Update Custom Login Settings
Change the login settings for the organization, that overwrites the default settings for this organization. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI.
Header Parameters
- x-zitadel-orgid string
The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.
- application/json
- application/grpc
- application/grpc-web+proto
Request Body required
- allowUsernamePassword boolean
- allowRegister boolean
- allowExternalIdp boolean
- forceMfa boolean
- passwordlessType - PASSWORDLESS_TYPE_ALLOWED: PLANNED: PASSWORDLESS_TYPE_WITH_CERT
Possible values: [
PASSWORDLESS_TYPE_NOT_ALLOWED
,PASSWORDLESS_TYPE_ALLOWED
]Default value:
PASSWORDLESS_TYPE_NOT_ALLOWED
- hidePasswordReset boolean
- ignoreUnknownUsernames boolean
defines if unknown username on login screen directly returns an error or always displays the password screen
- defaultRedirectUri string
defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- passwordCheckLifetime string
- externalLoginCheckLifetime string
- mfaInitSkipLifetime string
- secondFactorCheckLifetime string
- multiFactorCheckLifetime string
- allowDomainDiscovery boolean
If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
- disableLoginWithEmail boolean
defines if the user can additionally (to the login name) be identified by their verified email address
- disableLoginWithPhone boolean
defines if the user can additionally (to the login name) be identified by their verified phone number
Request Body required
- allowUsernamePassword boolean
- allowRegister boolean
- allowExternalIdp boolean
- forceMfa boolean
- passwordlessType - PASSWORDLESS_TYPE_ALLOWED: PLANNED: PASSWORDLESS_TYPE_WITH_CERT
Possible values: [
PASSWORDLESS_TYPE_NOT_ALLOWED
,PASSWORDLESS_TYPE_ALLOWED
]Default value:
PASSWORDLESS_TYPE_NOT_ALLOWED
- hidePasswordReset boolean
- ignoreUnknownUsernames boolean
defines if unknown username on login screen directly returns an error or always displays the password screen
- defaultRedirectUri string
defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- passwordCheckLifetime string
- externalLoginCheckLifetime string
- mfaInitSkipLifetime string
- secondFactorCheckLifetime string
- multiFactorCheckLifetime string
- allowDomainDiscovery boolean
If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
- disableLoginWithEmail boolean
defines if the user can additionally (to the login name) be identified by their verified email address
- disableLoginWithPhone boolean
defines if the user can additionally (to the login name) be identified by their verified phone number
Request Body required
- allowUsernamePassword boolean
- allowRegister boolean
- allowExternalIdp boolean
- forceMfa boolean
- passwordlessType - PASSWORDLESS_TYPE_ALLOWED: PLANNED: PASSWORDLESS_TYPE_WITH_CERT
Possible values: [
PASSWORDLESS_TYPE_NOT_ALLOWED
,PASSWORDLESS_TYPE_ALLOWED
]Default value:
PASSWORDLESS_TYPE_NOT_ALLOWED
- hidePasswordReset boolean
- ignoreUnknownUsernames boolean
defines if unknown username on login screen directly returns an error or always displays the password screen
- defaultRedirectUri string
defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- passwordCheckLifetime string
- externalLoginCheckLifetime string
- mfaInitSkipLifetime string
- secondFactorCheckLifetime string
- multiFactorCheckLifetime string
- allowDomainDiscovery boolean
If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
- disableLoginWithEmail boolean
defines if the user can additionally (to the login name) be identified by their verified email address
- disableLoginWithPhone boolean
defines if the user can additionally (to the login name) be identified by their verified phone number
- 200
- default
A successful response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
details object
sequence uint64on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-timeon read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-timeon read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
{
"details": {
"sequence": "2",
"creationDate": "2023-05-12",
"changeDate": "2023-05-12",
"resourceOwner": "69629023906488334"
}
}
- Schema
- Example (from schema)
Schema
details object
sequence uint64on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-timeon read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-timeon read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
{
"details": {
"sequence": "2",
"creationDate": "2023-05-12",
"changeDate": "2023-05-12",
"resourceOwner": "69629023906488334"
}
}
- Schema
- Example (from schema)
Schema
details object
sequence uint64on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-timeon read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-timeon read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
{
"details": {
"sequence": "2",
"creationDate": "2023-05-12",
"changeDate": "2023-05-12",
"resourceOwner": "69629023906488334"
}
}
An unexpected error response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
- code int32
- message string
details object[]
Array [@type string]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
- code int32
- message string
details object[]
Array [@type string]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
- code int32
- message string
details object[]
Array [@type string]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}