Connection Options in the Management API

When creating or updating a connection in the Management API, you can include a variety of custom options in the options attribute, such as a password strength for the connection or provider-specific parameters to pass to an Identity Provider.

The following elements are available for the options attribute. These are optional when calling the Create a Connection endpoint or Update a Connection endpoint.

Element Type Description
validation object

Allows you to set validation options for this connection.

Properties include:

  • username (object):
    • min (integer): The minimum length of a user's username.
    • max (integer): The maximum length of a user's username.
Used with database connections.
passwordPolicy string The strength level of the password. Allowed values include none, low, fair, good, and excellent. Used with database connections.
password_complexity_options object

Allows you to set password complexity options for this connection.

Properties include:

  • min_length (integer): The minimum character length of a password. NIST recommends a minimum character length of 8, and suggests that length is a better indicator of strength than complexity. Maximum: 128.
Used with database connections.
password_history object

When enabled, the system will maintain a password history for each user and prevent the reuse of passwords included in the history. Any existing users in the connection will be unaffected; the system will maintain their password history going forward.

Properties include:

  • enable (boolean): Whether or not to enable password history tracking.
  • size (integer): The number of passwords to track. Maximum: 24.
Used with database connections.
password_no_personal_info object

When enabled, the system will disallow passwords that contain any part of the user's personal data, including the user's name, username, nickname, email, local-part of email, user_metadata.name, user_metadata.first, and user_metadata.last.

Properties include:

  • enable (boolean): Whether or not to enable no personal information in passwords.
Used with database connections.
password_dictionary object

When enabled, the system will disallow passwords that are part of the password dictionary, which includes a list of the 10,000 most common passwords. You may also customize the dictionary with your own entries.

Properties include:

  • enable (boolean): Whether or not to enable password dictionary.
  • dictionary (array (string)): Custom entries that you would like to add to the password dictionary for this connection. Each entry may contain a maximum of 50 characters. We use case-insensitive comparison. Maximum: 200.
Used with database connections.
basic_profile boolean Indicates that you want basic profile information (email address and email verified flag) stored in the Auth0 User Profile. Used with social and enterprise connections.
ext_profile boolean Indicates that you want extended profile information (name, public profile URL, photo, gender, birthdate, country, language, and timezone) stored in the Auth0 User Profile. Used with social and enterprise connections.
ext_admin boolean Indicates that you want to store whether or not the user is a domain administrator. Used with enterprise connections.
ext_is_suspended boolean Indicates that you want to store whether or not a user's account is suspended. Used with enterprise connections.
ext_agreed_terms boolean Indicates that you want to store whether or not a user has agreed to the terms of service. Used with enterprise connections.
ext_groups boolean Indicates that you want to store the distribution list(s) to which a user belongs. Used with enterprise connections.
ext_assigned_plans boolean Indicates that you want to store a list of the Office 365 assigned plans for the user. Used with the Office 365 enterprise connection, which is deprecated; these connections should be migrated to Azure AD connections.
api_enable_users boolean When enabled, allows users to make calls to the Google Directory API. Used with enterprise connections.
upstream_params object

Allows you to pass static provider-specific parameters to an Identity Provider for this connection. Not all Identity Providers support upstream parameters, so you will need to check with the Identity Provider before using this element.

Properties include:

  • Parameter (object): The name of the parameter accepted by the Identity Provider. Will contain one of the following two properties, depening on how you are using the upstream parameters.
    • alias (string): The existing accepted OAuth 2.0/OIDC parameter, which maps to the parameter accepted by the Identity Provider. Used when passing dynamic upstream parameters per user. Allowed values include: acr_values, audience, client_id, display, id_token_hint, login_hint, max_age, prompt, resource, response_mode, response_type, and ui_locales.
    • value (string): The value of the parameter. Used when passing static upstream parameters per connection.

For more information and examples of how to use upstream parameters, see Pass Parameters to Identity Providers.

Used with connections that use Identity Providers.
requires_username boolean Indicates whether or not a user must provide a username in addition to their email address.