Fetches a single Access policy.
/accounts/{identifier}/access/apps/{uuid1}/policies/{uuid}
get
Access policies
access-policies-get-an-access-policy
nullnull[
{
"in": "path",
"name": "uuid",
"required": true,
"schema": {
"description": "UUID",
"example": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"maxLength": 36,
"readOnly": true,
"type": "string"
}
},
{
"in": "path",
"name": "uuid1",
"required": true,
"schema": {
"description": "UUID",
"example": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"maxLength": 36,
"readOnly": true,
"type": "string"
}
},
{
"in": "path",
"name": "identifier",
"required": true,
"schema": {
"description": "Identifier",
"example": "023e105f4ecef8ad9ca31a8372d0c353",
"maxLength": 32,
"readOnly": true,
"type": "string"
}
}
]null{
"200": {
"content": {
"application/json": {
"schema": {
"allOf": [
{
"allOf": [
{
"properties": {
"errors": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"messages": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"result": {
"anyOf": [
{
"type": "object"
},
{
"items": {},
"type": "array"
},
{
"type": "string"
}
]
},
"success": {
"description": "Whether the API call was successful",
"enum": [
true
],
"example": true,
"type": "boolean"
}
},
"required": [
"success",
"errors",
"messages",
"result"
],
"type": "object"
},
{
"properties": {
"result": {
"anyOf": [
{
"type": "object"
},
{
"type": "string"
}
]
}
}
}
],
"type": "object"
},
{
"properties": {
"result": {
"properties": {
"approval_groups": {
"description": "Administrators who can approve a temporary authentication request.",
"example": [
{
"approvals_needed": 1,
"email_addresses": [
"test1@cloudflare.com",
"test2@cloudflare.com"
]
},
{
"approvals_needed": 3,
"email_list_uuid": "597147a1-976b-4ef2-9af0-81d5d007fc34"
}
],
"items": {
"description": "A group of email addresses that can approve a temporary authentication request.",
"properties": {
"approvals_needed": {
"description": "The number of approvals needed to obtain access.",
"example": 1,
"minimum": 0,
"type": "number"
},
"email_addresses": {
"description": "A list of emails that can approve the access request.",
"example": [
"test@cloudflare.com",
"test2@cloudflare.com"
],
"items": {},
"type": "array"
},
"email_list_uuid": {
"description": "The UUID of an re-usable email list.",
"type": "string"
}
},
"required": [
"approvals_needed"
],
"type": "object"
},
"type": "array"
},
"approval_required": {
"default": false,
"description": "Requires the user to request access from an administrator at the start of each session.",
"example": true,
"type": "boolean"
},
"created_at": {
"example": "2014-01-01T05:20:00.12345Z",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"decision": {
"description": "The action Access will take if a user matches this policy.",
"enum": [
"allow",
"deny",
"non_identity",
"bypass"
],
"example": "allow",
"type": "string"
},
"exclude": {
"description": "Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.",
"items": {
"oneOf": [
{
"description": "Matches a specific email.",
"properties": {
"email": {
"properties": {
"email": {
"description": "The email of the user.",
"example": "test@example.com",
"format": "email",
"type": "string"
}
},
"required": [
"email"
],
"type": "object"
}
},
"required": [
"email"
],
"title": "Email",
"type": "object"
},
{
"description": "Matches an email address from a list.",
"properties": {
"email_list": {
"properties": {
"id": {
"description": "The ID of a previously created email list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"email_list"
],
"title": "Email list",
"type": "object"
},
{
"description": "Match an entire email domain.",
"properties": {
"email_domain": {
"properties": {
"domain": {
"description": "The email domain to match.",
"example": "example.com",
"type": "string"
}
},
"required": [
"domain"
],
"type": "object"
}
},
"required": [
"email_domain"
],
"title": "Email domain",
"type": "object"
},
{
"description": "Matches everyone.",
"properties": {
"everyone": {
"description": "An empty object which matches on all users.",
"example": {},
"type": "object"
}
},
"required": [
"everyone"
],
"title": "Everyone",
"type": "object"
},
{
"description": "Matches an IP address block.",
"properties": {
"ip": {
"properties": {
"ip": {
"description": "An IPv4 or IPv6 CIDR block.",
"example": "2400:cb00:21:10a::/64",
"type": "string"
}
},
"required": [
"ip"
],
"type": "object"
}
},
"required": [
"ip"
],
"title": "IP ranges",
"type": "object"
},
{
"description": "Matches an IP address from a list.",
"properties": {
"ip_list": {
"properties": {
"id": {
"description": "The ID of a previously created IP list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"ip_list"
],
"title": "IP list",
"type": "object"
},
{
"description": "Matches any valid client certificate.",
"example": {
"certificate": {}
},
"properties": {
"certificate": {
"example": {},
"type": "object"
}
},
"required": [
"certificate"
],
"title": "Valid certificate",
"type": "object"
},
{
"description": "Matches an Access group.",
"properties": {
"group": {
"properties": {
"id": {
"description": "The ID of a previously created Access group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"group"
],
"title": "Access groups",
"type": "object"
},
{
"description": "Matches an Azure group.\nRequires an Azure identity provider.",
"properties": {
"azureAD": {
"properties": {
"connection_id": {
"description": "The ID of your Azure identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"id": {
"description": "The ID of an Azure group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id",
"connection_id"
],
"type": "object"
}
},
"required": [
"azureAD"
],
"title": "Azure group",
"type": "object"
},
{
"description": "Matches a Github organization.\nRequires a Github identity provider.",
"properties": {
"github-organization": {
"properties": {
"connection_id": {
"description": "The ID of your Github identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"name": {
"description": "The name of the organization.",
"example": "cloudflare",
"type": "string"
}
},
"required": [
"name",
"connection_id"
],
"type": "object"
}
},
"required": [
"github-organization"
],
"title": "Github organization",
"type": "object"
},
{
"description": "Matches a group in Google Workspace.\nRequires a Google Workspace identity provider.",
"properties": {
"gsuite": {
"properties": {
"connection_id": {
"description": "The ID of your Google Workspace identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Google Workspace group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"gsuite"
],
"title": "Google Workspace group",
"type": "object"
},
{
"description": "Matches an Okta group.\nRequires an Okta identity provider.",
"properties": {
"okta": {
"properties": {
"connection_id": {
"description": "The ID of your Okta identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Okta group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"okta"
],
"title": "Okta group",
"type": "object"
},
{
"description": "Matches a SAML group.\nRequires a SAML identity provider.",
"properties": {
"saml": {
"properties": {
"attribute_name": {
"description": "The name of the SAML attribute.",
"example": "group",
"type": "string"
},
"attribute_value": {
"description": "The SAML attribute value to look for.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"attribute_name",
"attribute_value"
],
"type": "object"
}
},
"required": [
"saml"
],
"title": "SAML group",
"type": "object"
},
{
"description": "Matches a specific Access Service Token",
"properties": {
"service_token": {
"properties": {
"token_id": {
"description": "The ID of a Service Token.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"token_id"
],
"type": "object"
}
},
"required": [
"service_token"
],
"title": "Service Token",
"type": "object"
},
{
"description": "Matches any valid Access Service Token",
"properties": {
"any_valid_service_token": {
"description": "An empty object which matches on all service tokens.",
"example": {},
"type": "object"
}
},
"required": [
"any_valid_service_token"
],
"title": "Any Valid Service Token",
"type": "object"
},
{
"description": "Create Allow or Block policies which evaluate the user based on custom criteria.",
"properties": {
"external_evaluation": {
"properties": {
"evaluate_url": {
"description": "The API endpoint containing your business logic.",
"example": "https://eval.example.com",
"type": "string"
},
"keys_url": {
"description": "The API endpoint containing the key that Access uses to verify that the response came from your API.",
"example": "https://eval.example.com/keys",
"type": "string"
}
},
"required": [
"evaluate_url",
"keys_url"
],
"type": "object"
}
},
"required": [
"external_evaluation"
],
"title": "External Evaluation",
"type": "object"
},
{
"description": "Matches a specific country",
"properties": {
"geo": {
"properties": {
"country_code": {
"description": "The country code that should be matched.",
"example": "US",
"type": "string"
}
},
"required": [
"country_code"
],
"type": "object"
}
},
"required": [
"geo"
],
"title": "Country",
"type": "object"
},
{
"description": "Enforce different MFA options",
"properties": {
"auth_method": {
"properties": {
"auth_method": {
"description": "The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.",
"example": "mfa",
"type": "string"
}
},
"required": [
"auth_method"
],
"type": "object"
}
},
"required": [
"auth_method"
],
"title": "Authentication method",
"type": "object"
},
{
"description": "Enforces a device posture rule has run successfully",
"properties": {
"device_posture": {
"properties": {
"integration_uid": {
"description": "The ID of a device posture integration.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"integration_uid"
],
"type": "object"
}
},
"required": [
"device_posture"
],
"title": "Device Posture",
"type": "object"
}
],
"type": "object"
},
"type": "array"
},
"id": {
"description": "UUID",
"example": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"maxLength": 36,
"readOnly": true,
"type": "string"
},
"include": {
"description": "Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.",
"items": {
"oneOf": [
{
"description": "Matches a specific email.",
"properties": {
"email": {
"properties": {
"email": {
"description": "The email of the user.",
"example": "test@example.com",
"format": "email",
"type": "string"
}
},
"required": [
"email"
],
"type": "object"
}
},
"required": [
"email"
],
"title": "Email",
"type": "object"
},
{
"description": "Matches an email address from a list.",
"properties": {
"email_list": {
"properties": {
"id": {
"description": "The ID of a previously created email list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"email_list"
],
"title": "Email list",
"type": "object"
},
{
"description": "Match an entire email domain.",
"properties": {
"email_domain": {
"properties": {
"domain": {
"description": "The email domain to match.",
"example": "example.com",
"type": "string"
}
},
"required": [
"domain"
],
"type": "object"
}
},
"required": [
"email_domain"
],
"title": "Email domain",
"type": "object"
},
{
"description": "Matches everyone.",
"properties": {
"everyone": {
"description": "An empty object which matches on all users.",
"example": {},
"type": "object"
}
},
"required": [
"everyone"
],
"title": "Everyone",
"type": "object"
},
{
"description": "Matches an IP address block.",
"properties": {
"ip": {
"properties": {
"ip": {
"description": "An IPv4 or IPv6 CIDR block.",
"example": "2400:cb00:21:10a::/64",
"type": "string"
}
},
"required": [
"ip"
],
"type": "object"
}
},
"required": [
"ip"
],
"title": "IP ranges",
"type": "object"
},
{
"description": "Matches an IP address from a list.",
"properties": {
"ip_list": {
"properties": {
"id": {
"description": "The ID of a previously created IP list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"ip_list"
],
"title": "IP list",
"type": "object"
},
{
"description": "Matches any valid client certificate.",
"example": {
"certificate": {}
},
"properties": {
"certificate": {
"example": {},
"type": "object"
}
},
"required": [
"certificate"
],
"title": "Valid certificate",
"type": "object"
},
{
"description": "Matches an Access group.",
"properties": {
"group": {
"properties": {
"id": {
"description": "The ID of a previously created Access group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"group"
],
"title": "Access groups",
"type": "object"
},
{
"description": "Matches an Azure group.\nRequires an Azure identity provider.",
"properties": {
"azureAD": {
"properties": {
"connection_id": {
"description": "The ID of your Azure identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"id": {
"description": "The ID of an Azure group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id",
"connection_id"
],
"type": "object"
}
},
"required": [
"azureAD"
],
"title": "Azure group",
"type": "object"
},
{
"description": "Matches a Github organization.\nRequires a Github identity provider.",
"properties": {
"github-organization": {
"properties": {
"connection_id": {
"description": "The ID of your Github identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"name": {
"description": "The name of the organization.",
"example": "cloudflare",
"type": "string"
}
},
"required": [
"name",
"connection_id"
],
"type": "object"
}
},
"required": [
"github-organization"
],
"title": "Github organization",
"type": "object"
},
{
"description": "Matches a group in Google Workspace.\nRequires a Google Workspace identity provider.",
"properties": {
"gsuite": {
"properties": {
"connection_id": {
"description": "The ID of your Google Workspace identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Google Workspace group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"gsuite"
],
"title": "Google Workspace group",
"type": "object"
},
{
"description": "Matches an Okta group.\nRequires an Okta identity provider.",
"properties": {
"okta": {
"properties": {
"connection_id": {
"description": "The ID of your Okta identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Okta group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"okta"
],
"title": "Okta group",
"type": "object"
},
{
"description": "Matches a SAML group.\nRequires a SAML identity provider.",
"properties": {
"saml": {
"properties": {
"attribute_name": {
"description": "The name of the SAML attribute.",
"example": "group",
"type": "string"
},
"attribute_value": {
"description": "The SAML attribute value to look for.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"attribute_name",
"attribute_value"
],
"type": "object"
}
},
"required": [
"saml"
],
"title": "SAML group",
"type": "object"
},
{
"description": "Matches a specific Access Service Token",
"properties": {
"service_token": {
"properties": {
"token_id": {
"description": "The ID of a Service Token.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"token_id"
],
"type": "object"
}
},
"required": [
"service_token"
],
"title": "Service Token",
"type": "object"
},
{
"description": "Matches any valid Access Service Token",
"properties": {
"any_valid_service_token": {
"description": "An empty object which matches on all service tokens.",
"example": {},
"type": "object"
}
},
"required": [
"any_valid_service_token"
],
"title": "Any Valid Service Token",
"type": "object"
},
{
"description": "Create Allow or Block policies which evaluate the user based on custom criteria.",
"properties": {
"external_evaluation": {
"properties": {
"evaluate_url": {
"description": "The API endpoint containing your business logic.",
"example": "https://eval.example.com",
"type": "string"
},
"keys_url": {
"description": "The API endpoint containing the key that Access uses to verify that the response came from your API.",
"example": "https://eval.example.com/keys",
"type": "string"
}
},
"required": [
"evaluate_url",
"keys_url"
],
"type": "object"
}
},
"required": [
"external_evaluation"
],
"title": "External Evaluation",
"type": "object"
},
{
"description": "Matches a specific country",
"properties": {
"geo": {
"properties": {
"country_code": {
"description": "The country code that should be matched.",
"example": "US",
"type": "string"
}
},
"required": [
"country_code"
],
"type": "object"
}
},
"required": [
"geo"
],
"title": "Country",
"type": "object"
},
{
"description": "Enforce different MFA options",
"properties": {
"auth_method": {
"properties": {
"auth_method": {
"description": "The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.",
"example": "mfa",
"type": "string"
}
},
"required": [
"auth_method"
],
"type": "object"
}
},
"required": [
"auth_method"
],
"title": "Authentication method",
"type": "object"
},
{
"description": "Enforces a device posture rule has run successfully",
"properties": {
"device_posture": {
"properties": {
"integration_uid": {
"description": "The ID of a device posture integration.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"integration_uid"
],
"type": "object"
}
},
"required": [
"device_posture"
],
"title": "Device Posture",
"type": "object"
}
],
"type": "object"
},
"type": "array"
},
"isolation_required": {
"default": false,
"description": "Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.",
"example": false,
"type": "boolean"
},
"name": {
"description": "The name of the Access policy.",
"example": "Allow devs",
"type": "string"
},
"precedence": {
"description": "The order of execution for this policy. Must be unique for each policy.",
"type": "integer"
},
"purpose_justification_prompt": {
"description": "A custom message that will appear on the purpose justification screen.",
"example": "Please enter a justification for entering this protected domain.",
"type": "string"
},
"purpose_justification_required": {
"default": false,
"description": "Require users to enter a justification when they log in to the application.",
"example": true,
"type": "boolean"
},
"require": {
"description": "Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.",
"items": {
"oneOf": [
{
"description": "Matches a specific email.",
"properties": {
"email": {
"properties": {
"email": {
"description": "The email of the user.",
"example": "test@example.com",
"format": "email",
"type": "string"
}
},
"required": [
"email"
],
"type": "object"
}
},
"required": [
"email"
],
"title": "Email",
"type": "object"
},
{
"description": "Matches an email address from a list.",
"properties": {
"email_list": {
"properties": {
"id": {
"description": "The ID of a previously created email list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"email_list"
],
"title": "Email list",
"type": "object"
},
{
"description": "Match an entire email domain.",
"properties": {
"email_domain": {
"properties": {
"domain": {
"description": "The email domain to match.",
"example": "example.com",
"type": "string"
}
},
"required": [
"domain"
],
"type": "object"
}
},
"required": [
"email_domain"
],
"title": "Email domain",
"type": "object"
},
{
"description": "Matches everyone.",
"properties": {
"everyone": {
"description": "An empty object which matches on all users.",
"example": {},
"type": "object"
}
},
"required": [
"everyone"
],
"title": "Everyone",
"type": "object"
},
{
"description": "Matches an IP address block.",
"properties": {
"ip": {
"properties": {
"ip": {
"description": "An IPv4 or IPv6 CIDR block.",
"example": "2400:cb00:21:10a::/64",
"type": "string"
}
},
"required": [
"ip"
],
"type": "object"
}
},
"required": [
"ip"
],
"title": "IP ranges",
"type": "object"
},
{
"description": "Matches an IP address from a list.",
"properties": {
"ip_list": {
"properties": {
"id": {
"description": "The ID of a previously created IP list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"ip_list"
],
"title": "IP list",
"type": "object"
},
{
"description": "Matches any valid client certificate.",
"example": {
"certificate": {}
},
"properties": {
"certificate": {
"example": {},
"type": "object"
}
},
"required": [
"certificate"
],
"title": "Valid certificate",
"type": "object"
},
{
"description": "Matches an Access group.",
"properties": {
"group": {
"properties": {
"id": {
"description": "The ID of a previously created Access group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"group"
],
"title": "Access groups",
"type": "object"
},
{
"description": "Matches an Azure group.\nRequires an Azure identity provider.",
"properties": {
"azureAD": {
"properties": {
"connection_id": {
"description": "The ID of your Azure identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"id": {
"description": "The ID of an Azure group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id",
"connection_id"
],
"type": "object"
}
},
"required": [
"azureAD"
],
"title": "Azure group",
"type": "object"
},
{
"description": "Matches a Github organization.\nRequires a Github identity provider.",
"properties": {
"github-organization": {
"properties": {
"connection_id": {
"description": "The ID of your Github identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"name": {
"description": "The name of the organization.",
"example": "cloudflare",
"type": "string"
}
},
"required": [
"name",
"connection_id"
],
"type": "object"
}
},
"required": [
"github-organization"
],
"title": "Github organization",
"type": "object"
},
{
"description": "Matches a group in Google Workspace.\nRequires a Google Workspace identity provider.",
"properties": {
"gsuite": {
"properties": {
"connection_id": {
"description": "The ID of your Google Workspace identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Google Workspace group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"gsuite"
],
"title": "Google Workspace group",
"type": "object"
},
{
"description": "Matches an Okta group.\nRequires an Okta identity provider.",
"properties": {
"okta": {
"properties": {
"connection_id": {
"description": "The ID of your Okta identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Okta group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"okta"
],
"title": "Okta group",
"type": "object"
},
{
"description": "Matches a SAML group.\nRequires a SAML identity provider.",
"properties": {
"saml": {
"properties": {
"attribute_name": {
"description": "The name of the SAML attribute.",
"example": "group",
"type": "string"
},
"attribute_value": {
"description": "The SAML attribute value to look for.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"attribute_name",
"attribute_value"
],
"type": "object"
}
},
"required": [
"saml"
],
"title": "SAML group",
"type": "object"
},
{
"description": "Matches a specific Access Service Token",
"properties": {
"service_token": {
"properties": {
"token_id": {
"description": "The ID of a Service Token.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"token_id"
],
"type": "object"
}
},
"required": [
"service_token"
],
"title": "Service Token",
"type": "object"
},
{
"description": "Matches any valid Access Service Token",
"properties": {
"any_valid_service_token": {
"description": "An empty object which matches on all service tokens.",
"example": {},
"type": "object"
}
},
"required": [
"any_valid_service_token"
],
"title": "Any Valid Service Token",
"type": "object"
},
{
"description": "Create Allow or Block policies which evaluate the user based on custom criteria.",
"properties": {
"external_evaluation": {
"properties": {
"evaluate_url": {
"description": "The API endpoint containing your business logic.",
"example": "https://eval.example.com",
"type": "string"
},
"keys_url": {
"description": "The API endpoint containing the key that Access uses to verify that the response came from your API.",
"example": "https://eval.example.com/keys",
"type": "string"
}
},
"required": [
"evaluate_url",
"keys_url"
],
"type": "object"
}
},
"required": [
"external_evaluation"
],
"title": "External Evaluation",
"type": "object"
},
{
"description": "Matches a specific country",
"properties": {
"geo": {
"properties": {
"country_code": {
"description": "The country code that should be matched.",
"example": "US",
"type": "string"
}
},
"required": [
"country_code"
],
"type": "object"
}
},
"required": [
"geo"
],
"title": "Country",
"type": "object"
},
{
"description": "Enforce different MFA options",
"properties": {
"auth_method": {
"properties": {
"auth_method": {
"description": "The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.",
"example": "mfa",
"type": "string"
}
},
"required": [
"auth_method"
],
"type": "object"
}
},
"required": [
"auth_method"
],
"title": "Authentication method",
"type": "object"
},
{
"description": "Enforces a device posture rule has run successfully",
"properties": {
"device_posture": {
"properties": {
"integration_uid": {
"description": "The ID of a device posture integration.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"integration_uid"
],
"type": "object"
}
},
"required": [
"device_posture"
],
"title": "Device Posture",
"type": "object"
}
],
"type": "object"
},
"type": "array"
},
"session_duration": {
"default": "24h",
"description": "The amount of time that tokens issued for the application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h.",
"example": "24h",
"type": "string"
},
"updated_at": {
"example": "2014-01-01T05:20:00.12345Z",
"format": "date-time",
"readOnly": true,
"type": "string"
}
},
"type": "object"
}
}
}
]
}
}
},
"description": "Get an Access policy response"
},
"4XX": {
"content": {
"application/json": {
"schema": {
"properties": {
"errors": {
"allOf": [
{
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
}
],
"example": [
{
"code": 7003,
"message": "No route for the URI"
}
],
"minLength": 1
},
"messages": {
"allOf": [
{
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
}
],
"example": []
},
"result": {
"enum": [
null
],
"nullable": true,
"type": "object"
},
"success": {
"description": "Whether the API call was successful",
"enum": [
false
],
"example": false,
"type": "boolean"
}
},
"required": [
"success",
"errors",
"messages",
"result"
],
"type": "object"
}
}
},
"description": "Get an Access policy response failure"
}
}[
{
"api_email": [],
"api_key": []
}
]