Interface TenantSettingsUpdateFlags

Flags used to change the behavior of this tenant.

Hierarchy

  • TenantSettingsUpdateFlags

Properties

allow_legacy_delegation_grant_types? allow_legacy_ro_grant_types? allow_legacy_tokeninfo_endpoint? change_pwd_flow_v1? dashboard_insights_view? dashboard_log_streams_next? disable_clickjack_protection_headers? disable_fields_map_fix? disable_management_api_sms_obfuscation? enable_adfs_waad_email_verification? enable_apis_section? enable_client_connections? enable_custom_domain_in_emails? enable_dynamic_client_registration? enable_idtoken_api2? enable_legacy_profile? enable_pipeline2? enable_public_signup_user_exists_error? enable_sso? enforce_client_authentication_on_passwordless_start? mfa_show_factor_list_on_enrollment? no_disclose_enterprise_connections? remove_alg_from_jwks? revoke_refresh_token_grant? trust_azure_adfs_email_verified_connection_property?

Properties

Optional allow_legacy_delegation_grant_types

allow_legacy_delegation_grant_types?: boolean

Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).

Optional allow_legacy_ro_grant_types

allow_legacy_ro_grant_types?: boolean

Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).

Optional allow_legacy_tokeninfo_endpoint

allow_legacy_tokeninfo_endpoint?: boolean

Whether the legacy /tokeninfo endpoint is enabled for your account (true) or unavailable (false).

Optional change_pwd_flow_v1

change_pwd_flow_v1?: false

Whether to use the older v1 change password flow (true, not recommended except for backward compatibility) or the newer safer flow (false, recommended).

Optional dashboard_insights_view

dashboard_insights_view?: boolean

Enables new insights activity page view.

Optional dashboard_log_streams_next

dashboard_log_streams_next?: boolean

Enables beta access to log streaming changes.

Optional disable_clickjack_protection_headers

disable_clickjack_protection_headers?: boolean

Whether classic Universal Login prompts include additional security headers to prevent clickjacking (true) or no safeguard (false).

Optional disable_fields_map_fix

disable_fields_map_fix?: boolean

Disables SAML fields map fix for bad mappings with repeated attributes.

Optional disable_management_api_sms_obfuscation

disable_management_api_sms_obfuscation?: boolean

If true, SMS phone numbers will not be obfuscated in Management API GET calls.

Optional enable_adfs_waad_email_verification

enable_adfs_waad_email_verification?: boolean

Enables the email verification flow during login for Azure AD and ADFS connections.

Optional enable_apis_section

enable_apis_section?: boolean

Whether the APIs section is enabled (true) or disabled (false).

Optional enable_client_connections

enable_client_connections?: boolean

Whether all current connections should be enabled when a new client (application) is created (true, default) or not (false).

Optional enable_custom_domain_in_emails

enable_custom_domain_in_emails?: boolean

Whether emails sent by Auth0 for change password, verification etc. should use your verified custom domain (true) or your auth0.com sub-domain (false). Affects all emails, links, and URLs. Email will fail if the custom domain is not verified.

Optional enable_dynamic_client_registration

enable_dynamic_client_registration?: boolean

Whether third-party developers can dynamically register applications for your APIs (true) or not (false). This flag enables dynamic client registration.

Optional enable_idtoken_api2

enable_idtoken_api2?: boolean

Whether ID tokens can be used to authorize some types of requests to API v2 (true) not not (false).

Optional enable_legacy_profile

enable_legacy_profile?: boolean

Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).

Optional enable_pipeline2

enable_pipeline2?: boolean

Whether advanced API Authorization scenarios are enabled (true) or disabled (false).

Optional enable_public_signup_user_exists_error

enable_public_signup_user_exists_error?: boolean

Whether the public sign up process shows a user_exists error (true) or a generic error (false) if the user already exists.

Optional enable_sso

enable_sso?: boolean

Whether users are prompted to confirm log in before SSO redirection (false) or are not prompted (true).

Optional enforce_client_authentication_on_passwordless_start

enforce_client_authentication_on_passwordless_start?: boolean

Enforce client authentication for passwordless start.

Optional mfa_show_factor_list_on_enrollment

mfa_show_factor_list_on_enrollment?: boolean

Used to allow users to pick what factor to enroll of the available MFA factors.

Optional no_disclose_enterprise_connections

no_disclose_enterprise_connections?: boolean

Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.

Optional remove_alg_from_jwks

remove_alg_from_jwks?: boolean

Removes alg property from jwks .well-known endpoint

Optional revoke_refresh_token_grant

revoke_refresh_token_grant?: boolean

Delete underlying grant when a Refresh Token is revoked via the Authentication API.

Optional trust_azure_adfs_email_verified_connection_property

trust_azure_adfs_email_verified_connection_property?: boolean

Changes email_verified behavior for Azure AD/ADFS connections when enabled. Sets email_verified to false otherwise.

Settings

Member Visibility

Theme

On This Page