Skip to main content

Set Security Settings​

Set the security settings of the ZITADEL instance.

Request Body required
    embeddedIframe object
    enabled boolean

    states if iframe embedding is enabled or disabled

    allowedOrigins string[]

    origins allowed loading ZITADEL in an iframe if enabled.

    enableImpersonation boolean

    allows users to impersonate other users. The impersonator needs the appropriate *_IMPERSONATOR roles assigned as well

Responses

A successful response.

Schema
    details object
    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    resourceOwner resource_owner is the organization or instance_id an object belongs to
PUT /v2beta/policies/security

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL
https://$CUSTOM-DOMAIN
Bearer Token
Content-Type
Body required
{

  "embeddedIframe": {

    "enabled": true,

    "allowedOrigins": [

      "foo.bar.com",

      "localhost:8080"

    ]

  },

  "enableImpersonation": true

}
Accept
curl / cURL
curl -L -X PUT 'https://$CUSTOM-DOMAIN/v2beta/policies/security' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "embeddedIframe": {
    "enabled": true,
    "allowedOrigins": [
      "foo.bar.com",
      "localhost:8080"
    ]
  },
  "enableImpersonation": true
}'