/*!
 * Copyright (c) 2017-present, Okta, Inc. and/or its affiliates. All rights reserved.
 * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
 *
 * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *
 * See the License for the specific language governing permissions and limitations under the License.
 */


/**
 * Okta Admin Management
 * Allows customers to easily access the Okta Management APIs
 *
 * OpenAPI spec version: 5.1.0
 * Contact: devex-public@okta.com
 *
 * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
 * https://openapi-generator.tech
 * Do not edit the class manually.
 */
import { AuthenticationMethodObject } from './../models/AuthenticationMethodObject';
/**
* Consists of a `POSSESSION` constraint, a `KNOWLEDGE` constraint, or both. You can\'t configure an `INHERENCE` constraint, but an inherence factor can satisfy the second part of a 2FA assurance if no other constraints are specified. Constraints are logically evaluated such that only one `constraint` object needs to be satisfied, but within a `constraint` object, each `constraint` property must be satisfied.
*/
export declare class AccessPolicyConstraint {
  /**
    * This property specifies the precise authenticator and method for authentication. <x-lifecycle class=\"oie\"></x-lifecycle>
    */
  'authenticationMethods'?: Array<AuthenticationMethodObject>;
  /**
    * This property specifies the precise authenticator and method to exclude from authentication. <x-lifecycle class=\"oie\"></x-lifecycle>
    */
  'excludedAuthenticationMethods'?: Array<AuthenticationMethodObject>;
  /**
    * The authenticator methods that are permitted
    */
  'methods'?: Array<AccessPolicyConstraintMethodsEnum>;
  /**
    * The duration after which the user must re-authenticate regardless of user activity. This re-authentication interval overrides the Verification Method object\'s `reauthenticateIn` interval. The supported values use ISO 8601 period format for recurring time intervals (for example, `PT1H`).
    */
  'reauthenticateIn'?: string;
  /**
    * This property indicates whether the knowledge or possession factor is required by the assurance. It\'s optional in the request, but is always returned in the response. By default, this field is `true`. If the knowledge or possession constraint has values for `excludedAuthenticationMethods` the `required` value is false. <x-lifecycle class=\"oie\"></x-lifecycle>
    */
  'required'?: boolean;
  /**
    * The authenticator types that are permitted
    */
  'types'?: Array<AccessPolicyConstraintTypesEnum>;
  static readonly discriminator: string | undefined;
  static readonly attributeTypeMap: Array<{
        name: string;
        baseName: string;
        type: string;
        format: string;
    }>;
  static getAttributeTypeMap(): {
        name: string;
        baseName: string;
        type: string;
        format: string;
    }[];
  constructor();
}
export type AccessPolicyConstraintMethodsEnum = 'PASSWORD' | 'SECURITY_QUESTION' | 'SMS' | 'VOICE' | 'EMAIL' | 'PUSH' | 'SIGNED_NONCE' | 'OTP' | 'TOTP' | 'WEBAUTHN' | 'DUO' | 'IDP' | 'CERT';
export type AccessPolicyConstraintTypesEnum = 'SECURITY_KEY' | 'PHONE' | 'EMAIL' | 'PASSWORD' | 'SECURITY_QUESTION' | 'APP' | 'FEDERATED';