zitadel/policy.proto

This document reflects the state from API 1.0 (available from 20.04.2021)

Messages

DomainPolicy

Field	Type	Description	Validation
details	zitadel.v1.ObjectDetails	-
user_login_must_be_domain	bool	-
is_default	bool	-
validate_org_domains	bool	-
smtp_sender_address_matches_instance_domain	bool	-

LabelPolicy

Field	Type	Description	Validation
details	zitadel.v1.ObjectDetails	-
primary_color	string	hex value for primary color
is_default	bool	defines if the organisation's admin changed the policy
hide_login_name_suffix	bool	hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set
warn_color	string	hex value for secondary color
background_color	string	hex value for background color
font_color	string	hex value for font color
primary_color_dark	string	hex value for primary color dark theme
background_color_dark	string	hex value for background color dark theme
warn_color_dark	string	hex value for warn color dark theme
font_color_dark	string	hex value for font color dark theme
disable_watermark	bool	-
logo_url	string	-
icon_url	string	-
logo_url_dark	string	-
icon_url_dark	string	-
font_url	string	-

LockoutPolicy

Field	Type	Description	Validation
details	zitadel.v1.ObjectDetails	-
max_password_attempts	uint64	-
is_default	bool	-

LoginPolicy

Field	Type	Description	Validation
details	zitadel.v1.ObjectDetails	-
allow_username_password	bool	-
allow_register	bool	-
allow_external_idp	bool	-
force_mfa	bool	-
passwordless_type	PasswordlessType	-
is_default	bool	-
hide_password_reset	bool	-
ignore_unknown_usernames	bool	-
default_redirect_uri	string	-
password_check_lifetime	google.protobuf.Duration	-
external_login_check_lifetime	google.protobuf.Duration	-
mfa_init_skip_lifetime	google.protobuf.Duration	-
second_factor_check_lifetime	google.protobuf.Duration	-
multi_factor_check_lifetime	google.protobuf.Duration	-
second_factors	repeated SecondFactorType	-
multi_factors	repeated MultiFactorType	-
idps	repeated zitadel.idp.v1.IDPLoginPolicyLink	-
allow_domain_discovery	bool	If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
disable_login_with_email	bool	-
disable_login_with_phone	bool	-

NotificationPolicy

Field	Type	Description	Validation
details	zitadel.v1.ObjectDetails	-
is_default	bool	-
password_change	bool	-

OrgIAMPolicy

deprecated: please use DomainPolicy instead

Field	Type	Description	Validation
details	zitadel.v1.ObjectDetails	-
user_login_must_be_domain	bool	-
is_default	bool	-

PasswordAgePolicy

Field	Type	Description	Validation
details	zitadel.v1.ObjectDetails	-
max_age_days	uint64	-
expire_warn_days	uint64	-
is_default	bool	-

PasswordComplexityPolicy

Field	Type	Description	Validation
details	zitadel.v1.ObjectDetails	-
min_length	uint64	-
has_uppercase	bool	-
has_lowercase	bool	-
has_number	bool	-
has_symbol	bool	-
is_default	bool	-

PrivacyPolicy

Field	Type	Description	Validation
details	zitadel.v1.ObjectDetails	-
tos_link	string	-
privacy_link	string	-
is_default	bool	-
help_link	string	-

Enums

MultiFactorType

Name	Number	Description
MULTI_FACTOR_TYPE_UNSPECIFIED	0	-
MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION	1	-

PasswordlessType

Name	Number	Description
PASSWORDLESS_TYPE_NOT_ALLOWED	0	-
PASSWORDLESS_TYPE_ALLOWED	1	PLANNED: PASSWORDLESS_TYPE_WITH_CERT

SecondFactorType

Name	Number	Description
SECOND_FACTOR_TYPE_UNSPECIFIED	0	-
SECOND_FACTOR_TYPE_OTP	1	-
SECOND_FACTOR_TYPE_U2F	2	-