"description":"Help text for the description of the new flow",
"createFlow":"You can create a top level flow within this from",
"flowType":"What kind of form is it",
"topLevelFlowType":"What kind of top level flow is it? Type 'client' is used for authentication of clients (applications) when generic is for users and everything else",
"addExecution":"Execution can have a wide range of actions, from sending a reset email to validating an OTP",
"addSubFlow":"Sub-Flows can be either generic or form. The form type is used to construct a sub-flow that generates a single flow for the user. Sub-flows are a special type of execution that evaluate as successful depending on how the executions they contain evaluate.",
"webAuthnPolicyFormHelp":"Policy for WebAuthn authentication. This one will be used by 'WebAuthn Register' required action and 'WebAuthn Authenticator' authenticator. Typical usage is, when WebAuthn will be used for the two-factor authentication.",
"webAuthnPolicyPasswordlessFormHelp":"Policy for passwordless WebAuthn authentication. This one will be used by 'Webauthn Register Passwordless' required action and 'WebAuthn Passwordless Authenticator' authenticator. Typical usage is, when WebAuthn will be used as first-factor authentication. Having both 'WebAuthn Policy' and 'WebAuthn Passwordless Policy' allows to use WebAuthn as both first factor and second factor authenticator in the same realm.",
"webAuthnPolicySignatureAlgorithms":"What signature algorithms should be used for Authentication Assertion.",
"webAuthnPolicyRpId":"This is ID as WebAuthn Relying Party. It must be origin's effective domain.",
"webAuthnPolicyAttestationConveyancePreference":"Communicates to an authenticator the preference of how to generate an attestation statement.",
"webAuthnPolicyAuthenticatorAttachment":"Communicates to an authenticator an acceptable attachment pattern.",
"webAuthnPolicyRequireResidentKey":"It tells an authenticator create a public key credential as Resident Key or not.",
"webAuthnPolicyUserVerificationRequirement":"Communicates to an authenticator to confirm actually verifying a user.",
"webAuthnPolicyCreateTimeout":"Timeout value for creating user's public key credential in seconds. if set to 0, this timeout option is not adapted.",
"webAuthnPolicyAvoidSameAuthenticatorRegister":"Avoid registering the authenticator that has already been registered.",
"webAuthnPolicyAcceptableAaguids":"The list of AAGUID of which an authenticator can be registered.",
"passwordPolicies":{
"forceExpiredPasswordChange":"The number of days the password is valid before a new password is required.",
"hashIterations":"The number of times a password is hashed before storage or verification. Default: 27,500.",
"passwordHistory":"Prevents a recently used password from being reused.",
"passwordBlacklist":"Prevents the use of a password that is in a blacklist file.",
"cibaBackchannelTokenDeliveryMode":"Specifies how the CD (Consumption Device) gets the authentication result and related tokens. This mode will be used by default for the CIBA clients, which do not have other mode explicitly set.",
"cibaExpiresIn":"The expiration time of the \"auth_req_id\" in seconds since the authentication request was received.",
"cibaInterval":"The minimum amount of time in seconds that the CD (Consumption Device) must wait between polling requests to the token endpoint. If set to 0, the CD must use 5 as the default value according to the CIBA specification.",
"cibaAuthRequestedUserHint":"The way of identifying the end-user for whom authentication is being requested. Currently only \"login_hint\" is supported."