Skip to main content

Create Custom Login Settings

Create login settings for the organization and therefore overwrite the default settings for this organization. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI.

Header Parameters
  • x-zitadel-orgid string

    The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.

Request Body required
  • allowUsernamePassword boolean
  • allowRegister boolean
  • allowExternalIdp boolean
  • forceMfa boolean
  • passwordlessType - PASSWORDLESS_TYPE_ALLOWED: PLANNED: PASSWORDLESS_TYPE_WITH_CERT

    Possible values: [PASSWORDLESS_TYPE_NOT_ALLOWED, PASSWORDLESS_TYPE_ALLOWED]

    Default value: PASSWORDLESS_TYPE_NOT_ALLOWED

  • hidePasswordReset boolean
  • ignoreUnknownUsernames boolean

    defines if unknown username on login screen directly returns an error or always displays the password screen

  • defaultRedirectUri string

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

  • passwordCheckLifetime string
  • externalLoginCheckLifetime string
  • mfaInitSkipLifetime string
  • secondFactorCheckLifetime string
  • multiFactorCheckLifetime string
  • secondFactors string[]

    Possible values: [SECOND_FACTOR_TYPE_UNSPECIFIED, SECOND_FACTOR_TYPE_OTP, SECOND_FACTOR_TYPE_U2F]

  • multiFactors string[]

    Possible values: [MULTI_FACTOR_TYPE_UNSPECIFIED, MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION]

  • idps object[]
  • Array [
  • idpId string
  • ownerType string

    Possible values: [IDP_OWNER_TYPE_UNSPECIFIED, IDP_OWNER_TYPE_SYSTEM, IDP_OWNER_TYPE_ORG]

    Default value: IDP_OWNER_TYPE_UNSPECIFIED

    the owner of the identity provider.

    • IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
    • IDP_OWNER_TYPE_ORG: org is managed by de organization administrators
  • ]
  • allowDomainDiscovery boolean

    If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.

  • disableLoginWithEmail boolean

    defines if the user can additionally (to the login name) be identified by their verified email address

  • disableLoginWithPhone boolean

    defines if the user can additionally (to the login name) be identified by their verified phone number

Responses

A successful response.

Schema
  • details object
  • sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

  • creationDate date-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

  • changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

  • resourceOwner resource_owner is the organization an object belongs to
Loading...