Skip to main content

ResourceRule

A ResourceRule defines the information returned about a resource rule. A resource rule is used to determine what authentication is used to authenticate to the specified resource (aka application).

Properties

NameTypeDescriptionNotes
acrFilterAcrFilterEnumIdentifies how the resource rule acr access filter operates. NA: The resource rule will apply to all requests. This is the default value. NONE: The resource rule will only apply if no acrs were requested. ANY: The resource rule will only apply if acrs were requested. SPECIFIC: The resource rule will only apply if acrs were requested and one of the requested acrs matches one from a specified list.[optional]
acrsList<Acr>The acrs associated with this resource rule if acrFilter is set to SPECIFIC. The resource rule will only apply if a requested acr is one of the specified acrs.[optional]
apiVersionApiVersionEnumThe resource rules API version used to create or last update this resource rule. If the resource rule is at version 2, then it cannot be updated using a version 1 API.[optional] [readonly]
dateTimeContextDateTimeContext[optional]
descriptionStringThe description of the resource rule.[optional]
deviceCertificateContextDeviceCertificateContext[optional]
disableSSOBooleanA flag indicating if single-sign on is disabled for this resource rule.
domainIdpFilterDomainIdpFilterEnumIdentifies how the resource rule domain idp access filter operates. This is the default value. NA: The resource rule will apply to all requests. NONE: The resource rule will only apply if the user does not have a domain-based IDP. ANY: The resource rule will only apply if the user has a domain-based IDP. SPECIFIC: The resource rule will only apply if the user has a domain-based IDP and the user's domain matches one from a specified list.[optional]
domainIdpsList<IdentityProvider>The domain-based identity providers associated with this resource rule if domainIdpFilter is set to SPECIFIC. The resource rule will only apply to users using one of the specified domain-based identity providers.[optional]
enabledBooleanA flag indicating if this resource rule is enabled or not. Only enabled resource rules are considered during authentication.[optional]
groupsList<Group>The groups associated with this resource rule. The resource rule only applies to users in one of the specified groups. A resource rule must specify at least one group which can be the default All Groups if you want the resource rule to apply to all users.
highRiskAuthenticationFlowAuthenticationFlow[optional]
highRiskEnableSmartLoginBooleanA flag indicating if Smart Login is enabled for High risk. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs.[optional]
highRiskFirstStepHighRiskFirstStepEnumThe authenticator type to use in the first step of a two-step authentication scenario when the risk score is High. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs.[optional]
highRiskSecondStepList<HighRiskSecondStepEnum>The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is High. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs.[optional]
idStringThe unique UUID assigned to the resource rule when it is created.[optional]
ipContextIpContext[optional]
kbaContextKbaContext[optional]
locationContextLocationContext[optional]
locationHistoryContextLocationHistoryContext[optional]
lowRiskAuthenticationFlowAuthenticationFlow[optional]
lowRiskEnableSmartLoginBooleanA flag indicating if Smart Login is enabled for Low risk. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs.[optional]
lowRiskFirstStepLowRiskFirstStepEnumThe authenticator type to use in the first step of a two-step authentication scenario when the risk score is Low. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs.[optional]
lowRiskSecondStepList<LowRiskSecondStepEnum>The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Low. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs.[optional]
lowRiskThresholdIntegerRisk scores below this value are considered Low risk.[optional]
machineContextMachineContext[optional]
mediumRiskAuthenticationFlowAuthenticationFlow[optional]
mediumRiskEnableSmartLoginBooleanA flag indicating if Smart Login is enabled for Medium risk. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs.[optional]
mediumRiskFirstStepMediumRiskFirstStepEnumThe authenticator type to use in the first step of a two-step authentication scenario when the risk score is Medium. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs.[optional]
mediumRiskSecondStepList<MediumRiskSecondStepEnum>The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Medium. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs.[optional]
mediumRiskThresholdIntegerRisk scores below this value are considered Medium risk. Risk scores equal or greater than this value are considered High risk.[optional]
nameStringThe name of the resource rule.
resourceIdStringThe UUID of the resource to which this resource rule is assigned.[optional]
resourceNameStringThe name of the resource to which this resource rule is assigned.[optional]
riskEngineContextsList<TransactionContext>If risk engine rules are defined, the transaction contexts specify the levels at which risk is applied to the authentication request if the corresponding risk engine rules trigger risk.[optional]
skipSecondFactorIfUserNotExistBooleanA flag indicating if second factor can be skipped if the user does not exist and the first factor is EXTERNAL.
strictAccessBooleanA flag indicating if this resource rule enforces strict access. Strict access means that if this rule denies access, the user is denied access even if other resource rules allow access.
systemResourceContextBooleanA flag indicating if this resource rule is associated with a system resource including the Admin and User portals. A resource rule for a system resource cannot be deleted. They can only be disabled if there is at least one enabled resource rule for the resource.[optional]
transactionContextsList<TransactionContext>If transaction details are specified during an authentication request, the transaction contexts specify the levels at which risk is applied to the authentication request if the corresponding transaction rules trigger risk. A maximum of two are allowed.[optional]
travelVelocityContextTravelVelocityContext[optional]

AcrFilterEnum

NameValue
NA"NA"
NONE"NONE"
ANY"ANY"
SPECIFIC"SPECIFIC"

ApiVersionEnum

NameValue
NUMBER_11
NUMBER_22

DomainIdpFilterEnum

NameValue
NA"NA"
NONE"NONE"
ANY"ANY"
SPECIFIC"SPECIFIC"

HighRiskFirstStepEnum

NameValue
NONE"NONE"
EXTERNAL"EXTERNAL"
PASSWORD"PASSWORD"
KBA"KBA"
OTP"OTP"
TOKEN"TOKEN"
TOKENPUSH"TOKENPUSH"
SMARTCREDENTIALPUSH"SMARTCREDENTIALPUSH"
IDP"IDP"
PASSKEY"PASSKEY"
SMART_LOGIN"SMART_LOGIN"
USER_CERTIFICATE"USER_CERTIFICATE"
FACE"FACE"
DENY"DENY"
MAGICLINK"MAGICLINK"

List<HighRiskSecondStepEnum>

NameValue
NONE"NONE"
KBA"KBA"
TEMP_ACCESS_CODE"TEMP_ACCESS_CODE"
OTP"OTP"
GRID"GRID"
TOKEN"TOKEN"
TOKENCR"TOKENCR"
TOKENPUSH"TOKENPUSH"
FIDO"FIDO"
USER_CERTIFICATE"USER_CERTIFICATE"
SMARTCREDENTIALPUSH"SMARTCREDENTIALPUSH"
FACE"FACE"
PASSTHROUGH"PASSTHROUGH"
MAGICLINK"MAGICLINK"

LowRiskFirstStepEnum

NameValue
NONE"NONE"
EXTERNAL"EXTERNAL"
PASSWORD"PASSWORD"
KBA"KBA"
OTP"OTP"
TOKEN"TOKEN"
TOKENPUSH"TOKENPUSH"
SMARTCREDENTIALPUSH"SMARTCREDENTIALPUSH"
IDP"IDP"
PASSKEY"PASSKEY"
SMART_LOGIN"SMART_LOGIN"
USER_CERTIFICATE"USER_CERTIFICATE"
FACE"FACE"
DENY"DENY"
MAGICLINK"MAGICLINK"

List<LowRiskSecondStepEnum>

NameValue
NONE"NONE"
KBA"KBA"
TEMP_ACCESS_CODE"TEMP_ACCESS_CODE"
OTP"OTP"
GRID"GRID"
TOKEN"TOKEN"
TOKENCR"TOKENCR"
TOKENPUSH"TOKENPUSH"
FIDO"FIDO"
USER_CERTIFICATE"USER_CERTIFICATE"
SMARTCREDENTIALPUSH"SMARTCREDENTIALPUSH"
FACE"FACE"
PASSTHROUGH"PASSTHROUGH"
MAGICLINK"MAGICLINK"

MediumRiskFirstStepEnum

NameValue
NONE"NONE"
EXTERNAL"EXTERNAL"
PASSWORD"PASSWORD"
KBA"KBA"
OTP"OTP"
TOKEN"TOKEN"
TOKENPUSH"TOKENPUSH"
SMARTCREDENTIALPUSH"SMARTCREDENTIALPUSH"
IDP"IDP"
PASSKEY"PASSKEY"
SMART_LOGIN"SMART_LOGIN"
USER_CERTIFICATE"USER_CERTIFICATE"
FACE"FACE"
DENY"DENY"
MAGICLINK"MAGICLINK"

List<MediumRiskSecondStepEnum>

NameValue
NONE"NONE"
KBA"KBA"
TEMP_ACCESS_CODE"TEMP_ACCESS_CODE"
OTP"OTP"
GRID"GRID"
TOKEN"TOKEN"
TOKENCR"TOKENCR"
TOKENPUSH"TOKENPUSH"
FIDO"FIDO"
USER_CERTIFICATE"USER_CERTIFICATE"
SMARTCREDENTIALPUSH"SMARTCREDENTIALPUSH"
FACE"FACE"
PASSTHROUGH"PASSTHROUGH"
MAGICLINK"MAGICLINK"