API Reference

Organizations

Policies

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

UpdateOrganizationPolicies

client.Organizations.Policies.Update(ctx, body) (*OrganizationPolicyUpdateResponse, error)

POST/gitpod.v1.OrganizationService/UpdateOrganizationPolicies

Updates organization policy settings.

Use this method to:

• Configure editor restrictions
• Set environment resource limits
• Define project creation permissions
• Customize default configurations

Examples

• Update editor policies:

  Restricts available editors and sets a default.

  organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  allowedEditorIds:
    - "vscode"
    - "jetbrains"
  defaultEditorId: "vscode"

• Set environment limits:

  Configures limits for environment usage.

  organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  maximumEnvironmentTimeout: "3600s"
  maximumRunningEnvironmentsPerUser: "5"
  maximumEnvironmentsPerUser: "20"

ParametersExpand Collapse

body OrganizationPolicyUpdateParams

OrganizationID param.Field[string]

organization_id is the ID of the organization to update policies for

formatuuid

AgentPolicy param.Field[OrganizationPolicyUpdateParamsAgentPolicy]Optional

agent_policy contains agent-specific policy settings

CommandDenyList []stringOptional

command_deny_list contains a list of commands that agents are not allowed to execute

ConversationSharingPolicy ConversationSharingPolicyOptional

conversation_sharing_policy controls whether agent conversations can be shared

One of the following:

const ConversationSharingPolicyUnspecified ConversationSharingPolicy = "CONVERSATION_SHARING_POLICY_UNSPECIFIED"

const ConversationSharingPolicyDisabled ConversationSharingPolicy = "CONVERSATION_SHARING_POLICY_DISABLED"

const ConversationSharingPolicyOrganization ConversationSharingPolicy = "CONVERSATION_SHARING_POLICY_ORGANIZATION"

MaxSubagentsPerEnvironment int64Optional

max_subagents_per_environment limits the number of non-terminal sub-agents a parent can have running simultaneously in the same environment. Valid range: 0-10. Zero means use the default (5).

formatint32

maximum10

McpDisabled boolOptional

mcp_disabled controls whether MCP (Model Context Protocol) is disabled for agents

ScmToolsAllowedGroupID stringOptional

scm_tools_allowed_group_id restricts SCM tools access to members of this group. Empty means no restriction (all users can use SCM tools if not disabled).

ScmToolsDisabled boolOptional

scm_tools_disabled controls whether SCM (Source Control Management) tools are disabled for agents

AllowedEditorIDs param.Field[[]string]Optional

allowed_editor_ids is the list of editor IDs that are allowed to be used in the organization

AllowLocalRunners param.Field[bool]Optional

allow_local_runners controls whether local runners are allowed to be used in the organization

DefaultEditorID param.Field[string]Optional

default_editor_id is the default editor ID to be used when a user doesn’t specify one

DefaultEnvironmentImage param.Field[string]Optional

default_environment_image is the default container image when none is defined in repo

DeleteArchivedEnvironmentsAfter param.Field[string]Optional

delete_archived_environments_after controls how long archived environments are kept before automatic deletion. 0 means no automatic deletion. Maximum duration is 4 weeks (2419200 seconds).

formatregex

DisableFromScratch param.Field[bool]Optional

disable_from_scratch controls whether non-admin users can create blank environments without a Git or URL initializer.

EditorVersionRestrictions param.Field[map[string, OrganizationPolicyUpdateParamsEditorVersionRestrictions]]Optional

editor_version_restrictions restricts which editor versions can be used. Maps editor ID to version policy with allowed major versions.

AllowedVersions []stringOptional

allowed_versions lists the versions that are allowed If empty, we will use the latest version of the editor

Examples for JetBrains: ["2025.2", "2025.1", "2024.3"]

MaximumEnvironmentLifetime param.Field[string]Optional

maximum_environment_lifetime controls for how long environments are allowed to be reused. 0 means no maximum lifetime. Maximum duration is 180 days (15552000 seconds).

formatregex

MaximumEnvironmentsPerUser param.Field[string]Optional

maximum_environments_per_user limits total environments (running or stopped) per user

MaximumEnvironmentTimeout param.Field[string]Optional

maximum_environment_timeout controls the maximum timeout allowed for environments in seconds. 0 means no limit (never). Minimum duration is 30 minutes (1800 seconds). value must be 0s (no limit) or at least 1800s (30 minutes):

this == duration('0s') || this >= duration('1800s')

formatregex

MaximumRunningEnvironmentsPerUser param.Field[string]Optional

maximum_running_environments_per_user limits simultaneously running environments per user

MaxPortAdmissionLevel param.Field[AdmissionLevel]Optional

max_port_admission_level caps the maximum admission level a user-opened port may use. UNSPECIFIED means no cap (any AdmissionLevel value is allowed). System ports (VS Code Browser, agents) are exempt. The legacy port_sharing_disabled field, when true, takes precedence and blocks all user-initiated port sharing.

MembersCreateProjects param.Field[bool]Optional

members_create_projects controls whether members can create projects

MembersRequireProjects param.Field[bool]Optional

members_require_projects controls whether environments can only be created from projects by non-admin users

PortSharingDisabled param.Field[bool]Optional

port_sharing_disabled controls whether user-initiated port sharing is disabled in the organization. System ports (VS Code Browser, agents) are always exempt from this policy.

ProjectCreationDefaults param.Field[OrganizationPolicyUpdateParamsProjectCreationDefaults]Optional

project_creation_defaults contains updates to default settings applied to newly created projects.

EnvironmentClasses []ProjectCreationDefaultEnvironmentClassOptional

environment_classes replaces the full list of default environment classes and their per-class settings. Send an empty list to clear defaults.

EnvironmentClassID stringOptional

environment_class_id is the ID of the environment class.

formatuuid

Order int64Optional

order is the priority of this entry (lower = higher priority).

formatint32

Prebuild boolOptional

prebuild controls whether prebuilds are enabled for this environment class on newly created projects.

WarmPool ProjectCreationDefaultEnvironmentClassWarmPoolOptional

warm_pool configures the warm pool for this environment class on newly created projects. Only meaningful when prebuild is true.

Enabled boolOptional

enabled controls whether a warm pool is created for this environment class.

MaxSize int64Optional

max_size is the maximum number of warm instances. Must be >= min_size and <= 20.

formatint32

maximum20

MinSize int64Optional

min_size is the minimum number of warm instances. Must be >= 0 and <= max_size.

formatint32

maximum20

InsightsEnabled boolOptional

insights_enabled controls whether Insights (co-author attribution) is automatically enabled on newly created projects.

Prebuilds OrganizationPolicyUpdateParamsProjectCreationDefaultsPrebuildsOptional

prebuilds updates default prebuild settings for newly created projects. When absent, prebuild defaults are left unchanged.

Disabled unknownOptional

disabled clears persisted prebuild defaults.

Enabled ProjectCreationDefaultsPrebuildsOptional

enabled sets or updates persisted prebuild defaults.

EnableJetbrainsWarmup boolOptional

enable_jetbrains_warmup controls whether JetBrains IDE warmup runs during prebuilds on newly created projects.

PrebuildExecutor SubjectOptional

prebuild_executor is the service account used to run prebuilds on newly created projects. Must be a service account (not a user).

ID stringOptional

id is the UUID of the subject

formatuuid

Principal PrincipalOptional

Principal is the principal of the subject

One of the following:

const PrincipalUnspecified Principal = "PRINCIPAL_UNSPECIFIED"

const PrincipalAccount Principal = "PRINCIPAL_ACCOUNT"

const PrincipalUser Principal = "PRINCIPAL_USER"

const PrincipalRunner Principal = "PRINCIPAL_RUNNER"

const PrincipalEnvironment Principal = "PRINCIPAL_ENVIRONMENT"

const PrincipalServiceAccount Principal = "PRINCIPAL_SERVICE_ACCOUNT"

const PrincipalRunnerManager Principal = "PRINCIPAL_RUNNER_MANAGER"

Timeout stringOptional

timeout is the maximum duration allowed for a prebuild to complete. If not specified, defaults to 1 hour. Must be between 5 minutes and 2 hours.

formatregex

Trigger ProjectCreationDefaultsPrebuildsTriggerOptional

trigger defines when prebuilds should be created on newly created projects.

DailySchedule ProjectCreationDefaultsPrebuildsTriggerDailySchedule

daily_schedule triggers a prebuild once per day at the specified hour (UTC). The actual start time may vary slightly to distribute system load.

HourUtc int64Optional

hour_utc is the hour of day (0-23) in UTC when the prebuild should start. The actual start time may be adjusted by a few minutes to balance system load.

formatint32

maximum23

RequireCustomDomainAccess param.Field[bool]Optional

require_custom_domain_access controls whether users must access via custom domain when one is configured. When true, access via app.gitpod.io is blocked.

RestrictAccountCreationToScim param.Field[bool]Optional

restrict_account_creation_to_scim controls whether account creation is restricted to SCIM-provisioned users only. When true and SCIM is configured for the organization, only users provisioned via SCIM can create accounts.

SecurityAgentPolicy param.Field[OrganizationPolicyUpdateParamsSecurityAgentPolicy]Optional

security_agent_policy contains security agent configuration updates

Crowdstrike OrganizationPolicyUpdateParamsSecurityAgentPolicyCrowdstrikeOptional

crowdstrike contains CrowdStrike Falcon configuration updates

AdditionalOptions map[string, string]Optional

additional_options contains additional FALCONCTL_OPT_* options as key-value pairs

CidSecretID stringOptional

cid_secret_id references an organization secret containing the Customer ID (CID)

formatuuid

Enabled boolOptional

enabled controls whether CrowdStrike Falcon is deployed to environments

Image stringOptional

image is the CrowdStrike Falcon sensor container image reference

Tags stringOptional

tags are optional tags to apply to the Falcon sensor

VetoExecPolicy param.Field[VetoExecPolicy]Optional

veto_exec_policy contains the veto exec policy for environments.

WebBrowserDisabled param.Field[bool]Optional

web_browser_disabled controls whether users can open the built-in web browser from environment pages. This does not affect VS Code Browser.

ReturnsExpand Collapse

type OrganizationPolicyUpdateResponse interface{…}

UpdateOrganizationPolicies

Go

HTTP

TypeScript

Python

Go

package main

import (
  "context"
  "fmt"

  "github.com/gitpod-io/gitpod-sdk-go"
  "github.com/gitpod-io/gitpod-sdk-go/option"
)

func main() {
  client := gitpod.NewClient(
    option.WithBearerToken("My Bearer Token"),
  )
  policy, err := client.Organizations.Policies.Update(context.TODO(), gitpod.OrganizationPolicyUpdateParams{
    OrganizationID: gitpod.F("b0e12f6c-4c67-429d-a4a6-d9838b5da047"),
    MaximumEnvironmentsPerUser: gitpod.F("20"),
    MaximumEnvironmentTimeout: gitpod.F("3600s"),
    MaximumRunningEnvironmentsPerUser: gitpod.F("5"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", policy)
}

200 example

{}

Returns Examples

200 example

{}