Passer au contenu principal
PATCH
/
tenants
/
settings
TypeScript
import { ManagementClient } from "auth0";

async function main() {
    const client = new ManagementClient({
        token: "<token>",
    });
    await client.tenants.settings.update({});
}
main();
{
  "change_password": {
    "enabled": false,
    "html": ""
  },
  "guardian_mfa_page": {
    "enabled": false,
    "html": ""
  },
  "default_audience": "",
  "default_directory": "",
  "error_page": {
    "html": "",
    "show_log_link": false,
    "url": "https://mycompany.org/error"
  },
  "device_flow": {
    "charset": "base20",
    "mask": "****-****"
  },
  "default_token_quota": {
    "clients": {
      "client_credentials": {
        "enforce": true,
        "per_day": 1073741824,
        "per_hour": 1073741824
      }
    },
    "organizations": {
      "client_credentials": {
        "enforce": true,
        "per_day": 1073741824,
        "per_hour": 1073741824
      }
    }
  },
  "flags": {
    "change_pwd_flow_v1": false,
    "enable_apis_section": false,
    "disable_impersonation": false,
    "enable_client_connections": true,
    "enable_pipeline2": true,
    "allow_legacy_delegation_grant_types": true,
    "allow_legacy_ro_grant_types": true,
    "allow_legacy_tokeninfo_endpoint": true,
    "enable_legacy_profile": true,
    "enable_idtoken_api2": true,
    "enable_public_signup_user_exists_error": true,
    "enable_sso": true,
    "allow_changing_enable_sso": true,
    "disable_clickjack_protection_headers": true,
    "no_disclose_enterprise_connections": true,
    "enforce_client_authentication_on_passwordless_start": true,
    "enable_adfs_waad_email_verification": true,
    "revoke_refresh_token_grant": true,
    "dashboard_log_streams_next": true,
    "dashboard_insights_view": true,
    "disable_fields_map_fix": true,
    "mfa_show_factor_list_on_enrollment": true,
    "remove_alg_from_jwks": true,
    "improved_signup_bot_detection_in_classic": true,
    "genai_trial": true,
    "enable_dynamic_client_registration": false,
    "disable_management_api_sms_obfuscation": true,
    "trust_azure_adfs_email_verified_connection_property": false,
    "custom_domains_provisioning": false
  },
  "friendly_name": "My Company",
  "picture_url": "https://mycompany.org/logo.png",
  "support_email": "support@mycompany.org",
  "support_url": "https://mycompany.org/support",
  "allowed_logout_urls": [
    "<string>"
  ],
  "session_lifetime": 168,
  "idle_session_lifetime": 72,
  "ephemeral_session_lifetime": 72,
  "idle_ephemeral_session_lifetime": 24,
  "sandbox_version": "22",
  "legacy_sandbox_version": "",
  "sandbox_versions_available": [
    "<string>"
  ],
  "default_redirection_uri": "<string>",
  "enabled_locales": [
    "am"
  ],
  "session_cookie": {
    "mode": "persistent"
  },
  "sessions": {
    "oidc_logout_prompt_enabled": true
  },
  "oidc_logout": {
    "rp_logout_end_session_endpoint_discovery": true
  },
  "allow_organization_name_in_authentication_api": false,
  "customize_mfa_in_postlogin_action": false,
  "acr_values_supported": [
    "<string>"
  ],
  "mtls": {
    "enable_endpoint_aliases": false
  },
  "pushed_authorization_requests_supported": false,
  "authorization_response_iss_parameter_supported": false,
  "skip_non_verifiable_callback_uri_confirmation_prompt": true,
  "resource_parameter_profile": "audience",
  "phone_consolidated_experience": true,
  "enable_ai_guide": true
}

Autorisations

Authorization
string
header
requis

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Corps

change_password
object

Change Password page customization.

device_flow
object

Device Flow configuration.

guardian_mfa_page
object

Guardian page customization.

default_audience
string
défaut:""

Default audience for API Authorization.

default_directory
string
défaut:""

Name of connection used for password grants at the /token endpoint. The following connection types are supported: LDAP, AD, Database Connections, Passwordless, Windows Azure Active Directory, ADFS.

error_page
object

Error page customization.

default_token_quota
object

Token Quota configuration, to configure quotas for token issuance for clients and organizations. Applied to all clients and organizations unless overridden in individual client or organization settings.

flags
object

Flags used to change the behavior of this tenant.

friendly_name
string
défaut:My Company

Friendly name for this tenant.

picture_url
string<absolute-uri-or-empty>
défaut:https://mycompany.org/logo.png

URL of logo to be shown for this tenant (recommended size: 150x150)

support_email
string<email-or-empty>
défaut:support@mycompany.org

End-user support email.

support_url
string<absolute-uri-or-empty>
défaut:https://mycompany.org/support

End-user support url.

allowed_logout_urls
string<url-with-placeholders>[]

URLs that are valid to redirect to after logout from Auth0.

session_lifetime
integer
défaut:168

Number of hours a session will stay valid.

Plage requise: x >= 1
idle_session_lifetime
integer
défaut:72

Number of hours for which a session can be inactive before the user must log in again.

Plage requise: x >= 1
ephemeral_session_lifetime
integer
défaut:72

Number of hours an ephemeral (non-persistent) session will stay valid.

Plage requise: x >= 1
idle_ephemeral_session_lifetime
integer
défaut:24

Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again.

Plage requise: x >= 1
sandbox_version
string
défaut:22

Selected sandbox version for the extensibility environment

Maximum string length: 8
legacy_sandbox_version
string

Selected legacy sandbox version for the extensibility environment

Maximum string length: 8
default_redirection_uri
string<absolute-https-uri-or-empty>

The default absolute redirection uri, must be https

enabled_locales
enum<string>[]

Supported locales for the user interface

Minimum array length: 1
Options disponibles:
am,
ar,
ar-EG,
ar-SA,
az,
bg,
bn,
bs,
ca-ES,
cnr,
cs,
cy,
da,
de,
el,
en,
en-CA,
es,
es-419,
es-AR,
es-MX,
et,
eu-ES,
fa,
fi,
fr,
fr-CA,
fr-FR,
gl-ES,
gu,
he,
hi,
hr,
hu,
hy,
id,
is,
it,
ja,
ka,
kk,
kn,
ko,
lt,
lv,
mk,
ml,
mn,
mr,
ms,
my,
nb,
nl,
nn,
no,
pa,
pl,
pt,
pt-BR,
pt-PT,
ro,
ru,
sk,
sl,
so,
sq,
sr,
sv,
sw,
ta,
te,
th,
tl,
tr,
uk,
ur,
vi,
zgh,
zh-CN,
zh-HK,
zh-MO,
zh-TW
session_cookie
object

Session cookie configuration

sessions
object

Sessions related settings for tenant

oidc_logout
object

Settings related to OIDC RP-initiated Logout

customize_mfa_in_postlogin_action
boolean | null
défaut:false

Whether to enable flexible factors for MFA in the PostLogin action

allow_organization_name_in_authentication_api
boolean | null
défaut:false

Whether to accept an organization name instead of an ID on auth endpoints

acr_values_supported
string<acr>[] | null

Supported ACR values

mtls
object

mTLS configuration.

pushed_authorization_requests_supported
boolean | null
défaut:false

Enables the use of Pushed Authorization Requests

authorization_response_iss_parameter_supported
boolean | null
défaut:false

Supports iss parameter in authorization responses

skip_non_verifiable_callback_uri_confirmation_prompt
boolean | null

Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as myapp://, or localhost). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information.

resource_parameter_profile
enum<string>
défaut:audience

Profile that determines how the identity of the protected resource (i.e., API) can be specified in the OAuth endpoints when access is being requested. When set to audience (default), the audience parameter is used to specify the resource server. When set to compatibility, the audience parameter is still checked first, but if it not provided, then the resource parameter can be used to specify the resource server.

Options disponibles:
audience,
compatibility
enable_ai_guide
boolean

Whether Auth0 Guide (AI-powered assistance) is enabled for this tenant.

phone_consolidated_experience
boolean

Whether Phone Consolidated Experience is enabled for this tenant.

Réponse

Tenant settings successfully updated.

change_password
object

Change Password page customization.

guardian_mfa_page
object

Guardian page customization.

default_audience
string
défaut:""

Default audience for API authorization.

default_directory
string
défaut:""

Name of connection used for password grants at the /tokenendpoint. The following connection types are supported: LDAP, AD, Database Connections, Passwordless, Windows Azure Active Directory, ADFS.

error_page
object

Error page customization.

device_flow
object

Device Flow configuration

default_token_quota
object

Token Quota configuration, to configure quotas for token issuance for clients and organizations. Applied to all clients and organizations unless overridden in individual client or organization settings.

flags
object

Flags used to change the behavior of this tenant.

friendly_name
string
défaut:My Company

Friendly name for this tenant.

picture_url
string<absolute-uri-or-empty>
défaut:https://mycompany.org/logo.png

URL of logo to be shown for this tenant (recommended size: 150x150)

support_email
string<email-or-empty>
défaut:support@mycompany.org

End-user support email address.

support_url
string<absolute-uri-or-empty>
défaut:https://mycompany.org/support

End-user support URL.

allowed_logout_urls
string<url>[]

URLs that are valid to redirect to after logout from Auth0.

session_lifetime
number
défaut:168

Number of hours a session will stay valid.

idle_session_lifetime
number
défaut:72

Number of hours for which a session can be inactive before the user must log in again.

ephemeral_session_lifetime
number
défaut:72

Number of hours an ephemeral (non-persistent) session will stay valid.

Plage requise: x >= 1
idle_ephemeral_session_lifetime
number
défaut:24

Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again.

Plage requise: x >= 1
sandbox_version
string
défaut:22

Selected sandbox version for the extensibility environment.

legacy_sandbox_version
string
défaut:""

Selected sandbox version for rules and hooks extensibility.

sandbox_versions_available
string[]

Available sandbox versions for the extensibility environment.

default_redirection_uri
string

The default absolute redirection uri, must be https

enabled_locales
enum<string>[]

Supported locales for the user interface.

Options disponibles:
am,
ar,
ar-EG,
ar-SA,
az,
bg,
bn,
bs,
ca-ES,
cnr,
cs,
cy,
da,
de,
el,
en,
en-CA,
es,
es-419,
es-AR,
es-MX,
et,
eu-ES,
fa,
fi,
fr,
fr-CA,
fr-FR,
gl-ES,
gu,
he,
hi,
hr,
hu,
hy,
id,
is,
it,
ja,
ka,
kk,
kn,
ko,
lt,
lv,
mk,
ml,
mn,
mr,
ms,
my,
nb,
nl,
nn,
no,
pa,
pl,
pt,
pt-BR,
pt-PT,
ro,
ru,
sk,
sl,
so,
sq,
sr,
sv,
sw,
ta,
te,
th,
tl,
tr,
uk,
ur,
vi,
zgh,
zh-CN,
zh-HK,
zh-MO,
zh-TW
session_cookie
object

Session cookie configuration

sessions
object

Sessions related settings for tenant

oidc_logout
object

Settings related to OIDC RP-initiated Logout

allow_organization_name_in_authentication_api
boolean
défaut:false

Whether to accept an organization name instead of an ID on auth endpoints

customize_mfa_in_postlogin_action
boolean
défaut:false

Whether to enable flexible factors for MFA in the PostLogin action

acr_values_supported
string<acr>[] | null

Supported ACR values

mtls
object

mTLS configuration.

pushed_authorization_requests_supported
boolean
défaut:false

Enables the use of Pushed Authorization Requests

authorization_response_iss_parameter_supported
boolean | null
défaut:false

Supports iss parameter in authorization responses

skip_non_verifiable_callback_uri_confirmation_prompt
boolean | null

Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as myapp://, or localhost). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information.

resource_parameter_profile
enum<string>
défaut:audience

Profile that determines how the identity of the protected resource (i.e., API) can be specified in the OAuth endpoints when access is being requested. When set to audience (default), the audience parameter is used to specify the resource server. When set to compatibility, the audience parameter is still checked first, but if it not provided, then the resource parameter can be used to specify the resource server.

Options disponibles:
audience,
compatibility
phone_consolidated_experience
boolean

Whether Phone Consolidated Experience is enabled for this tenant.

enable_ai_guide
boolean

Whether Auth0 Guide (AI-powered assistance) is enabled for this tenant.