Create Custom Login Settings​
Create login settings for the organization and therefore overwrite the default settings for this organization. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI.
Header Parameters
The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.
Request Body required
- Array [
- IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
- IDP_OWNER_TYPE_ORG: org is managed by de organization administrators
- ]
Possible values: [PASSWORDLESS_TYPE_NOT_ALLOWED
, PASSWORDLESS_TYPE_ALLOWED
]
Default value: PASSWORDLESS_TYPE_NOT_ALLOWED
defines if unknown username on login screen directly returns an error or always displays the password screen
defines where the user will be redirected to if the login is started without app context (e.g. from mail)
Possible values: [SECOND_FACTOR_TYPE_UNSPECIFIED
, SECOND_FACTOR_TYPE_OTP
, SECOND_FACTOR_TYPE_U2F
, SECOND_FACTOR_TYPE_OTP_EMAIL
, SECOND_FACTOR_TYPE_OTP_SMS
]
Possible values: [MULTI_FACTOR_TYPE_UNSPECIFIED
, MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION
]
idps object[]
Possible values: [IDP_OWNER_TYPE_UNSPECIFIED
, IDP_OWNER_TYPE_SYSTEM
, IDP_OWNER_TYPE_ORG
]
Default value: IDP_OWNER_TYPE_UNSPECIFIED
the owner of the identity provider.
If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
defines if the user can additionally (to the login name) be identified by their verified email address
defines if the user can additionally (to the login name) be identified by their verified phone number
if activated, only local authenticated users are forced to use MFA. Authentication through IDPs won't prompt a MFA step in the login.
Request Body required
- Array [
- IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
- IDP_OWNER_TYPE_ORG: org is managed by de organization administrators
- ]
Possible values: [PASSWORDLESS_TYPE_NOT_ALLOWED
, PASSWORDLESS_TYPE_ALLOWED
]
Default value: PASSWORDLESS_TYPE_NOT_ALLOWED
defines if unknown username on login screen directly returns an error or always displays the password screen
defines where the user will be redirected to if the login is started without app context (e.g. from mail)
Possible values: [SECOND_FACTOR_TYPE_UNSPECIFIED
, SECOND_FACTOR_TYPE_OTP
, SECOND_FACTOR_TYPE_U2F
, SECOND_FACTOR_TYPE_OTP_EMAIL
, SECOND_FACTOR_TYPE_OTP_SMS
]
Possible values: [MULTI_FACTOR_TYPE_UNSPECIFIED
, MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION
]
idps object[]
Possible values: [IDP_OWNER_TYPE_UNSPECIFIED
, IDP_OWNER_TYPE_SYSTEM
, IDP_OWNER_TYPE_ORG
]
Default value: IDP_OWNER_TYPE_UNSPECIFIED
the owner of the identity provider.
If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
defines if the user can additionally (to the login name) be identified by their verified email address
defines if the user can additionally (to the login name) be identified by their verified phone number
if activated, only local authenticated users are forced to use MFA. Authentication through IDPs won't prompt a MFA step in the login.
Request Body required
- Array [
- IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
- IDP_OWNER_TYPE_ORG: org is managed by de organization administrators
- ]
Possible values: [PASSWORDLESS_TYPE_NOT_ALLOWED
, PASSWORDLESS_TYPE_ALLOWED
]
Default value: PASSWORDLESS_TYPE_NOT_ALLOWED
defines if unknown username on login screen directly returns an error or always displays the password screen
defines where the user will be redirected to if the login is started without app context (e.g. from mail)
Possible values: [SECOND_FACTOR_TYPE_UNSPECIFIED
, SECOND_FACTOR_TYPE_OTP
, SECOND_FACTOR_TYPE_U2F
, SECOND_FACTOR_TYPE_OTP_EMAIL
, SECOND_FACTOR_TYPE_OTP_SMS
]
Possible values: [MULTI_FACTOR_TYPE_UNSPECIFIED
, MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION
]
idps object[]
Possible values: [IDP_OWNER_TYPE_UNSPECIFIED
, IDP_OWNER_TYPE_SYSTEM
, IDP_OWNER_TYPE_ORG
]
Default value: IDP_OWNER_TYPE_UNSPECIFIED
the owner of the identity provider.
If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
defines if the user can additionally (to the login name) be identified by their verified email address
defines if the user can additionally (to the login name) be identified by their verified phone number
if activated, only local authenticated users are forced to use MFA. Authentication through IDPs won't prompt a MFA step in the login.
- 200
- default
A successful response.
Schema
details object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the
{
"details": {
"sequence": "2",
"creationDate": "2024-03-27T06:43:21.538Z",
"changeDate": "2024-03-27T06:43:21.538Z",
"resourceOwner": "69629023906488334"
}
}
Schema
details object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the
{
"details": {
"sequence": "2",
"creationDate": "2024-03-27T06:43:21.538Z",
"changeDate": "2024-03-27T06:43:21.538Z",
"resourceOwner": "69629023906488334"
}
}
Schema
details object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the
{
"details": {
"sequence": "2",
"creationDate": "2024-03-27T06:43:21.538Z",
"changeDate": "2024-03-27T06:43:21.538Z",
"resourceOwner": "69629023906488334"
}
}
An unexpected error response.
Schema
- Array [
- ]
details object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Schema
- Array [
- ]
details object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Schema
- Array [
- ]
details object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}