Update Organization Settings

Update organization-wide settings including multi-factor authentication requirements and password policy. Only specified fields will be updated; omitted fields remain unchanged.

Request

PATCH /organization/settings

Authentication

Requires an Admin Bearer JWT token.

Authorization: Bearer <access_token>

Request Body

All fields are optional. Only include fields you want to update.

{
  "mfaRequired": true,
  "passwordMinLength": 12,
  "passwordRequireUppercase": true,
  "passwordRequireLowercase": true,
  "passwordRequireDigit": true,
  "passwordRequireSpecialChar": true,
  "passwordExpirationDays": 90
}

Request Fields

Field	Type	Required	Description
`mfaRequired`	boolean	No	Whether to require MFA for all users
`passwordMinLength`	integer	No	Minimum password length (8-128)
`passwordRequireUppercase`	boolean	No	Require uppercase letters in passwords
`passwordRequireLowercase`	boolean	No	Require lowercase letters in passwords
`passwordRequireDigit`	boolean	No	Require at least one digit in passwords
`passwordRequireSpecialChar`	boolean	No	Require at least one special character in passwords
`passwordExpirationDays`	integer	No	Days before password expires (null for no expiration, max 365)

Response

Returns the updated organization settings object.

Success Response

Status Code: 200 OK

Response Body:

{
  "mfaRequired": true,
  "passwordMinLength": 12,
  "passwordRequireUppercase": true,
  "passwordRequireLowercase": true,
  "passwordRequireDigit": true,
  "passwordRequireSpecialChar": true,
  "passwordExpirationDays": 90
}

Response Fields

Same as Get Organization Settings response.

Errors

Status Code	Error Code	Description
`400`	`BAD_REQUEST`	Invalid request body or validation error (e.g., passwordMinLength < 8 or > 128)
`401`	`UNAUTHORIZED`	Missing or invalid JWT token
`403`	`FORBIDDEN`	User does not have admin privileges
`422`	`UNPROCESSABLE_ENTITY`	Invalid field values (e.g., passwordExpirationDays > 365)

Example

Request

curl -X PATCH https://api.entryguard.io/api/v1/organization/settings \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "Content-Type: application/json" \
  -d '{
    "mfaRequired": true,
    "passwordMinLength": 12,
    "passwordExpirationDays": 90
  }'

Response

{
  "mfaRequired": true,
  "passwordMinLength": 12,
  "passwordRequireUppercase": true,
  "passwordRequireLowercase": true,
  "passwordRequireDigit": true,
  "passwordRequireSpecialChar": true,
  "passwordExpirationDays": 90
}

Notes

This is a partial update endpoint (PATCH). Only fields included in the request body will be updated.
Password policy changes only affect new passwords set after the change.
Enabling mfaRequired will force all users without MFA configured to set it up on their next login.
The update is logged in the audit trail with event type ORGANIZATION_SETTINGS_UPDATE.
If you set passwordExpirationDays to null, passwords will never expire.

Request​

Authentication​

Request Body​

Request Fields​

Response​

Success Response​

Response Fields​

Errors​

Example​

Request​

Response​

Notes​

Request

Authentication

Request Body

Request Fields

Response

Success Response

Response Fields

Errors

Example

Request

Response

Notes