## UpdateOrganizationPolicies

`organizations.policies.update(PolicyUpdateParams**kwargs)  -> object`

**post** `/gitpod.v1.OrganizationService/UpdateOrganizationPolicies`

Updates organization policy settings.

Use this method to:

- Configure editor restrictions
- Set environment resource limits
- Define project creation permissions
- Customize default configurations

### Examples

- Update editor policies:

  Restricts available editors and sets a default.

  ```yaml
  organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  allowedEditorIds:
    - "vscode"
    - "jetbrains"
  defaultEditorId: "vscode"
  ```

- Set environment limits:

  Configures limits for environment usage.

  ```yaml
  organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  maximumEnvironmentTimeout: "3600s"
  maximumRunningEnvironmentsPerUser: "5"
  maximumEnvironmentsPerUser: "20"
  ```

### Parameters

- `organization_id: str`

  organization_id is the ID of the organization to update policies for

- `agent_policy: Optional[AgentPolicy]`

  agent_policy contains agent-specific policy settings

  - `command_deny_list: Optional[Sequence[str]]`

    command_deny_list contains a list of commands that agents are not allowed to execute

  - `conversation_sharing_policy: Optional[ConversationSharingPolicy]`

    conversation_sharing_policy controls whether agent conversations can be shared

    - `"CONVERSATION_SHARING_POLICY_UNSPECIFIED"`

    - `"CONVERSATION_SHARING_POLICY_DISABLED"`

    - `"CONVERSATION_SHARING_POLICY_ORGANIZATION"`

  - `max_subagents_per_environment: Optional[int]`

    max_subagents_per_environment limits the number of non-terminal sub-agents
    a parent can have running simultaneously in the same environment.
    Valid range: 0-10. Zero means use the default (5).

  - `mcp_disabled: Optional[bool]`

    mcp_disabled controls whether MCP (Model Context Protocol) is disabled for agents

  - `scm_tools_allowed_group_id: Optional[str]`

    scm_tools_allowed_group_id restricts SCM tools access to members of this group.
    Empty means no restriction (all users can use SCM tools if not disabled).

  - `scm_tools_disabled: Optional[bool]`

    scm_tools_disabled controls whether SCM (Source Control Management) tools are disabled for agents

- `allowed_editor_ids: Optional[Sequence[str]]`

  allowed_editor_ids is the list of editor IDs that are allowed to be used in the organization

- `allow_local_runners: Optional[bool]`

  allow_local_runners controls whether local runners are allowed to be used in the organization

- `default_editor_id: Optional[str]`

  default_editor_id is the default editor ID to be used when a user doesn't specify one

- `default_environment_image: Optional[str]`

  default_environment_image is the default container image when none is defined in repo

- `delete_archived_environments_after: Optional[str]`

  delete_archived_environments_after controls how long archived environments are kept before automatic deletion.
  0 means no automatic deletion. Maximum duration is 4 weeks (2419200 seconds).

- `editor_version_restrictions: Optional[Dict[str, EditorVersionRestrictions]]`

  editor_version_restrictions restricts which editor versions can be used.
  Maps editor ID to version policy with allowed major versions.

  - `allowed_versions: Optional[Sequence[str]]`

    allowed_versions lists the versions that are allowed
    If empty, we will use the latest version of the editor

    Examples for JetBrains: `["2025.2", "2025.1", "2024.3"]`

- `maximum_environment_lifetime: Optional[str]`

  maximum_environment_lifetime controls for how long environments are allowed to be reused.
  0 means no maximum lifetime. Maximum duration is 180 days (15552000 seconds).

- `maximum_environments_per_user: Optional[str]`

  maximum_environments_per_user limits total environments (running or stopped) per user

- `maximum_environment_timeout: Optional[str]`

  maximum_environment_timeout controls the maximum timeout allowed for environments in seconds.
  0 means no limit (never). Minimum duration is 30 minutes (1800 seconds).
  value must be 0s (no limit) or at least 1800s (30 minutes):

  ```
  this == duration('0s') || this >= duration('1800s')
  ```

- `maximum_running_environments_per_user: Optional[str]`

  maximum_running_environments_per_user limits simultaneously running environments per user

- `members_create_projects: Optional[bool]`

  members_create_projects controls whether members can create projects

- `members_require_projects: Optional[bool]`

  members_require_projects controls whether environments can only be created from projects by non-admin users

- `port_sharing_disabled: Optional[bool]`

  port_sharing_disabled controls whether user-initiated port sharing is disabled in the organization.
  System ports (VS Code Browser, agents) are always exempt from this policy.

- `require_custom_domain_access: Optional[bool]`

  require_custom_domain_access controls whether users must access via custom domain
  when one is configured. When true, access via app.gitpod.io is blocked.

- `restrict_account_creation_to_scim: Optional[bool]`

  restrict_account_creation_to_scim controls whether account creation is restricted to SCIM-provisioned users only.
  When true and SCIM is configured for the organization, only users provisioned via SCIM can create accounts.

- `security_agent_policy: Optional[SecurityAgentPolicy]`

  security_agent_policy contains security agent configuration updates

  - `crowdstrike: Optional[SecurityAgentPolicyCrowdstrike]`

    crowdstrike contains CrowdStrike Falcon configuration updates

    - `additional_options: Optional[Dict[str, str]]`

      additional_options contains additional FALCONCTL_OPT_* options as key-value pairs

    - `cid_secret_id: Optional[str]`

      cid_secret_id references an organization secret containing the Customer ID (CID)

    - `enabled: Optional[bool]`

      enabled controls whether CrowdStrike Falcon is deployed to environments

    - `image: Optional[str]`

      image is the CrowdStrike Falcon sensor container image reference

    - `tags: Optional[str]`

      tags are optional tags to apply to the Falcon sensor

- `veto_exec_policy: Optional[VetoExecPolicyParam]`

  veto_exec_policy contains the veto exec policy for environments.

  - `action: Optional[KernelControlsAction]`

    action specifies what action kernel-level controls take on policy violations

    - `"KERNEL_CONTROLS_ACTION_UNSPECIFIED"`

    - `"KERNEL_CONTROLS_ACTION_BLOCK"`

    - `"KERNEL_CONTROLS_ACTION_AUDIT"`

  - `enabled: Optional[bool]`

    enabled controls whether executable blocking is active

  - `executables: Optional[List[str]]`

    executables is the list of executable paths or names to block

### Returns

- `object`

### Example

```python
import os
from gitpod import Gitpod

client = Gitpod(
    bearer_token=os.environ.get("GITPOD_API_KEY"),  # This is the default and can be omitted
)
policy = client.organizations.policies.update(
    organization_id="b0e12f6c-4c67-429d-a4a6-d9838b5da047",
    maximum_environments_per_user="20",
    maximum_environment_timeout="3600s",
    maximum_running_environments_per_user="5",
)
print(policy)
```

#### Response

```json
{}
```