Whether the enable_sso setting can be changed (true) or not (false).
If enabled, clients are able to add legacy delegation grants.
If enabled, clients are able to add legacy RO grants.
Whether the legacy /tokeninfo endpoint is enabled for your account (true) or unavailable (false).
Whether to use the older v1 change password flow (true, not recommended except for backward compatibility) or the newer safer flow (false, recommended).
Enables new insights activity page view
Enables beta access to log streaming changes
Whether classic Universal Login prompts include additional security headers to prevent clickjacking (true) or no safeguard (false).
Disables SAML fields map fix for bad mappings with repeated attributes
Whether the impersonation functionality has been disabled (true) or not (false). Read-only.
Enables the email verification flow during login for Azure AD and ADFS connections
Whether the APIs section is enabled (true) or disabled (false).
Whether all current connections should be enabled when a new client (application) is created (true, default) or not (false).
Whether ID tokens can be used to authorize some types of requests to API v2 (true) not not (false).
Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
Whether advanced API Authorization scenarios are enabled (true) or disabled (false).
Whether the public sign up process shows a user_exists error (true) or a generic error (false) if the user already exists.
Whether users are prompted to confirm log in before SSO redirection (false) or are not prompted (true).
Enforce client authentication for passwordless start.
Used to allow users to pick what factor to enroll of the available MFA factors.
Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
Removes alg property from jwks .well-known endpoint
Delete underlying grant when a Refresh Token is revoked via the Authentication API.
Flags used to change the behavior of this tenant.