Skip to main content

Update organization config

Modify the configuration for your organization.

The token duration determines the number of seconds a token issued by SlashID will be valid for. If not set, or set to 0, the default duration of 24 hours will be used for all tokens.

The groups claim name determines the name of the claim in the token payload where a user's groups are found. If not set, or set to the empty string, the default claim name groups will be used for all tokens.

Header Parameters
  • SlashID-OrgID string required

    The organization ID

    Example: af5fbd30-7ce7-4548-8b30-4cd59cb2aba1
  • SlashID-Required-Consistency string

    Possible values: [local_region, all_regions]

    Default value: local_region

    The consistency level required for this request. If the consistency level is not achieved within the timeout, the request will fail with a 408 Request Timeout error. 408 Request Timeout error indicates that request was not handled within the timeout, but it may still be handled after request timeout. Allowed values: * local_region: Wait while the request executes in the local region. * all_regions: Wait while the request executes across all regions. You can learn more about our replication model on our Cross-region Replication Model page.

  • SlashID-Required-Consistency-Timeout integer

    Possible values: >= 1 and <= 120

    Default value: 30

    The maximum amount of seconds to wait for the requested consistency level to be achieved. If the consistency level is not achieved within this time, the request will fail with a 408 Request Timeout error. 408 Request Timeout error indicates that request was not handled within the timeout, but it may still be handled after request timeout. You can learn more about our replication model on our Cross-region Replication Model page.

Request Body
  • token_duration integer

    The number of seconds before a token expires

  • groups_claim_name string

    The name of the JWT claim holding the list of groups for the authenticated user identified in the token

  • requires_manual_approval boolean

    If true, new users are deactivated until the organization admin sets the person's active field.

  • deny_self_registration boolean

    If true, new users can only be created by the organization admin

  • allowed_factor_methods string[]

    Possible values: [webauthn, email_link, sms_link, otp_via_sms, otp_via_email, totp, oidc, saml, api, direct_id, password, impersonate, anonymous]

    Only allow authentication using the specified factor methods.

    Empty means all supported factors are enabled.

    This configuration doesn't affect API and DirectID authentications.

  • authn_link_allowed_redirect_uris string[]

    The URIs to where users can be redirected after authenticating with an email/SMS link.

  • new_person_handle_patterns string[]

    Only allow registration of new persons with a handle matching one of the patterns

  • sudo_mode_duration integer

    The number of seconds, after users authenticate, during which they can perform sensitive actions. Negative values will revert this property to its default (15 minutes).

  • authn_redirect_page_ui_config object

    UI configuration for the hosted page users are redirected to after clicking a magic link or password reset link.

Responses

No content