| acrFilter | AcrFilterEnum | Identifies how the resource rule acr access filter operates. NA: The resource rule will apply to all requests. This is the default value. NONE: The resource rule will only apply if no acrs were requested. ANY: The resource rule will only apply if acrs were requested. SPECIFIC: The resource rule will only apply if acrs were requested and one of the requested acrs matches one from a specified list. | [optional] |
| acrs | List<Acr> | The acrs associated with this resource rule if acrFilter is set to SPECIFIC. The resource rule will only apply if a requested acr is one of the specified acrs. | [optional] |
| apiVersion | ApiVersionEnum | The resource rules API version used to create or last update this resource rule. If the resource rule is at version 2, then it cannot be updated using a version 1 API. | [optional] [readonly] |
| dateTimeContext | DateTimeContext | | [optional] |
| description | String | The description of the resource rule. | [optional] |
| deviceCertificateContext | DeviceCertificateContext | | [optional] |
| disableSSO | Boolean | A flag indicating if single-sign on is disabled for this resource rule. | |
| domainIdpFilter | DomainIdpFilterEnum | Identifies how the resource rule domain idp access filter operates. This is the default value. NA: The resource rule will apply to all requests. NONE: The resource rule will only apply if the user does not have a domain-based IDP. ANY: The resource rule will only apply if the user has a domain-based IDP. SPECIFIC: The resource rule will only apply if the user has a domain-based IDP and the user's domain matches one from a specified list. | [optional] |
| domainIdps | List<IdentityProvider> | The domain-based identity providers associated with this resource rule if domainIdpFilter is set to SPECIFIC. The resource rule will only apply to users using one of the specified domain-based identity providers. | [optional] |
| enabled | Boolean | A flag indicating if this resource rule is enabled or not. Only enabled resource rules are considered during authentication. | [optional] |
| groups | List<Group> | The groups associated with this resource rule. The resource rule only applies to users in one of the specified groups. A resource rule must specify at least one group which can be the default All Groups if you want the resource rule to apply to all users. | |
| highRiskAuthenticationFlow | AuthenticationFlow | | [optional] |
| highRiskEnableSmartLogin | Boolean | A flag indicating if Smart Login is enabled for High risk. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| highRiskFirstStep | HighRiskFirstStepEnum | The authenticator type to use in the first step of a two-step authentication scenario when the risk score is High. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| highRiskSecondStep | List<HighRiskSecondStepEnum> | The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is High. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| id | String | The unique UUID assigned to the resource rule when it is created. | [optional] |
| ipContext | IpContext | | [optional] |
| kbaContext | KbaContext | | [optional] |
| locationContext | LocationContext | | [optional] |
| locationHistoryContext | LocationHistoryContext | | [optional] |
| lowRiskAuthenticationFlow | AuthenticationFlow | | [optional] |
| lowRiskEnableSmartLogin | Boolean | A flag indicating if Smart Login is enabled for Low risk. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| lowRiskFirstStep | LowRiskFirstStepEnum | The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Low. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| lowRiskSecondStep | List<LowRiskSecondStepEnum> | The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Low. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| lowRiskThreshold | Integer | Risk scores below this value are considered Low risk. | [optional] |
| machineContext | MachineContext | | [optional] |
| mediumRiskAuthenticationFlow | AuthenticationFlow | | [optional] |
| mediumRiskEnableSmartLogin | Boolean | A flag indicating if Smart Login is enabled for Medium risk. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| mediumRiskFirstStep | MediumRiskFirstStepEnum | The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Medium. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| mediumRiskSecondStep | List<MediumRiskSecondStepEnum> | The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Medium. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| mediumRiskThreshold | Integer | Risk scores below this value are considered Medium risk. Risk scores equal or greater than this value are considered High risk. | [optional] |
| name | String | The name of the resource rule. | |
| resourceId | String | The UUID of the resource to which this resource rule is assigned. | [optional] |
| resourceName | String | The name of the resource to which this resource rule is assigned. | [optional] |
| riskEngineContexts | List<TransactionContext> | If risk engine rules are defined, the transaction contexts specify the levels at which risk is applied to the authentication request if the corresponding risk engine rules trigger risk. | [optional] |
| skipSecondFactorIfUserNotExist | Boolean | A flag indicating if second factor can be skipped if the user does not exist and the first factor is EXTERNAL. | |
| strictAccess | Boolean | A flag indicating if this resource rule enforces strict access. Strict access means that if this rule denies access, the user is denied access even if other resource rules allow access. | |
| systemResourceContext | Boolean | A flag indicating if this resource rule is associated with a system resource including the Admin and User portals. A resource rule for a system resource cannot be deleted. They can only be disabled if there is at least one enabled resource rule for the resource. | [optional] |
| transactionContexts | List<TransactionContext> | If transaction details are specified during an authentication request, the transaction contexts specify the levels at which risk is applied to the authentication request if the corresponding transaction rules trigger risk. A maximum of two are allowed. | [optional] |
| travelVelocityContext | TravelVelocityContext | | [optional] |