester field.
+     */
+    label?: string;
+    /**
+     * Type of value for the requester field.
+     */
+    type?: string;
+    /**
+     * The value of requester field, which depends on the type of the field.
+     */
+    value?: string;
+    /**
+     * The values of requester field with the type MULTISELECT. If the field type is MULTISELECT, this property is required.
+     */
+    values?: outputs.RequestV2RequesterFieldValueValue[];
+}
+export interface RequestV2RequesterFieldValueValue {
+    value?: string;
+}
 export interface TemplateSmsTranslation {
     /**
      * The language to map the template to.