Update Login Settings

Update the default login settings defined on the instance level. It will trigger for all organizations, that don't overwrite the settings. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI.

application/json
application/grpc
application/grpc-web+proto

Request Body required

allowUsernamePassword boolean
defines if a user is allowed to log in with his username and password
allowRegister boolean
defines if a person is allowed to register a user on this organization
allowExternalIdp boolean
defines if a user is allowed to add a defined identity provider. E.g. Google auth
forceMfa boolean
defines if a user MUST use a multi-factor to log in
passwordlessType - PASSWORDLESS_TYPE_ALLOWED: PLANNED: PASSWORDLESS_TYPE_WITH_CERT
Possible values: [PASSWORDLESS_TYPE_NOT_ALLOWED, PASSWORDLESS_TYPE_ALLOWED]
Default value: PASSWORDLESS_TYPE_NOT_ALLOWED
defines if passwordless is allowed for users
hidePasswordReset boolean
defines if password reset link should be shown in the login screen
ignoreUnknownUsernames boolean
defines if unknown username on login screen directly returns an error or always displays the password screen
defaultRedirectUri string
defines where the user will be redirected to if the login is started without app context (e.g. from mail)
passwordCheckLifetime string
externalLoginCheckLifetime string
mfaInitSkipLifetime string
secondFactorCheckLifetime string
multiFactorCheckLifetime string
allowDomainDiscovery boolean
If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
disableLoginWithEmail boolean
defines if the user can additionally (to the login name) be identified by their verified email address
disableLoginWithPhone boolean
defines if the user can additionally (to the login name) be identified by their verified phone number

Request Body required

allowUsernamePassword boolean
defines if a user is allowed to log in with his username and password
allowRegister boolean
defines if a person is allowed to register a user on this organization
allowExternalIdp boolean
defines if a user is allowed to add a defined identity provider. E.g. Google auth
forceMfa boolean
defines if a user MUST use a multi-factor to log in
passwordlessType - PASSWORDLESS_TYPE_ALLOWED: PLANNED: PASSWORDLESS_TYPE_WITH_CERT
Possible values: [PASSWORDLESS_TYPE_NOT_ALLOWED, PASSWORDLESS_TYPE_ALLOWED]
Default value: PASSWORDLESS_TYPE_NOT_ALLOWED
defines if passwordless is allowed for users
hidePasswordReset boolean
defines if password reset link should be shown in the login screen
ignoreUnknownUsernames boolean
defines if unknown username on login screen directly returns an error or always displays the password screen
defaultRedirectUri string
defines where the user will be redirected to if the login is started without app context (e.g. from mail)
passwordCheckLifetime string
externalLoginCheckLifetime string
mfaInitSkipLifetime string
secondFactorCheckLifetime string
multiFactorCheckLifetime string
allowDomainDiscovery boolean
If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
disableLoginWithEmail boolean
defines if the user can additionally (to the login name) be identified by their verified email address
disableLoginWithPhone boolean
defines if the user can additionally (to the login name) be identified by their verified phone number

Request Body required

allowUsernamePassword boolean
defines if a user is allowed to log in with his username and password
allowRegister boolean
defines if a person is allowed to register a user on this organization
allowExternalIdp boolean
defines if a user is allowed to add a defined identity provider. E.g. Google auth
forceMfa boolean
defines if a user MUST use a multi-factor to log in
passwordlessType - PASSWORDLESS_TYPE_ALLOWED: PLANNED: PASSWORDLESS_TYPE_WITH_CERT
Possible values: [PASSWORDLESS_TYPE_NOT_ALLOWED, PASSWORDLESS_TYPE_ALLOWED]
Default value: PASSWORDLESS_TYPE_NOT_ALLOWED
defines if passwordless is allowed for users
hidePasswordReset boolean
defines if password reset link should be shown in the login screen
ignoreUnknownUsernames boolean
defines if unknown username on login screen directly returns an error or always displays the password screen
defaultRedirectUri string
defines where the user will be redirected to if the login is started without app context (e.g. from mail)
passwordCheckLifetime string
externalLoginCheckLifetime string
mfaInitSkipLifetime string
secondFactorCheckLifetime string
multiFactorCheckLifetime string
allowDomainDiscovery boolean
If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
disableLoginWithEmail boolean
defines if the user can additionally (to the login name) be identified by their verified email address
disableLoginWithPhone boolean
defines if the user can additionally (to the login name) be identified by their verified phone number

Responses

200
403
404
default

default login policy updated

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection

on manipulation: the
resourceOwner resource_owner is the organization an object belongs to

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-12",
    "changeDate": "2023-05-12",
    "resourceOwner": "69629023906488334"
  }
}

Schema
Example (from schema)

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection

on manipulation: the
resourceOwner resource_owner is the organization an object belongs to

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-12",
    "changeDate": "2023-05-12",
    "resourceOwner": "69629023906488334"
  }
}

Schema
Example (from schema)

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection

on manipulation: the
resourceOwner resource_owner is the organization an object belongs to

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-12",
    "changeDate": "2023-05-12",
    "resourceOwner": "69629023906488334"
  }
}

Returned when the user does not have permission to access the resource.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Returned when the resource does not exist.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

An unexpected error response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Update Login Settings​