GitVita
New repositoryImport repositoryNew issue
Your repositories Your dashboard Sign in

cloudflare/cloudflare-typescript

Public

mirrored fromhttps://github.com/cloudflare/cloudflare-typescriptAvailable

Watch0Fork0Star0
CodeCommitsIssuesPull requestsActionsInsightsSecurity
jacobbednarz-patch-1

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

cloudflare-typescript/src/resources/access

src/resources/access/groups.ts

7715lines · modecode

RawDownload
Latest commit unavailable.
1// File generated from our OpenAPI spec by Stainless.
2
3import * as Core from 'cloudflare/core';
4import { APIResource } from 'cloudflare/resource';
5import * as GroupsAPI from 'cloudflare/resources/access/groups';
6
7export class Groups extends APIResource {
8 /**
9 * Fetches a single Access group.
10 */
11 retrieve(
12 accountOrZone: string,
13 accountOrZoneId: string,
14 uuid: string,
15 options?: Core.RequestOptions,
16 ): Core.APIPromise<GroupRetrieveResponse> {
17 return (
18 this._client.get(
19 `/${accountOrZone}/${accountOrZoneId}/access/groups/${uuid}`,
20 options,
21 ) as Core.APIPromise<{ result: GroupRetrieveResponse }>
22 )._thenUnwrap((obj) => obj.result);
23 }
24
25 /**
26 * Updates a configured Access group.
27 */
28 update(
29 accountOrZone: string,
30 accountOrZoneId: string,
31 uuid: string,
32 body: GroupUpdateParams,
33 options?: Core.RequestOptions,
34 ): Core.APIPromise<GroupUpdateResponse> {
35 return (
36 this._client.put(`/${accountOrZone}/${accountOrZoneId}/access/groups/${uuid}`, {
37 body,
38 ...options,
39 }) as Core.APIPromise<{ result: GroupUpdateResponse }>
40 )._thenUnwrap((obj) => obj.result);
41 }
42
43 /**
44 * Deletes an Access group.
45 */
46 delete(
47 accountOrZone: string,
48 accountOrZoneId: string,
49 uuid: string,
50 options?: Core.RequestOptions,
51 ): Core.APIPromise<GroupDeleteResponse> {
52 return (
53 this._client.delete(
54 `/${accountOrZone}/${accountOrZoneId}/access/groups/${uuid}`,
55 options,
56 ) as Core.APIPromise<{ result: GroupDeleteResponse }>
57 )._thenUnwrap((obj) => obj.result);
58 }
59
60 /**
61 * Creates a new Access group.
62 */
63 accessGroupsCreateAnAccessGroup(
64 accountOrZone: string,
65 accountOrZoneId: string,
66 body: GroupAccessGroupsCreateAnAccessGroupParams,
67 options?: Core.RequestOptions,
68 ): Core.APIPromise<GroupAccessGroupsCreateAnAccessGroupResponse> {
69 return (
70 this._client.post(`/${accountOrZone}/${accountOrZoneId}/access/groups`, {
71 body,
72 ...options,
73 }) as Core.APIPromise<{ result: GroupAccessGroupsCreateAnAccessGroupResponse }>
74 )._thenUnwrap((obj) => obj.result);
75 }
76
77 /**
78 * Lists all Access groups.
79 */
80 accessGroupsListAccessGroups(
81 accountOrZone: string,
82 accountOrZoneId: string,
83 options?: Core.RequestOptions,
84 ): Core.APIPromise<GroupAccessGroupsListAccessGroupsResponse | null> {
85 return (
86 this._client.get(`/${accountOrZone}/${accountOrZoneId}/access/groups`, options) as Core.APIPromise<{
87 result: GroupAccessGroupsListAccessGroupsResponse | null;
88 }>
89 )._thenUnwrap((obj) => obj.result);
90 }
91}
92
93export interface GroupRetrieveResponse {
94 /**
95 * UUID
96 */
97 id?: string;
98
99 created_at?: string;
100
101 /**
102 * Rules evaluated with a NOT logical operator. To match a policy, a user cannot
103 * meet any of the Exclude rules.
104 */
105 exclude?: Array<
106 | GroupRetrieveResponse.AccessEmailRule
107 | GroupRetrieveResponse.AccessEmailListRule
108 | GroupRetrieveResponse.AccessDomainRule
109 | GroupRetrieveResponse.AccessEveryoneRule
110 | GroupRetrieveResponse.AccessIPRule
111 | GroupRetrieveResponse.AccessIPListRule
112 | GroupRetrieveResponse.AccessCertificateRule
113 | GroupRetrieveResponse.AccessAccessGroupRule
114 | GroupRetrieveResponse.AccessAzureGroupRule
115 | GroupRetrieveResponse.AccessGitHubOrganizationRule
116 | GroupRetrieveResponse.AccessGsuiteGroupRule
117 | GroupRetrieveResponse.AccessOktaGroupRule
118 | GroupRetrieveResponse.AccessSamlGroupRule
119 | GroupRetrieveResponse.AccessServiceTokenRule
120 | GroupRetrieveResponse.AccessAnyValidServiceTokenRule
121 | GroupRetrieveResponse.AccessExternalEvaluationRule
122 | GroupRetrieveResponse.AccessCountryRule
123 | GroupRetrieveResponse.AccessAuthenticationMethodRule
124 | GroupRetrieveResponse.AccessDevicePostureRule
125 >;
126
127 /**
128 * Rules evaluated with an OR logical operator. A user needs to meet only one of
129 * the Include rules.
130 */
131 include?: Array<
132 | GroupRetrieveResponse.AccessEmailRule
133 | GroupRetrieveResponse.AccessEmailListRule
134 | GroupRetrieveResponse.AccessDomainRule
135 | GroupRetrieveResponse.AccessEveryoneRule
136 | GroupRetrieveResponse.AccessIPRule
137 | GroupRetrieveResponse.AccessIPListRule
138 | GroupRetrieveResponse.AccessCertificateRule
139 | GroupRetrieveResponse.AccessAccessGroupRule
140 | GroupRetrieveResponse.AccessAzureGroupRule
141 | GroupRetrieveResponse.AccessGitHubOrganizationRule
142 | GroupRetrieveResponse.AccessGsuiteGroupRule
143 | GroupRetrieveResponse.AccessOktaGroupRule
144 | GroupRetrieveResponse.AccessSamlGroupRule
145 | GroupRetrieveResponse.AccessServiceTokenRule
146 | GroupRetrieveResponse.AccessAnyValidServiceTokenRule
147 | GroupRetrieveResponse.AccessExternalEvaluationRule
148 | GroupRetrieveResponse.AccessCountryRule
149 | GroupRetrieveResponse.AccessAuthenticationMethodRule
150 | GroupRetrieveResponse.AccessDevicePostureRule
151 >;
152
153 /**
154 * Rules evaluated with an AND logical operator. To match a policy, a user must
155 * meet all of the Require rules.
156 */
157 is_default?: Array<
158 | GroupRetrieveResponse.AccessEmailRule
159 | GroupRetrieveResponse.AccessEmailListRule
160 | GroupRetrieveResponse.AccessDomainRule
161 | GroupRetrieveResponse.AccessEveryoneRule
162 | GroupRetrieveResponse.AccessIPRule
163 | GroupRetrieveResponse.AccessIPListRule
164 | GroupRetrieveResponse.AccessCertificateRule
165 | GroupRetrieveResponse.AccessAccessGroupRule
166 | GroupRetrieveResponse.AccessAzureGroupRule
167 | GroupRetrieveResponse.AccessGitHubOrganizationRule
168 | GroupRetrieveResponse.AccessGsuiteGroupRule
169 | GroupRetrieveResponse.AccessOktaGroupRule
170 | GroupRetrieveResponse.AccessSamlGroupRule
171 | GroupRetrieveResponse.AccessServiceTokenRule
172 | GroupRetrieveResponse.AccessAnyValidServiceTokenRule
173 | GroupRetrieveResponse.AccessExternalEvaluationRule
174 | GroupRetrieveResponse.AccessCountryRule
175 | GroupRetrieveResponse.AccessAuthenticationMethodRule
176 | GroupRetrieveResponse.AccessDevicePostureRule
177 >;
178
179 /**
180 * The name of the Access group.
181 */
182 name?: string;
183
184 /**
185 * Rules evaluated with an AND logical operator. To match a policy, a user must
186 * meet all of the Require rules.
187 */
188 require?: Array<
189 | GroupRetrieveResponse.AccessEmailRule
190 | GroupRetrieveResponse.AccessEmailListRule
191 | GroupRetrieveResponse.AccessDomainRule
192 | GroupRetrieveResponse.AccessEveryoneRule
193 | GroupRetrieveResponse.AccessIPRule
194 | GroupRetrieveResponse.AccessIPListRule
195 | GroupRetrieveResponse.AccessCertificateRule
196 | GroupRetrieveResponse.AccessAccessGroupRule
197 | GroupRetrieveResponse.AccessAzureGroupRule
198 | GroupRetrieveResponse.AccessGitHubOrganizationRule
199 | GroupRetrieveResponse.AccessGsuiteGroupRule
200 | GroupRetrieveResponse.AccessOktaGroupRule
201 | GroupRetrieveResponse.AccessSamlGroupRule
202 | GroupRetrieveResponse.AccessServiceTokenRule
203 | GroupRetrieveResponse.AccessAnyValidServiceTokenRule
204 | GroupRetrieveResponse.AccessExternalEvaluationRule
205 | GroupRetrieveResponse.AccessCountryRule
206 | GroupRetrieveResponse.AccessAuthenticationMethodRule
207 | GroupRetrieveResponse.AccessDevicePostureRule
208 >;
209
210 updated_at?: string;
211}
212
213export namespace GroupRetrieveResponse {
214 /**
215 * Matches a specific email.
216 */
217 export interface AccessEmailRule {
218 email: AccessEmailRule.Email;
219 }
220
221 export namespace AccessEmailRule {
222 export interface Email {
223 /**
224 * The email of the user.
225 */
226 email: string;
227 }
228 }
229
230 /**
231 * Matches an email address from a list.
232 */
233 export interface AccessEmailListRule {
234 email_list: AccessEmailListRule.EmailList;
235 }
236
237 export namespace AccessEmailListRule {
238 export interface EmailList {
239 /**
240 * The ID of a previously created email list.
241 */
242 id: string;
243 }
244 }
245
246 /**
247 * Match an entire email domain.
248 */
249 export interface AccessDomainRule {
250 email_domain: AccessDomainRule.EmailDomain;
251 }
252
253 export namespace AccessDomainRule {
254 export interface EmailDomain {
255 /**
256 * The email domain to match.
257 */
258 domain: string;
259 }
260 }
261
262 /**
263 * Matches everyone.
264 */
265 export interface AccessEveryoneRule {
266 /**
267 * An empty object which matches on all users.
268 */
269 everyone: unknown;
270 }
271
272 /**
273 * Matches an IP address block.
274 */
275 export interface AccessIPRule {
276 ip: AccessIPRule.IP;
277 }
278
279 export namespace AccessIPRule {
280 export interface IP {
281 /**
282 * An IPv4 or IPv6 CIDR block.
283 */
284 ip: string;
285 }
286 }
287
288 /**
289 * Matches an IP address from a list.
290 */
291 export interface AccessIPListRule {
292 ip_list: AccessIPListRule.IPList;
293 }
294
295 export namespace AccessIPListRule {
296 export interface IPList {
297 /**
298 * The ID of a previously created IP list.
299 */
300 id: string;
301 }
302 }
303
304 /**
305 * Matches any valid client certificate.
306 */
307 export interface AccessCertificateRule {
308 certificate: unknown;
309 }
310
311 /**
312 * Matches an Access group.
313 */
314 export interface AccessAccessGroupRule {
315 group: AccessAccessGroupRule.Group;
316 }
317
318 export namespace AccessAccessGroupRule {
319 export interface Group {
320 /**
321 * The ID of a previously created Access group.
322 */
323 id: string;
324 }
325 }
326
327 /**
328 * Matches an Azure group. Requires an Azure identity provider.
329 */
330 export interface AccessAzureGroupRule {
331 azureAD: AccessAzureGroupRule.AzureAd;
332 }
333
334 export namespace AccessAzureGroupRule {
335 export interface AzureAd {
336 /**
337 * The ID of an Azure group.
338 */
339 id: string;
340
341 /**
342 * The ID of your Azure identity provider.
343 */
344 connection_id: string;
345 }
346 }
347
348 /**
349 * Matches a Github organization. Requires a Github identity provider.
350 */
351 export interface AccessGitHubOrganizationRule {
352 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
353 }
354
355 export namespace AccessGitHubOrganizationRule {
356 export interface GitHubOrganization {
357 /**
358 * The ID of your Github identity provider.
359 */
360 connection_id: string;
361
362 /**
363 * The name of the organization.
364 */
365 name: string;
366 }
367 }
368
369 /**
370 * Matches a group in Google Workspace. Requires a Google Workspace identity
371 * provider.
372 */
373 export interface AccessGsuiteGroupRule {
374 gsuite: AccessGsuiteGroupRule.Gsuite;
375 }
376
377 export namespace AccessGsuiteGroupRule {
378 export interface Gsuite {
379 /**
380 * The ID of your Google Workspace identity provider.
381 */
382 connection_id: string;
383
384 /**
385 * The email of the Google Workspace group.
386 */
387 email: string;
388 }
389 }
390
391 /**
392 * Matches an Okta group. Requires an Okta identity provider.
393 */
394 export interface AccessOktaGroupRule {
395 okta: AccessOktaGroupRule.Okta;
396 }
397
398 export namespace AccessOktaGroupRule {
399 export interface Okta {
400 /**
401 * The ID of your Okta identity provider.
402 */
403 connection_id: string;
404
405 /**
406 * The email of the Okta group.
407 */
408 email: string;
409 }
410 }
411
412 /**
413 * Matches a SAML group. Requires a SAML identity provider.
414 */
415 export interface AccessSamlGroupRule {
416 saml: AccessSamlGroupRule.Saml;
417 }
418
419 export namespace AccessSamlGroupRule {
420 export interface Saml {
421 /**
422 * The name of the SAML attribute.
423 */
424 attribute_name: string;
425
426 /**
427 * The SAML attribute value to look for.
428 */
429 attribute_value: string;
430 }
431 }
432
433 /**
434 * Matches a specific Access Service Token
435 */
436 export interface AccessServiceTokenRule {
437 service_token: AccessServiceTokenRule.ServiceToken;
438 }
439
440 export namespace AccessServiceTokenRule {
441 export interface ServiceToken {
442 /**
443 * The ID of a Service Token.
444 */
445 token_id: string;
446 }
447 }
448
449 /**
450 * Matches any valid Access Service Token
451 */
452 export interface AccessAnyValidServiceTokenRule {
453 /**
454 * An empty object which matches on all service tokens.
455 */
456 any_valid_service_token: unknown;
457 }
458
459 /**
460 * Create Allow or Block policies which evaluate the user based on custom criteria.
461 */
462 export interface AccessExternalEvaluationRule {
463 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
464 }
465
466 export namespace AccessExternalEvaluationRule {
467 export interface ExternalEvaluation {
468 /**
469 * The API endpoint containing your business logic.
470 */
471 evaluate_url: string;
472
473 /**
474 * The API endpoint containing the key that Access uses to verify that the response
475 * came from your API.
476 */
477 keys_url: string;
478 }
479 }
480
481 /**
482 * Matches a specific country
483 */
484 export interface AccessCountryRule {
485 geo: AccessCountryRule.Geo;
486 }
487
488 export namespace AccessCountryRule {
489 export interface Geo {
490 /**
491 * The country code that should be matched.
492 */
493 country_code: string;
494 }
495 }
496
497 /**
498 * Enforce different MFA options
499 */
500 export interface AccessAuthenticationMethodRule {
501 auth_method: AccessAuthenticationMethodRule.AuthMethod;
502 }
503
504 export namespace AccessAuthenticationMethodRule {
505 export interface AuthMethod {
506 /**
507 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
508 */
509 auth_method: string;
510 }
511 }
512
513 /**
514 * Enforces a device posture rule has run successfully
515 */
516 export interface AccessDevicePostureRule {
517 device_posture: AccessDevicePostureRule.DevicePosture;
518 }
519
520 export namespace AccessDevicePostureRule {
521 export interface DevicePosture {
522 /**
523 * The ID of a device posture integration.
524 */
525 integration_uid: string;
526 }
527 }
528
529 /**
530 * Matches a specific email.
531 */
532 export interface AccessEmailRule {
533 email: AccessEmailRule.Email;
534 }
535
536 export namespace AccessEmailRule {
537 export interface Email {
538 /**
539 * The email of the user.
540 */
541 email: string;
542 }
543 }
544
545 /**
546 * Matches an email address from a list.
547 */
548 export interface AccessEmailListRule {
549 email_list: AccessEmailListRule.EmailList;
550 }
551
552 export namespace AccessEmailListRule {
553 export interface EmailList {
554 /**
555 * The ID of a previously created email list.
556 */
557 id: string;
558 }
559 }
560
561 /**
562 * Match an entire email domain.
563 */
564 export interface AccessDomainRule {
565 email_domain: AccessDomainRule.EmailDomain;
566 }
567
568 export namespace AccessDomainRule {
569 export interface EmailDomain {
570 /**
571 * The email domain to match.
572 */
573 domain: string;
574 }
575 }
576
577 /**
578 * Matches everyone.
579 */
580 export interface AccessEveryoneRule {
581 /**
582 * An empty object which matches on all users.
583 */
584 everyone: unknown;
585 }
586
587 /**
588 * Matches an IP address block.
589 */
590 export interface AccessIPRule {
591 ip: AccessIPRule.IP;
592 }
593
594 export namespace AccessIPRule {
595 export interface IP {
596 /**
597 * An IPv4 or IPv6 CIDR block.
598 */
599 ip: string;
600 }
601 }
602
603 /**
604 * Matches an IP address from a list.
605 */
606 export interface AccessIPListRule {
607 ip_list: AccessIPListRule.IPList;
608 }
609
610 export namespace AccessIPListRule {
611 export interface IPList {
612 /**
613 * The ID of a previously created IP list.
614 */
615 id: string;
616 }
617 }
618
619 /**
620 * Matches any valid client certificate.
621 */
622 export interface AccessCertificateRule {
623 certificate: unknown;
624 }
625
626 /**
627 * Matches an Access group.
628 */
629 export interface AccessAccessGroupRule {
630 group: AccessAccessGroupRule.Group;
631 }
632
633 export namespace AccessAccessGroupRule {
634 export interface Group {
635 /**
636 * The ID of a previously created Access group.
637 */
638 id: string;
639 }
640 }
641
642 /**
643 * Matches an Azure group. Requires an Azure identity provider.
644 */
645 export interface AccessAzureGroupRule {
646 azureAD: AccessAzureGroupRule.AzureAd;
647 }
648
649 export namespace AccessAzureGroupRule {
650 export interface AzureAd {
651 /**
652 * The ID of an Azure group.
653 */
654 id: string;
655
656 /**
657 * The ID of your Azure identity provider.
658 */
659 connection_id: string;
660 }
661 }
662
663 /**
664 * Matches a Github organization. Requires a Github identity provider.
665 */
666 export interface AccessGitHubOrganizationRule {
667 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
668 }
669
670 export namespace AccessGitHubOrganizationRule {
671 export interface GitHubOrganization {
672 /**
673 * The ID of your Github identity provider.
674 */
675 connection_id: string;
676
677 /**
678 * The name of the organization.
679 */
680 name: string;
681 }
682 }
683
684 /**
685 * Matches a group in Google Workspace. Requires a Google Workspace identity
686 * provider.
687 */
688 export interface AccessGsuiteGroupRule {
689 gsuite: AccessGsuiteGroupRule.Gsuite;
690 }
691
692 export namespace AccessGsuiteGroupRule {
693 export interface Gsuite {
694 /**
695 * The ID of your Google Workspace identity provider.
696 */
697 connection_id: string;
698
699 /**
700 * The email of the Google Workspace group.
701 */
702 email: string;
703 }
704 }
705
706 /**
707 * Matches an Okta group. Requires an Okta identity provider.
708 */
709 export interface AccessOktaGroupRule {
710 okta: AccessOktaGroupRule.Okta;
711 }
712
713 export namespace AccessOktaGroupRule {
714 export interface Okta {
715 /**
716 * The ID of your Okta identity provider.
717 */
718 connection_id: string;
719
720 /**
721 * The email of the Okta group.
722 */
723 email: string;
724 }
725 }
726
727 /**
728 * Matches a SAML group. Requires a SAML identity provider.
729 */
730 export interface AccessSamlGroupRule {
731 saml: AccessSamlGroupRule.Saml;
732 }
733
734 export namespace AccessSamlGroupRule {
735 export interface Saml {
736 /**
737 * The name of the SAML attribute.
738 */
739 attribute_name: string;
740
741 /**
742 * The SAML attribute value to look for.
743 */
744 attribute_value: string;
745 }
746 }
747
748 /**
749 * Matches a specific Access Service Token
750 */
751 export interface AccessServiceTokenRule {
752 service_token: AccessServiceTokenRule.ServiceToken;
753 }
754
755 export namespace AccessServiceTokenRule {
756 export interface ServiceToken {
757 /**
758 * The ID of a Service Token.
759 */
760 token_id: string;
761 }
762 }
763
764 /**
765 * Matches any valid Access Service Token
766 */
767 export interface AccessAnyValidServiceTokenRule {
768 /**
769 * An empty object which matches on all service tokens.
770 */
771 any_valid_service_token: unknown;
772 }
773
774 /**
775 * Create Allow or Block policies which evaluate the user based on custom criteria.
776 */
777 export interface AccessExternalEvaluationRule {
778 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
779 }
780
781 export namespace AccessExternalEvaluationRule {
782 export interface ExternalEvaluation {
783 /**
784 * The API endpoint containing your business logic.
785 */
786 evaluate_url: string;
787
788 /**
789 * The API endpoint containing the key that Access uses to verify that the response
790 * came from your API.
791 */
792 keys_url: string;
793 }
794 }
795
796 /**
797 * Matches a specific country
798 */
799 export interface AccessCountryRule {
800 geo: AccessCountryRule.Geo;
801 }
802
803 export namespace AccessCountryRule {
804 export interface Geo {
805 /**
806 * The country code that should be matched.
807 */
808 country_code: string;
809 }
810 }
811
812 /**
813 * Enforce different MFA options
814 */
815 export interface AccessAuthenticationMethodRule {
816 auth_method: AccessAuthenticationMethodRule.AuthMethod;
817 }
818
819 export namespace AccessAuthenticationMethodRule {
820 export interface AuthMethod {
821 /**
822 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
823 */
824 auth_method: string;
825 }
826 }
827
828 /**
829 * Enforces a device posture rule has run successfully
830 */
831 export interface AccessDevicePostureRule {
832 device_posture: AccessDevicePostureRule.DevicePosture;
833 }
834
835 export namespace AccessDevicePostureRule {
836 export interface DevicePosture {
837 /**
838 * The ID of a device posture integration.
839 */
840 integration_uid: string;
841 }
842 }
843
844 /**
845 * Matches a specific email.
846 */
847 export interface AccessEmailRule {
848 email: AccessEmailRule.Email;
849 }
850
851 export namespace AccessEmailRule {
852 export interface Email {
853 /**
854 * The email of the user.
855 */
856 email: string;
857 }
858 }
859
860 /**
861 * Matches an email address from a list.
862 */
863 export interface AccessEmailListRule {
864 email_list: AccessEmailListRule.EmailList;
865 }
866
867 export namespace AccessEmailListRule {
868 export interface EmailList {
869 /**
870 * The ID of a previously created email list.
871 */
872 id: string;
873 }
874 }
875
876 /**
877 * Match an entire email domain.
878 */
879 export interface AccessDomainRule {
880 email_domain: AccessDomainRule.EmailDomain;
881 }
882
883 export namespace AccessDomainRule {
884 export interface EmailDomain {
885 /**
886 * The email domain to match.
887 */
888 domain: string;
889 }
890 }
891
892 /**
893 * Matches everyone.
894 */
895 export interface AccessEveryoneRule {
896 /**
897 * An empty object which matches on all users.
898 */
899 everyone: unknown;
900 }
901
902 /**
903 * Matches an IP address block.
904 */
905 export interface AccessIPRule {
906 ip: AccessIPRule.IP;
907 }
908
909 export namespace AccessIPRule {
910 export interface IP {
911 /**
912 * An IPv4 or IPv6 CIDR block.
913 */
914 ip: string;
915 }
916 }
917
918 /**
919 * Matches an IP address from a list.
920 */
921 export interface AccessIPListRule {
922 ip_list: AccessIPListRule.IPList;
923 }
924
925 export namespace AccessIPListRule {
926 export interface IPList {
927 /**
928 * The ID of a previously created IP list.
929 */
930 id: string;
931 }
932 }
933
934 /**
935 * Matches any valid client certificate.
936 */
937 export interface AccessCertificateRule {
938 certificate: unknown;
939 }
940
941 /**
942 * Matches an Access group.
943 */
944 export interface AccessAccessGroupRule {
945 group: AccessAccessGroupRule.Group;
946 }
947
948 export namespace AccessAccessGroupRule {
949 export interface Group {
950 /**
951 * The ID of a previously created Access group.
952 */
953 id: string;
954 }
955 }
956
957 /**
958 * Matches an Azure group. Requires an Azure identity provider.
959 */
960 export interface AccessAzureGroupRule {
961 azureAD: AccessAzureGroupRule.AzureAd;
962 }
963
964 export namespace AccessAzureGroupRule {
965 export interface AzureAd {
966 /**
967 * The ID of an Azure group.
968 */
969 id: string;
970
971 /**
972 * The ID of your Azure identity provider.
973 */
974 connection_id: string;
975 }
976 }
977
978 /**
979 * Matches a Github organization. Requires a Github identity provider.
980 */
981 export interface AccessGitHubOrganizationRule {
982 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
983 }
984
985 export namespace AccessGitHubOrganizationRule {
986 export interface GitHubOrganization {
987 /**
988 * The ID of your Github identity provider.
989 */
990 connection_id: string;
991
992 /**
993 * The name of the organization.
994 */
995 name: string;
996 }
997 }
998
999 /**
1000 * Matches a group in Google Workspace. Requires a Google Workspace identity
1001 * provider.
1002 */
1003 export interface AccessGsuiteGroupRule {
1004 gsuite: AccessGsuiteGroupRule.Gsuite;
1005 }
1006
1007 export namespace AccessGsuiteGroupRule {
1008 export interface Gsuite {
1009 /**
1010 * The ID of your Google Workspace identity provider.
1011 */
1012 connection_id: string;
1013
1014 /**
1015 * The email of the Google Workspace group.
1016 */
1017 email: string;
1018 }
1019 }
1020
1021 /**
1022 * Matches an Okta group. Requires an Okta identity provider.
1023 */
1024 export interface AccessOktaGroupRule {
1025 okta: AccessOktaGroupRule.Okta;
1026 }
1027
1028 export namespace AccessOktaGroupRule {
1029 export interface Okta {
1030 /**
1031 * The ID of your Okta identity provider.
1032 */
1033 connection_id: string;
1034
1035 /**
1036 * The email of the Okta group.
1037 */
1038 email: string;
1039 }
1040 }
1041
1042 /**
1043 * Matches a SAML group. Requires a SAML identity provider.
1044 */
1045 export interface AccessSamlGroupRule {
1046 saml: AccessSamlGroupRule.Saml;
1047 }
1048
1049 export namespace AccessSamlGroupRule {
1050 export interface Saml {
1051 /**
1052 * The name of the SAML attribute.
1053 */
1054 attribute_name: string;
1055
1056 /**
1057 * The SAML attribute value to look for.
1058 */
1059 attribute_value: string;
1060 }
1061 }
1062
1063 /**
1064 * Matches a specific Access Service Token
1065 */
1066 export interface AccessServiceTokenRule {
1067 service_token: AccessServiceTokenRule.ServiceToken;
1068 }
1069
1070 export namespace AccessServiceTokenRule {
1071 export interface ServiceToken {
1072 /**
1073 * The ID of a Service Token.
1074 */
1075 token_id: string;
1076 }
1077 }
1078
1079 /**
1080 * Matches any valid Access Service Token
1081 */
1082 export interface AccessAnyValidServiceTokenRule {
1083 /**
1084 * An empty object which matches on all service tokens.
1085 */
1086 any_valid_service_token: unknown;
1087 }
1088
1089 /**
1090 * Create Allow or Block policies which evaluate the user based on custom criteria.
1091 */
1092 export interface AccessExternalEvaluationRule {
1093 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
1094 }
1095
1096 export namespace AccessExternalEvaluationRule {
1097 export interface ExternalEvaluation {
1098 /**
1099 * The API endpoint containing your business logic.
1100 */
1101 evaluate_url: string;
1102
1103 /**
1104 * The API endpoint containing the key that Access uses to verify that the response
1105 * came from your API.
1106 */
1107 keys_url: string;
1108 }
1109 }
1110
1111 /**
1112 * Matches a specific country
1113 */
1114 export interface AccessCountryRule {
1115 geo: AccessCountryRule.Geo;
1116 }
1117
1118 export namespace AccessCountryRule {
1119 export interface Geo {
1120 /**
1121 * The country code that should be matched.
1122 */
1123 country_code: string;
1124 }
1125 }
1126
1127 /**
1128 * Enforce different MFA options
1129 */
1130 export interface AccessAuthenticationMethodRule {
1131 auth_method: AccessAuthenticationMethodRule.AuthMethod;
1132 }
1133
1134 export namespace AccessAuthenticationMethodRule {
1135 export interface AuthMethod {
1136 /**
1137 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
1138 */
1139 auth_method: string;
1140 }
1141 }
1142
1143 /**
1144 * Enforces a device posture rule has run successfully
1145 */
1146 export interface AccessDevicePostureRule {
1147 device_posture: AccessDevicePostureRule.DevicePosture;
1148 }
1149
1150 export namespace AccessDevicePostureRule {
1151 export interface DevicePosture {
1152 /**
1153 * The ID of a device posture integration.
1154 */
1155 integration_uid: string;
1156 }
1157 }
1158
1159 /**
1160 * Matches a specific email.
1161 */
1162 export interface AccessEmailRule {
1163 email: AccessEmailRule.Email;
1164 }
1165
1166 export namespace AccessEmailRule {
1167 export interface Email {
1168 /**
1169 * The email of the user.
1170 */
1171 email: string;
1172 }
1173 }
1174
1175 /**
1176 * Matches an email address from a list.
1177 */
1178 export interface AccessEmailListRule {
1179 email_list: AccessEmailListRule.EmailList;
1180 }
1181
1182 export namespace AccessEmailListRule {
1183 export interface EmailList {
1184 /**
1185 * The ID of a previously created email list.
1186 */
1187 id: string;
1188 }
1189 }
1190
1191 /**
1192 * Match an entire email domain.
1193 */
1194 export interface AccessDomainRule {
1195 email_domain: AccessDomainRule.EmailDomain;
1196 }
1197
1198 export namespace AccessDomainRule {
1199 export interface EmailDomain {
1200 /**
1201 * The email domain to match.
1202 */
1203 domain: string;
1204 }
1205 }
1206
1207 /**
1208 * Matches everyone.
1209 */
1210 export interface AccessEveryoneRule {
1211 /**
1212 * An empty object which matches on all users.
1213 */
1214 everyone: unknown;
1215 }
1216
1217 /**
1218 * Matches an IP address block.
1219 */
1220 export interface AccessIPRule {
1221 ip: AccessIPRule.IP;
1222 }
1223
1224 export namespace AccessIPRule {
1225 export interface IP {
1226 /**
1227 * An IPv4 or IPv6 CIDR block.
1228 */
1229 ip: string;
1230 }
1231 }
1232
1233 /**
1234 * Matches an IP address from a list.
1235 */
1236 export interface AccessIPListRule {
1237 ip_list: AccessIPListRule.IPList;
1238 }
1239
1240 export namespace AccessIPListRule {
1241 export interface IPList {
1242 /**
1243 * The ID of a previously created IP list.
1244 */
1245 id: string;
1246 }
1247 }
1248
1249 /**
1250 * Matches any valid client certificate.
1251 */
1252 export interface AccessCertificateRule {
1253 certificate: unknown;
1254 }
1255
1256 /**
1257 * Matches an Access group.
1258 */
1259 export interface AccessAccessGroupRule {
1260 group: AccessAccessGroupRule.Group;
1261 }
1262
1263 export namespace AccessAccessGroupRule {
1264 export interface Group {
1265 /**
1266 * The ID of a previously created Access group.
1267 */
1268 id: string;
1269 }
1270 }
1271
1272 /**
1273 * Matches an Azure group. Requires an Azure identity provider.
1274 */
1275 export interface AccessAzureGroupRule {
1276 azureAD: AccessAzureGroupRule.AzureAd;
1277 }
1278
1279 export namespace AccessAzureGroupRule {
1280 export interface AzureAd {
1281 /**
1282 * The ID of an Azure group.
1283 */
1284 id: string;
1285
1286 /**
1287 * The ID of your Azure identity provider.
1288 */
1289 connection_id: string;
1290 }
1291 }
1292
1293 /**
1294 * Matches a Github organization. Requires a Github identity provider.
1295 */
1296 export interface AccessGitHubOrganizationRule {
1297 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
1298 }
1299
1300 export namespace AccessGitHubOrganizationRule {
1301 export interface GitHubOrganization {
1302 /**
1303 * The ID of your Github identity provider.
1304 */
1305 connection_id: string;
1306
1307 /**
1308 * The name of the organization.
1309 */
1310 name: string;
1311 }
1312 }
1313
1314 /**
1315 * Matches a group in Google Workspace. Requires a Google Workspace identity
1316 * provider.
1317 */
1318 export interface AccessGsuiteGroupRule {
1319 gsuite: AccessGsuiteGroupRule.Gsuite;
1320 }
1321
1322 export namespace AccessGsuiteGroupRule {
1323 export interface Gsuite {
1324 /**
1325 * The ID of your Google Workspace identity provider.
1326 */
1327 connection_id: string;
1328
1329 /**
1330 * The email of the Google Workspace group.
1331 */
1332 email: string;
1333 }
1334 }
1335
1336 /**
1337 * Matches an Okta group. Requires an Okta identity provider.
1338 */
1339 export interface AccessOktaGroupRule {
1340 okta: AccessOktaGroupRule.Okta;
1341 }
1342
1343 export namespace AccessOktaGroupRule {
1344 export interface Okta {
1345 /**
1346 * The ID of your Okta identity provider.
1347 */
1348 connection_id: string;
1349
1350 /**
1351 * The email of the Okta group.
1352 */
1353 email: string;
1354 }
1355 }
1356
1357 /**
1358 * Matches a SAML group. Requires a SAML identity provider.
1359 */
1360 export interface AccessSamlGroupRule {
1361 saml: AccessSamlGroupRule.Saml;
1362 }
1363
1364 export namespace AccessSamlGroupRule {
1365 export interface Saml {
1366 /**
1367 * The name of the SAML attribute.
1368 */
1369 attribute_name: string;
1370
1371 /**
1372 * The SAML attribute value to look for.
1373 */
1374 attribute_value: string;
1375 }
1376 }
1377
1378 /**
1379 * Matches a specific Access Service Token
1380 */
1381 export interface AccessServiceTokenRule {
1382 service_token: AccessServiceTokenRule.ServiceToken;
1383 }
1384
1385 export namespace AccessServiceTokenRule {
1386 export interface ServiceToken {
1387 /**
1388 * The ID of a Service Token.
1389 */
1390 token_id: string;
1391 }
1392 }
1393
1394 /**
1395 * Matches any valid Access Service Token
1396 */
1397 export interface AccessAnyValidServiceTokenRule {
1398 /**
1399 * An empty object which matches on all service tokens.
1400 */
1401 any_valid_service_token: unknown;
1402 }
1403
1404 /**
1405 * Create Allow or Block policies which evaluate the user based on custom criteria.
1406 */
1407 export interface AccessExternalEvaluationRule {
1408 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
1409 }
1410
1411 export namespace AccessExternalEvaluationRule {
1412 export interface ExternalEvaluation {
1413 /**
1414 * The API endpoint containing your business logic.
1415 */
1416 evaluate_url: string;
1417
1418 /**
1419 * The API endpoint containing the key that Access uses to verify that the response
1420 * came from your API.
1421 */
1422 keys_url: string;
1423 }
1424 }
1425
1426 /**
1427 * Matches a specific country
1428 */
1429 export interface AccessCountryRule {
1430 geo: AccessCountryRule.Geo;
1431 }
1432
1433 export namespace AccessCountryRule {
1434 export interface Geo {
1435 /**
1436 * The country code that should be matched.
1437 */
1438 country_code: string;
1439 }
1440 }
1441
1442 /**
1443 * Enforce different MFA options
1444 */
1445 export interface AccessAuthenticationMethodRule {
1446 auth_method: AccessAuthenticationMethodRule.AuthMethod;
1447 }
1448
1449 export namespace AccessAuthenticationMethodRule {
1450 export interface AuthMethod {
1451 /**
1452 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
1453 */
1454 auth_method: string;
1455 }
1456 }
1457
1458 /**
1459 * Enforces a device posture rule has run successfully
1460 */
1461 export interface AccessDevicePostureRule {
1462 device_posture: AccessDevicePostureRule.DevicePosture;
1463 }
1464
1465 export namespace AccessDevicePostureRule {
1466 export interface DevicePosture {
1467 /**
1468 * The ID of a device posture integration.
1469 */
1470 integration_uid: string;
1471 }
1472 }
1473}
1474
1475export interface GroupUpdateResponse {
1476 /**
1477 * UUID
1478 */
1479 id?: string;
1480
1481 created_at?: string;
1482
1483 /**
1484 * Rules evaluated with a NOT logical operator. To match a policy, a user cannot
1485 * meet any of the Exclude rules.
1486 */
1487 exclude?: Array<
1488 | GroupUpdateResponse.AccessEmailRule
1489 | GroupUpdateResponse.AccessEmailListRule
1490 | GroupUpdateResponse.AccessDomainRule
1491 | GroupUpdateResponse.AccessEveryoneRule
1492 | GroupUpdateResponse.AccessIPRule
1493 | GroupUpdateResponse.AccessIPListRule
1494 | GroupUpdateResponse.AccessCertificateRule
1495 | GroupUpdateResponse.AccessAccessGroupRule
1496 | GroupUpdateResponse.AccessAzureGroupRule
1497 | GroupUpdateResponse.AccessGitHubOrganizationRule
1498 | GroupUpdateResponse.AccessGsuiteGroupRule
1499 | GroupUpdateResponse.AccessOktaGroupRule
1500 | GroupUpdateResponse.AccessSamlGroupRule
1501 | GroupUpdateResponse.AccessServiceTokenRule
1502 | GroupUpdateResponse.AccessAnyValidServiceTokenRule
1503 | GroupUpdateResponse.AccessExternalEvaluationRule
1504 | GroupUpdateResponse.AccessCountryRule
1505 | GroupUpdateResponse.AccessAuthenticationMethodRule
1506 | GroupUpdateResponse.AccessDevicePostureRule
1507 >;
1508
1509 /**
1510 * Rules evaluated with an OR logical operator. A user needs to meet only one of
1511 * the Include rules.
1512 */
1513 include?: Array<
1514 | GroupUpdateResponse.AccessEmailRule
1515 | GroupUpdateResponse.AccessEmailListRule
1516 | GroupUpdateResponse.AccessDomainRule
1517 | GroupUpdateResponse.AccessEveryoneRule
1518 | GroupUpdateResponse.AccessIPRule
1519 | GroupUpdateResponse.AccessIPListRule
1520 | GroupUpdateResponse.AccessCertificateRule
1521 | GroupUpdateResponse.AccessAccessGroupRule
1522 | GroupUpdateResponse.AccessAzureGroupRule
1523 | GroupUpdateResponse.AccessGitHubOrganizationRule
1524 | GroupUpdateResponse.AccessGsuiteGroupRule
1525 | GroupUpdateResponse.AccessOktaGroupRule
1526 | GroupUpdateResponse.AccessSamlGroupRule
1527 | GroupUpdateResponse.AccessServiceTokenRule
1528 | GroupUpdateResponse.AccessAnyValidServiceTokenRule
1529 | GroupUpdateResponse.AccessExternalEvaluationRule
1530 | GroupUpdateResponse.AccessCountryRule
1531 | GroupUpdateResponse.AccessAuthenticationMethodRule
1532 | GroupUpdateResponse.AccessDevicePostureRule
1533 >;
1534
1535 /**
1536 * Rules evaluated with an AND logical operator. To match a policy, a user must
1537 * meet all of the Require rules.
1538 */
1539 is_default?: Array<
1540 | GroupUpdateResponse.AccessEmailRule
1541 | GroupUpdateResponse.AccessEmailListRule
1542 | GroupUpdateResponse.AccessDomainRule
1543 | GroupUpdateResponse.AccessEveryoneRule
1544 | GroupUpdateResponse.AccessIPRule
1545 | GroupUpdateResponse.AccessIPListRule
1546 | GroupUpdateResponse.AccessCertificateRule
1547 | GroupUpdateResponse.AccessAccessGroupRule
1548 | GroupUpdateResponse.AccessAzureGroupRule
1549 | GroupUpdateResponse.AccessGitHubOrganizationRule
1550 | GroupUpdateResponse.AccessGsuiteGroupRule
1551 | GroupUpdateResponse.AccessOktaGroupRule
1552 | GroupUpdateResponse.AccessSamlGroupRule
1553 | GroupUpdateResponse.AccessServiceTokenRule
1554 | GroupUpdateResponse.AccessAnyValidServiceTokenRule
1555 | GroupUpdateResponse.AccessExternalEvaluationRule
1556 | GroupUpdateResponse.AccessCountryRule
1557 | GroupUpdateResponse.AccessAuthenticationMethodRule
1558 | GroupUpdateResponse.AccessDevicePostureRule
1559 >;
1560
1561 /**
1562 * The name of the Access group.
1563 */
1564 name?: string;
1565
1566 /**
1567 * Rules evaluated with an AND logical operator. To match a policy, a user must
1568 * meet all of the Require rules.
1569 */
1570 require?: Array<
1571 | GroupUpdateResponse.AccessEmailRule
1572 | GroupUpdateResponse.AccessEmailListRule
1573 | GroupUpdateResponse.AccessDomainRule
1574 | GroupUpdateResponse.AccessEveryoneRule
1575 | GroupUpdateResponse.AccessIPRule
1576 | GroupUpdateResponse.AccessIPListRule
1577 | GroupUpdateResponse.AccessCertificateRule
1578 | GroupUpdateResponse.AccessAccessGroupRule
1579 | GroupUpdateResponse.AccessAzureGroupRule
1580 | GroupUpdateResponse.AccessGitHubOrganizationRule
1581 | GroupUpdateResponse.AccessGsuiteGroupRule
1582 | GroupUpdateResponse.AccessOktaGroupRule
1583 | GroupUpdateResponse.AccessSamlGroupRule
1584 | GroupUpdateResponse.AccessServiceTokenRule
1585 | GroupUpdateResponse.AccessAnyValidServiceTokenRule
1586 | GroupUpdateResponse.AccessExternalEvaluationRule
1587 | GroupUpdateResponse.AccessCountryRule
1588 | GroupUpdateResponse.AccessAuthenticationMethodRule
1589 | GroupUpdateResponse.AccessDevicePostureRule
1590 >;
1591
1592 updated_at?: string;
1593}
1594
1595export namespace GroupUpdateResponse {
1596 /**
1597 * Matches a specific email.
1598 */
1599 export interface AccessEmailRule {
1600 email: AccessEmailRule.Email;
1601 }
1602
1603 export namespace AccessEmailRule {
1604 export interface Email {
1605 /**
1606 * The email of the user.
1607 */
1608 email: string;
1609 }
1610 }
1611
1612 /**
1613 * Matches an email address from a list.
1614 */
1615 export interface AccessEmailListRule {
1616 email_list: AccessEmailListRule.EmailList;
1617 }
1618
1619 export namespace AccessEmailListRule {
1620 export interface EmailList {
1621 /**
1622 * The ID of a previously created email list.
1623 */
1624 id: string;
1625 }
1626 }
1627
1628 /**
1629 * Match an entire email domain.
1630 */
1631 export interface AccessDomainRule {
1632 email_domain: AccessDomainRule.EmailDomain;
1633 }
1634
1635 export namespace AccessDomainRule {
1636 export interface EmailDomain {
1637 /**
1638 * The email domain to match.
1639 */
1640 domain: string;
1641 }
1642 }
1643
1644 /**
1645 * Matches everyone.
1646 */
1647 export interface AccessEveryoneRule {
1648 /**
1649 * An empty object which matches on all users.
1650 */
1651 everyone: unknown;
1652 }
1653
1654 /**
1655 * Matches an IP address block.
1656 */
1657 export interface AccessIPRule {
1658 ip: AccessIPRule.IP;
1659 }
1660
1661 export namespace AccessIPRule {
1662 export interface IP {
1663 /**
1664 * An IPv4 or IPv6 CIDR block.
1665 */
1666 ip: string;
1667 }
1668 }
1669
1670 /**
1671 * Matches an IP address from a list.
1672 */
1673 export interface AccessIPListRule {
1674 ip_list: AccessIPListRule.IPList;
1675 }
1676
1677 export namespace AccessIPListRule {
1678 export interface IPList {
1679 /**
1680 * The ID of a previously created IP list.
1681 */
1682 id: string;
1683 }
1684 }
1685
1686 /**
1687 * Matches any valid client certificate.
1688 */
1689 export interface AccessCertificateRule {
1690 certificate: unknown;
1691 }
1692
1693 /**
1694 * Matches an Access group.
1695 */
1696 export interface AccessAccessGroupRule {
1697 group: AccessAccessGroupRule.Group;
1698 }
1699
1700 export namespace AccessAccessGroupRule {
1701 export interface Group {
1702 /**
1703 * The ID of a previously created Access group.
1704 */
1705 id: string;
1706 }
1707 }
1708
1709 /**
1710 * Matches an Azure group. Requires an Azure identity provider.
1711 */
1712 export interface AccessAzureGroupRule {
1713 azureAD: AccessAzureGroupRule.AzureAd;
1714 }
1715
1716 export namespace AccessAzureGroupRule {
1717 export interface AzureAd {
1718 /**
1719 * The ID of an Azure group.
1720 */
1721 id: string;
1722
1723 /**
1724 * The ID of your Azure identity provider.
1725 */
1726 connection_id: string;
1727 }
1728 }
1729
1730 /**
1731 * Matches a Github organization. Requires a Github identity provider.
1732 */
1733 export interface AccessGitHubOrganizationRule {
1734 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
1735 }
1736
1737 export namespace AccessGitHubOrganizationRule {
1738 export interface GitHubOrganization {
1739 /**
1740 * The ID of your Github identity provider.
1741 */
1742 connection_id: string;
1743
1744 /**
1745 * The name of the organization.
1746 */
1747 name: string;
1748 }
1749 }
1750
1751 /**
1752 * Matches a group in Google Workspace. Requires a Google Workspace identity
1753 * provider.
1754 */
1755 export interface AccessGsuiteGroupRule {
1756 gsuite: AccessGsuiteGroupRule.Gsuite;
1757 }
1758
1759 export namespace AccessGsuiteGroupRule {
1760 export interface Gsuite {
1761 /**
1762 * The ID of your Google Workspace identity provider.
1763 */
1764 connection_id: string;
1765
1766 /**
1767 * The email of the Google Workspace group.
1768 */
1769 email: string;
1770 }
1771 }
1772
1773 /**
1774 * Matches an Okta group. Requires an Okta identity provider.
1775 */
1776 export interface AccessOktaGroupRule {
1777 okta: AccessOktaGroupRule.Okta;
1778 }
1779
1780 export namespace AccessOktaGroupRule {
1781 export interface Okta {
1782 /**
1783 * The ID of your Okta identity provider.
1784 */
1785 connection_id: string;
1786
1787 /**
1788 * The email of the Okta group.
1789 */
1790 email: string;
1791 }
1792 }
1793
1794 /**
1795 * Matches a SAML group. Requires a SAML identity provider.
1796 */
1797 export interface AccessSamlGroupRule {
1798 saml: AccessSamlGroupRule.Saml;
1799 }
1800
1801 export namespace AccessSamlGroupRule {
1802 export interface Saml {
1803 /**
1804 * The name of the SAML attribute.
1805 */
1806 attribute_name: string;
1807
1808 /**
1809 * The SAML attribute value to look for.
1810 */
1811 attribute_value: string;
1812 }
1813 }
1814
1815 /**
1816 * Matches a specific Access Service Token
1817 */
1818 export interface AccessServiceTokenRule {
1819 service_token: AccessServiceTokenRule.ServiceToken;
1820 }
1821
1822 export namespace AccessServiceTokenRule {
1823 export interface ServiceToken {
1824 /**
1825 * The ID of a Service Token.
1826 */
1827 token_id: string;
1828 }
1829 }
1830
1831 /**
1832 * Matches any valid Access Service Token
1833 */
1834 export interface AccessAnyValidServiceTokenRule {
1835 /**
1836 * An empty object which matches on all service tokens.
1837 */
1838 any_valid_service_token: unknown;
1839 }
1840
1841 /**
1842 * Create Allow or Block policies which evaluate the user based on custom criteria.
1843 */
1844 export interface AccessExternalEvaluationRule {
1845 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
1846 }
1847
1848 export namespace AccessExternalEvaluationRule {
1849 export interface ExternalEvaluation {
1850 /**
1851 * The API endpoint containing your business logic.
1852 */
1853 evaluate_url: string;
1854
1855 /**
1856 * The API endpoint containing the key that Access uses to verify that the response
1857 * came from your API.
1858 */
1859 keys_url: string;
1860 }
1861 }
1862
1863 /**
1864 * Matches a specific country
1865 */
1866 export interface AccessCountryRule {
1867 geo: AccessCountryRule.Geo;
1868 }
1869
1870 export namespace AccessCountryRule {
1871 export interface Geo {
1872 /**
1873 * The country code that should be matched.
1874 */
1875 country_code: string;
1876 }
1877 }
1878
1879 /**
1880 * Enforce different MFA options
1881 */
1882 export interface AccessAuthenticationMethodRule {
1883 auth_method: AccessAuthenticationMethodRule.AuthMethod;
1884 }
1885
1886 export namespace AccessAuthenticationMethodRule {
1887 export interface AuthMethod {
1888 /**
1889 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
1890 */
1891 auth_method: string;
1892 }
1893 }
1894
1895 /**
1896 * Enforces a device posture rule has run successfully
1897 */
1898 export interface AccessDevicePostureRule {
1899 device_posture: AccessDevicePostureRule.DevicePosture;
1900 }
1901
1902 export namespace AccessDevicePostureRule {
1903 export interface DevicePosture {
1904 /**
1905 * The ID of a device posture integration.
1906 */
1907 integration_uid: string;
1908 }
1909 }
1910
1911 /**
1912 * Matches a specific email.
1913 */
1914 export interface AccessEmailRule {
1915 email: AccessEmailRule.Email;
1916 }
1917
1918 export namespace AccessEmailRule {
1919 export interface Email {
1920 /**
1921 * The email of the user.
1922 */
1923 email: string;
1924 }
1925 }
1926
1927 /**
1928 * Matches an email address from a list.
1929 */
1930 export interface AccessEmailListRule {
1931 email_list: AccessEmailListRule.EmailList;
1932 }
1933
1934 export namespace AccessEmailListRule {
1935 export interface EmailList {
1936 /**
1937 * The ID of a previously created email list.
1938 */
1939 id: string;
1940 }
1941 }
1942
1943 /**
1944 * Match an entire email domain.
1945 */
1946 export interface AccessDomainRule {
1947 email_domain: AccessDomainRule.EmailDomain;
1948 }
1949
1950 export namespace AccessDomainRule {
1951 export interface EmailDomain {
1952 /**
1953 * The email domain to match.
1954 */
1955 domain: string;
1956 }
1957 }
1958
1959 /**
1960 * Matches everyone.
1961 */
1962 export interface AccessEveryoneRule {
1963 /**
1964 * An empty object which matches on all users.
1965 */
1966 everyone: unknown;
1967 }
1968
1969 /**
1970 * Matches an IP address block.
1971 */
1972 export interface AccessIPRule {
1973 ip: AccessIPRule.IP;
1974 }
1975
1976 export namespace AccessIPRule {
1977 export interface IP {
1978 /**
1979 * An IPv4 or IPv6 CIDR block.
1980 */
1981 ip: string;
1982 }
1983 }
1984
1985 /**
1986 * Matches an IP address from a list.
1987 */
1988 export interface AccessIPListRule {
1989 ip_list: AccessIPListRule.IPList;
1990 }
1991
1992 export namespace AccessIPListRule {
1993 export interface IPList {
1994 /**
1995 * The ID of a previously created IP list.
1996 */
1997 id: string;
1998 }
1999 }
2000
2001 /**
2002 * Matches any valid client certificate.
2003 */
2004 export interface AccessCertificateRule {
2005 certificate: unknown;
2006 }
2007
2008 /**
2009 * Matches an Access group.
2010 */
2011 export interface AccessAccessGroupRule {
2012 group: AccessAccessGroupRule.Group;
2013 }
2014
2015 export namespace AccessAccessGroupRule {
2016 export interface Group {
2017 /**
2018 * The ID of a previously created Access group.
2019 */
2020 id: string;
2021 }
2022 }
2023
2024 /**
2025 * Matches an Azure group. Requires an Azure identity provider.
2026 */
2027 export interface AccessAzureGroupRule {
2028 azureAD: AccessAzureGroupRule.AzureAd;
2029 }
2030
2031 export namespace AccessAzureGroupRule {
2032 export interface AzureAd {
2033 /**
2034 * The ID of an Azure group.
2035 */
2036 id: string;
2037
2038 /**
2039 * The ID of your Azure identity provider.
2040 */
2041 connection_id: string;
2042 }
2043 }
2044
2045 /**
2046 * Matches a Github organization. Requires a Github identity provider.
2047 */
2048 export interface AccessGitHubOrganizationRule {
2049 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
2050 }
2051
2052 export namespace AccessGitHubOrganizationRule {
2053 export interface GitHubOrganization {
2054 /**
2055 * The ID of your Github identity provider.
2056 */
2057 connection_id: string;
2058
2059 /**
2060 * The name of the organization.
2061 */
2062 name: string;
2063 }
2064 }
2065
2066 /**
2067 * Matches a group in Google Workspace. Requires a Google Workspace identity
2068 * provider.
2069 */
2070 export interface AccessGsuiteGroupRule {
2071 gsuite: AccessGsuiteGroupRule.Gsuite;
2072 }
2073
2074 export namespace AccessGsuiteGroupRule {
2075 export interface Gsuite {
2076 /**
2077 * The ID of your Google Workspace identity provider.
2078 */
2079 connection_id: string;
2080
2081 /**
2082 * The email of the Google Workspace group.
2083 */
2084 email: string;
2085 }
2086 }
2087
2088 /**
2089 * Matches an Okta group. Requires an Okta identity provider.
2090 */
2091 export interface AccessOktaGroupRule {
2092 okta: AccessOktaGroupRule.Okta;
2093 }
2094
2095 export namespace AccessOktaGroupRule {
2096 export interface Okta {
2097 /**
2098 * The ID of your Okta identity provider.
2099 */
2100 connection_id: string;
2101
2102 /**
2103 * The email of the Okta group.
2104 */
2105 email: string;
2106 }
2107 }
2108
2109 /**
2110 * Matches a SAML group. Requires a SAML identity provider.
2111 */
2112 export interface AccessSamlGroupRule {
2113 saml: AccessSamlGroupRule.Saml;
2114 }
2115
2116 export namespace AccessSamlGroupRule {
2117 export interface Saml {
2118 /**
2119 * The name of the SAML attribute.
2120 */
2121 attribute_name: string;
2122
2123 /**
2124 * The SAML attribute value to look for.
2125 */
2126 attribute_value: string;
2127 }
2128 }
2129
2130 /**
2131 * Matches a specific Access Service Token
2132 */
2133 export interface AccessServiceTokenRule {
2134 service_token: AccessServiceTokenRule.ServiceToken;
2135 }
2136
2137 export namespace AccessServiceTokenRule {
2138 export interface ServiceToken {
2139 /**
2140 * The ID of a Service Token.
2141 */
2142 token_id: string;
2143 }
2144 }
2145
2146 /**
2147 * Matches any valid Access Service Token
2148 */
2149 export interface AccessAnyValidServiceTokenRule {
2150 /**
2151 * An empty object which matches on all service tokens.
2152 */
2153 any_valid_service_token: unknown;
2154 }
2155
2156 /**
2157 * Create Allow or Block policies which evaluate the user based on custom criteria.
2158 */
2159 export interface AccessExternalEvaluationRule {
2160 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
2161 }
2162
2163 export namespace AccessExternalEvaluationRule {
2164 export interface ExternalEvaluation {
2165 /**
2166 * The API endpoint containing your business logic.
2167 */
2168 evaluate_url: string;
2169
2170 /**
2171 * The API endpoint containing the key that Access uses to verify that the response
2172 * came from your API.
2173 */
2174 keys_url: string;
2175 }
2176 }
2177
2178 /**
2179 * Matches a specific country
2180 */
2181 export interface AccessCountryRule {
2182 geo: AccessCountryRule.Geo;
2183 }
2184
2185 export namespace AccessCountryRule {
2186 export interface Geo {
2187 /**
2188 * The country code that should be matched.
2189 */
2190 country_code: string;
2191 }
2192 }
2193
2194 /**
2195 * Enforce different MFA options
2196 */
2197 export interface AccessAuthenticationMethodRule {
2198 auth_method: AccessAuthenticationMethodRule.AuthMethod;
2199 }
2200
2201 export namespace AccessAuthenticationMethodRule {
2202 export interface AuthMethod {
2203 /**
2204 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
2205 */
2206 auth_method: string;
2207 }
2208 }
2209
2210 /**
2211 * Enforces a device posture rule has run successfully
2212 */
2213 export interface AccessDevicePostureRule {
2214 device_posture: AccessDevicePostureRule.DevicePosture;
2215 }
2216
2217 export namespace AccessDevicePostureRule {
2218 export interface DevicePosture {
2219 /**
2220 * The ID of a device posture integration.
2221 */
2222 integration_uid: string;
2223 }
2224 }
2225
2226 /**
2227 * Matches a specific email.
2228 */
2229 export interface AccessEmailRule {
2230 email: AccessEmailRule.Email;
2231 }
2232
2233 export namespace AccessEmailRule {
2234 export interface Email {
2235 /**
2236 * The email of the user.
2237 */
2238 email: string;
2239 }
2240 }
2241
2242 /**
2243 * Matches an email address from a list.
2244 */
2245 export interface AccessEmailListRule {
2246 email_list: AccessEmailListRule.EmailList;
2247 }
2248
2249 export namespace AccessEmailListRule {
2250 export interface EmailList {
2251 /**
2252 * The ID of a previously created email list.
2253 */
2254 id: string;
2255 }
2256 }
2257
2258 /**
2259 * Match an entire email domain.
2260 */
2261 export interface AccessDomainRule {
2262 email_domain: AccessDomainRule.EmailDomain;
2263 }
2264
2265 export namespace AccessDomainRule {
2266 export interface EmailDomain {
2267 /**
2268 * The email domain to match.
2269 */
2270 domain: string;
2271 }
2272 }
2273
2274 /**
2275 * Matches everyone.
2276 */
2277 export interface AccessEveryoneRule {
2278 /**
2279 * An empty object which matches on all users.
2280 */
2281 everyone: unknown;
2282 }
2283
2284 /**
2285 * Matches an IP address block.
2286 */
2287 export interface AccessIPRule {
2288 ip: AccessIPRule.IP;
2289 }
2290
2291 export namespace AccessIPRule {
2292 export interface IP {
2293 /**
2294 * An IPv4 or IPv6 CIDR block.
2295 */
2296 ip: string;
2297 }
2298 }
2299
2300 /**
2301 * Matches an IP address from a list.
2302 */
2303 export interface AccessIPListRule {
2304 ip_list: AccessIPListRule.IPList;
2305 }
2306
2307 export namespace AccessIPListRule {
2308 export interface IPList {
2309 /**
2310 * The ID of a previously created IP list.
2311 */
2312 id: string;
2313 }
2314 }
2315
2316 /**
2317 * Matches any valid client certificate.
2318 */
2319 export interface AccessCertificateRule {
2320 certificate: unknown;
2321 }
2322
2323 /**
2324 * Matches an Access group.
2325 */
2326 export interface AccessAccessGroupRule {
2327 group: AccessAccessGroupRule.Group;
2328 }
2329
2330 export namespace AccessAccessGroupRule {
2331 export interface Group {
2332 /**
2333 * The ID of a previously created Access group.
2334 */
2335 id: string;
2336 }
2337 }
2338
2339 /**
2340 * Matches an Azure group. Requires an Azure identity provider.
2341 */
2342 export interface AccessAzureGroupRule {
2343 azureAD: AccessAzureGroupRule.AzureAd;
2344 }
2345
2346 export namespace AccessAzureGroupRule {
2347 export interface AzureAd {
2348 /**
2349 * The ID of an Azure group.
2350 */
2351 id: string;
2352
2353 /**
2354 * The ID of your Azure identity provider.
2355 */
2356 connection_id: string;
2357 }
2358 }
2359
2360 /**
2361 * Matches a Github organization. Requires a Github identity provider.
2362 */
2363 export interface AccessGitHubOrganizationRule {
2364 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
2365 }
2366
2367 export namespace AccessGitHubOrganizationRule {
2368 export interface GitHubOrganization {
2369 /**
2370 * The ID of your Github identity provider.
2371 */
2372 connection_id: string;
2373
2374 /**
2375 * The name of the organization.
2376 */
2377 name: string;
2378 }
2379 }
2380
2381 /**
2382 * Matches a group in Google Workspace. Requires a Google Workspace identity
2383 * provider.
2384 */
2385 export interface AccessGsuiteGroupRule {
2386 gsuite: AccessGsuiteGroupRule.Gsuite;
2387 }
2388
2389 export namespace AccessGsuiteGroupRule {
2390 export interface Gsuite {
2391 /**
2392 * The ID of your Google Workspace identity provider.
2393 */
2394 connection_id: string;
2395
2396 /**
2397 * The email of the Google Workspace group.
2398 */
2399 email: string;
2400 }
2401 }
2402
2403 /**
2404 * Matches an Okta group. Requires an Okta identity provider.
2405 */
2406 export interface AccessOktaGroupRule {
2407 okta: AccessOktaGroupRule.Okta;
2408 }
2409
2410 export namespace AccessOktaGroupRule {
2411 export interface Okta {
2412 /**
2413 * The ID of your Okta identity provider.
2414 */
2415 connection_id: string;
2416
2417 /**
2418 * The email of the Okta group.
2419 */
2420 email: string;
2421 }
2422 }
2423
2424 /**
2425 * Matches a SAML group. Requires a SAML identity provider.
2426 */
2427 export interface AccessSamlGroupRule {
2428 saml: AccessSamlGroupRule.Saml;
2429 }
2430
2431 export namespace AccessSamlGroupRule {
2432 export interface Saml {
2433 /**
2434 * The name of the SAML attribute.
2435 */
2436 attribute_name: string;
2437
2438 /**
2439 * The SAML attribute value to look for.
2440 */
2441 attribute_value: string;
2442 }
2443 }
2444
2445 /**
2446 * Matches a specific Access Service Token
2447 */
2448 export interface AccessServiceTokenRule {
2449 service_token: AccessServiceTokenRule.ServiceToken;
2450 }
2451
2452 export namespace AccessServiceTokenRule {
2453 export interface ServiceToken {
2454 /**
2455 * The ID of a Service Token.
2456 */
2457 token_id: string;
2458 }
2459 }
2460
2461 /**
2462 * Matches any valid Access Service Token
2463 */
2464 export interface AccessAnyValidServiceTokenRule {
2465 /**
2466 * An empty object which matches on all service tokens.
2467 */
2468 any_valid_service_token: unknown;
2469 }
2470
2471 /**
2472 * Create Allow or Block policies which evaluate the user based on custom criteria.
2473 */
2474 export interface AccessExternalEvaluationRule {
2475 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
2476 }
2477
2478 export namespace AccessExternalEvaluationRule {
2479 export interface ExternalEvaluation {
2480 /**
2481 * The API endpoint containing your business logic.
2482 */
2483 evaluate_url: string;
2484
2485 /**
2486 * The API endpoint containing the key that Access uses to verify that the response
2487 * came from your API.
2488 */
2489 keys_url: string;
2490 }
2491 }
2492
2493 /**
2494 * Matches a specific country
2495 */
2496 export interface AccessCountryRule {
2497 geo: AccessCountryRule.Geo;
2498 }
2499
2500 export namespace AccessCountryRule {
2501 export interface Geo {
2502 /**
2503 * The country code that should be matched.
2504 */
2505 country_code: string;
2506 }
2507 }
2508
2509 /**
2510 * Enforce different MFA options
2511 */
2512 export interface AccessAuthenticationMethodRule {
2513 auth_method: AccessAuthenticationMethodRule.AuthMethod;
2514 }
2515
2516 export namespace AccessAuthenticationMethodRule {
2517 export interface AuthMethod {
2518 /**
2519 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
2520 */
2521 auth_method: string;
2522 }
2523 }
2524
2525 /**
2526 * Enforces a device posture rule has run successfully
2527 */
2528 export interface AccessDevicePostureRule {
2529 device_posture: AccessDevicePostureRule.DevicePosture;
2530 }
2531
2532 export namespace AccessDevicePostureRule {
2533 export interface DevicePosture {
2534 /**
2535 * The ID of a device posture integration.
2536 */
2537 integration_uid: string;
2538 }
2539 }
2540
2541 /**
2542 * Matches a specific email.
2543 */
2544 export interface AccessEmailRule {
2545 email: AccessEmailRule.Email;
2546 }
2547
2548 export namespace AccessEmailRule {
2549 export interface Email {
2550 /**
2551 * The email of the user.
2552 */
2553 email: string;
2554 }
2555 }
2556
2557 /**
2558 * Matches an email address from a list.
2559 */
2560 export interface AccessEmailListRule {
2561 email_list: AccessEmailListRule.EmailList;
2562 }
2563
2564 export namespace AccessEmailListRule {
2565 export interface EmailList {
2566 /**
2567 * The ID of a previously created email list.
2568 */
2569 id: string;
2570 }
2571 }
2572
2573 /**
2574 * Match an entire email domain.
2575 */
2576 export interface AccessDomainRule {
2577 email_domain: AccessDomainRule.EmailDomain;
2578 }
2579
2580 export namespace AccessDomainRule {
2581 export interface EmailDomain {
2582 /**
2583 * The email domain to match.
2584 */
2585 domain: string;
2586 }
2587 }
2588
2589 /**
2590 * Matches everyone.
2591 */
2592 export interface AccessEveryoneRule {
2593 /**
2594 * An empty object which matches on all users.
2595 */
2596 everyone: unknown;
2597 }
2598
2599 /**
2600 * Matches an IP address block.
2601 */
2602 export interface AccessIPRule {
2603 ip: AccessIPRule.IP;
2604 }
2605
2606 export namespace AccessIPRule {
2607 export interface IP {
2608 /**
2609 * An IPv4 or IPv6 CIDR block.
2610 */
2611 ip: string;
2612 }
2613 }
2614
2615 /**
2616 * Matches an IP address from a list.
2617 */
2618 export interface AccessIPListRule {
2619 ip_list: AccessIPListRule.IPList;
2620 }
2621
2622 export namespace AccessIPListRule {
2623 export interface IPList {
2624 /**
2625 * The ID of a previously created IP list.
2626 */
2627 id: string;
2628 }
2629 }
2630
2631 /**
2632 * Matches any valid client certificate.
2633 */
2634 export interface AccessCertificateRule {
2635 certificate: unknown;
2636 }
2637
2638 /**
2639 * Matches an Access group.
2640 */
2641 export interface AccessAccessGroupRule {
2642 group: AccessAccessGroupRule.Group;
2643 }
2644
2645 export namespace AccessAccessGroupRule {
2646 export interface Group {
2647 /**
2648 * The ID of a previously created Access group.
2649 */
2650 id: string;
2651 }
2652 }
2653
2654 /**
2655 * Matches an Azure group. Requires an Azure identity provider.
2656 */
2657 export interface AccessAzureGroupRule {
2658 azureAD: AccessAzureGroupRule.AzureAd;
2659 }
2660
2661 export namespace AccessAzureGroupRule {
2662 export interface AzureAd {
2663 /**
2664 * The ID of an Azure group.
2665 */
2666 id: string;
2667
2668 /**
2669 * The ID of your Azure identity provider.
2670 */
2671 connection_id: string;
2672 }
2673 }
2674
2675 /**
2676 * Matches a Github organization. Requires a Github identity provider.
2677 */
2678 export interface AccessGitHubOrganizationRule {
2679 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
2680 }
2681
2682 export namespace AccessGitHubOrganizationRule {
2683 export interface GitHubOrganization {
2684 /**
2685 * The ID of your Github identity provider.
2686 */
2687 connection_id: string;
2688
2689 /**
2690 * The name of the organization.
2691 */
2692 name: string;
2693 }
2694 }
2695
2696 /**
2697 * Matches a group in Google Workspace. Requires a Google Workspace identity
2698 * provider.
2699 */
2700 export interface AccessGsuiteGroupRule {
2701 gsuite: AccessGsuiteGroupRule.Gsuite;
2702 }
2703
2704 export namespace AccessGsuiteGroupRule {
2705 export interface Gsuite {
2706 /**
2707 * The ID of your Google Workspace identity provider.
2708 */
2709 connection_id: string;
2710
2711 /**
2712 * The email of the Google Workspace group.
2713 */
2714 email: string;
2715 }
2716 }
2717
2718 /**
2719 * Matches an Okta group. Requires an Okta identity provider.
2720 */
2721 export interface AccessOktaGroupRule {
2722 okta: AccessOktaGroupRule.Okta;
2723 }
2724
2725 export namespace AccessOktaGroupRule {
2726 export interface Okta {
2727 /**
2728 * The ID of your Okta identity provider.
2729 */
2730 connection_id: string;
2731
2732 /**
2733 * The email of the Okta group.
2734 */
2735 email: string;
2736 }
2737 }
2738
2739 /**
2740 * Matches a SAML group. Requires a SAML identity provider.
2741 */
2742 export interface AccessSamlGroupRule {
2743 saml: AccessSamlGroupRule.Saml;
2744 }
2745
2746 export namespace AccessSamlGroupRule {
2747 export interface Saml {
2748 /**
2749 * The name of the SAML attribute.
2750 */
2751 attribute_name: string;
2752
2753 /**
2754 * The SAML attribute value to look for.
2755 */
2756 attribute_value: string;
2757 }
2758 }
2759
2760 /**
2761 * Matches a specific Access Service Token
2762 */
2763 export interface AccessServiceTokenRule {
2764 service_token: AccessServiceTokenRule.ServiceToken;
2765 }
2766
2767 export namespace AccessServiceTokenRule {
2768 export interface ServiceToken {
2769 /**
2770 * The ID of a Service Token.
2771 */
2772 token_id: string;
2773 }
2774 }
2775
2776 /**
2777 * Matches any valid Access Service Token
2778 */
2779 export interface AccessAnyValidServiceTokenRule {
2780 /**
2781 * An empty object which matches on all service tokens.
2782 */
2783 any_valid_service_token: unknown;
2784 }
2785
2786 /**
2787 * Create Allow or Block policies which evaluate the user based on custom criteria.
2788 */
2789 export interface AccessExternalEvaluationRule {
2790 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
2791 }
2792
2793 export namespace AccessExternalEvaluationRule {
2794 export interface ExternalEvaluation {
2795 /**
2796 * The API endpoint containing your business logic.
2797 */
2798 evaluate_url: string;
2799
2800 /**
2801 * The API endpoint containing the key that Access uses to verify that the response
2802 * came from your API.
2803 */
2804 keys_url: string;
2805 }
2806 }
2807
2808 /**
2809 * Matches a specific country
2810 */
2811 export interface AccessCountryRule {
2812 geo: AccessCountryRule.Geo;
2813 }
2814
2815 export namespace AccessCountryRule {
2816 export interface Geo {
2817 /**
2818 * The country code that should be matched.
2819 */
2820 country_code: string;
2821 }
2822 }
2823
2824 /**
2825 * Enforce different MFA options
2826 */
2827 export interface AccessAuthenticationMethodRule {
2828 auth_method: AccessAuthenticationMethodRule.AuthMethod;
2829 }
2830
2831 export namespace AccessAuthenticationMethodRule {
2832 export interface AuthMethod {
2833 /**
2834 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
2835 */
2836 auth_method: string;
2837 }
2838 }
2839
2840 /**
2841 * Enforces a device posture rule has run successfully
2842 */
2843 export interface AccessDevicePostureRule {
2844 device_posture: AccessDevicePostureRule.DevicePosture;
2845 }
2846
2847 export namespace AccessDevicePostureRule {
2848 export interface DevicePosture {
2849 /**
2850 * The ID of a device posture integration.
2851 */
2852 integration_uid: string;
2853 }
2854 }
2855}
2856
2857export interface GroupDeleteResponse {
2858 /**
2859 * UUID
2860 */
2861 id?: string;
2862}
2863
2864export interface GroupAccessGroupsCreateAnAccessGroupResponse {
2865 /**
2866 * UUID
2867 */
2868 id?: string;
2869
2870 created_at?: string;
2871
2872 /**
2873 * Rules evaluated with a NOT logical operator. To match a policy, a user cannot
2874 * meet any of the Exclude rules.
2875 */
2876 exclude?: Array<
2877 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessEmailRule
2878 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessEmailListRule
2879 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessDomainRule
2880 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessEveryoneRule
2881 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessIPRule
2882 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessIPListRule
2883 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessCertificateRule
2884 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAccessGroupRule
2885 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAzureGroupRule
2886 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessGitHubOrganizationRule
2887 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessGsuiteGroupRule
2888 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessOktaGroupRule
2889 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessSamlGroupRule
2890 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessServiceTokenRule
2891 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAnyValidServiceTokenRule
2892 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessExternalEvaluationRule
2893 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessCountryRule
2894 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAuthenticationMethodRule
2895 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessDevicePostureRule
2896 >;
2897
2898 /**
2899 * Rules evaluated with an OR logical operator. A user needs to meet only one of
2900 * the Include rules.
2901 */
2902 include?: Array<
2903 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessEmailRule
2904 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessEmailListRule
2905 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessDomainRule
2906 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessEveryoneRule
2907 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessIPRule
2908 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessIPListRule
2909 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessCertificateRule
2910 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAccessGroupRule
2911 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAzureGroupRule
2912 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessGitHubOrganizationRule
2913 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessGsuiteGroupRule
2914 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessOktaGroupRule
2915 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessSamlGroupRule
2916 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessServiceTokenRule
2917 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAnyValidServiceTokenRule
2918 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessExternalEvaluationRule
2919 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessCountryRule
2920 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAuthenticationMethodRule
2921 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessDevicePostureRule
2922 >;
2923
2924 /**
2925 * Rules evaluated with an AND logical operator. To match a policy, a user must
2926 * meet all of the Require rules.
2927 */
2928 is_default?: Array<
2929 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessEmailRule
2930 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessEmailListRule
2931 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessDomainRule
2932 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessEveryoneRule
2933 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessIPRule
2934 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessIPListRule
2935 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessCertificateRule
2936 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAccessGroupRule
2937 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAzureGroupRule
2938 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessGitHubOrganizationRule
2939 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessGsuiteGroupRule
2940 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessOktaGroupRule
2941 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessSamlGroupRule
2942 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessServiceTokenRule
2943 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAnyValidServiceTokenRule
2944 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessExternalEvaluationRule
2945 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessCountryRule
2946 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAuthenticationMethodRule
2947 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessDevicePostureRule
2948 >;
2949
2950 /**
2951 * The name of the Access group.
2952 */
2953 name?: string;
2954
2955 /**
2956 * Rules evaluated with an AND logical operator. To match a policy, a user must
2957 * meet all of the Require rules.
2958 */
2959 require?: Array<
2960 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessEmailRule
2961 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessEmailListRule
2962 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessDomainRule
2963 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessEveryoneRule
2964 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessIPRule
2965 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessIPListRule
2966 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessCertificateRule
2967 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAccessGroupRule
2968 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAzureGroupRule
2969 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessGitHubOrganizationRule
2970 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessGsuiteGroupRule
2971 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessOktaGroupRule
2972 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessSamlGroupRule
2973 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessServiceTokenRule
2974 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAnyValidServiceTokenRule
2975 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessExternalEvaluationRule
2976 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessCountryRule
2977 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessAuthenticationMethodRule
2978 | GroupAccessGroupsCreateAnAccessGroupResponse.AccessDevicePostureRule
2979 >;
2980
2981 updated_at?: string;
2982}
2983
2984export namespace GroupAccessGroupsCreateAnAccessGroupResponse {
2985 /**
2986 * Matches a specific email.
2987 */
2988 export interface AccessEmailRule {
2989 email: AccessEmailRule.Email;
2990 }
2991
2992 export namespace AccessEmailRule {
2993 export interface Email {
2994 /**
2995 * The email of the user.
2996 */
2997 email: string;
2998 }
2999 }
3000
3001 /**
3002 * Matches an email address from a list.
3003 */
3004 export interface AccessEmailListRule {
3005 email_list: AccessEmailListRule.EmailList;
3006 }
3007
3008 export namespace AccessEmailListRule {
3009 export interface EmailList {
3010 /**
3011 * The ID of a previously created email list.
3012 */
3013 id: string;
3014 }
3015 }
3016
3017 /**
3018 * Match an entire email domain.
3019 */
3020 export interface AccessDomainRule {
3021 email_domain: AccessDomainRule.EmailDomain;
3022 }
3023
3024 export namespace AccessDomainRule {
3025 export interface EmailDomain {
3026 /**
3027 * The email domain to match.
3028 */
3029 domain: string;
3030 }
3031 }
3032
3033 /**
3034 * Matches everyone.
3035 */
3036 export interface AccessEveryoneRule {
3037 /**
3038 * An empty object which matches on all users.
3039 */
3040 everyone: unknown;
3041 }
3042
3043 /**
3044 * Matches an IP address block.
3045 */
3046 export interface AccessIPRule {
3047 ip: AccessIPRule.IP;
3048 }
3049
3050 export namespace AccessIPRule {
3051 export interface IP {
3052 /**
3053 * An IPv4 or IPv6 CIDR block.
3054 */
3055 ip: string;
3056 }
3057 }
3058
3059 /**
3060 * Matches an IP address from a list.
3061 */
3062 export interface AccessIPListRule {
3063 ip_list: AccessIPListRule.IPList;
3064 }
3065
3066 export namespace AccessIPListRule {
3067 export interface IPList {
3068 /**
3069 * The ID of a previously created IP list.
3070 */
3071 id: string;
3072 }
3073 }
3074
3075 /**
3076 * Matches any valid client certificate.
3077 */
3078 export interface AccessCertificateRule {
3079 certificate: unknown;
3080 }
3081
3082 /**
3083 * Matches an Access group.
3084 */
3085 export interface AccessAccessGroupRule {
3086 group: AccessAccessGroupRule.Group;
3087 }
3088
3089 export namespace AccessAccessGroupRule {
3090 export interface Group {
3091 /**
3092 * The ID of a previously created Access group.
3093 */
3094 id: string;
3095 }
3096 }
3097
3098 /**
3099 * Matches an Azure group. Requires an Azure identity provider.
3100 */
3101 export interface AccessAzureGroupRule {
3102 azureAD: AccessAzureGroupRule.AzureAd;
3103 }
3104
3105 export namespace AccessAzureGroupRule {
3106 export interface AzureAd {
3107 /**
3108 * The ID of an Azure group.
3109 */
3110 id: string;
3111
3112 /**
3113 * The ID of your Azure identity provider.
3114 */
3115 connection_id: string;
3116 }
3117 }
3118
3119 /**
3120 * Matches a Github organization. Requires a Github identity provider.
3121 */
3122 export interface AccessGitHubOrganizationRule {
3123 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
3124 }
3125
3126 export namespace AccessGitHubOrganizationRule {
3127 export interface GitHubOrganization {
3128 /**
3129 * The ID of your Github identity provider.
3130 */
3131 connection_id: string;
3132
3133 /**
3134 * The name of the organization.
3135 */
3136 name: string;
3137 }
3138 }
3139
3140 /**
3141 * Matches a group in Google Workspace. Requires a Google Workspace identity
3142 * provider.
3143 */
3144 export interface AccessGsuiteGroupRule {
3145 gsuite: AccessGsuiteGroupRule.Gsuite;
3146 }
3147
3148 export namespace AccessGsuiteGroupRule {
3149 export interface Gsuite {
3150 /**
3151 * The ID of your Google Workspace identity provider.
3152 */
3153 connection_id: string;
3154
3155 /**
3156 * The email of the Google Workspace group.
3157 */
3158 email: string;
3159 }
3160 }
3161
3162 /**
3163 * Matches an Okta group. Requires an Okta identity provider.
3164 */
3165 export interface AccessOktaGroupRule {
3166 okta: AccessOktaGroupRule.Okta;
3167 }
3168
3169 export namespace AccessOktaGroupRule {
3170 export interface Okta {
3171 /**
3172 * The ID of your Okta identity provider.
3173 */
3174 connection_id: string;
3175
3176 /**
3177 * The email of the Okta group.
3178 */
3179 email: string;
3180 }
3181 }
3182
3183 /**
3184 * Matches a SAML group. Requires a SAML identity provider.
3185 */
3186 export interface AccessSamlGroupRule {
3187 saml: AccessSamlGroupRule.Saml;
3188 }
3189
3190 export namespace AccessSamlGroupRule {
3191 export interface Saml {
3192 /**
3193 * The name of the SAML attribute.
3194 */
3195 attribute_name: string;
3196
3197 /**
3198 * The SAML attribute value to look for.
3199 */
3200 attribute_value: string;
3201 }
3202 }
3203
3204 /**
3205 * Matches a specific Access Service Token
3206 */
3207 export interface AccessServiceTokenRule {
3208 service_token: AccessServiceTokenRule.ServiceToken;
3209 }
3210
3211 export namespace AccessServiceTokenRule {
3212 export interface ServiceToken {
3213 /**
3214 * The ID of a Service Token.
3215 */
3216 token_id: string;
3217 }
3218 }
3219
3220 /**
3221 * Matches any valid Access Service Token
3222 */
3223 export interface AccessAnyValidServiceTokenRule {
3224 /**
3225 * An empty object which matches on all service tokens.
3226 */
3227 any_valid_service_token: unknown;
3228 }
3229
3230 /**
3231 * Create Allow or Block policies which evaluate the user based on custom criteria.
3232 */
3233 export interface AccessExternalEvaluationRule {
3234 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
3235 }
3236
3237 export namespace AccessExternalEvaluationRule {
3238 export interface ExternalEvaluation {
3239 /**
3240 * The API endpoint containing your business logic.
3241 */
3242 evaluate_url: string;
3243
3244 /**
3245 * The API endpoint containing the key that Access uses to verify that the response
3246 * came from your API.
3247 */
3248 keys_url: string;
3249 }
3250 }
3251
3252 /**
3253 * Matches a specific country
3254 */
3255 export interface AccessCountryRule {
3256 geo: AccessCountryRule.Geo;
3257 }
3258
3259 export namespace AccessCountryRule {
3260 export interface Geo {
3261 /**
3262 * The country code that should be matched.
3263 */
3264 country_code: string;
3265 }
3266 }
3267
3268 /**
3269 * Enforce different MFA options
3270 */
3271 export interface AccessAuthenticationMethodRule {
3272 auth_method: AccessAuthenticationMethodRule.AuthMethod;
3273 }
3274
3275 export namespace AccessAuthenticationMethodRule {
3276 export interface AuthMethod {
3277 /**
3278 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
3279 */
3280 auth_method: string;
3281 }
3282 }
3283
3284 /**
3285 * Enforces a device posture rule has run successfully
3286 */
3287 export interface AccessDevicePostureRule {
3288 device_posture: AccessDevicePostureRule.DevicePosture;
3289 }
3290
3291 export namespace AccessDevicePostureRule {
3292 export interface DevicePosture {
3293 /**
3294 * The ID of a device posture integration.
3295 */
3296 integration_uid: string;
3297 }
3298 }
3299
3300 /**
3301 * Matches a specific email.
3302 */
3303 export interface AccessEmailRule {
3304 email: AccessEmailRule.Email;
3305 }
3306
3307 export namespace AccessEmailRule {
3308 export interface Email {
3309 /**
3310 * The email of the user.
3311 */
3312 email: string;
3313 }
3314 }
3315
3316 /**
3317 * Matches an email address from a list.
3318 */
3319 export interface AccessEmailListRule {
3320 email_list: AccessEmailListRule.EmailList;
3321 }
3322
3323 export namespace AccessEmailListRule {
3324 export interface EmailList {
3325 /**
3326 * The ID of a previously created email list.
3327 */
3328 id: string;
3329 }
3330 }
3331
3332 /**
3333 * Match an entire email domain.
3334 */
3335 export interface AccessDomainRule {
3336 email_domain: AccessDomainRule.EmailDomain;
3337 }
3338
3339 export namespace AccessDomainRule {
3340 export interface EmailDomain {
3341 /**
3342 * The email domain to match.
3343 */
3344 domain: string;
3345 }
3346 }
3347
3348 /**
3349 * Matches everyone.
3350 */
3351 export interface AccessEveryoneRule {
3352 /**
3353 * An empty object which matches on all users.
3354 */
3355 everyone: unknown;
3356 }
3357
3358 /**
3359 * Matches an IP address block.
3360 */
3361 export interface AccessIPRule {
3362 ip: AccessIPRule.IP;
3363 }
3364
3365 export namespace AccessIPRule {
3366 export interface IP {
3367 /**
3368 * An IPv4 or IPv6 CIDR block.
3369 */
3370 ip: string;
3371 }
3372 }
3373
3374 /**
3375 * Matches an IP address from a list.
3376 */
3377 export interface AccessIPListRule {
3378 ip_list: AccessIPListRule.IPList;
3379 }
3380
3381 export namespace AccessIPListRule {
3382 export interface IPList {
3383 /**
3384 * The ID of a previously created IP list.
3385 */
3386 id: string;
3387 }
3388 }
3389
3390 /**
3391 * Matches any valid client certificate.
3392 */
3393 export interface AccessCertificateRule {
3394 certificate: unknown;
3395 }
3396
3397 /**
3398 * Matches an Access group.
3399 */
3400 export interface AccessAccessGroupRule {
3401 group: AccessAccessGroupRule.Group;
3402 }
3403
3404 export namespace AccessAccessGroupRule {
3405 export interface Group {
3406 /**
3407 * The ID of a previously created Access group.
3408 */
3409 id: string;
3410 }
3411 }
3412
3413 /**
3414 * Matches an Azure group. Requires an Azure identity provider.
3415 */
3416 export interface AccessAzureGroupRule {
3417 azureAD: AccessAzureGroupRule.AzureAd;
3418 }
3419
3420 export namespace AccessAzureGroupRule {
3421 export interface AzureAd {
3422 /**
3423 * The ID of an Azure group.
3424 */
3425 id: string;
3426
3427 /**
3428 * The ID of your Azure identity provider.
3429 */
3430 connection_id: string;
3431 }
3432 }
3433
3434 /**
3435 * Matches a Github organization. Requires a Github identity provider.
3436 */
3437 export interface AccessGitHubOrganizationRule {
3438 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
3439 }
3440
3441 export namespace AccessGitHubOrganizationRule {
3442 export interface GitHubOrganization {
3443 /**
3444 * The ID of your Github identity provider.
3445 */
3446 connection_id: string;
3447
3448 /**
3449 * The name of the organization.
3450 */
3451 name: string;
3452 }
3453 }
3454
3455 /**
3456 * Matches a group in Google Workspace. Requires a Google Workspace identity
3457 * provider.
3458 */
3459 export interface AccessGsuiteGroupRule {
3460 gsuite: AccessGsuiteGroupRule.Gsuite;
3461 }
3462
3463 export namespace AccessGsuiteGroupRule {
3464 export interface Gsuite {
3465 /**
3466 * The ID of your Google Workspace identity provider.
3467 */
3468 connection_id: string;
3469
3470 /**
3471 * The email of the Google Workspace group.
3472 */
3473 email: string;
3474 }
3475 }
3476
3477 /**
3478 * Matches an Okta group. Requires an Okta identity provider.
3479 */
3480 export interface AccessOktaGroupRule {
3481 okta: AccessOktaGroupRule.Okta;
3482 }
3483
3484 export namespace AccessOktaGroupRule {
3485 export interface Okta {
3486 /**
3487 * The ID of your Okta identity provider.
3488 */
3489 connection_id: string;
3490
3491 /**
3492 * The email of the Okta group.
3493 */
3494 email: string;
3495 }
3496 }
3497
3498 /**
3499 * Matches a SAML group. Requires a SAML identity provider.
3500 */
3501 export interface AccessSamlGroupRule {
3502 saml: AccessSamlGroupRule.Saml;
3503 }
3504
3505 export namespace AccessSamlGroupRule {
3506 export interface Saml {
3507 /**
3508 * The name of the SAML attribute.
3509 */
3510 attribute_name: string;
3511
3512 /**
3513 * The SAML attribute value to look for.
3514 */
3515 attribute_value: string;
3516 }
3517 }
3518
3519 /**
3520 * Matches a specific Access Service Token
3521 */
3522 export interface AccessServiceTokenRule {
3523 service_token: AccessServiceTokenRule.ServiceToken;
3524 }
3525
3526 export namespace AccessServiceTokenRule {
3527 export interface ServiceToken {
3528 /**
3529 * The ID of a Service Token.
3530 */
3531 token_id: string;
3532 }
3533 }
3534
3535 /**
3536 * Matches any valid Access Service Token
3537 */
3538 export interface AccessAnyValidServiceTokenRule {
3539 /**
3540 * An empty object which matches on all service tokens.
3541 */
3542 any_valid_service_token: unknown;
3543 }
3544
3545 /**
3546 * Create Allow or Block policies which evaluate the user based on custom criteria.
3547 */
3548 export interface AccessExternalEvaluationRule {
3549 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
3550 }
3551
3552 export namespace AccessExternalEvaluationRule {
3553 export interface ExternalEvaluation {
3554 /**
3555 * The API endpoint containing your business logic.
3556 */
3557 evaluate_url: string;
3558
3559 /**
3560 * The API endpoint containing the key that Access uses to verify that the response
3561 * came from your API.
3562 */
3563 keys_url: string;
3564 }
3565 }
3566
3567 /**
3568 * Matches a specific country
3569 */
3570 export interface AccessCountryRule {
3571 geo: AccessCountryRule.Geo;
3572 }
3573
3574 export namespace AccessCountryRule {
3575 export interface Geo {
3576 /**
3577 * The country code that should be matched.
3578 */
3579 country_code: string;
3580 }
3581 }
3582
3583 /**
3584 * Enforce different MFA options
3585 */
3586 export interface AccessAuthenticationMethodRule {
3587 auth_method: AccessAuthenticationMethodRule.AuthMethod;
3588 }
3589
3590 export namespace AccessAuthenticationMethodRule {
3591 export interface AuthMethod {
3592 /**
3593 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
3594 */
3595 auth_method: string;
3596 }
3597 }
3598
3599 /**
3600 * Enforces a device posture rule has run successfully
3601 */
3602 export interface AccessDevicePostureRule {
3603 device_posture: AccessDevicePostureRule.DevicePosture;
3604 }
3605
3606 export namespace AccessDevicePostureRule {
3607 export interface DevicePosture {
3608 /**
3609 * The ID of a device posture integration.
3610 */
3611 integration_uid: string;
3612 }
3613 }
3614
3615 /**
3616 * Matches a specific email.
3617 */
3618 export interface AccessEmailRule {
3619 email: AccessEmailRule.Email;
3620 }
3621
3622 export namespace AccessEmailRule {
3623 export interface Email {
3624 /**
3625 * The email of the user.
3626 */
3627 email: string;
3628 }
3629 }
3630
3631 /**
3632 * Matches an email address from a list.
3633 */
3634 export interface AccessEmailListRule {
3635 email_list: AccessEmailListRule.EmailList;
3636 }
3637
3638 export namespace AccessEmailListRule {
3639 export interface EmailList {
3640 /**
3641 * The ID of a previously created email list.
3642 */
3643 id: string;
3644 }
3645 }
3646
3647 /**
3648 * Match an entire email domain.
3649 */
3650 export interface AccessDomainRule {
3651 email_domain: AccessDomainRule.EmailDomain;
3652 }
3653
3654 export namespace AccessDomainRule {
3655 export interface EmailDomain {
3656 /**
3657 * The email domain to match.
3658 */
3659 domain: string;
3660 }
3661 }
3662
3663 /**
3664 * Matches everyone.
3665 */
3666 export interface AccessEveryoneRule {
3667 /**
3668 * An empty object which matches on all users.
3669 */
3670 everyone: unknown;
3671 }
3672
3673 /**
3674 * Matches an IP address block.
3675 */
3676 export interface AccessIPRule {
3677 ip: AccessIPRule.IP;
3678 }
3679
3680 export namespace AccessIPRule {
3681 export interface IP {
3682 /**
3683 * An IPv4 or IPv6 CIDR block.
3684 */
3685 ip: string;
3686 }
3687 }
3688
3689 /**
3690 * Matches an IP address from a list.
3691 */
3692 export interface AccessIPListRule {
3693 ip_list: AccessIPListRule.IPList;
3694 }
3695
3696 export namespace AccessIPListRule {
3697 export interface IPList {
3698 /**
3699 * The ID of a previously created IP list.
3700 */
3701 id: string;
3702 }
3703 }
3704
3705 /**
3706 * Matches any valid client certificate.
3707 */
3708 export interface AccessCertificateRule {
3709 certificate: unknown;
3710 }
3711
3712 /**
3713 * Matches an Access group.
3714 */
3715 export interface AccessAccessGroupRule {
3716 group: AccessAccessGroupRule.Group;
3717 }
3718
3719 export namespace AccessAccessGroupRule {
3720 export interface Group {
3721 /**
3722 * The ID of a previously created Access group.
3723 */
3724 id: string;
3725 }
3726 }
3727
3728 /**
3729 * Matches an Azure group. Requires an Azure identity provider.
3730 */
3731 export interface AccessAzureGroupRule {
3732 azureAD: AccessAzureGroupRule.AzureAd;
3733 }
3734
3735 export namespace AccessAzureGroupRule {
3736 export interface AzureAd {
3737 /**
3738 * The ID of an Azure group.
3739 */
3740 id: string;
3741
3742 /**
3743 * The ID of your Azure identity provider.
3744 */
3745 connection_id: string;
3746 }
3747 }
3748
3749 /**
3750 * Matches a Github organization. Requires a Github identity provider.
3751 */
3752 export interface AccessGitHubOrganizationRule {
3753 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
3754 }
3755
3756 export namespace AccessGitHubOrganizationRule {
3757 export interface GitHubOrganization {
3758 /**
3759 * The ID of your Github identity provider.
3760 */
3761 connection_id: string;
3762
3763 /**
3764 * The name of the organization.
3765 */
3766 name: string;
3767 }
3768 }
3769
3770 /**
3771 * Matches a group in Google Workspace. Requires a Google Workspace identity
3772 * provider.
3773 */
3774 export interface AccessGsuiteGroupRule {
3775 gsuite: AccessGsuiteGroupRule.Gsuite;
3776 }
3777
3778 export namespace AccessGsuiteGroupRule {
3779 export interface Gsuite {
3780 /**
3781 * The ID of your Google Workspace identity provider.
3782 */
3783 connection_id: string;
3784
3785 /**
3786 * The email of the Google Workspace group.
3787 */
3788 email: string;
3789 }
3790 }
3791
3792 /**
3793 * Matches an Okta group. Requires an Okta identity provider.
3794 */
3795 export interface AccessOktaGroupRule {
3796 okta: AccessOktaGroupRule.Okta;
3797 }
3798
3799 export namespace AccessOktaGroupRule {
3800 export interface Okta {
3801 /**
3802 * The ID of your Okta identity provider.
3803 */
3804 connection_id: string;
3805
3806 /**
3807 * The email of the Okta group.
3808 */
3809 email: string;
3810 }
3811 }
3812
3813 /**
3814 * Matches a SAML group. Requires a SAML identity provider.
3815 */
3816 export interface AccessSamlGroupRule {
3817 saml: AccessSamlGroupRule.Saml;
3818 }
3819
3820 export namespace AccessSamlGroupRule {
3821 export interface Saml {
3822 /**
3823 * The name of the SAML attribute.
3824 */
3825 attribute_name: string;
3826
3827 /**
3828 * The SAML attribute value to look for.
3829 */
3830 attribute_value: string;
3831 }
3832 }
3833
3834 /**
3835 * Matches a specific Access Service Token
3836 */
3837 export interface AccessServiceTokenRule {
3838 service_token: AccessServiceTokenRule.ServiceToken;
3839 }
3840
3841 export namespace AccessServiceTokenRule {
3842 export interface ServiceToken {
3843 /**
3844 * The ID of a Service Token.
3845 */
3846 token_id: string;
3847 }
3848 }
3849
3850 /**
3851 * Matches any valid Access Service Token
3852 */
3853 export interface AccessAnyValidServiceTokenRule {
3854 /**
3855 * An empty object which matches on all service tokens.
3856 */
3857 any_valid_service_token: unknown;
3858 }
3859
3860 /**
3861 * Create Allow or Block policies which evaluate the user based on custom criteria.
3862 */
3863 export interface AccessExternalEvaluationRule {
3864 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
3865 }
3866
3867 export namespace AccessExternalEvaluationRule {
3868 export interface ExternalEvaluation {
3869 /**
3870 * The API endpoint containing your business logic.
3871 */
3872 evaluate_url: string;
3873
3874 /**
3875 * The API endpoint containing the key that Access uses to verify that the response
3876 * came from your API.
3877 */
3878 keys_url: string;
3879 }
3880 }
3881
3882 /**
3883 * Matches a specific country
3884 */
3885 export interface AccessCountryRule {
3886 geo: AccessCountryRule.Geo;
3887 }
3888
3889 export namespace AccessCountryRule {
3890 export interface Geo {
3891 /**
3892 * The country code that should be matched.
3893 */
3894 country_code: string;
3895 }
3896 }
3897
3898 /**
3899 * Enforce different MFA options
3900 */
3901 export interface AccessAuthenticationMethodRule {
3902 auth_method: AccessAuthenticationMethodRule.AuthMethod;
3903 }
3904
3905 export namespace AccessAuthenticationMethodRule {
3906 export interface AuthMethod {
3907 /**
3908 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
3909 */
3910 auth_method: string;
3911 }
3912 }
3913
3914 /**
3915 * Enforces a device posture rule has run successfully
3916 */
3917 export interface AccessDevicePostureRule {
3918 device_posture: AccessDevicePostureRule.DevicePosture;
3919 }
3920
3921 export namespace AccessDevicePostureRule {
3922 export interface DevicePosture {
3923 /**
3924 * The ID of a device posture integration.
3925 */
3926 integration_uid: string;
3927 }
3928 }
3929
3930 /**
3931 * Matches a specific email.
3932 */
3933 export interface AccessEmailRule {
3934 email: AccessEmailRule.Email;
3935 }
3936
3937 export namespace AccessEmailRule {
3938 export interface Email {
3939 /**
3940 * The email of the user.
3941 */
3942 email: string;
3943 }
3944 }
3945
3946 /**
3947 * Matches an email address from a list.
3948 */
3949 export interface AccessEmailListRule {
3950 email_list: AccessEmailListRule.EmailList;
3951 }
3952
3953 export namespace AccessEmailListRule {
3954 export interface EmailList {
3955 /**
3956 * The ID of a previously created email list.
3957 */
3958 id: string;
3959 }
3960 }
3961
3962 /**
3963 * Match an entire email domain.
3964 */
3965 export interface AccessDomainRule {
3966 email_domain: AccessDomainRule.EmailDomain;
3967 }
3968
3969 export namespace AccessDomainRule {
3970 export interface EmailDomain {
3971 /**
3972 * The email domain to match.
3973 */
3974 domain: string;
3975 }
3976 }
3977
3978 /**
3979 * Matches everyone.
3980 */
3981 export interface AccessEveryoneRule {
3982 /**
3983 * An empty object which matches on all users.
3984 */
3985 everyone: unknown;
3986 }
3987
3988 /**
3989 * Matches an IP address block.
3990 */
3991 export interface AccessIPRule {
3992 ip: AccessIPRule.IP;
3993 }
3994
3995 export namespace AccessIPRule {
3996 export interface IP {
3997 /**
3998 * An IPv4 or IPv6 CIDR block.
3999 */
4000 ip: string;
4001 }
4002 }
4003
4004 /**
4005 * Matches an IP address from a list.
4006 */
4007 export interface AccessIPListRule {
4008 ip_list: AccessIPListRule.IPList;
4009 }
4010
4011 export namespace AccessIPListRule {
4012 export interface IPList {
4013 /**
4014 * The ID of a previously created IP list.
4015 */
4016 id: string;
4017 }
4018 }
4019
4020 /**
4021 * Matches any valid client certificate.
4022 */
4023 export interface AccessCertificateRule {
4024 certificate: unknown;
4025 }
4026
4027 /**
4028 * Matches an Access group.
4029 */
4030 export interface AccessAccessGroupRule {
4031 group: AccessAccessGroupRule.Group;
4032 }
4033
4034 export namespace AccessAccessGroupRule {
4035 export interface Group {
4036 /**
4037 * The ID of a previously created Access group.
4038 */
4039 id: string;
4040 }
4041 }
4042
4043 /**
4044 * Matches an Azure group. Requires an Azure identity provider.
4045 */
4046 export interface AccessAzureGroupRule {
4047 azureAD: AccessAzureGroupRule.AzureAd;
4048 }
4049
4050 export namespace AccessAzureGroupRule {
4051 export interface AzureAd {
4052 /**
4053 * The ID of an Azure group.
4054 */
4055 id: string;
4056
4057 /**
4058 * The ID of your Azure identity provider.
4059 */
4060 connection_id: string;
4061 }
4062 }
4063
4064 /**
4065 * Matches a Github organization. Requires a Github identity provider.
4066 */
4067 export interface AccessGitHubOrganizationRule {
4068 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
4069 }
4070
4071 export namespace AccessGitHubOrganizationRule {
4072 export interface GitHubOrganization {
4073 /**
4074 * The ID of your Github identity provider.
4075 */
4076 connection_id: string;
4077
4078 /**
4079 * The name of the organization.
4080 */
4081 name: string;
4082 }
4083 }
4084
4085 /**
4086 * Matches a group in Google Workspace. Requires a Google Workspace identity
4087 * provider.
4088 */
4089 export interface AccessGsuiteGroupRule {
4090 gsuite: AccessGsuiteGroupRule.Gsuite;
4091 }
4092
4093 export namespace AccessGsuiteGroupRule {
4094 export interface Gsuite {
4095 /**
4096 * The ID of your Google Workspace identity provider.
4097 */
4098 connection_id: string;
4099
4100 /**
4101 * The email of the Google Workspace group.
4102 */
4103 email: string;
4104 }
4105 }
4106
4107 /**
4108 * Matches an Okta group. Requires an Okta identity provider.
4109 */
4110 export interface AccessOktaGroupRule {
4111 okta: AccessOktaGroupRule.Okta;
4112 }
4113
4114 export namespace AccessOktaGroupRule {
4115 export interface Okta {
4116 /**
4117 * The ID of your Okta identity provider.
4118 */
4119 connection_id: string;
4120
4121 /**
4122 * The email of the Okta group.
4123 */
4124 email: string;
4125 }
4126 }
4127
4128 /**
4129 * Matches a SAML group. Requires a SAML identity provider.
4130 */
4131 export interface AccessSamlGroupRule {
4132 saml: AccessSamlGroupRule.Saml;
4133 }
4134
4135 export namespace AccessSamlGroupRule {
4136 export interface Saml {
4137 /**
4138 * The name of the SAML attribute.
4139 */
4140 attribute_name: string;
4141
4142 /**
4143 * The SAML attribute value to look for.
4144 */
4145 attribute_value: string;
4146 }
4147 }
4148
4149 /**
4150 * Matches a specific Access Service Token
4151 */
4152 export interface AccessServiceTokenRule {
4153 service_token: AccessServiceTokenRule.ServiceToken;
4154 }
4155
4156 export namespace AccessServiceTokenRule {
4157 export interface ServiceToken {
4158 /**
4159 * The ID of a Service Token.
4160 */
4161 token_id: string;
4162 }
4163 }
4164
4165 /**
4166 * Matches any valid Access Service Token
4167 */
4168 export interface AccessAnyValidServiceTokenRule {
4169 /**
4170 * An empty object which matches on all service tokens.
4171 */
4172 any_valid_service_token: unknown;
4173 }
4174
4175 /**
4176 * Create Allow or Block policies which evaluate the user based on custom criteria.
4177 */
4178 export interface AccessExternalEvaluationRule {
4179 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
4180 }
4181
4182 export namespace AccessExternalEvaluationRule {
4183 export interface ExternalEvaluation {
4184 /**
4185 * The API endpoint containing your business logic.
4186 */
4187 evaluate_url: string;
4188
4189 /**
4190 * The API endpoint containing the key that Access uses to verify that the response
4191 * came from your API.
4192 */
4193 keys_url: string;
4194 }
4195 }
4196
4197 /**
4198 * Matches a specific country
4199 */
4200 export interface AccessCountryRule {
4201 geo: AccessCountryRule.Geo;
4202 }
4203
4204 export namespace AccessCountryRule {
4205 export interface Geo {
4206 /**
4207 * The country code that should be matched.
4208 */
4209 country_code: string;
4210 }
4211 }
4212
4213 /**
4214 * Enforce different MFA options
4215 */
4216 export interface AccessAuthenticationMethodRule {
4217 auth_method: AccessAuthenticationMethodRule.AuthMethod;
4218 }
4219
4220 export namespace AccessAuthenticationMethodRule {
4221 export interface AuthMethod {
4222 /**
4223 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
4224 */
4225 auth_method: string;
4226 }
4227 }
4228
4229 /**
4230 * Enforces a device posture rule has run successfully
4231 */
4232 export interface AccessDevicePostureRule {
4233 device_posture: AccessDevicePostureRule.DevicePosture;
4234 }
4235
4236 export namespace AccessDevicePostureRule {
4237 export interface DevicePosture {
4238 /**
4239 * The ID of a device posture integration.
4240 */
4241 integration_uid: string;
4242 }
4243 }
4244}
4245
4246export type GroupAccessGroupsListAccessGroupsResponse =
4247 Array<GroupAccessGroupsListAccessGroupsResponse.GroupAccessGroupsListAccessGroupsResponseItem>;
4248
4249export namespace GroupAccessGroupsListAccessGroupsResponse {
4250 export interface GroupAccessGroupsListAccessGroupsResponseItem {
4251 /**
4252 * UUID
4253 */
4254 id?: string;
4255
4256 created_at?: string;
4257
4258 /**
4259 * Rules evaluated with a NOT logical operator. To match a policy, a user cannot
4260 * meet any of the Exclude rules.
4261 */
4262 exclude?: Array<
4263 | GroupAccessGroupsListAccessGroupsResponseItem.AccessEmailRule
4264 | GroupAccessGroupsListAccessGroupsResponseItem.AccessEmailListRule
4265 | GroupAccessGroupsListAccessGroupsResponseItem.AccessDomainRule
4266 | GroupAccessGroupsListAccessGroupsResponseItem.AccessEveryoneRule
4267 | GroupAccessGroupsListAccessGroupsResponseItem.AccessIPRule
4268 | GroupAccessGroupsListAccessGroupsResponseItem.AccessIPListRule
4269 | GroupAccessGroupsListAccessGroupsResponseItem.AccessCertificateRule
4270 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAccessGroupRule
4271 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAzureGroupRule
4272 | GroupAccessGroupsListAccessGroupsResponseItem.AccessGitHubOrganizationRule
4273 | GroupAccessGroupsListAccessGroupsResponseItem.AccessGsuiteGroupRule
4274 | GroupAccessGroupsListAccessGroupsResponseItem.AccessOktaGroupRule
4275 | GroupAccessGroupsListAccessGroupsResponseItem.AccessSamlGroupRule
4276 | GroupAccessGroupsListAccessGroupsResponseItem.AccessServiceTokenRule
4277 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAnyValidServiceTokenRule
4278 | GroupAccessGroupsListAccessGroupsResponseItem.AccessExternalEvaluationRule
4279 | GroupAccessGroupsListAccessGroupsResponseItem.AccessCountryRule
4280 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAuthenticationMethodRule
4281 | GroupAccessGroupsListAccessGroupsResponseItem.AccessDevicePostureRule
4282 >;
4283
4284 /**
4285 * Rules evaluated with an OR logical operator. A user needs to meet only one of
4286 * the Include rules.
4287 */
4288 include?: Array<
4289 | GroupAccessGroupsListAccessGroupsResponseItem.AccessEmailRule
4290 | GroupAccessGroupsListAccessGroupsResponseItem.AccessEmailListRule
4291 | GroupAccessGroupsListAccessGroupsResponseItem.AccessDomainRule
4292 | GroupAccessGroupsListAccessGroupsResponseItem.AccessEveryoneRule
4293 | GroupAccessGroupsListAccessGroupsResponseItem.AccessIPRule
4294 | GroupAccessGroupsListAccessGroupsResponseItem.AccessIPListRule
4295 | GroupAccessGroupsListAccessGroupsResponseItem.AccessCertificateRule
4296 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAccessGroupRule
4297 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAzureGroupRule
4298 | GroupAccessGroupsListAccessGroupsResponseItem.AccessGitHubOrganizationRule
4299 | GroupAccessGroupsListAccessGroupsResponseItem.AccessGsuiteGroupRule
4300 | GroupAccessGroupsListAccessGroupsResponseItem.AccessOktaGroupRule
4301 | GroupAccessGroupsListAccessGroupsResponseItem.AccessSamlGroupRule
4302 | GroupAccessGroupsListAccessGroupsResponseItem.AccessServiceTokenRule
4303 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAnyValidServiceTokenRule
4304 | GroupAccessGroupsListAccessGroupsResponseItem.AccessExternalEvaluationRule
4305 | GroupAccessGroupsListAccessGroupsResponseItem.AccessCountryRule
4306 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAuthenticationMethodRule
4307 | GroupAccessGroupsListAccessGroupsResponseItem.AccessDevicePostureRule
4308 >;
4309
4310 /**
4311 * Rules evaluated with an AND logical operator. To match a policy, a user must
4312 * meet all of the Require rules.
4313 */
4314 is_default?: Array<
4315 | GroupAccessGroupsListAccessGroupsResponseItem.AccessEmailRule
4316 | GroupAccessGroupsListAccessGroupsResponseItem.AccessEmailListRule
4317 | GroupAccessGroupsListAccessGroupsResponseItem.AccessDomainRule
4318 | GroupAccessGroupsListAccessGroupsResponseItem.AccessEveryoneRule
4319 | GroupAccessGroupsListAccessGroupsResponseItem.AccessIPRule
4320 | GroupAccessGroupsListAccessGroupsResponseItem.AccessIPListRule
4321 | GroupAccessGroupsListAccessGroupsResponseItem.AccessCertificateRule
4322 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAccessGroupRule
4323 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAzureGroupRule
4324 | GroupAccessGroupsListAccessGroupsResponseItem.AccessGitHubOrganizationRule
4325 | GroupAccessGroupsListAccessGroupsResponseItem.AccessGsuiteGroupRule
4326 | GroupAccessGroupsListAccessGroupsResponseItem.AccessOktaGroupRule
4327 | GroupAccessGroupsListAccessGroupsResponseItem.AccessSamlGroupRule
4328 | GroupAccessGroupsListAccessGroupsResponseItem.AccessServiceTokenRule
4329 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAnyValidServiceTokenRule
4330 | GroupAccessGroupsListAccessGroupsResponseItem.AccessExternalEvaluationRule
4331 | GroupAccessGroupsListAccessGroupsResponseItem.AccessCountryRule
4332 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAuthenticationMethodRule
4333 | GroupAccessGroupsListAccessGroupsResponseItem.AccessDevicePostureRule
4334 >;
4335
4336 /**
4337 * The name of the Access group.
4338 */
4339 name?: string;
4340
4341 /**
4342 * Rules evaluated with an AND logical operator. To match a policy, a user must
4343 * meet all of the Require rules.
4344 */
4345 require?: Array<
4346 | GroupAccessGroupsListAccessGroupsResponseItem.AccessEmailRule
4347 | GroupAccessGroupsListAccessGroupsResponseItem.AccessEmailListRule
4348 | GroupAccessGroupsListAccessGroupsResponseItem.AccessDomainRule
4349 | GroupAccessGroupsListAccessGroupsResponseItem.AccessEveryoneRule
4350 | GroupAccessGroupsListAccessGroupsResponseItem.AccessIPRule
4351 | GroupAccessGroupsListAccessGroupsResponseItem.AccessIPListRule
4352 | GroupAccessGroupsListAccessGroupsResponseItem.AccessCertificateRule
4353 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAccessGroupRule
4354 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAzureGroupRule
4355 | GroupAccessGroupsListAccessGroupsResponseItem.AccessGitHubOrganizationRule
4356 | GroupAccessGroupsListAccessGroupsResponseItem.AccessGsuiteGroupRule
4357 | GroupAccessGroupsListAccessGroupsResponseItem.AccessOktaGroupRule
4358 | GroupAccessGroupsListAccessGroupsResponseItem.AccessSamlGroupRule
4359 | GroupAccessGroupsListAccessGroupsResponseItem.AccessServiceTokenRule
4360 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAnyValidServiceTokenRule
4361 | GroupAccessGroupsListAccessGroupsResponseItem.AccessExternalEvaluationRule
4362 | GroupAccessGroupsListAccessGroupsResponseItem.AccessCountryRule
4363 | GroupAccessGroupsListAccessGroupsResponseItem.AccessAuthenticationMethodRule
4364 | GroupAccessGroupsListAccessGroupsResponseItem.AccessDevicePostureRule
4365 >;
4366
4367 updated_at?: string;
4368 }
4369
4370 export namespace GroupAccessGroupsListAccessGroupsResponseItem {
4371 /**
4372 * Matches a specific email.
4373 */
4374 export interface AccessEmailRule {
4375 email: AccessEmailRule.Email;
4376 }
4377
4378 export namespace AccessEmailRule {
4379 export interface Email {
4380 /**
4381 * The email of the user.
4382 */
4383 email: string;
4384 }
4385 }
4386
4387 /**
4388 * Matches an email address from a list.
4389 */
4390 export interface AccessEmailListRule {
4391 email_list: AccessEmailListRule.EmailList;
4392 }
4393
4394 export namespace AccessEmailListRule {
4395 export interface EmailList {
4396 /**
4397 * The ID of a previously created email list.
4398 */
4399 id: string;
4400 }
4401 }
4402
4403 /**
4404 * Match an entire email domain.
4405 */
4406 export interface AccessDomainRule {
4407 email_domain: AccessDomainRule.EmailDomain;
4408 }
4409
4410 export namespace AccessDomainRule {
4411 export interface EmailDomain {
4412 /**
4413 * The email domain to match.
4414 */
4415 domain: string;
4416 }
4417 }
4418
4419 /**
4420 * Matches everyone.
4421 */
4422 export interface AccessEveryoneRule {
4423 /**
4424 * An empty object which matches on all users.
4425 */
4426 everyone: unknown;
4427 }
4428
4429 /**
4430 * Matches an IP address block.
4431 */
4432 export interface AccessIPRule {
4433 ip: AccessIPRule.IP;
4434 }
4435
4436 export namespace AccessIPRule {
4437 export interface IP {
4438 /**
4439 * An IPv4 or IPv6 CIDR block.
4440 */
4441 ip: string;
4442 }
4443 }
4444
4445 /**
4446 * Matches an IP address from a list.
4447 */
4448 export interface AccessIPListRule {
4449 ip_list: AccessIPListRule.IPList;
4450 }
4451
4452 export namespace AccessIPListRule {
4453 export interface IPList {
4454 /**
4455 * The ID of a previously created IP list.
4456 */
4457 id: string;
4458 }
4459 }
4460
4461 /**
4462 * Matches any valid client certificate.
4463 */
4464 export interface AccessCertificateRule {
4465 certificate: unknown;
4466 }
4467
4468 /**
4469 * Matches an Access group.
4470 */
4471 export interface AccessAccessGroupRule {
4472 group: AccessAccessGroupRule.Group;
4473 }
4474
4475 export namespace AccessAccessGroupRule {
4476 export interface Group {
4477 /**
4478 * The ID of a previously created Access group.
4479 */
4480 id: string;
4481 }
4482 }
4483
4484 /**
4485 * Matches an Azure group. Requires an Azure identity provider.
4486 */
4487 export interface AccessAzureGroupRule {
4488 azureAD: AccessAzureGroupRule.AzureAd;
4489 }
4490
4491 export namespace AccessAzureGroupRule {
4492 export interface AzureAd {
4493 /**
4494 * The ID of an Azure group.
4495 */
4496 id: string;
4497
4498 /**
4499 * The ID of your Azure identity provider.
4500 */
4501 connection_id: string;
4502 }
4503 }
4504
4505 /**
4506 * Matches a Github organization. Requires a Github identity provider.
4507 */
4508 export interface AccessGitHubOrganizationRule {
4509 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
4510 }
4511
4512 export namespace AccessGitHubOrganizationRule {
4513 export interface GitHubOrganization {
4514 /**
4515 * The ID of your Github identity provider.
4516 */
4517 connection_id: string;
4518
4519 /**
4520 * The name of the organization.
4521 */
4522 name: string;
4523 }
4524 }
4525
4526 /**
4527 * Matches a group in Google Workspace. Requires a Google Workspace identity
4528 * provider.
4529 */
4530 export interface AccessGsuiteGroupRule {
4531 gsuite: AccessGsuiteGroupRule.Gsuite;
4532 }
4533
4534 export namespace AccessGsuiteGroupRule {
4535 export interface Gsuite {
4536 /**
4537 * The ID of your Google Workspace identity provider.
4538 */
4539 connection_id: string;
4540
4541 /**
4542 * The email of the Google Workspace group.
4543 */
4544 email: string;
4545 }
4546 }
4547
4548 /**
4549 * Matches an Okta group. Requires an Okta identity provider.
4550 */
4551 export interface AccessOktaGroupRule {
4552 okta: AccessOktaGroupRule.Okta;
4553 }
4554
4555 export namespace AccessOktaGroupRule {
4556 export interface Okta {
4557 /**
4558 * The ID of your Okta identity provider.
4559 */
4560 connection_id: string;
4561
4562 /**
4563 * The email of the Okta group.
4564 */
4565 email: string;
4566 }
4567 }
4568
4569 /**
4570 * Matches a SAML group. Requires a SAML identity provider.
4571 */
4572 export interface AccessSamlGroupRule {
4573 saml: AccessSamlGroupRule.Saml;
4574 }
4575
4576 export namespace AccessSamlGroupRule {
4577 export interface Saml {
4578 /**
4579 * The name of the SAML attribute.
4580 */
4581 attribute_name: string;
4582
4583 /**
4584 * The SAML attribute value to look for.
4585 */
4586 attribute_value: string;
4587 }
4588 }
4589
4590 /**
4591 * Matches a specific Access Service Token
4592 */
4593 export interface AccessServiceTokenRule {
4594 service_token: AccessServiceTokenRule.ServiceToken;
4595 }
4596
4597 export namespace AccessServiceTokenRule {
4598 export interface ServiceToken {
4599 /**
4600 * The ID of a Service Token.
4601 */
4602 token_id: string;
4603 }
4604 }
4605
4606 /**
4607 * Matches any valid Access Service Token
4608 */
4609 export interface AccessAnyValidServiceTokenRule {
4610 /**
4611 * An empty object which matches on all service tokens.
4612 */
4613 any_valid_service_token: unknown;
4614 }
4615
4616 /**
4617 * Create Allow or Block policies which evaluate the user based on custom criteria.
4618 */
4619 export interface AccessExternalEvaluationRule {
4620 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
4621 }
4622
4623 export namespace AccessExternalEvaluationRule {
4624 export interface ExternalEvaluation {
4625 /**
4626 * The API endpoint containing your business logic.
4627 */
4628 evaluate_url: string;
4629
4630 /**
4631 * The API endpoint containing the key that Access uses to verify that the response
4632 * came from your API.
4633 */
4634 keys_url: string;
4635 }
4636 }
4637
4638 /**
4639 * Matches a specific country
4640 */
4641 export interface AccessCountryRule {
4642 geo: AccessCountryRule.Geo;
4643 }
4644
4645 export namespace AccessCountryRule {
4646 export interface Geo {
4647 /**
4648 * The country code that should be matched.
4649 */
4650 country_code: string;
4651 }
4652 }
4653
4654 /**
4655 * Enforce different MFA options
4656 */
4657 export interface AccessAuthenticationMethodRule {
4658 auth_method: AccessAuthenticationMethodRule.AuthMethod;
4659 }
4660
4661 export namespace AccessAuthenticationMethodRule {
4662 export interface AuthMethod {
4663 /**
4664 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
4665 */
4666 auth_method: string;
4667 }
4668 }
4669
4670 /**
4671 * Enforces a device posture rule has run successfully
4672 */
4673 export interface AccessDevicePostureRule {
4674 device_posture: AccessDevicePostureRule.DevicePosture;
4675 }
4676
4677 export namespace AccessDevicePostureRule {
4678 export interface DevicePosture {
4679 /**
4680 * The ID of a device posture integration.
4681 */
4682 integration_uid: string;
4683 }
4684 }
4685
4686 /**
4687 * Matches a specific email.
4688 */
4689 export interface AccessEmailRule {
4690 email: AccessEmailRule.Email;
4691 }
4692
4693 export namespace AccessEmailRule {
4694 export interface Email {
4695 /**
4696 * The email of the user.
4697 */
4698 email: string;
4699 }
4700 }
4701
4702 /**
4703 * Matches an email address from a list.
4704 */
4705 export interface AccessEmailListRule {
4706 email_list: AccessEmailListRule.EmailList;
4707 }
4708
4709 export namespace AccessEmailListRule {
4710 export interface EmailList {
4711 /**
4712 * The ID of a previously created email list.
4713 */
4714 id: string;
4715 }
4716 }
4717
4718 /**
4719 * Match an entire email domain.
4720 */
4721 export interface AccessDomainRule {
4722 email_domain: AccessDomainRule.EmailDomain;
4723 }
4724
4725 export namespace AccessDomainRule {
4726 export interface EmailDomain {
4727 /**
4728 * The email domain to match.
4729 */
4730 domain: string;
4731 }
4732 }
4733
4734 /**
4735 * Matches everyone.
4736 */
4737 export interface AccessEveryoneRule {
4738 /**
4739 * An empty object which matches on all users.
4740 */
4741 everyone: unknown;
4742 }
4743
4744 /**
4745 * Matches an IP address block.
4746 */
4747 export interface AccessIPRule {
4748 ip: AccessIPRule.IP;
4749 }
4750
4751 export namespace AccessIPRule {
4752 export interface IP {
4753 /**
4754 * An IPv4 or IPv6 CIDR block.
4755 */
4756 ip: string;
4757 }
4758 }
4759
4760 /**
4761 * Matches an IP address from a list.
4762 */
4763 export interface AccessIPListRule {
4764 ip_list: AccessIPListRule.IPList;
4765 }
4766
4767 export namespace AccessIPListRule {
4768 export interface IPList {
4769 /**
4770 * The ID of a previously created IP list.
4771 */
4772 id: string;
4773 }
4774 }
4775
4776 /**
4777 * Matches any valid client certificate.
4778 */
4779 export interface AccessCertificateRule {
4780 certificate: unknown;
4781 }
4782
4783 /**
4784 * Matches an Access group.
4785 */
4786 export interface AccessAccessGroupRule {
4787 group: AccessAccessGroupRule.Group;
4788 }
4789
4790 export namespace AccessAccessGroupRule {
4791 export interface Group {
4792 /**
4793 * The ID of a previously created Access group.
4794 */
4795 id: string;
4796 }
4797 }
4798
4799 /**
4800 * Matches an Azure group. Requires an Azure identity provider.
4801 */
4802 export interface AccessAzureGroupRule {
4803 azureAD: AccessAzureGroupRule.AzureAd;
4804 }
4805
4806 export namespace AccessAzureGroupRule {
4807 export interface AzureAd {
4808 /**
4809 * The ID of an Azure group.
4810 */
4811 id: string;
4812
4813 /**
4814 * The ID of your Azure identity provider.
4815 */
4816 connection_id: string;
4817 }
4818 }
4819
4820 /**
4821 * Matches a Github organization. Requires a Github identity provider.
4822 */
4823 export interface AccessGitHubOrganizationRule {
4824 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
4825 }
4826
4827 export namespace AccessGitHubOrganizationRule {
4828 export interface GitHubOrganization {
4829 /**
4830 * The ID of your Github identity provider.
4831 */
4832 connection_id: string;
4833
4834 /**
4835 * The name of the organization.
4836 */
4837 name: string;
4838 }
4839 }
4840
4841 /**
4842 * Matches a group in Google Workspace. Requires a Google Workspace identity
4843 * provider.
4844 */
4845 export interface AccessGsuiteGroupRule {
4846 gsuite: AccessGsuiteGroupRule.Gsuite;
4847 }
4848
4849 export namespace AccessGsuiteGroupRule {
4850 export interface Gsuite {
4851 /**
4852 * The ID of your Google Workspace identity provider.
4853 */
4854 connection_id: string;
4855
4856 /**
4857 * The email of the Google Workspace group.
4858 */
4859 email: string;
4860 }
4861 }
4862
4863 /**
4864 * Matches an Okta group. Requires an Okta identity provider.
4865 */
4866 export interface AccessOktaGroupRule {
4867 okta: AccessOktaGroupRule.Okta;
4868 }
4869
4870 export namespace AccessOktaGroupRule {
4871 export interface Okta {
4872 /**
4873 * The ID of your Okta identity provider.
4874 */
4875 connection_id: string;
4876
4877 /**
4878 * The email of the Okta group.
4879 */
4880 email: string;
4881 }
4882 }
4883
4884 /**
4885 * Matches a SAML group. Requires a SAML identity provider.
4886 */
4887 export interface AccessSamlGroupRule {
4888 saml: AccessSamlGroupRule.Saml;
4889 }
4890
4891 export namespace AccessSamlGroupRule {
4892 export interface Saml {
4893 /**
4894 * The name of the SAML attribute.
4895 */
4896 attribute_name: string;
4897
4898 /**
4899 * The SAML attribute value to look for.
4900 */
4901 attribute_value: string;
4902 }
4903 }
4904
4905 /**
4906 * Matches a specific Access Service Token
4907 */
4908 export interface AccessServiceTokenRule {
4909 service_token: AccessServiceTokenRule.ServiceToken;
4910 }
4911
4912 export namespace AccessServiceTokenRule {
4913 export interface ServiceToken {
4914 /**
4915 * The ID of a Service Token.
4916 */
4917 token_id: string;
4918 }
4919 }
4920
4921 /**
4922 * Matches any valid Access Service Token
4923 */
4924 export interface AccessAnyValidServiceTokenRule {
4925 /**
4926 * An empty object which matches on all service tokens.
4927 */
4928 any_valid_service_token: unknown;
4929 }
4930
4931 /**
4932 * Create Allow or Block policies which evaluate the user based on custom criteria.
4933 */
4934 export interface AccessExternalEvaluationRule {
4935 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
4936 }
4937
4938 export namespace AccessExternalEvaluationRule {
4939 export interface ExternalEvaluation {
4940 /**
4941 * The API endpoint containing your business logic.
4942 */
4943 evaluate_url: string;
4944
4945 /**
4946 * The API endpoint containing the key that Access uses to verify that the response
4947 * came from your API.
4948 */
4949 keys_url: string;
4950 }
4951 }
4952
4953 /**
4954 * Matches a specific country
4955 */
4956 export interface AccessCountryRule {
4957 geo: AccessCountryRule.Geo;
4958 }
4959
4960 export namespace AccessCountryRule {
4961 export interface Geo {
4962 /**
4963 * The country code that should be matched.
4964 */
4965 country_code: string;
4966 }
4967 }
4968
4969 /**
4970 * Enforce different MFA options
4971 */
4972 export interface AccessAuthenticationMethodRule {
4973 auth_method: AccessAuthenticationMethodRule.AuthMethod;
4974 }
4975
4976 export namespace AccessAuthenticationMethodRule {
4977 export interface AuthMethod {
4978 /**
4979 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
4980 */
4981 auth_method: string;
4982 }
4983 }
4984
4985 /**
4986 * Enforces a device posture rule has run successfully
4987 */
4988 export interface AccessDevicePostureRule {
4989 device_posture: AccessDevicePostureRule.DevicePosture;
4990 }
4991
4992 export namespace AccessDevicePostureRule {
4993 export interface DevicePosture {
4994 /**
4995 * The ID of a device posture integration.
4996 */
4997 integration_uid: string;
4998 }
4999 }
5000
5001 /**
5002 * Matches a specific email.
5003 */
5004 export interface AccessEmailRule {
5005 email: AccessEmailRule.Email;
5006 }
5007
5008 export namespace AccessEmailRule {
5009 export interface Email {
5010 /**
5011 * The email of the user.
5012 */
5013 email: string;
5014 }
5015 }
5016
5017 /**
5018 * Matches an email address from a list.
5019 */
5020 export interface AccessEmailListRule {
5021 email_list: AccessEmailListRule.EmailList;
5022 }
5023
5024 export namespace AccessEmailListRule {
5025 export interface EmailList {
5026 /**
5027 * The ID of a previously created email list.
5028 */
5029 id: string;
5030 }
5031 }
5032
5033 /**
5034 * Match an entire email domain.
5035 */
5036 export interface AccessDomainRule {
5037 email_domain: AccessDomainRule.EmailDomain;
5038 }
5039
5040 export namespace AccessDomainRule {
5041 export interface EmailDomain {
5042 /**
5043 * The email domain to match.
5044 */
5045 domain: string;
5046 }
5047 }
5048
5049 /**
5050 * Matches everyone.
5051 */
5052 export interface AccessEveryoneRule {
5053 /**
5054 * An empty object which matches on all users.
5055 */
5056 everyone: unknown;
5057 }
5058
5059 /**
5060 * Matches an IP address block.
5061 */
5062 export interface AccessIPRule {
5063 ip: AccessIPRule.IP;
5064 }
5065
5066 export namespace AccessIPRule {
5067 export interface IP {
5068 /**
5069 * An IPv4 or IPv6 CIDR block.
5070 */
5071 ip: string;
5072 }
5073 }
5074
5075 /**
5076 * Matches an IP address from a list.
5077 */
5078 export interface AccessIPListRule {
5079 ip_list: AccessIPListRule.IPList;
5080 }
5081
5082 export namespace AccessIPListRule {
5083 export interface IPList {
5084 /**
5085 * The ID of a previously created IP list.
5086 */
5087 id: string;
5088 }
5089 }
5090
5091 /**
5092 * Matches any valid client certificate.
5093 */
5094 export interface AccessCertificateRule {
5095 certificate: unknown;
5096 }
5097
5098 /**
5099 * Matches an Access group.
5100 */
5101 export interface AccessAccessGroupRule {
5102 group: AccessAccessGroupRule.Group;
5103 }
5104
5105 export namespace AccessAccessGroupRule {
5106 export interface Group {
5107 /**
5108 * The ID of a previously created Access group.
5109 */
5110 id: string;
5111 }
5112 }
5113
5114 /**
5115 * Matches an Azure group. Requires an Azure identity provider.
5116 */
5117 export interface AccessAzureGroupRule {
5118 azureAD: AccessAzureGroupRule.AzureAd;
5119 }
5120
5121 export namespace AccessAzureGroupRule {
5122 export interface AzureAd {
5123 /**
5124 * The ID of an Azure group.
5125 */
5126 id: string;
5127
5128 /**
5129 * The ID of your Azure identity provider.
5130 */
5131 connection_id: string;
5132 }
5133 }
5134
5135 /**
5136 * Matches a Github organization. Requires a Github identity provider.
5137 */
5138 export interface AccessGitHubOrganizationRule {
5139 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
5140 }
5141
5142 export namespace AccessGitHubOrganizationRule {
5143 export interface GitHubOrganization {
5144 /**
5145 * The ID of your Github identity provider.
5146 */
5147 connection_id: string;
5148
5149 /**
5150 * The name of the organization.
5151 */
5152 name: string;
5153 }
5154 }
5155
5156 /**
5157 * Matches a group in Google Workspace. Requires a Google Workspace identity
5158 * provider.
5159 */
5160 export interface AccessGsuiteGroupRule {
5161 gsuite: AccessGsuiteGroupRule.Gsuite;
5162 }
5163
5164 export namespace AccessGsuiteGroupRule {
5165 export interface Gsuite {
5166 /**
5167 * The ID of your Google Workspace identity provider.
5168 */
5169 connection_id: string;
5170
5171 /**
5172 * The email of the Google Workspace group.
5173 */
5174 email: string;
5175 }
5176 }
5177
5178 /**
5179 * Matches an Okta group. Requires an Okta identity provider.
5180 */
5181 export interface AccessOktaGroupRule {
5182 okta: AccessOktaGroupRule.Okta;
5183 }
5184
5185 export namespace AccessOktaGroupRule {
5186 export interface Okta {
5187 /**
5188 * The ID of your Okta identity provider.
5189 */
5190 connection_id: string;
5191
5192 /**
5193 * The email of the Okta group.
5194 */
5195 email: string;
5196 }
5197 }
5198
5199 /**
5200 * Matches a SAML group. Requires a SAML identity provider.
5201 */
5202 export interface AccessSamlGroupRule {
5203 saml: AccessSamlGroupRule.Saml;
5204 }
5205
5206 export namespace AccessSamlGroupRule {
5207 export interface Saml {
5208 /**
5209 * The name of the SAML attribute.
5210 */
5211 attribute_name: string;
5212
5213 /**
5214 * The SAML attribute value to look for.
5215 */
5216 attribute_value: string;
5217 }
5218 }
5219
5220 /**
5221 * Matches a specific Access Service Token
5222 */
5223 export interface AccessServiceTokenRule {
5224 service_token: AccessServiceTokenRule.ServiceToken;
5225 }
5226
5227 export namespace AccessServiceTokenRule {
5228 export interface ServiceToken {
5229 /**
5230 * The ID of a Service Token.
5231 */
5232 token_id: string;
5233 }
5234 }
5235
5236 /**
5237 * Matches any valid Access Service Token
5238 */
5239 export interface AccessAnyValidServiceTokenRule {
5240 /**
5241 * An empty object which matches on all service tokens.
5242 */
5243 any_valid_service_token: unknown;
5244 }
5245
5246 /**
5247 * Create Allow or Block policies which evaluate the user based on custom criteria.
5248 */
5249 export interface AccessExternalEvaluationRule {
5250 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
5251 }
5252
5253 export namespace AccessExternalEvaluationRule {
5254 export interface ExternalEvaluation {
5255 /**
5256 * The API endpoint containing your business logic.
5257 */
5258 evaluate_url: string;
5259
5260 /**
5261 * The API endpoint containing the key that Access uses to verify that the response
5262 * came from your API.
5263 */
5264 keys_url: string;
5265 }
5266 }
5267
5268 /**
5269 * Matches a specific country
5270 */
5271 export interface AccessCountryRule {
5272 geo: AccessCountryRule.Geo;
5273 }
5274
5275 export namespace AccessCountryRule {
5276 export interface Geo {
5277 /**
5278 * The country code that should be matched.
5279 */
5280 country_code: string;
5281 }
5282 }
5283
5284 /**
5285 * Enforce different MFA options
5286 */
5287 export interface AccessAuthenticationMethodRule {
5288 auth_method: AccessAuthenticationMethodRule.AuthMethod;
5289 }
5290
5291 export namespace AccessAuthenticationMethodRule {
5292 export interface AuthMethod {
5293 /**
5294 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
5295 */
5296 auth_method: string;
5297 }
5298 }
5299
5300 /**
5301 * Enforces a device posture rule has run successfully
5302 */
5303 export interface AccessDevicePostureRule {
5304 device_posture: AccessDevicePostureRule.DevicePosture;
5305 }
5306
5307 export namespace AccessDevicePostureRule {
5308 export interface DevicePosture {
5309 /**
5310 * The ID of a device posture integration.
5311 */
5312 integration_uid: string;
5313 }
5314 }
5315
5316 /**
5317 * Matches a specific email.
5318 */
5319 export interface AccessEmailRule {
5320 email: AccessEmailRule.Email;
5321 }
5322
5323 export namespace AccessEmailRule {
5324 export interface Email {
5325 /**
5326 * The email of the user.
5327 */
5328 email: string;
5329 }
5330 }
5331
5332 /**
5333 * Matches an email address from a list.
5334 */
5335 export interface AccessEmailListRule {
5336 email_list: AccessEmailListRule.EmailList;
5337 }
5338
5339 export namespace AccessEmailListRule {
5340 export interface EmailList {
5341 /**
5342 * The ID of a previously created email list.
5343 */
5344 id: string;
5345 }
5346 }
5347
5348 /**
5349 * Match an entire email domain.
5350 */
5351 export interface AccessDomainRule {
5352 email_domain: AccessDomainRule.EmailDomain;
5353 }
5354
5355 export namespace AccessDomainRule {
5356 export interface EmailDomain {
5357 /**
5358 * The email domain to match.
5359 */
5360 domain: string;
5361 }
5362 }
5363
5364 /**
5365 * Matches everyone.
5366 */
5367 export interface AccessEveryoneRule {
5368 /**
5369 * An empty object which matches on all users.
5370 */
5371 everyone: unknown;
5372 }
5373
5374 /**
5375 * Matches an IP address block.
5376 */
5377 export interface AccessIPRule {
5378 ip: AccessIPRule.IP;
5379 }
5380
5381 export namespace AccessIPRule {
5382 export interface IP {
5383 /**
5384 * An IPv4 or IPv6 CIDR block.
5385 */
5386 ip: string;
5387 }
5388 }
5389
5390 /**
5391 * Matches an IP address from a list.
5392 */
5393 export interface AccessIPListRule {
5394 ip_list: AccessIPListRule.IPList;
5395 }
5396
5397 export namespace AccessIPListRule {
5398 export interface IPList {
5399 /**
5400 * The ID of a previously created IP list.
5401 */
5402 id: string;
5403 }
5404 }
5405
5406 /**
5407 * Matches any valid client certificate.
5408 */
5409 export interface AccessCertificateRule {
5410 certificate: unknown;
5411 }
5412
5413 /**
5414 * Matches an Access group.
5415 */
5416 export interface AccessAccessGroupRule {
5417 group: AccessAccessGroupRule.Group;
5418 }
5419
5420 export namespace AccessAccessGroupRule {
5421 export interface Group {
5422 /**
5423 * The ID of a previously created Access group.
5424 */
5425 id: string;
5426 }
5427 }
5428
5429 /**
5430 * Matches an Azure group. Requires an Azure identity provider.
5431 */
5432 export interface AccessAzureGroupRule {
5433 azureAD: AccessAzureGroupRule.AzureAd;
5434 }
5435
5436 export namespace AccessAzureGroupRule {
5437 export interface AzureAd {
5438 /**
5439 * The ID of an Azure group.
5440 */
5441 id: string;
5442
5443 /**
5444 * The ID of your Azure identity provider.
5445 */
5446 connection_id: string;
5447 }
5448 }
5449
5450 /**
5451 * Matches a Github organization. Requires a Github identity provider.
5452 */
5453 export interface AccessGitHubOrganizationRule {
5454 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
5455 }
5456
5457 export namespace AccessGitHubOrganizationRule {
5458 export interface GitHubOrganization {
5459 /**
5460 * The ID of your Github identity provider.
5461 */
5462 connection_id: string;
5463
5464 /**
5465 * The name of the organization.
5466 */
5467 name: string;
5468 }
5469 }
5470
5471 /**
5472 * Matches a group in Google Workspace. Requires a Google Workspace identity
5473 * provider.
5474 */
5475 export interface AccessGsuiteGroupRule {
5476 gsuite: AccessGsuiteGroupRule.Gsuite;
5477 }
5478
5479 export namespace AccessGsuiteGroupRule {
5480 export interface Gsuite {
5481 /**
5482 * The ID of your Google Workspace identity provider.
5483 */
5484 connection_id: string;
5485
5486 /**
5487 * The email of the Google Workspace group.
5488 */
5489 email: string;
5490 }
5491 }
5492
5493 /**
5494 * Matches an Okta group. Requires an Okta identity provider.
5495 */
5496 export interface AccessOktaGroupRule {
5497 okta: AccessOktaGroupRule.Okta;
5498 }
5499
5500 export namespace AccessOktaGroupRule {
5501 export interface Okta {
5502 /**
5503 * The ID of your Okta identity provider.
5504 */
5505 connection_id: string;
5506
5507 /**
5508 * The email of the Okta group.
5509 */
5510 email: string;
5511 }
5512 }
5513
5514 /**
5515 * Matches a SAML group. Requires a SAML identity provider.
5516 */
5517 export interface AccessSamlGroupRule {
5518 saml: AccessSamlGroupRule.Saml;
5519 }
5520
5521 export namespace AccessSamlGroupRule {
5522 export interface Saml {
5523 /**
5524 * The name of the SAML attribute.
5525 */
5526 attribute_name: string;
5527
5528 /**
5529 * The SAML attribute value to look for.
5530 */
5531 attribute_value: string;
5532 }
5533 }
5534
5535 /**
5536 * Matches a specific Access Service Token
5537 */
5538 export interface AccessServiceTokenRule {
5539 service_token: AccessServiceTokenRule.ServiceToken;
5540 }
5541
5542 export namespace AccessServiceTokenRule {
5543 export interface ServiceToken {
5544 /**
5545 * The ID of a Service Token.
5546 */
5547 token_id: string;
5548 }
5549 }
5550
5551 /**
5552 * Matches any valid Access Service Token
5553 */
5554 export interface AccessAnyValidServiceTokenRule {
5555 /**
5556 * An empty object which matches on all service tokens.
5557 */
5558 any_valid_service_token: unknown;
5559 }
5560
5561 /**
5562 * Create Allow or Block policies which evaluate the user based on custom criteria.
5563 */
5564 export interface AccessExternalEvaluationRule {
5565 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
5566 }
5567
5568 export namespace AccessExternalEvaluationRule {
5569 export interface ExternalEvaluation {
5570 /**
5571 * The API endpoint containing your business logic.
5572 */
5573 evaluate_url: string;
5574
5575 /**
5576 * The API endpoint containing the key that Access uses to verify that the response
5577 * came from your API.
5578 */
5579 keys_url: string;
5580 }
5581 }
5582
5583 /**
5584 * Matches a specific country
5585 */
5586 export interface AccessCountryRule {
5587 geo: AccessCountryRule.Geo;
5588 }
5589
5590 export namespace AccessCountryRule {
5591 export interface Geo {
5592 /**
5593 * The country code that should be matched.
5594 */
5595 country_code: string;
5596 }
5597 }
5598
5599 /**
5600 * Enforce different MFA options
5601 */
5602 export interface AccessAuthenticationMethodRule {
5603 auth_method: AccessAuthenticationMethodRule.AuthMethod;
5604 }
5605
5606 export namespace AccessAuthenticationMethodRule {
5607 export interface AuthMethod {
5608 /**
5609 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
5610 */
5611 auth_method: string;
5612 }
5613 }
5614
5615 /**
5616 * Enforces a device posture rule has run successfully
5617 */
5618 export interface AccessDevicePostureRule {
5619 device_posture: AccessDevicePostureRule.DevicePosture;
5620 }
5621
5622 export namespace AccessDevicePostureRule {
5623 export interface DevicePosture {
5624 /**
5625 * The ID of a device posture integration.
5626 */
5627 integration_uid: string;
5628 }
5629 }
5630 }
5631}
5632
5633export interface GroupUpdateParams {
5634 /**
5635 * Rules evaluated with an OR logical operator. A user needs to meet only one of
5636 * the Include rules.
5637 */
5638 include: Array<
5639 | GroupUpdateParams.AccessEmailRule
5640 | GroupUpdateParams.AccessEmailListRule
5641 | GroupUpdateParams.AccessDomainRule
5642 | GroupUpdateParams.AccessEveryoneRule
5643 | GroupUpdateParams.AccessIPRule
5644 | GroupUpdateParams.AccessIPListRule
5645 | GroupUpdateParams.AccessCertificateRule
5646 | GroupUpdateParams.AccessAccessGroupRule
5647 | GroupUpdateParams.AccessAzureGroupRule
5648 | GroupUpdateParams.AccessGitHubOrganizationRule
5649 | GroupUpdateParams.AccessGsuiteGroupRule
5650 | GroupUpdateParams.AccessOktaGroupRule
5651 | GroupUpdateParams.AccessSamlGroupRule
5652 | GroupUpdateParams.AccessServiceTokenRule
5653 | GroupUpdateParams.AccessAnyValidServiceTokenRule
5654 | GroupUpdateParams.AccessExternalEvaluationRule
5655 | GroupUpdateParams.AccessCountryRule
5656 | GroupUpdateParams.AccessAuthenticationMethodRule
5657 | GroupUpdateParams.AccessDevicePostureRule
5658 >;
5659
5660 /**
5661 * The name of the Access group.
5662 */
5663 name: string;
5664
5665 /**
5666 * Rules evaluated with a NOT logical operator. To match a policy, a user cannot
5667 * meet any of the Exclude rules.
5668 */
5669 exclude?: Array<
5670 | GroupUpdateParams.AccessEmailRule
5671 | GroupUpdateParams.AccessEmailListRule
5672 | GroupUpdateParams.AccessDomainRule
5673 | GroupUpdateParams.AccessEveryoneRule
5674 | GroupUpdateParams.AccessIPRule
5675 | GroupUpdateParams.AccessIPListRule
5676 | GroupUpdateParams.AccessCertificateRule
5677 | GroupUpdateParams.AccessAccessGroupRule
5678 | GroupUpdateParams.AccessAzureGroupRule
5679 | GroupUpdateParams.AccessGitHubOrganizationRule
5680 | GroupUpdateParams.AccessGsuiteGroupRule
5681 | GroupUpdateParams.AccessOktaGroupRule
5682 | GroupUpdateParams.AccessSamlGroupRule
5683 | GroupUpdateParams.AccessServiceTokenRule
5684 | GroupUpdateParams.AccessAnyValidServiceTokenRule
5685 | GroupUpdateParams.AccessExternalEvaluationRule
5686 | GroupUpdateParams.AccessCountryRule
5687 | GroupUpdateParams.AccessAuthenticationMethodRule
5688 | GroupUpdateParams.AccessDevicePostureRule
5689 >;
5690
5691 /**
5692 * Whether this is the default group
5693 */
5694 is_default?: boolean;
5695
5696 /**
5697 * Rules evaluated with an AND logical operator. To match a policy, a user must
5698 * meet all of the Require rules.
5699 */
5700 require?: Array<
5701 | GroupUpdateParams.AccessEmailRule
5702 | GroupUpdateParams.AccessEmailListRule
5703 | GroupUpdateParams.AccessDomainRule
5704 | GroupUpdateParams.AccessEveryoneRule
5705 | GroupUpdateParams.AccessIPRule
5706 | GroupUpdateParams.AccessIPListRule
5707 | GroupUpdateParams.AccessCertificateRule
5708 | GroupUpdateParams.AccessAccessGroupRule
5709 | GroupUpdateParams.AccessAzureGroupRule
5710 | GroupUpdateParams.AccessGitHubOrganizationRule
5711 | GroupUpdateParams.AccessGsuiteGroupRule
5712 | GroupUpdateParams.AccessOktaGroupRule
5713 | GroupUpdateParams.AccessSamlGroupRule
5714 | GroupUpdateParams.AccessServiceTokenRule
5715 | GroupUpdateParams.AccessAnyValidServiceTokenRule
5716 | GroupUpdateParams.AccessExternalEvaluationRule
5717 | GroupUpdateParams.AccessCountryRule
5718 | GroupUpdateParams.AccessAuthenticationMethodRule
5719 | GroupUpdateParams.AccessDevicePostureRule
5720 >;
5721}
5722
5723export namespace GroupUpdateParams {
5724 /**
5725 * Matches a specific email.
5726 */
5727 export interface AccessEmailRule {
5728 email: AccessEmailRule.Email;
5729 }
5730
5731 export namespace AccessEmailRule {
5732 export interface Email {
5733 /**
5734 * The email of the user.
5735 */
5736 email: string;
5737 }
5738 }
5739
5740 /**
5741 * Matches an email address from a list.
5742 */
5743 export interface AccessEmailListRule {
5744 email_list: AccessEmailListRule.EmailList;
5745 }
5746
5747 export namespace AccessEmailListRule {
5748 export interface EmailList {
5749 /**
5750 * The ID of a previously created email list.
5751 */
5752 id: string;
5753 }
5754 }
5755
5756 /**
5757 * Match an entire email domain.
5758 */
5759 export interface AccessDomainRule {
5760 email_domain: AccessDomainRule.EmailDomain;
5761 }
5762
5763 export namespace AccessDomainRule {
5764 export interface EmailDomain {
5765 /**
5766 * The email domain to match.
5767 */
5768 domain: string;
5769 }
5770 }
5771
5772 /**
5773 * Matches everyone.
5774 */
5775 export interface AccessEveryoneRule {
5776 /**
5777 * An empty object which matches on all users.
5778 */
5779 everyone: unknown;
5780 }
5781
5782 /**
5783 * Matches an IP address block.
5784 */
5785 export interface AccessIPRule {
5786 ip: AccessIPRule.IP;
5787 }
5788
5789 export namespace AccessIPRule {
5790 export interface IP {
5791 /**
5792 * An IPv4 or IPv6 CIDR block.
5793 */
5794 ip: string;
5795 }
5796 }
5797
5798 /**
5799 * Matches an IP address from a list.
5800 */
5801 export interface AccessIPListRule {
5802 ip_list: AccessIPListRule.IPList;
5803 }
5804
5805 export namespace AccessIPListRule {
5806 export interface IPList {
5807 /**
5808 * The ID of a previously created IP list.
5809 */
5810 id: string;
5811 }
5812 }
5813
5814 /**
5815 * Matches any valid client certificate.
5816 */
5817 export interface AccessCertificateRule {
5818 certificate: unknown;
5819 }
5820
5821 /**
5822 * Matches an Access group.
5823 */
5824 export interface AccessAccessGroupRule {
5825 group: AccessAccessGroupRule.Group;
5826 }
5827
5828 export namespace AccessAccessGroupRule {
5829 export interface Group {
5830 /**
5831 * The ID of a previously created Access group.
5832 */
5833 id: string;
5834 }
5835 }
5836
5837 /**
5838 * Matches an Azure group. Requires an Azure identity provider.
5839 */
5840 export interface AccessAzureGroupRule {
5841 azureAD: AccessAzureGroupRule.AzureAd;
5842 }
5843
5844 export namespace AccessAzureGroupRule {
5845 export interface AzureAd {
5846 /**
5847 * The ID of an Azure group.
5848 */
5849 id: string;
5850
5851 /**
5852 * The ID of your Azure identity provider.
5853 */
5854 connection_id: string;
5855 }
5856 }
5857
5858 /**
5859 * Matches a Github organization. Requires a Github identity provider.
5860 */
5861 export interface AccessGitHubOrganizationRule {
5862 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
5863 }
5864
5865 export namespace AccessGitHubOrganizationRule {
5866 export interface GitHubOrganization {
5867 /**
5868 * The ID of your Github identity provider.
5869 */
5870 connection_id: string;
5871
5872 /**
5873 * The name of the organization.
5874 */
5875 name: string;
5876 }
5877 }
5878
5879 /**
5880 * Matches a group in Google Workspace. Requires a Google Workspace identity
5881 * provider.
5882 */
5883 export interface AccessGsuiteGroupRule {
5884 gsuite: AccessGsuiteGroupRule.Gsuite;
5885 }
5886
5887 export namespace AccessGsuiteGroupRule {
5888 export interface Gsuite {
5889 /**
5890 * The ID of your Google Workspace identity provider.
5891 */
5892 connection_id: string;
5893
5894 /**
5895 * The email of the Google Workspace group.
5896 */
5897 email: string;
5898 }
5899 }
5900
5901 /**
5902 * Matches an Okta group. Requires an Okta identity provider.
5903 */
5904 export interface AccessOktaGroupRule {
5905 okta: AccessOktaGroupRule.Okta;
5906 }
5907
5908 export namespace AccessOktaGroupRule {
5909 export interface Okta {
5910 /**
5911 * The ID of your Okta identity provider.
5912 */
5913 connection_id: string;
5914
5915 /**
5916 * The email of the Okta group.
5917 */
5918 email: string;
5919 }
5920 }
5921
5922 /**
5923 * Matches a SAML group. Requires a SAML identity provider.
5924 */
5925 export interface AccessSamlGroupRule {
5926 saml: AccessSamlGroupRule.Saml;
5927 }
5928
5929 export namespace AccessSamlGroupRule {
5930 export interface Saml {
5931 /**
5932 * The name of the SAML attribute.
5933 */
5934 attribute_name: string;
5935
5936 /**
5937 * The SAML attribute value to look for.
5938 */
5939 attribute_value: string;
5940 }
5941 }
5942
5943 /**
5944 * Matches a specific Access Service Token
5945 */
5946 export interface AccessServiceTokenRule {
5947 service_token: AccessServiceTokenRule.ServiceToken;
5948 }
5949
5950 export namespace AccessServiceTokenRule {
5951 export interface ServiceToken {
5952 /**
5953 * The ID of a Service Token.
5954 */
5955 token_id: string;
5956 }
5957 }
5958
5959 /**
5960 * Matches any valid Access Service Token
5961 */
5962 export interface AccessAnyValidServiceTokenRule {
5963 /**
5964 * An empty object which matches on all service tokens.
5965 */
5966 any_valid_service_token: unknown;
5967 }
5968
5969 /**
5970 * Create Allow or Block policies which evaluate the user based on custom criteria.
5971 */
5972 export interface AccessExternalEvaluationRule {
5973 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
5974 }
5975
5976 export namespace AccessExternalEvaluationRule {
5977 export interface ExternalEvaluation {
5978 /**
5979 * The API endpoint containing your business logic.
5980 */
5981 evaluate_url: string;
5982
5983 /**
5984 * The API endpoint containing the key that Access uses to verify that the response
5985 * came from your API.
5986 */
5987 keys_url: string;
5988 }
5989 }
5990
5991 /**
5992 * Matches a specific country
5993 */
5994 export interface AccessCountryRule {
5995 geo: AccessCountryRule.Geo;
5996 }
5997
5998 export namespace AccessCountryRule {
5999 export interface Geo {
6000 /**
6001 * The country code that should be matched.
6002 */
6003 country_code: string;
6004 }
6005 }
6006
6007 /**
6008 * Enforce different MFA options
6009 */
6010 export interface AccessAuthenticationMethodRule {
6011 auth_method: AccessAuthenticationMethodRule.AuthMethod;
6012 }
6013
6014 export namespace AccessAuthenticationMethodRule {
6015 export interface AuthMethod {
6016 /**
6017 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
6018 */
6019 auth_method: string;
6020 }
6021 }
6022
6023 /**
6024 * Enforces a device posture rule has run successfully
6025 */
6026 export interface AccessDevicePostureRule {
6027 device_posture: AccessDevicePostureRule.DevicePosture;
6028 }
6029
6030 export namespace AccessDevicePostureRule {
6031 export interface DevicePosture {
6032 /**
6033 * The ID of a device posture integration.
6034 */
6035 integration_uid: string;
6036 }
6037 }
6038
6039 /**
6040 * Matches a specific email.
6041 */
6042 export interface AccessEmailRule {
6043 email: AccessEmailRule.Email;
6044 }
6045
6046 export namespace AccessEmailRule {
6047 export interface Email {
6048 /**
6049 * The email of the user.
6050 */
6051 email: string;
6052 }
6053 }
6054
6055 /**
6056 * Matches an email address from a list.
6057 */
6058 export interface AccessEmailListRule {
6059 email_list: AccessEmailListRule.EmailList;
6060 }
6061
6062 export namespace AccessEmailListRule {
6063 export interface EmailList {
6064 /**
6065 * The ID of a previously created email list.
6066 */
6067 id: string;
6068 }
6069 }
6070
6071 /**
6072 * Match an entire email domain.
6073 */
6074 export interface AccessDomainRule {
6075 email_domain: AccessDomainRule.EmailDomain;
6076 }
6077
6078 export namespace AccessDomainRule {
6079 export interface EmailDomain {
6080 /**
6081 * The email domain to match.
6082 */
6083 domain: string;
6084 }
6085 }
6086
6087 /**
6088 * Matches everyone.
6089 */
6090 export interface AccessEveryoneRule {
6091 /**
6092 * An empty object which matches on all users.
6093 */
6094 everyone: unknown;
6095 }
6096
6097 /**
6098 * Matches an IP address block.
6099 */
6100 export interface AccessIPRule {
6101 ip: AccessIPRule.IP;
6102 }
6103
6104 export namespace AccessIPRule {
6105 export interface IP {
6106 /**
6107 * An IPv4 or IPv6 CIDR block.
6108 */
6109 ip: string;
6110 }
6111 }
6112
6113 /**
6114 * Matches an IP address from a list.
6115 */
6116 export interface AccessIPListRule {
6117 ip_list: AccessIPListRule.IPList;
6118 }
6119
6120 export namespace AccessIPListRule {
6121 export interface IPList {
6122 /**
6123 * The ID of a previously created IP list.
6124 */
6125 id: string;
6126 }
6127 }
6128
6129 /**
6130 * Matches any valid client certificate.
6131 */
6132 export interface AccessCertificateRule {
6133 certificate: unknown;
6134 }
6135
6136 /**
6137 * Matches an Access group.
6138 */
6139 export interface AccessAccessGroupRule {
6140 group: AccessAccessGroupRule.Group;
6141 }
6142
6143 export namespace AccessAccessGroupRule {
6144 export interface Group {
6145 /**
6146 * The ID of a previously created Access group.
6147 */
6148 id: string;
6149 }
6150 }
6151
6152 /**
6153 * Matches an Azure group. Requires an Azure identity provider.
6154 */
6155 export interface AccessAzureGroupRule {
6156 azureAD: AccessAzureGroupRule.AzureAd;
6157 }
6158
6159 export namespace AccessAzureGroupRule {
6160 export interface AzureAd {
6161 /**
6162 * The ID of an Azure group.
6163 */
6164 id: string;
6165
6166 /**
6167 * The ID of your Azure identity provider.
6168 */
6169 connection_id: string;
6170 }
6171 }
6172
6173 /**
6174 * Matches a Github organization. Requires a Github identity provider.
6175 */
6176 export interface AccessGitHubOrganizationRule {
6177 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
6178 }
6179
6180 export namespace AccessGitHubOrganizationRule {
6181 export interface GitHubOrganization {
6182 /**
6183 * The ID of your Github identity provider.
6184 */
6185 connection_id: string;
6186
6187 /**
6188 * The name of the organization.
6189 */
6190 name: string;
6191 }
6192 }
6193
6194 /**
6195 * Matches a group in Google Workspace. Requires a Google Workspace identity
6196 * provider.
6197 */
6198 export interface AccessGsuiteGroupRule {
6199 gsuite: AccessGsuiteGroupRule.Gsuite;
6200 }
6201
6202 export namespace AccessGsuiteGroupRule {
6203 export interface Gsuite {
6204 /**
6205 * The ID of your Google Workspace identity provider.
6206 */
6207 connection_id: string;
6208
6209 /**
6210 * The email of the Google Workspace group.
6211 */
6212 email: string;
6213 }
6214 }
6215
6216 /**
6217 * Matches an Okta group. Requires an Okta identity provider.
6218 */
6219 export interface AccessOktaGroupRule {
6220 okta: AccessOktaGroupRule.Okta;
6221 }
6222
6223 export namespace AccessOktaGroupRule {
6224 export interface Okta {
6225 /**
6226 * The ID of your Okta identity provider.
6227 */
6228 connection_id: string;
6229
6230 /**
6231 * The email of the Okta group.
6232 */
6233 email: string;
6234 }
6235 }
6236
6237 /**
6238 * Matches a SAML group. Requires a SAML identity provider.
6239 */
6240 export interface AccessSamlGroupRule {
6241 saml: AccessSamlGroupRule.Saml;
6242 }
6243
6244 export namespace AccessSamlGroupRule {
6245 export interface Saml {
6246 /**
6247 * The name of the SAML attribute.
6248 */
6249 attribute_name: string;
6250
6251 /**
6252 * The SAML attribute value to look for.
6253 */
6254 attribute_value: string;
6255 }
6256 }
6257
6258 /**
6259 * Matches a specific Access Service Token
6260 */
6261 export interface AccessServiceTokenRule {
6262 service_token: AccessServiceTokenRule.ServiceToken;
6263 }
6264
6265 export namespace AccessServiceTokenRule {
6266 export interface ServiceToken {
6267 /**
6268 * The ID of a Service Token.
6269 */
6270 token_id: string;
6271 }
6272 }
6273
6274 /**
6275 * Matches any valid Access Service Token
6276 */
6277 export interface AccessAnyValidServiceTokenRule {
6278 /**
6279 * An empty object which matches on all service tokens.
6280 */
6281 any_valid_service_token: unknown;
6282 }
6283
6284 /**
6285 * Create Allow or Block policies which evaluate the user based on custom criteria.
6286 */
6287 export interface AccessExternalEvaluationRule {
6288 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
6289 }
6290
6291 export namespace AccessExternalEvaluationRule {
6292 export interface ExternalEvaluation {
6293 /**
6294 * The API endpoint containing your business logic.
6295 */
6296 evaluate_url: string;
6297
6298 /**
6299 * The API endpoint containing the key that Access uses to verify that the response
6300 * came from your API.
6301 */
6302 keys_url: string;
6303 }
6304 }
6305
6306 /**
6307 * Matches a specific country
6308 */
6309 export interface AccessCountryRule {
6310 geo: AccessCountryRule.Geo;
6311 }
6312
6313 export namespace AccessCountryRule {
6314 export interface Geo {
6315 /**
6316 * The country code that should be matched.
6317 */
6318 country_code: string;
6319 }
6320 }
6321
6322 /**
6323 * Enforce different MFA options
6324 */
6325 export interface AccessAuthenticationMethodRule {
6326 auth_method: AccessAuthenticationMethodRule.AuthMethod;
6327 }
6328
6329 export namespace AccessAuthenticationMethodRule {
6330 export interface AuthMethod {
6331 /**
6332 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
6333 */
6334 auth_method: string;
6335 }
6336 }
6337
6338 /**
6339 * Enforces a device posture rule has run successfully
6340 */
6341 export interface AccessDevicePostureRule {
6342 device_posture: AccessDevicePostureRule.DevicePosture;
6343 }
6344
6345 export namespace AccessDevicePostureRule {
6346 export interface DevicePosture {
6347 /**
6348 * The ID of a device posture integration.
6349 */
6350 integration_uid: string;
6351 }
6352 }
6353
6354 /**
6355 * Matches a specific email.
6356 */
6357 export interface AccessEmailRule {
6358 email: AccessEmailRule.Email;
6359 }
6360
6361 export namespace AccessEmailRule {
6362 export interface Email {
6363 /**
6364 * The email of the user.
6365 */
6366 email: string;
6367 }
6368 }
6369
6370 /**
6371 * Matches an email address from a list.
6372 */
6373 export interface AccessEmailListRule {
6374 email_list: AccessEmailListRule.EmailList;
6375 }
6376
6377 export namespace AccessEmailListRule {
6378 export interface EmailList {
6379 /**
6380 * The ID of a previously created email list.
6381 */
6382 id: string;
6383 }
6384 }
6385
6386 /**
6387 * Match an entire email domain.
6388 */
6389 export interface AccessDomainRule {
6390 email_domain: AccessDomainRule.EmailDomain;
6391 }
6392
6393 export namespace AccessDomainRule {
6394 export interface EmailDomain {
6395 /**
6396 * The email domain to match.
6397 */
6398 domain: string;
6399 }
6400 }
6401
6402 /**
6403 * Matches everyone.
6404 */
6405 export interface AccessEveryoneRule {
6406 /**
6407 * An empty object which matches on all users.
6408 */
6409 everyone: unknown;
6410 }
6411
6412 /**
6413 * Matches an IP address block.
6414 */
6415 export interface AccessIPRule {
6416 ip: AccessIPRule.IP;
6417 }
6418
6419 export namespace AccessIPRule {
6420 export interface IP {
6421 /**
6422 * An IPv4 or IPv6 CIDR block.
6423 */
6424 ip: string;
6425 }
6426 }
6427
6428 /**
6429 * Matches an IP address from a list.
6430 */
6431 export interface AccessIPListRule {
6432 ip_list: AccessIPListRule.IPList;
6433 }
6434
6435 export namespace AccessIPListRule {
6436 export interface IPList {
6437 /**
6438 * The ID of a previously created IP list.
6439 */
6440 id: string;
6441 }
6442 }
6443
6444 /**
6445 * Matches any valid client certificate.
6446 */
6447 export interface AccessCertificateRule {
6448 certificate: unknown;
6449 }
6450
6451 /**
6452 * Matches an Access group.
6453 */
6454 export interface AccessAccessGroupRule {
6455 group: AccessAccessGroupRule.Group;
6456 }
6457
6458 export namespace AccessAccessGroupRule {
6459 export interface Group {
6460 /**
6461 * The ID of a previously created Access group.
6462 */
6463 id: string;
6464 }
6465 }
6466
6467 /**
6468 * Matches an Azure group. Requires an Azure identity provider.
6469 */
6470 export interface AccessAzureGroupRule {
6471 azureAD: AccessAzureGroupRule.AzureAd;
6472 }
6473
6474 export namespace AccessAzureGroupRule {
6475 export interface AzureAd {
6476 /**
6477 * The ID of an Azure group.
6478 */
6479 id: string;
6480
6481 /**
6482 * The ID of your Azure identity provider.
6483 */
6484 connection_id: string;
6485 }
6486 }
6487
6488 /**
6489 * Matches a Github organization. Requires a Github identity provider.
6490 */
6491 export interface AccessGitHubOrganizationRule {
6492 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
6493 }
6494
6495 export namespace AccessGitHubOrganizationRule {
6496 export interface GitHubOrganization {
6497 /**
6498 * The ID of your Github identity provider.
6499 */
6500 connection_id: string;
6501
6502 /**
6503 * The name of the organization.
6504 */
6505 name: string;
6506 }
6507 }
6508
6509 /**
6510 * Matches a group in Google Workspace. Requires a Google Workspace identity
6511 * provider.
6512 */
6513 export interface AccessGsuiteGroupRule {
6514 gsuite: AccessGsuiteGroupRule.Gsuite;
6515 }
6516
6517 export namespace AccessGsuiteGroupRule {
6518 export interface Gsuite {
6519 /**
6520 * The ID of your Google Workspace identity provider.
6521 */
6522 connection_id: string;
6523
6524 /**
6525 * The email of the Google Workspace group.
6526 */
6527 email: string;
6528 }
6529 }
6530
6531 /**
6532 * Matches an Okta group. Requires an Okta identity provider.
6533 */
6534 export interface AccessOktaGroupRule {
6535 okta: AccessOktaGroupRule.Okta;
6536 }
6537
6538 export namespace AccessOktaGroupRule {
6539 export interface Okta {
6540 /**
6541 * The ID of your Okta identity provider.
6542 */
6543 connection_id: string;
6544
6545 /**
6546 * The email of the Okta group.
6547 */
6548 email: string;
6549 }
6550 }
6551
6552 /**
6553 * Matches a SAML group. Requires a SAML identity provider.
6554 */
6555 export interface AccessSamlGroupRule {
6556 saml: AccessSamlGroupRule.Saml;
6557 }
6558
6559 export namespace AccessSamlGroupRule {
6560 export interface Saml {
6561 /**
6562 * The name of the SAML attribute.
6563 */
6564 attribute_name: string;
6565
6566 /**
6567 * The SAML attribute value to look for.
6568 */
6569 attribute_value: string;
6570 }
6571 }
6572
6573 /**
6574 * Matches a specific Access Service Token
6575 */
6576 export interface AccessServiceTokenRule {
6577 service_token: AccessServiceTokenRule.ServiceToken;
6578 }
6579
6580 export namespace AccessServiceTokenRule {
6581 export interface ServiceToken {
6582 /**
6583 * The ID of a Service Token.
6584 */
6585 token_id: string;
6586 }
6587 }
6588
6589 /**
6590 * Matches any valid Access Service Token
6591 */
6592 export interface AccessAnyValidServiceTokenRule {
6593 /**
6594 * An empty object which matches on all service tokens.
6595 */
6596 any_valid_service_token: unknown;
6597 }
6598
6599 /**
6600 * Create Allow or Block policies which evaluate the user based on custom criteria.
6601 */
6602 export interface AccessExternalEvaluationRule {
6603 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
6604 }
6605
6606 export namespace AccessExternalEvaluationRule {
6607 export interface ExternalEvaluation {
6608 /**
6609 * The API endpoint containing your business logic.
6610 */
6611 evaluate_url: string;
6612
6613 /**
6614 * The API endpoint containing the key that Access uses to verify that the response
6615 * came from your API.
6616 */
6617 keys_url: string;
6618 }
6619 }
6620
6621 /**
6622 * Matches a specific country
6623 */
6624 export interface AccessCountryRule {
6625 geo: AccessCountryRule.Geo;
6626 }
6627
6628 export namespace AccessCountryRule {
6629 export interface Geo {
6630 /**
6631 * The country code that should be matched.
6632 */
6633 country_code: string;
6634 }
6635 }
6636
6637 /**
6638 * Enforce different MFA options
6639 */
6640 export interface AccessAuthenticationMethodRule {
6641 auth_method: AccessAuthenticationMethodRule.AuthMethod;
6642 }
6643
6644 export namespace AccessAuthenticationMethodRule {
6645 export interface AuthMethod {
6646 /**
6647 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
6648 */
6649 auth_method: string;
6650 }
6651 }
6652
6653 /**
6654 * Enforces a device posture rule has run successfully
6655 */
6656 export interface AccessDevicePostureRule {
6657 device_posture: AccessDevicePostureRule.DevicePosture;
6658 }
6659
6660 export namespace AccessDevicePostureRule {
6661 export interface DevicePosture {
6662 /**
6663 * The ID of a device posture integration.
6664 */
6665 integration_uid: string;
6666 }
6667 }
6668}
6669
6670export interface GroupAccessGroupsCreateAnAccessGroupParams {
6671 /**
6672 * Rules evaluated with an OR logical operator. A user needs to meet only one of
6673 * the Include rules.
6674 */
6675 include: Array<
6676 | GroupAccessGroupsCreateAnAccessGroupParams.AccessEmailRule
6677 | GroupAccessGroupsCreateAnAccessGroupParams.AccessEmailListRule
6678 | GroupAccessGroupsCreateAnAccessGroupParams.AccessDomainRule
6679 | GroupAccessGroupsCreateAnAccessGroupParams.AccessEveryoneRule
6680 | GroupAccessGroupsCreateAnAccessGroupParams.AccessIPRule
6681 | GroupAccessGroupsCreateAnAccessGroupParams.AccessIPListRule
6682 | GroupAccessGroupsCreateAnAccessGroupParams.AccessCertificateRule
6683 | GroupAccessGroupsCreateAnAccessGroupParams.AccessAccessGroupRule
6684 | GroupAccessGroupsCreateAnAccessGroupParams.AccessAzureGroupRule
6685 | GroupAccessGroupsCreateAnAccessGroupParams.AccessGitHubOrganizationRule
6686 | GroupAccessGroupsCreateAnAccessGroupParams.AccessGsuiteGroupRule
6687 | GroupAccessGroupsCreateAnAccessGroupParams.AccessOktaGroupRule
6688 | GroupAccessGroupsCreateAnAccessGroupParams.AccessSamlGroupRule
6689 | GroupAccessGroupsCreateAnAccessGroupParams.AccessServiceTokenRule
6690 | GroupAccessGroupsCreateAnAccessGroupParams.AccessAnyValidServiceTokenRule
6691 | GroupAccessGroupsCreateAnAccessGroupParams.AccessExternalEvaluationRule
6692 | GroupAccessGroupsCreateAnAccessGroupParams.AccessCountryRule
6693 | GroupAccessGroupsCreateAnAccessGroupParams.AccessAuthenticationMethodRule
6694 | GroupAccessGroupsCreateAnAccessGroupParams.AccessDevicePostureRule
6695 >;
6696
6697 /**
6698 * The name of the Access group.
6699 */
6700 name: string;
6701
6702 /**
6703 * Rules evaluated with a NOT logical operator. To match a policy, a user cannot
6704 * meet any of the Exclude rules.
6705 */
6706 exclude?: Array<
6707 | GroupAccessGroupsCreateAnAccessGroupParams.AccessEmailRule
6708 | GroupAccessGroupsCreateAnAccessGroupParams.AccessEmailListRule
6709 | GroupAccessGroupsCreateAnAccessGroupParams.AccessDomainRule
6710 | GroupAccessGroupsCreateAnAccessGroupParams.AccessEveryoneRule
6711 | GroupAccessGroupsCreateAnAccessGroupParams.AccessIPRule
6712 | GroupAccessGroupsCreateAnAccessGroupParams.AccessIPListRule
6713 | GroupAccessGroupsCreateAnAccessGroupParams.AccessCertificateRule
6714 | GroupAccessGroupsCreateAnAccessGroupParams.AccessAccessGroupRule
6715 | GroupAccessGroupsCreateAnAccessGroupParams.AccessAzureGroupRule
6716 | GroupAccessGroupsCreateAnAccessGroupParams.AccessGitHubOrganizationRule
6717 | GroupAccessGroupsCreateAnAccessGroupParams.AccessGsuiteGroupRule
6718 | GroupAccessGroupsCreateAnAccessGroupParams.AccessOktaGroupRule
6719 | GroupAccessGroupsCreateAnAccessGroupParams.AccessSamlGroupRule
6720 | GroupAccessGroupsCreateAnAccessGroupParams.AccessServiceTokenRule
6721 | GroupAccessGroupsCreateAnAccessGroupParams.AccessAnyValidServiceTokenRule
6722 | GroupAccessGroupsCreateAnAccessGroupParams.AccessExternalEvaluationRule
6723 | GroupAccessGroupsCreateAnAccessGroupParams.AccessCountryRule
6724 | GroupAccessGroupsCreateAnAccessGroupParams.AccessAuthenticationMethodRule
6725 | GroupAccessGroupsCreateAnAccessGroupParams.AccessDevicePostureRule
6726 >;
6727
6728 /**
6729 * Whether this is the default group
6730 */
6731 is_default?: boolean;
6732
6733 /**
6734 * Rules evaluated with an AND logical operator. To match a policy, a user must
6735 * meet all of the Require rules.
6736 */
6737 require?: Array<
6738 | GroupAccessGroupsCreateAnAccessGroupParams.AccessEmailRule
6739 | GroupAccessGroupsCreateAnAccessGroupParams.AccessEmailListRule
6740 | GroupAccessGroupsCreateAnAccessGroupParams.AccessDomainRule
6741 | GroupAccessGroupsCreateAnAccessGroupParams.AccessEveryoneRule
6742 | GroupAccessGroupsCreateAnAccessGroupParams.AccessIPRule
6743 | GroupAccessGroupsCreateAnAccessGroupParams.AccessIPListRule
6744 | GroupAccessGroupsCreateAnAccessGroupParams.AccessCertificateRule
6745 | GroupAccessGroupsCreateAnAccessGroupParams.AccessAccessGroupRule
6746 | GroupAccessGroupsCreateAnAccessGroupParams.AccessAzureGroupRule
6747 | GroupAccessGroupsCreateAnAccessGroupParams.AccessGitHubOrganizationRule
6748 | GroupAccessGroupsCreateAnAccessGroupParams.AccessGsuiteGroupRule
6749 | GroupAccessGroupsCreateAnAccessGroupParams.AccessOktaGroupRule
6750 | GroupAccessGroupsCreateAnAccessGroupParams.AccessSamlGroupRule
6751 | GroupAccessGroupsCreateAnAccessGroupParams.AccessServiceTokenRule
6752 | GroupAccessGroupsCreateAnAccessGroupParams.AccessAnyValidServiceTokenRule
6753 | GroupAccessGroupsCreateAnAccessGroupParams.AccessExternalEvaluationRule
6754 | GroupAccessGroupsCreateAnAccessGroupParams.AccessCountryRule
6755 | GroupAccessGroupsCreateAnAccessGroupParams.AccessAuthenticationMethodRule
6756 | GroupAccessGroupsCreateAnAccessGroupParams.AccessDevicePostureRule
6757 >;
6758}
6759
6760export namespace GroupAccessGroupsCreateAnAccessGroupParams {
6761 /**
6762 * Matches a specific email.
6763 */
6764 export interface AccessEmailRule {
6765 email: AccessEmailRule.Email;
6766 }
6767
6768 export namespace AccessEmailRule {
6769 export interface Email {
6770 /**
6771 * The email of the user.
6772 */
6773 email: string;
6774 }
6775 }
6776
6777 /**
6778 * Matches an email address from a list.
6779 */
6780 export interface AccessEmailListRule {
6781 email_list: AccessEmailListRule.EmailList;
6782 }
6783
6784 export namespace AccessEmailListRule {
6785 export interface EmailList {
6786 /**
6787 * The ID of a previously created email list.
6788 */
6789 id: string;
6790 }
6791 }
6792
6793 /**
6794 * Match an entire email domain.
6795 */
6796 export interface AccessDomainRule {
6797 email_domain: AccessDomainRule.EmailDomain;
6798 }
6799
6800 export namespace AccessDomainRule {
6801 export interface EmailDomain {
6802 /**
6803 * The email domain to match.
6804 */
6805 domain: string;
6806 }
6807 }
6808
6809 /**
6810 * Matches everyone.
6811 */
6812 export interface AccessEveryoneRule {
6813 /**
6814 * An empty object which matches on all users.
6815 */
6816 everyone: unknown;
6817 }
6818
6819 /**
6820 * Matches an IP address block.
6821 */
6822 export interface AccessIPRule {
6823 ip: AccessIPRule.IP;
6824 }
6825
6826 export namespace AccessIPRule {
6827 export interface IP {
6828 /**
6829 * An IPv4 or IPv6 CIDR block.
6830 */
6831 ip: string;
6832 }
6833 }
6834
6835 /**
6836 * Matches an IP address from a list.
6837 */
6838 export interface AccessIPListRule {
6839 ip_list: AccessIPListRule.IPList;
6840 }
6841
6842 export namespace AccessIPListRule {
6843 export interface IPList {
6844 /**
6845 * The ID of a previously created IP list.
6846 */
6847 id: string;
6848 }
6849 }
6850
6851 /**
6852 * Matches any valid client certificate.
6853 */
6854 export interface AccessCertificateRule {
6855 certificate: unknown;
6856 }
6857
6858 /**
6859 * Matches an Access group.
6860 */
6861 export interface AccessAccessGroupRule {
6862 group: AccessAccessGroupRule.Group;
6863 }
6864
6865 export namespace AccessAccessGroupRule {
6866 export interface Group {
6867 /**
6868 * The ID of a previously created Access group.
6869 */
6870 id: string;
6871 }
6872 }
6873
6874 /**
6875 * Matches an Azure group. Requires an Azure identity provider.
6876 */
6877 export interface AccessAzureGroupRule {
6878 azureAD: AccessAzureGroupRule.AzureAd;
6879 }
6880
6881 export namespace AccessAzureGroupRule {
6882 export interface AzureAd {
6883 /**
6884 * The ID of an Azure group.
6885 */
6886 id: string;
6887
6888 /**
6889 * The ID of your Azure identity provider.
6890 */
6891 connection_id: string;
6892 }
6893 }
6894
6895 /**
6896 * Matches a Github organization. Requires a Github identity provider.
6897 */
6898 export interface AccessGitHubOrganizationRule {
6899 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
6900 }
6901
6902 export namespace AccessGitHubOrganizationRule {
6903 export interface GitHubOrganization {
6904 /**
6905 * The ID of your Github identity provider.
6906 */
6907 connection_id: string;
6908
6909 /**
6910 * The name of the organization.
6911 */
6912 name: string;
6913 }
6914 }
6915
6916 /**
6917 * Matches a group in Google Workspace. Requires a Google Workspace identity
6918 * provider.
6919 */
6920 export interface AccessGsuiteGroupRule {
6921 gsuite: AccessGsuiteGroupRule.Gsuite;
6922 }
6923
6924 export namespace AccessGsuiteGroupRule {
6925 export interface Gsuite {
6926 /**
6927 * The ID of your Google Workspace identity provider.
6928 */
6929 connection_id: string;
6930
6931 /**
6932 * The email of the Google Workspace group.
6933 */
6934 email: string;
6935 }
6936 }
6937
6938 /**
6939 * Matches an Okta group. Requires an Okta identity provider.
6940 */
6941 export interface AccessOktaGroupRule {
6942 okta: AccessOktaGroupRule.Okta;
6943 }
6944
6945 export namespace AccessOktaGroupRule {
6946 export interface Okta {
6947 /**
6948 * The ID of your Okta identity provider.
6949 */
6950 connection_id: string;
6951
6952 /**
6953 * The email of the Okta group.
6954 */
6955 email: string;
6956 }
6957 }
6958
6959 /**
6960 * Matches a SAML group. Requires a SAML identity provider.
6961 */
6962 export interface AccessSamlGroupRule {
6963 saml: AccessSamlGroupRule.Saml;
6964 }
6965
6966 export namespace AccessSamlGroupRule {
6967 export interface Saml {
6968 /**
6969 * The name of the SAML attribute.
6970 */
6971 attribute_name: string;
6972
6973 /**
6974 * The SAML attribute value to look for.
6975 */
6976 attribute_value: string;
6977 }
6978 }
6979
6980 /**
6981 * Matches a specific Access Service Token
6982 */
6983 export interface AccessServiceTokenRule {
6984 service_token: AccessServiceTokenRule.ServiceToken;
6985 }
6986
6987 export namespace AccessServiceTokenRule {
6988 export interface ServiceToken {
6989 /**
6990 * The ID of a Service Token.
6991 */
6992 token_id: string;
6993 }
6994 }
6995
6996 /**
6997 * Matches any valid Access Service Token
6998 */
6999 export interface AccessAnyValidServiceTokenRule {
7000 /**
7001 * An empty object which matches on all service tokens.
7002 */
7003 any_valid_service_token: unknown;
7004 }
7005
7006 /**
7007 * Create Allow or Block policies which evaluate the user based on custom criteria.
7008 */
7009 export interface AccessExternalEvaluationRule {
7010 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
7011 }
7012
7013 export namespace AccessExternalEvaluationRule {
7014 export interface ExternalEvaluation {
7015 /**
7016 * The API endpoint containing your business logic.
7017 */
7018 evaluate_url: string;
7019
7020 /**
7021 * The API endpoint containing the key that Access uses to verify that the response
7022 * came from your API.
7023 */
7024 keys_url: string;
7025 }
7026 }
7027
7028 /**
7029 * Matches a specific country
7030 */
7031 export interface AccessCountryRule {
7032 geo: AccessCountryRule.Geo;
7033 }
7034
7035 export namespace AccessCountryRule {
7036 export interface Geo {
7037 /**
7038 * The country code that should be matched.
7039 */
7040 country_code: string;
7041 }
7042 }
7043
7044 /**
7045 * Enforce different MFA options
7046 */
7047 export interface AccessAuthenticationMethodRule {
7048 auth_method: AccessAuthenticationMethodRule.AuthMethod;
7049 }
7050
7051 export namespace AccessAuthenticationMethodRule {
7052 export interface AuthMethod {
7053 /**
7054 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
7055 */
7056 auth_method: string;
7057 }
7058 }
7059
7060 /**
7061 * Enforces a device posture rule has run successfully
7062 */
7063 export interface AccessDevicePostureRule {
7064 device_posture: AccessDevicePostureRule.DevicePosture;
7065 }
7066
7067 export namespace AccessDevicePostureRule {
7068 export interface DevicePosture {
7069 /**
7070 * The ID of a device posture integration.
7071 */
7072 integration_uid: string;
7073 }
7074 }
7075
7076 /**
7077 * Matches a specific email.
7078 */
7079 export interface AccessEmailRule {
7080 email: AccessEmailRule.Email;
7081 }
7082
7083 export namespace AccessEmailRule {
7084 export interface Email {
7085 /**
7086 * The email of the user.
7087 */
7088 email: string;
7089 }
7090 }
7091
7092 /**
7093 * Matches an email address from a list.
7094 */
7095 export interface AccessEmailListRule {
7096 email_list: AccessEmailListRule.EmailList;
7097 }
7098
7099 export namespace AccessEmailListRule {
7100 export interface EmailList {
7101 /**
7102 * The ID of a previously created email list.
7103 */
7104 id: string;
7105 }
7106 }
7107
7108 /**
7109 * Match an entire email domain.
7110 */
7111 export interface AccessDomainRule {
7112 email_domain: AccessDomainRule.EmailDomain;
7113 }
7114
7115 export namespace AccessDomainRule {
7116 export interface EmailDomain {
7117 /**
7118 * The email domain to match.
7119 */
7120 domain: string;
7121 }
7122 }
7123
7124 /**
7125 * Matches everyone.
7126 */
7127 export interface AccessEveryoneRule {
7128 /**
7129 * An empty object which matches on all users.
7130 */
7131 everyone: unknown;
7132 }
7133
7134 /**
7135 * Matches an IP address block.
7136 */
7137 export interface AccessIPRule {
7138 ip: AccessIPRule.IP;
7139 }
7140
7141 export namespace AccessIPRule {
7142 export interface IP {
7143 /**
7144 * An IPv4 or IPv6 CIDR block.
7145 */
7146 ip: string;
7147 }
7148 }
7149
7150 /**
7151 * Matches an IP address from a list.
7152 */
7153 export interface AccessIPListRule {
7154 ip_list: AccessIPListRule.IPList;
7155 }
7156
7157 export namespace AccessIPListRule {
7158 export interface IPList {
7159 /**
7160 * The ID of a previously created IP list.
7161 */
7162 id: string;
7163 }
7164 }
7165
7166 /**
7167 * Matches any valid client certificate.
7168 */
7169 export interface AccessCertificateRule {
7170 certificate: unknown;
7171 }
7172
7173 /**
7174 * Matches an Access group.
7175 */
7176 export interface AccessAccessGroupRule {
7177 group: AccessAccessGroupRule.Group;
7178 }
7179
7180 export namespace AccessAccessGroupRule {
7181 export interface Group {
7182 /**
7183 * The ID of a previously created Access group.
7184 */
7185 id: string;
7186 }
7187 }
7188
7189 /**
7190 * Matches an Azure group. Requires an Azure identity provider.
7191 */
7192 export interface AccessAzureGroupRule {
7193 azureAD: AccessAzureGroupRule.AzureAd;
7194 }
7195
7196 export namespace AccessAzureGroupRule {
7197 export interface AzureAd {
7198 /**
7199 * The ID of an Azure group.
7200 */
7201 id: string;
7202
7203 /**
7204 * The ID of your Azure identity provider.
7205 */
7206 connection_id: string;
7207 }
7208 }
7209
7210 /**
7211 * Matches a Github organization. Requires a Github identity provider.
7212 */
7213 export interface AccessGitHubOrganizationRule {
7214 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
7215 }
7216
7217 export namespace AccessGitHubOrganizationRule {
7218 export interface GitHubOrganization {
7219 /**
7220 * The ID of your Github identity provider.
7221 */
7222 connection_id: string;
7223
7224 /**
7225 * The name of the organization.
7226 */
7227 name: string;
7228 }
7229 }
7230
7231 /**
7232 * Matches a group in Google Workspace. Requires a Google Workspace identity
7233 * provider.
7234 */
7235 export interface AccessGsuiteGroupRule {
7236 gsuite: AccessGsuiteGroupRule.Gsuite;
7237 }
7238
7239 export namespace AccessGsuiteGroupRule {
7240 export interface Gsuite {
7241 /**
7242 * The ID of your Google Workspace identity provider.
7243 */
7244 connection_id: string;
7245
7246 /**
7247 * The email of the Google Workspace group.
7248 */
7249 email: string;
7250 }
7251 }
7252
7253 /**
7254 * Matches an Okta group. Requires an Okta identity provider.
7255 */
7256 export interface AccessOktaGroupRule {
7257 okta: AccessOktaGroupRule.Okta;
7258 }
7259
7260 export namespace AccessOktaGroupRule {
7261 export interface Okta {
7262 /**
7263 * The ID of your Okta identity provider.
7264 */
7265 connection_id: string;
7266
7267 /**
7268 * The email of the Okta group.
7269 */
7270 email: string;
7271 }
7272 }
7273
7274 /**
7275 * Matches a SAML group. Requires a SAML identity provider.
7276 */
7277 export interface AccessSamlGroupRule {
7278 saml: AccessSamlGroupRule.Saml;
7279 }
7280
7281 export namespace AccessSamlGroupRule {
7282 export interface Saml {
7283 /**
7284 * The name of the SAML attribute.
7285 */
7286 attribute_name: string;
7287
7288 /**
7289 * The SAML attribute value to look for.
7290 */
7291 attribute_value: string;
7292 }
7293 }
7294
7295 /**
7296 * Matches a specific Access Service Token
7297 */
7298 export interface AccessServiceTokenRule {
7299 service_token: AccessServiceTokenRule.ServiceToken;
7300 }
7301
7302 export namespace AccessServiceTokenRule {
7303 export interface ServiceToken {
7304 /**
7305 * The ID of a Service Token.
7306 */
7307 token_id: string;
7308 }
7309 }
7310
7311 /**
7312 * Matches any valid Access Service Token
7313 */
7314 export interface AccessAnyValidServiceTokenRule {
7315 /**
7316 * An empty object which matches on all service tokens.
7317 */
7318 any_valid_service_token: unknown;
7319 }
7320
7321 /**
7322 * Create Allow or Block policies which evaluate the user based on custom criteria.
7323 */
7324 export interface AccessExternalEvaluationRule {
7325 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
7326 }
7327
7328 export namespace AccessExternalEvaluationRule {
7329 export interface ExternalEvaluation {
7330 /**
7331 * The API endpoint containing your business logic.
7332 */
7333 evaluate_url: string;
7334
7335 /**
7336 * The API endpoint containing the key that Access uses to verify that the response
7337 * came from your API.
7338 */
7339 keys_url: string;
7340 }
7341 }
7342
7343 /**
7344 * Matches a specific country
7345 */
7346 export interface AccessCountryRule {
7347 geo: AccessCountryRule.Geo;
7348 }
7349
7350 export namespace AccessCountryRule {
7351 export interface Geo {
7352 /**
7353 * The country code that should be matched.
7354 */
7355 country_code: string;
7356 }
7357 }
7358
7359 /**
7360 * Enforce different MFA options
7361 */
7362 export interface AccessAuthenticationMethodRule {
7363 auth_method: AccessAuthenticationMethodRule.AuthMethod;
7364 }
7365
7366 export namespace AccessAuthenticationMethodRule {
7367 export interface AuthMethod {
7368 /**
7369 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
7370 */
7371 auth_method: string;
7372 }
7373 }
7374
7375 /**
7376 * Enforces a device posture rule has run successfully
7377 */
7378 export interface AccessDevicePostureRule {
7379 device_posture: AccessDevicePostureRule.DevicePosture;
7380 }
7381
7382 export namespace AccessDevicePostureRule {
7383 export interface DevicePosture {
7384 /**
7385 * The ID of a device posture integration.
7386 */
7387 integration_uid: string;
7388 }
7389 }
7390
7391 /**
7392 * Matches a specific email.
7393 */
7394 export interface AccessEmailRule {
7395 email: AccessEmailRule.Email;
7396 }
7397
7398 export namespace AccessEmailRule {
7399 export interface Email {
7400 /**
7401 * The email of the user.
7402 */
7403 email: string;
7404 }
7405 }
7406
7407 /**
7408 * Matches an email address from a list.
7409 */
7410 export interface AccessEmailListRule {
7411 email_list: AccessEmailListRule.EmailList;
7412 }
7413
7414 export namespace AccessEmailListRule {
7415 export interface EmailList {
7416 /**
7417 * The ID of a previously created email list.
7418 */
7419 id: string;
7420 }
7421 }
7422
7423 /**
7424 * Match an entire email domain.
7425 */
7426 export interface AccessDomainRule {
7427 email_domain: AccessDomainRule.EmailDomain;
7428 }
7429
7430 export namespace AccessDomainRule {
7431 export interface EmailDomain {
7432 /**
7433 * The email domain to match.
7434 */
7435 domain: string;
7436 }
7437 }
7438
7439 /**
7440 * Matches everyone.
7441 */
7442 export interface AccessEveryoneRule {
7443 /**
7444 * An empty object which matches on all users.
7445 */
7446 everyone: unknown;
7447 }
7448
7449 /**
7450 * Matches an IP address block.
7451 */
7452 export interface AccessIPRule {
7453 ip: AccessIPRule.IP;
7454 }
7455
7456 export namespace AccessIPRule {
7457 export interface IP {
7458 /**
7459 * An IPv4 or IPv6 CIDR block.
7460 */
7461 ip: string;
7462 }
7463 }
7464
7465 /**
7466 * Matches an IP address from a list.
7467 */
7468 export interface AccessIPListRule {
7469 ip_list: AccessIPListRule.IPList;
7470 }
7471
7472 export namespace AccessIPListRule {
7473 export interface IPList {
7474 /**
7475 * The ID of a previously created IP list.
7476 */
7477 id: string;
7478 }
7479 }
7480
7481 /**
7482 * Matches any valid client certificate.
7483 */
7484 export interface AccessCertificateRule {
7485 certificate: unknown;
7486 }
7487
7488 /**
7489 * Matches an Access group.
7490 */
7491 export interface AccessAccessGroupRule {
7492 group: AccessAccessGroupRule.Group;
7493 }
7494
7495 export namespace AccessAccessGroupRule {
7496 export interface Group {
7497 /**
7498 * The ID of a previously created Access group.
7499 */
7500 id: string;
7501 }
7502 }
7503
7504 /**
7505 * Matches an Azure group. Requires an Azure identity provider.
7506 */
7507 export interface AccessAzureGroupRule {
7508 azureAD: AccessAzureGroupRule.AzureAd;
7509 }
7510
7511 export namespace AccessAzureGroupRule {
7512 export interface AzureAd {
7513 /**
7514 * The ID of an Azure group.
7515 */
7516 id: string;
7517
7518 /**
7519 * The ID of your Azure identity provider.
7520 */
7521 connection_id: string;
7522 }
7523 }
7524
7525 /**
7526 * Matches a Github organization. Requires a Github identity provider.
7527 */
7528 export interface AccessGitHubOrganizationRule {
7529 'github-organization': AccessGitHubOrganizationRule.GitHubOrganization;
7530 }
7531
7532 export namespace AccessGitHubOrganizationRule {
7533 export interface GitHubOrganization {
7534 /**
7535 * The ID of your Github identity provider.
7536 */
7537 connection_id: string;
7538
7539 /**
7540 * The name of the organization.
7541 */
7542 name: string;
7543 }
7544 }
7545
7546 /**
7547 * Matches a group in Google Workspace. Requires a Google Workspace identity
7548 * provider.
7549 */
7550 export interface AccessGsuiteGroupRule {
7551 gsuite: AccessGsuiteGroupRule.Gsuite;
7552 }
7553
7554 export namespace AccessGsuiteGroupRule {
7555 export interface Gsuite {
7556 /**
7557 * The ID of your Google Workspace identity provider.
7558 */
7559 connection_id: string;
7560
7561 /**
7562 * The email of the Google Workspace group.
7563 */
7564 email: string;
7565 }
7566 }
7567
7568 /**
7569 * Matches an Okta group. Requires an Okta identity provider.
7570 */
7571 export interface AccessOktaGroupRule {
7572 okta: AccessOktaGroupRule.Okta;
7573 }
7574
7575 export namespace AccessOktaGroupRule {
7576 export interface Okta {
7577 /**
7578 * The ID of your Okta identity provider.
7579 */
7580 connection_id: string;
7581
7582 /**
7583 * The email of the Okta group.
7584 */
7585 email: string;
7586 }
7587 }
7588
7589 /**
7590 * Matches a SAML group. Requires a SAML identity provider.
7591 */
7592 export interface AccessSamlGroupRule {
7593 saml: AccessSamlGroupRule.Saml;
7594 }
7595
7596 export namespace AccessSamlGroupRule {
7597 export interface Saml {
7598 /**
7599 * The name of the SAML attribute.
7600 */
7601 attribute_name: string;
7602
7603 /**
7604 * The SAML attribute value to look for.
7605 */
7606 attribute_value: string;
7607 }
7608 }
7609
7610 /**
7611 * Matches a specific Access Service Token
7612 */
7613 export interface AccessServiceTokenRule {
7614 service_token: AccessServiceTokenRule.ServiceToken;
7615 }
7616
7617 export namespace AccessServiceTokenRule {
7618 export interface ServiceToken {
7619 /**
7620 * The ID of a Service Token.
7621 */
7622 token_id: string;
7623 }
7624 }
7625
7626 /**
7627 * Matches any valid Access Service Token
7628 */
7629 export interface AccessAnyValidServiceTokenRule {
7630 /**
7631 * An empty object which matches on all service tokens.
7632 */
7633 any_valid_service_token: unknown;
7634 }
7635
7636 /**
7637 * Create Allow or Block policies which evaluate the user based on custom criteria.
7638 */
7639 export interface AccessExternalEvaluationRule {
7640 external_evaluation: AccessExternalEvaluationRule.ExternalEvaluation;
7641 }
7642
7643 export namespace AccessExternalEvaluationRule {
7644 export interface ExternalEvaluation {
7645 /**
7646 * The API endpoint containing your business logic.
7647 */
7648 evaluate_url: string;
7649
7650 /**
7651 * The API endpoint containing the key that Access uses to verify that the response
7652 * came from your API.
7653 */
7654 keys_url: string;
7655 }
7656 }
7657
7658 /**
7659 * Matches a specific country
7660 */
7661 export interface AccessCountryRule {
7662 geo: AccessCountryRule.Geo;
7663 }
7664
7665 export namespace AccessCountryRule {
7666 export interface Geo {
7667 /**
7668 * The country code that should be matched.
7669 */
7670 country_code: string;
7671 }
7672 }
7673
7674 /**
7675 * Enforce different MFA options
7676 */
7677 export interface AccessAuthenticationMethodRule {
7678 auth_method: AccessAuthenticationMethodRule.AuthMethod;
7679 }
7680
7681 export namespace AccessAuthenticationMethodRule {
7682 export interface AuthMethod {
7683 /**
7684 * The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.
7685 */
7686 auth_method: string;
7687 }
7688 }
7689
7690 /**
7691 * Enforces a device posture rule has run successfully
7692 */
7693 export interface AccessDevicePostureRule {
7694 device_posture: AccessDevicePostureRule.DevicePosture;
7695 }
7696
7697 export namespace AccessDevicePostureRule {
7698 export interface DevicePosture {
7699 /**
7700 * The ID of a device posture integration.
7701 */
7702 integration_uid: string;
7703 }
7704 }
7705}
7706
7707export namespace Groups {
7708 export import GroupRetrieveResponse = GroupsAPI.GroupRetrieveResponse;
7709 export import GroupUpdateResponse = GroupsAPI.GroupUpdateResponse;
7710 export import GroupDeleteResponse = GroupsAPI.GroupDeleteResponse;
7711 export import GroupAccessGroupsCreateAnAccessGroupResponse = GroupsAPI.GroupAccessGroupsCreateAnAccessGroupResponse;
7712 export import GroupAccessGroupsListAccessGroupsResponse = GroupsAPI.GroupAccessGroupsListAccessGroupsResponse;
7713 export import GroupUpdateParams = GroupsAPI.GroupUpdateParams;
7714 export import GroupAccessGroupsCreateAnAccessGroupParams = GroupsAPI.GroupAccessGroupsCreateAnAccessGroupParams;
7715}
7716