Skip to main content
GET
/
tenants
/
settings
TypeScript
import { ManagementClient } from "auth0";

async function main() {
    const client = new ManagementClient({
        token: "<token>",
    });
    await client.tenants.settings.get({
        fields: "fields",
        includeFields: true,
    });
}
main();
{
  "change_password": {
    "enabled": false,
    "html": ""
  },
  "guardian_mfa_page": {
    "enabled": false,
    "html": ""
  },
  "default_audience": "",
  "default_directory": "",
  "error_page": {
    "html": "",
    "show_log_link": false,
    "url": "https://mycompany.org/error"
  },
  "device_flow": {
    "charset": "base20",
    "mask": "****-****"
  },
  "default_token_quota": {
    "clients": {
      "client_credentials": {
        "enforce": true,
        "per_day": 1073741824,
        "per_hour": 1073741824
      }
    },
    "organizations": {
      "client_credentials": {
        "enforce": true,
        "per_day": 1073741824,
        "per_hour": 1073741824
      }
    }
  },
  "flags": {
    "change_pwd_flow_v1": false,
    "enable_apis_section": false,
    "disable_impersonation": false,
    "enable_client_connections": true,
    "enable_pipeline2": true,
    "allow_legacy_delegation_grant_types": true,
    "allow_legacy_ro_grant_types": true,
    "allow_legacy_tokeninfo_endpoint": true,
    "enable_legacy_profile": true,
    "enable_idtoken_api2": true,
    "enable_public_signup_user_exists_error": true,
    "enable_sso": true,
    "allow_changing_enable_sso": true,
    "disable_clickjack_protection_headers": true,
    "no_disclose_enterprise_connections": true,
    "enforce_client_authentication_on_passwordless_start": true,
    "enable_adfs_waad_email_verification": true,
    "revoke_refresh_token_grant": true,
    "dashboard_log_streams_next": true,
    "dashboard_insights_view": true,
    "disable_fields_map_fix": true,
    "mfa_show_factor_list_on_enrollment": true,
    "remove_alg_from_jwks": true,
    "improved_signup_bot_detection_in_classic": true,
    "genai_trial": true,
    "enable_dynamic_client_registration": false,
    "disable_management_api_sms_obfuscation": true,
    "trust_azure_adfs_email_verified_connection_property": false,
    "custom_domains_provisioning": false
  },
  "friendly_name": "My Company",
  "picture_url": "https://mycompany.org/logo.png",
  "support_email": "support@mycompany.org",
  "support_url": "https://mycompany.org/support",
  "allowed_logout_urls": [
    "<string>"
  ],
  "session_lifetime": 168,
  "idle_session_lifetime": 72,
  "ephemeral_session_lifetime": 72,
  "idle_ephemeral_session_lifetime": 24,
  "sandbox_version": "22",
  "legacy_sandbox_version": "",
  "sandbox_versions_available": [
    "<string>"
  ],
  "default_redirection_uri": "<string>",
  "enabled_locales": [
    "am"
  ],
  "session_cookie": {
    "mode": "persistent"
  },
  "sessions": {
    "oidc_logout_prompt_enabled": true
  },
  "oidc_logout": {
    "rp_logout_end_session_endpoint_discovery": true
  },
  "allow_organization_name_in_authentication_api": false,
  "customize_mfa_in_postlogin_action": false,
  "acr_values_supported": [
    "<string>"
  ],
  "mtls": {
    "enable_endpoint_aliases": false
  },
  "pushed_authorization_requests_supported": false,
  "authorization_response_iss_parameter_supported": false,
  "skip_non_verifiable_callback_uri_confirmation_prompt": true,
  "resource_parameter_profile": "audience",
  "phone_consolidated_experience": true,
  "enable_ai_guide": true
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Query Parameters

fields
string

Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.

Pattern: ^((allowed_logout_urls)|(change_password)|(default_token_quota)|(error_page)|(flags)|(friendly_name)|(picture_url)|(support_email)|(support_url)|(session_lifetime)|(default_audience)|(default_directory)|(device_flow)|(idle_session_lifetime)|(ephemeral_session_lifetime)|(idle_ephemeral_session_lifetime)|(default_redirection_uri)|(universal_login)|(universal_login\.colors)|(universal_login\.passwordless)|(enabled_locales)|(session_cookie)|(sessions)|(oidc_logout)|(allow_organization_name_in_authentication_api)|(mtls)|(customize_mfa_in_postlogin_action)|(skip_non_verifiable_callback_uri_confirmation_prompt)|(resource_parameter_profile)|(enable_ai_guide)|(client_id_metadata_document_supported)|(phone_consolidated_experience))(,((allowed_logout_urls)|(change_password)|(default_token_quota)|(error_page)|(flags)|(friendly_name)|(picture_url)|(support_email)|(support_url)|(session_lifetime)|(default_audience)|(default_directory)|(device_flow)|(idle_session_lifetime)|(ephemeral_session_lifetime)|(idle_ephemeral_session_lifetime)|(default_redirection_uri)|(universal_login)|(universal_login\.colors)|(universal_login\.passwordless)|(enabled_locales)|(session_cookie)|(sessions)|(oidc_logout)|(allow_organization_name_in_authentication_api)|(mtls)|(customize_mfa_in_postlogin_action)|(skip_non_verifiable_callback_uri_confirmation_prompt)|(resource_parameter_profile)|(enable_ai_guide)|(client_id_metadata_document_supported)|(phone_consolidated_experience)))*$
include_fields
boolean

Whether specified fields are to be included (true) or excluded (false).

Response

Tenant settings successfully retrieved.

change_password
object

Change Password page customization.

guardian_mfa_page
object

Guardian page customization.

default_audience
string
default:""

Default audience for API authorization.

default_directory
string
default:""

Name of connection used for password grants at the /tokenendpoint. The following connection types are supported: LDAP, AD, Database Connections, Passwordless, Windows Azure Active Directory, ADFS.

error_page
object

Error page customization.

device_flow
object

Device Flow configuration

default_token_quota
object

Token Quota configuration, to configure quotas for token issuance for clients and organizations. Applied to all clients and organizations unless overridden in individual client or organization settings.

flags
object

Flags used to change the behavior of this tenant.

friendly_name
string
default:My Company

Friendly name for this tenant.

picture_url
string<absolute-uri-or-empty>
default:https://mycompany.org/logo.png

URL of logo to be shown for this tenant (recommended size: 150x150)

support_email
string<email-or-empty>
default:support@mycompany.org

End-user support email address.

support_url
string<absolute-uri-or-empty>
default:https://mycompany.org/support

End-user support URL.

allowed_logout_urls
string<url>[]

URLs that are valid to redirect to after logout from Auth0.

session_lifetime
number
default:168

Number of hours a session will stay valid.

idle_session_lifetime
number
default:72

Number of hours for which a session can be inactive before the user must log in again.

ephemeral_session_lifetime
number
default:72

Number of hours an ephemeral (non-persistent) session will stay valid.

Required range: x >= 1
idle_ephemeral_session_lifetime
number
default:24

Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again.

Required range: x >= 1
sandbox_version
string
default:22

Selected sandbox version for the extensibility environment.

legacy_sandbox_version
string
default:""

Selected sandbox version for rules and hooks extensibility.

sandbox_versions_available
string[]

Available sandbox versions for the extensibility environment.

default_redirection_uri
string

The default absolute redirection uri, must be https

enabled_locales
enum<string>[]

Supported locales for the user interface.

Available options:
am,
ar,
ar-EG,
ar-SA,
az,
bg,
bn,
bs,
ca-ES,
cnr,
cs,
cy,
da,
de,
el,
en,
en-CA,
es,
es-419,
es-AR,
es-MX,
et,
eu-ES,
fa,
fi,
fr,
fr-CA,
fr-FR,
gl-ES,
gu,
he,
hi,
hr,
hu,
hy,
id,
is,
it,
ja,
ka,
kk,
kn,
ko,
lt,
lv,
mk,
ml,
mn,
mr,
ms,
my,
nb,
nl,
nn,
no,
pa,
pl,
pt,
pt-BR,
pt-PT,
ro,
ru,
sk,
sl,
so,
sq,
sr,
sv,
sw,
ta,
te,
th,
tl,
tr,
uk,
ur,
vi,
zgh,
zh-CN,
zh-HK,
zh-MO,
zh-TW
session_cookie
object

Session cookie configuration

sessions
object

Sessions related settings for tenant

oidc_logout
object

Settings related to OIDC RP-initiated Logout

allow_organization_name_in_authentication_api
boolean
default:false

Whether to accept an organization name instead of an ID on auth endpoints

customize_mfa_in_postlogin_action
boolean
default:false

Whether to enable flexible factors for MFA in the PostLogin action

acr_values_supported
string<acr>[] | null

Supported ACR values

mtls
object

mTLS configuration.

pushed_authorization_requests_supported
boolean
default:false

Enables the use of Pushed Authorization Requests

authorization_response_iss_parameter_supported
boolean | null
default:false

Supports iss parameter in authorization responses

skip_non_verifiable_callback_uri_confirmation_prompt
boolean | null

Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as myapp://, or localhost). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information.

resource_parameter_profile
enum<string>
default:audience

Profile that determines how the identity of the protected resource (i.e., API) can be specified in the OAuth endpoints when access is being requested. When set to audience (default), the audience parameter is used to specify the resource server. When set to compatibility, the audience parameter is still checked first, but if it not provided, then the resource parameter can be used to specify the resource server.

Available options:
audience,
compatibility
phone_consolidated_experience
boolean

Whether Phone Consolidated Experience is enabled for this tenant.

enable_ai_guide
boolean

Whether Auth0 Guide (AI-powered assistance) is enabled for this tenant.