Optional
allow_Indicates whether Refresh Tokens are allowed to be issued when authenticating with a session_transfer_token.
Optional
allowed_Indicates whether an app can create a session from a session_token received via indicated methods.
Optional
can_Indicates whether an app can issue a session_token through Token Exchange. If set to 'false', the app will not be able to issue a session_token.
Optional
enforce_Indicates whether revoking the parent Refresh Token that initiated a Native to Web flow and was used to issue a Session Transfer Token should trigger a cascade revocation affecting its dependent child entities.
Optional
enforce_Indicates whether device binding security should be enforced for the app. If set to 'ip', the app will enforce device binding by IP, meaning that consumption of session_token must be done from the same IP of the issuer. Likewise, if set to 'asn', device binding is enforced by ASN, meaning consumption of session_token must be done from the same ASN as the issuer. If set to 'null', device binding is not enforced.
Optional
enforce_Indicates whether Refresh Tokens created during a native-to-web session are tied to that session's lifetime. This determines if such refresh tokens should be automatically revoked when their corresponding sessions are.
Native to Web SSO Configuration