Skip to main content

Get the login settings​

Return the settings for the requested context

Query Parameters
    ctx.orgId string
    ctx.instance boolean
Responses

OK

Schema
    details object
    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    resourceOwner resource_owner is the organization or instance_id an object belongs to
    settings object
    allowUsernamePassword boolean

    defines if a user is allowed to log in with username and password

    allowRegister boolean

    defines if a person is allowed to register a user on this organization

    allowExternalIdp boolean

    defines if a user is allowed to add a defined identity provider. E.g. Google auth

    forceMfa boolean

    defines if a user MUST use a multi-factor to log in

    passkeysType string

    Possible values: [PASSKEYS_TYPE_NOT_ALLOWED, PASSKEYS_TYPE_ALLOWED]

    Default value: PASSKEYS_TYPE_NOT_ALLOWED

    defines if passkeys are allowed for users

    hidePasswordReset boolean

    defines if password reset link should be shown in the login screen

    ignoreUnknownUsernames boolean

    defines if unknown username on login screen directly returns an error or always displays the password screen

    defaultRedirectUri string

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    passwordCheckLifetime string

    Defines after how much time the user has to re-authenticate with the password.

    externalLoginCheckLifetime string

    Defines after how much time the user has to re-authenticate with an external provider.

    mfaInitSkipLifetime string

    Defines after how much time the mfa prompt will be shown again.

    secondFactorCheckLifetime string

    Defines after how long the second-factor check is valid.

    multiFactorCheckLifetime string

    Defines how long the multi-factor check is valid.

    secondFactors - SECOND_FACTOR_TYPE_OTP: This is the type for TOTP[]

    Possible values: [SECOND_FACTOR_TYPE_UNSPECIFIED, SECOND_FACTOR_TYPE_OTP, SECOND_FACTOR_TYPE_U2F, SECOND_FACTOR_TYPE_OTP_EMAIL, SECOND_FACTOR_TYPE_OTP_SMS]

    multiFactors string[]

    Possible values: [MULTI_FACTOR_TYPE_UNSPECIFIED, MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION]

    allowDomainDiscovery boolean

    If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.

    disableLoginWithEmail boolean

    defines if the user can additionally (to the login name) be identified by their verified email address

    disableLoginWithPhone boolean

    defines if the user can additionally (to the login name) be identified by their verified phone number

    resourceOwnerType resource_owner_type returns if the settings is managed on the organization or on the instance

    Possible values: [RESOURCE_OWNER_TYPE_UNSPECIFIED, RESOURCE_OWNER_TYPE_INSTANCE, RESOURCE_OWNER_TYPE_ORG]

    Default value: RESOURCE_OWNER_TYPE_UNSPECIFIED

    resource_owner_type returns if the settings is managed on the organization or on the instance

    forceMfaLocalOnly boolean

    if activated, only local authenticated users are forced to use MFA. Authentication through IDPs won't prompt a MFA step in the login.

Loading...