Set the org's allowed sign-in methods
PUT/api/v1/organizations/current/auth-methods
Restrict sign-in methods for the org.
An empty list clears the restriction (platform defaults). To require SSO,
set ["sso"]. Not flag-gated — narrowing the platform's own methods is a
standard org control; SSO itself only functions once the SSO config is
enabled (which IS gated).
Admin/owner only — but enforcing SSO (a non-empty list that excludes all local methods, blocking password/GitHub/Google login) is owner-only per (owner-only capabilities). Admins may relax the restriction or pick a set that still permits a local method.
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 409
- 422
- 429
- 500
Successful Response
Bad request — malformed input or failed validation.
Missing, expired, or invalid credentials.
Authenticated but not authorized for this resource. Note: cross-organization reads return 404, not 403.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.