mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
bb756482c7
* document analytics config
* rework configuration and docs
* describe HandleActiveInstances better
* describe active instances on quotas better
* only projected events are considered
* cleanup
* describe changes at runtime
* push milestones
* stop tracking events
* calculate and push 4 in 6 milestones
* reduce milestone pushed
* remove docs
* fix scheduled pseudo event projection
* push 5 in 6 milestones
* push 6 in 6 milestones
* ignore client ids
* fix text array contains
* push human readable milestone type
* statement unit tests
* improve dev and db performance
* organize imports
* cleanup
* organize imports
* test projection
* check rows.Err()
* test search query
* pass linting
* review
* test 4 milestones
* simplify milestone by instance ids query
* use type NamespacedCondition
* cleanup
* lint
* lint
* dont overwrite original error
* no opt-in in examples
* cleanup
* prerelease
* enable request headers
* make limit configurable
* review fixes
* only requeue special handlers secondly
* include integration tests
* Revert "include integration tests"
This reverts commit 96db9504ec
.
* pass reducers
* test handlers
* fix unit test
* feat: increment version
* lint
* remove prerelease
* fix integration tests
1133 lines
58 KiB
YAML
1133 lines
58 KiB
YAML
Log:
|
|
Level: info
|
|
Formatter:
|
|
Format: text
|
|
|
|
# Exposes metrics on /debug/metrics
|
|
Metrics:
|
|
# Select type otel (OpenTelemetry) or none (disables collection and endpoint)
|
|
Type: otel
|
|
|
|
Tracing:
|
|
# Choose one in "otel", "google", "log" and "none"
|
|
Type: none
|
|
Fraction: 1.0
|
|
MetricPrefix: zitadel
|
|
|
|
Telemetry:
|
|
# As long as Enabled is true, ZITADEL tries to send usage data to the configured Telemetry.Endpoints.
|
|
# Data is projected by ZITADEL even if Enabled is false.
|
|
# This means that switching this to true makes ZITADEL try to send past data.
|
|
Enabled: false
|
|
# Push telemetry data to all these endpoints at least once using an HTTP POST request.
|
|
# If one endpoint returns an unsuccessful response code or times out,
|
|
# ZITADEL retries to push the data point to all configured endpoints until it succeeds.
|
|
# Configure delivery guarantees and intervals in the section Projections.Customizations.Telemetry
|
|
# The endpoints can be reconfigured at runtime.
|
|
# Ten redirects are followed.
|
|
# If you change this configuration at runtime, remaining data that is not successfully delivered to the old endpoints is sent to the new endpoints.
|
|
Endpoints:
|
|
- https://httpbin.org/post
|
|
# These headers are sent with every request to the configured endpoints.
|
|
Headers:
|
|
# single-value: "single-value"
|
|
# multi-value:
|
|
# - "multi-value-1"
|
|
# - "multi-value-2"
|
|
# The maximum number of data points that are queried before they are sent to the configured endpoints.
|
|
Limit: 100 # ZITADEL_TELEMETRY_LIMIT
|
|
|
|
# Port ZITADEL will listen on
|
|
Port: 8080
|
|
# Port ZITADEL is exposed on, it can differ from port e.g. if you proxy the traffic
|
|
# !!! Changing this after initial setup breaks your system !!!
|
|
ExternalPort: 8080
|
|
# Domain / hostname ZITADEL is exposed externally
|
|
# !!! Changing this after initial setup breaks your system !!!
|
|
ExternalDomain: localhost
|
|
# specifies if ZITADEL is exposed externally through TLS
|
|
# this must be set to true even if TLS is not enabled on ZITADEL itself
|
|
# but TLS traffic is terminated on a reverse proxy
|
|
# !!! Changing this after initial setup breaks your system !!!
|
|
ExternalSecure: true
|
|
TLS:
|
|
# if enabled, ZITADEL will serve all traffic over TLS (HTTPS and gRPC)
|
|
# you must then also provide a private key and certificate to be used for the connection
|
|
# either directly or by a path to the corresponding file
|
|
Enabled: true
|
|
# Path to the private key of the TLS certificate, it will be loaded into the Key
|
|
# and overwrite any exising value
|
|
KeyPath: #/path/to/key/file.pem
|
|
# Private key of the TLS certificate (KeyPath will this overwrite, if specified)
|
|
Key: #<bas64 encoded content of a pem file>
|
|
# Path to the certificate for the TLS connection, it will be loaded into the Cert
|
|
# and overwrite any exising value
|
|
CertPath: #/path/to/cert/file.pem
|
|
# Certificate for the TLS connection (CertPath will this overwrite, if specified)
|
|
Cert: #<bas64 encoded content of a pem file>
|
|
|
|
# Header name of HTTP2 (incl. gRPC) calls from which the instance will be matched
|
|
HTTP2HostHeader: ":authority"
|
|
# Header name of HTTP1 calls from which the instance will be matched
|
|
HTTP1HostHeader: "host"
|
|
|
|
WebAuthNName: ZITADEL
|
|
|
|
Database:
|
|
# CockroachDB is the default datbase of ZITADEL
|
|
cockroach:
|
|
Host: localhost
|
|
Port: 26257
|
|
Database: zitadel
|
|
MaxOpenConns: 20
|
|
MaxIdleConns: 10
|
|
MaxConnLifetime: 30m
|
|
MaxConnIdleTime: 5m
|
|
Options: ""
|
|
User:
|
|
Username: zitadel
|
|
Password: ""
|
|
SSL:
|
|
Mode: disable
|
|
RootCert: ""
|
|
Cert: ""
|
|
Key: ""
|
|
Admin:
|
|
Username: root
|
|
Password: ""
|
|
SSL:
|
|
Mode: disable
|
|
RootCert: ""
|
|
Cert: ""
|
|
Key: ""
|
|
# Postgres is used as soon as a value is set
|
|
# The values describe the possible fields to set values
|
|
postgres:
|
|
Host:
|
|
Port:
|
|
Database:
|
|
MaxOpenConns:
|
|
MaxIdleConns:
|
|
MaxConnLifetime:
|
|
MaxConnIdleTime:
|
|
Options:
|
|
User:
|
|
Username:
|
|
Password:
|
|
SSL:
|
|
Mode:
|
|
RootCert:
|
|
Cert:
|
|
Key:
|
|
Admin:
|
|
Username:
|
|
Password:
|
|
SSL:
|
|
Mode:
|
|
RootCert:
|
|
Cert:
|
|
Key:
|
|
|
|
Machine:
|
|
# Cloud hosted VMs need to specify their metadata endpoint so that the machine can be uniquely identified.
|
|
Identification:
|
|
# Use private IP to identify machines uniquely
|
|
PrivateIp:
|
|
Enabled: true
|
|
# Use hostname to identify machines uniquely
|
|
# You want the process to be identified uniquely, so this works well in k8s where each pod gets its own
|
|
# unique host name, but not as well in some other hosting environments.
|
|
Hostname:
|
|
Enabled: false
|
|
# Use a webhook response to identify machines uniquely
|
|
# Google Cloud Configuration
|
|
Webhook:
|
|
Enabled: true
|
|
Url: "http://metadata.google.internal/computeMetadata/v1/instance/id"
|
|
Headers:
|
|
"Metadata-Flavor": "Google"
|
|
#
|
|
# AWS EC2 IMDSv1 Configuration: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
|
|
# Webhook:
|
|
# Url: "http://169.254.169.254/latest/meta-data/ami-id"
|
|
#
|
|
# AWS ECS v4 Configuration: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint-v4.html
|
|
# Webhook:
|
|
# Url: "${ECS_CONTAINER_METADATA_URI_V4}"
|
|
# JPath: "$.DockerId"
|
|
#
|
|
# Azure Configuration: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=linux
|
|
# Webhook:
|
|
# Url: "http://169.254.169.254/metadata/instance?api-version=2021-02-01"
|
|
# JPath: "$.compute.vmId"
|
|
|
|
# Storage for assets like user avatar, organization logo, icon, font, ...
|
|
AssetStorage:
|
|
Type: db
|
|
# HTTP cache control settings for serving assets in the assets API and login UI
|
|
# the assets will also be served with an etag and last-modified header
|
|
Cache:
|
|
MaxAge: 5s
|
|
SharedMaxAge: 168h #7d
|
|
|
|
# The Projections section defines the behaviour for the scheduled and synchronous events projections.
|
|
Projections:
|
|
# Time interval between scheduled projections
|
|
RequeueEvery: 60s
|
|
# Time between retried database statements resulting from projected events
|
|
RetryFailedAfter: 1s
|
|
# Retried execution number of database statements resulting from projected events
|
|
MaxFailureCount: 5
|
|
# Number of concurrent projection routines. Values of 0 and below are overwritten to 1
|
|
ConcurrentInstances: 1
|
|
# Limit of returned events per query
|
|
BulkLimit: 200
|
|
# Only instance are projected, for which at least a projection relevant event exists withing the timeframe
|
|
# from HandleActiveInstances duration in the past until the projections current time
|
|
# Defaults to twice the RequeueEvery duration
|
|
HandleActiveInstances: 120s
|
|
# In the Customizations section, all settings from above can be overwritten for each specific projection
|
|
Customizations:
|
|
Projects:
|
|
BulkLimit: 2000
|
|
# The Notifications projection is used for sending emails and SMS to users
|
|
Notifications:
|
|
# As notification projections don't result in database statements, retries don't have any effects
|
|
MaxFailureCount: 0
|
|
# The NotificationsQuotas projection is used for calling quota webhooks
|
|
NotificationsQuotas:
|
|
# In case of failed deliveries, ZITADEL retries to send the data points to the configured endpoints, but only for active instances.
|
|
# An instance is active, as long as there are projected events on the instance, that are not older than the HandleActiveInstances duration.
|
|
# Delivery guarantee requirements are higher for quota webhooks
|
|
# Defaults to 45 days
|
|
HandleActiveInstances: 1080h
|
|
# As quota notification projections don't result in database statements, retries don't have any effects
|
|
MaxFailureCount: 0
|
|
# Quota notifications are not so time critical. Setting RequeueEvery every five minutes doesn't annoy the database too much.
|
|
RequeueEvery: 300s
|
|
Telemetry:
|
|
# In case of failed deliveries, ZITADEL retries to send the data points to the configured endpoints, but only for active instances.
|
|
# An instance is active, as long as there are projected events on the instance, that are not older than the HandleActiveInstances duration.
|
|
# Telemetry delivery guarantee requirements are a bit higher than normal data projections, as they are not interactively retryable.
|
|
# Defaults to 15 days
|
|
HandleActiveInstances: 360h
|
|
# As sending telemetry data doesn't result in database statements, retries don't have any effects
|
|
MaxFailureCount: 0
|
|
# Telemetry data synchronization is not time critical. Setting RequeueEvery to 55 minutes doesn't annoy the database too much.
|
|
RequeueEvery: 3300s
|
|
|
|
Auth:
|
|
SearchLimit: 1000
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
ConcurrentInstances: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
Admin:
|
|
SearchLimit: 1000
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
ConcurrentInstances: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
UserAgentCookie:
|
|
Name: zitadel.useragent
|
|
MaxAge: 8760h #365*24h (1 year)
|
|
|
|
OIDC:
|
|
CodeMethodS256: true
|
|
AuthMethodPost: true
|
|
AuthMethodPrivateKeyJWT: true
|
|
GrantTypeRefreshToken: true
|
|
RequestObjectSupported: true
|
|
SigningKeyAlgorithm: RS256
|
|
# Sets the default values for lifetime and expiration for OIDC
|
|
# This default can be overwritten in the default instance configuration and for each instance during runtime
|
|
# !!! Changing this after initial setup will have no impact without a restart !!!
|
|
DefaultAccessTokenLifetime: 12h
|
|
DefaultIdTokenLifetime: 12h
|
|
DefaultRefreshTokenIdleExpiration: 720h #30d
|
|
DefaultRefreshTokenExpiration: 2160h #90d
|
|
Cache:
|
|
MaxAge: 12h
|
|
SharedMaxAge: 168h #7d
|
|
CustomEndpoints:
|
|
Auth:
|
|
Path: /oauth/v2/authorize
|
|
Token:
|
|
Path: /oauth/v2/token
|
|
Introspection:
|
|
Path: /oauth/v2/introspect
|
|
Userinfo:
|
|
Path: /oidc/v1/userinfo
|
|
Revocation:
|
|
Path: /oauth/v2/revoke
|
|
EndSession:
|
|
Path: /oidc/v1/end_session
|
|
Keys:
|
|
Path: /oauth/v2/keys
|
|
DeviceAuth:
|
|
Path: /oauth/v2/device_authorization
|
|
|
|
SAML:
|
|
ProviderConfig:
|
|
MetadataConfig:
|
|
Path: "/metadata"
|
|
SignatureAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
|
|
IDPConfig:
|
|
SignatureAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
|
|
WantAuthRequestsSigned: true
|
|
Endpoints:
|
|
#Organisation:
|
|
# Name: ZITADEL
|
|
# URL: https://zitadel.com
|
|
#ContactPerson:
|
|
# ContactType: "technical"
|
|
# Company: ZITADEL
|
|
# EmailAddress: hi@zitadel.com
|
|
|
|
Login:
|
|
LanguageCookieName: zitadel.login.lang
|
|
CSRFCookieName: zitadel.login.csrf
|
|
Cache:
|
|
MaxAge: 12h
|
|
SharedMaxAge: 168h #7d
|
|
|
|
Console:
|
|
ShortCache:
|
|
MaxAge: 0m
|
|
SharedMaxAge: 5m
|
|
LongCache:
|
|
MaxAge: 12h
|
|
SharedMaxAge: 168h #7d
|
|
InstanceManagementURL: ""
|
|
|
|
Notification:
|
|
Repository:
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
ConcurrentInstances: 10
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
Handlers:
|
|
|
|
EncryptionKeys:
|
|
DomainVerification:
|
|
EncryptionKeyID: "domainVerificationKey"
|
|
DecryptionKeyIDs:
|
|
IDPConfig:
|
|
EncryptionKeyID: "idpConfigKey"
|
|
DecryptionKeyIDs:
|
|
OIDC:
|
|
EncryptionKeyID: "oidcKey"
|
|
DecryptionKeyIDs:
|
|
SAML:
|
|
EncryptionKeyID: "samlKey"
|
|
DecryptionKeyIDs:
|
|
OTP:
|
|
EncryptionKeyID: "otpKey"
|
|
DecryptionKeyIDs:
|
|
SMS:
|
|
EncryptionKeyID: "smsKey"
|
|
DecryptionKeyIDs:
|
|
SMTP:
|
|
EncryptionKeyID: "smtpKey"
|
|
DecryptionKeyIDs:
|
|
User:
|
|
EncryptionKeyID: "userKey"
|
|
DecryptionKeyIDs:
|
|
CSRFCookieKeyID: "csrfCookieKey"
|
|
UserAgentCookieKeyID: "userAgentCookieKey"
|
|
|
|
SystemAPIUsers:
|
|
# add keys for authentication of the systemAPI here:
|
|
# you can specify any name for the user, but they will have to match the `issuer` and `sub` claim in the JWT:
|
|
# - superuser:
|
|
# Path: /path/to/superuser/key.pem # you can provide the key either by reference with the path
|
|
# - superuser2:
|
|
# KeyData: <base64 encoded key> # or you can directly embed it as base64 encoded value
|
|
|
|
#TODO: remove as soon as possible
|
|
SystemDefaults:
|
|
SecretGenerators:
|
|
PasswordSaltCost: 14
|
|
MachineKeySize: 2048
|
|
ApplicationKeySize: 2048
|
|
Multifactors:
|
|
OTP:
|
|
# If this is empty, the issuer is the requested domain
|
|
# This is helpful in scenarios with multiple ZITADEL environments or virtual instances
|
|
Issuer: "ZITADEL"
|
|
DomainVerification:
|
|
VerificationGenerator:
|
|
Length: 32
|
|
IncludeLowerLetters: true
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
Notifications:
|
|
FileSystemPath: ".notifications/"
|
|
KeyConfig:
|
|
Size: 2048
|
|
CertificateSize: 4096
|
|
PrivateKeyLifetime: 6h
|
|
PublicKeyLifetime: 30h
|
|
CertificateLifetime: 8766h
|
|
|
|
Actions:
|
|
HTTP:
|
|
# wildcard sub domains are currently unsupported
|
|
DenyList:
|
|
- localhost
|
|
- "127.0.0.1"
|
|
|
|
LogStore:
|
|
Access:
|
|
Database:
|
|
# If enabled, all access logs are stored in the database table logstore.access
|
|
Enabled: false
|
|
# Logs that are older than the keep duration are cleaned up continuously
|
|
Keep: 2160h # 90 days
|
|
# CleanupInterval defines the time between cleanup iterations
|
|
CleanupInterval: 4h
|
|
# Debouncing enables to asynchronously emit log entries, so the normal execution performance is not impaired
|
|
# Log entries are held in-memory until one of the conditions MinFrequency or MaxBulkSize meets.
|
|
Debounce:
|
|
MinFrequency: 2m
|
|
MaxBulkSize: 100
|
|
Stdout:
|
|
# If enabled, all access logs are printed to the binaries standard output
|
|
Enabled: false
|
|
# Debouncing enables to asynchronously emit log entries, so the normal execution performance is not impaired
|
|
# Log entries are held in-memory until one of the conditions MinFrequency or MaxBulkSize meets.
|
|
Debounce:
|
|
MinFrequency: 0s
|
|
MaxBulkSize: 0
|
|
Execution:
|
|
Database:
|
|
# If enabled, all action execution logs are stored in the database table logstore.execution
|
|
Enabled: false
|
|
# Logs that are older than the keep duration are cleaned up continuously
|
|
Keep: 2160h # 90 days
|
|
# CleanupInterval defines the time between cleanup iterations
|
|
CleanupInterval: 4h
|
|
# Debouncing enables to asynchronously emit log entries, so the normal execution performance is not impaired
|
|
# Log entries are held in-memory until one of the conditions MinFrequency or MaxBulkSize meets.
|
|
Debounce:
|
|
MinFrequency: 0s
|
|
MaxBulkSize: 0
|
|
Stdout:
|
|
# If enabled, all execution logs are printed to the binaries standard output
|
|
Enabled: true
|
|
# Debouncing enables to asynchronously emit log entries, so the normal execution performance is not impaired
|
|
# Log entries are held in-memory until one of the conditions MinFrequency or MaxBulkSize meets.
|
|
Debounce:
|
|
MinFrequency: 0s
|
|
MaxBulkSize: 0
|
|
|
|
Quotas:
|
|
Access:
|
|
ExhaustedCookieKey: "zitadel.quota.exhausted"
|
|
ExhaustedCookieMaxAge: "300s"
|
|
|
|
Eventstore:
|
|
PushTimeout: 15s
|
|
AllowOrderByCreationDate: false
|
|
|
|
DefaultInstance:
|
|
InstanceName:
|
|
DefaultLanguage: en
|
|
Org:
|
|
Name:
|
|
Human:
|
|
# in case that UserLoginMustBeDomain is false (default) and if you don't overwrite the username with an email,
|
|
# it will be suffixed by the org domain (org-name + domain from config).
|
|
# for example: zitadel-admin in org `My Org` on domain.tld -> zitadel-admin@my-org.domain.tld
|
|
UserName: zitadel-admin
|
|
FirstName: ZITADEL
|
|
LastName: Admin
|
|
NickName:
|
|
DisplayName:
|
|
Email:
|
|
Address:
|
|
Verified: false
|
|
PreferredLanguage: en
|
|
Gender:
|
|
Phone:
|
|
Number:
|
|
Verified:
|
|
Password:
|
|
Machine:
|
|
Machine:
|
|
Username:
|
|
Name:
|
|
MachineKey:
|
|
ExpirationDate:
|
|
Type:
|
|
Pat:
|
|
ExpirationDate:
|
|
SecretGenerators:
|
|
PasswordSaltCost: 14
|
|
ClientSecret:
|
|
Length: 64
|
|
IncludeLowerLetters: true
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
InitializeUserCode:
|
|
Length: 6
|
|
Expiry: "72h"
|
|
IncludeLowerLetters: false
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
EmailVerificationCode:
|
|
Length: 6
|
|
Expiry: "1h"
|
|
IncludeLowerLetters: false
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
PhoneVerificationCode:
|
|
Length: 6
|
|
Expiry: "1h"
|
|
IncludeLowerLetters: false
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
PasswordVerificationCode:
|
|
Length: 6
|
|
Expiry: "1h"
|
|
IncludeLowerLetters: false
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
PasswordlessInitCode:
|
|
Length: 12
|
|
Expiry: "1h"
|
|
IncludeLowerLetters: true
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
DomainVerification:
|
|
Length: 32
|
|
IncludeLowerLetters: true
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
PasswordComplexityPolicy:
|
|
MinLength: 8
|
|
HasLowercase: true
|
|
HasUppercase: true
|
|
HasNumber: true
|
|
HasSymbol: true
|
|
PasswordAgePolicy:
|
|
ExpireWarnDays: 0
|
|
MaxAgeDays: 0
|
|
DomainPolicy:
|
|
UserLoginMustBeDomain: false
|
|
ValidateOrgDomains: true
|
|
SMTPSenderAddressMatchesInstanceDomain: false
|
|
LoginPolicy:
|
|
AllowUsernamePassword: true
|
|
AllowRegister: true
|
|
AllowExternalIDP: true
|
|
ForceMFA: false
|
|
HidePasswordReset: false
|
|
IgnoreUnknownUsernames: false
|
|
AllowDomainDiscovery: false
|
|
PasswordlessType: 1 #1: allowed 0: not allowed
|
|
DefaultRedirectURI: #empty because we use the Console UI
|
|
PasswordCheckLifetime: 240h #10d
|
|
ExternalLoginCheckLifetime: 240h #10d
|
|
MfaInitSkipLifetime: 720h #30d
|
|
SecondFactorCheckLifetime: 18h
|
|
MultiFactorCheckLifetime: 12h
|
|
PrivacyPolicy:
|
|
TOSLink: https://zitadel.com/docs/legal/terms-of-service
|
|
PrivacyLink: https://zitadel.com/docs/legal/privacy-policy
|
|
HelpLink: ""
|
|
SupportEmail: ""
|
|
NotificationPolicy:
|
|
PasswordChange: true
|
|
LabelPolicy:
|
|
PrimaryColor: "#5469d4"
|
|
BackgroundColor: "#fafafa"
|
|
WarnColor: "#cd3d56"
|
|
FontColor: "#000000"
|
|
PrimaryColorDark: "#2073c4"
|
|
BackgroundColorDark: "#111827"
|
|
WarnColorDark: "#ff3b5b"
|
|
FontColorDark: "#ffffff"
|
|
HideLoginNameSuffix: false
|
|
ErrorMsgPopup: false
|
|
DisableWatermark: false
|
|
LockoutPolicy:
|
|
MaxAttempts: 0
|
|
ShouldShowLockoutFailure: true
|
|
EmailTemplate: CjwhZG9jdHlwZSBodG1sPgo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCIgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSI+CjxoZWFkPgogIDx0aXRsZT4KCiAgPC90aXRsZT4KICA8IS0tW2lmICFtc29dPjwhLS0+CiAgPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1lZGdlIj4KICA8IS0tPCFbZW5kaWZdLS0+CiAgPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgiPgogIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MSI+CiAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KICAgICNvdXRsb29rIGEgeyBwYWRkaW5nOjA7IH0KICAgIGJvZHkgeyBtYXJnaW46MDtwYWRkaW5nOjA7LXdlYmtpdC10ZXh0LXNpemUtYWRqdXN0OjEwMCU7LW1zLXRleHQtc2l6ZS1hZGp1c3Q6MTAwJTsgfQogICAgdGFibGUsIHRkIHsgYm9yZGVyLWNvbGxhcHNlOmNvbGxhcHNlO21zby10YWJsZS1sc3BhY2U6MHB0O21zby10YWJsZS1yc3BhY2U6MHB0OyB9CiAgICBpbWcgeyBib3JkZXI6MDtoZWlnaHQ6YXV0bztsaW5lLWhlaWdodDoxMDAlOyBvdXRsaW5lOm5vbmU7dGV4dC1kZWNvcmF0aW9uOm5vbmU7LW1zLWludGVycG9sYXRpb24tbW9kZTpiaWN1YmljOyB9CiAgICBwIHsgZGlzcGxheTpibG9jazttYXJnaW46MTNweCAwOyB9CiAgPC9zdHlsZT4KICA8IS0tW2lmIG1zb10+CiAgPHhtbD4KICAgIDxvOk9mZmljZURvY3VtZW50U2V0dGluZ3M+CiAgICAgIDxvOkFsbG93UE5HLz4KICAgICAgPG86UGl4ZWxzUGVySW5jaD45NjwvbzpQaXhlbHNQZXJJbmNoPgogICAgPC9vOk9mZmljZURvY3VtZW50U2V0dGluZ3M+CiAgPC94bWw+CiAgPCFbZW5kaWZdLS0+CiAgPCEtLVtpZiBsdGUgbXNvIDExXT4KICA8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgogICAgLm1qLW91dGxvb2stZ3JvdXAtZml4IHsgd2lkdGg6MTAwJSAhaW1wb3J0YW50OyB9CiAgPC9zdHlsZT4KICA8IVtlbmRpZl0tLT4KCgogIDxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+CiAgICBAbWVkaWEgb25seSBzY3JlZW4gYW5kIChtaW4td2lkdGg6NDgwcHgpIHsKICAgICAgLm1qLWNvbHVtbi1wZXItMTAwIHsgd2lkdGg6MTAwJSAhaW1wb3J0YW50OyBtYXgtd2lkdGg6IDEwMCU7IH0KICAgICAgLm1qLWNvbHVtbi1wZXItNjAgeyB3aWR0aDo2MCUgIWltcG9ydGFudDsgbWF4LXdpZHRoOiA2MCU7IH0KICAgIH0KICA8L3N0eWxlPgoKCiAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KCgoKICAgIEBtZWRpYSBvbmx5IHNjcmVlbiBhbmQgKG1heC13aWR0aDo0ODBweCkgewogICAgICB0YWJsZS5tai1mdWxsLXdpZHRoLW1vYmlsZSB7IHdpZHRoOiAxMDAlICFpbXBvcnRhbnQ7IH0KICAgICAgdGQubWotZnVsbC13aWR0aC1tb2JpbGUgeyB3aWR0aDogYXV0byAhaW1wb3J0YW50OyB9CiAgICB9CgogIDwvc3R5bGU+CiAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj4uc2hhZG93IGEgewogICAgYm94LXNoYWRvdzogMHB4IDNweCAxcHggLTJweCByZ2JhKDAsIDAsIDAsIDAuMiksIDBweCAycHggMnB4IDBweCByZ2JhKDAsIDAsIDAsIDAuMTQpLCAwcHggMXB4IDVweCAwcHggcmdiYSgwLCAwLCAwLCAwLjEyKTsKICB9PC9zdHlsZT4KCiAge3tpZiAuRm9udFVSTH19CiAgPHN0eWxlPgogICAgQGZvbnQtZmFjZSB7CiAgICAgIGZvbnQtZmFtaWx5OiAne3suRm9udEZhY2VGYW1pbHl9fSc7CiAgICAgIGZvbnQtc3R5bGU6IG5vcm1hbDsKICAgICAgZm9udC1kaXNwbGF5OiBzd2FwOwogICAgICBzcmM6IHVybCh7ey5Gb250VVJMfX0pOwogICAgfQogIDwvc3R5bGU+CiAge3tlbmR9fQoKPC9oZWFkPgo8Ym9keSBzdHlsZT0id29yZC1zcGFjaW5nOm5vcm1hbDsiPgoKCjxkaXYKICAgICAgICBzdHlsZT0iIgo+CgogIDx0YWJsZQogICAgICAgICAgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHJvbGU9InByZXNlbnRhdGlvbiIgc3R5bGU9ImJhY2tncm91bmQ6e3suQmFja2dyb3VuZENvbG9yfX07YmFja2dyb3VuZC1jb2xvcjp7ey5CYWNrZ3JvdW5kQ29sb3J9fTt3aWR0aDoxMDAlO2JvcmRlci1yYWRpdXM6MTZweDsiCiAgPgogICAgPHRib2R5PgogICAgPHRyPgogICAgICA8dGQ+CgoKICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48dGFibGUgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIGNsYXNzPSIiIHN0eWxlPSJ3aWR0aDo4MDBweDsiIHdpZHRoPSI4MDAiID48dHI+PHRkIHN0eWxlPSJsaW5lLWhlaWdodDowcHg7Zm9udC1zaXplOjBweDttc28tbGluZS1oZWlnaHQtcnVsZTpleGFjdGx5OyI+PCFbZW5kaWZdLS0+CgoKICAgICAgICA8ZGl2ICBzdHlsZT0ibWFyZ2luOjBweCBhdXRvO2JvcmRlci1yYWRpdXM6MTZweDttYXgtd2lkdGg6ODAwcHg7Ij4KCiAgICAgICAgICA8dGFibGUKICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHJvbGU9InByZXNlbnRhdGlvbiIgc3R5bGU9IndpZHRoOjEwMCU7Ym9yZGVyLXJhZGl1czoxNnB4OyIKICAgICAgICAgID4KICAgICAgICAgICAgPHRib2R5PgogICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgPHRkCiAgICAgICAgICAgICAgICAgICAgICBzdHlsZT0iZGlyZWN0aW9uOmx0cjtmb250LXNpemU6MHB4O3BhZGRpbmc6MjBweCAwO3BhZGRpbmctbGVmdDowO3RleHQtYWxpZ246Y2VudGVyOyIKICAgICAgICAgICAgICA+CiAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCI+PHRyPjx0ZCBjbGFzcz0iIiB3aWR0aD0iODAwcHgiID48IVtlbmRpZl0tLT4KCiAgICAgICAgICAgICAgICA8dGFibGUKICAgICAgICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHJvbGU9InByZXNlbnRhdGlvbiIgc3R5bGU9IndpZHRoOjEwMCU7IgogICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICA8dGJvZHk+CiAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICA8dGQ+CgoKICAgICAgICAgICAgICAgICAgICAgIDwhLS1baWYgbXNvIHwgSUVdPjx0YWJsZSBhbGlnbj0iY2VudGVyIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgY2xhc3M9IiIgc3R5bGU9IndpZHRoOjgwMHB4OyIgd2lkdGg9IjgwMCIgPjx0cj48dGQgc3R5bGU9ImxpbmUtaGVpZ2h0OjBweDtmb250LXNpemU6MHB4O21zby1saW5lLWhlaWdodC1ydWxlOmV4YWN0bHk7Ij48IVtlbmRpZl0tLT4KCgogICAgICAgICAgICAgICAgICAgICAgPGRpdiAgc3R5bGU9Im1hcmdpbjowcHggYXV0bzttYXgtd2lkdGg6ODAwcHg7Ij4KCiAgICAgICAgICAgICAgICAgICAgICAgIDx0YWJsZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFsaWduPSJjZW50ZXIiIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIiByb2xlPSJwcmVzZW50YXRpb24iIHN0eWxlPSJ3aWR0aDoxMDAlOyIKICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4KICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3R5bGU9ImRpcmVjdGlvbjpsdHI7Zm9udC1zaXplOjBweDtwYWRkaW5nOjA7dGV4dC1hbGlnbjpjZW50ZXI7IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCI+PHRyPjx0ZCBjbGFzcz0iIiBzdHlsZT0id2lkdGg6ODAwcHg7IiA+PCFbZW5kaWZdLS0+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9Im1qLWNvbHVtbi1wZXItMTAwIG1qLW91dGxvb2stZ3JvdXAtZml4IiBzdHlsZT0iZm9udC1zaXplOjA7bGluZS1oZWlnaHQ6MDt0ZXh0LWFsaWduOmxlZnQ7ZGlzcGxheTppbmxpbmUtYmxvY2s7d2lkdGg6MTAwJTtkaXJlY3Rpb246bHRyOyIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwhLS1baWYgbXNvIHwgSUVdPjx0YWJsZSBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgcm9sZT0icHJlc2VudGF0aW9uIiA+PHRyPjx0ZCBzdHlsZT0idmVydGljYWwtYWxpZ246dG9wO3dpZHRoOjgwMHB4OyIgPjwhW2VuZGlmXS0tPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0ibWotY29sdW1uLXBlci0xMDAgbWotb3V0bG9vay1ncm91cC1maXgiIHN0eWxlPSJmb250LXNpemU6MHB4O3RleHQtYWxpZ246bGVmdDtkaXJlY3Rpb246bHRyO2Rpc3BsYXk6aW5saW5lLWJsb2NrO3ZlcnRpY2FsLWFsaWduOnRvcDt3aWR0aDoxMDAlOyIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRhYmxlCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIiByb2xlPSJwcmVzZW50YXRpb24iIHdpZHRoPSIxMDAlIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGJvZHk+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgIHN0eWxlPSJ2ZXJ0aWNhbC1hbGlnbjp0b3A7cGFkZGluZzowOyI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB7e2lmIC5Mb2dvVVJMfX0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0YWJsZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgcm9sZT0icHJlc2VudGF0aW9uIiBzdHlsZT0iIiB3aWR0aD0iMTAwJSIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRib2R5PgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgc3R5bGU9ImZvbnQtc2l6ZTowcHg7cGFkZGluZzo1MHB4IDAgMzBweCAwO3dvcmQtYnJlYWs6YnJlYWstd29yZDsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0YWJsZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgcm9sZT0icHJlc2VudGF0aW9uIiBzdHlsZT0iYm9yZGVyLWNvbGxhcHNlOmNvbGxhcHNlO2JvcmRlci1zcGFjaW5nOjBweDsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCAgc3R5bGU9IndpZHRoOjE4MHB4OyI+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGltZwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBoZWlnaHQ9ImF1dG8iIHNyYz0ie3suTG9nb1VSTH19IiBzdHlsZT0iYm9yZGVyOjA7Ym9yZGVyLXJhZGl1czo4cHg7ZGlzcGxheTpibG9jaztvdXRsaW5lOm5vbmU7dGV4dC1kZWNvcmF0aW9uOm5vbmU7aGVpZ2h0OmF1dG87d2lkdGg6MTAwJTtmb250LXNpemU6MTNweDsiIHdpZHRoPSIxODAiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAvPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Rib2R5PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90YWJsZT4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAge3tlbmR9fQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPCEtLVtpZiBtc28gfCBJRV0+PC90ZD48L3RyPjwvdGFibGU+PCFbZW5kaWZdLS0+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPCEtLVtpZiBtc28gfCBJRV0+PC90ZD48L3RyPjwvdGFibGU+PCFbZW5kaWZdLS0+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90Ym9keT4KICAgICAgICAgICAgICAgICAgICAgICAgPC90YWJsZT4KCiAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KCgogICAgICAgICAgICAgICAgICAgICAgPCEtLVtpZiBtc28gfCBJRV0+PC90ZD48L3RyPjwvdGFibGU+PCFbZW5kaWZdLS0+CgoKICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICA8L3Rib2R5PgogICAgICAgICAgICAgICAgPC90YWJsZT4KCiAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iIiB3aWR0aD0iODAwcHgiID48IVtlbmRpZl0tLT4KCiAgICAgICAgICAgICAgICA8dGFibGUKICAgICAgICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHJvbGU9InByZXNlbnRhdGlvbiIgc3R5bGU9IndpZHRoOjEwMCU7IgogICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICA8dGJvZHk+CiAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICA8dGQ+CgoKICAgICAgICAgICAgICAgICAgICAgIDwhLS1baWYgbXNvIHwgSUVdPjx0YWJsZSBhbGlnbj0iY2VudGVyIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgY2xhc3M9IiIgc3R5bGU9IndpZHRoOjgwMHB4OyIgd2lkdGg9IjgwMCIgPjx0cj48dGQgc3R5bGU9ImxpbmUtaGVpZ2h0OjBweDtmb250LXNpemU6MHB4O21zby1saW5lLWhlaWdodC1ydWxlOmV4YWN0bHk7Ij48IVtlbmRpZl0tLT4KCgogICAgICAgICAgICAgICAgICAgICAgPGRpdiAgc3R5bGU9Im1hcmdpbjowcHggYXV0bzttYXgtd2lkdGg6ODAwcHg7Ij4KCiAgICAgICAgICAgICAgICAgICAgICAgIDx0YWJsZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFsaWduPSJjZW50ZXIiIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIiByb2xlPSJwcmVzZW50YXRpb24iIHN0eWxlPSJ3aWR0aDoxMDAlOyIKICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4KICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3R5bGU9ImRpcmVjdGlvbjpsdHI7Zm9udC1zaXplOjBweDtwYWRkaW5nOjA7dGV4dC1hbGlnbjpjZW50ZXI7IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCI+PHRyPjx0ZCBjbGFzcz0iIiBzdHlsZT0idmVydGljYWwtYWxpZ246dG9wO3dpZHRoOjQ4MHB4OyIgPjwhW2VuZGlmXS0tPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNsYXNzPSJtai1jb2x1bW4tcGVyLTYwIG1qLW91dGxvb2stZ3JvdXAtZml4IiBzdHlsZT0iZm9udC1zaXplOjBweDt0ZXh0LWFsaWduOmxlZnQ7ZGlyZWN0aW9uOmx0cjtkaXNwbGF5OmlubGluZS1ibG9jazt2ZXJ0aWNhbC1hbGlnbjp0b3A7d2lkdGg6MTAwJTsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRhYmxlCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgcm9sZT0icHJlc2VudGF0aW9uIiB3aWR0aD0iMTAwJSIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGJvZHk+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCAgc3R5bGU9InZlcnRpY2FsLWFsaWduOnRvcDtwYWRkaW5nOjA7Ij4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRhYmxlCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgcm9sZT0icHJlc2VudGF0aW9uIiBzdHlsZT0iIiB3aWR0aD0iMTAwJSIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGJvZHk+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhbGlnbj0iY2VudGVyIiBzdHlsZT0iZm9udC1zaXplOjBweDtwYWRkaW5nOjEwcHggMjVweDt3b3JkLWJyZWFrOmJyZWFrLXdvcmQ7IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN0eWxlPSJmb250LWZhbWlseTp7ey5Gb250RmFtaWx5fX07Zm9udC1zaXplOjI0cHg7Zm9udC13ZWlnaHQ6NTAwO2xpbmUtaGVpZ2h0OjE7dGV4dC1hbGlnbjpjZW50ZXI7Y29sb3I6e3suRm9udENvbG9yfX07IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID57ey5HcmVldGluZ319PC9kaXY+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFsaWduPSJjZW50ZXIiIHN0eWxlPSJmb250LXNpemU6MHB4O3BhZGRpbmc6MTBweCAyNXB4O3dvcmQtYnJlYWs6YnJlYWstd29yZDsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3R5bGU9ImZvbnQtZmFtaWx5Ont7LkZvbnRGYW1pbHl9fTtmb250LXNpemU6MTZweDtmb250LXdlaWdodDpsaWdodDtsaW5lLWhlaWdodDoxLjU7dGV4dC1hbGlnbjpjZW50ZXI7Y29sb3I6e3suRm9udENvbG9yfX07IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID57ey5UZXh0fX08L2Rpdj4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPgoKCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFsaWduPSJjZW50ZXIiIHZlcnRpY2FsLWFsaWduPSJtaWRkbGUiIGNsYXNzPSJzaGFkb3ciIHN0eWxlPSJmb250LXNpemU6MHB4O3BhZGRpbmc6MTBweCAyNXB4O3dvcmQtYnJlYWs6YnJlYWstd29yZDsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRhYmxlCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgcm9sZT0icHJlc2VudGF0aW9uIiBzdHlsZT0iYm9yZGVyLWNvbGxhcHNlOnNlcGFyYXRlO2xpbmUtaGVpZ2h0OjEwMCU7IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgYmdjb2xvcj0ie3suUHJpbWFyeUNvbG9yfX0iIHJvbGU9InByZXNlbnRhdGlvbiIgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1yYWRpdXM6NnB4O2N1cnNvcjphdXRvO21zby1wYWRkaW5nLWFsdDoxMHB4IDI1cHg7YmFja2dyb3VuZDp7ey5QcmltYXJ5Q29sb3J9fTsiIHZhbGlnbj0ibWlkZGxlIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGEKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhyZWY9Int7LlVSTH19IiByZWw9Im5vb3BlbmVyIG5vcmVmZXJyZXIgbm90cmFjayIgc3R5bGU9ImRpc3BsYXk6aW5saW5lLWJsb2NrO2JhY2tncm91bmQ6e3suUHJpbWFyeUNvbG9yfX07Y29sb3I6I2ZmZmZmZjtmb250LWZhbWlseTp7ey5Gb250RmFtaWx5fX07Zm9udC1zaXplOjE0cHg7Zm9udC13ZWlnaHQ6NTAwO2xpbmUtaGVpZ2h0OjEyMCU7bWFyZ2luOjA7dGV4dC1kZWNvcmF0aW9uOm5vbmU7dGV4dC10cmFuc2Zvcm06bm9uZTtwYWRkaW5nOjEwcHggMjVweDttc28tcGFkZGluZy1hbHQ6MHB4O2JvcmRlci1yYWRpdXM6NnB4OyIgdGFyZ2V0PSJfYmxhbmsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAge3suQnV0dG9uVGV4dH19CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9hPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB7e2lmIC5JbmNsdWRlRm9vdGVyfX0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgc3R5bGU9ImZvbnQtc2l6ZTowcHg7cGFkZGluZzoxMHB4IDI1cHg7cGFkZGluZy10b3A6MjBweDtwYWRkaW5nLXJpZ2h0OjIwcHg7cGFkZGluZy1ib3R0b206MjBweDtwYWRkaW5nLWxlZnQ6MjBweDt3b3JkLWJyZWFrOmJyZWFrLXdvcmQ7IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzdHlsZT0iYm9yZGVyLXRvcDpzb2xpZCAycHggI2RiZGJkYjtmb250LXNpemU6MXB4O21hcmdpbjowcHggYXV0bzt3aWR0aDoxMDAlOyIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9wPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48dGFibGUgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHN0eWxlPSJib3JkZXItdG9wOnNvbGlkIDJweCAjZGJkYmRiO2ZvbnQtc2l6ZToxcHg7bWFyZ2luOjBweCBhdXRvO3dpZHRoOjQ0MHB4OyIgcm9sZT0icHJlc2VudGF0aW9uIiB3aWR0aD0iNDQwcHgiID48dHI+PHRkIHN0eWxlPSJoZWlnaHQ6MDtsaW5lLWhlaWdodDowOyI+ICZuYnNwOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+PC90cj48L3RhYmxlPjwhW2VuZGlmXS0tPgoKCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgc3R5bGU9ImZvbnQtc2l6ZTowcHg7cGFkZGluZzoxNnB4O3dvcmQtYnJlYWs6YnJlYWstd29yZDsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3R5bGU9ImZvbnQtZmFtaWx5Ont7LkZvbnRGYW1pbHl9fTtmb250LXNpemU6MTNweDtsaW5lLWhlaWdodDoxO3RleHQtYWxpZ246Y2VudGVyO2NvbG9yOnt7LkZvbnRDb2xvcn19OyIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+e3suRm9vdGVyVGV4dH19PC9kaXY+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHt7ZW5kfX0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90YWJsZT4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90Ym9keT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48L3RkPjwvdHI+PC90YWJsZT48IVtlbmRpZl0tLT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Rib2R5PgogICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPgoKICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgoKCiAgICAgICAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48L3RkPjwvdHI+PC90YWJsZT48IVtlbmRpZl0tLT4KCgogICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgIDwvdGJvZHk+CiAgICAgICAgICAgICAgICA8L3RhYmxlPgoKICAgICAgICAgICAgICAgIDwhLS1baWYgbXNvIHwgSUVdPjwvdGQ+PC90cj48L3RhYmxlPjwhW2VuZGlmXS0tPgogICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgIDwvdGJvZHk+CiAgICAgICAgICA8L3RhYmxlPgoKICAgICAgICA8L2Rpdj4KCgogICAgICAgIDwhLS1baWYgbXNvIHwgSUVdPjwvdGQ+PC90cj48L3RhYmxlPjwhW2VuZGlmXS0tPgoKCiAgICAgIDwvdGQ+CiAgICA8L3RyPgogICAgPC90Ym9keT4KICA8L3RhYmxlPgoKPC9kaXY+Cgo8L2JvZHk+CjwvaHRtbD4K
|
|
# Sets the default values for lifetime and expiration for OIDC in each newly created instance
|
|
# This default can be overwritten for each instance during runtime
|
|
# Overwrites the system defaults
|
|
# If defined but not all durations are set it will result in an error
|
|
OIDCSettings:
|
|
AccessTokenLifetime: 12h
|
|
IdTokenLifetime: 12h
|
|
RefreshTokenIdleExpiration: 720h #30d
|
|
RefreshTokenExpiration: 2160h #90d
|
|
# this configuration sets the default email configuration
|
|
SMTPConfiguration:
|
|
# configuration of the host
|
|
SMTP:
|
|
# must include the port, like smtp.mailtrap.io:2525. IPv6 is also supported, like [2001:db8::1]:2525
|
|
Host:
|
|
User:
|
|
Password:
|
|
TLS:
|
|
# if the host of the sender is different from ExternalDomain set DefaultInstance.DomainPolicy.SMTPSenderAddressMatchesInstanceDomain to false
|
|
From:
|
|
FromName:
|
|
MessageTexts:
|
|
- MessageTextType: InitCode
|
|
Language: de
|
|
Title: Zitadel - User initialisieren
|
|
PreHeader: User initialisieren
|
|
Subject: User initialisieren
|
|
Greeting: Hallo {{.DisplayName}},
|
|
Text: Dieser Benutzer wurde soeben im Zitadel erstellt. Mit dem Benutzernamen <br><strong>{{.PreferredLoginName}}</strong><br> kannst du dich anmelden. Nutze den untenstehenden Button, um die Initialisierung abzuschliessen <br>(Code <strong>{{.Code}}</strong>).<br> Falls du dieses Mail nicht angefordert hast, kannst du es einfach ignorieren.
|
|
ButtonText: Initialisierung abschliessen
|
|
- MessageTextType: PasswordReset
|
|
Language: de
|
|
Title: Zitadel - Passwort zurücksetzen
|
|
PreHeader: Passwort zurücksetzen
|
|
Subject: Passwort zurücksetzen
|
|
Greeting: Hallo {{.DisplayName}},
|
|
Text: Wir haben eine Anfrage für das Zurücksetzen deines Passwortes bekommen. Du kannst den untenstehenden Button verwenden, um dein Passwort zurückzusetzen <br>(Code <strong>{{.Code}}</strong>).<br> Falls du dieses Mail nicht angefordert hast, kannst du es ignorieren.
|
|
ButtonText: Passwort zurücksetzen
|
|
- MessageTextType: VerifyEmail
|
|
Language: de
|
|
Title: Zitadel - Email verifizieren
|
|
PreHeader: Email verifizieren
|
|
Subject: Email verifizieren
|
|
Greeting: Hallo {{.DisplayName}},
|
|
Text: Eine neue E-Mail Adresse wurde hinzugefügt. Bitte verwende den untenstehenden Button um diese zu verifizieren <br>(Code <strong>{{.Code}}</strong>).<br> Falls du deine E-Mail Adresse nicht selber hinzugefügt hast, kannst du dieses E-Mail ignorieren.
|
|
ButtonText: Email verifizieren
|
|
- MessageTextType: VerifyPhone
|
|
Language: de
|
|
Title: Zitadel - Telefonnummer verifizieren
|
|
PreHeader: Telefonnummer verifizieren
|
|
Subject: Telefonnummer verifizieren
|
|
Greeting: Hallo {{.DisplayName}},
|
|
Text: Eine Telefonnummer wurde hinzugefügt. Bitte verifiziere diese in dem du folgenden Code eingibst (Code {{.Code}})
|
|
ButtonText: Telefon verifizieren
|
|
- MessageTextType: DomainClaimed
|
|
Language: de
|
|
Title: Zitadel - Domain wurde beansprucht
|
|
PreHeader: Email / Username ändern
|
|
Subject: Domain wurde beansprucht
|
|
Greeting: Hallo {{.DisplayName}},
|
|
Text: Die Domain {{.Domain}} wurde von einer Organisation beansprucht. Dein derzeitiger User {{.Username}} ist nicht Teil dieser Organisation. Daher musst du beim nächsten Login eine neue Email hinterlegen. Für diesen Login haben wir dir einen temporären Usernamen ({{.TempUsername}}) erstellt.
|
|
ButtonText: Login
|
|
- MessageTextType: PasswordChange
|
|
Language: de
|
|
Title: ZITADEL - Passwort von Benutzer wurde geändert
|
|
PreHeader: Passwort Änderung
|
|
Subject: Passwort von Benutzer wurde geändert
|
|
Greeting: Hallo {{.DisplayName}},
|
|
Text: Das Password vom Benutzer wurde geändert. Wenn diese Änderung von jemand anderem gemacht wurde, empfehlen wir die sofortige Zurücksetzung ihres Passworts.
|
|
ButtonText: Login
|
|
- MessageTextType: InitCode
|
|
Language: en
|
|
Title: Zitadel - Initialize User
|
|
PreHeader: Initialize User
|
|
Subject: Initialize User
|
|
Greeting: Hello {{.DisplayName}},
|
|
Text: This user was created in Zitadel. Use the username {{.PreferredLoginName}} to login. Please click the button below to finish the initialization process. (Code {{.Code}}) If you didn't ask for this mail, please ignore it.
|
|
ButtonText: Finish initialization
|
|
- MessageTextType: PasswordReset
|
|
Language: en
|
|
Title: Zitadel - Reset password
|
|
PreHeader: Reset password
|
|
Subject: Reset password
|
|
Greeting: Hello {{.DisplayName}},
|
|
Text: We received a password reset request. Please use the button below to reset your password. (Code {{.Code}}) If you didn't ask for this mail, please ignore it.
|
|
ButtonText: Reset password
|
|
- MessageTextType: VerifyEmail
|
|
Language: en
|
|
Title: Zitadel - Verify email
|
|
PreHeader: Verify email
|
|
Subject: Verify email
|
|
Greeting: Hello {{.DisplayName}},
|
|
Text: A new email has been added. Please use the button below to verify your mail. (Code {{.Code}}) If you din't add a new email, please ignore this email.
|
|
ButtonText: Verify email
|
|
- MessageTextType: VerifyPhone
|
|
Language: en
|
|
Title: Zitadel - Verify phone
|
|
PreHeader: Verify phone
|
|
Subject: Verify phone
|
|
Greeting: Hello {{.DisplayName}},
|
|
Text: A new phonenumber has been added. Please use the following code to verify it {{.Code}}.
|
|
ButtonText: Verify phone
|
|
- MessageTextType: DomainClaimed
|
|
Language: en
|
|
Title: Zitadel - Domain has been claimed
|
|
PreHeader: Change email / username
|
|
Subject: Domain has been claimed
|
|
Greeting: Hello {{.DisplayName}},
|
|
Text: The domain {{.Domain}} has been claimed by an organisation. Your current user {{.UserName}} is not part of this organisation. Therefore you'll have to change your email when you login. We have created a temporary username ({{.TempUsername}}) for this login.
|
|
ButtonText: Login
|
|
- MessageTextType: PasswordChange
|
|
Language: en
|
|
Title: ZITADEL - Password of user has changed
|
|
PreHeader: Change password
|
|
Subject: Password of user has changed
|
|
Greeting: Hello {{.DisplayName}},
|
|
Text: The password of your user has changed. If this change was not done by you, please be advised to immediately reset your password.
|
|
ButtonText: Login
|
|
|
|
Quotas:
|
|
# Items takes a slice of quota configurations, whereas for each unit type and instance, one or zero quotas may exist.
|
|
# The following unit types are supported
|
|
|
|
# "requests.all.authenticated"
|
|
# The sum of all requests to the ZITADEL API with an authorization header,
|
|
# excluding the following exceptions
|
|
# - Calls to the System API
|
|
# - Calls that cause internal server errors
|
|
# - Failed authorizations
|
|
# - Requests after the quota already exceeded
|
|
|
|
# "actions.all.runs.seconds"
|
|
# The sum of all actions run durations in seconds
|
|
Items:
|
|
# - Unit: "requests.all.authenticated"
|
|
# # From defines the starting time from which the current quota period is calculated from.
|
|
# # This is relevant for querying the current usage.
|
|
# From: "2023-01-01T00:00:00Z"
|
|
# # ResetInterval defines the quota periods duration
|
|
# ResetInterval: 720h # 30 days
|
|
# # Amount defines the number of units for this quota
|
|
# Amount: 25000
|
|
# # Limit defines whether ZITADEL should block further usage when the configured amount is used
|
|
# Limit: false
|
|
# # Notifications are emitted by ZITADEL when certain quota percentages are reached
|
|
# Notifications:
|
|
# # Percent defines the relative amount of used units, after which a notification should be emitted.
|
|
# - Percent: 100
|
|
# # Repeat defines, whether a notification should be emitted each time when a multitude of the configured Percent is used.
|
|
# Repeat: true
|
|
# # CallURL is called when a relative amount of the quota is used.
|
|
# CallURL: "https://httpbin.org/post"
|
|
|
|
AuditLogRetention: 0s
|
|
|
|
InternalAuthZ:
|
|
RolePermissionMappings:
|
|
- Role: "IAM_OWNER"
|
|
Permissions:
|
|
- "iam.read"
|
|
- "iam.write"
|
|
- "iam.policy.read"
|
|
- "iam.policy.write"
|
|
- "iam.policy.delete"
|
|
- "iam.member.read"
|
|
- "iam.member.write"
|
|
- "iam.member.delete"
|
|
- "iam.idp.read"
|
|
- "iam.idp.write"
|
|
- "iam.idp.delete"
|
|
- "iam.action.read"
|
|
- "iam.action.write"
|
|
- "iam.action.delete"
|
|
- "iam.flow.read"
|
|
- "iam.flow.write"
|
|
- "iam.flow.delete"
|
|
- "org.read"
|
|
- "org.global.read"
|
|
- "org.create"
|
|
- "org.write"
|
|
- "org.delete"
|
|
- "org.member.read"
|
|
- "org.member.write"
|
|
- "org.member.delete"
|
|
- "org.idp.read"
|
|
- "org.idp.write"
|
|
- "org.idp.delete"
|
|
- "org.action.read"
|
|
- "org.action.write"
|
|
- "org.action.delete"
|
|
- "org.flow.read"
|
|
- "org.flow.write"
|
|
- "org.flow.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "user.credential.write"
|
|
- "user.passkey.write"
|
|
- "policy.read"
|
|
- "policy.write"
|
|
- "policy.delete"
|
|
- "project.read"
|
|
- "project.create"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- "events.read"
|
|
- Role: "IAM_OWNER_VIEWER"
|
|
Permissions:
|
|
- "iam.read"
|
|
- "iam.policy.read"
|
|
- "iam.member.read"
|
|
- "iam.idp.read"
|
|
- "iam.action.read"
|
|
- "iam.flow.read"
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "org.idp.read"
|
|
- "org.action.read"
|
|
- "org.flow.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "events.read"
|
|
- Role: "IAM_ORG_MANAGER"
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.global.read"
|
|
- "org.create"
|
|
- "org.write"
|
|
- "org.delete"
|
|
- "org.member.read"
|
|
- "org.member.write"
|
|
- "org.member.delete"
|
|
- "org.idp.read"
|
|
- "org.idp.write"
|
|
- "org.idp.delete"
|
|
- "org.action.read"
|
|
- "org.action.write"
|
|
- "org.action.delete"
|
|
- "org.flow.read"
|
|
- "org.flow.write"
|
|
- "org.flow.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "user.credential.write"
|
|
- "user.passkey.write"
|
|
- "policy.read"
|
|
- "policy.write"
|
|
- "policy.delete"
|
|
- "project.read"
|
|
- "project.create"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- Role: "IAM_USER_MANAGER"
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.global.read"
|
|
- "org.member.read"
|
|
- "org.member.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "user.passkey.write"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- Role: "ORG_OWNER"
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.global.read"
|
|
- "org.write"
|
|
- "org.delete"
|
|
- "org.member.read"
|
|
- "org.member.write"
|
|
- "org.member.delete"
|
|
- "org.idp.read"
|
|
- "org.idp.write"
|
|
- "org.idp.delete"
|
|
- "org.action.read"
|
|
- "org.action.write"
|
|
- "org.action.delete"
|
|
- "org.flow.read"
|
|
- "org.flow.write"
|
|
- "org.flow.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "user.credential.write"
|
|
- "user.passkey.write"
|
|
- "policy.read"
|
|
- "policy.write"
|
|
- "policy.delete"
|
|
- "project.read"
|
|
- "project.create"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- Role: "ORG_USER_MANAGER"
|
|
Permissions:
|
|
- "org.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.role.read"
|
|
- Role: "ORG_OWNER_VIEWER"
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "org.idp.read"
|
|
- "org.action.read"
|
|
- "org.flow.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "project.grant.user.grant.read"
|
|
- Role: "ORG_SETTINGS_MANAGER"
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.write"
|
|
- "org.member.read"
|
|
- "org.idp.read"
|
|
- "org.idp.write"
|
|
- "org.idp.delete"
|
|
- "policy.read"
|
|
- "policy.write"
|
|
- "policy.delete"
|
|
- Role: "ORG_USER_PERMISSION_EDITOR"
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- Role: "ORG_PROJECT_PERMISSION_EDITOR"
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- Role: "ORG_PROJECT_CREATOR"
|
|
Permissions:
|
|
- "user.global.read"
|
|
- "policy.read"
|
|
- "project.read:self"
|
|
- "project.create"
|
|
- Role: "PROJECT_OWNER"
|
|
Permissions:
|
|
- "org.global.read"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- Role: "PROJECT_OWNER_VIEWER"
|
|
Permissions:
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- Role: "SELF_MANAGEMENT_GLOBAL"
|
|
Permissions:
|
|
- "org.create"
|
|
- "policy.read"
|
|
- "user.self.delete"
|
|
- Role: "PROJECT_OWNER_GLOBAL"
|
|
Permissions:
|
|
- "org.global.read"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- Role: "PROJECT_OWNER_VIEWER_GLOBAL"
|
|
Permissions:
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- Role: "PROJECT_GRANT_OWNER"
|
|
Permissions:
|
|
- "policy.read"
|
|
- "org.global.read"
|
|
- "project.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- Role: "PROJECT_GRANT_OWNER_VIEWER"
|
|
Permissions:
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|