Optionalchange_Whether to use the older v1 change password flow (true, not recommended except for backward compatibility) or the newer safer flow (false, recommended).
Optionalenable_Whether the APIs section is enabled (true) or disabled (false).
Optionaldisable_Whether the impersonation functionality has been disabled (true) or not (false). Read-only.
Optionalenable_Whether all current connections should be enabled when a new client (application) is created (true, default) or not (false).
Optionalenable_Whether advanced API Authorization scenarios are enabled (true) or disabled (false).
Optionalallow_If enabled, clients are able to add legacy delegation grants.
Optionalallow_If enabled, clients are able to add legacy RO grants.
Optionalallow_Whether the legacy /tokeninfo endpoint is enabled for your account (true) or unavailable (false).
Optionalenable_Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
Optionalenable_Whether ID tokens can be used to authorize some types of requests to API v2 (true) not not (false).
Optionalenable_Whether the public sign up process shows a user_exists error (true) or a generic error (false) if the user already exists.
Optionalenable_Whether users are prompted to confirm log in before SSO redirection (false) or are not prompted (true).
Optionalallow_Whether the enable_sso setting can be changed (true) or not (false).
Optionaldisable_Whether classic Universal Login prompts include additional security headers to prevent clickjacking (true) or no safeguard (false).
Optionalno_Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
Optionalenforce_Enforce client authentication for passwordless start.
Optionalenable_Enables the email verification flow during login for Azure AD and ADFS connections
Optionalrevoke_Delete underlying grant when a Refresh Token is revoked via the Authentication API.
Optionaldashboard_Enables beta access to log streaming changes
Optionaldashboard_Enables new insights activity page view
Optionaldisable_Disables SAML fields map fix for bad mappings with repeated attributes
Optionalmfa_Used to allow users to pick what factor to enroll of the available MFA factors.
Optionalremove_Removes alg property from jwks .well-known endpoint
Optionalimproved_Improves bot detection during signup in classic universal login
Optionalgenai_This tenant signed up for the Auth4GenAI trail
Optionalenable_Whether third-party developers can dynamically register applications for your APIs (true) or not (false). This flag enables dynamic client registration.
Optionaldisable_If true, SMS phone numbers will not be obfuscated in Management API GET calls.
Optionaltrust_Changes email_verified behavior for Azure AD/ADFS connections when enabled. Sets email_verified to false otherwise.
Optionalcustom_If true, custom domains feature will be enabled for tenant.
Flags used to change the behavior of this tenant.