generator kysely { provider = "prisma-kysely" } generator client { provider = "prisma-client-js" } generator json { provider = "prisma-json-types-generator" } generator zod { provider = "zod-prisma-types" createInputTypes = false writeBarrelFiles = false useMultipleFiles = true useDefaultValidators = false } datasource db { provider = "postgresql" url = env("NEXT_PRIVATE_DATABASE_URL") directUrl = env("NEXT_PRIVATE_DIRECT_DATABASE_URL") } // Todo: (RR7) Remove after RR7 migration. enum IdentityProvider { DOCUMENSO GOOGLE OIDC } enum Role { ADMIN USER } model User { id Int @id @default(autoincrement()) name String? email String @unique emailVerified DateTime? password String? // Todo: (RR7) Remove after RR7 migration. source String? signature String? createdAt DateTime @default(now()) updatedAt DateTime @default(now()) @updatedAt lastSignedIn DateTime @default(now()) roles Role[] @default([USER]) identityProvider IdentityProvider @default(DOCUMENSO) // Todo: (RR7) Remove after RR7 migration. avatarImageId String? disabled Boolean @default(false) accounts Account[] sessions Session[] passwordResetTokens PasswordResetToken[] ownedOrganisations Organisation[] organisationMember OrganisationMember[] twoFactorSecret String? twoFactorEnabled Boolean @default(false) twoFactorBackupCodes String? folders Folder[] documents Document[] templates Template[] verificationTokens VerificationToken[] apiTokens ApiToken[] securityAuditLogs UserSecurityAuditLog[] webhooks Webhook[] siteSettings SiteSettings[] passkeys Passkey[] avatarImage AvatarImage? @relation(fields: [avatarImageId], references: [id], onDelete: SetNull) @@index([email]) } model TeamProfile { id String @id @default(cuid()) enabled Boolean @default(false) teamId Int @unique bio String? team Team? @relation(fields: [teamId], references: [id], onDelete: Cascade) } enum UserSecurityAuditLogType { ACCOUNT_PROFILE_UPDATE ACCOUNT_SSO_LINK ACCOUNT_SSO_UNLINK ORGANISATION_SSO_LINK ORGANISATION_SSO_UNLINK AUTH_2FA_DISABLE AUTH_2FA_ENABLE PASSKEY_CREATED PASSKEY_DELETED PASSKEY_UPDATED PASSWORD_RESET PASSWORD_UPDATE SESSION_REVOKED SIGN_OUT SIGN_IN SIGN_IN_FAIL SIGN_IN_2FA_FAIL SIGN_IN_PASSKEY_FAIL } model UserSecurityAuditLog { id Int @id @default(autoincrement()) userId Int createdAt DateTime @default(now()) type UserSecurityAuditLogType userAgent String? ipAddress String? user User @relation(fields: [userId], references: [id], onDelete: Cascade) } model PasswordResetToken { id Int @id @default(autoincrement()) token String @unique createdAt DateTime @default(now()) expiry DateTime userId Int user User @relation(fields: [userId], references: [id], onDelete: Cascade) } model Passkey { id String @id @default(cuid()) userId Int name String createdAt DateTime @default(now()) updatedAt DateTime @default(now()) lastUsedAt DateTime? credentialId Bytes credentialPublicKey Bytes counter BigInt credentialDeviceType String credentialBackedUp Boolean transports String[] user User @relation(fields: [userId], references: [id], onDelete: Cascade) } model AnonymousVerificationToken { id String @id @unique @default(cuid()) token String @unique expiresAt DateTime createdAt DateTime @default(now()) } model VerificationToken { id Int @id @default(autoincrement()) secondaryId String @unique @default(cuid()) identifier String token String @unique completed Boolean @default(false) expires DateTime createdAt DateTime @default(now()) metadata Json? userId Int user User @relation(fields: [userId], references: [id], onDelete: Cascade) } enum WebhookTriggerEvents { DOCUMENT_CREATED DOCUMENT_SENT DOCUMENT_OPENED DOCUMENT_SIGNED DOCUMENT_COMPLETED DOCUMENT_REJECTED DOCUMENT_CANCELLED } model Webhook { id String @id @default(cuid()) webhookUrl String eventTriggers WebhookTriggerEvents[] secret String? enabled Boolean @default(true) createdAt DateTime @default(now()) updatedAt DateTime @default(now()) @updatedAt userId Int user User @relation(fields: [userId], references: [id], onDelete: Cascade) teamId Int team Team @relation(fields: [teamId], references: [id], onDelete: Cascade) webhookCalls WebhookCall[] } enum WebhookCallStatus { SUCCESS FAILED } model WebhookCall { id String @id @default(cuid()) status WebhookCallStatus url String event WebhookTriggerEvents requestBody Json responseCode Int responseHeaders Json? responseBody Json? createdAt DateTime @default(now()) webhookId String webhook Webhook @relation(fields: [webhookId], references: [id], onDelete: Cascade) } enum ApiTokenAlgorithm { SHA512 } model ApiToken { id Int @id @default(autoincrement()) name String token String @unique algorithm ApiTokenAlgorithm @default(SHA512) expires DateTime? createdAt DateTime @default(now()) userId Int? user User? @relation(fields: [userId], references: [id], onDelete: Cascade) teamId Int team Team @relation(fields: [teamId], references: [id], onDelete: Cascade) } enum SubscriptionStatus { ACTIVE PAST_DUE INACTIVE } model Subscription { id Int @id @default(autoincrement()) status SubscriptionStatus @default(INACTIVE) planId String @unique priceId String periodEnd DateTime? createdAt DateTime @default(now()) updatedAt DateTime @updatedAt cancelAtPeriodEnd Boolean @default(false) customerId String organisationId String @unique organisation Organisation @relation(fields: [organisationId], references: [id], onDelete: Cascade) @@index([organisationId]) } /// @zod.import(["import { ZClaimFlagsSchema } from '@documenso/lib/types/subscription';"]) model SubscriptionClaim { id String @id @default(cuid()) createdAt DateTime @default(now()) updatedAt DateTime @updatedAt name String locked Boolean @default(false) teamCount Int memberCount Int flags Json /// [ClaimFlags] @zod.custom.use(ZClaimFlagsSchema) } /// @zod.import(["import { ZClaimFlagsSchema } from '@documenso/lib/types/subscription';"]) model OrganisationClaim { id String @id createdAt DateTime @default(now()) updatedAt DateTime @updatedAt originalSubscriptionClaimId String? organisation Organisation? teamCount Int memberCount Int flags Json /// [ClaimFlags] @zod.custom.use(ZClaimFlagsSchema) } model Account { id String @id @default(cuid()) // When this record was created, unrelated to anything passed back by the provider. createdAt DateTime @default(now()) userId Int type String provider String providerAccountId String refresh_token String? @db.Text access_token String? @db.Text expires_at Int? // Some providers return created_at so we need to make it optional created_at Int? // Stops next-auth from crashing when dealing with AzureAD ext_expires_in Int? token_type String? scope String? id_token String? @db.Text session_state String? password String? user User @relation(fields: [userId], references: [id], onDelete: Cascade) @@unique([provider, providerAccountId]) } model Session { id String @id @default(cuid()) sessionToken String @unique userId Int ipAddress String? userAgent String? expiresAt DateTime createdAt DateTime @default(now()) updatedAt DateTime @updatedAt user User? @relation(fields: [userId], references: [id], onDelete: Cascade) } enum DocumentStatus { DRAFT PENDING COMPLETED REJECTED } enum DocumentSource { DOCUMENT TEMPLATE TEMPLATE_DIRECT_LINK } enum DocumentVisibility { EVERYONE MANAGER_AND_ABOVE ADMIN } enum FolderType { DOCUMENT TEMPLATE } model Folder { id String @id @default(cuid()) name String userId Int user User @relation(fields: [userId], references: [id], onDelete: Cascade) teamId Int team Team @relation(fields: [teamId], references: [id], onDelete: Cascade) pinned Boolean @default(false) parentId String? parent Folder? @relation("FolderToFolder", fields: [parentId], references: [id], onDelete: Cascade) documents Document[] templates Template[] createdAt DateTime @default(now()) updatedAt DateTime @default(now()) @updatedAt subfolders Folder[] @relation("FolderToFolder") visibility DocumentVisibility @default(EVERYONE) type FolderType @@index([userId]) @@index([teamId]) @@index([parentId]) @@index([type]) } /// @zod.import(["import { ZDocumentAuthOptionsSchema } from '@documenso/lib/types/document-auth';", "import { ZDocumentFormValuesSchema } from '@documenso/lib/types/document-form-values';"]) model Document { id Int @id @default(autoincrement()) qrToken String? /// @zod.string.describe("The token for viewing the document using the QR code on the certificate.") externalId String? /// @zod.string.describe("A custom external ID you can use to identify the document.") userId Int /// @zod.number.describe("The ID of the user that created this document.") user User @relation(fields: [userId], references: [id], onDelete: Cascade) teamId Int team Team @relation(fields: [teamId], references: [id], onDelete: Cascade) authOptions Json? /// [DocumentAuthOptions] @zod.custom.use(ZDocumentAuthOptionsSchema) formValues Json? /// [DocumentFormValues] @zod.custom.use(ZDocumentFormValuesSchema) visibility DocumentVisibility @default(EVERYONE) title String status DocumentStatus @default(DRAFT) recipients Recipient[] fields Field[] shareLinks DocumentShareLink[] documentDataId String documentMeta DocumentMeta? createdAt DateTime @default(now()) updatedAt DateTime @default(now()) @updatedAt completedAt DateTime? deletedAt DateTime? templateId Int? source DocumentSource useLegacyFieldInsertion Boolean @default(false) documentData DocumentData @relation(fields: [documentDataId], references: [id], onDelete: Cascade) template Template? @relation(fields: [templateId], references: [id], onDelete: SetNull) auditLogs DocumentAuditLog[] folder Folder? @relation(fields: [folderId], references: [id], onDelete: SetNull) folderId String? @@unique([documentDataId]) @@index([userId]) @@index([status]) @@index([folderId]) } model DocumentAuditLog { id String @id @default(cuid()) documentId Int createdAt DateTime @default(now()) type String data Json // Details of the person who performed the action which caused the audit log. name String? email String? userId Int? userAgent String? ipAddress String? Document Document @relation(fields: [documentId], references: [id], onDelete: Cascade) } enum DocumentDataType { S3_PATH BYTES BYTES_64 } enum DocumentSigningOrder { PARALLEL SEQUENTIAL } model DocumentData { id String @id @default(cuid()) type DocumentDataType data String initialData String document Document? template Template? } enum DocumentDistributionMethod { EMAIL NONE } /// @zod.import(["import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';"]) model DocumentMeta { id String @id @default(cuid()) subject String? message String? timezone String? @default("Etc/UTC") @db.Text password String? dateFormat String? @default("yyyy-MM-dd hh:mm a") @db.Text documentId Int @unique document Document @relation(fields: [documentId], references: [id], onDelete: Cascade) redirectUrl String? signingOrder DocumentSigningOrder @default(PARALLEL) allowDictateNextSigner Boolean @default(false) typedSignatureEnabled Boolean @default(true) uploadSignatureEnabled Boolean @default(true) drawSignatureEnabled Boolean @default(true) language String @default("en") distributionMethod DocumentDistributionMethod @default(EMAIL) emailSettings Json? /// [DocumentEmailSettings] @zod.custom.use(ZDocumentEmailSettingsSchema) emailReplyTo String? emailId String? } enum ReadStatus { NOT_OPENED OPENED } enum SendStatus { NOT_SENT SENT } enum SigningStatus { NOT_SIGNED SIGNED REJECTED } enum RecipientRole { CC SIGNER VIEWER APPROVER ASSISTANT } /// @zod.import(["import { ZRecipientAuthOptionsSchema } from '@documenso/lib/types/document-auth';"]) model Recipient { id Int @id @default(autoincrement()) documentId Int? templateId Int? email String @db.VarChar(255) name String @default("") @db.VarChar(255) token String documentDeletedAt DateTime? expired DateTime? signedAt DateTime? authOptions Json? /// [RecipientAuthOptions] @zod.custom.use(ZRecipientAuthOptionsSchema) signingOrder Int? /// @zod.number.describe("The order in which the recipient should sign the document. Only works if the document is set to sequential signing.") rejectionReason String? role RecipientRole @default(SIGNER) readStatus ReadStatus @default(NOT_OPENED) signingStatus SigningStatus @default(NOT_SIGNED) sendStatus SendStatus @default(NOT_SENT) document Document? @relation(fields: [documentId], references: [id], onDelete: Cascade) template Template? @relation(fields: [templateId], references: [id], onDelete: Cascade) fields Field[] signatures Signature[] @@unique([documentId, email]) @@unique([templateId, email]) @@index([documentId]) @@index([templateId]) @@index([token]) } enum FieldType { SIGNATURE FREE_SIGNATURE INITIALS NAME EMAIL DATE TEXT NUMBER RADIO CHECKBOX DROPDOWN } /// @zod.import(["import { ZFieldMetaNotOptionalSchema } from '@documenso/lib/types/field-meta';"]) model Field { id Int @id @default(autoincrement()) secondaryId String @unique @default(cuid()) documentId Int? templateId Int? recipientId Int type FieldType page Int /// @zod.number.describe("The page number of the field on the document. Starts from 1.") positionX Decimal @default(0) positionY Decimal @default(0) width Decimal @default(-1) height Decimal @default(-1) customText String inserted Boolean document Document? @relation(fields: [documentId], references: [id], onDelete: Cascade) template Template? @relation(fields: [templateId], references: [id], onDelete: Cascade) recipient Recipient @relation(fields: [recipientId], references: [id], onDelete: Cascade) signature Signature? fieldMeta Json? /// [FieldMeta] @zod.custom.use(ZFieldMetaNotOptionalSchema) @@index([documentId]) @@index([templateId]) @@index([recipientId]) } model Signature { id Int @id @default(autoincrement()) created DateTime @default(now()) recipientId Int fieldId Int @unique signatureImageAsBase64 String? typedSignature String? recipient Recipient @relation(fields: [recipientId], references: [id], onDelete: Cascade) field Field @relation(fields: [fieldId], references: [id], onDelete: Cascade) @@index([recipientId]) } model DocumentShareLink { id Int @id @default(autoincrement()) email String slug String @unique documentId Int createdAt DateTime @default(now()) updatedAt DateTime @updatedAt document Document @relation(fields: [documentId], references: [id], onDelete: Cascade) @@unique([documentId, email]) } enum OrganisationType { PERSONAL ORGANISATION } model Organisation { id String @id createdAt DateTime @default(now()) updatedAt DateTime @updatedAt type OrganisationType name String url String @unique avatarImageId String? customerId String? @unique subscription Subscription? organisationClaimId String @unique organisationClaim OrganisationClaim @relation(fields: [organisationClaimId], references: [id]) members OrganisationMember[] invites OrganisationMemberInvite[] groups OrganisationGroup[] teams Team[] emailDomains EmailDomain[] organisationEmails OrganisationEmail[] avatarImage AvatarImage? @relation(fields: [avatarImageId], references: [id], onDelete: SetNull) ownerUserId Int owner User @relation(fields: [ownerUserId], references: [id], onDelete: Cascade) organisationGlobalSettingsId String @unique organisationGlobalSettings OrganisationGlobalSettings @relation(fields: [organisationGlobalSettingsId], references: [id]) organisationAuthenticationPortalId String @unique organisationAuthenticationPortal OrganisationAuthenticationPortal @relation(fields: [organisationAuthenticationPortalId], references: [id]) } model OrganisationMember { id String @id createdAt DateTime @default(now()) updatedAt DateTime @updatedAt userId Int user User @relation(fields: [userId], references: [id], onDelete: Cascade) organisationId String organisation Organisation @relation(fields: [organisationId], references: [id], onDelete: Cascade) organisationGroupMembers OrganisationGroupMember[] @@unique([userId, organisationId]) } model OrganisationMemberInvite { id String @id createdAt DateTime @default(now()) email String token String @unique status OrganisationMemberInviteStatus @default(PENDING) organisationId String organisation Organisation @relation(fields: [organisationId], references: [id], onDelete: Cascade) organisationRole OrganisationMemberRole } model OrganisationGroup { id String @id name String? type OrganisationGroupType organisationRole OrganisationMemberRole organisationId String organisation Organisation @relation(fields: [organisationId], references: [id], onDelete: Cascade) organisationGroupMembers OrganisationGroupMember[] teamGroups TeamGroup[] } model OrganisationGroupMember { id String @id groupId String group OrganisationGroup @relation(fields: [groupId], references: [id], onDelete: Cascade) organisationMember OrganisationMember @relation(fields: [organisationMemberId], references: [id], onDelete: Cascade) organisationMemberId String @@unique([organisationMemberId, groupId]) } model TeamGroup { id String @id organisationGroupId String organisationGroup OrganisationGroup @relation(fields: [organisationGroupId], references: [id], onDelete: Cascade) teamRole TeamMemberRole teamId Int team Team @relation(fields: [teamId], references: [id], onDelete: Cascade) @@unique([teamId, organisationGroupId]) } enum OrganisationGroupType { INTERNAL_ORGANISATION INTERNAL_TEAM CUSTOM } enum OrganisationMemberRole { ADMIN MANAGER MEMBER } enum TeamMemberRole { ADMIN MANAGER MEMBER } enum OrganisationMemberInviteStatus { ACCEPTED PENDING DECLINED } /// @zod.import(["import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';"]) model OrganisationGlobalSettings { id String @id organisation Organisation? documentVisibility DocumentVisibility @default(EVERYONE) documentLanguage String @default("en") includeSenderDetails Boolean @default(true) includeSigningCertificate Boolean @default(true) includeAuditLog Boolean @default(false) documentTimezone String? // Nullable to allow using local timezones if not set. documentDateFormat String @default("yyyy-MM-dd hh:mm a") typedSignatureEnabled Boolean @default(true) uploadSignatureEnabled Boolean @default(true) drawSignatureEnabled Boolean @default(true) emailId String? email OrganisationEmail? @relation(fields: [emailId], references: [id]) emailReplyTo String? // emailReplyToName String? // Placeholder for future feature. emailDocumentSettings Json /// [DocumentEmailSettings] @zod.custom.use(ZDocumentEmailSettingsSchema) brandingEnabled Boolean @default(false) brandingLogo String @default("") brandingUrl String @default("") brandingCompanyDetails String @default("") } /// @zod.import(["import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';"]) model TeamGlobalSettings { id String @id team Team? documentVisibility DocumentVisibility? documentLanguage String? documentTimezone String? documentDateFormat String? includeSenderDetails Boolean? includeSigningCertificate Boolean? includeAuditLog Boolean? typedSignatureEnabled Boolean? uploadSignatureEnabled Boolean? drawSignatureEnabled Boolean? emailId String? email OrganisationEmail? @relation(fields: [emailId], references: [id]) emailReplyTo String? // emailReplyToName String? // Placeholder for future feature. emailDocumentSettings Json? /// [DocumentEmailSettingsNullable] @zod.custom.use(ZDocumentEmailSettingsSchema) brandingEnabled Boolean? brandingLogo String? brandingUrl String? brandingCompanyDetails String? } model Team { id Int @id @default(autoincrement()) name String url String @unique createdAt DateTime @default(now()) avatarImageId String? teamEmail TeamEmail? emailVerification TeamEmailVerification? avatarImage AvatarImage? @relation(fields: [avatarImageId], references: [id], onDelete: SetNull) profile TeamProfile? documents Document[] templates Template[] folders Folder[] apiTokens ApiToken[] webhooks Webhook[] teamGroups TeamGroup[] organisationId String organisation Organisation @relation(fields: [organisationId], references: [id], onDelete: Cascade) teamGlobalSettingsId String @unique teamGlobalSettings TeamGlobalSettings @relation(fields: [teamGlobalSettingsId], references: [id], onDelete: Cascade) } model TeamEmail { teamId Int @id @unique createdAt DateTime @default(now()) name String email String @unique team Team @relation(fields: [teamId], references: [id], onDelete: Cascade) } model TeamEmailVerification { teamId Int @id @unique name String email String token String @unique completed Boolean @default(false) expiresAt DateTime createdAt DateTime @default(now()) team Team @relation(fields: [teamId], references: [id], onDelete: Cascade) } enum TemplateType { PUBLIC PRIVATE } /// @zod.import(["import { ZDocumentEmailSettingsSchema } from '@documenso/lib/types/document-email';"]) model TemplateMeta { id String @id @default(cuid()) subject String? message String? timezone String? @default("Etc/UTC") @db.Text password String? dateFormat String? @default("yyyy-MM-dd hh:mm a") @db.Text signingOrder DocumentSigningOrder? @default(PARALLEL) allowDictateNextSigner Boolean @default(false) distributionMethod DocumentDistributionMethod @default(EMAIL) typedSignatureEnabled Boolean @default(true) uploadSignatureEnabled Boolean @default(true) drawSignatureEnabled Boolean @default(true) templateId Int @unique template Template @relation(fields: [templateId], references: [id], onDelete: Cascade) redirectUrl String? language String @default("en") emailSettings Json? /// [DocumentEmailSettings] @zod.custom.use(ZDocumentEmailSettingsSchema) emailReplyTo String? emailId String? } /// @zod.import(["import { ZDocumentAuthOptionsSchema } from '@documenso/lib/types/document-auth';"]) model Template { id Int @id @default(autoincrement()) externalId String? type TemplateType @default(PRIVATE) title String visibility DocumentVisibility @default(EVERYONE) authOptions Json? /// [DocumentAuthOptions] @zod.custom.use(ZDocumentAuthOptionsSchema) templateMeta TemplateMeta? templateDocumentDataId String createdAt DateTime @default(now()) updatedAt DateTime @default(now()) @updatedAt publicTitle String @default("") publicDescription String @default("") useLegacyFieldInsertion Boolean @default(false) userId Int user User @relation(fields: [userId], references: [id], onDelete: Cascade) teamId Int team Team @relation(fields: [teamId], references: [id], onDelete: Cascade) templateDocumentData DocumentData @relation(fields: [templateDocumentDataId], references: [id], onDelete: Cascade) recipients Recipient[] fields Field[] directLink TemplateDirectLink? documents Document[] folder Folder? @relation(fields: [folderId], references: [id], onDelete: SetNull) folderId String? @@unique([templateDocumentDataId]) @@index([userId]) } model TemplateDirectLink { id String @id @unique @default(cuid()) templateId Int @unique token String @unique createdAt DateTime @default(now()) enabled Boolean directTemplateRecipientId Int template Template @relation(fields: [templateId], references: [id], onDelete: Cascade) } model SiteSettings { id String @id enabled Boolean @default(false) data Json lastModifiedByUserId Int? lastModifiedAt DateTime @default(now()) lastModifiedByUser User? @relation(fields: [lastModifiedByUserId], references: [id], onDelete: SetNull) } enum BackgroundJobStatus { PENDING PROCESSING COMPLETED FAILED } model BackgroundJob { id String @id @default(cuid()) status BackgroundJobStatus @default(PENDING) payload Json? retried Int @default(0) maxRetries Int @default(3) // Taken from the job definition jobId String name String version String submittedAt DateTime @default(now()) updatedAt DateTime @updatedAt completedAt DateTime? lastRetriedAt DateTime? tasks BackgroundJobTask[] } enum BackgroundJobTaskStatus { PENDING COMPLETED FAILED } model BackgroundJobTask { id String @id name String status BackgroundJobTaskStatus @default(PENDING) result Json? retried Int @default(0) maxRetries Int @default(3) createdAt DateTime @default(now()) updatedAt DateTime @updatedAt completedAt DateTime? jobId String backgroundJob BackgroundJob @relation(fields: [jobId], references: [id], onDelete: Cascade) } model AvatarImage { id String @id @default(cuid()) bytes String team Team[] user User[] organisation Organisation[] } enum EmailDomainStatus { PENDING ACTIVE } model EmailDomain { id String @id createdAt DateTime @default(now()) updatedAt DateTime @updatedAt status EmailDomainStatus @default(PENDING) selector String @unique domain String @unique publicKey String privateKey String organisationId String organisation Organisation @relation(fields: [organisationId], references: [id], onDelete: Cascade) emails OrganisationEmail[] } model OrganisationEmail { id String @id createdAt DateTime @default(now()) updatedAt DateTime @updatedAt email String @unique emailName String // replyTo String? emailDomainId String emailDomain EmailDomain @relation(fields: [emailDomainId], references: [id], onDelete: Cascade) organisationId String organisation Organisation @relation(fields: [organisationId], references: [id], onDelete: Cascade) organisationGlobalSettings OrganisationGlobalSettings[] teamGlobalSettings TeamGlobalSettings[] } model OrganisationAuthenticationPortal { id String @id organisation Organisation? enabled Boolean @default(false) clientId String @default("") clientSecret String @default("") wellKnownUrl String @default("") defaultOrganisationRole OrganisationMemberRole @default(MEMBER) autoProvisionUsers Boolean @default(true) allowedDomains String[] @default([]) }