Body Required

• tenantId string

  Maximum length is 21.

• color object

  Specify the primary branding color for the sign-in page (both light/dark mode).

  Hide color attributes Show color attributes object

  • primaryColor string(regex) Required

    Format should match the following pattern: /^#[\da-f]{3}([\da-f]{3})?$/i.

  • isDarkModeEnabled boolean Required
  • darkPrimaryColor string(regex) Required

    Format should match the following pattern: /^#[\da-f]{3}([\da-f]{3})?$/i.

• branding object
  Hide branding attributes Show branding attributes object

  • logoUrl string(url)
  • darkLogoUrl string(url)
  • favicon string(url)
  • darkFavicon string(url)
• languageInfo object

  Control the language detection policy for the sign-in page.

  Hide languageInfo attributes Show languageInfo attributes object

  • autoDetect boolean Required
  • fallbackLanguage string Required

    Values are af-ZA, am-ET, ar, ar-AR, as-IN, az-AZ, be-BY, bg-BG, bn-IN, br-FR, bs-BA, ca-ES, cb-IQ, co-FR, cs-CZ, cx-PH, cy-GB, da-DK, de, de-DE, el-GR, en, en-GB, en-US, eo-EO, es, es-ES, es-419, et-EE, eu-ES, fa-IR, ff-NG, fi, fi-FI, fo-FO, fr, fr-CA, fr-FR, fy-NL, ga-IE, gl-ES, gn-PY, gu-IN, ha-NG, he-IL, hi-IN, hr-HR, ht-HT, hu-HU, hy-AM, id-ID, ik-US, is-IS, it, it-IT, iu-CA, ja, ja-JP, ja-KS, jv-ID, ka-GE, kk-KZ, km-KH, kn-IN, ko, ko-KR, ku-TR, ky-KG, lo-LA, lt-LT, lv-LV, mg-MG, mk-MK, ml-IN, mn-MN, mr-IN, ms-MY, mt-MT, my-MM, nb-NO, ne-NP, nl, nl-BE, nl-NL, nn-NO, or-IN, pa-IN, pl-PL, ps-AF, pt, pt-BR, pt-PT, ro-RO, ru, ru-RU, rw-RW, sc-IT, si-LK, sk-SK, sl-SI, sn-ZW, sq-AL, sr-RS, sv, sv-SE, sw-KE, sy-SY, sz-PL, ta-IN, te-IN, tg-TJ, th, th-TH, tl-PH, tr, tr-TR, tt-RU, tz-MA, uk-UA, ur-PK, uz-UZ, vi-VN, zh, zh-CN, zh-HK, zh-MO, zh-TW, or zz-TR.

• agreeToTermsPolicy string

  Values are Automatic, ManualRegistrationOnly, or Manual.

• signIn object

  Sign-in method settings

  Hide signIn attribute Show signIn attribute object

  • methods array[object] Required
    Hide methods attributes Show methods attributes object

    • identifier string Required

      Values are username, email, or phone.

    • password boolean Required
    • verificationCode boolean Required
    • isPasswordPrimary boolean Required
• signUp object

  Sign-up method settings

  Hide signUp attributes Show signUp attributes object

  • identifiers array[string] Required

    Specify allowed identifiers when signing-up.

    Values are username, email, or phone.

  • password boolean Required

    Whether the user is required to set a password when signing-up.

  • verify boolean Required

    Whether the user is required to verify their email/phone when signing-up.

  • secondaryIdentifiers array[object]
    Hide secondaryIdentifiers attributes Show secondaryIdentifiers attributes object

    • identifier string Required

      One of:

      string-1 string string-2 string

      Values are username, email, or phone.

      Value is emailOrPhone.

    • verify boolean
• socialSignIn object
  Hide socialSignIn attribute Show socialSignIn attribute object

  • automaticAccountLinking boolean
• socialSignInConnectorTargets array[string]

  Specify the social sign-in connectors to display on the sign-in page.

• signInMode string

  Values are SignIn, Register, or SignInAndRegister.

• customCss string | null
• customContent object

  Custom content to display on experience flow pages. the page pathname will be the config key, the content will be the config value.

  Hide customContent attribute Show customContent attribute object

  • * string Additional properties
• customUiAssets object | null
  Hide customUiAssets attributes Show customUiAssets attributes object | null

  • id string Required
  • createdAt number Required
• passwordPolicy object

  Password policies to adjust the password strength requirements.

  Hide passwordPolicy attributes Show passwordPolicy attributes object

  • length object

    Default value is {} (empty).

    Hide length attributes Show length attributes object

    • min number Required

      Default value is 8.

    • max number Required

      Default value is 256.

  • characterTypes object

    Default value is {} (empty).

    Hide characterTypes attribute Show characterTypes attribute object

    • min number Required

      Default value is 1.

  • rejects object

    Default value is {} (empty).

    Hide rejects attributes Show rejects attributes object

    • pwned boolean Required

      Default value is true.

    • repetitionAndSequence boolean Required

      Default value is true.

    • userInfo boolean Required

      Default value is true.

    • words array[string] Required

      Default value is [] (empty).

• mfa object

  MFA settings

  Hide mfa attributes Show mfa attributes object

  • factors array[string] Required

    Values are Totp, WebAuthn, or BackupCode.

  • policy string Required

    Values are UserControlled, Mandatory, PromptOnlyAtSignIn, PromptAtSignInAndSignUp, or NoPrompt.

  • organizationRequiredMfaPolicy string

    Values are NoPrompt or Mandatory.

• singleSignOnEnabled boolean
• captchaPolicy object
  Hide captchaPolicy attribute Show captchaPolicy attribute object

  • enabled boolean
• sentinelPolicy object

  Custom sentinel policy settings. Use this field to customize the user lockout policy. The default value is 100 failed attempts within one hour. The user will be locked out for 60 minutes after exceeding the limit.

  Hide sentinelPolicy attributes Show sentinelPolicy attributes object

  • maxAttempts number
  • lockoutDuration number
• emailBlocklistPolicy object

  Define email restriction policies. Users will be prohibited from registering or linking any email addresses that are included in the blocklist.

  Hide emailBlocklistPolicy attributes Show emailBlocklistPolicy attributes object

  • blockDisposableAddresses boolean
  • blockSubaddressing boolean

    Whether to block sub-addresses. (E.g., example+shopping@test.com)

  • customBlocklist array[string]

    Custom blocklist of email addresses or domains.

  • blockDisposableAddress

    Cloud only. Whether to block disposable email addresses. Once enabled, Logto will check the email domain against a list of known disposable email domains. If the domain is found in the list, the email address will be blocked.

• termsOfUseUrl string(url) | null | string(empty)

  One of:

  string-1 string(url) | null string-2 string(empty)

• privacyPolicyUrl string(url) | null | string(empty)

  One of:

  string-1 string(url) | null string-2 string(empty)

• supportEmail string(email) | null | string(empty)

  The support email address to display on the error pages.

  One of:

  string-1 string(email) | null string-2 string(empty)

• supportWebsiteUrl string(url) | null | string(empty)

  The support website URL to display on the error pages.

  One of:

  string-1 string(url) | null string-2 string(empty)

• unknownSessionRedirectUrl string(url) | null | string(empty)

  The fallback URL to redirect users when the sign-in session does not exist or unknown. Client should initiate a new authentication flow after the redirection.

  One of:

  string-1 string(url) | null string-2 string(empty)