> ## Documentation Index > Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Update tenant settings > Update settings for a tenant. export const Scopes = ({scopes = []}) => { return

Scopes

{"Scopes define permissions and access levels for API requests and authentication tokens."}

{scopes.map((scope, index) => { return {scope} ; })}
; }; export const ApiReleaseLifecycle = ({releaseLifecycle = 'GA'}) => { const lifecycleMap = { ea: 'Early Access', ga: 'Generally Available', deprecated: 'Deprecated', planned: 'Planned', beta: 'Beta' }; const LIFECYCLE_THEMES = { info: { light: { bg: 'lab(91.896% .077188 -6.94053)', text: 'lab(36.091% 25.9241 -68.0384)' }, dark: { bg: 'lab(16.0426% 6.71726 -27.2409)', text: 'lab(72.6029% 4.08953 -41.9669)' } }, secondary: { light: { bg: 'lab(90.8548% 11.3355 8.01476)', text: 'lab(47.5286% 56.4238 43.4706)' }, dark: { bg: 'lab(16.3609% 37.191 25.6346)', text: 'lab(71.881% 41.5 29.4839)' } }, danger: { light: { bg: 'lab(94.7916% -.0000298023 0)', text: 'lab(54.3656% 0 -.0000119209)' }, dark: { bg: 'lab(13.232% 0 0)', text: 'lab(51.6164% 0 0)' } } }; const LIFECYCLE_THEME_MAP = { ea: 'info', ga: 'info', beta: 'info', deprecated: 'secondary', planned: 'danger' }; const lifecycle = releaseLifecycle.toLocaleLowerCase(); const lifecycleText = lifecycleMap[lifecycle]; if (!lifecycleText) { return null; } const theme = LIFECYCLE_THEMES[LIFECYCLE_THEME_MAP[lifecycle]]; return

Release Lifecycle

{lifecycleText}
; }; ## OpenAPI ````yaml management-api-oas patch /tenants/settings openapi: 3.1.0 info: title: Auth0 Management API description: Auth0 Management API v2. termsOfService: https://auth0.com/web-terms/ contact: name: Auth0 Support url: https://support.auth0.com version: '2.0' servers: - url: https://{tenantDomain}/api/v2 variables: tenantDomain: default: '{TENANT}.auth0.com' description: Auth0 Tenant Domain security: - bearerAuth: [] externalDocs: description: Auth0 Management API Documentation url: https://auth0.com/docs/api/management/v2/ paths: /tenants/settings: patch: tags: - tenants summary: Update tenant settings description: Update settings for a tenant. operationId: patch_settings requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateTenantSettingsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateTenantSettingsRequestContent' responses: '200': description: Tenant settings successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateTenantSettingsResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:tenant_settings.' '429': description: >- Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. security: - bearerAuth: [] - oAuth2ClientCredentials: - update:tenant_settings x-codeSamples: - lang: go label: Update tenant settings source: | package example import ( context "context" client "github.com/auth0/go-auth0/management/management/client" option "github.com/auth0/go-auth0/management/management/option" tenants "github.com/auth0/go-auth0/management/management/tenants" ) func do() { client := client.NewClient( option.WithToken( "", ), ) request := &tenants.UpdateTenantSettingsRequestContent{} client.Tenants.Settings.Update( context.TODO(), request, ) } - lang: typescript label: Update tenant settings source: | import { ManagementClient } from "auth0"; async function main() { const client = new ManagementClient({ token: "", }); await client.tenants.settings.update({}); } main(); - lang: javascript label: Update tenant settings source: | import { ManagementClient } from "auth0"; async function main() { const client = new ManagementClient({ token: "", }); await client.tenants.settings.update({}); } main(); components: schemas: UpdateTenantSettingsRequestContent: type: object additionalProperties: false minProperties: 1 properties: change_password: $ref: '#/components/schemas/TenantSettingsPasswordPage' device_flow: $ref: '#/components/schemas/TenantSettingsDeviceFlow' description: Device Flow configuration. guardian_mfa_page: $ref: '#/components/schemas/TenantSettingsGuardianPage' default_audience: type: string description: Default audience for API Authorization. default: '' default_directory: type: string description: >- Name of connection used for password grants at the `/token` endpoint. The following connection types are supported: LDAP, AD, Database Connections, Passwordless, Windows Azure Active Directory, ADFS. default: '' error_page: $ref: '#/components/schemas/TenantSettingsErrorPage' default_token_quota: $ref: '#/components/schemas/DefaultTokenQuota' x-release-lifecycle: EA flags: $ref: '#/components/schemas/TenantSettingsFlags' friendly_name: type: string description: Friendly name for this tenant. default: My Company picture_url: type: string description: 'URL of logo to be shown for this tenant (recommended size: 150x150)' default: https://mycompany.org/logo.png format: absolute-uri-or-empty support_email: type: string description: End-user support email. default: support@mycompany.org format: email-or-empty support_url: type: string description: End-user support url. default: https://mycompany.org/support format: absolute-uri-or-empty allowed_logout_urls: type: array description: URLs that are valid to redirect to after logout from Auth0. items: type: string format: url-with-placeholders session_lifetime: type: integer description: Number of hours a session will stay valid. default: 168 minimum: 1 session_lifetime_in_minutes: type: integer description: >- Number of minutes a session will stay valid. Cannot be specified together with `session_lifetime`. minimum: 1 idle_session_lifetime: type: integer description: >- Number of hours for which a session can be inactive before the user must log in again. default: 72 minimum: 1 idle_session_lifetime_in_minutes: type: integer description: >- Number of minutes a session can be inactive before the user must log in again. Cannot be specified together with `idle_session_lifetime`. minimum: 1 ephemeral_session_lifetime: type: integer description: >- Number of hours an ephemeral (non-persistent) session will stay valid. default: 72 minimum: 1 idle_ephemeral_session_lifetime: type: integer description: >- Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again. default: 24 minimum: 1 ephemeral_session_lifetime_in_minutes: type: integer description: >- Number of minutes an ephemeral (non-persistent) session will stay valid. Cannot be specified together with `ephemeral_session_lifetime`. minimum: 1 idle_ephemeral_session_lifetime_in_minutes: type: integer description: >- Number of minutes an ephemeral (non-persistent) session can be inactive before the user must log in again. Cannot be specified together with `idle_ephemeral_session_lifetime`. minimum: 1 sandbox_version: type: string description: Selected sandbox version for the extensibility environment default: '22' maxLength: 8 legacy_sandbox_version: type: string description: Selected legacy sandbox version for the extensibility environment maxLength: 8 default_redirection_uri: type: string description: The default absolute redirection uri, must be https format: absolute-https-uri-or-empty enabled_locales: type: array description: Supported locales for the user interface minItems: 1 items: $ref: '#/components/schemas/TenantSettingsSupportedLocalesEnum' security_headers: $ref: '#/components/schemas/TenantSettingsNullableSecurityHeaders' session_cookie: $ref: '#/components/schemas/SessionCookieSchema' sessions: $ref: '#/components/schemas/TenantSettingsSessions' oidc_logout: $ref: '#/components/schemas/TenantOIDCLogoutSettings' customize_mfa_in_postlogin_action: type: - boolean - 'null' description: Whether to enable flexible factors for MFA in the PostLogin action default: false allow_organization_name_in_authentication_api: type: - boolean - 'null' description: >- Whether to accept an organization name instead of an ID on auth endpoints default: false acr_values_supported: type: - array - 'null' description: Supported ACR values minItems: 0 items: type: string format: acr mtls: $ref: '#/components/schemas/TenantSettingsMTLS' pushed_authorization_requests_supported: type: - boolean - 'null' description: Enables the use of Pushed Authorization Requests default: false authorization_response_iss_parameter_supported: type: - boolean - 'null' description: Supports iss parameter in authorization responses default: false skip_non_verifiable_callback_uri_confirmation_prompt: type: - boolean - 'null' description: >- Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information. resource_parameter_profile: $ref: '#/components/schemas/TenantSettingsResourceParameterProfile' x-release-lifecycle: GA client_id_metadata_document_supported: type: boolean description: >- Whether the authorization server supports retrieving client metadata from a client_id URL. default: false x-release-lifecycle: EA enable_ai_guide: type: boolean description: >- Whether Auth0 Guide (AI-powered assistance) is enabled for this tenant. phone_consolidated_experience: type: boolean description: Whether Phone Consolidated Experience is enabled for this tenant. include_session_metadata_in_tenant_logs: type: boolean description: >- Whether session metadata is included in specific tenant logs (slo, oidc_backchannel_logout_failed, oidc_backchannel_logout_succeeded). default: false x-release-lifecycle: EA dynamic_client_registration_security_mode: $ref: >- #/components/schemas/TenantSettingsDynamicClientRegistrationSecurityMode x-release-lifecycle: GA country_codes: $ref: '#/components/schemas/TenantSettingsCountryCodes' UpdateTenantSettingsResponseContent: type: object additionalProperties: false properties: change_password: $ref: '#/components/schemas/TenantSettingsPasswordPage' guardian_mfa_page: $ref: '#/components/schemas/TenantSettingsGuardianPage' default_audience: type: string description: Default audience for API authorization. default: '' default_directory: type: string description: >- Name of connection used for password grants at the `/token`endpoint. The following connection types are supported: LDAP, AD, Database Connections, Passwordless, Windows Azure Active Directory, ADFS. default: '' error_page: $ref: '#/components/schemas/TenantSettingsErrorPage' device_flow: $ref: '#/components/schemas/TenantSettingsDeviceFlow' default_token_quota: $ref: '#/components/schemas/DefaultTokenQuota' x-release-lifecycle: EA flags: $ref: '#/components/schemas/TenantSettingsFlags' friendly_name: type: string description: Friendly name for this tenant. default: My Company picture_url: type: string description: 'URL of logo to be shown for this tenant (recommended size: 150x150)' default: https://mycompany.org/logo.png format: absolute-uri-or-empty support_email: type: string description: End-user support email address. default: support@mycompany.org format: email-or-empty support_url: type: string description: End-user support URL. default: https://mycompany.org/support format: absolute-uri-or-empty allowed_logout_urls: type: array description: URLs that are valid to redirect to after logout from Auth0. items: type: string format: url session_lifetime: type: number description: Number of hours a session will stay valid. default: 168 idle_session_lifetime: type: number description: >- Number of hours for which a session can be inactive before the user must log in again. default: 72 ephemeral_session_lifetime: type: number description: >- Number of hours an ephemeral (non-persistent) session will stay valid. default: 72 minimum: 1 idle_ephemeral_session_lifetime: type: number description: >- Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again. default: 24 minimum: 1 sandbox_version: type: string description: Selected sandbox version for the extensibility environment. default: '22' legacy_sandbox_version: type: string description: Selected sandbox version for rules and hooks extensibility. default: '' sandbox_versions_available: type: array description: Available sandbox versions for the extensibility environment. items: type: string default_redirection_uri: type: string description: The default absolute redirection uri, must be https enabled_locales: type: array description: Supported locales for the user interface. items: $ref: '#/components/schemas/SupportedLocales' security_headers: $ref: '#/components/schemas/TenantSettingsNullableSecurityHeaders' session_cookie: $ref: '#/components/schemas/SessionCookieSchema' sessions: $ref: '#/components/schemas/TenantSettingsSessions' oidc_logout: $ref: '#/components/schemas/TenantOIDCLogoutSettings' allow_organization_name_in_authentication_api: type: boolean description: >- Whether to accept an organization name instead of an ID on auth endpoints default: false customize_mfa_in_postlogin_action: type: boolean description: Whether to enable flexible factors for MFA in the PostLogin action default: false acr_values_supported: type: - array - 'null' description: Supported ACR values minItems: 0 items: type: string format: acr mtls: $ref: '#/components/schemas/TenantSettingsMTLS' pushed_authorization_requests_supported: type: boolean description: Enables the use of Pushed Authorization Requests default: false authorization_response_iss_parameter_supported: type: - boolean - 'null' description: Supports iss parameter in authorization responses default: false skip_non_verifiable_callback_uri_confirmation_prompt: type: - boolean - 'null' description: >- Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information. resource_parameter_profile: $ref: '#/components/schemas/TenantSettingsResourceParameterProfile' x-release-lifecycle: GA client_id_metadata_document_supported: type: boolean description: >- Whether the authorization server supports retrieving client metadata from a client_id URL. default: false x-release-lifecycle: EA phone_consolidated_experience: type: boolean description: Whether Phone Consolidated Experience is enabled for this tenant. enable_ai_guide: type: boolean description: >- Whether Auth0 Guide (AI-powered assistance) is enabled for this tenant. include_session_metadata_in_tenant_logs: type: boolean description: >- Whether session metadata is included in specific tenant logs (slo, oidc_backchannel_logout_failed, oidc_backchannel_logout_succeeded). default: false x-release-lifecycle: EA dynamic_client_registration_security_mode: $ref: >- #/components/schemas/TenantSettingsDynamicClientRegistrationSecurityMode x-release-lifecycle: GA country_codes: $ref: '#/components/schemas/TenantSettingsCountryCodesResponse' TenantSettingsPasswordPage: type: - object - 'null' description: Change Password page customization. additionalProperties: false properties: enabled: type: boolean description: >- Whether to use the custom change password HTML (true) or the default Auth0 page (false). Default is to use the Auth0 page. default: false html: type: string description: >- Custom change password HTML (Liquid syntax supported). default: '' TenantSettingsDeviceFlow: type: - object - 'null' description: Device Flow configuration additionalProperties: false properties: charset: $ref: '#/components/schemas/TenantSettingsDeviceFlowCharset' mask: type: string description: >- Mask used to format a generated User Code into a friendly, readable format. default: '****-****' maxLength: 20 TenantSettingsGuardianPage: type: - object - 'null' description: Guardian page customization. additionalProperties: false properties: enabled: type: boolean description: >- Whether to use the custom Guardian HTML (true) or the default Auth0 page (false, default) default: false html: type: string description: ' Custom Guardian HTML (Liquid syntax is supported).' default: '' TenantSettingsErrorPage: type: - object - 'null' description: Error page customization. additionalProperties: false properties: html: type: string description: >- Custom Error HTML (Liquid syntax is supported). default: '' show_log_link: type: boolean description: >- Whether to show the link to log as part of the default error page (true, default) or not to show the link (false). default: false url: type: string description: >- URL to redirect to when an error occurs instead of showing the default error page. default: https://mycompany.org/error format: absolute-uri-or-empty DefaultTokenQuota: type: - object - 'null' description: >- Token Quota configuration, to configure quotas for token issuance for clients and organizations. Applied to all clients and organizations unless overridden in individual client or organization settings. additionalProperties: false minProperties: 1 x-release-lifecycle: EA properties: clients: $ref: '#/components/schemas/TokenQuotaConfiguration' organizations: $ref: '#/components/schemas/TokenQuotaConfiguration' TenantSettingsFlags: type: object description: Flags used to change the behavior of this tenant. additionalProperties: false properties: change_pwd_flow_v1: type: boolean description: >- Whether to use the older v1 change password flow (true, not recommended except for backward compatibility) or the newer safer flow (false, recommended). default: false enable_apis_section: type: boolean description: Whether the APIs section is enabled (true) or disabled (false). default: false disable_impersonation: type: boolean description: >- Whether the impersonation functionality has been disabled (true) or not (false). Read-only. default: false enable_client_connections: type: boolean description: >- Whether all current connections should be enabled when a new client (application) is created (true, default) or not (false). default: true enable_pipeline2: type: boolean description: >- Whether advanced API Authorization scenarios are enabled (true) or disabled (false). default: true allow_legacy_delegation_grant_types: type: boolean description: If enabled, clients are able to add legacy delegation grants. allow_legacy_ro_grant_types: type: boolean description: If enabled, clients are able to add legacy RO grants. allow_legacy_tokeninfo_endpoint: type: boolean description: >- Whether the legacy `/tokeninfo` endpoint is enabled for your account (true) or unavailable (false). enable_legacy_profile: type: boolean description: >- Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false). enable_idtoken_api2: type: boolean description: >- Whether ID tokens can be used to authorize some types of requests to API v2 (true) not not (false). enable_public_signup_user_exists_error: type: boolean description: >- Whether the public sign up process shows a user_exists error (true) or a generic error (false) if the user already exists. enable_sso: type: boolean description: >- Whether users are prompted to confirm log in before SSO redirection (false) or are not prompted (true). allow_changing_enable_sso: type: boolean description: >- Whether the `enable_sso` setting can be changed (true) or not (false). disable_clickjack_protection_headers: type: boolean description: >- Whether classic Universal Login prompts include additional security headers to prevent clickjacking (true) or no safeguard (false). no_disclose_enterprise_connections: type: boolean description: >- Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file. enforce_client_authentication_on_passwordless_start: type: boolean description: Enforce client authentication for passwordless start. enable_adfs_waad_email_verification: type: boolean description: >- Enables the email verification flow during login for Azure AD and ADFS connections revoke_refresh_token_grant: type: boolean description: >- Delete underlying grant when a Refresh Token is revoked via the Authentication API. dashboard_log_streams_next: type: boolean description: Enables beta access to log streaming changes dashboard_insights_view: type: boolean description: Enables new insights activity page view disable_fields_map_fix: type: boolean description: >- Disables SAML fields map fix for bad mappings with repeated attributes mfa_show_factor_list_on_enrollment: type: boolean description: >- Used to allow users to pick what factor to enroll of the available MFA factors. remove_alg_from_jwks: type: boolean description: Removes alg property from jwks .well-known endpoint improved_signup_bot_detection_in_classic: type: boolean description: Improves bot detection during signup in classic universal login genai_trial: type: boolean description: This tenant signed up for the Auth4GenAI trail enable_dynamic_client_registration: type: boolean description: >- Whether third-party developers can dynamically register applications for your APIs (true) or not (false). This flag enables dynamic client registration. default: false disable_management_api_sms_obfuscation: type: boolean description: >- If true, SMS phone numbers will not be obfuscated in Management API GET calls. default: true trust_azure_adfs_email_verified_connection_property: type: boolean description: >- Changes email_verified behavior for Azure AD/ADFS connections when enabled. Sets email_verified to false otherwise. default: false custom_domains_provisioning: type: boolean description: If true, custom domains feature will be enabled for tenant. default: false TenantSettingsSupportedLocalesEnum: type: string enum: - am - ar - ar-EG - ar-SA - az - bg - bn - bs - ca-ES - cnr - cs - cy - da - de - el - en - en-CA - es - es-419 - es-AR - es-MX - et - eu-ES - fa - fi - fr - fr-CA - fr-FR - gl-ES - gu - he - hi - hr - hu - hy - id - is - it - ja - ka - kk - kn - ko - lt - lv - mk - ml - mn - mr - ms - my - nb - nl - nn - 'no' - pa - pl - pt - pt-BR - pt-PT - ro - ru - sk - sl - so - sq - sr - sv - sw - ta - te - th - tl - tr - uk - ur - vi - zgh - zh-CN - zh-HK - zh-MO - zh-TW TenantSettingsNullableSecurityHeaders: type: - object - 'null' description: Security headers configuration for tenant responses. additionalProperties: false properties: content_security_policy: $ref: '#/components/schemas/ContentSecurityPolicyConfig' x_xss_protection: $ref: '#/components/schemas/XssProtectionConfig' SessionCookieSchema: type: - object - 'null' description: Session cookie configuration additionalProperties: false required: - mode properties: mode: $ref: '#/components/schemas/SessionCookieModeEnum' TenantSettingsSessions: type: - object - 'null' description: Sessions related settings for tenant additionalProperties: false properties: oidc_logout_prompt_enabled: type: boolean description: >- Whether to bypass prompting logic (false) when performing OIDC Logout default: true TenantOIDCLogoutSettings: type: object description: Settings related to OIDC RP-initiated Logout additionalProperties: false properties: rp_logout_end_session_endpoint_discovery: type: boolean description: >- Enable the end_session_endpoint URL in the .well-known discovery configuration default: true TenantSettingsMTLS: type: - object - 'null' description: mTLS configuration. additionalProperties: false properties: enable_endpoint_aliases: type: boolean description: If true, enables mTLS endpoint aliases default: false TenantSettingsResourceParameterProfile: type: string description: >- Profile that determines how the identity of the protected resource (i.e., API) can be specified in the OAuth endpoints when access is being requested. When set to audience (default), the audience parameter is used to specify the resource server. When set to compatibility, the audience parameter is still checked first, but if it not provided, then the resource parameter can be used to specify the resource server. default: audience enum: - audience - compatibility x-release-lifecycle: GA TenantSettingsDynamicClientRegistrationSecurityMode: type: string description: >- Sets the `third_party_security_mode` assigned to clients created via Dynamic Client Registration. `strict` applies enhanced security controls. `permissive` preserves pre-existing behavior and is only available to tenants with prior third-party client usage. enum: - strict - permissive x-release-lifecycle: GA TenantSettingsCountryCodes: type: - object - 'null' description: Phone country code configuration for identifier input. additionalProperties: false properties: list: type: array description: Array of ISO 3166-1 alpha-2 country codes. items: type: string minLength: 2 maxLength: 2 pattern: ^[A-Z]{2}$ mode: $ref: '#/components/schemas/TenantSettingsCountryCodesMode' SupportedLocales: type: string enum: - am - ar - ar-EG - ar-SA - az - bg - bn - bs - ca-ES - cnr - cs - cy - da - de - el - en - en-CA - es - es-419 - es-AR - es-MX - et - eu-ES - fa - fi - fr - fr-CA - fr-FR - gl-ES - gu - he - hi - hr - hu - hy - id - is - it - ja - ka - kk - kn - ko - lt - lv - mk - ml - mn - mr - ms - my - nb - nl - nn - 'no' - pa - pl - pt - pt-BR - pt-PT - ro - ru - sk - sl - so - sq - sr - sv - sw - ta - te - th - tl - tr - uk - ur - vi - zgh - zh-CN - zh-HK - zh-MO - zh-TW TenantSettingsCountryCodesResponse: type: object description: Phone country code configuration for identifier input. additionalProperties: false properties: list: type: array description: Array of ISO 3166-1 alpha-2 country codes. items: type: string minLength: 2 maxLength: 2 pattern: ^[A-Z]{2}$ mode: $ref: '#/components/schemas/TenantSettingsCountryCodesModeResponse' TenantSettingsDeviceFlowCharset: type: string description: Character set used to generate a User Code. Can be `base20` or `digits`. default: base20 enum: - base20 - digits TokenQuotaConfiguration: type: object additionalProperties: true required: - client_credentials properties: client_credentials: $ref: '#/components/schemas/TokenQuotaClientCredentials' ContentSecurityPolicyConfig: type: - object - 'null' description: Content Security Policy configuration with multi-policy support. additionalProperties: false properties: enabled: type: boolean description: Whether CSP is enabled. policies: $ref: '#/components/schemas/CspPolicies' reporting_infrastructure: $ref: '#/components/schemas/CspReportingInfrastructure' XssProtectionConfig: type: - object - 'null' description: >- X-XSS-Protection header configuration (deprecated header, use CSP instead). additionalProperties: false properties: enabled: type: boolean description: Whether X-XSS-Protection header is enabled. mode: $ref: '#/components/schemas/XssProtectionMode' report_uri: type: string description: HTTPS endpoint for X-XSS-Protection violation reports. SessionCookieModeEnum: type: string description: Behavior of the session cookie default: persistent enum: - persistent - non-persistent TenantSettingsCountryCodesMode: type: string description: Whether the list is an allowlist or denylist. enum: - allow - deny TenantSettingsCountryCodesModeResponse: type: string description: Whether the list is an allowlist or denylist. enum: - allow - deny TokenQuotaClientCredentials: type: object description: The token quota configuration additionalProperties: false minProperties: 1 properties: enforce: type: boolean description: >- If enabled, the quota will be enforced and requests in excess of the quota will fail. If disabled, the quota will not be enforced, but notifications for requests exceeding the quota will be available in logs. per_day: type: integer description: Maximum number of issued tokens per day minimum: 1 maximum: 2147483647 per_hour: type: integer description: Maximum number of issued tokens per hour minimum: 1 maximum: 2147483647 CspPolicies: type: array description: Array of CSP policies (enforcing and/or reporting). items: $ref: '#/components/schemas/CspPolicy' CspReportingInfrastructure: type: - object - 'null' description: Global reporting infrastructure configuration. additionalProperties: false properties: report_to: $ref: '#/components/schemas/CspReportTo' reporting_endpoints: $ref: '#/components/schemas/CspReportingEndpoints' XssProtectionMode: type: string description: 'X-XSS-Protection mode: block.' enum: - block CspPolicy: type: object description: >- A single CSP policy with mode, directives, flags, and optional reporting. additionalProperties: false properties: mode: $ref: '#/components/schemas/CspPolicyMode' directives: $ref: '#/components/schemas/CspDirectives' flags: $ref: '#/components/schemas/CspFlags' reporting: $ref: '#/components/schemas/CspPolicyReporting' CspReportTo: type: - object - 'null' description: Report-To header configuration. additionalProperties: false properties: group: type: string description: Reporting group identifier. max_age: type: integer description: Maximum age in seconds for the Report-To header. endpoints: $ref: '#/components/schemas/CspReportToEndpoints' CspReportingEndpoints: type: object description: Reporting-Endpoints header configuration (key-value pairs). additionalProperties: type: string CspPolicyMode: type: string description: 'Policy mode: enforcing or reporting.' enum: - enforcing - reporting CspDirectives: type: object description: >- CSP directives map. Keys are directive names, values are arrays of directive values. additionalProperties: type: array items: type: string maxLength: 2048 maxProperties: 30 CspFlags: type: array description: CSP flags (bare directives without values). items: $ref: '#/components/schemas/CspFlag' CspPolicyReporting: type: - object - 'null' description: Per-policy reporting configuration. additionalProperties: false properties: report_uri: type: string description: HTTPS endpoint for CSP violation reports. report_to_group: type: string description: Report-To group name for modern reporting. CspReportToEndpoints: type: array description: Array of reporting endpoints. items: $ref: '#/components/schemas/CspReportToEndpoint' CspFlag: type: string enum: - upgrade-insecure-requests - block-all-mixed-content CspReportToEndpoint: type: object description: A single reporting endpoint. additionalProperties: false properties: url: type: string description: HTTPS URL for the reporting endpoint. securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: jwt oAuth2ClientCredentials: type: oauth2 flows: clientCredentials: tokenUrl: /oauth/token/ x-form-parameters: audience: /api/v2/ scopes: create:actions: Create Actions read:actions: Read Actions update:actions: Update Actions delete:actions: Delete Actions read:anomaly_blocks: Read Anomaly Blocks delete:anomaly_blocks: Delete Anomaly Blocks read:attack_protection: Read Attack Protection update:attack_protection: Update Attack Protection create:authentication_methods: Create Authentication Methods read:authentication_methods: Read Authentication Methods update:authentication_methods: Update Authentication Methods delete:authentication_methods: Delete Authentication Methods read:branding: Read Branding update:branding: Update Branding delete:branding: Delete Branding create:client_credentials: Create Client Credentials read:client_credentials: Read Client Credentials update:client_credentials: Update Client Credentials delete:client_credentials: Delete Client Credentials create:client_grants: Create Client Grants read:client_grants: Read Client Grants update:client_grants: Update Client Grants delete:client_grants: Delete Client Grants read:client_keys: Read Client Keys update:client_keys: Update Client Keys read:client_summary: Read Client Summary update:client_token_vault_privileged_access: Update Client Token Vault Privileged Access create:clients: Create Clients read:clients: Read Clients update:clients: Update Clients delete:clients: Delete Clients create:connection_profiles: Create Connection Profiles read:connection_profiles: Read Connection Profiles update:connection_profiles: Update Connection Profiles delete:connection_profiles: Delete Connection Profiles create:connections: Create Connections read:connections: Read Connections update:connections: Update Connections delete:connections: Delete Connections create:connections_keys: Create Connections Keys read:connections_keys: Read Connections Keys update:connections_keys: Update Connections Keys read:current_user: Read Current User delete:current_user: Delete Current User create:current_user_device_credentials: Create Current User Device Credentials delete:current_user_device_credentials: Delete Current User Device Credentials update:current_user_identities: Update Current User Identities update:current_user_metadata: Update Current User Metadata create:custom_domains: Create Custom Domains read:custom_domains: Read Custom Domains update:custom_domains: Update Custom Domains delete:custom_domains: Delete Custom Domains create:custom_signing_keys: Create Custom Signing Keys read:custom_signing_keys: Read Custom Signing Keys update:custom_signing_keys: Update Custom Signing Keys delete:custom_signing_keys: Delete Custom Signing Keys read:device_credentials: Read Device Credentials delete:device_credentials: Delete Device Credentials create:directory_provisionings: Create Directory Provisionings read:directory_provisionings: Read Directory Provisionings update:directory_provisionings: Update Directory Provisionings delete:directory_provisionings: Delete Directory Provisionings create:email_provider: Create Email Provider read:email_provider: Read Email Provider update:email_provider: Update Email Provider delete:email_provider: Delete Email Provider create:email_templates: Create Email Templates read:email_templates: Read Email Templates update:email_templates: Update Email Templates create:encryption_keys: Create Encryption Keys read:encryption_keys: Read Encryption Keys update:encryption_keys: Update Encryption Keys delete:encryption_keys: Delete Encryption Keys read:event_deliveries: Read Event Deliveries update:event_deliveries: Update Event Deliveries create:event_streams: Create Event Streams read:event_streams: Read Event Streams update:event_streams: Update Event Streams delete:event_streams: Delete Event Streams read:events: Read Events create:experimentation: Create Experimentation read:experimentation: Read Experimentation update:experimentation: Update Experimentation delete:experimentation: Delete Experimentation read:federated_connections_tokens: Read Federated Connections Tokens delete:federated_connections_tokens: Delete Federated Connections Tokens create:flows: Create Flows read:flows: Read Flows update:flows: Update Flows delete:flows: Delete Flows read:flows_executions: Read Flows Executions delete:flows_executions: Delete Flows Executions create:flows_vault_connections: Create Flows Vault Connections read:flows_vault_connections: Read Flows Vault Connections update:flows_vault_connections: Update Flows Vault Connections delete:flows_vault_connections: Delete Flows Vault Connections create:forms: Create Forms read:forms: Read Forms update:forms: Update Forms delete:forms: Delete Forms read:grants: Read Grants delete:grants: Delete Grants read:group_members: Read Group Members create:group_roles: Create Group Roles read:group_roles: Read Group Roles delete:group_roles: Delete Group Roles read:groups: Read Groups delete:groups: Delete Groups create:guardian_enrollment_tickets: Create Guardian Enrollment Tickets read:guardian_enrollments: Read Guardian Enrollments delete:guardian_enrollments: Delete Guardian Enrollments read:guardian_factors: Read Guardian Factors update:guardian_factors: Update Guardian Factors create:hooks: Create Hooks read:hooks: Read Hooks update:hooks: Update Hooks delete:hooks: Delete Hooks create:log_streams: Create Log Streams read:log_streams: Read Log Streams update:log_streams: Update Log Streams delete:log_streams: Delete Log Streams read:logs: Read Logs read:logs_users: Read Logs Users read:mfa_policies: Read Mfa Policies update:mfa_policies: Update Mfa Policies create:network_acls: Create Network Acls read:network_acls: Read Network Acls update:network_acls: Update Network Acls delete:network_acls: Delete Network Acls create:organization_client_grants: Create Organization Client Grants read:organization_client_grants: Read Organization Client Grants delete:organization_client_grants: Delete Organization Client Grants create:organization_connections: Create Organization Connections read:organization_connections: Read Organization Connections update:organization_connections: Update Organization Connections delete:organization_connections: Delete Organization Connections create:organization_discovery_domains: Create Organization Discovery Domains read:organization_discovery_domains: Read Organization Discovery Domains update:organization_discovery_domains: Update Organization Discovery Domains delete:organization_discovery_domains: Delete Organization Discovery Domains create:organization_group_roles: Create Organization Group Roles read:organization_group_roles: Read Organization Group Roles delete:organization_group_roles: Delete Organization Group Roles read:organization_groups: Read Organization Groups create:organization_invitations: Create Organization Invitations read:organization_invitations: Read Organization Invitations delete:organization_invitations: Delete Organization Invitations read:organization_member_effective_roles: Read Organization Member Effective Roles read:organization_member_role_source_groups: Read Organization Member Role Source Groups create:organization_member_roles: Create Organization Member Roles read:organization_member_roles: Read Organization Member Roles delete:organization_member_roles: Delete Organization Member Roles create:organization_members: Create Organization Members read:organization_members: Read Organization Members delete:organization_members: Delete Organization Members create:organizations: Create Organizations read:organizations: Read Organizations update:organizations: Update Organizations delete:organizations: Delete Organizations read:organizations_summary: Read Organizations Summary create:phone_providers: Create Phone Providers read:phone_providers: Read Phone Providers update:phone_providers: Update Phone Providers delete:phone_providers: Delete Phone Providers create:phone_templates: Create Phone Templates read:phone_templates: Read Phone Templates update:phone_templates: Update Phone Templates delete:phone_templates: Delete Phone Templates read:prompts: Read Prompts update:prompts: Update Prompts create:rate_limit_policies: Create Rate Limit Policies read:rate_limit_policies: Read Rate Limit Policies update:rate_limit_policies: Update Rate Limit Policies delete:rate_limit_policies: Delete Rate Limit Policies read:refresh_tokens: Read Refresh Tokens update:refresh_tokens: Update Refresh Tokens delete:refresh_tokens: Delete Refresh Tokens create:resource_servers: Create Resource Servers read:resource_servers: Read Resource Servers update:resource_servers: Update Resource Servers delete:resource_servers: Delete Resource Servers create:role_members: Create Role Members read:role_members: Read Role Members delete:role_members: Delete Role Members create:roles: Create Roles read:roles: Read Roles update:roles: Update Roles delete:roles: Delete Roles create:rules: Create Rules read:rules: Read Rules update:rules: Update Rules delete:rules: Delete Rules read:rules_configs: Read Rules Configs update:rules_configs: Update Rules Configs delete:rules_configs: Delete Rules Configs create:scim_config: Create Scim Config read:scim_config: Read Scim Config update:scim_config: Update Scim Config delete:scim_config: Delete Scim Config create:scim_token: Create Scim Token read:scim_token: Read Scim Token delete:scim_token: Delete Scim Token read:self_service_profile_custom_texts: Read Self Service Profile Custom Texts update:self_service_profile_custom_texts: Update Self Service Profile Custom Texts create:self_service_profiles: Create Self Service Profiles read:self_service_profiles: Read Self Service Profiles update:self_service_profiles: Update Self Service Profiles delete:self_service_profiles: Delete Self Service Profiles read:sessions: Read Sessions update:sessions: Update Sessions delete:sessions: Delete Sessions create:signing_keys: Create Signing Keys read:signing_keys: Read Signing Keys update:signing_keys: Update Signing Keys create:sso_access_tickets: Create Sso Access Tickets delete:sso_access_tickets: Delete Sso Access Tickets read:stats: Read Stats read:tenant_settings: Read Tenant Settings update:tenant_settings: Update Tenant Settings create:token_exchange_profiles: Create Token Exchange Profiles read:token_exchange_profiles: Read Token Exchange Profiles update:token_exchange_profiles: Update Token Exchange Profiles delete:token_exchange_profiles: Delete Token Exchange Profiles create:user_attribute_profiles: Create User Attribute Profiles read:user_attribute_profiles: Read User Attribute Profiles update:user_attribute_profiles: Update User Attribute Profiles delete:user_attribute_profiles: Delete User Attribute Profiles read:user_effective_permissions: Read User Effective Permissions read:user_effective_roles: Read User Effective Roles read:user_idp_tokens: Read User Idp Tokens read:user_permission_source_roles: Read User Permission Source Roles read:user_role_source_groups: Read User Role Source Groups create:user_tickets: Create User Tickets create:users: Create Users read:users: Read Users update:users: Update Users delete:users: Delete Users update:users_app_metadata: Update Users App Metadata create:vdcs_templates: Create Vdcs Templates read:vdcs_templates: Read Vdcs Templates update:vdcs_templates: Update Vdcs Templates delete:vdcs_templates: Delete Vdcs Templates ````