oci_identity_domains_authentication_factor_setting

This resource provides the Authentication Factor Setting resource in Oracle Cloud Infrastructure Identity Domains service.

Replace Authentication Factor Settings

Example Usage

resource "oci_identity_domains_authentication_factor_setting" "test_authentication_factor_setting" {
	#Required
	authentication_factor_setting_id = oci_identity_domains_authentication_factor_setting.test_authentication_factor_setting.id
	bypass_code_enabled = var.authentication_factor_setting_bypass_code_enabled
	bypass_code_settings {
		#Required
		help_desk_code_expiry_in_mins = var.authentication_factor_setting_bypass_code_settings_help_desk_code_expiry_in_mins
		help_desk_generation_enabled = var.authentication_factor_setting_bypass_code_settings_help_desk_generation_enabled
		help_desk_max_usage = var.authentication_factor_setting_bypass_code_settings_help_desk_max_usage
		length = var.authentication_factor_setting_bypass_code_settings_length
		max_active = "6"
		self_service_generation_enabled = var.authentication_factor_setting_bypass_code_settings_self_service_generation_enabled
	}
	client_app_settings {
		#Required
		device_protection_policy = "NONE"
		initial_lockout_period_in_secs = "30"
		key_pair_length = "2048"
		lockout_escalation_pattern = "Constant"
		max_failures_before_lockout = "10"
		max_failures_before_warning = "5"
		max_lockout_interval_in_secs = "86400"
		min_pin_length = "6"
		policy_update_freq_in_days = var.authentication_factor_setting_client_app_settings_policy_update_freq_in_days
		request_signing_algo = var.authentication_factor_setting_client_app_settings_request_signing_algo
		shared_secret_encoding = var.authentication_factor_setting_client_app_settings_shared_secret_encoding
		unlock_app_for_each_request_enabled = "false"
		unlock_app_interval_in_secs = "300"
		unlock_on_app_foreground_enabled = "false"
		unlock_on_app_start_enabled = "false"
	}
	compliance_policy {
		#Required
		action = "Allow"
		name = "lockScreenRequired"
		value = "false"
	}
	endpoint_restrictions {
		#Required
		max_endpoint_trust_duration_in_days = "180"
		max_enrolled_devices = var.authentication_factor_setting_endpoint_restrictions_max_enrolled_devices
		max_incorrect_attempts = "20"
		max_trusted_endpoints = "20"
		trusted_endpoints_enabled = var.authentication_factor_setting_endpoint_restrictions_trusted_endpoints_enabled
	}
	idcs_endpoint = data.oci_identity_domain.test_domain.url
	mfa_enrollment_type = var.authentication_factor_setting_mfa_enrollment_type
	notification_settings {
		#Required
		pull_enabled = var.authentication_factor_setting_notification_settings_pull_enabled
	}
	push_enabled = var.authentication_factor_setting_push_enabled
	schemas = ["urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorSettings"]
	security_questions_enabled = var.authentication_factor_setting_security_questions_enabled
	sms_enabled = var.authentication_factor_setting_sms_enabled
	totp_enabled = var.authentication_factor_setting_totp_enabled
	totp_settings {
		#Required
		email_otp_validity_duration_in_mins = var.authentication_factor_setting_totp_settings_email_otp_validity_duration_in_mins
		email_passcode_length = "6"
		hashing_algorithm = var.authentication_factor_setting_totp_settings_hashing_algorithm
		jwt_validity_duration_in_secs = "300"
		key_refresh_interval_in_days = "60"
		passcode_length = "6"
		sms_otp_validity_duration_in_mins = "6"
		sms_passcode_length = "6"
		time_step_in_secs = "30"
		time_step_tolerance = "3"
	}

	#Optional
	attribute_sets = []
	attributes = ""
	authorization = var.authentication_factor_setting_authorization
	auto_enroll_email_factor_disabled = var.authentication_factor_setting_auto_enroll_email_factor_disabled
	email_enabled = var.authentication_factor_setting_email_enabled
	email_settings {
		#Required
		email_link_enabled = var.authentication_factor_setting_email_settings_email_link_enabled

		#Optional
		email_link_custom_url = var.authentication_factor_setting_email_settings_email_link_custom_url
	}
	fido_authenticator_enabled = var.authentication_factor_setting_fido_authenticator_enabled
	hide_backup_factor_enabled = var.authentication_factor_setting_hide_backup_factor_enabled
	id = var.authentication_factor_setting_id
	identity_store_settings {

		#Optional
		mobile_number_enabled = var.authentication_factor_setting_identity_store_settings_mobile_number_enabled
		mobile_number_update_enabled = var.authentication_factor_setting_identity_store_settings_mobile_number_update_enabled
	}
	ocid = var.authentication_factor_setting_ocid
	phone_call_enabled = var.authentication_factor_setting_phone_call_enabled
	resource_type_schema_version = var.authentication_factor_setting_resource_type_schema_version
	tags {
		#Required
		key = var.authentication_factor_setting_tags_key
		value = var.authentication_factor_setting_tags_value
	}
	third_party_factor {
		#Required
		duo_security = var.authentication_factor_setting_third_party_factor_duo_security
	}
	urnietfparamsscimschemasoracleidcsextensionfido_authentication_factor_settings {
		#Required
		attestation = "NONE"
		authenticator_selection_attachment = "BOTH"
		authenticator_selection_require_resident_key = "false"
		authenticator_selection_resident_key = "NONE"
		authenticator_selection_user_verification = var.authentication_factor_setting_urnietfparamsscimschemasoracleidcsextensionfido_authentication_factor_settings_authenticator_selection_user_verification
		exclude_credentials = "false"
		public_key_types = ["RS1"]
		timeout = "60000"

		#Optional
		domain_validation_level = "1"
	}
	urnietfparamsscimschemasoracleidcsextensionthird_party_authentication_factor_settings {

		#Optional
		duo_security_settings {
			#Required
			api_hostname = var.authentication_factor_setting_urnietfparamsscimschemasoracleidcsextensionthird_party_authentication_factor_settings_duo_security_settings_api_hostname
			integration_key = var.authentication_factor_setting_urnietfparamsscimschemasoracleidcsextensionthird_party_authentication_factor_settings_duo_security_settings_integration_key
			secret_key = var.authentication_factor_setting_urnietfparamsscimschemasoracleidcsextensionthird_party_authentication_factor_settings_duo_security_settings_secret_key
			user_mapping_attribute = var.authentication_factor_setting_urnietfparamsscimschemasoracleidcsextensionthird_party_authentication_factor_settings_duo_security_settings_user_mapping_attribute

			#Optional
			attestation_key = var.authentication_factor_setting_urnietfparamsscimschemasoracleidcsextensionthird_party_authentication_factor_settings_duo_security_settings_attestation_key
		}
	}
	user_enrollment_disabled_factors = var.authentication_factor_setting_user_enrollment_disabled_factors
	yubico_otp_enabled = var.authentication_factor_setting_yubico_otp_enabled
}

Argument Reference

The following arguments are supported:

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

Attributes Reference

The following attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain operations: * create - (Defaults to 20 minutes), when creating the Authentication Factor Setting * update - (Defaults to 20 minutes), when updating the Authentication Factor Setting * delete - (Defaults to 20 minutes), when destroying the Authentication Factor Setting

Import

AuthenticationFactorSettings can be imported using the id, e.g.

$ terraform import oci_identity_domains_authentication_factor_setting.test_authentication_factor_setting "idcsEndpoint/{idcsEndpoint}/authenticationFactorSettings/{authenticationFactorSettingId}"