| acrFilter | AcrFilterEnum | Identifies how the resource rule acr access filter operates. NA: The resource rule will apply to all requests. This is the default value. NONE: The resource rule will only apply if no acrs were requested. ANY: The resource rule will only apply if acrs were requested. SPECIFIC: The resource rule will only apply if acrs were requested and one of the requested acrs matches one from a specified list. | [optional] |
| acrIds | List<String> | The UUIDs of acrs associated with this resource rule if acrFilter is set to SPECIFIC. The resource rule will only apply if a requested acr is one of the specified acrs. If acrFilter is set to SPECIFIC, at least one acrId should be specified otherwise the resource rule will never apply. | [optional] |
| dateTimeContext | DateTimeContext | | [optional] |
| description | String | The description of the resource rule. | [optional] |
| deviceCertificateContext | DeviceCertificateContext | | [optional] |
| disableSSO | Boolean | A flag indicating if single-sign on is disabled for this resource rule. | [optional] |
| domainIdpFilter | DomainIdpFilterEnum | Identifies how the resource rule domain idp access filter operates. This is the default value. NA: The resource rule will apply to all requests. NONE: The resource rule will only apply if the user does not have a domain-based IDP. ANY: The resource rule will only apply if the user has a domain-based IDP. SPECIFIC: The resource rule will only apply if the user has a domain-based IDP and the user's domain matches one from a specified list. | [optional] |
| domainIdpIds | List<String> | The UUIDs of domain-based identity providers associated with this resource rule if domainIdpFilter is set to SPECIFIC. The resource rule will only apply to users using one of the specified domain-based identity providers. If domainIdpFilter is set to SPECIFIC, at least one domainIdpId should be specified otherwise the resource rule will never apply. | [optional] |
| enabled | Boolean | A flag indicating if this resource rule is enabled or not. Only enabled resource rules are considered during authentication. | [optional] |
| groupIds | List<String> | The UUIDs of groups associated with this resource rule. The resource rule will only apply to users in one of the specified groups. When creating a resource rule, if no groupsIds are specified, the resource rule will apply to all users. | [optional] |
| groups | List<Group> | The groups associated with this resource rule. The resource rule only applies to users in one of the specified groups. If no groups are specified, the resource rule applies to all users. This attribute is ignored if the groupIds attribute is specified. The groupIds attribute should be used instead. | [optional] |
| highRiskAuthenticationFlow | String | The UUID of the authentication flow to use when the risk score is High. Required with v2 APIs. | [optional] |
| highRiskEnableSmartLogin | Boolean | A flag indicating if Smart Login is enabled for High risk.This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| highRiskFirstStep | HighRiskFirstStepEnum | The authenticator type to use in the first step of a two-step authentication scenario when the risk score is High. Only the values NONE, EXTERNAL, PASSWORD or DENY should be used for highRiskFirstStep. Other values are defined for backwards compatibility. Some values are not supported by all application types.This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| highRiskSecondStep | List<HighRiskSecondStepEnum> | The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is High. Some values are not supported by all application types.This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| ipContext | IpContext | | [optional] |
| kbaContext | KbaContext | | [optional] |
| locationContext | LocationContext | | [optional] |
| locationHistoryContext | LocationHistoryContext | | [optional] |
| lowRiskAuthenticationFlow | String | The UUID of the authentication flow to use when the risk score is Low. Required with v2 APIs. | [optional] |
| lowRiskEnableSmartLogin | Boolean | A flag indicating if Smart Login is enabled for Low risk.This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| lowRiskFirstStep | LowRiskFirstStepEnum | The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Low. Only the values NONE, EXTERNAL, PASSWORD should be used for lowRiskFirstStep. The value DENY can only be specified for low risk authentication when using Smart Login, otherwise DENY can only be specified for medium or high risk values. Other values are defined for backwards compatibility. Some values are not supported by all application types. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| lowRiskSecondStep | List<LowRiskSecondStepEnum> | The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Low. Some values are not supported by all application types. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| lowRiskThreshold | Integer | Risk scores below this value are considered Low risk. | [optional] |
| machineContext | MachineContext | | [optional] |
| mediumRiskAuthenticationFlow | String | The UUID of the authentication flow to use when the risk score is Medium. Required with v2 APIs. | [optional] |
| mediumRiskEnableSmartLogin | Boolean | A flag indicating if Smart Login is enabled for Medium risk.This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| mediumRiskFirstStep | MediumRiskFirstStepEnum | The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Medium. Only the values NONE, EXTERNAL, PASSWORD or DENY should be used for mediumRiskFirstStep. Other values are defined for backwards compatibility. Some values are not supported by all application types. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| mediumRiskSecondStep | List<MediumRiskSecondStepEnum> | The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Medium. Some values are not supported by all application types.This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. | [optional] |
| mediumRiskThreshold | Integer | Risk scores below this value are considered Medium risk. Risk scores equal or greater than this value are considered High risk. | [optional] |
| name | String | The name of the resource rule. | [optional] |
| removeDateTimeContext | Boolean | When updating a resource rule, if removeDateTimeContext is set to true, the existing date time context is removed. This attribute is ignored when creating a resource rule. | [optional] |
| removeDeviceCertificateContext | Boolean | When updating a resource rule, if removeDeviceCertificateContext is set to true, the existing device certificate context is removed. This attribute is ignored when creating a resource rule. | [optional] |
| removeIPContext | Boolean | When updating a resource rule, if removeIPContext is set to true, the existing IP context is removed. This attribute is ignored when creating a resource rule. | [optional] |
| removeKBAContext | Boolean | When updating a resource rule, if removeKBAContext is set to true, the existing KBA context is removed. This attribute is ignored when creating a resource rule. | [optional] |
| removeLocationContext | Boolean | When updating a resource rule, if removeLocationContext is set to true, the existing location context is removed. This attribute is ignored when creating a resource rule. | [optional] |
| removeLocationHistoryContext | Boolean | When updating a resource rule, if removeLocationHistoryContext is set to true, the existing location history context is removed. This attribute is ignored when creating a resource rule. | [optional] |
| removeMachineContext | Boolean | When updating a resource rule, if removeMachineContext is set to true, the existing machine context is removed. This attribute is ignored when creating a resource rule. | [optional] |
| removeTravelVelocityContext | Boolean | When updating a resource rule, if removeTravelVelocityContext is set to true, the existing travel velocity context is removed. This attribute is ignored when creating a resource rule. | [optional] |
| resourceId | String | The UUID of the resource to which this resource rule is assigned. This value is only used when creating a resource rule. | [optional] |
| riskEngineContexts | List<TransactionContext> | If risk engine rules are defined, the transaction contexts specify the level at which risk is applied to the authentication request if the corresponding risk engine rules trigger risk. If set to null, no changes are made. If set to an empty set, transaction contexts are removed. | [optional] |
| skipSecondFactorIfUserNotExist | Boolean | A flag indicating if second factor will be skipped if user doesn't exist when the first factor was EXTERNAL. | [optional] |
| strictAccess | Boolean | A flag indicating if this resource rule enforces strict access. Strict access means that if this rule denies access, the user is denied access even if other resource rules allow access. | [optional] |
| transactionContexts | List<TransactionContext> | If transaction details are specified during an authentication request, the transaction contexts specify the level at which risk is applied to the authentication request if the corresponding transaction rules trigger risk. A maximum of two are allowed. If set to null, no changes are made. If set to an empty set, transaction contexts are removed. | [optional] |
| travelVelocityContext | TravelVelocityContext | | [optional] |