ResourceRule
A ResourceRule defines the information returned about a resource rule. A resource rule is used to determine what authentication is used to authenticate to the specified resource (aka application).
Properties
| Name | Type | Description | Notes |
|---|---|---|---|
| AcrFilter | string | Identifies how the resource rule acr access filter operates. NA: The resource rule will apply to all requests. This is the default value. NONE: The resource rule will only apply if no acrs were requested. ANY: The resource rule will only apply if acrs were requested. SPECIFIC: The resource rule will only apply if acrs were requested and one of the requested acrs matches one from a specified list. | [optional] |
| Acrs | List<Acr> | The acrs associated with this resource rule if acrFilter is set to SPECIFIC. The resource rule will only apply if a requested acr is one of the specified acrs. | [optional] |
| ApiVersion | int? | The resource rules API version used to create or last update this resource rule. If the resource rule is at version 2, then it cannot be updated using a version 1 API. | [optional] [readonly] |
| DateTimeContext | DateTimeContext | [optional] | |
| Description | string | The description of the resource rule. | [optional] |
| DeviceCertificateContext | DeviceCertificateContext | [optional] | |
| DisableSSO | bool | A flag indicating if single-sign on is disabled for this resource rule. | |
| DomainIdpFilter | string | Identifies how the resource rule domain idp access filter operates. This is the default value. NA: The resource rule will apply to all requests. NONE: The resource rule will only apply if the user does not have a domain-based IDP. ANY: The resource rule will only apply if the user has a domain-based IDP. SPECIFIC: The resource rule will only apply if the user has a domain-based IDP and the user's domain matches one from a specified list. | [optional] |
| DomainIdps | List<IdentityProvider> | The domain-based identity providers associated with this resource rule if domainIdpFilter is set to SPECIFIC. The resource rule will only apply to users using one of the specified domain-based identity providers. | [optional] |
| Enabled | bool? | A flag indicating if this resource rule is enabled or not. Only enabled resource rules are considered during authentication. | [optional] |
| Groups | List<Group> | The groups associated with this resource rule. The resource rule only applies to users in one of the specified groups. A resource rule must specify at least one group which can be the default All Groups if you want the resource rule to apply to all users. | |
| HighRiskAuthenticationFlow | AuthenticationFlow | [optional] | |
| HighRiskEnableSmartLogin | bool? | A flag indicating if Smart Login is enabled for High risk. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| HighRiskFirstStep | string | The authenticator type to use in the first step of a two-step authentication scenario when the risk score is High. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| HighRiskSecondStep | List<ResourceRule.HighRiskSecondStepEnum> | The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is High. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| Id | string | The unique UUID assigned to the resource rule when it is created. | [optional] |
| IpContext | IpContext | [optional] | |
| KbaContext | KbaContext | [optional] | |
| LocationContext | LocationContext | [optional] | |
| LocationHistoryContext | LocationHistoryContext | [optional] | |
| LowRiskAuthenticationFlow | AuthenticationFlow | [optional] | |
| LowRiskEnableSmartLogin | bool? | A flag indicating if Smart Login is enabled for Low risk. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| LowRiskFirstStep | string | The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Low. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| LowRiskSecondStep | List<ResourceRule.LowRiskSecondStepEnum> | The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Low. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| LowRiskThreshold | int? | Risk scores below this value are considered Low risk. | [optional] |
| MachineContext | MachineContext | [optional] | |
| MediumRiskAuthenticationFlow | AuthenticationFlow | [optional] | |
| MediumRiskEnableSmartLogin | bool? | A flag indicating if Smart Login is enabled for Medium risk. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| MediumRiskFirstStep | string | The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Medium. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| MediumRiskSecondStep | List<ResourceRule.MediumRiskSecondStepEnum> | The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Medium. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| MediumRiskThreshold | int? | Risk scores below this value are considered Medium risk. Risk scores equal or greater than this value are considered High risk. | [optional] |
| Name | string | The name of the resource rule. | |
| ResourceId | string | The UUID of the resource to which this resource rule is assigned. | [optional] |
| ResourceName | string | The name of the resource to which this resource rule is assigned. | [optional] |
| RiskEngineContexts | List<TransactionContext> | If risk engine rules are defined, the transaction contexts specify the levels at which risk is applied to the authentication request if the corresponding risk engine rules trigger risk. | [optional] |
| SkipSecondFactorIfUserNotExist | bool | A flag indicating if second factor can be skipped if the user does not exist and the first factor is EXTERNAL. | |
| StrictAccess | bool | A flag indicating if this resource rule enforces strict access. Strict access means that if this rule denies access, the user is denied access even if other resource rules allow access. | |
| SystemResourceContext | bool? | A flag indicating if this resource rule is associated with a system resource including the Admin and User portals. A resource rule for a system resource cannot be deleted. They can only be disabled if there is at least one enabled resource rule for the resource. | [optional] |
| TransactionContexts | List<TransactionContext> | If transaction details are specified during an authentication request, the transaction contexts specify the levels at which risk is applied to the authentication request if the corresponding transaction rules trigger risk. A maximum of two are allowed. | [optional] |
| TravelVelocityContext | TravelVelocityContext | [optional] |