{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/TenantSettingsFlags",
  "title": "TenantSettingsFlags",
  "type": "object",
  "description": "Flags used to change the behavior of this tenant.",
  "additionalProperties": false,
  "properties": {
    "change_pwd_flow_v1": {
      "type": "boolean",
      "description": "Whether to use the older v1 change password flow (true, not recommended except for backward compatibility) or the newer safer flow (false, recommended).",
      "default": false
    },
    "enable_apis_section": {
      "type": "boolean",
      "description": "Whether the APIs section is enabled (true) or disabled (false).",
      "default": false
    },
    "disable_impersonation": {
      "type": "boolean",
      "description": "Whether the impersonation functionality has been disabled (true) or not (false). Read-only.",
      "default": false
    },
    "enable_client_connections": {
      "type": "boolean",
      "description": "Whether all current connections should be enabled when a new client (application) is created (true, default) or not (false).",
      "default": true
    },
    "enable_pipeline2": {
      "type": "boolean",
      "description": "Whether advanced API Authorization scenarios are enabled (true) or disabled (false).",
      "default": true
    },
    "allow_legacy_delegation_grant_types": {
      "type": "boolean",
      "description": "If enabled, clients are able to add legacy delegation grants."
    },
    "allow_legacy_ro_grant_types": {
      "type": "boolean",
      "description": "If enabled, clients are able to add legacy RO grants."
    },
    "allow_legacy_tokeninfo_endpoint": {
      "type": "boolean",
      "description": "Whether the legacy `/tokeninfo` endpoint is enabled for your account (true) or unavailable (false)."
    },
    "enable_legacy_profile": {
      "type": "boolean",
      "description": "Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false)."
    },
    "enable_idtoken_api2": {
      "type": "boolean",
      "description": "Whether ID tokens can be used to authorize some types of requests to API v2 (true) not not (false)."
    },
    "enable_public_signup_user_exists_error": {
      "type": "boolean",
      "description": "Whether the public sign up process shows a user_exists error (true) or a generic error (false) if the user already exists."
    },
    "enable_sso": {
      "type": "boolean",
      "description": "Whether users are prompted to confirm log in before SSO redirection (false) or are not prompted (true)."
    },
    "allow_changing_enable_sso": {
      "type": "boolean",
      "description": "Whether the `enable_sso` setting can be changed (true) or not (false)."
    },
    "disable_clickjack_protection_headers": {
      "type": "boolean",
      "description": "Whether classic Universal Login prompts include additional security headers to prevent clickjacking (true) or no safeguard (false)."
    },
    "no_disclose_enterprise_connections": {
      "type": "boolean",
      "description": "Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file."
    },
    "enforce_client_authentication_on_passwordless_start": {
      "type": "boolean",
      "description": "Enforce client authentication for passwordless start."
    },
    "enable_adfs_waad_email_verification": {
      "type": "boolean",
      "description": "Enables the email verification flow during login for Azure AD and ADFS connections"
    },
    "revoke_refresh_token_grant": {
      "type": "boolean",
      "description": "Delete underlying grant when a Refresh Token is revoked via the Authentication API."
    },
    "dashboard_log_streams_next": {
      "type": "boolean",
      "description": "Enables beta access to log streaming changes"
    },
    "dashboard_insights_view": {
      "type": "boolean",
      "description": "Enables new insights activity page view"
    },
    "disable_fields_map_fix": {
      "type": "boolean",
      "description": "Disables SAML fields map fix for bad mappings with repeated attributes"
    },
    "mfa_show_factor_list_on_enrollment": {
      "type": "boolean",
      "description": "Used to allow users to pick what factor to enroll of the available MFA factors."
    },
    "remove_alg_from_jwks": {
      "type": "boolean",
      "description": "Removes alg property from jwks .well-known endpoint"
    },
    "improved_signup_bot_detection_in_classic": {
      "type": "boolean",
      "description": "Improves bot detection during signup in classic universal login"
    },
    "genai_trial": {
      "type": "boolean",
      "description": "This tenant signed up for the Auth4GenAI trail"
    },
    "enable_dynamic_client_registration": {
      "type": "boolean",
      "description": "Whether third-party developers can <a href=\"https://auth0.com/docs/api-auth/dynamic-client-registration\">dynamically register</a> applications for your APIs (true) or not (false). This flag enables dynamic client registration.",
      "default": false
    },
    "disable_management_api_sms_obfuscation": {
      "type": "boolean",
      "description": "If true, SMS phone numbers will not be obfuscated in Management API GET calls.",
      "default": true
    },
    "trust_azure_adfs_email_verified_connection_property": {
      "type": "boolean",
      "description": "Changes email_verified behavior for Azure AD/ADFS connections when enabled. Sets email_verified to false otherwise.",
      "default": false
    },
    "custom_domains_provisioning": {
      "type": "boolean",
      "description": "If true, custom domains feature will be enabled for tenant.",
      "default": false
    }
  }
}