docs/interfaces/management.Management.TenantSettingsFlags.html
Flags used to change the behavior of this tenant.
interface TenantSettingsFlags {
change_pwd_flow_v1?: boolean;
enable_apis_section?: boolean;
disable_impersonation?: boolean;
enable_client_connections?: boolean;
enable_pipeline2?: boolean;
allow_legacy_delegation_grant_types?: boolean;
allow_legacy_ro_grant_types?: boolean;
allow_legacy_tokeninfo_endpoint?: boolean;
enable_legacy_profile?: boolean;
enable_idtoken_api2?: boolean;
enable_public_signup_user_exists_error?: boolean;
enable_sso?: boolean;
allow_changing_enable_sso?: boolean;
disable_clickjack_protection_headers?: boolean;
no_disclose_enterprise_connections?: boolean;
enforce_client_authentication_on_passwordless_start?: boolean;
enable_adfs_waad_email_verification?: boolean;
revoke_refresh_token_grant?: boolean;
dashboard_log_streams_next?: boolean;
dashboard_insights_view?: boolean;
disable_fields_map_fix?: boolean;
mfa_show_factor_list_on_enrollment?: boolean;
remove_alg_from_jwks?: boolean;
improved_signup_bot_detection_in_classic?: boolean;
genai_trial?: boolean;
enable_dynamic_client_registration?: boolean;
disable_management_api_sms_obfuscation?: boolean;
trust_azure_adfs_email_verified_connection_property?: boolean;
custom_domains_provisioning?: boolean;
}
change_pwd_flow_v1?enable_apis_section?disable_impersonation?enable_client_connections?enable_pipeline2?allow_legacy_delegation_grant_types?allow_legacy_ro_grant_types?allow_legacy_tokeninfo_endpoint?enable_legacy_profile?enable_idtoken_api2?enable_public_signup_user_exists_error?enable_sso?allow_changing_enable_sso?disable_clickjack_protection_headers?no_disclose_enterprise_connections?enforce_client_authentication_on_passwordless_start?enable_adfs_waad_email_verification?revoke_refresh_token_grant?dashboard_log_streams_next?dashboard_insights_view?disable_fields_map_fix?mfa_show_factor_list_on_enrollment?remove_alg_from_jwks?improved_signup_bot_detection_in_classic?genai_trial?enable_dynamic_client_registration?disable_management_api_sms_obfuscation?trust_azure_adfs_email_verified_connection_property?custom_domains_provisioning?
Optionalchange_pwd_flow_v1change_pwd_flow_v1?: boolean
Whether to use the older v1 change password flow (true, not recommended except for backward compatibility) or the newer safer flow (false, recommended).
Optionalenable_apis_sectionenable_apis_section?: boolean
Whether the APIs section is enabled (true) or disabled (false).
Optionaldisable_impersonationdisable_impersonation?: boolean
Whether the impersonation functionality has been disabled (true) or not (false). Read-only.
Optionalenable_client_connectionsenable_client_connections?: boolean
Whether all current connections should be enabled when a new client (application) is created (true, default) or not (false).
Optionalenable_pipeline2enable_pipeline2?: boolean
Whether advanced API Authorization scenarios are enabled (true) or disabled (false).
Optionalallow_legacy_delegation_grant_typesallow_legacy_delegation_grant_types?: boolean
If enabled, clients are able to add legacy delegation grants.
Optionalallow_legacy_ro_grant_typesallow_legacy_ro_grant_types?: boolean
If enabled, clients are able to add legacy RO grants.
Optionalallow_legacy_tokeninfo_endpointallow_legacy_tokeninfo_endpoint?: boolean
Whether the legacy /tokeninfo endpoint is enabled for your account (true) or unavailable (false).
Optionalenable_legacy_profileenable_legacy_profile?: boolean
Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
Optionalenable_idtoken_api2enable_idtoken_api2?: boolean
Whether ID tokens can be used to authorize some types of requests to API v2 (true) not not (false).
Optionalenable_public_signup_user_exists_errorenable_public_signup_user_exists_error?: boolean
Whether the public sign up process shows a user_exists error (true) or a generic error (false) if the user already exists.
Optionalenable_ssoenable_sso?: boolean
Whether users are prompted to confirm log in before SSO redirection (false) or are not prompted (true).
Optionalallow_changing_enable_ssoallow_changing_enable_sso?: boolean
Whether the enable_sso setting can be changed (true) or not (false).
Optionaldisable_clickjack_protection_headersdisable_clickjack_protection_headers?: boolean
Whether classic Universal Login prompts include additional security headers to prevent clickjacking (true) or no safeguard (false).
Optionalno_disclose_enterprise_connectionsno_disclose_enterprise_connections?: boolean
Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
Optionalenforce_client_authentication_on_passwordless_startenforce_client_authentication_on_passwordless_start?: boolean
Enforce client authentication for passwordless start.
Optionalenable_adfs_waad_email_verificationenable_adfs_waad_email_verification?: boolean
Enables the email verification flow during login for Azure AD and ADFS connections
Optionalrevoke_refresh_token_grantrevoke_refresh_token_grant?: boolean
Delete underlying grant when a Refresh Token is revoked via the Authentication API.
Optionaldashboard_log_streams_nextdashboard_log_streams_next?: boolean
Enables beta access to log streaming changes
Optionaldashboard_insights_viewdashboard_insights_view?: boolean
Enables new insights activity page view
Optionaldisable_fields_map_fixdisable_fields_map_fix?: boolean
Disables SAML fields map fix for bad mappings with repeated attributes
Optionalmfa_show_factor_list_on_enrollmentmfa_show_factor_list_on_enrollment?: boolean
Used to allow users to pick what factor to enroll of the available MFA factors.
Optionalremove_alg_from_jwksremove_alg_from_jwks?: boolean
Removes alg property from jwks .well-known endpoint
Optionalimproved_signup_bot_detection_in_classicimproved_signup_bot_detection_in_classic?: boolean
Improves bot detection during signup in classic universal login
Optionalgenai_trialgenai_trial?: boolean
This tenant signed up for the Auth4GenAI trail
Optionalenable_dynamic_client_registrationenable_dynamic_client_registration?: boolean
Whether third-party developers can dynamically register applications for your APIs (true) or not (false). This flag enables dynamic client registration.
Optionaldisable_management_api_sms_obfuscationdisable_management_api_sms_obfuscation?: boolean
If true, SMS phone numbers will not be obfuscated in Management API GET calls.
Optionaltrust_azure_adfs_email_verified_connection_propertytrust_azure_adfs_email_verified_connection_property?: boolean
Changes email_verified behavior for Azure AD/ADFS connections when enabled. Sets email_verified to false otherwise.
Optionalcustom_domains_provisioningcustom_domains_provisioning?: boolean
If true, custom domains feature will be enabled for tenant.
Member Visibility
ThemeOSLightDark
Properties change_pwd_flow_v1enable_apis_sectiondisable_impersonationenable_client_connectionsenable_pipeline2allow_legacy_delegation_grant_typesallow_legacy_ro_grant_typesallow_legacy_tokeninfo_endpointenable_legacy_profileenable_idtoken_api2enable_public_signup_user_exists_errorenable_ssoallow_changing_enable_ssodisable_clickjack_protection_headersno_disclose_enterprise_connectionsenforce_client_authentication_on_passwordless_startenable_adfs_waad_email_verificationrevoke_refresh_token_grantdashboard_log_streams_nextdashboard_insights_viewdisable_fields_map_fixmfa_show_factor_list_on_enrollmentremove_alg_from_jwksimproved_signup_bot_detection_in_classicgenai_trialenable_dynamic_client_registrationdisable_management_api_sms_obfuscationtrust_azure_adfs_email_verified_connection_propertycustom_domains_provisioning