syntax = "proto3"; import "google/api/annotations.proto"; import "google/protobuf/empty.proto"; import "google/protobuf/timestamp.proto"; import "validate/validate.proto"; import "protoc-gen-swagger/options/annotations.proto"; import "authoption/options.proto"; package caos.zitadel.admin.api.v1; option go_package ="github.com/caos/zitadel/pkg/grpc/admin"; option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = { info: { title: "admin service"; version: "0.1"; contact:{ url: "https://github.com/caos/zitadel/pkg/admin" }; }; schemes: HTTPS; consumes: "application/json"; consumes: "application/grpc"; produces: "application/json"; produces: "application/grpc"; }; service AdminService { // --------- // Probes // --------- // Healthz returns status OK as soon as the service started rpc Healthz(google.protobuf.Empty) returns (google.protobuf.Empty) { option (google.api.http) = { get: "/healthz" }; } //ORG rpc IsOrgUnique(UniqueOrgRequest) returns (UniqueOrgResponse) { option (google.api.http) = { get: "/orgs/_isunique" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.read" }; } rpc GetOrgByID(OrgID) returns (Org) { option (google.api.http) = { get: "/orgs/{id}" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.read" }; } rpc SearchOrgs(OrgSearchRequest) returns (OrgSearchResponse) { option (google.api.http) = { post: "/orgs/_search" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.read" }; } rpc SetUpOrg(OrgSetUpRequest) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/orgs/_setup" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.write" }; } //ORG_IAM_POLICY rpc GetDefaultOrgIamPolicy(google.protobuf.Empty) returns (OrgIamPolicyView) { option (google.api.http) = { get: "/orgs/default/policies/orgiam" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.read" }; } rpc UpdateDefaultOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) { option (google.api.http) = { put: "/orgs/default/policies/orgiam" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc GetOrgIamPolicy(OrgIamPolicyID) returns (OrgIamPolicyView) { option (google.api.http) = { get: "/orgs/{org_id}/policies/orgiam" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.read" }; } rpc CreateOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) { option (google.api.http) = { post: "/orgs/{org_id}/policies/orgiam" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc UpdateOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) { option (google.api.http) = { put: "/orgs/{org_id}/policies/orgiam" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc RemoveOrgIamPolicy(OrgIamPolicyID) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/orgs/{org_id}/policies/orgiam" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.delete" }; } rpc GetIamMemberRoles(google.protobuf.Empty) returns (IamMemberRoles) { option (google.api.http) = { get: "/members/roles" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.member.read" }; } rpc AddIamMember(AddIamMemberRequest) returns (IamMember) { option (google.api.http) = { post: "/members" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.member.write" }; } rpc ChangeIamMember(ChangeIamMemberRequest) returns (IamMember) { option (google.api.http) = { put: "/members/{user_id}" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.member.write" }; } rpc RemoveIamMember(RemoveIamMemberRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/members/{user_id}" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.member.delete" }; } rpc SearchIamMembers(IamMemberSearchRequest) returns (IamMemberSearchResponse) { option (google.api.http) = { post: "/members/_search" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.member.read" }; } rpc GetViews(google.protobuf.Empty) returns (Views) { option (google.api.http) = { get: "/views" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.read" }; } rpc ClearView(ViewID) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/views/{database}/{view_name}" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.write" }; } rpc GetFailedEvents(google.protobuf.Empty) returns (FailedEvents) { option (google.api.http) = { get: "/failedevents" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.read" }; } rpc RemoveFailedEvent(FailedEventID) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/failedevents/{database}/{view_name}/{failed_sequence}" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.write" }; } rpc IdpByID(IdpID) returns (IdpView) { option (google.api.http) = { get: "/idps/{id}" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.idp.read" }; } rpc CreateOidcIdp(OidcIdpConfigCreate) returns (Idp) { option (google.api.http) = { post: "/idps/oidc" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.idp.write" }; } rpc UpdateIdpConfig(IdpUpdate) returns (Idp) { option (google.api.http) = { put: "/idps/{id}" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.idp.write" }; } rpc DeactivateIdpConfig(IdpID) returns (google.protobuf.Empty) { option (google.api.http) = { put: "/idps/{id}/_deactivate" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.idp.write" }; } rpc ReactivateIdpConfig(IdpID) returns (google.protobuf.Empty) { option (google.api.http) = { put: "/idps/{id}/_reactivate" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.idp.write" }; } rpc RemoveIdpConfig(IdpID) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/idps/{id}" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.idp.write" }; } rpc UpdateOidcIdpConfig(OidcIdpConfigUpdate) returns (OidcIdpConfig) { option (google.api.http) = { put: "/idps/{idp_id}/oidcconfig" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.idp.write" }; } rpc SearchIdps(IdpSearchRequest) returns (IdpSearchResponse) { option (google.api.http) = { post: "/idps/_search" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.idp.read" }; } rpc GetDefaultLabelPolicy(google.protobuf.Empty) returns (DefaultLabelPolicyView) { option (google.api.http) = { get: "/policies/label" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.read" }; } rpc UpdateDefaultLabelPolicy(DefaultLabelPolicyUpdate) returns (DefaultLabelPolicy) { option (google.api.http) = { put: "/policies/label" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc GetDefaultLoginPolicy(google.protobuf.Empty) returns (DefaultLoginPolicyView) { option (google.api.http) = { get: "/policies/login" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.read" }; } rpc UpdateDefaultLoginPolicy(DefaultLoginPolicyRequest) returns (DefaultLoginPolicy) { option (google.api.http) = { put: "/policies/login" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc GetDefaultLoginPolicyIdpProviders(IdpProviderSearchRequest) returns (IdpProviderSearchResponse) { option (google.api.http) = { post: "/policies/login/idpproviders/_search" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.read" }; } rpc AddIdpProviderToDefaultLoginPolicy(IdpProviderID) returns (IdpProviderID) { option (google.api.http) = { post: "/policies/login/idpproviders" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc RemoveIdpProviderFromDefaultLoginPolicy(IdpProviderID) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/policies/login/idpproviders/{idp_config_id}" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc GetDefaultLoginPolicySecondFactors(google.protobuf.Empty) returns (SecondFactorsResult) { option (google.api.http) = { get: "/policies/login/secondfactors/_search" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.read" }; } rpc AddSecondFactorToDefaultLoginPolicy(SecondFactor) returns (SecondFactor) { option (google.api.http) = { post: "/policies/login/secondfactors" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc RemoveSecondFactorFromDefaultLoginPolicy(SecondFactor) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/policies/login/secondfactors/{second_factor}" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc GetDefaultLoginPolicyMultiFactors(google.protobuf.Empty) returns (MultiFactorsResult) { option (google.api.http) = { get: "/policies/login/multifactors/_search" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.read" }; } rpc AddMultiFactorToDefaultLoginPolicy(MultiFactor) returns (MultiFactor) { option (google.api.http) = { post: "/policies/login/multifactors" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc RemoveMultiFactorFromDefaultLoginPolicy(MultiFactor) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/policies/login/multifactors/{multi_factor}" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc GetDefaultPasswordComplexityPolicy(google.protobuf.Empty) returns (DefaultPasswordComplexityPolicyView) { option (google.api.http) = { get: "/policies/password/complexity" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.read" }; } rpc UpdateDefaultPasswordComplexityPolicy(DefaultPasswordComplexityPolicyRequest) returns (DefaultPasswordComplexityPolicy) { option (google.api.http) = { put: "/policies/password/complexity" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc GetDefaultPasswordAgePolicy(google.protobuf.Empty) returns (DefaultPasswordAgePolicyView) { option (google.api.http) = { get: "/policies/password/age" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.read" }; } rpc UpdateDefaultPasswordAgePolicy(DefaultPasswordAgePolicyRequest) returns (DefaultPasswordAgePolicy) { option (google.api.http) = { put: "/policies/password/age" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc GetDefaultPasswordLockoutPolicy(google.protobuf.Empty) returns (DefaultPasswordLockoutPolicyView) { option (google.api.http) = { get: "/policies/password/lockout" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.read" }; } rpc UpdateDefaultPasswordLockoutPolicy(DefaultPasswordLockoutPolicyRequest) returns (DefaultPasswordLockoutPolicy) { option (google.api.http) = { put: "/policies/password/lockout" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } } message OrgID { string id = 1 [(validate.rules).string = {min_len: 1}]; } message UniqueOrgRequest { string name = 1 [(validate.rules).string.min_len = 1]; string domain = 2 [(validate.rules).string.min_len = 1]; } message UniqueOrgResponse { bool is_unique = 1; } message Org { string id = 1; OrgState state = 2; google.protobuf.Timestamp change_date = 3; string name = 4; string domain = 5; } enum OrgState { ORGSTATE_UNSPECIFIED = 0; ORGSTATE_ACTIVE = 1; ORGSTATE_INACTIVE = 2; } message OrgSearchRequest { uint64 offset = 1; uint64 limit = 2; OrgSearchKey sorting_column = 3 [(validate.rules).enum = {not_in: [0]}];; bool asc = 4; repeated OrgSearchQuery queries = 5; } message OrgSearchQuery { OrgSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];; OrgSearchMethod method = 2; string value = 3; } enum OrgSearchKey { ORGSEARCHKEY_UNSPECIFIED = 0; ORGSEARCHKEY_NAME = 1; ORGSEARCHKEY_DOMAIN = 2; ORGSEARCHKEY_STATE = 3; } message OrgSearchResponse { uint64 offset = 1; uint64 limit = 2; uint64 total_result = 3; repeated Org result = 4; uint64 processed_sequence = 5; google.protobuf.Timestamp view_timestamp = 6; } enum OrgSearchMethod { ORGSEARCHMETHOD_EQUALS = 0; ORGSEARCHMETHOD_STARTS_WITH = 1; ORGSEARCHMETHOD_CONTAINS = 2; } message OrgSetUpRequest { CreateOrgRequest org = 1 [(validate.rules).message.required = true]; CreateUserRequest user = 2 [(validate.rules).message.required = true]; } message OrgSetUpResponse { Org org = 1; UserResponse user = 2; } message CreateUserRequest { string user_name = 1 [(validate.rules).string.pattern = "^[^[:space:]]{1,200}$"]; oneof user { option (validate.required) = true; CreateHumanRequest human = 2; CreateMachineRequest machine = 3; } } message CreateHumanRequest { string first_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string last_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; string nick_name = 3 [(validate.rules).string = {max_len: 200}]; string preferred_language = 4 [(validate.rules).string = {max_len: 200}]; Gender gender = 5; string email = 6 [(validate.rules).string = {min_len: 1, max_len: 200, email: true}]; bool is_email_verified = 7; string phone = 8 [(validate.rules).string = {max_len: 20}]; bool is_phone_verified = 9; string country = 10 [(validate.rules).string = {max_len: 200}]; string locality = 11 [(validate.rules).string = {max_len: 200}]; string postal_code = 12 [(validate.rules).string = {max_len: 200}]; string region = 13 [(validate.rules).string = {max_len: 200}]; string street_address = 14 [(validate.rules).string = {max_len: 200}]; string password = 15 [(validate.rules).string = {max_len: 72}]; } message CreateMachineRequest { string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string description = 2 [(validate.rules).string = {max_len: 500}]; } message UserResponse { string id = 1; UserState state = 2; google.protobuf.Timestamp creation_date = 3; google.protobuf.Timestamp change_date = 4; uint64 sequence = 5; string user_name = 6; oneof user { option (validate.required) = true; HumanResponse human = 7; MachineResponse machine = 8; } } enum UserState { USERSTATE_UNSPECIFIED = 0; USERSTATE_ACTIVE = 1; USERSTATE_INACTIVE = 2; USERSTATE_DELETED = 3; USERSTATE_LOCKED = 4; USERSTATE_SUSPEND = 5; USERSTATE_INITIAL= 6; } enum Gender { GENDER_UNSPECIFIED = 0; GENDER_FEMALE = 1; GENDER_MALE = 2; GENDER_DIVERSE = 3; } message HumanResponse { string first_name = 1; string last_name = 2; string display_name = 3; string nick_name = 4; string preferred_language = 5; Gender gender = 6; string email = 7; bool is_email_verified = 8; string phone = 9; bool is_phone_verified = 10; string country = 11; string locality = 12; string postal_code = 13; string region = 14; string street_address = 15; } message MachineResponse { string name = 1; string description = 2; repeated MachineKeyResponse keys = 3; } message MachineKeyResponse { string id = 1; MachineKeyType type = 2; uint64 sequence = 3; google.protobuf.Timestamp creation_date = 4; google.protobuf.Timestamp expiration_date = 5; } enum MachineKeyType { MACHINEKEY_UNSPECIFIED = 0; MACHINEKEY_JSON = 1; } message CreateOrgRequest { string name = 1 [(validate.rules).string.min_len = 1]; string domain = 2; } message OrgIamPolicy { string org_id = 1; bool user_login_must_be_domain = 2; bool default = 3; uint64 sequence = 4; google.protobuf.Timestamp change_date = 5; } message OrgIamPolicyView { string org_id = 1; bool user_login_must_be_domain = 2; bool default = 3; uint64 sequence = 4; google.protobuf.Timestamp creation_date = 5; google.protobuf.Timestamp change_date = 6; } message OrgIamPolicyRequest { string org_id = 1 [(validate.rules).string = {min_len: 1}]; string description = 2; bool user_login_must_be_domain = 3; } message OrgIamPolicyID { string org_id = 1 [(validate.rules).string = {min_len: 1}]; } message IamMemberRoles { repeated string roles = 1; } message IamMember { string user_id = 1; repeated string roles = 2; google.protobuf.Timestamp change_date = 3; uint64 sequence = 4; } message AddIamMemberRequest { string user_id = 1 [(validate.rules).string = {min_len: 1}]; repeated string roles = 2; } message ChangeIamMemberRequest { string user_id = 1 [(validate.rules).string = {min_len: 1}]; repeated string roles = 2; } message RemoveIamMemberRequest { string user_id = 1 [(validate.rules).string = {min_len: 1}]; } message IamMemberSearchResponse { uint64 offset = 1; uint64 limit = 2; uint64 total_result = 3; repeated IamMemberView result = 4; uint64 processed_sequence = 5; google.protobuf.Timestamp view_timestamp = 6; } message IamMemberView { string user_id = 1; repeated string roles = 2; google.protobuf.Timestamp change_date = 3; google.protobuf.Timestamp creation_date = 4; uint64 sequence = 5; string user_name = 6; string email = 7; string first_name = 8; string last_name = 9; string display_name = 10; } message IamMemberSearchRequest { uint64 offset = 1; uint64 limit = 2; repeated IamMemberSearchQuery queries = 3; } message IamMemberSearchQuery { IamMemberSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}]; SearchMethod method = 2; string value = 3; } enum IamMemberSearchKey { IAMMEMBERSEARCHKEY_UNSPECIFIED = 0; IAMMEMBERSEARCHKEY_FIRST_NAME = 1; IAMMEMBERSEARCHKEY_LAST_NAME = 2; IAMMEMBERSEARCHKEY_EMAIL = 3; IAMMEMBERSEARCHKEY_USER_ID = 4; } enum SearchMethod { SEARCHMETHOD_EQUALS = 0; SEARCHMETHOD_STARTS_WITH = 1; SEARCHMETHOD_CONTAINS = 2; SEARCHMETHOD_EQUALS_IGNORE_CASE = 3; SEARCHMETHOD_STARTS_WITH_IGNORE_CASE = 4; SEARCHMETHOD_CONTAINS_IGNORE_CASE = 5; SEARCHMETHOD_NOT_EQUALS = 6; SEARCHMETHOD_GREATER_THAN = 7; SEARCHMETHOD_LESS_THAN = 8; SEARCHMETHOD_IS_ONE_OF = 9; SEARCHMETHOD_LIST_CONTAINS = 10; } message FailedEventID { string database = 1 [(validate.rules).string = {min_len: 1}]; string view_name = 2 [(validate.rules).string = {min_len: 1}]; uint64 failed_sequence = 3; } message FailedEvents { repeated FailedEvent failed_events = 1; } message FailedEvent { string database = 1; string view_name = 2; uint64 failed_sequence = 3; uint64 failure_count = 4; string error_message = 5; } message ViewID { string database = 1 [(validate.rules).string = {min_len: 1}]; string view_name = 2 [(validate.rules).string = {min_len: 1}]; } message Views { repeated View views = 1; } message View { string database = 1; string view_name = 2; uint64 processed_sequence = 3; google.protobuf.Timestamp event_timestamp = 4; google.protobuf.Timestamp last_successful_spooler_run = 5; } message IdpID { string id = 1 [(validate.rules).string = {min_len: 1}]; } message Idp { string id = 1; IdpState state = 2; google.protobuf.Timestamp change_date = 3; string name = 4; IdpStylingType styling_type = 5; oneof idp_config { OidcIdpConfig oidc_config = 6; } uint64 sequence = 7; } message IdpUpdate { string id = 1 [(validate.rules).string = {min_len: 1}]; string name = 2; IdpStylingType styling_type = 3; } message OidcIdpConfig { string client_id = 1; string client_secret = 2; string issuer = 3; repeated string scopes = 4; } enum IdpStylingType { IDPSTYLINGTYPE_UNSPECIFIED = 0; IDPSTYLINGTYPE_GOOGLE = 1; } enum IdpState { IDPCONFIGSTATE_UNSPECIFIED = 0; IDPCONFIGSTATE_ACTIVE = 1; IDPCONFIGSTATE_INACTIVE = 2; } enum OIDCMappingField { OIDCMAPPINGFIELD_UNSPECIFIED = 0; OIDCMAPPINGFIELD_PREFERRED_USERNAME = 1; OIDCMAPPINGFIELD_EMAIL = 2; } message OidcIdpConfigCreate { string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; IdpStylingType styling_type = 2; string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}]; string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}]; string issuer = 5 [(validate.rules).string = {min_len: 1, max_len: 200}]; repeated string scopes = 6; OIDCMappingField idp_display_name_mapping = 7; OIDCMappingField username_mapping = 8; } message OidcIdpConfigUpdate { string idp_id = 1 [(validate.rules).string = {min_len: 1}]; string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; string client_secret = 3; string issuer = 4 [(validate.rules).string = {min_len: 1, max_len: 200}]; repeated string scopes = 5; OIDCMappingField idp_display_name_mapping = 6; OIDCMappingField username_mapping = 7; } message IdpSearchResponse { uint64 offset = 1; uint64 limit = 2; uint64 total_result = 3; repeated IdpView result = 4; uint64 processed_sequence = 5; google.protobuf.Timestamp view_timestamp = 6; } message IdpView { string id = 1; IdpState state = 2; google.protobuf.Timestamp creation_date = 3; google.protobuf.Timestamp change_date = 4; string name = 5; IdpStylingType styling_type = 6; oneof idp_config_view { OidcIdpConfigView oidc_config = 7; } uint64 sequence = 8; } message OidcIdpConfigView { string client_id = 1; string issuer = 2; repeated string scopes = 3; OIDCMappingField idp_display_name_mapping = 4; OIDCMappingField username_mapping = 5; } message IdpSearchRequest { uint64 offset = 1; uint64 limit = 2; repeated IdpSearchQuery queries = 3; } message IdpSearchQuery { IdpSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}]; SearchMethod method = 2; string value = 3; } enum IdpSearchKey { IDPSEARCHKEY_UNSPECIFIED = 0; IDPSEARCHKEY_IDP_CONFIG_ID = 1; IDPSEARCHKEY_NAME = 2; } message DefaultLabelPolicy { string primary_color = 1; string secondary_color = 2; google.protobuf.Timestamp change_date = 3; } message DefaultLabelPolicyUpdate { string primary_color = 1; string secondary_color = 2; } message DefaultLabelPolicyView { string primary_color = 1; string secondary_color = 2; google.protobuf.Timestamp creation_date = 3; google.protobuf.Timestamp change_date = 4; } message DefaultLoginPolicy { bool allow_username_password = 1; bool allow_register = 2; bool allow_external_idp = 3; google.protobuf.Timestamp change_date = 4; bool force_mfa = 5; PasswordlessType passwordless_type = 6; } message DefaultLoginPolicyRequest { bool allow_username_password = 1; bool allow_register = 2; bool allow_external_idp = 3; bool force_mfa = 4; PasswordlessType passwordless_type = 5; } enum PasswordlessType { PASSWORDLESSTYPE_NOT_ALLOWED = 0; PASSWORDLESSTYPE_ALLOWED = 1; } message IdpProviderID { string idp_config_id = 1 [(validate.rules).string = {min_len: 1}]; } message DefaultLoginPolicyView { bool allow_username_password = 1; bool allow_register = 2; bool allow_external_idp = 3; google.protobuf.Timestamp creation_date = 4; google.protobuf.Timestamp change_date = 5; bool force_mfa = 6; PasswordlessType passwordless_type = 7; } message IdpProviderView { string idp_config_id = 1; string name = 2; IdpType type = 3; } enum IdpType { IDPTYPE_UNSPECIFIED = 0; IDPTYPE_OIDC = 1; IDPTYPE_SAML = 2; } message IdpProviderSearchResponse { uint64 offset = 1; uint64 limit = 2; uint64 total_result = 3; repeated IdpProviderView result = 4; uint64 processed_sequence = 5; google.protobuf.Timestamp view_timestamp = 6; } message IdpProviderSearchRequest { uint64 offset = 1; uint64 limit = 2; } message SecondFactorsResult { repeated SecondFactorType second_factors = 1; } message SecondFactor { SecondFactorType second_factor = 1; } enum SecondFactorType { SECONDFACTORTYPE_UNSPECIFIED = 0; SECONDFACTORTYPE_OTP = 1; SECONDFACTORTYPE_U2F = 2; } message MultiFactorsResult { repeated MultiFactorType multi_factors = 1; } message MultiFactor { MultiFactorType multi_factor = 1; } enum MultiFactorType { MULTIFACTORTYPE_UNSPECIFIED = 0; MULTIFACTORTYPE_U2F_WITH_PIN = 1; } message DefaultPasswordComplexityPolicy { uint64 min_length = 1; bool has_uppercase = 2; bool has_lowercase = 3; bool has_number = 4; bool has_symbol = 5; google.protobuf.Timestamp change_date = 6; } message DefaultPasswordComplexityPolicyRequest { uint64 min_length = 1; bool has_uppercase = 2; bool has_lowercase = 3; bool has_number = 4; bool has_symbol = 5; } message DefaultPasswordComplexityPolicyView { uint64 min_length = 1; bool has_uppercase = 2; bool has_lowercase = 3; bool has_number = 4; bool has_symbol = 5; google.protobuf.Timestamp creation_date = 6; google.protobuf.Timestamp change_date = 7; } message DefaultPasswordAgePolicy { uint64 max_age_days = 1; uint64 expire_warn_days = 2; google.protobuf.Timestamp change_date = 3; } message DefaultPasswordAgePolicyRequest { uint64 max_age_days = 1; uint64 expire_warn_days = 2; } message DefaultPasswordAgePolicyView { uint64 max_age_days = 1; uint64 expire_warn_days = 2; google.protobuf.Timestamp creation_date = 3; google.protobuf.Timestamp change_date = 4; } message DefaultPasswordLockoutPolicy { uint64 max_attempts = 1; bool show_lockout_failure = 2; google.protobuf.Timestamp change_date = 3; } message DefaultPasswordLockoutPolicyRequest { uint64 max_attempts = 1; bool show_lockout_failure = 2; } message DefaultPasswordLockoutPolicyView { uint64 max_attempts = 1; bool show_lockout_failure = 2; google.protobuf.Timestamp creation_date = 3; google.protobuf.Timestamp change_date = 4; }