diff --git a/docs/data-sources/aac_rule.md b/docs/data-sources/aac_rule.md
index dc4bb6a..2ca64d8 100644
--- a/docs/data-sources/aac_rule.md
+++ b/docs/data-sources/aac_rule.md
@@ -43,4 +43,3 @@ output "aac_rule" {
 - `notification_channels` (List of String) List of notification channel IDs
 - `priority` (Number) Determines the order in which the aac rules are being matched. Lower priority indicates that the AAC rule is matched earlier
 - `sources` (List of String) Users and groups that the rule is applied to
-- `suspicious_login` (String) Determines if the rule applies at suspicious or non-suspicious login. Options: any, suspicious, safe
diff --git a/docs/resources/aac_rule.md b/docs/resources/aac_rule.md
index 20e9f0e..c49f662 100644
--- a/docs/resources/aac_rule.md
+++ b/docs/resources/aac_rule.md
@@ -14,17 +14,16 @@ Adaptive access control rule for protecting users connecting to service provider
 
 ```terraform
 resource "pfptmeta_aac_rule" "aac_rule" {
-  name             = "aac rule name"
-  description      = "aac rule description"
-  enabled          = true
-  priority         = 555
-  action           = "allow"
-  app_ids          = ["app-abcd1234"]
-  sources          = ["usr-abcd1234"]
-  certificate_id   = "crt-abcd1234"
-  suspicious_login = "safe"
-  locations        = ["US", "IL"]
-  ip_reputations   = ["tor", "vpn"]
+  name           = "aac rule name"
+  description    = "aac rule description"
+  enabled        = true
+  priority       = 555
+  action         = "allow"
+  app_ids        = ["app-abcd1234"]
+  sources        = ["usr-abcd1234"]
+  certificate_id = "crt-abcd1234"
+  locations      = ["US", "IL"]
+  ip_reputations = ["tor", "vpn"]
 }
 ```
 
@@ -36,7 +35,6 @@ resource "pfptmeta_aac_rule" "aac_rule" {
 - `action` (String) The action to enforce when rule is matched to a connection
 - `name` (String)
 - `priority` (Number) Determines the order in which the aac rules are being matched. Lower priority indicates that the AAC rule is matched earlier
-- `suspicious_login` (String) Determines if the rule applies at suspicious or non-suspicious login. Options: any, suspicious, safe
 
 ### Optional
 
diff --git a/examples/resources/pfptmeta_aac_rule/resource.tf b/examples/resources/pfptmeta_aac_rule/resource.tf
index df9e7fa..5f5e205 100644
--- a/examples/resources/pfptmeta_aac_rule/resource.tf
+++ b/examples/resources/pfptmeta_aac_rule/resource.tf
@@ -1,13 +1,12 @@
 resource "pfptmeta_aac_rule" "aac_rule" {
-  name             = "aac rule name"
-  description      = "aac rule description"
-  enabled          = true
-  priority         = 555
-  action           = "allow"
-  app_ids          = ["app-abcd1234"]
-  sources          = ["usr-abcd1234"]
-  certificate_id   = "crt-abcd1234"
-  suspicious_login = "safe"
-  locations        = ["US", "IL"]
-  ip_reputations   = ["tor", "vpn"]
+  name           = "aac rule name"
+  description    = "aac rule description"
+  enabled        = true
+  priority       = 555
+  action         = "allow"
+  app_ids        = ["app-abcd1234"]
+  sources        = ["usr-abcd1234"]
+  certificate_id = "crt-abcd1234"
+  locations      = ["US", "IL"]
+  ip_reputations = ["tor", "vpn"]
 }
\ No newline at end of file
diff --git a/internal/client/aac_rule.go b/internal/client/aac_rule.go
index f8f0da7..5e09668 100644
--- a/internal/client/aac_rule.go
+++ b/internal/client/aac_rule.go
@@ -21,7 +21,6 @@ type AacRule struct {
 	ApplyAllApps         bool      `json:"apply_all_apps"`
 	Sources              []string  `json:"sources,omitempty"`
 	ExemptSources        []string  `json:"exempt_sources,omitempty"`
-	SuspiciousLogin      *bool     `json:"suspicious_login"`
 	FilterExpression     *string   `json:"filter_expression"`
 	Networks             []string  `json:"networks,omitempty"`
 	Locations            *[]string `json:"locations"`
@@ -75,33 +74,9 @@ func NewAacRule(d *schema.ResourceData) *AacRule {
 	} else {
 		res.FilterExpression = nil
 	}
-	res.SuspiciousLogin = suspiciousLoginStrToBool(d.Get("suspicious_login").(string))
 	return res
 }
 
-func suspiciousLoginStrToBool(suspiciousLogin string) *bool {
-	res := new(bool)
-	switch suspiciousLogin {
-	case "suspicious":
-		*res = true
-	case "safe":
-		*res = false
-	default:
-		return nil
-	}
-	return res
-}
-
-func ParseAacSuspiciousLoginBoolToStr(aac_rule *AacRule) string {
-	if aac_rule.SuspiciousLogin == nil {
-		return "any"
-	}
-	if *aac_rule.SuspiciousLogin {
-		return "suspicious"
-	}
-	return "safe"
-}
-
 func parseAacRule(resp []byte) (*AacRule, error) {
 	aac_rule := &AacRule{}
 	err := json.Unmarshal(resp, aac_rule)
diff --git a/internal/provider/aac_rule/common.go b/internal/provider/aac_rule/common.go
index ff6578b..4132043 100644
--- a/internal/provider/aac_rule/common.go
+++ b/internal/provider/aac_rule/common.go
@@ -10,7 +10,7 @@ import (
 	"net/http"
 )
 
-var excludedKeys = []string{"id", "suspicious_login"}
+var excludedKeys = []string{"id"}
 
 const (
 	description = "Adaptive access control rule for protecting users connecting to service provider application " +
@@ -23,7 +23,6 @@ const (
 		"apps are specified in app_ids. Note: this attribute overrides app_ids"
 	sourcesDesc              = "Users and groups that the rule is applied to"
 	exemptSources            = "Subgroup of 'sources' to which the AAC rule is not applied"
-	suspiciousLoginDesc      = "Determines if the rule applies at suspicious or non-suspicious login. Options: any, suspicious, safe"
 	expressionDesc           = "Defines filtering expressions to to provide user granularity in AAC rule application"
 	networksDesc             = "List of IP network IDs that the rule is applied to"
 	locationsDesc            = "List of locations that the rule is applied to. Each country is represented by an Alpha-2 code (ISO-3166). Enum: " + common.CountriesDoc
@@ -51,7 +50,6 @@ func aacRuleRead(ctx context.Context, d *schema.ResourceData, meta interface{})
 	if err != nil {
 		return diag.FromErr(err)
 	}
-	d.Set("suspicious_login", client.ParseAacSuspiciousLoginBoolToStr(a))
 	return
 }
 
@@ -68,7 +66,6 @@ func aacRuleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}
 	if err != nil {
 		return diag.FromErr(err)
 	}
-	d.Set("suspicious_login", client.ParseAacSuspiciousLoginBoolToStr(a))
 	return
 }
 
@@ -85,7 +82,6 @@ func aacRuleUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}
 	if err != nil {
 		return diag.FromErr(err)
 	}
-	d.Set("suspicious_login", client.ParseAacSuspiciousLoginBoolToStr(a))
 	return
 }
 
diff --git a/internal/provider/aac_rule/data_source.go b/internal/provider/aac_rule/data_source.go
index efcd2f7..0cdfff6 100644
--- a/internal/provider/aac_rule/data_source.go
+++ b/internal/provider/aac_rule/data_source.go
@@ -61,11 +61,6 @@ func DataSource() *schema.Resource {
 				Elem:        &schema.Schema{Type: schema.TypeString},
 				Computed:    true,
 			},
-			"suspicious_login": {
-				Description: suspiciousLoginDesc,
-				Type:        schema.TypeString,
-				Computed:    true,
-			},
 			"filter_expression": {
 				Description: expressionDesc,
 				Type:        schema.TypeString,
diff --git a/internal/provider/aac_rule/resource.go b/internal/provider/aac_rule/resource.go
index 7d246a4..f7bba13 100644
--- a/internal/provider/aac_rule/resource.go
+++ b/internal/provider/aac_rule/resource.go
@@ -81,12 +81,6 @@ func Resource() *schema.Resource {
 					ValidateDiagFunc: common.ValidateID(false, "usr", "grp"),
 				},
 			},
-			"suspicious_login": {
-				Description:      suspiciousLoginDesc,
-				Type:             schema.TypeString,
-				Required:         true,
-				ValidateDiagFunc: common.ValidateStringENUM("suspicious", "safe", "any"),
-			},
 			"filter_expression": {
 				Description: expressionDesc,
 				Type:        schema.TypeString,
diff --git a/internal/provider/acc_tests/aac_rule_test.go b/internal/provider/acc_tests/aac_rule_test.go
index 06cd38f..c3ac495 100644
--- a/internal/provider/acc_tests/aac_rule_test.go
+++ b/internal/provider/acc_tests/aac_rule_test.go
@@ -20,7 +20,6 @@ resource "pfptmeta_aac_rule" "rule" {
   priority         = 1
   action           = "allow"
   apply_all_apps   = true
-  suspicious_login = "suspicious"
   sources          = [data.pfptmeta_user.aac_user_by_email.id]
   ip_reputations   = ["tor"]
 }
@@ -46,7 +45,6 @@ func TestAccDataSourceAacRule(t *testing.T) {
 					resource.TestCheckResourceAttr("pfptmeta_aac_rule.rule", "apply_all_apps", "true"),
 					resource.TestCheckResourceAttr("pfptmeta_aac_rule.rule", "action", "allow"),
 					resource.TestCheckResourceAttr("pfptmeta_aac_rule.rule", "priority", "1"),
-					resource.TestCheckResourceAttr("pfptmeta_aac_rule.rule", "suspicious_login", "suspicious"),
 					resource.TestCheckResourceAttr("pfptmeta_aac_rule.rule", "sources.0", "usr-xN6MCvzmWyvJYdk"),
 					resource.TestCheckResourceAttr("pfptmeta_aac_rule.rule", "ip_reputations.0", "tor"),
 				),
@@ -60,7 +58,6 @@ func TestAccDataSourceAacRule(t *testing.T) {
 					resource.TestCheckResourceAttr("data.pfptmeta_aac_rule.rule", "apply_all_apps", "true"),
 					resource.TestCheckResourceAttr("data.pfptmeta_aac_rule.rule", "action", "allow"),
 					resource.TestCheckResourceAttr("data.pfptmeta_aac_rule.rule", "priority", "1"),
-					resource.TestCheckResourceAttr("data.pfptmeta_aac_rule.rule", "suspicious_login", "suspicious"),
 					resource.TestCheckResourceAttr("data.pfptmeta_aac_rule.rule", "sources.0", "usr-xN6MCvzmWyvJYdk"),
 					resource.TestCheckResourceAttr("data.pfptmeta_aac_rule.rule", "ip_reputations.0", "tor"),
 				),