From bf4df4483c8f8211870c074c6e5725aabf31d339 Mon Sep 17 00:00:00 2001
From: fern-api <115122769+fern-api[bot]@users.noreply.github.com>
Date: Tue, 9 Jun 2026 04:56:00 +0000
Subject: [PATCH 1/3] [fern-generated] Update SDK

Generated by Fern
CLI Version: unknown
Generators:
  - fernapi/fern-python-sdk: 5.14.3
---
 reference.md                                  | 546 +++++++++---------
 src/auth0/management/__init__.py              | 104 ++--
 src/auth0/management/branding/client.py       |  21 +-
 .../branding/phone/providers/client.py        |  24 +-
 .../branding/phone/providers/raw_client.py    |  24 +-
 src/auth0/management/branding/raw_client.py   |  13 -
 src/auth0/management/client_grants/client.py  |  16 +-
 .../client_grants/organizations/raw_client.py |  23 +
 .../management/client_grants/raw_client.py    |  16 +-
 src/auth0/management/clients/client.py        | 306 +++++-----
 .../management/clients/connections/client.py  |  26 +-
 .../clients/connections/raw_client.py         |  26 +-
 .../management/clients/credentials/client.py  | 104 +++-
 .../clients/credentials/raw_client.py         | 104 +++-
 src/auth0/management/clients/raw_client.py    | 306 +++++-----
 .../connection_profiles/raw_client.py         |  22 +
 .../connections/users/raw_client.py           |  23 +
 src/auth0/management/core/client_wrapper.py   |  22 +-
 .../management/custom_domains/raw_client.py   |  22 +
 .../management/device_credentials/client.py   |  12 +-
 .../device_credentials/raw_client.py          |  12 +-
 .../management/emails/provider/client.py      | 262 ++++-----
 .../management/emails/provider/raw_client.py  | 262 ++++-----
 .../management/groups/members/raw_client.py   |  23 +
 src/auth0/management/groups/roles/client.py   |  12 +-
 .../management/groups/roles/raw_client.py     |  56 +-
 src/auth0/management/organizations/client.py  |  48 +-
 .../organizations/discovery_domains/client.py |   4 +-
 .../discovery_domains/raw_client.py           |   4 +-
 .../enabled_connections/client.py             |   8 +-
 .../enabled_connections/raw_client.py         |   8 +-
 .../organizations/groups/raw_client.py        |  23 +
 .../organizations/groups/roles/raw_client.py  |  67 +++
 .../organizations/invitations/client.py       |   8 +-
 .../organizations/invitations/raw_client.py   |   8 +-
 .../organizations/members/client.py           |  36 +-
 .../members/effective_roles/raw_client.py     |  23 +
 .../sources/groups/raw_client.py              |  23 +
 .../organizations/members/raw_client.py       |  36 +-
 .../organizations/members/roles/client.py     |   8 +-
 .../organizations/members/roles/raw_client.py |   8 +-
 .../management/organizations/raw_client.py    |  48 +-
 src/auth0/management/refresh_tokens/client.py |   8 +-
 .../management/refresh_tokens/raw_client.py   |   8 +-
 .../management/roles/groups/raw_client.py     |  44 ++
 .../management/tenants/settings/client.py     |  68 +++
 .../management/tenants/settings/raw_client.py |  80 +++
 .../token_exchange_profiles/client.py         |  38 +-
 .../token_exchange_profiles/raw_client.py     |  60 +-
 src/auth0/management/types/__init__.py        |  93 ++-
 .../management/types/acul_context_enum.py     |   1 +
 .../types/branding_login_display_enum.py      |   5 -
 .../types/branding_phone_formatting_enum.py   |   5 -
 .../types/branding_phone_masking_enum.py      |   5 -
 ...ent_my_organization_patch_configuration.py |   4 +
 ...ient_my_organization_post_configuration.py |   4 +
 ..._my_organization_response_configuration.py |   4 +
 ...ction_id_token_session_expiry_supported.py |   6 +
 .../types/connection_options_common_oidc.py   |   2 +
 .../types/connection_properties_options.py    |   2 +
 ...s.py => content_security_policy_config.py} |  16 +-
 .../create_phone_template_response_content.py |   2 +-
 src/auth0/management/types/csp_directives.py  |   8 +
 src/auth0/management/types/csp_flag.py        |   5 +
 src/auth0/management/types/csp_flags.py       |  10 +
 src/auth0/management/types/csp_policies.py    |  10 +
 src/auth0/management/types/csp_policy.py      |  30 +
 src/auth0/management/types/csp_policy_mode.py |   5 +
 .../management/types/csp_policy_reporting.py  |  31 +
 src/auth0/management/types/csp_report_to.py   |  34 ++
 ...e_display.py => csp_report_to_endpoint.py} |  12 +-
 .../types/csp_report_to_endpoints.py          |  10 +
 .../types/csp_reporting_endpoints.py          |   8 +
 ...lay.py => csp_reporting_infrastructure.py} |  12 +-
 .../types/get_branding_response_content.py    |   2 -
 .../get_phone_template_response_content.py    |   2 +-
 .../get_tenant_settings_response_content.py   |   9 +
 ...cy_configuration_request_content_action.py |   2 +-
 ...olicy_configuration_request_content_one.py |   2 +-
 src/auth0/management/types/phone_template.py  |   2 +-
 .../types/prompt_group_name_enum.py           |   1 +
 .../rate_limit_policy_configuration_action.py |   2 +-
 .../rate_limit_policy_configuration_one.py    |   2 +-
 .../reset_phone_template_response_content.py  |   2 +-
 .../types/screen_group_name_enum.py           |   1 +
 .../types/tenant_settings_country_codes.py    |  31 +
 .../tenant_settings_country_codes_mode.py     |   5 +
 ...nt_settings_country_codes_mode_response.py |   5 +
 .../tenant_settings_country_codes_response.py |  31 +
 ...nant_settings_nullable_security_headers.py |  26 +
 .../types/update_branding_identifiers.py      |  31 -
 .../update_branding_login_display_enum.py     |   5 -
 .../update_branding_phone_formatting_enum.py  |   5 -
 .../update_branding_phone_masking_enum.py     |   7 -
 .../types/update_branding_response_content.py |   2 -
 .../types/update_connection_options.py        |   2 +
 .../update_phone_template_response_content.py |   2 +-
 ...update_tenant_settings_response_content.py |   9 +
 .../management/types/xss_protection_config.py |  33 ++
 .../management/types/xss_protection_mode.py   |   5 +
 src/auth0/management/user_blocks/client.py    |  24 +-
 .../management/user_blocks/raw_client.py      |  24 +-
 src/auth0/management/user_grants/client.py    |   4 +-
 .../management/user_grants/raw_client.py      |   4 +-
 .../users/effective_roles/raw_client.py       |  23 +
 .../sources/groups/raw_client.py              |  23 +
 .../management/users/groups/raw_client.py     |  23 +
 wiremock/wiremock-mappings.json               |  16 +-
 108 files changed, 2229 insertions(+), 1515 deletions(-)
 delete mode 100644 src/auth0/management/types/branding_login_display_enum.py
 delete mode 100644 src/auth0/management/types/branding_phone_formatting_enum.py
 delete mode 100644 src/auth0/management/types/branding_phone_masking_enum.py
 create mode 100644 src/auth0/management/types/connection_id_token_session_expiry_supported.py
 rename src/auth0/management/types/{branding_identifiers.py => content_security_policy_config.py} (50%)
 create mode 100644 src/auth0/management/types/csp_directives.py
 create mode 100644 src/auth0/management/types/csp_flag.py
 create mode 100644 src/auth0/management/types/csp_flags.py
 create mode 100644 src/auth0/management/types/csp_policies.py
 create mode 100644 src/auth0/management/types/csp_policy.py
 create mode 100644 src/auth0/management/types/csp_policy_mode.py
 create mode 100644 src/auth0/management/types/csp_policy_reporting.py
 create mode 100644 src/auth0/management/types/csp_report_to.py
 rename src/auth0/management/types/{update_branding_phone_display.py => csp_report_to_endpoint.py} (58%)
 create mode 100644 src/auth0/management/types/csp_report_to_endpoints.py
 create mode 100644 src/auth0/management/types/csp_reporting_endpoints.py
 rename src/auth0/management/types/{branding_phone_display.py => csp_reporting_infrastructure.py} (57%)
 create mode 100644 src/auth0/management/types/tenant_settings_country_codes.py
 create mode 100644 src/auth0/management/types/tenant_settings_country_codes_mode.py
 create mode 100644 src/auth0/management/types/tenant_settings_country_codes_mode_response.py
 create mode 100644 src/auth0/management/types/tenant_settings_country_codes_response.py
 create mode 100644 src/auth0/management/types/tenant_settings_nullable_security_headers.py
 delete mode 100644 src/auth0/management/types/update_branding_identifiers.py
 delete mode 100644 src/auth0/management/types/update_branding_login_display_enum.py
 delete mode 100644 src/auth0/management/types/update_branding_phone_formatting_enum.py
 delete mode 100644 src/auth0/management/types/update_branding_phone_masking_enum.py
 create mode 100644 src/auth0/management/types/xss_protection_config.py
 create mode 100644 src/auth0/management/types/xss_protection_mode.py

diff --git a/reference.md b/reference.md
index 3a1d33a2..f8da7c23 100644
--- a/reference.md
+++ b/reference.md
@@ -832,14 +832,6 @@ client.branding.update()
 <dl>
 <dd>
 
-**identifiers:** `typing.Optional[UpdateBrandingIdentifiers]` 
-    
-</dd>
-</dl>
-
-<dl>
-<dd>
-
 **font:** `typing.Optional[UpdateBrandingFont]` 
     
 </dd>
@@ -873,7 +865,7 @@ client.branding.update()
 <dl>
 <dd>
 
-Retrieve a list of <a href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grants</a>, including the scopes associated with the application/API pair.
+Retrieve a list of [client grants](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the scopes associated with the application/API pair.
 </dd>
 </dl>
 </dd>
@@ -1000,7 +992,7 @@ client.client_grants.list(
 <dl>
 <dd>
 
-Create a client grant for a machine-to-machine login flow. To learn more, read <a href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</a>.
+Create a client grant for a machine-to-machine login flow. To learn more, read [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow).
 </dd>
 </dl>
 </dd>
@@ -1137,7 +1129,7 @@ client.client_grants.create(
 <dl>
 <dd>
 
-Retrieve a single <a href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grant</a>, including the
+Retrieve a single [client grant](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the
 scopes associated with the application/API pair.
 </dd>
 </dl>
@@ -1211,7 +1203,7 @@ client.client_grants.get(
 <dl>
 <dd>
 
-Delete the <a href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</a> from your machine-to-machine application.
+Delete the [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow) from your machine-to-machine application.
 </dd>
 </dl>
 </dd>
@@ -1399,38 +1391,30 @@ client.client_grants.update(
 <dd>
 
 Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified.
-For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
+For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
 
-<ul>
-  <li>
-    The following can be retrieved with any scope:
-    <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
-  </li>
-  <li>
-    The following properties can only be retrieved with the <code>read:clients</code> or
-    <code>read:client_keys</code> scope:
-    <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
-    <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
-    <code>callback_url_template</code>, <code>jwt_configuration</code>,
-    <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
-    <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
-    <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
-    <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
-    <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
-    <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
-    <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
-    <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,
-    <code>refresh_token</code>, <code>refresh_token.rotation_type</code>, <code>refresh_token.expiration_type</code>,
-    <code>refresh_token.leeway</code>, <code>refresh_token.token_lifetime</code>, <code>refresh_token.policies</code>, <code>organization_usage</code>,
-    <code>organization_require_behavior</code>.
-  </li>
-  <li>
-    The following properties can only be retrieved with the
-    <code>read:client_keys</code> or <code>read:client_credentials</code> scope:
-    <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
-    <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
-  </li>
-</ul>
+- The following can be retrieved with any scope:
+    `client_id`, `app_type`, `name`, and `description`.
+- The following properties can only be retrieved with the `read:clients` or
+    `read:client_keys` scope:
+    `callbacks`, `oidc_logout`, `allowed_origins`,
+    `web_origins`, `tenant`, `global`, `config_route`,
+    `callback_url_template`, `jwt_configuration`,
+    `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+    `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+    `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+    `custom_login_page_off`, `sso`, `addons`, `form_template`,
+    `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+    `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+    `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+    `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+    `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+    `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+    `organization_require_behavior`.
+- The following properties can only be retrieved with the
+    `read:client_keys` or `read:client_credentials` scope:
+    `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+    `client_secret`, `client_authentication_methods` and `signing_key`.
 </dd>
 </dl>
 </dd>
@@ -1584,20 +1568,20 @@ client.clients.list(
 <dl>
 <dd>
 
-Create a new client (application or SSO integration). For more information, read <a href="https://www.auth0.com/docs/get-started/auth0-overview/create-applications">Create Applications</a>
-<a href="https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on>">API Endpoints for Single Sign-On</a>. 
+Create a new client (application or SSO integration). For more information, read [Create Applications](https://www.auth0.com/docs/get-started/auth0-overview/create-applications)
+[API Endpoints for Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on).
 
 Notes: 
 - We recommend leaving the `client_secret` parameter unspecified to allow the generation of a safe secret.
-- The <code>client_authentication_methods</code> and <code>token_endpoint_auth_method</code> properties are mutually exclusive. Use 
-<code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method. Otherwise, use <code>token_endpoint_auth_method</code>
+- The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use 
+`client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method`
 to configure the client with client secret (basic or post) or with no authentication method (none).
-- When using <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method, specify fully defined credentials. 
+- When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, specify fully defined credentials. 
 These credentials will be automatically enabled for Private Key JWT authentication on the client. 
-- To configure <code>client_authentication_methods</code>, the <code>create:client_credentials</code> scope is required.
-- To configure <code>client_authentication_methods</code>, the property <code>jwt_configuration.alg</code> must be set to RS256.
+- To configure `client_authentication_methods`, the `create:client_credentials` scope is required.
+- To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
 
-<div class="alert alert-warning">SSO Integrations created via this endpoint will accept login requests and share user profile information.</div>
+SSO Integrations created via this endpoint will accept login requests and share user profile information.
 </dd>
 </dl>
 </dd>
@@ -2178,16 +2162,14 @@ client.clients.preview_cimd_metadata(
 Idempotent registration for Client ID Metadata Document (CIMD) clients.
 Uses external_client_id as the unique identifier for upsert operations.
 
-<strong>Create:</strong> Returns 201 when a new client is created (requires <code>create:clients</code> scope).
-<strong>Update:</strong> Returns 200 when an existing client is updated (requires <code>update:clients</code> scope).
+**Create:** Returns 201 when a new client is created (requires `create:clients` scope).
+**Update:** Returns 200 when an existing client is updated (requires `update:clients` scope).
 
 This endpoint automatically:
-<ul>
-  <li>Fetches and validates the metadata document</li>
-  <li>Maps CIMD fields to Auth0 client configuration</li>
-  <li>Creates/rotates credentials from the JWKS</li>
-  <li>Enforces CIMD security policies (HTTPS-only, no shared secrets)</li>
-</ul>
+- Fetches and validates the metadata document
+- Maps CIMD fields to Auth0 client configuration
+- Creates/rotates credentials from the JWKS
+- Enforces CIMD security policies (HTTPS-only, no shared secrets)
 </dd>
 </dl>
 </dd>
@@ -2261,36 +2243,29 @@ client.clients.register_cimd_client(
 <dd>
 
 Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified. 
-For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
-<ul>
-  <li>
-    The following properties can be retrieved with any of the scopes:
-    <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
-  </li>
-  <li>
-    The following properties can only be retrieved with the <code>read:clients</code> or
-    <code>read:client_keys</code> scopes:
-    <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
-    <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
-    <code>callback_url_template</code>, <code>jwt_configuration</code>,
-    <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
-    <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
-    <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
-    <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
-    <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
-    <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
-    <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
-    <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,
-    <code>refresh_token</code>, <code>refresh_token.rotation_type</code>, <code>refresh_token.expiration_type</code>,
-    <code>refresh_token.leeway</code>, <code>refresh_token.token_lifetime</code>, <code>refresh_token.policies</code>, <code>organization_usage</code>,
-    <code>organization_require_behavior</code>.
-  </li>
-  <li>
-    The following properties can only be retrieved with the <code>read:client_keys</code> or <code>read:client_credentials</code> scopes:
-    <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
-    <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
-  </li>
-</ul>
+For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
+
+- The following properties can be retrieved with any of the scopes:
+    `client_id`, `app_type`, `name`, and `description`.
+- The following properties can only be retrieved with the `read:clients` or
+    `read:client_keys` scopes:
+    `callbacks`, `oidc_logout`, `allowed_origins`,
+    `web_origins`, `tenant`, `global`, `config_route`,
+    `callback_url_template`, `jwt_configuration`,
+    `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+    `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+    `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+    `custom_login_page_off`, `sso`, `addons`, `form_template`,
+    `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+    `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+    `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+    `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+    `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+    `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+    `organization_require_behavior`.
+- The following properties can only be retrieved with the `read:client_keys` or `read:client_credentials` scopes:
+    `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+    `client_secret`, `client_authentication_methods` and `signing_key`.
 </dd>
 </dl>
 </dd>
@@ -2454,15 +2429,15 @@ client.clients.delete(
 <dl>
 <dd>
 
-Updates a client's settings. For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
+Updates a client's settings. For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
 
 Notes:
 - The `client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope.
-- The <code>client_authentication_methods</code> and <code>token_endpoint_auth_method</code> properties are mutually exclusive. Use <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method. Otherwise, use <code>token_endpoint_auth_method</code> to configure the client with client secret (basic or post) or with no authentication method (none).
-- When using <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
-- To configure <code>client_authentication_methods</code>, the <code>update:client_credentials</code> scope is required.
-- To configure <code>client_authentication_methods</code>, the property <code>jwt_configuration.alg</code> must be set to RS256.
-- To change a client's <code>is_first_party</code> property to <code>false</code>, the <code>organization_usage</code> and <code>organization_require_behavior</code> properties must be unset.
+- The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` to configure the client with client secret (basic or post) or with no authentication method (none).
+- When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
+- To configure `client_authentication_methods`, the `update:client_credentials` scope is required.
+- To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
+- To change a client's `is_first_party` property to `false`, the `organization_usage` and `organization_require_behavior` properties must be unset.
 </dd>
 </dl>
 </dd>
@@ -2975,7 +2950,7 @@ Rotate a client secret.
 
 This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded.
 
-For more information, read <a href="https://www.auth0.com/docs/get-started/applications/rotate-client-secret">Rotate Client Secrets</a>.
+For more information, read [Rotate Client Secrets](https://www.auth0.com/docs/get-started/applications/rotate-client-secret).
 </dd>
 </dl>
 </dd>
@@ -5133,7 +5108,7 @@ client.custom_domains.verify(
 <dl>
 <dd>
 
-Retrieve device credential information (<code>public_key</code>, <code>refresh_token</code>, or <code>rotating_refresh_token</code>) associated with a specific user.
+Retrieve device credential information (`public_key`, `refresh_token`, or `rotating_refresh_token`) associated with a specific user.
 </dd>
 </dl>
 </dd>
@@ -5269,9 +5244,9 @@ client.device_credentials.list(
 <dl>
 <dd>
 
-Create a device credential public key to manage refresh token rotation for a given <code>user_id</code>. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
+Create a device credential public key to manage refresh token rotation for a given `user_id`. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
 
-When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read <a href="https://auth0.com/docs/get-started/tenant-settings/signing-keys"> Signing Keys</a>.
+When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read [Signing Keys](https://auth0.com/docs/get-started/tenant-settings/signing-keys).
 </dd>
 </dl>
 </dd>
@@ -7298,7 +7273,7 @@ client.forms.update(
 <dl>
 <dd>
 
-Retrieve the <a href="https://auth0.com/docs/api-auth/which-oauth-flow-to-use">grants</a> associated with your account. 
+Retrieve the [grants](https://auth0.com/docs/api-auth/which-oauth-flow-to-use) associated with your account.
 </dd>
 </dl>
 </dd>
@@ -7416,7 +7391,7 @@ client.user_grants.list(
 <dl>
 <dd>
 
-Delete a grant associated with your account. 
+Delete a grant associated with your account.
 </dd>
 </dl>
 </dd>
@@ -7489,7 +7464,7 @@ client.user_grants.delete_by_user_id(
 <dl>
 <dd>
 
-Delete a grant associated with your account. 
+Delete a grant associated with your account.
 </dd>
 </dl>
 </dd>
@@ -10094,22 +10069,20 @@ client.network_acls.update(
 Retrieve detailed list of all Organizations available in your tenant. For more information, see Auth0 Organizations.
 
 This endpoint supports two types of pagination:
-<ul>
-<li>Offset pagination</li>
-<li>Checkpoint pagination</li>
-</ul>
+
+- Offset pagination
+- Checkpoint pagination
 
 Checkpoint pagination must be used if you need to retrieve more than 1000 organizations.
 
-<h2>Checkpoint Pagination</h2>
+**Checkpoint Pagination**
 
 To search by checkpoint, use the following parameters:
-<ul>
-<li><code>from</code>: Optional id from which to start selection.</li>
-<li><code>take</code>: The total number of entries to retrieve when using the <code>from</code> parameter. Defaults to 50.</li>
-</ul>
 
-<b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no pages are remaining.
+- `from`: Optional id from which to start selection.
+- `take`: The total number of entries to retrieve when using the `from` parameter. Defaults to 50.
+
+**Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
 </dd>
 </dl>
 </dd>
@@ -10200,7 +10173,7 @@ client.organizations.list(
 <dl>
 <dd>
 
-Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review <a href="https://auth0.com/docs/manage-users/organizations/create-first-organization">Create Your First Organization</a>.
+Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review [Create Your First Organization](https://auth0.com/docs/manage-users/organizations/create-first-organization).
 </dd>
 </dl>
 </dd>
@@ -10386,7 +10359,7 @@ client.organizations.get_by_name(
 <dl>
 <dd>
 
-Retrieve details about a single Organization specified by ID. 
+Retrieve details about a single Organization specified by ID.
 </dd>
 </dl>
 </dd>
@@ -10461,7 +10434,7 @@ client.organizations.get(
 
 Remove an Organization from your tenant.  This action cannot be undone. 
 
-<b>Note</b>: Members are automatically disassociated from an Organization when it is deleted. However, this action does <b>not</b> delete these users from your tenant.
+**Note**: Members are automatically disassociated from an Organization when it is deleted. However, this action does **not** delete these users from your tenant.
 </dd>
 </dl>
 </dd>
@@ -10534,7 +10507,7 @@ client.organizations.delete(
 <dl>
 <dd>
 
-Update the details of a specific <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations">Organization</a>, such as name and display name, branding options, and metadata.
+Update the details of a specific [Organization](https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations), such as name and display name, branding options, and metadata.
 </dd>
 </dl>
 </dd>
@@ -11289,7 +11262,7 @@ client.refresh_tokens.list(
 <dl>
 <dd>
 
-Revoke refresh tokens in bulk by ID list, user, user+client, or client.
+Revoke refresh tokens in bulk by ID list, user, user+client, or user+client+audience.
 </dd>
 </dl>
 </dd>
@@ -11344,7 +11317,7 @@ client.refresh_tokens.revoke()
 <dl>
 <dd>
 
-**client_id:** `typing.Optional[str]` — Revoke all refresh tokens for this client.
+**client_id:** `typing.Optional[str]` — Revoke refresh tokens for this client. Must be paired with `user_id`; optionally narrowed further with `audience`.
     
 </dd>
 </dl>
@@ -14752,15 +14725,14 @@ client.tickets.change_password()
 
 Retrieve a list of all Token Exchange Profiles available in your tenant.
 
-By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
 This endpoint supports Checkpoint pagination. To search by checkpoint, use the following parameters:
-<ul>
-<li><code>from</code>: Optional id from which to start selection.</li>
-<li><code>take</code>: The total amount of entries to retrieve when using the from parameter. Defaults to 50.</li>
-</ul>
 
-<b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no pages are remaining.
+- `from`: Optional id from which to start selection.
+- `take`: The total amount of entries to retrieve when using the from parameter. Defaults to 50.
+
+**Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
 </dd>
 </dl>
 </dd>
@@ -14844,7 +14816,7 @@ client.token_exchange_profiles.list(
 
 Create a new Token Exchange Profile within your tenant.
 
-By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 </dd>
 </dl>
 </dd>
@@ -14946,7 +14918,7 @@ client.token_exchange_profiles.create(
 
 Retrieve details about a single Token Exchange Profile specified by ID.
 
-By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 </dd>
 </dl>
 </dd>
@@ -15021,8 +14993,7 @@ client.token_exchange_profiles.get(
 
 Delete a Token Exchange Profile within your tenant.
 
-By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</a>. It is your responsibility to securely validate the user's subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
-
+By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 </dd>
 </dl>
 </dd>
@@ -15097,8 +15068,7 @@ client.token_exchange_profiles.delete(
 
 Update a Token Exchange Profile within your tenant.
 
-By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</a>. It is your responsibility to securely validate the user's subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
-
+By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 </dd>
 </dl>
 </dd>
@@ -15747,7 +15717,7 @@ client.user_attribute_profiles.update(
 <dl>
 <dd>
 
-Retrieve details of all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for a user with the given identifier (username, phone number, or email).
+Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for a user with the given identifier (username, phone number, or email).
 </dd>
 </dl>
 </dd>
@@ -15834,9 +15804,9 @@ client.user_blocks.list_by_identifier(
 <dl>
 <dd>
 
-Remove all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given identifier (username, phone number, or email).
+Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given identifier (username, phone number, or email).
 
-Note: This endpoint does not unblock users that were <a href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</a>.
+Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
 </dd>
 </dl>
 </dd>
@@ -15909,7 +15879,7 @@ client.user_blocks.delete_by_identifier(
 <dl>
 <dd>
 
-Retrieve details of all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given ID.
+Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
 </dd>
 </dl>
 </dd>
@@ -15996,9 +15966,9 @@ client.user_blocks.list(
 <dl>
 <dd>
 
-Remove all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given ID.
+Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
 
-Note: This endpoint does not unblock users that were <a href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</a>.
+Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
 </dd>
 </dl>
 </dd>
@@ -20407,7 +20377,7 @@ client.branding.themes.update(
 <dl>
 <dd>
 
-Retrieve a list of <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone providers</a> details set for a Tenant. A list of fields to include or exclude may also be specified.
+Retrieve a list of [phone providers](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers) details set for a Tenant. A list of fields to include or exclude may also be specified.
 </dd>
 </dl>
 </dd>
@@ -20480,8 +20450,8 @@ client.branding.phone.providers.list(
 <dl>
 <dd>
 
-Create a <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a>.
-The <code>credentials</code> object requires different properties depending on the phone provider (which is specified using the <code>name</code> property).
+Create a [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers).
+The `credentials` object requires different properties depending on the phone provider (which is specified using the `name` property).
 </dd>
 </dl>
 </dd>
@@ -20581,7 +20551,7 @@ client.branding.phone.providers.create(
 <dl>
 <dd>
 
-Retrieve <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a> details. A list of fields to include or exclude may also be specified.
+Retrieve [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers) details. A list of fields to include or exclude may also be specified.
 </dd>
 </dl>
 </dd>
@@ -20727,8 +20697,8 @@ client.branding.phone.providers.delete(
 <dl>
 <dd>
 
-Update a <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a>.
-The <code>credentials</code> object requires different properties depending on the phone provider (which is specified using the <code>name</code> property).
+Update a [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers).
+The `credentials` object requires different properties depending on the phone provider (which is specified using the `name` property).
 </dd>
 </dl>
 </dd>
@@ -21460,7 +21430,7 @@ client.client_grants.organizations.list(
 
 Get the details of a client credential.
 
-<b>Important</b>: To enable credentials to be used for a client authentication method, set the <code>client_authentication_methods</code> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <code>signed_request_object</code> property on the client.
+**Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
 </dd>
 </dl>
 </dd>
@@ -21535,37 +21505,61 @@ client.clients.credentials.list(
 
 Create a client credential associated to your application. Credentials can be used to configure Private Key JWT and mTLS authentication methods, as well as for JWT-secured Authorization requests.
 
-<h5>Public Key</h5>Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+**Public Key**
 
-Sample: <pre><code>{
+Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+
+Sample: 
+
+```json
+{
   "credential_type": "public_key",
   "name": "string",
   "pem": "string",
   "alg": "RS256",
   "parse_expiry_from_cert": false,
   "expires_at": "2022-12-31T23:59:59Z"
-}</code></pre>
-<h5>Certificate (CA-signed & self-signed)</h5>Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+}
+```
 
-CA-signed Certificate Sample (pem): <pre><code>{
+**Certificate (CA-signed & self-signed)**
+
+Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+
+CA-signed Certificate Sample (pem): 
+
+```json
+{
   "credential_type": "x509_cert",
   "name": "string",
   "pem": "string"
-}</code></pre>CA-signed Certificate Sample (subject_dn): <pre><code>{
+}
+```
+
+CA-signed Certificate Sample (subject_dn): 
+
+```json
+{
   "credential_type": "cert_subject_dn",
   "name": "string",
   "subject_dn": "string"
-}</code></pre>Self-signed Certificate Sample: <pre><code>{
+}
+```
+
+Self-signed Certificate Sample: 
+
+```json
+{
   "credential_type": "cert_subject_dn",
   "name": "string",
   "pem": "string"
-}</code></pre>
+}
+```
 
 The credential will be created but not yet enabled for use until you set the corresponding properties in the client:
-<ul>
-  <li>To enable the credential for Private Key JWT or mTLS authentication methods, set the <code>client_authentication_methods</code> property on the client. For more information, read <a href="https://auth0.com/docs/get-started/applications/configure-private-key-jwt">Configure Private Key JWT Authentication</a> and <a href="https://auth0.com/docs/get-started/applications/configure-mtls">Configure mTLS Authentication</a></li>
-  <li>To enable the credential for JWT-secured Authorization requests, set the <code>signed_request_object</code>property on the client. For more information, read <a href="https://auth0.com/docs/get-started/applications/configure-jar">Configure JWT-secured Authorization Requests (JAR)</a></li>
-</ul>
+
+- To enable the credential for Private Key JWT or mTLS authentication methods, set the `client_authentication_methods` property on the client. For more information, read [Configure Private Key JWT Authentication](https://auth0.com/docs/get-started/applications/configure-private-key-jwt) and [Configure mTLS Authentication](https://auth0.com/docs/get-started/applications/configure-mtls)
+- To enable the credential for JWT-secured Authorization requests, set the `signed_request_object`property on the client. For more information, read [Configure JWT-secured Authorization Requests (JAR)](https://auth0.com/docs/get-started/applications/configure-jar)
 </dd>
 </dl>
 </dd>
@@ -21705,7 +21699,7 @@ client.clients.credentials.create(
 
 Get the details of a client credential.
 
-<b>Important</b>: To enable credentials to be used for a client authentication method, set the <code>client_authentication_methods</code> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <code>signed_request_object</code> property on the client.
+**Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
 </dd>
 </dl>
 </dd>
@@ -21960,15 +21954,10 @@ client.clients.credentials.update(
 <dl>
 <dd>
 
-Retrieve all connections that are enabled for the specified <a href="https://www.auth0.com/docs/get-started/applications"> Application</a>, using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
-<ul>
-  <li>
-    This endpoint requires the <code>read:connections</code> scope and any one of <code>read:clients</code> or <code>read:client_summary</code>.
-  </li>
-  <li>
-    <b>Note</b>: The first time you call this endpoint, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no further results are remaining.
-  </li>
-</ul>
+Retrieve all connections that are enabled for the specified [Application](https://www.auth0.com/docs/get-started/applications), using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
+
+- This endpoint requires the `read:connections` scope and any one of `read:clients` or `read:client_summary`.
+- **Note**: The first time you call this endpoint, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no further results are remaining.
 </dd>
 </dl>
 </dd>
@@ -24016,7 +24005,7 @@ client.connections.scim_configuration.tokens.delete(
 <dl>
 <dd>
 
-Retrieve details of the <a href="https://auth0.com/docs/customize/email/smtp-email-providers">email provider configuration</a> in your tenant. A list of fields to include or exclude may also be specified.
+Retrieve details of the [email provider configuration](https://auth0.com/docs/customize/email/smtp-email-providers) in your tenant. A list of fields to include or exclude may also be specified.
 </dd>
 </dl>
 </dd>
@@ -24098,48 +24087,31 @@ client.emails.provider.get(
 <dl>
 <dd>
 
-Create an <a href="https://auth0.com/docs/email/providers">email provider</a>. The <code>credentials</code> object
-requires different properties depending on the email provider (which is specified using the <code>name</code> property):
-<ul>
-  <li><code>mandrill</code> requires <code>api_key</code></li>
-  <li><code>sendgrid</code> requires <code>api_key</code></li>
-  <li>
-    <code>sparkpost</code> requires <code>api_key</code>. Optionally, set <code>region</code> to <code>eu</code> to use
-    the SparkPost service hosted in Western Europe; set to <code>null</code> to use the SparkPost service hosted in
-    North America. <code>eu</code> or <code>null</code> are the only valid values for <code>region</code>.
-  </li>
-  <li>
-    <code>mailgun</code> requires <code>api_key</code> and <code>domain</code>. Optionally, set <code>region</code> to
-    <code>eu</code> to use the Mailgun service hosted in Europe; set to <code>null</code> otherwise. <code>eu</code> or
-    <code>null</code> are the only valid values for <code>region</code>.
-  </li>
-  <li><code>ses</code> requires <code>accessKeyId</code>, <code>secretAccessKey</code>, and <code>region</code></li>
-  <li>
-    <code>smtp</code> requires <code>smtp_host</code>, <code>smtp_port</code>, <code>smtp_user</code>, and
-    <code>smtp_pass</code>
-  </li>
-</ul>
-Depending on the type of provider it is possible to specify <code>settings</code> object with different configuration
+Create an [email provider](https://auth0.com/docs/email/providers). The `credentials` object
+requires different properties depending on the email provider (which is specified using the `name` property):
+
+- `mandrill` requires `api_key`
+- `sendgrid` requires `api_key`
+- `sparkpost` requires `api_key`. Optionally, set `region` to `eu` to use
+    the SparkPost service hosted in Western Europe; set to `null` to use the SparkPost service hosted in
+    North America. `eu` or `null` are the only valid values for `region`.
+- `mailgun` requires `api_key` and `domain`. Optionally, set `region` to
+    `eu` to use the Mailgun service hosted in Europe; set to `null` otherwise. `eu` or
+    `null` are the only valid values for `region`.
+- `ses` requires `accessKeyId`, `secretAccessKey`, and `region`
+- `smtp` requires `smtp_host`, `smtp_port`, `smtp_user`, and
+    `smtp_pass`
+
+Depending on the type of provider it is possible to specify `settings` object with different configuration
 options, which will be used when sending an email:
-<ul>
-  <li>
-    <code>smtp</code> provider, <code>settings</code> may contain <code>headers</code> object.
-    <ul>
-      <li>
-        When using AWS SES SMTP host, you may provide a name of configuration set in
-        <code>X-SES-Configuration-Set</code> header. Value must be a string.
-      </li>
-      <li>
-        When using Sparkpost host, you may provide value for
-        <code>X-MSYS_API</code> header. Value must be an object.
-      </li>
-    </ul>
-  </li>
-  <li>
-    for <code>ses</code> provider, <code>settings</code> may contain <code>message</code> object, where you can provide
-    a name of configuration set in <code>configuration_set_name</code> property. Value must be a string.
-  </li>
-</ul>
+
+- `smtp` provider, `settings` may contain `headers` object.
+    - When using AWS SES SMTP host, you may provide a name of configuration set in
+      `X-SES-Configuration-Set` header. Value must be a string.
+    - When using Sparkpost host, you may provide value for
+      `X-MSYS_API` header. Value must be an object.
+- For `ses` provider, `settings` may contain `message` object, where you can provide
+  a name of configuration set in `configuration_set_name` property. Value must be a string.
 </dd>
 </dl>
 </dd>
@@ -24310,46 +24282,32 @@ client.emails.provider.delete()
 <dl>
 <dd>
 
-Update an <a href="https://auth0.com/docs/email/providers">email provider</a>. The <code>credentials</code> object
-requires different properties depending on the email provider (which is specified using the <code>name</code> property):
-<ul>
-  <li><code>mandrill</code> requires <code>api_key</code></li>
-  <li><code>sendgrid</code> requires <code>api_key</code></li>
-  <li>
-    <code>sparkpost</code> requires <code>api_key</code>. Optionally, set <code>region</code> to <code>eu</code> to use
-    the SparkPost service hosted in Western Europe; set to <code>null</code> to use the SparkPost service hosted in
-    North America. <code>eu</code> or <code>null</code> are the only valid values for <code>region</code>.
-  </li>
-  <li>
-    <code>mailgun</code> requires <code>api_key</code> and <code>domain</code>. Optionally, set <code>region</code> to
-    <code>eu</code> to use the Mailgun service hosted in Europe; set to <code>null</code> otherwise. <code>eu</code> or
-    <code>null</code> are the only valid values for <code>region</code>.
-  </li>
-  <li><code>ses</code> requires <code>accessKeyId</code>, <code>secretAccessKey</code>, and <code>region</code></li>
-  <li>
-    <code>smtp</code> requires <code>smtp_host</code>, <code>smtp_port</code>, <code>smtp_user</code>, and
-    <code>smtp_pass</code>
-  </li>
-</ul>
-Depending on the type of provider it is possible to specify <code>settings</code> object with different configuration
+Update an [email provider](https://auth0.com/docs/email/providers). The `credentials` object
+requires different properties depending on the email provider (which is specified using the `name` property):
+
+- `mandrill` requires `api_key`
+- `sendgrid` requires `api_key`
+- `sparkpost` requires `api_key`. Optionally, set `region` to `eu` to use
+    the SparkPost service hosted in Western Europe; set to `null` to use the SparkPost service hosted in
+    North America. `eu` or `null` are the only valid values for `region`.
+- `mailgun` requires `api_key` and `domain`. Optionally, set `region` to
+    `eu` to use the Mailgun service hosted in Europe; set to `null` otherwise. `eu` or
+    `null` are the only valid values for `region`.
+- `ses` requires `accessKeyId`, `secretAccessKey`, and `region`
+- `smtp` requires `smtp_host`, `smtp_port`, `smtp_user`, and
+    `smtp_pass`
+
+Depending on the type of provider it is possible to specify `settings` object with different configuration
 options, which will be used when sending an email:
-<ul>
-  <li>
-    <code>smtp</code> provider, <code>settings</code> may contain <code>headers</code> object.
-    <ul>
-      <li>
-        When using AWS SES SMTP host, you may provide a name of configuration set in
-        <code>X-SES-Configuration-Set</code> header. Value must be a string.
-      </li>
-      <li>
-        When using Sparkpost host, you may provide value for
-        <code>X-MSYS_API</code> header. Value must be an object.
-      </li>
-    </ul>
-    for <code>ses</code> provider, <code>settings</code> may contain <code>message</code> object, where you can provide
-    a name of configuration set in <code>configuration_set_name</code> property. Value must be a string.
-  </li>
-</ul>
+
+- `smtp` provider, `settings` may contain `headers` object.
+    - When using AWS SES SMTP host, you may provide a name of configuration set in
+      `X-SES-Configuration-Set` header. Value must be a string.
+    - When using Sparkpost host, you may provide value for
+      `X-MSYS_API` header. Value must be an object.
+
+  For `ses` provider, `settings` may contain `message` object, where you can provide
+  a name of configuration set in `configuration_set_name` property. Value must be a string.
 </dd>
 </dl>
 </dd>
@@ -25468,7 +25426,7 @@ client.groups.members.get(
 <dl>
 <dd>
 
-Lists the <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> assigned to a group.
+Lists the [roles](https://auth0.com/docs/manage-users/access-control/rbac) assigned to a group.
 </dd>
 </dl>
 </dd>
@@ -25559,7 +25517,7 @@ client.groups.roles.list(
 <dl>
 <dd>
 
-Assign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> to a specified group.
+Assign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) to a specified group.
 </dd>
 </dl>
 </dd>
@@ -25643,7 +25601,7 @@ client.groups.roles.create(
 <dl>
 <dd>
 
-Unassign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> from a specified group.
+Unassign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) from a specified group.
 </dd>
 </dl>
 </dd>
@@ -31235,7 +31193,7 @@ client.organizations.discovery_domains.get(
 <dl>
 <dd>
 
-Remove a discovery domain from an organization. This action cannot be undone. 
+Remove a discovery domain from an organization. This action cannot be undone.
 </dd>
 </dl>
 </dd>
@@ -31317,7 +31275,7 @@ client.organizations.discovery_domains.delete(
 <dl>
 <dd>
 
-Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The <code>status</code> field must be either <code>pending</code> or <code>verified</code>. The <code>use_for_organization_discovery</code> field can be <code>true</code> or <code>false</code> (default: <code>true</code>).
+Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The `status` field must be either `pending` or `verified`. The `use_for_organization_discovery` field can be `true` or `false` (default: `true`).
 </dd>
 </dl>
 </dd>
@@ -31518,7 +31476,7 @@ client.organizations.enabled_connections.list(
 
 Enable a specific connection for a given Organization. To enable a connection, it must already exist within your tenant; connections cannot be created through this action.
 
-<a href="https://auth0.com/docs/authenticate/identity-providers">Connections</a> represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
+[Connections](https://auth0.com/docs/authenticate/identity-providers) represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
 </dd>
 </dl>
 </dd>
@@ -31708,7 +31666,7 @@ client.organizations.enabled_connections.get(
 
 Disable a specific connection for an Organization. Once disabled, Organization members can no longer use that connection to authenticate. 
 
-<b>Note</b>: This action does not remove the connection from your tenant.
+**Note**: This action does not remove the connection from your tenant.
 </dd>
 </dl>
 </dd>
@@ -31897,7 +31855,7 @@ client.organizations.enabled_connections.update(
 <dl>
 <dd>
 
-Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</a>. 
+Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
 </dd>
 </dl>
 </dd>
@@ -32024,7 +31982,7 @@ client.organizations.invitations.list(
 <dl>
 <dd>
 
-Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</a>. 
+Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
 </dd>
 </dl>
 </dd>
@@ -32334,14 +32292,8 @@ client.organizations.invitations.delete(
 List organization members.
 This endpoint is subject to eventual consistency. New users may not be immediately included in the response and deleted users may not be immediately removed from it.
 
-<ul>
-  <li>
-    Use the <code>fields</code> parameter to optionally define the specific member details retrieved. If <code>fields</code> is left blank, all fields (except roles) are returned.
-  </li>
-  <li>
-    Member roles are not sent by default. Use <code>fields=roles</code> to retrieve the roles assigned to each listed member. To use this parameter, you must include the <code>read:organization_member_roles</code> scope in the token.
-  </li>
-</ul>
+- Use the `fields` parameter to optionally define the specific member details retrieved. If `fields` is left blank, all fields (except roles) are returned.
+- Member roles are not sent by default. Use `fields=roles` to retrieve the roles assigned to each listed member. To use this parameter, you must include the `read:organization_member_roles` scope in the token.
 
 This endpoint supports two types of pagination:
 
@@ -32350,9 +32302,9 @@ This endpoint supports two types of pagination:
 
 Checkpoint pagination must be used if you need to retrieve more than 1000 organization members.
 
-<h2>Checkpoint Pagination</h2>
+**Checkpoint Pagination**
 
-To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the <code>from</code> parameter. If there are more results, a <code>next</code> value will be included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, this indicates there are no more pages remaining.
+To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the `from` parameter. If there are more results, a `next` value will be included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, this indicates there are no more pages remaining.
 </dd>
 </dl>
 </dd>
@@ -32461,9 +32413,9 @@ client.organizations.members.list(
 <dl>
 <dd>
 
-Set one or more existing users as members of a specific <a href="https://auth0.com/docs/manage-users/organizations">Organization</a>.
+Set one or more existing users as members of a specific [Organization](https://auth0.com/docs/manage-users/organizations).
 
-To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">invite them to create an account</a>, manually create them through the Auth0 Dashboard, or use the Management API.
+To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can [invite them to create an account](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members), manually create them through the Auth0 Dashboard, or use the Management API.
 </dd>
 </dl>
 </dd>
@@ -33209,7 +33161,7 @@ client.organizations.members.roles.list(
 <dl>
 <dd>
 
-Assign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> to a user to determine their access for a specific Organization.
+Assign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) to a user to determine their access for a specific Organization.
 
 Users can be members of multiple Organizations with unique roles assigned for each membership. This action assigns roles to a user only for the specified Organization. Roles cannot be assigned to a user across multiple Organizations in the same call.
 </dd>
@@ -33304,7 +33256,7 @@ client.organizations.members.roles.assign(
 <dl>
 <dd>
 
-Remove one or more Organization-specific <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> from a given user.
+Remove one or more Organization-specific [roles](https://auth0.com/docs/manage-users/access-control/rbac) from a given user.
 
 Users can be members of multiple Organizations with unique roles assigned for each membership. This action removes roles from a user in relation to the specified Organization. Roles assigned to the user within a different Organization cannot be managed in the same call.
 </dd>
@@ -35930,6 +35882,14 @@ client.tenants.settings.update()
 <dl>
 <dd>
 
+**session_lifetime_in_minutes:** `typing.Optional[int]` — Number of minutes a session will stay valid. Cannot be specified together with `session_lifetime`.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
 **idle_session_lifetime:** `typing.Optional[int]` — Number of hours for which a session can be inactive before the user must log in again.
     
 </dd>
@@ -35938,6 +35898,14 @@ client.tenants.settings.update()
 <dl>
 <dd>
 
+**idle_session_lifetime_in_minutes:** `typing.Optional[int]` — Number of minutes a session can be inactive before the user must log in again. Cannot be specified together with `idle_session_lifetime`.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
 **ephemeral_session_lifetime:** `typing.Optional[int]` — Number of hours an ephemeral (non-persistent) session will stay valid.
     
 </dd>
@@ -35954,6 +35922,22 @@ client.tenants.settings.update()
 <dl>
 <dd>
 
+**ephemeral_session_lifetime_in_minutes:** `typing.Optional[int]` — Number of minutes an ephemeral (non-persistent) session will stay valid. Cannot be specified together with `ephemeral_session_lifetime`.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
+**idle_ephemeral_session_lifetime_in_minutes:** `typing.Optional[int]` — Number of minutes an ephemeral (non-persistent) session can be inactive before the user must log in again. Cannot be specified together with `idle_ephemeral_session_lifetime`.
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
 **sandbox_version:** `typing.Optional[str]` — Selected sandbox version for the extensibility environment
     
 </dd>
@@ -35986,6 +35970,14 @@ client.tenants.settings.update()
 <dl>
 <dd>
 
+**security_headers:** `typing.Optional[TenantSettingsNullableSecurityHeaders]` 
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
 **session_cookie:** `typing.Optional[SessionCookieSchema]` 
     
 </dd>
@@ -36102,6 +36094,14 @@ See https://auth0.com/docs/secure/security-guidance/measures-against-app-imperso
 <dl>
 <dd>
 
+**include_session_metadata_in_tenant_logs:** `typing.Optional[bool]` — Whether session metadata is included in specific tenant logs (slo, oidc_backchannel_logout_failed, oidc_backchannel_logout_succeeded).
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
 **dynamic_client_registration_security_mode:** `typing.Optional[TenantSettingsDynamicClientRegistrationSecurityMode]` 
     
 </dd>
@@ -36110,6 +36110,14 @@ See https://auth0.com/docs/secure/security-guidance/measures-against-app-imperso
 <dl>
 <dd>
 
+**country_codes:** `typing.Optional[TenantSettingsCountryCodes]` 
+    
+</dd>
+</dl>
+
+<dl>
+<dd>
+
 **request_options:** `typing.Optional[RequestOptions]` — Request-specific configuration.
     
 </dd>
diff --git a/src/auth0/management/__init__.py b/src/auth0/management/__init__.py
index 46ef6942..46d8ec2b 100644
--- a/src/auth0/management/__init__.py
+++ b/src/auth0/management/__init__.py
@@ -96,12 +96,7 @@
         BotDetectionMonitoringModeEnabled,
         BrandingColors,
         BrandingFont,
-        BrandingIdentifiers,
-        BrandingLoginDisplayEnum,
         BrandingPageBackground,
-        BrandingPhoneDisplay,
-        BrandingPhoneFormattingEnum,
-        BrandingPhoneMaskingEnum,
         BrandingThemeBorders,
         BrandingThemeBordersButtonsStyleEnum,
         BrandingThemeBordersInputsStyleEnum,
@@ -406,6 +401,7 @@
         ConnectionId,
         ConnectionIdTokenEncryptionAlgValuesSupported,
         ConnectionIdTokenEncryptionEncValuesSupported,
+        ConnectionIdTokenSessionExpirySupported,
         ConnectionIdTokenSignedResponseAlgEnum,
         ConnectionIdTokenSignedResponseAlgs,
         ConnectionIdTokenSigningAlgValuesSupported,
@@ -762,6 +758,7 @@
         ConnectionWaadProtocol,
         ConnectionWaadProtocolEnumAzureAd,
         ConnectionsMetadata,
+        ContentSecurityPolicyConfig,
         CreateActionModuleResponseContent,
         CreateActionModuleVersionResponseContent,
         CreateActionResponseContent,
@@ -1018,6 +1015,18 @@
         CreatedUserAuthenticationMethodTypeEnum,
         CredentialDeviceTypeEnum,
         CredentialId,
+        CspDirectives,
+        CspFlag,
+        CspFlags,
+        CspPolicies,
+        CspPolicy,
+        CspPolicyMode,
+        CspPolicyReporting,
+        CspReportTo,
+        CspReportToEndpoint,
+        CspReportToEndpoints,
+        CspReportingEndpoints,
+        CspReportingInfrastructure,
         CustomDomain,
         CustomDomainCustomClientIpHeader,
         CustomDomainCustomClientIpHeaderEnum,
@@ -2504,6 +2513,10 @@
         SynchronizeGroupsEnum,
         SynchronizedGroupPayload,
         TenantOidcLogoutSettings,
+        TenantSettingsCountryCodes,
+        TenantSettingsCountryCodesMode,
+        TenantSettingsCountryCodesModeResponse,
+        TenantSettingsCountryCodesResponse,
         TenantSettingsDeviceFlow,
         TenantSettingsDeviceFlowCharset,
         TenantSettingsDynamicClientRegistrationSecurityMode,
@@ -2511,6 +2524,7 @@
         TenantSettingsFlags,
         TenantSettingsGuardianPage,
         TenantSettingsMtls,
+        TenantSettingsNullableSecurityHeaders,
         TenantSettingsPasswordPage,
         TenantSettingsResourceParameterProfile,
         TenantSettingsSessions,
@@ -2541,12 +2555,7 @@
         UpdateBotDetectionSettingsResponseContent,
         UpdateBrandingColors,
         UpdateBrandingFont,
-        UpdateBrandingIdentifiers,
-        UpdateBrandingLoginDisplayEnum,
         UpdateBrandingPageBackground,
-        UpdateBrandingPhoneDisplay,
-        UpdateBrandingPhoneFormattingEnum,
-        UpdateBrandingPhoneMaskingEnum,
         UpdateBrandingPhoneProviderResponseContent,
         UpdateBrandingResponseContent,
         UpdateBrandingThemeResponseContent,
@@ -2716,6 +2725,8 @@
         VerifyEmailTicketResponseContent,
         X509CertificateCredential,
         X509CertificateCredentialTypeEnum,
+        XssProtectionConfig,
+        XssProtectionMode,
     )
     from .errors import (
         BadRequestError,
@@ -2783,8 +2794,6 @@
     from .environment import Auth0Environment
     from .event_streams import EventStreamsCreateRequest
     from .version import __version__
-    from .management_client import AsyncManagementClient, CustomDomainHeader, ManagementClient
-    from .token_provider import AsyncTokenProvider, TokenProvider
 _dynamic_imports: typing.Dict[str, str] = {
     "Action": ".types",
     "ActionBase": ".types",
@@ -2845,8 +2854,6 @@
     "AssociateOrganizationClientGrantResponseContent": ".types",
     "AsyncApprovalNotificationsChannelsEnum": ".types",
     "AsyncAuth0": ".client",
-    "AsyncManagementClient": ".management_client",
-    "AsyncTokenProvider": ".token_provider",
     "AttackProtectionCaptchaArkoseResponseContent": ".types",
     "AttackProtectionCaptchaAuthChallengeRequest": ".types",
     "AttackProtectionCaptchaAuthChallengeResponseContent": ".types",
@@ -2881,12 +2888,7 @@
     "BotDetectionMonitoringModeEnabled": ".types",
     "BrandingColors": ".types",
     "BrandingFont": ".types",
-    "BrandingIdentifiers": ".types",
-    "BrandingLoginDisplayEnum": ".types",
     "BrandingPageBackground": ".types",
-    "BrandingPhoneDisplay": ".types",
-    "BrandingPhoneFormattingEnum": ".types",
-    "BrandingPhoneMaskingEnum": ".types",
     "BrandingThemeBorders": ".types",
     "BrandingThemeBordersButtonsStyleEnum": ".types",
     "BrandingThemeBordersInputsStyleEnum": ".types",
@@ -3192,6 +3194,7 @@
     "ConnectionId": ".types",
     "ConnectionIdTokenEncryptionAlgValuesSupported": ".types",
     "ConnectionIdTokenEncryptionEncValuesSupported": ".types",
+    "ConnectionIdTokenSessionExpirySupported": ".types",
     "ConnectionIdTokenSignedResponseAlgEnum": ".types",
     "ConnectionIdTokenSignedResponseAlgs": ".types",
     "ConnectionIdTokenSigningAlgValuesSupported": ".types",
@@ -3548,6 +3551,7 @@
     "ConnectionWaadProtocol": ".types",
     "ConnectionWaadProtocolEnumAzureAd": ".types",
     "ConnectionsMetadata": ".types",
+    "ContentSecurityPolicyConfig": ".types",
     "ContentTooLargeError": ".errors",
     "CreateActionModuleResponseContent": ".types",
     "CreateActionModuleVersionResponseContent": ".types",
@@ -3805,8 +3809,19 @@
     "CreatedUserAuthenticationMethodTypeEnum": ".types",
     "CredentialDeviceTypeEnum": ".types",
     "CredentialId": ".types",
+    "CspDirectives": ".types",
+    "CspFlag": ".types",
+    "CspFlags": ".types",
+    "CspPolicies": ".types",
+    "CspPolicy": ".types",
+    "CspPolicyMode": ".types",
+    "CspPolicyReporting": ".types",
+    "CspReportTo": ".types",
+    "CspReportToEndpoint": ".types",
+    "CspReportToEndpoints": ".types",
+    "CspReportingEndpoints": ".types",
+    "CspReportingInfrastructure": ".types",
     "CustomDomain": ".types",
-    "CustomDomainHeader": ".management_client",
     "CustomDomainCustomClientIpHeader": ".types",
     "CustomDomainCustomClientIpHeaderEnum": ".types",
     "CustomDomainProvisioningTypeEnum": ".types",
@@ -5078,7 +5093,6 @@
     "LogStreamSumoEnum": ".types",
     "LogStreamSumoResponseSchema": ".types",
     "LogStreamSumoSink": ".types",
-    "ManagementClient": ".management_client",
     "MdlPresentationProperties": ".types",
     "MdlPresentationRequest": ".types",
     "MdlPresentationRequestProperties": ".types",
@@ -5303,6 +5317,10 @@
     "SynchronizeGroupsEnum": ".types",
     "SynchronizedGroupPayload": ".types",
     "TenantOidcLogoutSettings": ".types",
+    "TenantSettingsCountryCodes": ".types",
+    "TenantSettingsCountryCodesMode": ".types",
+    "TenantSettingsCountryCodesModeResponse": ".types",
+    "TenantSettingsCountryCodesResponse": ".types",
     "TenantSettingsDeviceFlow": ".types",
     "TenantSettingsDeviceFlowCharset": ".types",
     "TenantSettingsDynamicClientRegistrationSecurityMode": ".types",
@@ -5310,6 +5328,7 @@
     "TenantSettingsFlags": ".types",
     "TenantSettingsGuardianPage": ".types",
     "TenantSettingsMtls": ".types",
+    "TenantSettingsNullableSecurityHeaders": ".types",
     "TenantSettingsPasswordPage": ".types",
     "TenantSettingsResourceParameterProfile": ".types",
     "TenantSettingsSessions": ".types",
@@ -5324,7 +5343,6 @@
     "TokenQuota": ".types",
     "TokenQuotaClientCredentials": ".types",
     "TokenQuotaConfiguration": ".types",
-    "TokenProvider": ".token_provider",
     "TooManyRequestsError": ".errors",
     "TooManyRequestsSchema": ".types",
     "TooManyRequestsSchemaError": ".types",
@@ -5343,12 +5361,7 @@
     "UpdateBotDetectionSettingsResponseContent": ".types",
     "UpdateBrandingColors": ".types",
     "UpdateBrandingFont": ".types",
-    "UpdateBrandingIdentifiers": ".types",
-    "UpdateBrandingLoginDisplayEnum": ".types",
     "UpdateBrandingPageBackground": ".types",
-    "UpdateBrandingPhoneDisplay": ".types",
-    "UpdateBrandingPhoneFormattingEnum": ".types",
-    "UpdateBrandingPhoneMaskingEnum": ".types",
     "UpdateBrandingPhoneProviderResponseContent": ".types",
     "UpdateBrandingResponseContent": ".types",
     "UpdateBrandingThemeResponseContent": ".types",
@@ -5518,6 +5531,8 @@
     "VerifyEmailTicketResponseContent": ".types",
     "X509CertificateCredential": ".types",
     "X509CertificateCredentialTypeEnum": ".types",
+    "XssProtectionConfig": ".types",
+    "XssProtectionMode": ".types",
     "__version__": ".version",
     "actions": ".actions",
     "anomaly": ".anomaly",
@@ -5648,8 +5663,6 @@ def __dir__():
     "AssociateOrganizationClientGrantResponseContent",
     "AsyncApprovalNotificationsChannelsEnum",
     "AsyncAuth0",
-    "AsyncManagementClient",
-    "AsyncTokenProvider",
     "AttackProtectionCaptchaArkoseResponseContent",
     "AttackProtectionCaptchaAuthChallengeRequest",
     "AttackProtectionCaptchaAuthChallengeResponseContent",
@@ -5684,12 +5697,7 @@ def __dir__():
     "BotDetectionMonitoringModeEnabled",
     "BrandingColors",
     "BrandingFont",
-    "BrandingIdentifiers",
-    "BrandingLoginDisplayEnum",
     "BrandingPageBackground",
-    "BrandingPhoneDisplay",
-    "BrandingPhoneFormattingEnum",
-    "BrandingPhoneMaskingEnum",
     "BrandingThemeBorders",
     "BrandingThemeBordersButtonsStyleEnum",
     "BrandingThemeBordersInputsStyleEnum",
@@ -5995,6 +6003,7 @@ def __dir__():
     "ConnectionId",
     "ConnectionIdTokenEncryptionAlgValuesSupported",
     "ConnectionIdTokenEncryptionEncValuesSupported",
+    "ConnectionIdTokenSessionExpirySupported",
     "ConnectionIdTokenSignedResponseAlgEnum",
     "ConnectionIdTokenSignedResponseAlgs",
     "ConnectionIdTokenSigningAlgValuesSupported",
@@ -6351,6 +6360,7 @@ def __dir__():
     "ConnectionWaadProtocol",
     "ConnectionWaadProtocolEnumAzureAd",
     "ConnectionsMetadata",
+    "ContentSecurityPolicyConfig",
     "ContentTooLargeError",
     "CreateActionModuleResponseContent",
     "CreateActionModuleVersionResponseContent",
@@ -6608,6 +6618,18 @@ def __dir__():
     "CreatedUserAuthenticationMethodTypeEnum",
     "CredentialDeviceTypeEnum",
     "CredentialId",
+    "CspDirectives",
+    "CspFlag",
+    "CspFlags",
+    "CspPolicies",
+    "CspPolicy",
+    "CspPolicyMode",
+    "CspPolicyReporting",
+    "CspReportTo",
+    "CspReportToEndpoint",
+    "CspReportToEndpoints",
+    "CspReportingEndpoints",
+    "CspReportingInfrastructure",
     "CustomDomain",
     "CustomDomainCustomClientIpHeader",
     "CustomDomainCustomClientIpHeaderEnum",
@@ -7880,7 +7902,6 @@ def __dir__():
     "LogStreamSumoEnum",
     "LogStreamSumoResponseSchema",
     "LogStreamSumoSink",
-    "ManagementClient",
     "MdlPresentationProperties",
     "MdlPresentationRequest",
     "MdlPresentationRequestProperties",
@@ -8105,6 +8126,10 @@ def __dir__():
     "SynchronizeGroupsEnum",
     "SynchronizedGroupPayload",
     "TenantOidcLogoutSettings",
+    "TenantSettingsCountryCodes",
+    "TenantSettingsCountryCodesMode",
+    "TenantSettingsCountryCodesModeResponse",
+    "TenantSettingsCountryCodesResponse",
     "TenantSettingsDeviceFlow",
     "TenantSettingsDeviceFlowCharset",
     "TenantSettingsDynamicClientRegistrationSecurityMode",
@@ -8112,6 +8137,7 @@ def __dir__():
     "TenantSettingsFlags",
     "TenantSettingsGuardianPage",
     "TenantSettingsMtls",
+    "TenantSettingsNullableSecurityHeaders",
     "TenantSettingsPasswordPage",
     "TenantSettingsResourceParameterProfile",
     "TenantSettingsSessions",
@@ -8123,7 +8149,6 @@ def __dir__():
     "TestEventDataContent",
     "TokenExchangeProfileResponseContent",
     "TokenExchangeProfileTypeEnum",
-    "TokenProvider",
     "TokenQuota",
     "TokenQuotaClientCredentials",
     "TokenQuotaConfiguration",
@@ -8145,12 +8170,7 @@ def __dir__():
     "UpdateBotDetectionSettingsResponseContent",
     "UpdateBrandingColors",
     "UpdateBrandingFont",
-    "UpdateBrandingIdentifiers",
-    "UpdateBrandingLoginDisplayEnum",
     "UpdateBrandingPageBackground",
-    "UpdateBrandingPhoneDisplay",
-    "UpdateBrandingPhoneFormattingEnum",
-    "UpdateBrandingPhoneMaskingEnum",
     "UpdateBrandingPhoneProviderResponseContent",
     "UpdateBrandingResponseContent",
     "UpdateBrandingThemeResponseContent",
@@ -8320,6 +8340,8 @@ def __dir__():
     "VerifyEmailTicketResponseContent",
     "X509CertificateCredential",
     "X509CertificateCredentialTypeEnum",
+    "XssProtectionConfig",
+    "XssProtectionMode",
     "__version__",
     "actions",
     "anomaly",
diff --git a/src/auth0/management/branding/client.py b/src/auth0/management/branding/client.py
index 448cc786..e1f5fd04 100644
--- a/src/auth0/management/branding/client.py
+++ b/src/auth0/management/branding/client.py
@@ -9,7 +9,6 @@
 from ..types.get_branding_response_content import GetBrandingResponseContent
 from ..types.update_branding_colors import UpdateBrandingColors
 from ..types.update_branding_font import UpdateBrandingFont
-from ..types.update_branding_identifiers import UpdateBrandingIdentifiers
 from ..types.update_branding_response_content import UpdateBrandingResponseContent
 from .raw_client import AsyncRawBrandingClient, RawBrandingClient
 
@@ -72,7 +71,6 @@ def update(
         colors: typing.Optional[UpdateBrandingColors] = OMIT,
         favicon_url: typing.Optional[str] = OMIT,
         logo_url: typing.Optional[str] = OMIT,
-        identifiers: typing.Optional[UpdateBrandingIdentifiers] = OMIT,
         font: typing.Optional[UpdateBrandingFont] = OMIT,
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateBrandingResponseContent:
@@ -89,8 +87,6 @@ def update(
         logo_url : typing.Optional[str]
             URL for the logo. Must use HTTPS.
 
-        identifiers : typing.Optional[UpdateBrandingIdentifiers]
-
         font : typing.Optional[UpdateBrandingFont]
 
         request_options : typing.Optional[RequestOptions]
@@ -111,12 +107,7 @@ def update(
         client.branding.update()
         """
         _response = self._raw_client.update(
-            colors=colors,
-            favicon_url=favicon_url,
-            logo_url=logo_url,
-            identifiers=identifiers,
-            font=font,
-            request_options=request_options,
+            colors=colors, favicon_url=favicon_url, logo_url=logo_url, font=font, request_options=request_options
         )
         return _response.data
 
@@ -204,7 +195,6 @@ async def update(
         colors: typing.Optional[UpdateBrandingColors] = OMIT,
         favicon_url: typing.Optional[str] = OMIT,
         logo_url: typing.Optional[str] = OMIT,
-        identifiers: typing.Optional[UpdateBrandingIdentifiers] = OMIT,
         font: typing.Optional[UpdateBrandingFont] = OMIT,
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateBrandingResponseContent:
@@ -221,8 +211,6 @@ async def update(
         logo_url : typing.Optional[str]
             URL for the logo. Must use HTTPS.
 
-        identifiers : typing.Optional[UpdateBrandingIdentifiers]
-
         font : typing.Optional[UpdateBrandingFont]
 
         request_options : typing.Optional[RequestOptions]
@@ -251,12 +239,7 @@ async def main() -> None:
         asyncio.run(main())
         """
         _response = await self._raw_client.update(
-            colors=colors,
-            favicon_url=favicon_url,
-            logo_url=logo_url,
-            identifiers=identifiers,
-            font=font,
-            request_options=request_options,
+            colors=colors, favicon_url=favicon_url, logo_url=logo_url, font=font, request_options=request_options
         )
         return _response.data
 
diff --git a/src/auth0/management/branding/phone/providers/client.py b/src/auth0/management/branding/phone/providers/client.py
index e81ac998..57d85aac 100644
--- a/src/auth0/management/branding/phone/providers/client.py
+++ b/src/auth0/management/branding/phone/providers/client.py
@@ -38,7 +38,7 @@ def list(
         self, *, disabled: typing.Optional[bool] = None, request_options: typing.Optional[RequestOptions] = None
     ) -> ListBrandingPhoneProvidersResponseContent:
         """
-        Retrieve a list of <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone providers</a> details set for a Tenant. A list of fields to include or exclude may also be specified.
+        Retrieve a list of [phone providers](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers) details set for a Tenant. A list of fields to include or exclude may also be specified.
 
         Parameters
         ----------
@@ -77,8 +77,8 @@ def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreateBrandingPhoneProviderResponseContent:
         """
-        Create a <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a>.
-        The <code>credentials</code> object requires different properties depending on the phone provider (which is specified using the <code>name</code> property).
+        Create a [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers).
+        The `credentials` object requires different properties depending on the phone provider (which is specified using the `name` property).
 
         Parameters
         ----------
@@ -126,7 +126,7 @@ def get(
         self, id: str, *, request_options: typing.Optional[RequestOptions] = None
     ) -> GetBrandingPhoneProviderResponseContent:
         """
-        Retrieve <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a> details. A list of fields to include or exclude may also be specified.
+        Retrieve [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers) details. A list of fields to include or exclude may also be specified.
 
         Parameters
         ----------
@@ -194,8 +194,8 @@ def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateBrandingPhoneProviderResponseContent:
         """
-        Update a <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a>.
-        The <code>credentials</code> object requires different properties depending on the phone provider (which is specified using the <code>name</code> property).
+        Update a [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers).
+        The `credentials` object requires different properties depending on the phone provider (which is specified using the `name` property).
 
         Parameters
         ----------
@@ -300,7 +300,7 @@ async def list(
         self, *, disabled: typing.Optional[bool] = None, request_options: typing.Optional[RequestOptions] = None
     ) -> ListBrandingPhoneProvidersResponseContent:
         """
-        Retrieve a list of <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone providers</a> details set for a Tenant. A list of fields to include or exclude may also be specified.
+        Retrieve a list of [phone providers](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers) details set for a Tenant. A list of fields to include or exclude may also be specified.
 
         Parameters
         ----------
@@ -347,8 +347,8 @@ async def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreateBrandingPhoneProviderResponseContent:
         """
-        Create a <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a>.
-        The <code>credentials</code> object requires different properties depending on the phone provider (which is specified using the <code>name</code> property).
+        Create a [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers).
+        The `credentials` object requires different properties depending on the phone provider (which is specified using the `name` property).
 
         Parameters
         ----------
@@ -404,7 +404,7 @@ async def get(
         self, id: str, *, request_options: typing.Optional[RequestOptions] = None
     ) -> GetBrandingPhoneProviderResponseContent:
         """
-        Retrieve <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a> details. A list of fields to include or exclude may also be specified.
+        Retrieve [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers) details. A list of fields to include or exclude may also be specified.
 
         Parameters
         ----------
@@ -488,8 +488,8 @@ async def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateBrandingPhoneProviderResponseContent:
         """
-        Update a <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a>.
-        The <code>credentials</code> object requires different properties depending on the phone provider (which is specified using the <code>name</code> property).
+        Update a [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers).
+        The `credentials` object requires different properties depending on the phone provider (which is specified using the `name` property).
 
         Parameters
         ----------
diff --git a/src/auth0/management/branding/phone/providers/raw_client.py b/src/auth0/management/branding/phone/providers/raw_client.py
index 9e5ce4df..209ca430 100644
--- a/src/auth0/management/branding/phone/providers/raw_client.py
+++ b/src/auth0/management/branding/phone/providers/raw_client.py
@@ -40,7 +40,7 @@ def list(
         self, *, disabled: typing.Optional[bool] = None, request_options: typing.Optional[RequestOptions] = None
     ) -> HttpResponse[ListBrandingPhoneProvidersResponseContent]:
         """
-        Retrieve a list of <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone providers</a> details set for a Tenant. A list of fields to include or exclude may also be specified.
+        Retrieve a list of [phone providers](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers) details set for a Tenant. A list of fields to include or exclude may also be specified.
 
         Parameters
         ----------
@@ -136,8 +136,8 @@ def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[CreateBrandingPhoneProviderResponseContent]:
         """
-        Create a <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a>.
-        The <code>credentials</code> object requires different properties depending on the phone provider (which is specified using the <code>name</code> property).
+        Create a [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers).
+        The `credentials` object requires different properties depending on the phone provider (which is specified using the `name` property).
 
         Parameters
         ----------
@@ -255,7 +255,7 @@ def get(
         self, id: str, *, request_options: typing.Optional[RequestOptions] = None
     ) -> HttpResponse[GetBrandingPhoneProviderResponseContent]:
         """
-        Retrieve <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a> details. A list of fields to include or exclude may also be specified.
+        Retrieve [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers) details. A list of fields to include or exclude may also be specified.
 
         Parameters
         ----------
@@ -435,8 +435,8 @@ def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[UpdateBrandingPhoneProviderResponseContent]:
         """
-        Update a <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a>.
-        The <code>credentials</code> object requires different properties depending on the phone provider (which is specified using the <code>name</code> property).
+        Update a [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers).
+        The `credentials` object requires different properties depending on the phone provider (which is specified using the `name` property).
 
         Parameters
         ----------
@@ -696,7 +696,7 @@ async def list(
         self, *, disabled: typing.Optional[bool] = None, request_options: typing.Optional[RequestOptions] = None
     ) -> AsyncHttpResponse[ListBrandingPhoneProvidersResponseContent]:
         """
-        Retrieve a list of <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone providers</a> details set for a Tenant. A list of fields to include or exclude may also be specified.
+        Retrieve a list of [phone providers](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers) details set for a Tenant. A list of fields to include or exclude may also be specified.
 
         Parameters
         ----------
@@ -792,8 +792,8 @@ async def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[CreateBrandingPhoneProviderResponseContent]:
         """
-        Create a <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a>.
-        The <code>credentials</code> object requires different properties depending on the phone provider (which is specified using the <code>name</code> property).
+        Create a [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers).
+        The `credentials` object requires different properties depending on the phone provider (which is specified using the `name` property).
 
         Parameters
         ----------
@@ -911,7 +911,7 @@ async def get(
         self, id: str, *, request_options: typing.Optional[RequestOptions] = None
     ) -> AsyncHttpResponse[GetBrandingPhoneProviderResponseContent]:
         """
-        Retrieve <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a> details. A list of fields to include or exclude may also be specified.
+        Retrieve [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers) details. A list of fields to include or exclude may also be specified.
 
         Parameters
         ----------
@@ -1093,8 +1093,8 @@ async def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[UpdateBrandingPhoneProviderResponseContent]:
         """
-        Update a <a href="https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers">phone provider</a>.
-        The <code>credentials</code> object requires different properties depending on the phone provider (which is specified using the <code>name</code> property).
+        Update a [phone provider](https://auth0.com/docs/customize/phone-messages/configure-phone-messaging-providers).
+        The `credentials` object requires different properties depending on the phone provider (which is specified using the `name` property).
 
         Parameters
         ----------
diff --git a/src/auth0/management/branding/raw_client.py b/src/auth0/management/branding/raw_client.py
index 046b7c53..1e650c65 100644
--- a/src/auth0/management/branding/raw_client.py
+++ b/src/auth0/management/branding/raw_client.py
@@ -17,7 +17,6 @@
 from ..types.get_branding_response_content import GetBrandingResponseContent
 from ..types.update_branding_colors import UpdateBrandingColors
 from ..types.update_branding_font import UpdateBrandingFont
-from ..types.update_branding_identifiers import UpdateBrandingIdentifiers
 from ..types.update_branding_response_content import UpdateBrandingResponseContent
 from pydantic import ValidationError
 
@@ -108,7 +107,6 @@ def update(
         colors: typing.Optional[UpdateBrandingColors] = OMIT,
         favicon_url: typing.Optional[str] = OMIT,
         logo_url: typing.Optional[str] = OMIT,
-        identifiers: typing.Optional[UpdateBrandingIdentifiers] = OMIT,
         font: typing.Optional[UpdateBrandingFont] = OMIT,
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[UpdateBrandingResponseContent]:
@@ -125,8 +123,6 @@ def update(
         logo_url : typing.Optional[str]
             URL for the logo. Must use HTTPS.
 
-        identifiers : typing.Optional[UpdateBrandingIdentifiers]
-
         font : typing.Optional[UpdateBrandingFont]
 
         request_options : typing.Optional[RequestOptions]
@@ -146,9 +142,6 @@ def update(
                 ),
                 "favicon_url": favicon_url,
                 "logo_url": logo_url,
-                "identifiers": convert_and_respect_annotation_metadata(
-                    object_=identifiers, annotation=typing.Optional[UpdateBrandingIdentifiers], direction="write"
-                ),
                 "font": convert_and_respect_annotation_metadata(
                     object_=font, annotation=typing.Optional[UpdateBrandingFont], direction="write"
                 ),
@@ -306,7 +299,6 @@ async def update(
         colors: typing.Optional[UpdateBrandingColors] = OMIT,
         favicon_url: typing.Optional[str] = OMIT,
         logo_url: typing.Optional[str] = OMIT,
-        identifiers: typing.Optional[UpdateBrandingIdentifiers] = OMIT,
         font: typing.Optional[UpdateBrandingFont] = OMIT,
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[UpdateBrandingResponseContent]:
@@ -323,8 +315,6 @@ async def update(
         logo_url : typing.Optional[str]
             URL for the logo. Must use HTTPS.
 
-        identifiers : typing.Optional[UpdateBrandingIdentifiers]
-
         font : typing.Optional[UpdateBrandingFont]
 
         request_options : typing.Optional[RequestOptions]
@@ -344,9 +334,6 @@ async def update(
                 ),
                 "favicon_url": favicon_url,
                 "logo_url": logo_url,
-                "identifiers": convert_and_respect_annotation_metadata(
-                    object_=identifiers, annotation=typing.Optional[UpdateBrandingIdentifiers], direction="write"
-                ),
                 "font": convert_and_respect_annotation_metadata(
                     object_=font, annotation=typing.Optional[UpdateBrandingFont], direction="write"
                 ),
diff --git a/src/auth0/management/client_grants/client.py b/src/auth0/management/client_grants/client.py
index daf31432..0cca5438 100644
--- a/src/auth0/management/client_grants/client.py
+++ b/src/auth0/management/client_grants/client.py
@@ -55,7 +55,7 @@ def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> SyncPager[ClientGrantResponseContent, ListClientGrantPaginatedResponseContent]:
         """
-        Retrieve a list of <a href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grants</a>, including the scopes associated with the application/API pair.
+        Retrieve a list of [client grants](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the scopes associated with the application/API pair.
 
         Parameters
         ----------
@@ -136,7 +136,7 @@ def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreateClientGrantResponseContent:
         """
-        Create a client grant for a machine-to-machine login flow. To learn more, read <a href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</a>.
+        Create a client grant for a machine-to-machine login flow. To learn more, read [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow).
 
         Parameters
         ----------
@@ -199,7 +199,7 @@ def create(
 
     def get(self, id: str, *, request_options: typing.Optional[RequestOptions] = None) -> GetClientGrantResponseContent:
         """
-        Retrieve a single <a href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grant</a>, including the
+        Retrieve a single [client grant](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the
         scopes associated with the application/API pair.
 
         Parameters
@@ -231,7 +231,7 @@ def get(self, id: str, *, request_options: typing.Optional[RequestOptions] = Non
 
     def delete(self, id: str, *, request_options: typing.Optional[RequestOptions] = None) -> None:
         """
-        Delete the <a href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</a> from your machine-to-machine application.
+        Delete the [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow) from your machine-to-machine application.
 
         Parameters
         ----------
@@ -361,7 +361,7 @@ async def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncPager[ClientGrantResponseContent, ListClientGrantPaginatedResponseContent]:
         """
-        Retrieve a list of <a href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grants</a>, including the scopes associated with the application/API pair.
+        Retrieve a list of [client grants](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the scopes associated with the application/API pair.
 
         Parameters
         ----------
@@ -451,7 +451,7 @@ async def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreateClientGrantResponseContent:
         """
-        Create a client grant for a machine-to-machine login flow. To learn more, read <a href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</a>.
+        Create a client grant for a machine-to-machine login flow. To learn more, read [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow).
 
         Parameters
         ----------
@@ -524,7 +524,7 @@ async def get(
         self, id: str, *, request_options: typing.Optional[RequestOptions] = None
     ) -> GetClientGrantResponseContent:
         """
-        Retrieve a single <a href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grant</a>, including the
+        Retrieve a single [client grant](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the
         scopes associated with the application/API pair.
 
         Parameters
@@ -564,7 +564,7 @@ async def main() -> None:
 
     async def delete(self, id: str, *, request_options: typing.Optional[RequestOptions] = None) -> None:
         """
-        Delete the <a href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</a> from your machine-to-machine application.
+        Delete the [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow) from your machine-to-machine application.
 
         Parameters
         ----------
diff --git a/src/auth0/management/client_grants/organizations/raw_client.py b/src/auth0/management/client_grants/organizations/raw_client.py
index 3b5126f3..92dcd42b 100644
--- a/src/auth0/management/client_grants/organizations/raw_client.py
+++ b/src/auth0/management/client_grants/organizations/raw_client.py
@@ -12,6 +12,7 @@
 from ...core.request_options import RequestOptions
 from ...errors.bad_request_error import BadRequestError
 from ...errors.forbidden_error import ForbiddenError
+from ...errors.not_found_error import NotFoundError
 from ...errors.too_many_requests_error import TooManyRequestsError
 from ...errors.unauthorized_error import UnauthorizedError
 from ...types.list_client_grant_organizations_paginated_response_content import (
@@ -114,6 +115,17 @@ def list(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -231,6 +243,17 @@ async def _get_next():
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/client_grants/raw_client.py b/src/auth0/management/client_grants/raw_client.py
index 94c53b0e..fc8bfe10 100644
--- a/src/auth0/management/client_grants/raw_client.py
+++ b/src/auth0/management/client_grants/raw_client.py
@@ -50,7 +50,7 @@ def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> SyncPager[ClientGrantResponseContent, ListClientGrantPaginatedResponseContent]:
         """
-        Retrieve a list of <a href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grants</a>, including the scopes associated with the application/API pair.
+        Retrieve a list of [client grants](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the scopes associated with the application/API pair.
 
         Parameters
         ----------
@@ -177,7 +177,7 @@ def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[CreateClientGrantResponseContent]:
         """
-        Create a client grant for a machine-to-machine login flow. To learn more, read <a href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</a>.
+        Create a client grant for a machine-to-machine login flow. To learn more, read [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow).
 
         Parameters
         ----------
@@ -322,7 +322,7 @@ def get(
         self, id: str, *, request_options: typing.Optional[RequestOptions] = None
     ) -> HttpResponse[GetClientGrantResponseContent]:
         """
-        Retrieve a single <a href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grant</a>, including the
+        Retrieve a single [client grant](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the
         scopes associated with the application/API pair.
 
         Parameters
@@ -408,7 +408,7 @@ def get(
 
     def delete(self, id: str, *, request_options: typing.Optional[RequestOptions] = None) -> HttpResponse[None]:
         """
-        Delete the <a href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</a> from your machine-to-machine application.
+        Delete the [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow) from your machine-to-machine application.
 
         Parameters
         ----------
@@ -632,7 +632,7 @@ async def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncPager[ClientGrantResponseContent, ListClientGrantPaginatedResponseContent]:
         """
-        Retrieve a list of <a href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grants</a>, including the scopes associated with the application/API pair.
+        Retrieve a list of [client grants](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the scopes associated with the application/API pair.
 
         Parameters
         ----------
@@ -762,7 +762,7 @@ async def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[CreateClientGrantResponseContent]:
         """
-        Create a client grant for a machine-to-machine login flow. To learn more, read <a href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</a>.
+        Create a client grant for a machine-to-machine login flow. To learn more, read [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow).
 
         Parameters
         ----------
@@ -907,7 +907,7 @@ async def get(
         self, id: str, *, request_options: typing.Optional[RequestOptions] = None
     ) -> AsyncHttpResponse[GetClientGrantResponseContent]:
         """
-        Retrieve a single <a href="https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants">client grant</a>, including the
+        Retrieve a single [client grant](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants), including the
         scopes associated with the application/API pair.
 
         Parameters
@@ -995,7 +995,7 @@ async def delete(
         self, id: str, *, request_options: typing.Optional[RequestOptions] = None
     ) -> AsyncHttpResponse[None]:
         """
-        Delete the <a href="https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow">Client Credential Flow</a> from your machine-to-machine application.
+        Delete the [Client Credential Flow](https://www.auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow) from your machine-to-machine application.
 
         Parameters
         ----------
diff --git a/src/auth0/management/clients/client.py b/src/auth0/management/clients/client.py
index 475c1fe7..de4ee08f 100644
--- a/src/auth0/management/clients/client.py
+++ b/src/auth0/management/clients/client.py
@@ -99,38 +99,30 @@ def list(
     ) -> SyncPager[Client, ListClientsOffsetPaginatedResponseContent]:
         """
         Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified.
-        For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
-
-        <ul>
-          <li>
-            The following can be retrieved with any scope:
-            <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the <code>read:clients</code> or
-            <code>read:client_keys</code> scope:
-            <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
-            <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
-            <code>callback_url_template</code>, <code>jwt_configuration</code>,
-            <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
-            <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
-            <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
-            <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
-            <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
-            <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
-            <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
-            <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,
-            <code>refresh_token</code>, <code>refresh_token.rotation_type</code>, <code>refresh_token.expiration_type</code>,
-            <code>refresh_token.leeway</code>, <code>refresh_token.token_lifetime</code>, <code>refresh_token.policies</code>, <code>organization_usage</code>,
-            <code>organization_require_behavior</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the
-            <code>read:client_keys</code> or <code>read:client_credentials</code> scope:
-            <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
-            <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
-          </li>
-        </ul>
+        For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
+
+        - The following can be retrieved with any scope:
+            `client_id`, `app_type`, `name`, and `description`.
+        - The following properties can only be retrieved with the `read:clients` or
+            `read:client_keys` scope:
+            `callbacks`, `oidc_logout`, `allowed_origins`,
+            `web_origins`, `tenant`, `global`, `config_route`,
+            `callback_url_template`, `jwt_configuration`,
+            `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+            `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+            `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+            `custom_login_page_off`, `sso`, `addons`, `form_template`,
+            `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+            `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+            `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+            `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+            `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+            `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+            `organization_require_behavior`.
+        - The following properties can only be retrieved with the
+            `read:client_keys` or `read:client_credentials` scope:
+            `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+            `client_secret`, `client_authentication_methods` and `signing_key`.
 
         Parameters
         ----------
@@ -273,20 +265,20 @@ def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreateClientResponseContent:
         """
-        Create a new client (application or SSO integration). For more information, read <a href="https://www.auth0.com/docs/get-started/auth0-overview/create-applications">Create Applications</a>
-        <a href="https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on>">API Endpoints for Single Sign-On</a>.
+        Create a new client (application or SSO integration). For more information, read [Create Applications](https://www.auth0.com/docs/get-started/auth0-overview/create-applications)
+        [API Endpoints for Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on).
 
         Notes:
         - We recommend leaving the `client_secret` parameter unspecified to allow the generation of a safe secret.
-        - The <code>client_authentication_methods</code> and <code>token_endpoint_auth_method</code> properties are mutually exclusive. Use
-        <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method. Otherwise, use <code>token_endpoint_auth_method</code>
+        - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use
+        `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method`
         to configure the client with client secret (basic or post) or with no authentication method (none).
-        - When using <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method, specify fully defined credentials.
+        - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, specify fully defined credentials.
         These credentials will be automatically enabled for Private Key JWT authentication on the client.
-        - To configure <code>client_authentication_methods</code>, the <code>create:client_credentials</code> scope is required.
-        - To configure <code>client_authentication_methods</code>, the property <code>jwt_configuration.alg</code> must be set to RS256.
+        - To configure `client_authentication_methods`, the `create:client_credentials` scope is required.
+        - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
 
-        <div class="alert alert-warning">SSO Integrations created via this endpoint will accept login requests and share user profile information.</div>
+        SSO Integrations created via this endpoint will accept login requests and share user profile information.
 
         Parameters
         ----------
@@ -553,16 +545,14 @@ def register_cimd_client(
         Idempotent registration for Client ID Metadata Document (CIMD) clients.
         Uses external_client_id as the unique identifier for upsert operations.
 
-        <strong>Create:</strong> Returns 201 when a new client is created (requires <code>create:clients</code> scope).
-        <strong>Update:</strong> Returns 200 when an existing client is updated (requires <code>update:clients</code> scope).
+        **Create:** Returns 201 when a new client is created (requires `create:clients` scope).
+        **Update:** Returns 200 when an existing client is updated (requires `update:clients` scope).
 
         This endpoint automatically:
-        <ul>
-          <li>Fetches and validates the metadata document</li>
-          <li>Maps CIMD fields to Auth0 client configuration</li>
-          <li>Creates/rotates credentials from the JWKS</li>
-          <li>Enforces CIMD security policies (HTTPS-only, no shared secrets)</li>
-        </ul>
+        - Fetches and validates the metadata document
+        - Maps CIMD fields to Auth0 client configuration
+        - Creates/rotates credentials from the JWKS
+        - Enforces CIMD security policies (HTTPS-only, no shared secrets)
 
         Parameters
         ----------
@@ -603,36 +593,29 @@ def get(
     ) -> GetClientResponseContent:
         """
         Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified.
-        For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
-        <ul>
-          <li>
-            The following properties can be retrieved with any of the scopes:
-            <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the <code>read:clients</code> or
-            <code>read:client_keys</code> scopes:
-            <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
-            <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
-            <code>callback_url_template</code>, <code>jwt_configuration</code>,
-            <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
-            <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
-            <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
-            <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
-            <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
-            <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
-            <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
-            <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,
-            <code>refresh_token</code>, <code>refresh_token.rotation_type</code>, <code>refresh_token.expiration_type</code>,
-            <code>refresh_token.leeway</code>, <code>refresh_token.token_lifetime</code>, <code>refresh_token.policies</code>, <code>organization_usage</code>,
-            <code>organization_require_behavior</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the <code>read:client_keys</code> or <code>read:client_credentials</code> scopes:
-            <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
-            <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
-          </li>
-        </ul>
+        For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
+
+        - The following properties can be retrieved with any of the scopes:
+            `client_id`, `app_type`, `name`, and `description`.
+        - The following properties can only be retrieved with the `read:clients` or
+            `read:client_keys` scopes:
+            `callbacks`, `oidc_logout`, `allowed_origins`,
+            `web_origins`, `tenant`, `global`, `config_route`,
+            `callback_url_template`, `jwt_configuration`,
+            `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+            `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+            `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+            `custom_login_page_off`, `sso`, `addons`, `form_template`,
+            `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+            `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+            `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+            `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+            `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+            `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+            `organization_require_behavior`.
+        - The following properties can only be retrieved with the `read:client_keys` or `read:client_credentials` scopes:
+            `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+            `client_secret`, `client_authentication_methods` and `signing_key`.
 
         Parameters
         ----------
@@ -764,15 +747,15 @@ def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateClientResponseContent:
         """
-        Updates a client's settings. For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
+        Updates a client's settings. For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
 
         Notes:
         - The `client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope.
-        - The <code>client_authentication_methods</code> and <code>token_endpoint_auth_method</code> properties are mutually exclusive. Use <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method. Otherwise, use <code>token_endpoint_auth_method</code> to configure the client with client secret (basic or post) or with no authentication method (none).
-        - When using <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
-        - To configure <code>client_authentication_methods</code>, the <code>update:client_credentials</code> scope is required.
-        - To configure <code>client_authentication_methods</code>, the property <code>jwt_configuration.alg</code> must be set to RS256.
-        - To change a client's <code>is_first_party</code> property to <code>false</code>, the <code>organization_usage</code> and <code>organization_require_behavior</code> properties must be unset.
+        - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` to configure the client with client secret (basic or post) or with no authentication method (none).
+        - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
+        - To configure `client_authentication_methods`, the `update:client_credentials` scope is required.
+        - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
+        - To change a client's `is_first_party` property to `false`, the `organization_usage` and `organization_require_behavior` properties must be unset.
 
         Parameters
         ----------
@@ -1007,7 +990,7 @@ def rotate_secret(
 
         This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded.
 
-        For more information, read <a href="https://www.auth0.com/docs/get-started/applications/rotate-client-secret">Rotate Client Secrets</a>.
+        For more information, read [Rotate Client Secrets](https://www.auth0.com/docs/get-started/applications/rotate-client-secret).
 
         Parameters
         ----------
@@ -1088,38 +1071,30 @@ async def list(
     ) -> AsyncPager[Client, ListClientsOffsetPaginatedResponseContent]:
         """
         Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified.
-        For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
-
-        <ul>
-          <li>
-            The following can be retrieved with any scope:
-            <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the <code>read:clients</code> or
-            <code>read:client_keys</code> scope:
-            <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
-            <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
-            <code>callback_url_template</code>, <code>jwt_configuration</code>,
-            <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
-            <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
-            <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
-            <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
-            <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
-            <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
-            <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
-            <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,
-            <code>refresh_token</code>, <code>refresh_token.rotation_type</code>, <code>refresh_token.expiration_type</code>,
-            <code>refresh_token.leeway</code>, <code>refresh_token.token_lifetime</code>, <code>refresh_token.policies</code>, <code>organization_usage</code>,
-            <code>organization_require_behavior</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the
-            <code>read:client_keys</code> or <code>read:client_credentials</code> scope:
-            <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
-            <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
-          </li>
-        </ul>
+        For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
+
+        - The following can be retrieved with any scope:
+            `client_id`, `app_type`, `name`, and `description`.
+        - The following properties can only be retrieved with the `read:clients` or
+            `read:client_keys` scope:
+            `callbacks`, `oidc_logout`, `allowed_origins`,
+            `web_origins`, `tenant`, `global`, `config_route`,
+            `callback_url_template`, `jwt_configuration`,
+            `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+            `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+            `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+            `custom_login_page_off`, `sso`, `addons`, `form_template`,
+            `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+            `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+            `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+            `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+            `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+            `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+            `organization_require_behavior`.
+        - The following properties can only be retrieved with the
+            `read:client_keys` or `read:client_credentials` scope:
+            `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+            `client_secret`, `client_authentication_methods` and `signing_key`.
 
         Parameters
         ----------
@@ -1271,20 +1246,20 @@ async def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreateClientResponseContent:
         """
-        Create a new client (application or SSO integration). For more information, read <a href="https://www.auth0.com/docs/get-started/auth0-overview/create-applications">Create Applications</a>
-        <a href="https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on>">API Endpoints for Single Sign-On</a>.
+        Create a new client (application or SSO integration). For more information, read [Create Applications](https://www.auth0.com/docs/get-started/auth0-overview/create-applications)
+        [API Endpoints for Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on).
 
         Notes:
         - We recommend leaving the `client_secret` parameter unspecified to allow the generation of a safe secret.
-        - The <code>client_authentication_methods</code> and <code>token_endpoint_auth_method</code> properties are mutually exclusive. Use
-        <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method. Otherwise, use <code>token_endpoint_auth_method</code>
+        - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use
+        `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method`
         to configure the client with client secret (basic or post) or with no authentication method (none).
-        - When using <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method, specify fully defined credentials.
+        - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, specify fully defined credentials.
         These credentials will be automatically enabled for Private Key JWT authentication on the client.
-        - To configure <code>client_authentication_methods</code>, the <code>create:client_credentials</code> scope is required.
-        - To configure <code>client_authentication_methods</code>, the property <code>jwt_configuration.alg</code> must be set to RS256.
+        - To configure `client_authentication_methods`, the `create:client_credentials` scope is required.
+        - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
 
-        <div class="alert alert-warning">SSO Integrations created via this endpoint will accept login requests and share user profile information.</div>
+        SSO Integrations created via this endpoint will accept login requests and share user profile information.
 
         Parameters
         ----------
@@ -1567,16 +1542,14 @@ async def register_cimd_client(
         Idempotent registration for Client ID Metadata Document (CIMD) clients.
         Uses external_client_id as the unique identifier for upsert operations.
 
-        <strong>Create:</strong> Returns 201 when a new client is created (requires <code>create:clients</code> scope).
-        <strong>Update:</strong> Returns 200 when an existing client is updated (requires <code>update:clients</code> scope).
+        **Create:** Returns 201 when a new client is created (requires `create:clients` scope).
+        **Update:** Returns 200 when an existing client is updated (requires `update:clients` scope).
 
         This endpoint automatically:
-        <ul>
-          <li>Fetches and validates the metadata document</li>
-          <li>Maps CIMD fields to Auth0 client configuration</li>
-          <li>Creates/rotates credentials from the JWKS</li>
-          <li>Enforces CIMD security policies (HTTPS-only, no shared secrets)</li>
-        </ul>
+        - Fetches and validates the metadata document
+        - Maps CIMD fields to Auth0 client configuration
+        - Creates/rotates credentials from the JWKS
+        - Enforces CIMD security policies (HTTPS-only, no shared secrets)
 
         Parameters
         ----------
@@ -1625,36 +1598,29 @@ async def get(
     ) -> GetClientResponseContent:
         """
         Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified.
-        For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
-        <ul>
-          <li>
-            The following properties can be retrieved with any of the scopes:
-            <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the <code>read:clients</code> or
-            <code>read:client_keys</code> scopes:
-            <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
-            <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
-            <code>callback_url_template</code>, <code>jwt_configuration</code>,
-            <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
-            <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
-            <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
-            <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
-            <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
-            <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
-            <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
-            <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,
-            <code>refresh_token</code>, <code>refresh_token.rotation_type</code>, <code>refresh_token.expiration_type</code>,
-            <code>refresh_token.leeway</code>, <code>refresh_token.token_lifetime</code>, <code>refresh_token.policies</code>, <code>organization_usage</code>,
-            <code>organization_require_behavior</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the <code>read:client_keys</code> or <code>read:client_credentials</code> scopes:
-            <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
-            <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
-          </li>
-        </ul>
+        For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
+
+        - The following properties can be retrieved with any of the scopes:
+            `client_id`, `app_type`, `name`, and `description`.
+        - The following properties can only be retrieved with the `read:clients` or
+            `read:client_keys` scopes:
+            `callbacks`, `oidc_logout`, `allowed_origins`,
+            `web_origins`, `tenant`, `global`, `config_route`,
+            `callback_url_template`, `jwt_configuration`,
+            `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+            `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+            `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+            `custom_login_page_off`, `sso`, `addons`, `form_template`,
+            `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+            `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+            `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+            `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+            `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+            `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+            `organization_require_behavior`.
+        - The following properties can only be retrieved with the `read:client_keys` or `read:client_credentials` scopes:
+            `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+            `client_secret`, `client_authentication_methods` and `signing_key`.
 
         Parameters
         ----------
@@ -1802,15 +1768,15 @@ async def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateClientResponseContent:
         """
-        Updates a client's settings. For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
+        Updates a client's settings. For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
 
         Notes:
         - The `client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope.
-        - The <code>client_authentication_methods</code> and <code>token_endpoint_auth_method</code> properties are mutually exclusive. Use <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method. Otherwise, use <code>token_endpoint_auth_method</code> to configure the client with client secret (basic or post) or with no authentication method (none).
-        - When using <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
-        - To configure <code>client_authentication_methods</code>, the <code>update:client_credentials</code> scope is required.
-        - To configure <code>client_authentication_methods</code>, the property <code>jwt_configuration.alg</code> must be set to RS256.
-        - To change a client's <code>is_first_party</code> property to <code>false</code>, the <code>organization_usage</code> and <code>organization_require_behavior</code> properties must be unset.
+        - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` to configure the client with client secret (basic or post) or with no authentication method (none).
+        - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
+        - To configure `client_authentication_methods`, the `update:client_credentials` scope is required.
+        - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
+        - To change a client's `is_first_party` property to `false`, the `organization_usage` and `organization_require_behavior` properties must be unset.
 
         Parameters
         ----------
@@ -2053,7 +2019,7 @@ async def rotate_secret(
 
         This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded.
 
-        For more information, read <a href="https://www.auth0.com/docs/get-started/applications/rotate-client-secret">Rotate Client Secrets</a>.
+        For more information, read [Rotate Client Secrets](https://www.auth0.com/docs/get-started/applications/rotate-client-secret).
 
         Parameters
         ----------
diff --git a/src/auth0/management/clients/connections/client.py b/src/auth0/management/clients/connections/client.py
index ddbcd26f..580abf11 100644
--- a/src/auth0/management/clients/connections/client.py
+++ b/src/auth0/management/clients/connections/client.py
@@ -38,15 +38,10 @@ def get(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> SyncPager[ConnectionForList, ListClientConnectionsResponseContent]:
         """
-        Retrieve all connections that are enabled for the specified <a href="https://www.auth0.com/docs/get-started/applications"> Application</a>, using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
-        <ul>
-          <li>
-            This endpoint requires the <code>read:connections</code> scope and any one of <code>read:clients</code> or <code>read:client_summary</code>.
-          </li>
-          <li>
-            <b>Note</b>: The first time you call this endpoint, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no further results are remaining.
-          </li>
-        </ul>
+        Retrieve all connections that are enabled for the specified [Application](https://www.auth0.com/docs/get-started/applications), using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
+
+        - This endpoint requires the `read:connections` scope and any one of `read:clients` or `read:client_summary`.
+        - **Note**: The first time you call this endpoint, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no further results are remaining.
 
         Parameters
         ----------
@@ -135,15 +130,10 @@ async def get(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncPager[ConnectionForList, ListClientConnectionsResponseContent]:
         """
-        Retrieve all connections that are enabled for the specified <a href="https://www.auth0.com/docs/get-started/applications"> Application</a>, using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
-        <ul>
-          <li>
-            This endpoint requires the <code>read:connections</code> scope and any one of <code>read:clients</code> or <code>read:client_summary</code>.
-          </li>
-          <li>
-            <b>Note</b>: The first time you call this endpoint, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no further results are remaining.
-          </li>
-        </ul>
+        Retrieve all connections that are enabled for the specified [Application](https://www.auth0.com/docs/get-started/applications), using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
+
+        - This endpoint requires the `read:connections` scope and any one of `read:clients` or `read:client_summary`.
+        - **Note**: The first time you call this endpoint, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no further results are remaining.
 
         Parameters
         ----------
diff --git a/src/auth0/management/clients/connections/raw_client.py b/src/auth0/management/clients/connections/raw_client.py
index e093b35b..02efc71a 100644
--- a/src/auth0/management/clients/connections/raw_client.py
+++ b/src/auth0/management/clients/connections/raw_client.py
@@ -37,15 +37,10 @@ def get(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> SyncPager[ConnectionForList, ListClientConnectionsResponseContent]:
         """
-        Retrieve all connections that are enabled for the specified <a href="https://www.auth0.com/docs/get-started/applications"> Application</a>, using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
-        <ul>
-          <li>
-            This endpoint requires the <code>read:connections</code> scope and any one of <code>read:clients</code> or <code>read:client_summary</code>.
-          </li>
-          <li>
-            <b>Note</b>: The first time you call this endpoint, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no further results are remaining.
-          </li>
-        </ul>
+        Retrieve all connections that are enabled for the specified [Application](https://www.auth0.com/docs/get-started/applications), using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
+
+        - This endpoint requires the `read:connections` scope and any one of `read:clients` or `read:client_summary`.
+        - **Note**: The first time you call this endpoint, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no further results are remaining.
 
         Parameters
         ----------
@@ -190,15 +185,10 @@ async def get(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncPager[ConnectionForList, ListClientConnectionsResponseContent]:
         """
-        Retrieve all connections that are enabled for the specified <a href="https://www.auth0.com/docs/get-started/applications"> Application</a>, using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
-        <ul>
-          <li>
-            This endpoint requires the <code>read:connections</code> scope and any one of <code>read:clients</code> or <code>read:client_summary</code>.
-          </li>
-          <li>
-            <b>Note</b>: The first time you call this endpoint, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no further results are remaining.
-          </li>
-        </ul>
+        Retrieve all connections that are enabled for the specified [Application](https://www.auth0.com/docs/get-started/applications), using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.
+
+        - This endpoint requires the `read:connections` scope and any one of `read:clients` or `read:client_summary`.
+        - **Note**: The first time you call this endpoint, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no further results are remaining.
 
         Parameters
         ----------
diff --git a/src/auth0/management/clients/credentials/client.py b/src/auth0/management/clients/credentials/client.py
index daa19377..9eb77c32 100644
--- a/src/auth0/management/clients/credentials/client.py
+++ b/src/auth0/management/clients/credentials/client.py
@@ -38,7 +38,7 @@ def list(
         """
         Get the details of a client credential.
 
-        <b>Important</b>: To enable credentials to be used for a client authentication method, set the <code>client_authentication_methods</code> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <code>signed_request_object</code> property on the client.
+        **Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
 
         Parameters
         ----------
@@ -84,37 +84,61 @@ def create(
         """
         Create a client credential associated to your application. Credentials can be used to configure Private Key JWT and mTLS authentication methods, as well as for JWT-secured Authorization requests.
 
-        <h5>Public Key</h5>Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+        **Public Key**
 
-        Sample: <pre><code>{
+        Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+
+        Sample:
+
+        ```json
+        {
           "credential_type": "public_key",
           "name": "string",
           "pem": "string",
           "alg": "RS256",
           "parse_expiry_from_cert": false,
           "expires_at": "2022-12-31T23:59:59Z"
-        }</code></pre>
-        <h5>Certificate (CA-signed & self-signed)</h5>Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+        }
+        ```
+
+        **Certificate (CA-signed & self-signed)**
+
+        Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+
+        CA-signed Certificate Sample (pem):
 
-        CA-signed Certificate Sample (pem): <pre><code>{
+        ```json
+        {
           "credential_type": "x509_cert",
           "name": "string",
           "pem": "string"
-        }</code></pre>CA-signed Certificate Sample (subject_dn): <pre><code>{
+        }
+        ```
+
+        CA-signed Certificate Sample (subject_dn):
+
+        ```json
+        {
           "credential_type": "cert_subject_dn",
           "name": "string",
           "subject_dn": "string"
-        }</code></pre>Self-signed Certificate Sample: <pre><code>{
+        }
+        ```
+
+        Self-signed Certificate Sample:
+
+        ```json
+        {
           "credential_type": "cert_subject_dn",
           "name": "string",
           "pem": "string"
-        }</code></pre>
+        }
+        ```
 
         The credential will be created but not yet enabled for use until you set the corresponding properties in the client:
-        <ul>
-          <li>To enable the credential for Private Key JWT or mTLS authentication methods, set the <code>client_authentication_methods</code> property on the client. For more information, read <a href="https://auth0.com/docs/get-started/applications/configure-private-key-jwt">Configure Private Key JWT Authentication</a> and <a href="https://auth0.com/docs/get-started/applications/configure-mtls">Configure mTLS Authentication</a></li>
-          <li>To enable the credential for JWT-secured Authorization requests, set the <code>signed_request_object</code>property on the client. For more information, read <a href="https://auth0.com/docs/get-started/applications/configure-jar">Configure JWT-secured Authorization Requests (JAR)</a></li>
-        </ul>
+
+        - To enable the credential for Private Key JWT or mTLS authentication methods, set the `client_authentication_methods` property on the client. For more information, read [Configure Private Key JWT Authentication](https://auth0.com/docs/get-started/applications/configure-private-key-jwt) and [Configure mTLS Authentication](https://auth0.com/docs/get-started/applications/configure-mtls)
+        - To enable the credential for JWT-secured Authorization requests, set the `signed_request_object`property on the client. For more information, read [Configure JWT-secured Authorization Requests (JAR)](https://auth0.com/docs/get-started/applications/configure-jar)
 
         Parameters
         ----------
@@ -183,7 +207,7 @@ def get(
         """
         Get the details of a client credential.
 
-        <b>Important</b>: To enable credentials to be used for a client authentication method, set the <code>client_authentication_methods</code> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <code>signed_request_object</code> property on the client.
+        **Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
 
         Parameters
         ----------
@@ -321,7 +345,7 @@ async def list(
         """
         Get the details of a client credential.
 
-        <b>Important</b>: To enable credentials to be used for a client authentication method, set the <code>client_authentication_methods</code> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <code>signed_request_object</code> property on the client.
+        **Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
 
         Parameters
         ----------
@@ -375,37 +399,61 @@ async def create(
         """
         Create a client credential associated to your application. Credentials can be used to configure Private Key JWT and mTLS authentication methods, as well as for JWT-secured Authorization requests.
 
-        <h5>Public Key</h5>Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+        **Public Key**
 
-        Sample: <pre><code>{
+        Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+
+        Sample:
+
+        ```json
+        {
           "credential_type": "public_key",
           "name": "string",
           "pem": "string",
           "alg": "RS256",
           "parse_expiry_from_cert": false,
           "expires_at": "2022-12-31T23:59:59Z"
-        }</code></pre>
-        <h5>Certificate (CA-signed & self-signed)</h5>Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+        }
+        ```
+
+        **Certificate (CA-signed & self-signed)**
+
+        Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+
+        CA-signed Certificate Sample (pem):
 
-        CA-signed Certificate Sample (pem): <pre><code>{
+        ```json
+        {
           "credential_type": "x509_cert",
           "name": "string",
           "pem": "string"
-        }</code></pre>CA-signed Certificate Sample (subject_dn): <pre><code>{
+        }
+        ```
+
+        CA-signed Certificate Sample (subject_dn):
+
+        ```json
+        {
           "credential_type": "cert_subject_dn",
           "name": "string",
           "subject_dn": "string"
-        }</code></pre>Self-signed Certificate Sample: <pre><code>{
+        }
+        ```
+
+        Self-signed Certificate Sample:
+
+        ```json
+        {
           "credential_type": "cert_subject_dn",
           "name": "string",
           "pem": "string"
-        }</code></pre>
+        }
+        ```
 
         The credential will be created but not yet enabled for use until you set the corresponding properties in the client:
-        <ul>
-          <li>To enable the credential for Private Key JWT or mTLS authentication methods, set the <code>client_authentication_methods</code> property on the client. For more information, read <a href="https://auth0.com/docs/get-started/applications/configure-private-key-jwt">Configure Private Key JWT Authentication</a> and <a href="https://auth0.com/docs/get-started/applications/configure-mtls">Configure mTLS Authentication</a></li>
-          <li>To enable the credential for JWT-secured Authorization requests, set the <code>signed_request_object</code>property on the client. For more information, read <a href="https://auth0.com/docs/get-started/applications/configure-jar">Configure JWT-secured Authorization Requests (JAR)</a></li>
-        </ul>
+
+        - To enable the credential for Private Key JWT or mTLS authentication methods, set the `client_authentication_methods` property on the client. For more information, read [Configure Private Key JWT Authentication](https://auth0.com/docs/get-started/applications/configure-private-key-jwt) and [Configure mTLS Authentication](https://auth0.com/docs/get-started/applications/configure-mtls)
+        - To enable the credential for JWT-secured Authorization requests, set the `signed_request_object`property on the client. For more information, read [Configure JWT-secured Authorization Requests (JAR)](https://auth0.com/docs/get-started/applications/configure-jar)
 
         Parameters
         ----------
@@ -482,7 +530,7 @@ async def get(
         """
         Get the details of a client credential.
 
-        <b>Important</b>: To enable credentials to be used for a client authentication method, set the <code>client_authentication_methods</code> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <code>signed_request_object</code> property on the client.
+        **Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
 
         Parameters
         ----------
diff --git a/src/auth0/management/clients/credentials/raw_client.py b/src/auth0/management/clients/credentials/raw_client.py
index 9bb46211..2da62c66 100644
--- a/src/auth0/management/clients/credentials/raw_client.py
+++ b/src/auth0/management/clients/credentials/raw_client.py
@@ -38,7 +38,7 @@ def list(
         """
         Get the details of a client credential.
 
-        <b>Important</b>: To enable credentials to be used for a client authentication method, set the <code>client_authentication_methods</code> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <code>signed_request_object</code> property on the client.
+        **Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
 
         Parameters
         ----------
@@ -138,37 +138,61 @@ def create(
         """
         Create a client credential associated to your application. Credentials can be used to configure Private Key JWT and mTLS authentication methods, as well as for JWT-secured Authorization requests.
 
-        <h5>Public Key</h5>Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+        **Public Key**
 
-        Sample: <pre><code>{
+        Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+
+        Sample:
+
+        ```json
+        {
           "credential_type": "public_key",
           "name": "string",
           "pem": "string",
           "alg": "RS256",
           "parse_expiry_from_cert": false,
           "expires_at": "2022-12-31T23:59:59Z"
-        }</code></pre>
-        <h5>Certificate (CA-signed & self-signed)</h5>Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+        }
+        ```
+
+        **Certificate (CA-signed & self-signed)**
+
+        Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+
+        CA-signed Certificate Sample (pem):
 
-        CA-signed Certificate Sample (pem): <pre><code>{
+        ```json
+        {
           "credential_type": "x509_cert",
           "name": "string",
           "pem": "string"
-        }</code></pre>CA-signed Certificate Sample (subject_dn): <pre><code>{
+        }
+        ```
+
+        CA-signed Certificate Sample (subject_dn):
+
+        ```json
+        {
           "credential_type": "cert_subject_dn",
           "name": "string",
           "subject_dn": "string"
-        }</code></pre>Self-signed Certificate Sample: <pre><code>{
+        }
+        ```
+
+        Self-signed Certificate Sample:
+
+        ```json
+        {
           "credential_type": "cert_subject_dn",
           "name": "string",
           "pem": "string"
-        }</code></pre>
+        }
+        ```
 
         The credential will be created but not yet enabled for use until you set the corresponding properties in the client:
-        <ul>
-          <li>To enable the credential for Private Key JWT or mTLS authentication methods, set the <code>client_authentication_methods</code> property on the client. For more information, read <a href="https://auth0.com/docs/get-started/applications/configure-private-key-jwt">Configure Private Key JWT Authentication</a> and <a href="https://auth0.com/docs/get-started/applications/configure-mtls">Configure mTLS Authentication</a></li>
-          <li>To enable the credential for JWT-secured Authorization requests, set the <code>signed_request_object</code>property on the client. For more information, read <a href="https://auth0.com/docs/get-started/applications/configure-jar">Configure JWT-secured Authorization Requests (JAR)</a></li>
-        </ul>
+
+        - To enable the credential for Private Key JWT or mTLS authentication methods, set the `client_authentication_methods` property on the client. For more information, read [Configure Private Key JWT Authentication](https://auth0.com/docs/get-started/applications/configure-private-key-jwt) and [Configure mTLS Authentication](https://auth0.com/docs/get-started/applications/configure-mtls)
+        - To enable the credential for JWT-secured Authorization requests, set the `signed_request_object`property on the client. For more information, read [Configure JWT-secured Authorization Requests (JAR)](https://auth0.com/docs/get-started/applications/configure-jar)
 
         Parameters
         ----------
@@ -304,7 +328,7 @@ def get(
         """
         Get the details of a client credential.
 
-        <b>Important</b>: To enable credentials to be used for a client authentication method, set the <code>client_authentication_methods</code> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <code>signed_request_object</code> property on the client.
+        **Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
 
         Parameters
         ----------
@@ -599,7 +623,7 @@ async def list(
         """
         Get the details of a client credential.
 
-        <b>Important</b>: To enable credentials to be used for a client authentication method, set the <code>client_authentication_methods</code> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <code>signed_request_object</code> property on the client.
+        **Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
 
         Parameters
         ----------
@@ -699,37 +723,61 @@ async def create(
         """
         Create a client credential associated to your application. Credentials can be used to configure Private Key JWT and mTLS authentication methods, as well as for JWT-secured Authorization requests.
 
-        <h5>Public Key</h5>Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+        **Public Key**
 
-        Sample: <pre><code>{
+        Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
+
+        Sample:
+
+        ```json
+        {
           "credential_type": "public_key",
           "name": "string",
           "pem": "string",
           "alg": "RS256",
           "parse_expiry_from_cert": false,
           "expires_at": "2022-12-31T23:59:59Z"
-        }</code></pre>
-        <h5>Certificate (CA-signed & self-signed)</h5>Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+        }
+        ```
+
+        **Certificate (CA-signed & self-signed)**
+
+        Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
+
+        CA-signed Certificate Sample (pem):
 
-        CA-signed Certificate Sample (pem): <pre><code>{
+        ```json
+        {
           "credential_type": "x509_cert",
           "name": "string",
           "pem": "string"
-        }</code></pre>CA-signed Certificate Sample (subject_dn): <pre><code>{
+        }
+        ```
+
+        CA-signed Certificate Sample (subject_dn):
+
+        ```json
+        {
           "credential_type": "cert_subject_dn",
           "name": "string",
           "subject_dn": "string"
-        }</code></pre>Self-signed Certificate Sample: <pre><code>{
+        }
+        ```
+
+        Self-signed Certificate Sample:
+
+        ```json
+        {
           "credential_type": "cert_subject_dn",
           "name": "string",
           "pem": "string"
-        }</code></pre>
+        }
+        ```
 
         The credential will be created but not yet enabled for use until you set the corresponding properties in the client:
-        <ul>
-          <li>To enable the credential for Private Key JWT or mTLS authentication methods, set the <code>client_authentication_methods</code> property on the client. For more information, read <a href="https://auth0.com/docs/get-started/applications/configure-private-key-jwt">Configure Private Key JWT Authentication</a> and <a href="https://auth0.com/docs/get-started/applications/configure-mtls">Configure mTLS Authentication</a></li>
-          <li>To enable the credential for JWT-secured Authorization requests, set the <code>signed_request_object</code>property on the client. For more information, read <a href="https://auth0.com/docs/get-started/applications/configure-jar">Configure JWT-secured Authorization Requests (JAR)</a></li>
-        </ul>
+
+        - To enable the credential for Private Key JWT or mTLS authentication methods, set the `client_authentication_methods` property on the client. For more information, read [Configure Private Key JWT Authentication](https://auth0.com/docs/get-started/applications/configure-private-key-jwt) and [Configure mTLS Authentication](https://auth0.com/docs/get-started/applications/configure-mtls)
+        - To enable the credential for JWT-secured Authorization requests, set the `signed_request_object`property on the client. For more information, read [Configure JWT-secured Authorization Requests (JAR)](https://auth0.com/docs/get-started/applications/configure-jar)
 
         Parameters
         ----------
@@ -865,7 +913,7 @@ async def get(
         """
         Get the details of a client credential.
 
-        <b>Important</b>: To enable credentials to be used for a client authentication method, set the <code>client_authentication_methods</code> property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the <code>signed_request_object</code> property on the client.
+        **Important**: To enable credentials to be used for a client authentication method, set the `client_authentication_methods` property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the `signed_request_object` property on the client.
 
         Parameters
         ----------
diff --git a/src/auth0/management/clients/raw_client.py b/src/auth0/management/clients/raw_client.py
index 8d2b434e..65e8927f 100644
--- a/src/auth0/management/clients/raw_client.py
+++ b/src/auth0/management/clients/raw_client.py
@@ -94,38 +94,30 @@ def list(
     ) -> SyncPager[Client, ListClientsOffsetPaginatedResponseContent]:
         """
         Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified.
-        For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
-
-        <ul>
-          <li>
-            The following can be retrieved with any scope:
-            <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the <code>read:clients</code> or
-            <code>read:client_keys</code> scope:
-            <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
-            <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
-            <code>callback_url_template</code>, <code>jwt_configuration</code>,
-            <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
-            <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
-            <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
-            <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
-            <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
-            <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
-            <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
-            <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,
-            <code>refresh_token</code>, <code>refresh_token.rotation_type</code>, <code>refresh_token.expiration_type</code>,
-            <code>refresh_token.leeway</code>, <code>refresh_token.token_lifetime</code>, <code>refresh_token.policies</code>, <code>organization_usage</code>,
-            <code>organization_require_behavior</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the
-            <code>read:client_keys</code> or <code>read:client_credentials</code> scope:
-            <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
-            <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
-          </li>
-        </ul>
+        For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
+
+        - The following can be retrieved with any scope:
+            `client_id`, `app_type`, `name`, and `description`.
+        - The following properties can only be retrieved with the `read:clients` or
+            `read:client_keys` scope:
+            `callbacks`, `oidc_logout`, `allowed_origins`,
+            `web_origins`, `tenant`, `global`, `config_route`,
+            `callback_url_template`, `jwt_configuration`,
+            `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+            `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+            `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+            `custom_login_page_off`, `sso`, `addons`, `form_template`,
+            `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+            `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+            `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+            `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+            `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+            `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+            `organization_require_behavior`.
+        - The following properties can only be retrieved with the
+            `read:client_keys` or `read:client_credentials` scope:
+            `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+            `client_secret`, `client_authentication_methods` and `signing_key`.
 
         Parameters
         ----------
@@ -326,20 +318,20 @@ def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[CreateClientResponseContent]:
         """
-        Create a new client (application or SSO integration). For more information, read <a href="https://www.auth0.com/docs/get-started/auth0-overview/create-applications">Create Applications</a>
-        <a href="https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on>">API Endpoints for Single Sign-On</a>.
+        Create a new client (application or SSO integration). For more information, read [Create Applications](https://www.auth0.com/docs/get-started/auth0-overview/create-applications)
+        [API Endpoints for Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on).
 
         Notes:
         - We recommend leaving the `client_secret` parameter unspecified to allow the generation of a safe secret.
-        - The <code>client_authentication_methods</code> and <code>token_endpoint_auth_method</code> properties are mutually exclusive. Use
-        <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method. Otherwise, use <code>token_endpoint_auth_method</code>
+        - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use
+        `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method`
         to configure the client with client secret (basic or post) or with no authentication method (none).
-        - When using <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method, specify fully defined credentials.
+        - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, specify fully defined credentials.
         These credentials will be automatically enabled for Private Key JWT authentication on the client.
-        - To configure <code>client_authentication_methods</code>, the <code>create:client_credentials</code> scope is required.
-        - To configure <code>client_authentication_methods</code>, the property <code>jwt_configuration.alg</code> must be set to RS256.
+        - To configure `client_authentication_methods`, the `create:client_credentials` scope is required.
+        - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
 
-        <div class="alert alert-warning">SSO Integrations created via this endpoint will accept login requests and share user profile information.</div>
+        SSO Integrations created via this endpoint will accept login requests and share user profile information.
 
         Parameters
         ----------
@@ -789,16 +781,14 @@ def register_cimd_client(
         Idempotent registration for Client ID Metadata Document (CIMD) clients.
         Uses external_client_id as the unique identifier for upsert operations.
 
-        <strong>Create:</strong> Returns 201 when a new client is created (requires <code>create:clients</code> scope).
-        <strong>Update:</strong> Returns 200 when an existing client is updated (requires <code>update:clients</code> scope).
+        **Create:** Returns 201 when a new client is created (requires `create:clients` scope).
+        **Update:** Returns 200 when an existing client is updated (requires `update:clients` scope).
 
         This endpoint automatically:
-        <ul>
-          <li>Fetches and validates the metadata document</li>
-          <li>Maps CIMD fields to Auth0 client configuration</li>
-          <li>Creates/rotates credentials from the JWKS</li>
-          <li>Enforces CIMD security policies (HTTPS-only, no shared secrets)</li>
-        </ul>
+        - Fetches and validates the metadata document
+        - Maps CIMD fields to Auth0 client configuration
+        - Creates/rotates credentials from the JWKS
+        - Enforces CIMD security policies (HTTPS-only, no shared secrets)
 
         Parameters
         ----------
@@ -909,36 +899,29 @@ def get(
     ) -> HttpResponse[GetClientResponseContent]:
         """
         Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified.
-        For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
-        <ul>
-          <li>
-            The following properties can be retrieved with any of the scopes:
-            <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the <code>read:clients</code> or
-            <code>read:client_keys</code> scopes:
-            <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
-            <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
-            <code>callback_url_template</code>, <code>jwt_configuration</code>,
-            <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
-            <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
-            <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
-            <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
-            <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
-            <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
-            <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
-            <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,
-            <code>refresh_token</code>, <code>refresh_token.rotation_type</code>, <code>refresh_token.expiration_type</code>,
-            <code>refresh_token.leeway</code>, <code>refresh_token.token_lifetime</code>, <code>refresh_token.policies</code>, <code>organization_usage</code>,
-            <code>organization_require_behavior</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the <code>read:client_keys</code> or <code>read:client_credentials</code> scopes:
-            <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
-            <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
-          </li>
-        </ul>
+        For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
+
+        - The following properties can be retrieved with any of the scopes:
+            `client_id`, `app_type`, `name`, and `description`.
+        - The following properties can only be retrieved with the `read:clients` or
+            `read:client_keys` scopes:
+            `callbacks`, `oidc_logout`, `allowed_origins`,
+            `web_origins`, `tenant`, `global`, `config_route`,
+            `callback_url_template`, `jwt_configuration`,
+            `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+            `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+            `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+            `custom_login_page_off`, `sso`, `addons`, `form_template`,
+            `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+            `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+            `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+            `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+            `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+            `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+            `organization_require_behavior`.
+        - The following properties can only be retrieved with the `read:client_keys` or `read:client_credentials` scopes:
+            `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+            `client_secret`, `client_authentication_methods` and `signing_key`.
 
         Parameters
         ----------
@@ -1182,15 +1165,15 @@ def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[UpdateClientResponseContent]:
         """
-        Updates a client's settings. For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
+        Updates a client's settings. For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
 
         Notes:
         - The `client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope.
-        - The <code>client_authentication_methods</code> and <code>token_endpoint_auth_method</code> properties are mutually exclusive. Use <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method. Otherwise, use <code>token_endpoint_auth_method</code> to configure the client with client secret (basic or post) or with no authentication method (none).
-        - When using <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
-        - To configure <code>client_authentication_methods</code>, the <code>update:client_credentials</code> scope is required.
-        - To configure <code>client_authentication_methods</code>, the property <code>jwt_configuration.alg</code> must be set to RS256.
-        - To change a client's <code>is_first_party</code> property to <code>false</code>, the <code>organization_usage</code> and <code>organization_require_behavior</code> properties must be unset.
+        - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` to configure the client with client secret (basic or post) or with no authentication method (none).
+        - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
+        - To configure `client_authentication_methods`, the `update:client_credentials` scope is required.
+        - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
+        - To change a client's `is_first_party` property to `false`, the `organization_usage` and `organization_require_behavior` properties must be unset.
 
         Parameters
         ----------
@@ -1543,7 +1526,7 @@ def rotate_secret(
 
         This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded.
 
-        For more information, read <a href="https://www.auth0.com/docs/get-started/applications/rotate-client-secret">Rotate Client Secrets</a>.
+        For more information, read [Rotate Client Secrets](https://www.auth0.com/docs/get-started/applications/rotate-client-secret).
 
         Parameters
         ----------
@@ -1659,38 +1642,30 @@ async def list(
     ) -> AsyncPager[Client, ListClientsOffsetPaginatedResponseContent]:
         """
         Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified.
-        For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
-
-        <ul>
-          <li>
-            The following can be retrieved with any scope:
-            <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the <code>read:clients</code> or
-            <code>read:client_keys</code> scope:
-            <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
-            <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
-            <code>callback_url_template</code>, <code>jwt_configuration</code>,
-            <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
-            <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
-            <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
-            <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
-            <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
-            <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
-            <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
-            <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,
-            <code>refresh_token</code>, <code>refresh_token.rotation_type</code>, <code>refresh_token.expiration_type</code>,
-            <code>refresh_token.leeway</code>, <code>refresh_token.token_lifetime</code>, <code>refresh_token.policies</code>, <code>organization_usage</code>,
-            <code>organization_require_behavior</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the
-            <code>read:client_keys</code> or <code>read:client_credentials</code> scope:
-            <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
-            <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
-          </li>
-        </ul>
+        For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
+
+        - The following can be retrieved with any scope:
+            `client_id`, `app_type`, `name`, and `description`.
+        - The following properties can only be retrieved with the `read:clients` or
+            `read:client_keys` scope:
+            `callbacks`, `oidc_logout`, `allowed_origins`,
+            `web_origins`, `tenant`, `global`, `config_route`,
+            `callback_url_template`, `jwt_configuration`,
+            `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+            `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+            `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+            `custom_login_page_off`, `sso`, `addons`, `form_template`,
+            `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+            `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+            `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+            `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+            `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+            `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+            `organization_require_behavior`.
+        - The following properties can only be retrieved with the
+            `read:client_keys` or `read:client_credentials` scope:
+            `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+            `client_secret`, `client_authentication_methods` and `signing_key`.
 
         Parameters
         ----------
@@ -1894,20 +1869,20 @@ async def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[CreateClientResponseContent]:
         """
-        Create a new client (application or SSO integration). For more information, read <a href="https://www.auth0.com/docs/get-started/auth0-overview/create-applications">Create Applications</a>
-        <a href="https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on>">API Endpoints for Single Sign-On</a>.
+        Create a new client (application or SSO integration). For more information, read [Create Applications](https://www.auth0.com/docs/get-started/auth0-overview/create-applications)
+        [API Endpoints for Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on).
 
         Notes:
         - We recommend leaving the `client_secret` parameter unspecified to allow the generation of a safe secret.
-        - The <code>client_authentication_methods</code> and <code>token_endpoint_auth_method</code> properties are mutually exclusive. Use
-        <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method. Otherwise, use <code>token_endpoint_auth_method</code>
+        - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use
+        `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method`
         to configure the client with client secret (basic or post) or with no authentication method (none).
-        - When using <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method, specify fully defined credentials.
+        - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, specify fully defined credentials.
         These credentials will be automatically enabled for Private Key JWT authentication on the client.
-        - To configure <code>client_authentication_methods</code>, the <code>create:client_credentials</code> scope is required.
-        - To configure <code>client_authentication_methods</code>, the property <code>jwt_configuration.alg</code> must be set to RS256.
+        - To configure `client_authentication_methods`, the `create:client_credentials` scope is required.
+        - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
 
-        <div class="alert alert-warning">SSO Integrations created via this endpoint will accept login requests and share user profile information.</div>
+        SSO Integrations created via this endpoint will accept login requests and share user profile information.
 
         Parameters
         ----------
@@ -2357,16 +2332,14 @@ async def register_cimd_client(
         Idempotent registration for Client ID Metadata Document (CIMD) clients.
         Uses external_client_id as the unique identifier for upsert operations.
 
-        <strong>Create:</strong> Returns 201 when a new client is created (requires <code>create:clients</code> scope).
-        <strong>Update:</strong> Returns 200 when an existing client is updated (requires <code>update:clients</code> scope).
+        **Create:** Returns 201 when a new client is created (requires `create:clients` scope).
+        **Update:** Returns 200 when an existing client is updated (requires `update:clients` scope).
 
         This endpoint automatically:
-        <ul>
-          <li>Fetches and validates the metadata document</li>
-          <li>Maps CIMD fields to Auth0 client configuration</li>
-          <li>Creates/rotates credentials from the JWKS</li>
-          <li>Enforces CIMD security policies (HTTPS-only, no shared secrets)</li>
-        </ul>
+        - Fetches and validates the metadata document
+        - Maps CIMD fields to Auth0 client configuration
+        - Creates/rotates credentials from the JWKS
+        - Enforces CIMD security policies (HTTPS-only, no shared secrets)
 
         Parameters
         ----------
@@ -2477,36 +2450,29 @@ async def get(
     ) -> AsyncHttpResponse[GetClientResponseContent]:
         """
         Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified.
-        For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
-        <ul>
-          <li>
-            The following properties can be retrieved with any of the scopes:
-            <code>client_id</code>, <code>app_type</code>, <code>name</code>, and <code>description</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the <code>read:clients</code> or
-            <code>read:client_keys</code> scopes:
-            <code>callbacks</code>, <code>oidc_logout</code>, <code>allowed_origins</code>,
-            <code>web_origins</code>, <code>tenant</code>, <code>global</code>, <code>config_route</code>,
-            <code>callback_url_template</code>, <code>jwt_configuration</code>,
-            <code>jwt_configuration.lifetime_in_seconds</code>, <code>jwt_configuration.secret_encoded</code>,
-            <code>jwt_configuration.scopes</code>, <code>jwt_configuration.alg</code>, <code>api_type</code>,
-            <code>logo_uri</code>, <code>allowed_clients</code>, <code>owners</code>, <code>custom_login_page</code>,
-            <code>custom_login_page_off</code>, <code>sso</code>, <code>addons</code>, <code>form_template</code>,
-            <code>custom_login_page_codeview</code>, <code>resource_servers</code>, <code>client_metadata</code>,
-            <code>mobile</code>, <code>mobile.android</code>, <code>mobile.ios</code>, <code>allowed_logout_urls</code>,
-            <code>token_endpoint_auth_method</code>, <code>is_first_party</code>, <code>oidc_conformant</code>,
-            <code>is_token_endpoint_ip_header_trusted</code>, <code>initiate_login_uri</code>, <code>grant_types</code>,
-            <code>refresh_token</code>, <code>refresh_token.rotation_type</code>, <code>refresh_token.expiration_type</code>,
-            <code>refresh_token.leeway</code>, <code>refresh_token.token_lifetime</code>, <code>refresh_token.policies</code>, <code>organization_usage</code>,
-            <code>organization_require_behavior</code>.
-          </li>
-          <li>
-            The following properties can only be retrieved with the <code>read:client_keys</code> or <code>read:client_credentials</code> scopes:
-            <code>encryption_key</code>, <code>encryption_key.pub</code>, <code>encryption_key.cert</code>,
-            <code>client_secret</code>, <code>client_authentication_methods</code> and <code>signing_key</code>.
-          </li>
-        </ul>
+        For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
+
+        - The following properties can be retrieved with any of the scopes:
+            `client_id`, `app_type`, `name`, and `description`.
+        - The following properties can only be retrieved with the `read:clients` or
+            `read:client_keys` scopes:
+            `callbacks`, `oidc_logout`, `allowed_origins`,
+            `web_origins`, `tenant`, `global`, `config_route`,
+            `callback_url_template`, `jwt_configuration`,
+            `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`,
+            `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`,
+            `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`,
+            `custom_login_page_off`, `sso`, `addons`, `form_template`,
+            `custom_login_page_codeview`, `resource_servers`, `client_metadata`,
+            `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`,
+            `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`,
+            `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`,
+            `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`,
+            `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`,
+            `organization_require_behavior`.
+        - The following properties can only be retrieved with the `read:client_keys` or `read:client_credentials` scopes:
+            `encryption_key`, `encryption_key.pub`, `encryption_key.cert`,
+            `client_secret`, `client_authentication_methods` and `signing_key`.
 
         Parameters
         ----------
@@ -2752,15 +2718,15 @@ async def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[UpdateClientResponseContent]:
         """
-        Updates a client's settings. For more information, read <a href="https://www.auth0.com/docs/get-started/applications"> Applications in Auth0</a> and <a href="https://www.auth0.com/docs/authenticate/single-sign-on"> Single Sign-On</a>.
+        Updates a client's settings. For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on).
 
         Notes:
         - The `client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope.
-        - The <code>client_authentication_methods</code> and <code>token_endpoint_auth_method</code> properties are mutually exclusive. Use <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method. Otherwise, use <code>token_endpoint_auth_method</code> to configure the client with client secret (basic or post) or with no authentication method (none).
-        - When using <code>client_authentication_methods</code> to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
-        - To configure <code>client_authentication_methods</code>, the <code>update:client_credentials</code> scope is required.
-        - To configure <code>client_authentication_methods</code>, the property <code>jwt_configuration.alg</code> must be set to RS256.
-        - To change a client's <code>is_first_party</code> property to <code>false</code>, the <code>organization_usage</code> and <code>organization_require_behavior</code> properties must be unset.
+        - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` to configure the client with client secret (basic or post) or with no authentication method (none).
+        - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
+        - To configure `client_authentication_methods`, the `update:client_credentials` scope is required.
+        - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256.
+        - To change a client's `is_first_party` property to `false`, the `organization_usage` and `organization_require_behavior` properties must be unset.
 
         Parameters
         ----------
@@ -3113,7 +3079,7 @@ async def rotate_secret(
 
         This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded.
 
-        For more information, read <a href="https://www.auth0.com/docs/get-started/applications/rotate-client-secret">Rotate Client Secrets</a>.
+        For more information, read [Rotate Client Secrets](https://www.auth0.com/docs/get-started/applications/rotate-client-secret).
 
         Parameters
         ----------
diff --git a/src/auth0/management/connection_profiles/raw_client.py b/src/auth0/management/connection_profiles/raw_client.py
index effb0314..b656a610 100644
--- a/src/auth0/management/connection_profiles/raw_client.py
+++ b/src/auth0/management/connection_profiles/raw_client.py
@@ -699,6 +699,17 @@ def update(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -1387,6 +1398,17 @@ async def update(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/connections/users/raw_client.py b/src/auth0/management/connections/users/raw_client.py
index f3caa18e..98bcadd9 100644
--- a/src/auth0/management/connections/users/raw_client.py
+++ b/src/auth0/management/connections/users/raw_client.py
@@ -12,6 +12,7 @@
 from ...core.request_options import RequestOptions
 from ...errors.bad_request_error import BadRequestError
 from ...errors.forbidden_error import ForbiddenError
+from ...errors.not_found_error import NotFoundError
 from ...errors.too_many_requests_error import TooManyRequestsError
 from ...errors.unauthorized_error import UnauthorizedError
 from pydantic import ValidationError
@@ -86,6 +87,17 @@ def delete_by_email(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -176,6 +188,17 @@ async def delete_by_email(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/core/client_wrapper.py b/src/auth0/management/core/client_wrapper.py
index 60ebc5a6..b1aed4b2 100644
--- a/src/auth0/management/core/client_wrapper.py
+++ b/src/auth0/management/core/client_wrapper.py
@@ -1,11 +1,6 @@
 # This file was auto-generated by Fern from our API Definition.
-# Modified by Auth0 to use Auth0 telemetry format with dynamic versioning
 
-import base64
-import platform
-import sys
 import typing
-from json import dumps
 
 import httpx
 from .http_client import AsyncHttpClient, HttpClient
@@ -31,18 +26,15 @@ def __init__(
         self._logging = logging
 
     def get_headers(self) -> typing.Dict[str, str]:
-        py_version = platform.python_version()
-        version = sys.modules["auth0"].__version__
-
-        auth0_client = dumps({
-            "name": "auth0-python",
-            "version": version,
-            "env": {"python": py_version}
-        }).encode("utf-8")
+        import platform
 
         headers: typing.Dict[str, str] = {
-            "User-Agent": f"Python/{py_version}",
-            "Auth0-Client": base64.b64encode(auth0_client).decode(),
+            "User-Agent": "auth0-python/5.6.0",
+            "X-Fern-Language": "Python",
+            "X-Fern-Runtime": f"python/{platform.python_version()}",
+            "X-Fern-Platform": f"{platform.system().lower()}/{platform.release()}",
+            "X-Fern-SDK-Name": "auth0-python",
+            "X-Fern-SDK-Version": "5.6.0",
             **(self.get_custom_headers() or {}),
         }
         headers["Authorization"] = f"Bearer {self._get_token()}"
diff --git a/src/auth0/management/custom_domains/raw_client.py b/src/auth0/management/custom_domains/raw_client.py
index bcf336a1..6d6fc82c 100644
--- a/src/auth0/management/custom_domains/raw_client.py
+++ b/src/auth0/management/custom_domains/raw_client.py
@@ -581,6 +581,17 @@ def delete(self, id: str, *, request_options: typing.Optional[RequestOptions] =
                         ),
                     ),
                 )
+            if _response.status_code == 409:
+                raise ConflictError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -1498,6 +1509,17 @@ async def delete(
                         ),
                     ),
                 )
+            if _response.status_code == 409:
+                raise ConflictError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/device_credentials/client.py b/src/auth0/management/device_credentials/client.py
index b10acd55..e813868e 100644
--- a/src/auth0/management/device_credentials/client.py
+++ b/src/auth0/management/device_credentials/client.py
@@ -47,7 +47,7 @@ def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> SyncPager[DeviceCredential, ListDeviceCredentialsOffsetPaginatedResponseContent]:
         """
-        Retrieve device credential information (<code>public_key</code>, <code>refresh_token</code>, or <code>rotating_refresh_token</code>) associated with a specific user.
+        Retrieve device credential information (`public_key`, `refresh_token`, or `rotating_refresh_token`) associated with a specific user.
 
         Parameters
         ----------
@@ -129,9 +129,9 @@ def create_public_key(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreatePublicKeyDeviceCredentialResponseContent:
         """
-        Create a device credential public key to manage refresh token rotation for a given <code>user_id</code>. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
+        Create a device credential public key to manage refresh token rotation for a given `user_id`. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
 
-        When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read <a href="https://auth0.com/docs/get-started/tenant-settings/signing-keys"> Signing Keys</a>.
+        When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read [Signing Keys](https://auth0.com/docs/get-started/tenant-settings/signing-keys).
 
         Parameters
         ----------
@@ -241,7 +241,7 @@ async def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncPager[DeviceCredential, ListDeviceCredentialsOffsetPaginatedResponseContent]:
         """
-        Retrieve device credential information (<code>public_key</code>, <code>refresh_token</code>, or <code>rotating_refresh_token</code>) associated with a specific user.
+        Retrieve device credential information (`public_key`, `refresh_token`, or `rotating_refresh_token`) associated with a specific user.
 
         Parameters
         ----------
@@ -332,9 +332,9 @@ async def create_public_key(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreatePublicKeyDeviceCredentialResponseContent:
         """
-        Create a device credential public key to manage refresh token rotation for a given <code>user_id</code>. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
+        Create a device credential public key to manage refresh token rotation for a given `user_id`. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
 
-        When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read <a href="https://auth0.com/docs/get-started/tenant-settings/signing-keys"> Signing Keys</a>.
+        When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read [Signing Keys](https://auth0.com/docs/get-started/tenant-settings/signing-keys).
 
         Parameters
         ----------
diff --git a/src/auth0/management/device_credentials/raw_client.py b/src/auth0/management/device_credentials/raw_client.py
index c2a21117..b895495b 100644
--- a/src/auth0/management/device_credentials/raw_client.py
+++ b/src/auth0/management/device_credentials/raw_client.py
@@ -47,7 +47,7 @@ def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> SyncPager[DeviceCredential, ListDeviceCredentialsOffsetPaginatedResponseContent]:
         """
-        Retrieve device credential information (<code>public_key</code>, <code>refresh_token</code>, or <code>rotating_refresh_token</code>) associated with a specific user.
+        Retrieve device credential information (`public_key`, `refresh_token`, or `rotating_refresh_token`) associated with a specific user.
 
         Parameters
         ----------
@@ -187,9 +187,9 @@ def create_public_key(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[CreatePublicKeyDeviceCredentialResponseContent]:
         """
-        Create a device credential public key to manage refresh token rotation for a given <code>user_id</code>. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
+        Create a device credential public key to manage refresh token rotation for a given `user_id`. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
 
-        When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read <a href="https://auth0.com/docs/get-started/tenant-settings/signing-keys"> Signing Keys</a>.
+        When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read [Signing Keys](https://auth0.com/docs/get-started/tenant-settings/signing-keys).
 
         Parameters
         ----------
@@ -401,7 +401,7 @@ async def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncPager[DeviceCredential, ListDeviceCredentialsOffsetPaginatedResponseContent]:
         """
-        Retrieve device credential information (<code>public_key</code>, <code>refresh_token</code>, or <code>rotating_refresh_token</code>) associated with a specific user.
+        Retrieve device credential information (`public_key`, `refresh_token`, or `rotating_refresh_token`) associated with a specific user.
 
         Parameters
         ----------
@@ -544,9 +544,9 @@ async def create_public_key(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[CreatePublicKeyDeviceCredentialResponseContent]:
         """
-        Create a device credential public key to manage refresh token rotation for a given <code>user_id</code>. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
+        Create a device credential public key to manage refresh token rotation for a given `user_id`. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.
 
-        When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read <a href="https://auth0.com/docs/get-started/tenant-settings/signing-keys"> Signing Keys</a>.
+        When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read [Signing Keys](https://auth0.com/docs/get-started/tenant-settings/signing-keys).
 
         Parameters
         ----------
diff --git a/src/auth0/management/emails/provider/client.py b/src/auth0/management/emails/provider/client.py
index c5da2861..38dadccc 100644
--- a/src/auth0/management/emails/provider/client.py
+++ b/src/auth0/management/emails/provider/client.py
@@ -41,7 +41,7 @@ def get(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> GetEmailProviderResponseContent:
         """
-        Retrieve details of the <a href="https://auth0.com/docs/customize/email/smtp-email-providers">email provider configuration</a> in your tenant. A list of fields to include or exclude may also be specified.
+        Retrieve details of the [email provider configuration](https://auth0.com/docs/customize/email/smtp-email-providers) in your tenant. A list of fields to include or exclude may also be specified.
 
         Parameters
         ----------
@@ -85,48 +85,31 @@ def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreateEmailProviderResponseContent:
         """
-        Create an <a href="https://auth0.com/docs/email/providers">email provider</a>. The <code>credentials</code> object
-        requires different properties depending on the email provider (which is specified using the <code>name</code> property):
-        <ul>
-          <li><code>mandrill</code> requires <code>api_key</code></li>
-          <li><code>sendgrid</code> requires <code>api_key</code></li>
-          <li>
-            <code>sparkpost</code> requires <code>api_key</code>. Optionally, set <code>region</code> to <code>eu</code> to use
-            the SparkPost service hosted in Western Europe; set to <code>null</code> to use the SparkPost service hosted in
-            North America. <code>eu</code> or <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li>
-            <code>mailgun</code> requires <code>api_key</code> and <code>domain</code>. Optionally, set <code>region</code> to
-            <code>eu</code> to use the Mailgun service hosted in Europe; set to <code>null</code> otherwise. <code>eu</code> or
-            <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li><code>ses</code> requires <code>accessKeyId</code>, <code>secretAccessKey</code>, and <code>region</code></li>
-          <li>
-            <code>smtp</code> requires <code>smtp_host</code>, <code>smtp_port</code>, <code>smtp_user</code>, and
-            <code>smtp_pass</code>
-          </li>
-        </ul>
-        Depending on the type of provider it is possible to specify <code>settings</code> object with different configuration
+        Create an [email provider](https://auth0.com/docs/email/providers). The `credentials` object
+        requires different properties depending on the email provider (which is specified using the `name` property):
+
+        - `mandrill` requires `api_key`
+        - `sendgrid` requires `api_key`
+        - `sparkpost` requires `api_key`. Optionally, set `region` to `eu` to use
+            the SparkPost service hosted in Western Europe; set to `null` to use the SparkPost service hosted in
+            North America. `eu` or `null` are the only valid values for `region`.
+        - `mailgun` requires `api_key` and `domain`. Optionally, set `region` to
+            `eu` to use the Mailgun service hosted in Europe; set to `null` otherwise. `eu` or
+            `null` are the only valid values for `region`.
+        - `ses` requires `accessKeyId`, `secretAccessKey`, and `region`
+        - `smtp` requires `smtp_host`, `smtp_port`, `smtp_user`, and
+            `smtp_pass`
+
+        Depending on the type of provider it is possible to specify `settings` object with different configuration
         options, which will be used when sending an email:
-        <ul>
-          <li>
-            <code>smtp</code> provider, <code>settings</code> may contain <code>headers</code> object.
-            <ul>
-              <li>
-                When using AWS SES SMTP host, you may provide a name of configuration set in
-                <code>X-SES-Configuration-Set</code> header. Value must be a string.
-              </li>
-              <li>
-                When using Sparkpost host, you may provide value for
-                <code>X-MSYS_API</code> header. Value must be an object.
-              </li>
-            </ul>
-          </li>
-          <li>
-            for <code>ses</code> provider, <code>settings</code> may contain <code>message</code> object, where you can provide
-            a name of configuration set in <code>configuration_set_name</code> property. Value must be a string.
-          </li>
-        </ul>
+
+        - `smtp` provider, `settings` may contain `headers` object.
+            - When using AWS SES SMTP host, you may provide a name of configuration set in
+              `X-SES-Configuration-Set` header. Value must be a string.
+            - When using Sparkpost host, you may provide value for
+              `X-MSYS_API` header. Value must be an object.
+        - For `ses` provider, `settings` may contain `message` object, where you can provide
+          a name of configuration set in `configuration_set_name` property. Value must be a string.
 
         Parameters
         ----------
@@ -210,46 +193,32 @@ def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateEmailProviderResponseContent:
         """
-        Update an <a href="https://auth0.com/docs/email/providers">email provider</a>. The <code>credentials</code> object
-        requires different properties depending on the email provider (which is specified using the <code>name</code> property):
-        <ul>
-          <li><code>mandrill</code> requires <code>api_key</code></li>
-          <li><code>sendgrid</code> requires <code>api_key</code></li>
-          <li>
-            <code>sparkpost</code> requires <code>api_key</code>. Optionally, set <code>region</code> to <code>eu</code> to use
-            the SparkPost service hosted in Western Europe; set to <code>null</code> to use the SparkPost service hosted in
-            North America. <code>eu</code> or <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li>
-            <code>mailgun</code> requires <code>api_key</code> and <code>domain</code>. Optionally, set <code>region</code> to
-            <code>eu</code> to use the Mailgun service hosted in Europe; set to <code>null</code> otherwise. <code>eu</code> or
-            <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li><code>ses</code> requires <code>accessKeyId</code>, <code>secretAccessKey</code>, and <code>region</code></li>
-          <li>
-            <code>smtp</code> requires <code>smtp_host</code>, <code>smtp_port</code>, <code>smtp_user</code>, and
-            <code>smtp_pass</code>
-          </li>
-        </ul>
-        Depending on the type of provider it is possible to specify <code>settings</code> object with different configuration
+        Update an [email provider](https://auth0.com/docs/email/providers). The `credentials` object
+        requires different properties depending on the email provider (which is specified using the `name` property):
+
+        - `mandrill` requires `api_key`
+        - `sendgrid` requires `api_key`
+        - `sparkpost` requires `api_key`. Optionally, set `region` to `eu` to use
+            the SparkPost service hosted in Western Europe; set to `null` to use the SparkPost service hosted in
+            North America. `eu` or `null` are the only valid values for `region`.
+        - `mailgun` requires `api_key` and `domain`. Optionally, set `region` to
+            `eu` to use the Mailgun service hosted in Europe; set to `null` otherwise. `eu` or
+            `null` are the only valid values for `region`.
+        - `ses` requires `accessKeyId`, `secretAccessKey`, and `region`
+        - `smtp` requires `smtp_host`, `smtp_port`, `smtp_user`, and
+            `smtp_pass`
+
+        Depending on the type of provider it is possible to specify `settings` object with different configuration
         options, which will be used when sending an email:
-        <ul>
-          <li>
-            <code>smtp</code> provider, <code>settings</code> may contain <code>headers</code> object.
-            <ul>
-              <li>
-                When using AWS SES SMTP host, you may provide a name of configuration set in
-                <code>X-SES-Configuration-Set</code> header. Value must be a string.
-              </li>
-              <li>
-                When using Sparkpost host, you may provide value for
-                <code>X-MSYS_API</code> header. Value must be an object.
-              </li>
-            </ul>
-            for <code>ses</code> provider, <code>settings</code> may contain <code>message</code> object, where you can provide
-            a name of configuration set in <code>configuration_set_name</code> property. Value must be a string.
-          </li>
-        </ul>
+
+        - `smtp` provider, `settings` may contain `headers` object.
+            - When using AWS SES SMTP host, you may provide a name of configuration set in
+              `X-SES-Configuration-Set` header. Value must be a string.
+            - When using Sparkpost host, you may provide value for
+              `X-MSYS_API` header. Value must be an object.
+
+          For `ses` provider, `settings` may contain `message` object, where you can provide
+          a name of configuration set in `configuration_set_name` property. Value must be a string.
 
         Parameters
         ----------
@@ -316,7 +285,7 @@ async def get(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> GetEmailProviderResponseContent:
         """
-        Retrieve details of the <a href="https://auth0.com/docs/customize/email/smtp-email-providers">email provider configuration</a> in your tenant. A list of fields to include or exclude may also be specified.
+        Retrieve details of the [email provider configuration](https://auth0.com/docs/customize/email/smtp-email-providers) in your tenant. A list of fields to include or exclude may also be specified.
 
         Parameters
         ----------
@@ -370,48 +339,31 @@ async def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreateEmailProviderResponseContent:
         """
-        Create an <a href="https://auth0.com/docs/email/providers">email provider</a>. The <code>credentials</code> object
-        requires different properties depending on the email provider (which is specified using the <code>name</code> property):
-        <ul>
-          <li><code>mandrill</code> requires <code>api_key</code></li>
-          <li><code>sendgrid</code> requires <code>api_key</code></li>
-          <li>
-            <code>sparkpost</code> requires <code>api_key</code>. Optionally, set <code>region</code> to <code>eu</code> to use
-            the SparkPost service hosted in Western Europe; set to <code>null</code> to use the SparkPost service hosted in
-            North America. <code>eu</code> or <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li>
-            <code>mailgun</code> requires <code>api_key</code> and <code>domain</code>. Optionally, set <code>region</code> to
-            <code>eu</code> to use the Mailgun service hosted in Europe; set to <code>null</code> otherwise. <code>eu</code> or
-            <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li><code>ses</code> requires <code>accessKeyId</code>, <code>secretAccessKey</code>, and <code>region</code></li>
-          <li>
-            <code>smtp</code> requires <code>smtp_host</code>, <code>smtp_port</code>, <code>smtp_user</code>, and
-            <code>smtp_pass</code>
-          </li>
-        </ul>
-        Depending on the type of provider it is possible to specify <code>settings</code> object with different configuration
+        Create an [email provider](https://auth0.com/docs/email/providers). The `credentials` object
+        requires different properties depending on the email provider (which is specified using the `name` property):
+
+        - `mandrill` requires `api_key`
+        - `sendgrid` requires `api_key`
+        - `sparkpost` requires `api_key`. Optionally, set `region` to `eu` to use
+            the SparkPost service hosted in Western Europe; set to `null` to use the SparkPost service hosted in
+            North America. `eu` or `null` are the only valid values for `region`.
+        - `mailgun` requires `api_key` and `domain`. Optionally, set `region` to
+            `eu` to use the Mailgun service hosted in Europe; set to `null` otherwise. `eu` or
+            `null` are the only valid values for `region`.
+        - `ses` requires `accessKeyId`, `secretAccessKey`, and `region`
+        - `smtp` requires `smtp_host`, `smtp_port`, `smtp_user`, and
+            `smtp_pass`
+
+        Depending on the type of provider it is possible to specify `settings` object with different configuration
         options, which will be used when sending an email:
-        <ul>
-          <li>
-            <code>smtp</code> provider, <code>settings</code> may contain <code>headers</code> object.
-            <ul>
-              <li>
-                When using AWS SES SMTP host, you may provide a name of configuration set in
-                <code>X-SES-Configuration-Set</code> header. Value must be a string.
-              </li>
-              <li>
-                When using Sparkpost host, you may provide value for
-                <code>X-MSYS_API</code> header. Value must be an object.
-              </li>
-            </ul>
-          </li>
-          <li>
-            for <code>ses</code> provider, <code>settings</code> may contain <code>message</code> object, where you can provide
-            a name of configuration set in <code>configuration_set_name</code> property. Value must be a string.
-          </li>
-        </ul>
+
+        - `smtp` provider, `settings` may contain `headers` object.
+            - When using AWS SES SMTP host, you may provide a name of configuration set in
+              `X-SES-Configuration-Set` header. Value must be a string.
+            - When using Sparkpost host, you may provide value for
+              `X-MSYS_API` header. Value must be an object.
+        - For `ses` provider, `settings` may contain `message` object, where you can provide
+          a name of configuration set in `configuration_set_name` property. Value must be a string.
 
         Parameters
         ----------
@@ -511,46 +463,32 @@ async def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateEmailProviderResponseContent:
         """
-        Update an <a href="https://auth0.com/docs/email/providers">email provider</a>. The <code>credentials</code> object
-        requires different properties depending on the email provider (which is specified using the <code>name</code> property):
-        <ul>
-          <li><code>mandrill</code> requires <code>api_key</code></li>
-          <li><code>sendgrid</code> requires <code>api_key</code></li>
-          <li>
-            <code>sparkpost</code> requires <code>api_key</code>. Optionally, set <code>region</code> to <code>eu</code> to use
-            the SparkPost service hosted in Western Europe; set to <code>null</code> to use the SparkPost service hosted in
-            North America. <code>eu</code> or <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li>
-            <code>mailgun</code> requires <code>api_key</code> and <code>domain</code>. Optionally, set <code>region</code> to
-            <code>eu</code> to use the Mailgun service hosted in Europe; set to <code>null</code> otherwise. <code>eu</code> or
-            <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li><code>ses</code> requires <code>accessKeyId</code>, <code>secretAccessKey</code>, and <code>region</code></li>
-          <li>
-            <code>smtp</code> requires <code>smtp_host</code>, <code>smtp_port</code>, <code>smtp_user</code>, and
-            <code>smtp_pass</code>
-          </li>
-        </ul>
-        Depending on the type of provider it is possible to specify <code>settings</code> object with different configuration
+        Update an [email provider](https://auth0.com/docs/email/providers). The `credentials` object
+        requires different properties depending on the email provider (which is specified using the `name` property):
+
+        - `mandrill` requires `api_key`
+        - `sendgrid` requires `api_key`
+        - `sparkpost` requires `api_key`. Optionally, set `region` to `eu` to use
+            the SparkPost service hosted in Western Europe; set to `null` to use the SparkPost service hosted in
+            North America. `eu` or `null` are the only valid values for `region`.
+        - `mailgun` requires `api_key` and `domain`. Optionally, set `region` to
+            `eu` to use the Mailgun service hosted in Europe; set to `null` otherwise. `eu` or
+            `null` are the only valid values for `region`.
+        - `ses` requires `accessKeyId`, `secretAccessKey`, and `region`
+        - `smtp` requires `smtp_host`, `smtp_port`, `smtp_user`, and
+            `smtp_pass`
+
+        Depending on the type of provider it is possible to specify `settings` object with different configuration
         options, which will be used when sending an email:
-        <ul>
-          <li>
-            <code>smtp</code> provider, <code>settings</code> may contain <code>headers</code> object.
-            <ul>
-              <li>
-                When using AWS SES SMTP host, you may provide a name of configuration set in
-                <code>X-SES-Configuration-Set</code> header. Value must be a string.
-              </li>
-              <li>
-                When using Sparkpost host, you may provide value for
-                <code>X-MSYS_API</code> header. Value must be an object.
-              </li>
-            </ul>
-            for <code>ses</code> provider, <code>settings</code> may contain <code>message</code> object, where you can provide
-            a name of configuration set in <code>configuration_set_name</code> property. Value must be a string.
-          </li>
-        </ul>
+
+        - `smtp` provider, `settings` may contain `headers` object.
+            - When using AWS SES SMTP host, you may provide a name of configuration set in
+              `X-SES-Configuration-Set` header. Value must be a string.
+            - When using Sparkpost host, you may provide value for
+              `X-MSYS_API` header. Value must be an object.
+
+          For `ses` provider, `settings` may contain `message` object, where you can provide
+          a name of configuration set in `configuration_set_name` property. Value must be a string.
 
         Parameters
         ----------
diff --git a/src/auth0/management/emails/provider/raw_client.py b/src/auth0/management/emails/provider/raw_client.py
index 84c1ff24..625e2617 100644
--- a/src/auth0/management/emails/provider/raw_client.py
+++ b/src/auth0/management/emails/provider/raw_client.py
@@ -42,7 +42,7 @@ def get(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[GetEmailProviderResponseContent]:
         """
-        Retrieve details of the <a href="https://auth0.com/docs/customize/email/smtp-email-providers">email provider configuration</a> in your tenant. A list of fields to include or exclude may also be specified.
+        Retrieve details of the [email provider configuration](https://auth0.com/docs/customize/email/smtp-email-providers) in your tenant. A list of fields to include or exclude may also be specified.
 
         Parameters
         ----------
@@ -154,48 +154,31 @@ def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[CreateEmailProviderResponseContent]:
         """
-        Create an <a href="https://auth0.com/docs/email/providers">email provider</a>. The <code>credentials</code> object
-        requires different properties depending on the email provider (which is specified using the <code>name</code> property):
-        <ul>
-          <li><code>mandrill</code> requires <code>api_key</code></li>
-          <li><code>sendgrid</code> requires <code>api_key</code></li>
-          <li>
-            <code>sparkpost</code> requires <code>api_key</code>. Optionally, set <code>region</code> to <code>eu</code> to use
-            the SparkPost service hosted in Western Europe; set to <code>null</code> to use the SparkPost service hosted in
-            North America. <code>eu</code> or <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li>
-            <code>mailgun</code> requires <code>api_key</code> and <code>domain</code>. Optionally, set <code>region</code> to
-            <code>eu</code> to use the Mailgun service hosted in Europe; set to <code>null</code> otherwise. <code>eu</code> or
-            <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li><code>ses</code> requires <code>accessKeyId</code>, <code>secretAccessKey</code>, and <code>region</code></li>
-          <li>
-            <code>smtp</code> requires <code>smtp_host</code>, <code>smtp_port</code>, <code>smtp_user</code>, and
-            <code>smtp_pass</code>
-          </li>
-        </ul>
-        Depending on the type of provider it is possible to specify <code>settings</code> object with different configuration
+        Create an [email provider](https://auth0.com/docs/email/providers). The `credentials` object
+        requires different properties depending on the email provider (which is specified using the `name` property):
+
+        - `mandrill` requires `api_key`
+        - `sendgrid` requires `api_key`
+        - `sparkpost` requires `api_key`. Optionally, set `region` to `eu` to use
+            the SparkPost service hosted in Western Europe; set to `null` to use the SparkPost service hosted in
+            North America. `eu` or `null` are the only valid values for `region`.
+        - `mailgun` requires `api_key` and `domain`. Optionally, set `region` to
+            `eu` to use the Mailgun service hosted in Europe; set to `null` otherwise. `eu` or
+            `null` are the only valid values for `region`.
+        - `ses` requires `accessKeyId`, `secretAccessKey`, and `region`
+        - `smtp` requires `smtp_host`, `smtp_port`, `smtp_user`, and
+            `smtp_pass`
+
+        Depending on the type of provider it is possible to specify `settings` object with different configuration
         options, which will be used when sending an email:
-        <ul>
-          <li>
-            <code>smtp</code> provider, <code>settings</code> may contain <code>headers</code> object.
-            <ul>
-              <li>
-                When using AWS SES SMTP host, you may provide a name of configuration set in
-                <code>X-SES-Configuration-Set</code> header. Value must be a string.
-              </li>
-              <li>
-                When using Sparkpost host, you may provide value for
-                <code>X-MSYS_API</code> header. Value must be an object.
-              </li>
-            </ul>
-          </li>
-          <li>
-            for <code>ses</code> provider, <code>settings</code> may contain <code>message</code> object, where you can provide
-            a name of configuration set in <code>configuration_set_name</code> property. Value must be a string.
-          </li>
-        </ul>
+
+        - `smtp` provider, `settings` may contain `headers` object.
+            - When using AWS SES SMTP host, you may provide a name of configuration set in
+              `X-SES-Configuration-Set` header. Value must be a string.
+            - When using Sparkpost host, you may provide value for
+              `X-MSYS_API` header. Value must be an object.
+        - For `ses` provider, `settings` may contain `message` object, where you can provide
+          a name of configuration set in `configuration_set_name` property. Value must be a string.
 
         Parameters
         ----------
@@ -407,46 +390,32 @@ def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[UpdateEmailProviderResponseContent]:
         """
-        Update an <a href="https://auth0.com/docs/email/providers">email provider</a>. The <code>credentials</code> object
-        requires different properties depending on the email provider (which is specified using the <code>name</code> property):
-        <ul>
-          <li><code>mandrill</code> requires <code>api_key</code></li>
-          <li><code>sendgrid</code> requires <code>api_key</code></li>
-          <li>
-            <code>sparkpost</code> requires <code>api_key</code>. Optionally, set <code>region</code> to <code>eu</code> to use
-            the SparkPost service hosted in Western Europe; set to <code>null</code> to use the SparkPost service hosted in
-            North America. <code>eu</code> or <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li>
-            <code>mailgun</code> requires <code>api_key</code> and <code>domain</code>. Optionally, set <code>region</code> to
-            <code>eu</code> to use the Mailgun service hosted in Europe; set to <code>null</code> otherwise. <code>eu</code> or
-            <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li><code>ses</code> requires <code>accessKeyId</code>, <code>secretAccessKey</code>, and <code>region</code></li>
-          <li>
-            <code>smtp</code> requires <code>smtp_host</code>, <code>smtp_port</code>, <code>smtp_user</code>, and
-            <code>smtp_pass</code>
-          </li>
-        </ul>
-        Depending on the type of provider it is possible to specify <code>settings</code> object with different configuration
+        Update an [email provider](https://auth0.com/docs/email/providers). The `credentials` object
+        requires different properties depending on the email provider (which is specified using the `name` property):
+
+        - `mandrill` requires `api_key`
+        - `sendgrid` requires `api_key`
+        - `sparkpost` requires `api_key`. Optionally, set `region` to `eu` to use
+            the SparkPost service hosted in Western Europe; set to `null` to use the SparkPost service hosted in
+            North America. `eu` or `null` are the only valid values for `region`.
+        - `mailgun` requires `api_key` and `domain`. Optionally, set `region` to
+            `eu` to use the Mailgun service hosted in Europe; set to `null` otherwise. `eu` or
+            `null` are the only valid values for `region`.
+        - `ses` requires `accessKeyId`, `secretAccessKey`, and `region`
+        - `smtp` requires `smtp_host`, `smtp_port`, `smtp_user`, and
+            `smtp_pass`
+
+        Depending on the type of provider it is possible to specify `settings` object with different configuration
         options, which will be used when sending an email:
-        <ul>
-          <li>
-            <code>smtp</code> provider, <code>settings</code> may contain <code>headers</code> object.
-            <ul>
-              <li>
-                When using AWS SES SMTP host, you may provide a name of configuration set in
-                <code>X-SES-Configuration-Set</code> header. Value must be a string.
-              </li>
-              <li>
-                When using Sparkpost host, you may provide value for
-                <code>X-MSYS_API</code> header. Value must be an object.
-              </li>
-            </ul>
-            for <code>ses</code> provider, <code>settings</code> may contain <code>message</code> object, where you can provide
-            a name of configuration set in <code>configuration_set_name</code> property. Value must be a string.
-          </li>
-        </ul>
+
+        - `smtp` provider, `settings` may contain `headers` object.
+            - When using AWS SES SMTP host, you may provide a name of configuration set in
+              `X-SES-Configuration-Set` header. Value must be a string.
+            - When using Sparkpost host, you may provide value for
+              `X-MSYS_API` header. Value must be an object.
+
+          For `ses` provider, `settings` may contain `message` object, where you can provide
+          a name of configuration set in `configuration_set_name` property. Value must be a string.
 
         Parameters
         ----------
@@ -586,7 +555,7 @@ async def get(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[GetEmailProviderResponseContent]:
         """
-        Retrieve details of the <a href="https://auth0.com/docs/customize/email/smtp-email-providers">email provider configuration</a> in your tenant. A list of fields to include or exclude may also be specified.
+        Retrieve details of the [email provider configuration](https://auth0.com/docs/customize/email/smtp-email-providers) in your tenant. A list of fields to include or exclude may also be specified.
 
         Parameters
         ----------
@@ -698,48 +667,31 @@ async def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[CreateEmailProviderResponseContent]:
         """
-        Create an <a href="https://auth0.com/docs/email/providers">email provider</a>. The <code>credentials</code> object
-        requires different properties depending on the email provider (which is specified using the <code>name</code> property):
-        <ul>
-          <li><code>mandrill</code> requires <code>api_key</code></li>
-          <li><code>sendgrid</code> requires <code>api_key</code></li>
-          <li>
-            <code>sparkpost</code> requires <code>api_key</code>. Optionally, set <code>region</code> to <code>eu</code> to use
-            the SparkPost service hosted in Western Europe; set to <code>null</code> to use the SparkPost service hosted in
-            North America. <code>eu</code> or <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li>
-            <code>mailgun</code> requires <code>api_key</code> and <code>domain</code>. Optionally, set <code>region</code> to
-            <code>eu</code> to use the Mailgun service hosted in Europe; set to <code>null</code> otherwise. <code>eu</code> or
-            <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li><code>ses</code> requires <code>accessKeyId</code>, <code>secretAccessKey</code>, and <code>region</code></li>
-          <li>
-            <code>smtp</code> requires <code>smtp_host</code>, <code>smtp_port</code>, <code>smtp_user</code>, and
-            <code>smtp_pass</code>
-          </li>
-        </ul>
-        Depending on the type of provider it is possible to specify <code>settings</code> object with different configuration
+        Create an [email provider](https://auth0.com/docs/email/providers). The `credentials` object
+        requires different properties depending on the email provider (which is specified using the `name` property):
+
+        - `mandrill` requires `api_key`
+        - `sendgrid` requires `api_key`
+        - `sparkpost` requires `api_key`. Optionally, set `region` to `eu` to use
+            the SparkPost service hosted in Western Europe; set to `null` to use the SparkPost service hosted in
+            North America. `eu` or `null` are the only valid values for `region`.
+        - `mailgun` requires `api_key` and `domain`. Optionally, set `region` to
+            `eu` to use the Mailgun service hosted in Europe; set to `null` otherwise. `eu` or
+            `null` are the only valid values for `region`.
+        - `ses` requires `accessKeyId`, `secretAccessKey`, and `region`
+        - `smtp` requires `smtp_host`, `smtp_port`, `smtp_user`, and
+            `smtp_pass`
+
+        Depending on the type of provider it is possible to specify `settings` object with different configuration
         options, which will be used when sending an email:
-        <ul>
-          <li>
-            <code>smtp</code> provider, <code>settings</code> may contain <code>headers</code> object.
-            <ul>
-              <li>
-                When using AWS SES SMTP host, you may provide a name of configuration set in
-                <code>X-SES-Configuration-Set</code> header. Value must be a string.
-              </li>
-              <li>
-                When using Sparkpost host, you may provide value for
-                <code>X-MSYS_API</code> header. Value must be an object.
-              </li>
-            </ul>
-          </li>
-          <li>
-            for <code>ses</code> provider, <code>settings</code> may contain <code>message</code> object, where you can provide
-            a name of configuration set in <code>configuration_set_name</code> property. Value must be a string.
-          </li>
-        </ul>
+
+        - `smtp` provider, `settings` may contain `headers` object.
+            - When using AWS SES SMTP host, you may provide a name of configuration set in
+              `X-SES-Configuration-Set` header. Value must be a string.
+            - When using Sparkpost host, you may provide value for
+              `X-MSYS_API` header. Value must be an object.
+        - For `ses` provider, `settings` may contain `message` object, where you can provide
+          a name of configuration set in `configuration_set_name` property. Value must be a string.
 
         Parameters
         ----------
@@ -951,46 +903,32 @@ async def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[UpdateEmailProviderResponseContent]:
         """
-        Update an <a href="https://auth0.com/docs/email/providers">email provider</a>. The <code>credentials</code> object
-        requires different properties depending on the email provider (which is specified using the <code>name</code> property):
-        <ul>
-          <li><code>mandrill</code> requires <code>api_key</code></li>
-          <li><code>sendgrid</code> requires <code>api_key</code></li>
-          <li>
-            <code>sparkpost</code> requires <code>api_key</code>. Optionally, set <code>region</code> to <code>eu</code> to use
-            the SparkPost service hosted in Western Europe; set to <code>null</code> to use the SparkPost service hosted in
-            North America. <code>eu</code> or <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li>
-            <code>mailgun</code> requires <code>api_key</code> and <code>domain</code>. Optionally, set <code>region</code> to
-            <code>eu</code> to use the Mailgun service hosted in Europe; set to <code>null</code> otherwise. <code>eu</code> or
-            <code>null</code> are the only valid values for <code>region</code>.
-          </li>
-          <li><code>ses</code> requires <code>accessKeyId</code>, <code>secretAccessKey</code>, and <code>region</code></li>
-          <li>
-            <code>smtp</code> requires <code>smtp_host</code>, <code>smtp_port</code>, <code>smtp_user</code>, and
-            <code>smtp_pass</code>
-          </li>
-        </ul>
-        Depending on the type of provider it is possible to specify <code>settings</code> object with different configuration
+        Update an [email provider](https://auth0.com/docs/email/providers). The `credentials` object
+        requires different properties depending on the email provider (which is specified using the `name` property):
+
+        - `mandrill` requires `api_key`
+        - `sendgrid` requires `api_key`
+        - `sparkpost` requires `api_key`. Optionally, set `region` to `eu` to use
+            the SparkPost service hosted in Western Europe; set to `null` to use the SparkPost service hosted in
+            North America. `eu` or `null` are the only valid values for `region`.
+        - `mailgun` requires `api_key` and `domain`. Optionally, set `region` to
+            `eu` to use the Mailgun service hosted in Europe; set to `null` otherwise. `eu` or
+            `null` are the only valid values for `region`.
+        - `ses` requires `accessKeyId`, `secretAccessKey`, and `region`
+        - `smtp` requires `smtp_host`, `smtp_port`, `smtp_user`, and
+            `smtp_pass`
+
+        Depending on the type of provider it is possible to specify `settings` object with different configuration
         options, which will be used when sending an email:
-        <ul>
-          <li>
-            <code>smtp</code> provider, <code>settings</code> may contain <code>headers</code> object.
-            <ul>
-              <li>
-                When using AWS SES SMTP host, you may provide a name of configuration set in
-                <code>X-SES-Configuration-Set</code> header. Value must be a string.
-              </li>
-              <li>
-                When using Sparkpost host, you may provide value for
-                <code>X-MSYS_API</code> header. Value must be an object.
-              </li>
-            </ul>
-            for <code>ses</code> provider, <code>settings</code> may contain <code>message</code> object, where you can provide
-            a name of configuration set in <code>configuration_set_name</code> property. Value must be a string.
-          </li>
-        </ul>
+
+        - `smtp` provider, `settings` may contain `headers` object.
+            - When using AWS SES SMTP host, you may provide a name of configuration set in
+              `X-SES-Configuration-Set` header. Value must be a string.
+            - When using Sparkpost host, you may provide value for
+              `X-MSYS_API` header. Value must be an object.
+
+          For `ses` provider, `settings` may contain `message` object, where you can provide
+          a name of configuration set in `configuration_set_name` property. Value must be a string.
 
         Parameters
         ----------
diff --git a/src/auth0/management/groups/members/raw_client.py b/src/auth0/management/groups/members/raw_client.py
index 5b75317a..63deec2f 100644
--- a/src/auth0/management/groups/members/raw_client.py
+++ b/src/auth0/management/groups/members/raw_client.py
@@ -12,6 +12,7 @@
 from ...core.request_options import RequestOptions
 from ...errors.bad_request_error import BadRequestError
 from ...errors.forbidden_error import ForbiddenError
+from ...errors.not_found_error import NotFoundError
 from ...errors.too_many_requests_error import TooManyRequestsError
 from ...errors.unauthorized_error import UnauthorizedError
 from ...types.get_group_members_response_content import GetGroupMembersResponseContent
@@ -126,6 +127,17 @@ def get(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -257,6 +269,17 @@ async def _get_next():
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/groups/roles/client.py b/src/auth0/management/groups/roles/client.py
index a85cbd75..9f4a516d 100644
--- a/src/auth0/management/groups/roles/client.py
+++ b/src/auth0/management/groups/roles/client.py
@@ -37,7 +37,7 @@ def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> SyncPager[Role, ListGroupRolesResponseContent]:
         """
-        Lists the <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> assigned to a group.
+        Lists the [roles](https://auth0.com/docs/manage-users/access-control/rbac) assigned to a group.
 
         Parameters
         ----------
@@ -82,7 +82,7 @@ def create(
         self, id: str, *, roles: typing.Sequence[str], request_options: typing.Optional[RequestOptions] = None
     ) -> None:
         """
-        Assign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> to a specified group.
+        Assign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) to a specified group.
 
         Parameters
         ----------
@@ -118,7 +118,7 @@ def delete(
         self, id: str, *, roles: typing.Sequence[str], request_options: typing.Optional[RequestOptions] = None
     ) -> None:
         """
-        Unassign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> from a specified group.
+        Unassign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) from a specified group.
 
         Parameters
         ----------
@@ -175,7 +175,7 @@ async def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncPager[Role, ListGroupRolesResponseContent]:
         """
-        Lists the <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> assigned to a group.
+        Lists the [roles](https://auth0.com/docs/manage-users/access-control/rbac) assigned to a group.
 
         Parameters
         ----------
@@ -229,7 +229,7 @@ async def create(
         self, id: str, *, roles: typing.Sequence[str], request_options: typing.Optional[RequestOptions] = None
     ) -> None:
         """
-        Assign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> to a specified group.
+        Assign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) to a specified group.
 
         Parameters
         ----------
@@ -273,7 +273,7 @@ async def delete(
         self, id: str, *, roles: typing.Sequence[str], request_options: typing.Optional[RequestOptions] = None
     ) -> None:
         """
-        Unassign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> from a specified group.
+        Unassign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) from a specified group.
 
         Parameters
         ----------
diff --git a/src/auth0/management/groups/roles/raw_client.py b/src/auth0/management/groups/roles/raw_client.py
index becdc4bd..e3ffbfd2 100644
--- a/src/auth0/management/groups/roles/raw_client.py
+++ b/src/auth0/management/groups/roles/raw_client.py
@@ -37,7 +37,7 @@ def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> SyncPager[Role, ListGroupRolesResponseContent]:
         """
-        Lists the <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> assigned to a group.
+        Lists the [roles](https://auth0.com/docs/manage-users/access-control/rbac) assigned to a group.
 
         Parameters
         ----------
@@ -119,6 +119,17 @@ def list(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -143,7 +154,7 @@ def create(
         self, id: str, *, roles: typing.Sequence[str], request_options: typing.Optional[RequestOptions] = None
     ) -> HttpResponse[None]:
         """
-        Assign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> to a specified group.
+        Assign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) to a specified group.
 
         Parameters
         ----------
@@ -243,7 +254,7 @@ def delete(
         self, id: str, *, roles: typing.Sequence[str], request_options: typing.Optional[RequestOptions] = None
     ) -> HttpResponse[None]:
         """
-        Unassign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> from a specified group.
+        Unassign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) from a specified group.
 
         Parameters
         ----------
@@ -308,6 +319,17 @@ def delete(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -342,7 +364,7 @@ async def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncPager[Role, ListGroupRolesResponseContent]:
         """
-        Lists the <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> assigned to a group.
+        Lists the [roles](https://auth0.com/docs/manage-users/access-control/rbac) assigned to a group.
 
         Parameters
         ----------
@@ -427,6 +449,17 @@ async def _get_next():
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -451,7 +484,7 @@ async def create(
         self, id: str, *, roles: typing.Sequence[str], request_options: typing.Optional[RequestOptions] = None
     ) -> AsyncHttpResponse[None]:
         """
-        Assign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> to a specified group.
+        Assign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) to a specified group.
 
         Parameters
         ----------
@@ -551,7 +584,7 @@ async def delete(
         self, id: str, *, roles: typing.Sequence[str], request_options: typing.Optional[RequestOptions] = None
     ) -> AsyncHttpResponse[None]:
         """
-        Unassign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> from a specified group.
+        Unassign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) from a specified group.
 
         Parameters
         ----------
@@ -616,6 +649,17 @@ async def delete(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/organizations/client.py b/src/auth0/management/organizations/client.py
index 0e867bda..6a7f1fa5 100644
--- a/src/auth0/management/organizations/client.py
+++ b/src/auth0/management/organizations/client.py
@@ -67,22 +67,20 @@ def list(
         Retrieve detailed list of all Organizations available in your tenant. For more information, see Auth0 Organizations.
 
         This endpoint supports two types of pagination:
-        <ul>
-        <li>Offset pagination</li>
-        <li>Checkpoint pagination</li>
-        </ul>
+
+        - Offset pagination
+        - Checkpoint pagination
 
         Checkpoint pagination must be used if you need to retrieve more than 1000 organizations.
 
-        <h2>Checkpoint Pagination</h2>
+        **Checkpoint Pagination**
 
         To search by checkpoint, use the following parameters:
-        <ul>
-        <li><code>from</code>: Optional id from which to start selection.</li>
-        <li><code>take</code>: The total number of entries to retrieve when using the <code>from</code> parameter. Defaults to 50.</li>
-        </ul>
 
-        <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no pages are remaining.
+        - `from`: Optional id from which to start selection.
+        - `take`: The total number of entries to retrieve when using the `from` parameter. Defaults to 50.
+
+        **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
 
         Parameters
         ----------
@@ -135,7 +133,7 @@ def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreateOrganizationResponseContent:
         """
-        Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review <a href="https://auth0.com/docs/manage-users/organizations/create-first-organization">Create Your First Organization</a>.
+        Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review [Create Your First Organization](https://auth0.com/docs/manage-users/organizations/create-first-organization).
 
         Parameters
         ----------
@@ -254,7 +252,7 @@ def delete(self, id: str, *, request_options: typing.Optional[RequestOptions] =
         """
         Remove an Organization from your tenant.  This action cannot be undone.
 
-        <b>Note</b>: Members are automatically disassociated from an Organization when it is deleted. However, this action does <b>not</b> delete these users from your tenant.
+        **Note**: Members are automatically disassociated from an Organization when it is deleted. However, this action does **not** delete these users from your tenant.
 
         Parameters
         ----------
@@ -294,7 +292,7 @@ def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateOrganizationResponseContent:
         """
-        Update the details of a specific <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations">Organization</a>, such as name and display name, branding options, and metadata.
+        Update the details of a specific [Organization](https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations), such as name and display name, branding options, and metadata.
 
         Parameters
         ----------
@@ -435,22 +433,20 @@ async def list(
         Retrieve detailed list of all Organizations available in your tenant. For more information, see Auth0 Organizations.
 
         This endpoint supports two types of pagination:
-        <ul>
-        <li>Offset pagination</li>
-        <li>Checkpoint pagination</li>
-        </ul>
+
+        - Offset pagination
+        - Checkpoint pagination
 
         Checkpoint pagination must be used if you need to retrieve more than 1000 organizations.
 
-        <h2>Checkpoint Pagination</h2>
+        **Checkpoint Pagination**
 
         To search by checkpoint, use the following parameters:
-        <ul>
-        <li><code>from</code>: Optional id from which to start selection.</li>
-        <li><code>take</code>: The total number of entries to retrieve when using the <code>from</code> parameter. Defaults to 50.</li>
-        </ul>
 
-        <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no pages are remaining.
+        - `from`: Optional id from which to start selection.
+        - `take`: The total number of entries to retrieve when using the `from` parameter. Defaults to 50.
+
+        **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
 
         Parameters
         ----------
@@ -512,7 +508,7 @@ async def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreateOrganizationResponseContent:
         """
-        Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review <a href="https://auth0.com/docs/manage-users/organizations/create-first-organization">Create Your First Organization</a>.
+        Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review [Create Your First Organization](https://auth0.com/docs/manage-users/organizations/create-first-organization).
 
         Parameters
         ----------
@@ -655,7 +651,7 @@ async def delete(self, id: str, *, request_options: typing.Optional[RequestOptio
         """
         Remove an Organization from your tenant.  This action cannot be undone.
 
-        <b>Note</b>: Members are automatically disassociated from an Organization when it is deleted. However, this action does <b>not</b> delete these users from your tenant.
+        **Note**: Members are automatically disassociated from an Organization when it is deleted. However, this action does **not** delete these users from your tenant.
 
         Parameters
         ----------
@@ -703,7 +699,7 @@ async def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateOrganizationResponseContent:
         """
-        Update the details of a specific <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations">Organization</a>, such as name and display name, branding options, and metadata.
+        Update the details of a specific [Organization](https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations), such as name and display name, branding options, and metadata.
 
         Parameters
         ----------
diff --git a/src/auth0/management/organizations/discovery_domains/client.py b/src/auth0/management/organizations/discovery_domains/client.py
index e430500c..69db47eb 100644
--- a/src/auth0/management/organizations/discovery_domains/client.py
+++ b/src/auth0/management/organizations/discovery_domains/client.py
@@ -268,7 +268,7 @@ def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateOrganizationDiscoveryDomainResponseContent:
         """
-        Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The <code>status</code> field must be either <code>pending</code> or <code>verified</code>. The <code>use_for_organization_discovery</code> field can be <code>true</code> or <code>false</code> (default: <code>true</code>).
+        Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The `status` field must be either `pending` or `verified`. The `use_for_organization_discovery` field can be `true` or `false` (default: `true`).
 
         Parameters
         ----------
@@ -596,7 +596,7 @@ async def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateOrganizationDiscoveryDomainResponseContent:
         """
-        Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The <code>status</code> field must be either <code>pending</code> or <code>verified</code>. The <code>use_for_organization_discovery</code> field can be <code>true</code> or <code>false</code> (default: <code>true</code>).
+        Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The `status` field must be either `pending` or `verified`. The `use_for_organization_discovery` field can be `true` or `false` (default: `true`).
 
         Parameters
         ----------
diff --git a/src/auth0/management/organizations/discovery_domains/raw_client.py b/src/auth0/management/organizations/discovery_domains/raw_client.py
index 35d7feb7..ec5db262 100644
--- a/src/auth0/management/organizations/discovery_domains/raw_client.py
+++ b/src/auth0/management/organizations/discovery_domains/raw_client.py
@@ -593,7 +593,7 @@ def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[UpdateOrganizationDiscoveryDomainResponseContent]:
         """
-        Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The <code>status</code> field must be either <code>pending</code> or <code>verified</code>. The <code>use_for_organization_discovery</code> field can be <code>true</code> or <code>false</code> (default: <code>true</code>).
+        Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The `status` field must be either `pending` or `verified`. The `use_for_organization_discovery` field can be `true` or `false` (default: `true`).
 
         Parameters
         ----------
@@ -1229,7 +1229,7 @@ async def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[UpdateOrganizationDiscoveryDomainResponseContent]:
         """
-        Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The <code>status</code> field must be either <code>pending</code> or <code>verified</code>. The <code>use_for_organization_discovery</code> field can be <code>true</code> or <code>false</code> (default: <code>true</code>).
+        Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The `status` field must be either `pending` or `verified`. The `use_for_organization_discovery` field can be `true` or `false` (default: `true`).
 
         Parameters
         ----------
diff --git a/src/auth0/management/organizations/enabled_connections/client.py b/src/auth0/management/organizations/enabled_connections/client.py
index 2c94dc98..a5300027 100644
--- a/src/auth0/management/organizations/enabled_connections/client.py
+++ b/src/auth0/management/organizations/enabled_connections/client.py
@@ -103,7 +103,7 @@ def add(
         """
         Enable a specific connection for a given Organization. To enable a connection, it must already exist within your tenant; connections cannot be created through this action.
 
-        <a href="https://auth0.com/docs/authenticate/identity-providers">Connections</a> represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
+        [Connections](https://auth0.com/docs/authenticate/identity-providers) represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
 
         Parameters
         ----------
@@ -193,7 +193,7 @@ def delete(self, id: str, connection_id: str, *, request_options: typing.Optiona
         """
         Disable a specific connection for an Organization. Once disabled, Organization members can no longer use that connection to authenticate.
 
-        <b>Note</b>: This action does not remove the connection from your tenant.
+        **Note**: This action does not remove the connection from your tenant.
 
         Parameters
         ----------
@@ -380,7 +380,7 @@ async def add(
         """
         Enable a specific connection for a given Organization. To enable a connection, it must already exist within your tenant; connections cannot be created through this action.
 
-        <a href="https://auth0.com/docs/authenticate/identity-providers">Connections</a> represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
+        [Connections](https://auth0.com/docs/authenticate/identity-providers) represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
 
         Parameters
         ----------
@@ -488,7 +488,7 @@ async def delete(
         """
         Disable a specific connection for an Organization. Once disabled, Organization members can no longer use that connection to authenticate.
 
-        <b>Note</b>: This action does not remove the connection from your tenant.
+        **Note**: This action does not remove the connection from your tenant.
 
         Parameters
         ----------
diff --git a/src/auth0/management/organizations/enabled_connections/raw_client.py b/src/auth0/management/organizations/enabled_connections/raw_client.py
index ca087755..7d54c45d 100644
--- a/src/auth0/management/organizations/enabled_connections/raw_client.py
+++ b/src/auth0/management/organizations/enabled_connections/raw_client.py
@@ -163,7 +163,7 @@ def add(
         """
         Enable a specific connection for a given Organization. To enable a connection, it must already exist within your tenant; connections cannot be created through this action.
 
-        <a href="https://auth0.com/docs/authenticate/identity-providers">Connections</a> represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
+        [Connections](https://auth0.com/docs/authenticate/identity-providers) represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
 
         Parameters
         ----------
@@ -353,7 +353,7 @@ def delete(
         """
         Disable a specific connection for an Organization. Once disabled, Organization members can no longer use that connection to authenticate.
 
-        <b>Note</b>: This action does not remove the connection from your tenant.
+        **Note**: This action does not remove the connection from your tenant.
 
         Parameters
         ----------
@@ -685,7 +685,7 @@ async def add(
         """
         Enable a specific connection for a given Organization. To enable a connection, it must already exist within your tenant; connections cannot be created through this action.
 
-        <a href="https://auth0.com/docs/authenticate/identity-providers">Connections</a> represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
+        [Connections](https://auth0.com/docs/authenticate/identity-providers) represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.
 
         Parameters
         ----------
@@ -875,7 +875,7 @@ async def delete(
         """
         Disable a specific connection for an Organization. Once disabled, Organization members can no longer use that connection to authenticate.
 
-        <b>Note</b>: This action does not remove the connection from your tenant.
+        **Note**: This action does not remove the connection from your tenant.
 
         Parameters
         ----------
diff --git a/src/auth0/management/organizations/groups/raw_client.py b/src/auth0/management/organizations/groups/raw_client.py
index e883ffca..32d8fa57 100644
--- a/src/auth0/management/organizations/groups/raw_client.py
+++ b/src/auth0/management/organizations/groups/raw_client.py
@@ -12,6 +12,7 @@
 from ...core.request_options import RequestOptions
 from ...errors.bad_request_error import BadRequestError
 from ...errors.forbidden_error import ForbiddenError
+from ...errors.not_found_error import NotFoundError
 from ...errors.too_many_requests_error import TooManyRequestsError
 from ...errors.unauthorized_error import UnauthorizedError
 from ...types.group import Group
@@ -114,6 +115,17 @@ def list(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -233,6 +245,17 @@ async def _get_next():
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/organizations/groups/roles/raw_client.py b/src/auth0/management/organizations/groups/roles/raw_client.py
index 6e52689e..286a4aef 100644
--- a/src/auth0/management/organizations/groups/roles/raw_client.py
+++ b/src/auth0/management/organizations/groups/roles/raw_client.py
@@ -14,6 +14,7 @@
 from ....errors.bad_request_error import BadRequestError
 from ....errors.conflict_error import ConflictError
 from ....errors.forbidden_error import ForbiddenError
+from ....errors.not_found_error import NotFoundError
 from ....errors.too_many_requests_error import TooManyRequestsError
 from ....errors.unauthorized_error import UnauthorizedError
 from ....types.list_organization_group_roles_response_content import ListOrganizationGroupRolesResponseContent
@@ -124,6 +125,17 @@ def list(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -221,6 +233,17 @@ def create(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 409:
                 raise ConflictError(
                     headers=dict(_response.headers),
@@ -329,6 +352,17 @@ def delete(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -453,6 +487,17 @@ async def _get_next():
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -550,6 +595,17 @@ async def create(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 409:
                 raise ConflictError(
                     headers=dict(_response.headers),
@@ -658,6 +714,17 @@ async def delete(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/organizations/invitations/client.py b/src/auth0/management/organizations/invitations/client.py
index 7bb250fa..83e44e30 100644
--- a/src/auth0/management/organizations/invitations/client.py
+++ b/src/auth0/management/organizations/invitations/client.py
@@ -49,7 +49,7 @@ def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> SyncPager[OrganizationInvitation, ListOrganizationInvitationsOffsetPaginatedResponseContent]:
         """
-        Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</a>.
+        Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
 
         Parameters
         ----------
@@ -131,7 +131,7 @@ def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreateOrganizationInvitationResponseContent:
         """
-        Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</a>.
+        Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
 
         Parameters
         ----------
@@ -318,7 +318,7 @@ async def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncPager[OrganizationInvitation, ListOrganizationInvitationsOffsetPaginatedResponseContent]:
         """
-        Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</a>.
+        Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
 
         Parameters
         ----------
@@ -409,7 +409,7 @@ async def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> CreateOrganizationInvitationResponseContent:
         """
-        Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</a>.
+        Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
 
         Parameters
         ----------
diff --git a/src/auth0/management/organizations/invitations/raw_client.py b/src/auth0/management/organizations/invitations/raw_client.py
index a4e7db7d..0a51b418 100644
--- a/src/auth0/management/organizations/invitations/raw_client.py
+++ b/src/auth0/management/organizations/invitations/raw_client.py
@@ -50,7 +50,7 @@ def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> SyncPager[OrganizationInvitation, ListOrganizationInvitationsOffsetPaginatedResponseContent]:
         """
-        Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</a>.
+        Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
 
         Parameters
         ----------
@@ -200,7 +200,7 @@ def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[CreateOrganizationInvitationResponseContent]:
         """
-        Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</a>.
+        Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
 
         Parameters
         ----------
@@ -549,7 +549,7 @@ async def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncPager[OrganizationInvitation, ListOrganizationInvitationsOffsetPaginatedResponseContent]:
         """
-        Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</a>.
+        Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
 
         Parameters
         ----------
@@ -702,7 +702,7 @@ async def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[CreateOrganizationInvitationResponseContent]:
         """
-        Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">Invite Organization Members</a>.
+        Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review [Invite Organization Members](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members).
 
         Parameters
         ----------
diff --git a/src/auth0/management/organizations/members/client.py b/src/auth0/management/organizations/members/client.py
index 5f7e1bca..283be861 100644
--- a/src/auth0/management/organizations/members/client.py
+++ b/src/auth0/management/organizations/members/client.py
@@ -52,14 +52,8 @@ def list(
         List organization members.
         This endpoint is subject to eventual consistency. New users may not be immediately included in the response and deleted users may not be immediately removed from it.
 
-        <ul>
-          <li>
-            Use the <code>fields</code> parameter to optionally define the specific member details retrieved. If <code>fields</code> is left blank, all fields (except roles) are returned.
-          </li>
-          <li>
-            Member roles are not sent by default. Use <code>fields=roles</code> to retrieve the roles assigned to each listed member. To use this parameter, you must include the <code>read:organization_member_roles</code> scope in the token.
-          </li>
-        </ul>
+        - Use the `fields` parameter to optionally define the specific member details retrieved. If `fields` is left blank, all fields (except roles) are returned.
+        - Member roles are not sent by default. Use `fields=roles` to retrieve the roles assigned to each listed member. To use this parameter, you must include the `read:organization_member_roles` scope in the token.
 
         This endpoint supports two types of pagination:
 
@@ -68,9 +62,9 @@ def list(
 
         Checkpoint pagination must be used if you need to retrieve more than 1000 organization members.
 
-        <h2>Checkpoint Pagination</h2>
+        **Checkpoint Pagination**
 
-        To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the <code>from</code> parameter. If there are more results, a <code>next</code> value will be included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, this indicates there are no more pages remaining.
+        To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the `from` parameter. If there are more results, a `next` value will be included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, this indicates there are no more pages remaining.
 
         Parameters
         ----------
@@ -125,9 +119,9 @@ def create(
         self, id: str, *, members: typing.Sequence[str], request_options: typing.Optional[RequestOptions] = None
     ) -> None:
         """
-        Set one or more existing users as members of a specific <a href="https://auth0.com/docs/manage-users/organizations">Organization</a>.
+        Set one or more existing users as members of a specific [Organization](https://auth0.com/docs/manage-users/organizations).
 
-        To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">invite them to create an account</a>, manually create them through the Auth0 Dashboard, or use the Management API.
+        To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can [invite them to create an account](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members), manually create them through the Auth0 Dashboard, or use the Management API.
 
         Parameters
         ----------
@@ -242,14 +236,8 @@ async def list(
         List organization members.
         This endpoint is subject to eventual consistency. New users may not be immediately included in the response and deleted users may not be immediately removed from it.
 
-        <ul>
-          <li>
-            Use the <code>fields</code> parameter to optionally define the specific member details retrieved. If <code>fields</code> is left blank, all fields (except roles) are returned.
-          </li>
-          <li>
-            Member roles are not sent by default. Use <code>fields=roles</code> to retrieve the roles assigned to each listed member. To use this parameter, you must include the <code>read:organization_member_roles</code> scope in the token.
-          </li>
-        </ul>
+        - Use the `fields` parameter to optionally define the specific member details retrieved. If `fields` is left blank, all fields (except roles) are returned.
+        - Member roles are not sent by default. Use `fields=roles` to retrieve the roles assigned to each listed member. To use this parameter, you must include the `read:organization_member_roles` scope in the token.
 
         This endpoint supports two types of pagination:
 
@@ -258,9 +246,9 @@ async def list(
 
         Checkpoint pagination must be used if you need to retrieve more than 1000 organization members.
 
-        <h2>Checkpoint Pagination</h2>
+        **Checkpoint Pagination**
 
-        To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the <code>from</code> parameter. If there are more results, a <code>next</code> value will be included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, this indicates there are no more pages remaining.
+        To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the `from` parameter. If there are more results, a `next` value will be included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, this indicates there are no more pages remaining.
 
         Parameters
         ----------
@@ -324,9 +312,9 @@ async def create(
         self, id: str, *, members: typing.Sequence[str], request_options: typing.Optional[RequestOptions] = None
     ) -> None:
         """
-        Set one or more existing users as members of a specific <a href="https://auth0.com/docs/manage-users/organizations">Organization</a>.
+        Set one or more existing users as members of a specific [Organization](https://auth0.com/docs/manage-users/organizations).
 
-        To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">invite them to create an account</a>, manually create them through the Auth0 Dashboard, or use the Management API.
+        To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can [invite them to create an account](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members), manually create them through the Auth0 Dashboard, or use the Management API.
 
         Parameters
         ----------
diff --git a/src/auth0/management/organizations/members/effective_roles/raw_client.py b/src/auth0/management/organizations/members/effective_roles/raw_client.py
index 5177f2b1..fe993a6e 100644
--- a/src/auth0/management/organizations/members/effective_roles/raw_client.py
+++ b/src/auth0/management/organizations/members/effective_roles/raw_client.py
@@ -12,6 +12,7 @@
 from ....core.request_options import RequestOptions
 from ....errors.bad_request_error import BadRequestError
 from ....errors.forbidden_error import ForbiddenError
+from ....errors.not_found_error import NotFoundError
 from ....errors.too_many_requests_error import TooManyRequestsError
 from ....errors.unauthorized_error import UnauthorizedError
 from ....types.list_organization_member_effective_roles_response_content import (
@@ -121,6 +122,17 @@ def list(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -245,6 +257,17 @@ async def _get_next():
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/organizations/members/effective_roles/sources/groups/raw_client.py b/src/auth0/management/organizations/members/effective_roles/sources/groups/raw_client.py
index 214b49e3..48b40121 100644
--- a/src/auth0/management/organizations/members/effective_roles/sources/groups/raw_client.py
+++ b/src/auth0/management/organizations/members/effective_roles/sources/groups/raw_client.py
@@ -12,6 +12,7 @@
 from ......core.request_options import RequestOptions
 from ......errors.bad_request_error import BadRequestError
 from ......errors.forbidden_error import ForbiddenError
+from ......errors.not_found_error import NotFoundError
 from ......errors.too_many_requests_error import TooManyRequestsError
 from ......errors.unauthorized_error import UnauthorizedError
 from ......types.group import Group
@@ -127,6 +128,17 @@ def list(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -257,6 +269,17 @@ async def _get_next():
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/organizations/members/raw_client.py b/src/auth0/management/organizations/members/raw_client.py
index 7aefe7e2..41db71b8 100644
--- a/src/auth0/management/organizations/members/raw_client.py
+++ b/src/auth0/management/organizations/members/raw_client.py
@@ -43,14 +43,8 @@ def list(
         List organization members.
         This endpoint is subject to eventual consistency. New users may not be immediately included in the response and deleted users may not be immediately removed from it.
 
-        <ul>
-          <li>
-            Use the <code>fields</code> parameter to optionally define the specific member details retrieved. If <code>fields</code> is left blank, all fields (except roles) are returned.
-          </li>
-          <li>
-            Member roles are not sent by default. Use <code>fields=roles</code> to retrieve the roles assigned to each listed member. To use this parameter, you must include the <code>read:organization_member_roles</code> scope in the token.
-          </li>
-        </ul>
+        - Use the `fields` parameter to optionally define the specific member details retrieved. If `fields` is left blank, all fields (except roles) are returned.
+        - Member roles are not sent by default. Use `fields=roles` to retrieve the roles assigned to each listed member. To use this parameter, you must include the `read:organization_member_roles` scope in the token.
 
         This endpoint supports two types of pagination:
 
@@ -59,9 +53,9 @@ def list(
 
         Checkpoint pagination must be used if you need to retrieve more than 1000 organization members.
 
-        <h2>Checkpoint Pagination</h2>
+        **Checkpoint Pagination**
 
-        To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the <code>from</code> parameter. If there are more results, a <code>next</code> value will be included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, this indicates there are no more pages remaining.
+        To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the `from` parameter. If there are more results, a `next` value will be included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, this indicates there are no more pages remaining.
 
         Parameters
         ----------
@@ -177,9 +171,9 @@ def create(
         self, id: str, *, members: typing.Sequence[str], request_options: typing.Optional[RequestOptions] = None
     ) -> HttpResponse[None]:
         """
-        Set one or more existing users as members of a specific <a href="https://auth0.com/docs/manage-users/organizations">Organization</a>.
+        Set one or more existing users as members of a specific [Organization](https://auth0.com/docs/manage-users/organizations).
 
-        To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">invite them to create an account</a>, manually create them through the Auth0 Dashboard, or use the Management API.
+        To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can [invite them to create an account](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members), manually create them through the Auth0 Dashboard, or use the Management API.
 
         Parameters
         ----------
@@ -370,14 +364,8 @@ async def list(
         List organization members.
         This endpoint is subject to eventual consistency. New users may not be immediately included in the response and deleted users may not be immediately removed from it.
 
-        <ul>
-          <li>
-            Use the <code>fields</code> parameter to optionally define the specific member details retrieved. If <code>fields</code> is left blank, all fields (except roles) are returned.
-          </li>
-          <li>
-            Member roles are not sent by default. Use <code>fields=roles</code> to retrieve the roles assigned to each listed member. To use this parameter, you must include the <code>read:organization_member_roles</code> scope in the token.
-          </li>
-        </ul>
+        - Use the `fields` parameter to optionally define the specific member details retrieved. If `fields` is left blank, all fields (except roles) are returned.
+        - Member roles are not sent by default. Use `fields=roles` to retrieve the roles assigned to each listed member. To use this parameter, you must include the `read:organization_member_roles` scope in the token.
 
         This endpoint supports two types of pagination:
 
@@ -386,9 +374,9 @@ async def list(
 
         Checkpoint pagination must be used if you need to retrieve more than 1000 organization members.
 
-        <h2>Checkpoint Pagination</h2>
+        **Checkpoint Pagination**
 
-        To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the <code>from</code> parameter. If there are more results, a <code>next</code> value will be included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, this indicates there are no more pages remaining.
+        To search by checkpoint, use the following parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the `from` parameter. If there are more results, a `next` value will be included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, this indicates there are no more pages remaining.
 
         Parameters
         ----------
@@ -507,9 +495,9 @@ async def create(
         self, id: str, *, members: typing.Sequence[str], request_options: typing.Optional[RequestOptions] = None
     ) -> AsyncHttpResponse[None]:
         """
-        Set one or more existing users as members of a specific <a href="https://auth0.com/docs/manage-users/organizations">Organization</a>.
+        Set one or more existing users as members of a specific [Organization](https://auth0.com/docs/manage-users/organizations).
 
-        To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members">invite them to create an account</a>, manually create them through the Auth0 Dashboard, or use the Management API.
+        To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can [invite them to create an account](https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members), manually create them through the Auth0 Dashboard, or use the Management API.
 
         Parameters
         ----------
diff --git a/src/auth0/management/organizations/members/roles/client.py b/src/auth0/management/organizations/members/roles/client.py
index 98097bcb..8e96b23b 100644
--- a/src/auth0/management/organizations/members/roles/client.py
+++ b/src/auth0/management/organizations/members/roles/client.py
@@ -103,7 +103,7 @@ def assign(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> None:
         """
-        Assign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> to a user to determine their access for a specific Organization.
+        Assign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) to a user to determine their access for a specific Organization.
 
         Users can be members of multiple Organizations with unique roles assigned for each membership. This action assigns roles to a user only for the specified Organization. Roles cannot be assigned to a user across multiple Organizations in the same call.
 
@@ -150,7 +150,7 @@ def delete(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> None:
         """
-        Remove one or more Organization-specific <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> from a given user.
+        Remove one or more Organization-specific [roles](https://auth0.com/docs/manage-users/access-control/rbac) from a given user.
 
         Users can be members of multiple Organizations with unique roles assigned for each membership. This action removes roles from a user in relation to the specified Organization. Roles assigned to the user within a different Organization cannot be managed in the same call.
 
@@ -286,7 +286,7 @@ async def assign(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> None:
         """
-        Assign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> to a user to determine their access for a specific Organization.
+        Assign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) to a user to determine their access for a specific Organization.
 
         Users can be members of multiple Organizations with unique roles assigned for each membership. This action assigns roles to a user only for the specified Organization. Roles cannot be assigned to a user across multiple Organizations in the same call.
 
@@ -341,7 +341,7 @@ async def delete(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> None:
         """
-        Remove one or more Organization-specific <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> from a given user.
+        Remove one or more Organization-specific [roles](https://auth0.com/docs/manage-users/access-control/rbac) from a given user.
 
         Users can be members of multiple Organizations with unique roles assigned for each membership. This action removes roles from a user in relation to the specified Organization. Roles assigned to the user within a different Organization cannot be managed in the same call.
 
diff --git a/src/auth0/management/organizations/members/roles/raw_client.py b/src/auth0/management/organizations/members/roles/raw_client.py
index 79984ed8..e75557b2 100644
--- a/src/auth0/management/organizations/members/roles/raw_client.py
+++ b/src/auth0/management/organizations/members/roles/raw_client.py
@@ -164,7 +164,7 @@ def assign(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[None]:
         """
-        Assign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> to a user to determine their access for a specific Organization.
+        Assign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) to a user to determine their access for a specific Organization.
 
         Users can be members of multiple Organizations with unique roles assigned for each membership. This action assigns roles to a user only for the specified Organization. Roles cannot be assigned to a user across multiple Organizations in the same call.
 
@@ -274,7 +274,7 @@ def delete(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[None]:
         """
-        Remove one or more Organization-specific <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> from a given user.
+        Remove one or more Organization-specific [roles](https://auth0.com/docs/manage-users/access-control/rbac) from a given user.
 
         Users can be members of multiple Organizations with unique roles assigned for each membership. This action removes roles from a user in relation to the specified Organization. Roles assigned to the user within a different Organization cannot be managed in the same call.
 
@@ -506,7 +506,7 @@ async def assign(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[None]:
         """
-        Assign one or more <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> to a user to determine their access for a specific Organization.
+        Assign one or more [roles](https://auth0.com/docs/manage-users/access-control/rbac) to a user to determine their access for a specific Organization.
 
         Users can be members of multiple Organizations with unique roles assigned for each membership. This action assigns roles to a user only for the specified Organization. Roles cannot be assigned to a user across multiple Organizations in the same call.
 
@@ -616,7 +616,7 @@ async def delete(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[None]:
         """
-        Remove one or more Organization-specific <a href="https://auth0.com/docs/manage-users/access-control/rbac">roles</a> from a given user.
+        Remove one or more Organization-specific [roles](https://auth0.com/docs/manage-users/access-control/rbac) from a given user.
 
         Users can be members of multiple Organizations with unique roles assigned for each membership. This action removes roles from a user in relation to the specified Organization. Roles assigned to the user within a different Organization cannot be managed in the same call.
 
diff --git a/src/auth0/management/organizations/raw_client.py b/src/auth0/management/organizations/raw_client.py
index 05e17e05..723abd57 100644
--- a/src/auth0/management/organizations/raw_client.py
+++ b/src/auth0/management/organizations/raw_client.py
@@ -51,22 +51,20 @@ def list(
         Retrieve detailed list of all Organizations available in your tenant. For more information, see Auth0 Organizations.
 
         This endpoint supports two types of pagination:
-        <ul>
-        <li>Offset pagination</li>
-        <li>Checkpoint pagination</li>
-        </ul>
+
+        - Offset pagination
+        - Checkpoint pagination
 
         Checkpoint pagination must be used if you need to retrieve more than 1000 organizations.
 
-        <h2>Checkpoint Pagination</h2>
+        **Checkpoint Pagination**
 
         To search by checkpoint, use the following parameters:
-        <ul>
-        <li><code>from</code>: Optional id from which to start selection.</li>
-        <li><code>take</code>: The total number of entries to retrieve when using the <code>from</code> parameter. Defaults to 50.</li>
-        </ul>
 
-        <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no pages are remaining.
+        - `from`: Optional id from which to start selection.
+        - `take`: The total number of entries to retrieve when using the `from` parameter. Defaults to 50.
+
+        **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
 
         Parameters
         ----------
@@ -181,7 +179,7 @@ def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[CreateOrganizationResponseContent]:
         """
-        Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review <a href="https://auth0.com/docs/manage-users/organizations/create-first-organization">Create Your First Organization</a>.
+        Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review [Create Your First Organization](https://auth0.com/docs/manage-users/organizations/create-first-organization).
 
         Parameters
         ----------
@@ -485,7 +483,7 @@ def delete(self, id: str, *, request_options: typing.Optional[RequestOptions] =
         """
         Remove an Organization from your tenant.  This action cannot be undone.
 
-        <b>Note</b>: Members are automatically disassociated from an Organization when it is deleted. However, this action does <b>not</b> delete these users from your tenant.
+        **Note**: Members are automatically disassociated from an Organization when it is deleted. However, this action does **not** delete these users from your tenant.
 
         Parameters
         ----------
@@ -583,7 +581,7 @@ def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[UpdateOrganizationResponseContent]:
         """
-        Update the details of a specific <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations">Organization</a>, such as name and display name, branding options, and metadata.
+        Update the details of a specific [Organization](https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations), such as name and display name, branding options, and metadata.
 
         Parameters
         ----------
@@ -710,22 +708,20 @@ async def list(
         Retrieve detailed list of all Organizations available in your tenant. For more information, see Auth0 Organizations.
 
         This endpoint supports two types of pagination:
-        <ul>
-        <li>Offset pagination</li>
-        <li>Checkpoint pagination</li>
-        </ul>
+
+        - Offset pagination
+        - Checkpoint pagination
 
         Checkpoint pagination must be used if you need to retrieve more than 1000 organizations.
 
-        <h2>Checkpoint Pagination</h2>
+        **Checkpoint Pagination**
 
         To search by checkpoint, use the following parameters:
-        <ul>
-        <li><code>from</code>: Optional id from which to start selection.</li>
-        <li><code>take</code>: The total number of entries to retrieve when using the <code>from</code> parameter. Defaults to 50.</li>
-        </ul>
 
-        <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no pages are remaining.
+        - `from`: Optional id from which to start selection.
+        - `take`: The total number of entries to retrieve when using the `from` parameter. Defaults to 50.
+
+        **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
 
         Parameters
         ----------
@@ -843,7 +839,7 @@ async def create(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[CreateOrganizationResponseContent]:
         """
-        Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review <a href="https://auth0.com/docs/manage-users/organizations/create-first-organization">Create Your First Organization</a>.
+        Create a new Organization within your tenant.  To learn more about Organization settings, behavior, and configuration options, review [Create Your First Organization](https://auth0.com/docs/manage-users/organizations/create-first-organization).
 
         Parameters
         ----------
@@ -1149,7 +1145,7 @@ async def delete(
         """
         Remove an Organization from your tenant.  This action cannot be undone.
 
-        <b>Note</b>: Members are automatically disassociated from an Organization when it is deleted. However, this action does <b>not</b> delete these users from your tenant.
+        **Note**: Members are automatically disassociated from an Organization when it is deleted. However, this action does **not** delete these users from your tenant.
 
         Parameters
         ----------
@@ -1247,7 +1243,7 @@ async def update(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[UpdateOrganizationResponseContent]:
         """
-        Update the details of a specific <a href="https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations">Organization</a>, such as name and display name, branding options, and metadata.
+        Update the details of a specific [Organization](https://auth0.com/docs/manage-users/organizations/configure-organizations/create-organizations), such as name and display name, branding options, and metadata.
 
         Parameters
         ----------
diff --git a/src/auth0/management/refresh_tokens/client.py b/src/auth0/management/refresh_tokens/client.py
index a0456c14..775b7589 100644
--- a/src/auth0/management/refresh_tokens/client.py
+++ b/src/auth0/management/refresh_tokens/client.py
@@ -114,7 +114,7 @@ def revoke(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> None:
         """
-        Revoke refresh tokens in bulk by ID list, user, user+client, or client.
+        Revoke refresh tokens in bulk by ID list, user, user+client, or user+client+audience.
 
         Parameters
         ----------
@@ -125,7 +125,7 @@ def revoke(
             Revoke all refresh tokens for this user.
 
         client_id : typing.Optional[str]
-            Revoke all refresh tokens for this client.
+            Revoke refresh tokens for this client. Must be paired with `user_id`; optionally narrowed further with `audience`.
 
         audience : typing.Optional[str]
             Resource server identifier (audience) to scope the revocation. Must be used with both `user_id` and `client_id`.
@@ -364,7 +364,7 @@ async def revoke(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> None:
         """
-        Revoke refresh tokens in bulk by ID list, user, user+client, or client.
+        Revoke refresh tokens in bulk by ID list, user, user+client, or user+client+audience.
 
         Parameters
         ----------
@@ -375,7 +375,7 @@ async def revoke(
             Revoke all refresh tokens for this user.
 
         client_id : typing.Optional[str]
-            Revoke all refresh tokens for this client.
+            Revoke refresh tokens for this client. Must be paired with `user_id`; optionally narrowed further with `audience`.
 
         audience : typing.Optional[str]
             Resource server identifier (audience) to scope the revocation. Must be used with both `user_id` and `client_id`.
diff --git a/src/auth0/management/refresh_tokens/raw_client.py b/src/auth0/management/refresh_tokens/raw_client.py
index d1ad621b..f968bf6f 100644
--- a/src/auth0/management/refresh_tokens/raw_client.py
+++ b/src/auth0/management/refresh_tokens/raw_client.py
@@ -182,7 +182,7 @@ def revoke(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[None]:
         """
-        Revoke refresh tokens in bulk by ID list, user, user+client, or client.
+        Revoke refresh tokens in bulk by ID list, user, user+client, or user+client+audience.
 
         Parameters
         ----------
@@ -193,7 +193,7 @@ def revoke(
             Revoke all refresh tokens for this user.
 
         client_id : typing.Optional[str]
-            Revoke all refresh tokens for this client.
+            Revoke refresh tokens for this client. Must be paired with `user_id`; optionally narrowed further with `audience`.
 
         audience : typing.Optional[str]
             Resource server identifier (audience) to scope the revocation. Must be used with both `user_id` and `client_id`.
@@ -722,7 +722,7 @@ async def revoke(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[None]:
         """
-        Revoke refresh tokens in bulk by ID list, user, user+client, or client.
+        Revoke refresh tokens in bulk by ID list, user, user+client, or user+client+audience.
 
         Parameters
         ----------
@@ -733,7 +733,7 @@ async def revoke(
             Revoke all refresh tokens for this user.
 
         client_id : typing.Optional[str]
-            Revoke all refresh tokens for this client.
+            Revoke refresh tokens for this client. Must be paired with `user_id`; optionally narrowed further with `audience`.
 
         audience : typing.Optional[str]
             Resource server identifier (audience) to scope the revocation. Must be used with both `user_id` and `client_id`.
diff --git a/src/auth0/management/roles/groups/raw_client.py b/src/auth0/management/roles/groups/raw_client.py
index 54d1ec33..3e78a4d2 100644
--- a/src/auth0/management/roles/groups/raw_client.py
+++ b/src/auth0/management/roles/groups/raw_client.py
@@ -119,6 +119,17 @@ def get(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -308,6 +319,17 @@ def delete(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -427,6 +449,17 @@ async def _get_next():
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -616,6 +649,17 @@ async def delete(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/tenants/settings/client.py b/src/auth0/management/tenants/settings/client.py
index 51ac9d04..addde4b9 100644
--- a/src/auth0/management/tenants/settings/client.py
+++ b/src/auth0/management/tenants/settings/client.py
@@ -8,6 +8,7 @@
 from ...types.get_tenant_settings_response_content import GetTenantSettingsResponseContent
 from ...types.session_cookie_schema import SessionCookieSchema
 from ...types.tenant_oidc_logout_settings import TenantOidcLogoutSettings
+from ...types.tenant_settings_country_codes import TenantSettingsCountryCodes
 from ...types.tenant_settings_device_flow import TenantSettingsDeviceFlow
 from ...types.tenant_settings_dynamic_client_registration_security_mode import (
     TenantSettingsDynamicClientRegistrationSecurityMode,
@@ -16,6 +17,7 @@
 from ...types.tenant_settings_flags import TenantSettingsFlags
 from ...types.tenant_settings_guardian_page import TenantSettingsGuardianPage
 from ...types.tenant_settings_mtls import TenantSettingsMtls
+from ...types.tenant_settings_nullable_security_headers import TenantSettingsNullableSecurityHeaders
 from ...types.tenant_settings_password_page import TenantSettingsPasswordPage
 from ...types.tenant_settings_resource_parameter_profile import TenantSettingsResourceParameterProfile
 from ...types.tenant_settings_sessions import TenantSettingsSessions
@@ -100,13 +102,18 @@ def update(
         support_url: typing.Optional[str] = OMIT,
         allowed_logout_urls: typing.Optional[typing.Sequence[str]] = OMIT,
         session_lifetime: typing.Optional[int] = OMIT,
+        session_lifetime_in_minutes: typing.Optional[int] = OMIT,
         idle_session_lifetime: typing.Optional[int] = OMIT,
+        idle_session_lifetime_in_minutes: typing.Optional[int] = OMIT,
         ephemeral_session_lifetime: typing.Optional[int] = OMIT,
         idle_ephemeral_session_lifetime: typing.Optional[int] = OMIT,
+        ephemeral_session_lifetime_in_minutes: typing.Optional[int] = OMIT,
+        idle_ephemeral_session_lifetime_in_minutes: typing.Optional[int] = OMIT,
         sandbox_version: typing.Optional[str] = OMIT,
         legacy_sandbox_version: typing.Optional[str] = OMIT,
         default_redirection_uri: typing.Optional[str] = OMIT,
         enabled_locales: typing.Optional[typing.Sequence[TenantSettingsSupportedLocalesEnum]] = OMIT,
+        security_headers: typing.Optional[TenantSettingsNullableSecurityHeaders] = OMIT,
         session_cookie: typing.Optional[SessionCookieSchema] = OMIT,
         sessions: typing.Optional[TenantSettingsSessions] = OMIT,
         oidc_logout: typing.Optional[TenantOidcLogoutSettings] = OMIT,
@@ -121,9 +128,11 @@ def update(
         client_id_metadata_document_supported: typing.Optional[bool] = OMIT,
         enable_ai_guide: typing.Optional[bool] = OMIT,
         phone_consolidated_experience: typing.Optional[bool] = OMIT,
+        include_session_metadata_in_tenant_logs: typing.Optional[bool] = OMIT,
         dynamic_client_registration_security_mode: typing.Optional[
             TenantSettingsDynamicClientRegistrationSecurityMode
         ] = OMIT,
+        country_codes: typing.Optional[TenantSettingsCountryCodes] = OMIT,
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateTenantSettingsResponseContent:
         """
@@ -168,15 +177,27 @@ def update(
         session_lifetime : typing.Optional[int]
             Number of hours a session will stay valid.
 
+        session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes a session will stay valid. Cannot be specified together with `session_lifetime`.
+
         idle_session_lifetime : typing.Optional[int]
             Number of hours for which a session can be inactive before the user must log in again.
 
+        idle_session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes a session can be inactive before the user must log in again. Cannot be specified together with `idle_session_lifetime`.
+
         ephemeral_session_lifetime : typing.Optional[int]
             Number of hours an ephemeral (non-persistent) session will stay valid.
 
         idle_ephemeral_session_lifetime : typing.Optional[int]
             Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again.
 
+        ephemeral_session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes an ephemeral (non-persistent) session will stay valid. Cannot be specified together with `ephemeral_session_lifetime`.
+
+        idle_ephemeral_session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes an ephemeral (non-persistent) session can be inactive before the user must log in again. Cannot be specified together with `idle_ephemeral_session_lifetime`.
+
         sandbox_version : typing.Optional[str]
             Selected sandbox version for the extensibility environment
 
@@ -189,6 +210,8 @@ def update(
         enabled_locales : typing.Optional[typing.Sequence[TenantSettingsSupportedLocalesEnum]]
             Supported locales for the user interface
 
+        security_headers : typing.Optional[TenantSettingsNullableSecurityHeaders]
+
         session_cookie : typing.Optional[SessionCookieSchema]
 
         sessions : typing.Optional[TenantSettingsSessions]
@@ -228,8 +251,13 @@ def update(
         phone_consolidated_experience : typing.Optional[bool]
             Whether Phone Consolidated Experience is enabled for this tenant.
 
+        include_session_metadata_in_tenant_logs : typing.Optional[bool]
+            Whether session metadata is included in specific tenant logs (slo, oidc_backchannel_logout_failed, oidc_backchannel_logout_succeeded).
+
         dynamic_client_registration_security_mode : typing.Optional[TenantSettingsDynamicClientRegistrationSecurityMode]
 
+        country_codes : typing.Optional[TenantSettingsCountryCodes]
+
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.
 
@@ -262,13 +290,18 @@ def update(
             support_url=support_url,
             allowed_logout_urls=allowed_logout_urls,
             session_lifetime=session_lifetime,
+            session_lifetime_in_minutes=session_lifetime_in_minutes,
             idle_session_lifetime=idle_session_lifetime,
+            idle_session_lifetime_in_minutes=idle_session_lifetime_in_minutes,
             ephemeral_session_lifetime=ephemeral_session_lifetime,
             idle_ephemeral_session_lifetime=idle_ephemeral_session_lifetime,
+            ephemeral_session_lifetime_in_minutes=ephemeral_session_lifetime_in_minutes,
+            idle_ephemeral_session_lifetime_in_minutes=idle_ephemeral_session_lifetime_in_minutes,
             sandbox_version=sandbox_version,
             legacy_sandbox_version=legacy_sandbox_version,
             default_redirection_uri=default_redirection_uri,
             enabled_locales=enabled_locales,
+            security_headers=security_headers,
             session_cookie=session_cookie,
             sessions=sessions,
             oidc_logout=oidc_logout,
@@ -283,7 +316,9 @@ def update(
             client_id_metadata_document_supported=client_id_metadata_document_supported,
             enable_ai_guide=enable_ai_guide,
             phone_consolidated_experience=phone_consolidated_experience,
+            include_session_metadata_in_tenant_logs=include_session_metadata_in_tenant_logs,
             dynamic_client_registration_security_mode=dynamic_client_registration_security_mode,
+            country_codes=country_codes,
             request_options=request_options,
         )
         return _response.data
@@ -372,13 +407,18 @@ async def update(
         support_url: typing.Optional[str] = OMIT,
         allowed_logout_urls: typing.Optional[typing.Sequence[str]] = OMIT,
         session_lifetime: typing.Optional[int] = OMIT,
+        session_lifetime_in_minutes: typing.Optional[int] = OMIT,
         idle_session_lifetime: typing.Optional[int] = OMIT,
+        idle_session_lifetime_in_minutes: typing.Optional[int] = OMIT,
         ephemeral_session_lifetime: typing.Optional[int] = OMIT,
         idle_ephemeral_session_lifetime: typing.Optional[int] = OMIT,
+        ephemeral_session_lifetime_in_minutes: typing.Optional[int] = OMIT,
+        idle_ephemeral_session_lifetime_in_minutes: typing.Optional[int] = OMIT,
         sandbox_version: typing.Optional[str] = OMIT,
         legacy_sandbox_version: typing.Optional[str] = OMIT,
         default_redirection_uri: typing.Optional[str] = OMIT,
         enabled_locales: typing.Optional[typing.Sequence[TenantSettingsSupportedLocalesEnum]] = OMIT,
+        security_headers: typing.Optional[TenantSettingsNullableSecurityHeaders] = OMIT,
         session_cookie: typing.Optional[SessionCookieSchema] = OMIT,
         sessions: typing.Optional[TenantSettingsSessions] = OMIT,
         oidc_logout: typing.Optional[TenantOidcLogoutSettings] = OMIT,
@@ -393,9 +433,11 @@ async def update(
         client_id_metadata_document_supported: typing.Optional[bool] = OMIT,
         enable_ai_guide: typing.Optional[bool] = OMIT,
         phone_consolidated_experience: typing.Optional[bool] = OMIT,
+        include_session_metadata_in_tenant_logs: typing.Optional[bool] = OMIT,
         dynamic_client_registration_security_mode: typing.Optional[
             TenantSettingsDynamicClientRegistrationSecurityMode
         ] = OMIT,
+        country_codes: typing.Optional[TenantSettingsCountryCodes] = OMIT,
         request_options: typing.Optional[RequestOptions] = None,
     ) -> UpdateTenantSettingsResponseContent:
         """
@@ -440,15 +482,27 @@ async def update(
         session_lifetime : typing.Optional[int]
             Number of hours a session will stay valid.
 
+        session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes a session will stay valid. Cannot be specified together with `session_lifetime`.
+
         idle_session_lifetime : typing.Optional[int]
             Number of hours for which a session can be inactive before the user must log in again.
 
+        idle_session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes a session can be inactive before the user must log in again. Cannot be specified together with `idle_session_lifetime`.
+
         ephemeral_session_lifetime : typing.Optional[int]
             Number of hours an ephemeral (non-persistent) session will stay valid.
 
         idle_ephemeral_session_lifetime : typing.Optional[int]
             Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again.
 
+        ephemeral_session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes an ephemeral (non-persistent) session will stay valid. Cannot be specified together with `ephemeral_session_lifetime`.
+
+        idle_ephemeral_session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes an ephemeral (non-persistent) session can be inactive before the user must log in again. Cannot be specified together with `idle_ephemeral_session_lifetime`.
+
         sandbox_version : typing.Optional[str]
             Selected sandbox version for the extensibility environment
 
@@ -461,6 +515,8 @@ async def update(
         enabled_locales : typing.Optional[typing.Sequence[TenantSettingsSupportedLocalesEnum]]
             Supported locales for the user interface
 
+        security_headers : typing.Optional[TenantSettingsNullableSecurityHeaders]
+
         session_cookie : typing.Optional[SessionCookieSchema]
 
         sessions : typing.Optional[TenantSettingsSessions]
@@ -500,8 +556,13 @@ async def update(
         phone_consolidated_experience : typing.Optional[bool]
             Whether Phone Consolidated Experience is enabled for this tenant.
 
+        include_session_metadata_in_tenant_logs : typing.Optional[bool]
+            Whether session metadata is included in specific tenant logs (slo, oidc_backchannel_logout_failed, oidc_backchannel_logout_succeeded).
+
         dynamic_client_registration_security_mode : typing.Optional[TenantSettingsDynamicClientRegistrationSecurityMode]
 
+        country_codes : typing.Optional[TenantSettingsCountryCodes]
+
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.
 
@@ -542,13 +603,18 @@ async def main() -> None:
             support_url=support_url,
             allowed_logout_urls=allowed_logout_urls,
             session_lifetime=session_lifetime,
+            session_lifetime_in_minutes=session_lifetime_in_minutes,
             idle_session_lifetime=idle_session_lifetime,
+            idle_session_lifetime_in_minutes=idle_session_lifetime_in_minutes,
             ephemeral_session_lifetime=ephemeral_session_lifetime,
             idle_ephemeral_session_lifetime=idle_ephemeral_session_lifetime,
+            ephemeral_session_lifetime_in_minutes=ephemeral_session_lifetime_in_minutes,
+            idle_ephemeral_session_lifetime_in_minutes=idle_ephemeral_session_lifetime_in_minutes,
             sandbox_version=sandbox_version,
             legacy_sandbox_version=legacy_sandbox_version,
             default_redirection_uri=default_redirection_uri,
             enabled_locales=enabled_locales,
+            security_headers=security_headers,
             session_cookie=session_cookie,
             sessions=sessions,
             oidc_logout=oidc_logout,
@@ -563,7 +629,9 @@ async def main() -> None:
             client_id_metadata_document_supported=client_id_metadata_document_supported,
             enable_ai_guide=enable_ai_guide,
             phone_consolidated_experience=phone_consolidated_experience,
+            include_session_metadata_in_tenant_logs=include_session_metadata_in_tenant_logs,
             dynamic_client_registration_security_mode=dynamic_client_registration_security_mode,
+            country_codes=country_codes,
             request_options=request_options,
         )
         return _response.data
diff --git a/src/auth0/management/tenants/settings/raw_client.py b/src/auth0/management/tenants/settings/raw_client.py
index 9a43eed8..c2fc28ab 100644
--- a/src/auth0/management/tenants/settings/raw_client.py
+++ b/src/auth0/management/tenants/settings/raw_client.py
@@ -18,6 +18,7 @@
 from ...types.get_tenant_settings_response_content import GetTenantSettingsResponseContent
 from ...types.session_cookie_schema import SessionCookieSchema
 from ...types.tenant_oidc_logout_settings import TenantOidcLogoutSettings
+from ...types.tenant_settings_country_codes import TenantSettingsCountryCodes
 from ...types.tenant_settings_device_flow import TenantSettingsDeviceFlow
 from ...types.tenant_settings_dynamic_client_registration_security_mode import (
     TenantSettingsDynamicClientRegistrationSecurityMode,
@@ -26,6 +27,7 @@
 from ...types.tenant_settings_flags import TenantSettingsFlags
 from ...types.tenant_settings_guardian_page import TenantSettingsGuardianPage
 from ...types.tenant_settings_mtls import TenantSettingsMtls
+from ...types.tenant_settings_nullable_security_headers import TenantSettingsNullableSecurityHeaders
 from ...types.tenant_settings_password_page import TenantSettingsPasswordPage
 from ...types.tenant_settings_resource_parameter_profile import TenantSettingsResourceParameterProfile
 from ...types.tenant_settings_sessions import TenantSettingsSessions
@@ -156,13 +158,18 @@ def update(
         support_url: typing.Optional[str] = OMIT,
         allowed_logout_urls: typing.Optional[typing.Sequence[str]] = OMIT,
         session_lifetime: typing.Optional[int] = OMIT,
+        session_lifetime_in_minutes: typing.Optional[int] = OMIT,
         idle_session_lifetime: typing.Optional[int] = OMIT,
+        idle_session_lifetime_in_minutes: typing.Optional[int] = OMIT,
         ephemeral_session_lifetime: typing.Optional[int] = OMIT,
         idle_ephemeral_session_lifetime: typing.Optional[int] = OMIT,
+        ephemeral_session_lifetime_in_minutes: typing.Optional[int] = OMIT,
+        idle_ephemeral_session_lifetime_in_minutes: typing.Optional[int] = OMIT,
         sandbox_version: typing.Optional[str] = OMIT,
         legacy_sandbox_version: typing.Optional[str] = OMIT,
         default_redirection_uri: typing.Optional[str] = OMIT,
         enabled_locales: typing.Optional[typing.Sequence[TenantSettingsSupportedLocalesEnum]] = OMIT,
+        security_headers: typing.Optional[TenantSettingsNullableSecurityHeaders] = OMIT,
         session_cookie: typing.Optional[SessionCookieSchema] = OMIT,
         sessions: typing.Optional[TenantSettingsSessions] = OMIT,
         oidc_logout: typing.Optional[TenantOidcLogoutSettings] = OMIT,
@@ -177,9 +184,11 @@ def update(
         client_id_metadata_document_supported: typing.Optional[bool] = OMIT,
         enable_ai_guide: typing.Optional[bool] = OMIT,
         phone_consolidated_experience: typing.Optional[bool] = OMIT,
+        include_session_metadata_in_tenant_logs: typing.Optional[bool] = OMIT,
         dynamic_client_registration_security_mode: typing.Optional[
             TenantSettingsDynamicClientRegistrationSecurityMode
         ] = OMIT,
+        country_codes: typing.Optional[TenantSettingsCountryCodes] = OMIT,
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[UpdateTenantSettingsResponseContent]:
         """
@@ -224,15 +233,27 @@ def update(
         session_lifetime : typing.Optional[int]
             Number of hours a session will stay valid.
 
+        session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes a session will stay valid. Cannot be specified together with `session_lifetime`.
+
         idle_session_lifetime : typing.Optional[int]
             Number of hours for which a session can be inactive before the user must log in again.
 
+        idle_session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes a session can be inactive before the user must log in again. Cannot be specified together with `idle_session_lifetime`.
+
         ephemeral_session_lifetime : typing.Optional[int]
             Number of hours an ephemeral (non-persistent) session will stay valid.
 
         idle_ephemeral_session_lifetime : typing.Optional[int]
             Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again.
 
+        ephemeral_session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes an ephemeral (non-persistent) session will stay valid. Cannot be specified together with `ephemeral_session_lifetime`.
+
+        idle_ephemeral_session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes an ephemeral (non-persistent) session can be inactive before the user must log in again. Cannot be specified together with `idle_ephemeral_session_lifetime`.
+
         sandbox_version : typing.Optional[str]
             Selected sandbox version for the extensibility environment
 
@@ -245,6 +266,8 @@ def update(
         enabled_locales : typing.Optional[typing.Sequence[TenantSettingsSupportedLocalesEnum]]
             Supported locales for the user interface
 
+        security_headers : typing.Optional[TenantSettingsNullableSecurityHeaders]
+
         session_cookie : typing.Optional[SessionCookieSchema]
 
         sessions : typing.Optional[TenantSettingsSessions]
@@ -284,8 +307,13 @@ def update(
         phone_consolidated_experience : typing.Optional[bool]
             Whether Phone Consolidated Experience is enabled for this tenant.
 
+        include_session_metadata_in_tenant_logs : typing.Optional[bool]
+            Whether session metadata is included in specific tenant logs (slo, oidc_backchannel_logout_failed, oidc_backchannel_logout_succeeded).
+
         dynamic_client_registration_security_mode : typing.Optional[TenantSettingsDynamicClientRegistrationSecurityMode]
 
+        country_codes : typing.Optional[TenantSettingsCountryCodes]
+
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.
 
@@ -324,13 +352,22 @@ def update(
                 "support_url": support_url,
                 "allowed_logout_urls": allowed_logout_urls,
                 "session_lifetime": session_lifetime,
+                "session_lifetime_in_minutes": session_lifetime_in_minutes,
                 "idle_session_lifetime": idle_session_lifetime,
+                "idle_session_lifetime_in_minutes": idle_session_lifetime_in_minutes,
                 "ephemeral_session_lifetime": ephemeral_session_lifetime,
                 "idle_ephemeral_session_lifetime": idle_ephemeral_session_lifetime,
+                "ephemeral_session_lifetime_in_minutes": ephemeral_session_lifetime_in_minutes,
+                "idle_ephemeral_session_lifetime_in_minutes": idle_ephemeral_session_lifetime_in_minutes,
                 "sandbox_version": sandbox_version,
                 "legacy_sandbox_version": legacy_sandbox_version,
                 "default_redirection_uri": default_redirection_uri,
                 "enabled_locales": enabled_locales,
+                "security_headers": convert_and_respect_annotation_metadata(
+                    object_=security_headers,
+                    annotation=typing.Optional[TenantSettingsNullableSecurityHeaders],
+                    direction="write",
+                ),
                 "session_cookie": convert_and_respect_annotation_metadata(
                     object_=session_cookie, annotation=typing.Optional[SessionCookieSchema], direction="write"
                 ),
@@ -353,7 +390,11 @@ def update(
                 "client_id_metadata_document_supported": client_id_metadata_document_supported,
                 "enable_ai_guide": enable_ai_guide,
                 "phone_consolidated_experience": phone_consolidated_experience,
+                "include_session_metadata_in_tenant_logs": include_session_metadata_in_tenant_logs,
                 "dynamic_client_registration_security_mode": dynamic_client_registration_security_mode,
+                "country_codes": convert_and_respect_annotation_metadata(
+                    object_=country_codes, annotation=typing.Optional[TenantSettingsCountryCodes], direction="write"
+                ),
             },
             headers={
                 "content-type": "application/json",
@@ -544,13 +585,18 @@ async def update(
         support_url: typing.Optional[str] = OMIT,
         allowed_logout_urls: typing.Optional[typing.Sequence[str]] = OMIT,
         session_lifetime: typing.Optional[int] = OMIT,
+        session_lifetime_in_minutes: typing.Optional[int] = OMIT,
         idle_session_lifetime: typing.Optional[int] = OMIT,
+        idle_session_lifetime_in_minutes: typing.Optional[int] = OMIT,
         ephemeral_session_lifetime: typing.Optional[int] = OMIT,
         idle_ephemeral_session_lifetime: typing.Optional[int] = OMIT,
+        ephemeral_session_lifetime_in_minutes: typing.Optional[int] = OMIT,
+        idle_ephemeral_session_lifetime_in_minutes: typing.Optional[int] = OMIT,
         sandbox_version: typing.Optional[str] = OMIT,
         legacy_sandbox_version: typing.Optional[str] = OMIT,
         default_redirection_uri: typing.Optional[str] = OMIT,
         enabled_locales: typing.Optional[typing.Sequence[TenantSettingsSupportedLocalesEnum]] = OMIT,
+        security_headers: typing.Optional[TenantSettingsNullableSecurityHeaders] = OMIT,
         session_cookie: typing.Optional[SessionCookieSchema] = OMIT,
         sessions: typing.Optional[TenantSettingsSessions] = OMIT,
         oidc_logout: typing.Optional[TenantOidcLogoutSettings] = OMIT,
@@ -565,9 +611,11 @@ async def update(
         client_id_metadata_document_supported: typing.Optional[bool] = OMIT,
         enable_ai_guide: typing.Optional[bool] = OMIT,
         phone_consolidated_experience: typing.Optional[bool] = OMIT,
+        include_session_metadata_in_tenant_logs: typing.Optional[bool] = OMIT,
         dynamic_client_registration_security_mode: typing.Optional[
             TenantSettingsDynamicClientRegistrationSecurityMode
         ] = OMIT,
+        country_codes: typing.Optional[TenantSettingsCountryCodes] = OMIT,
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[UpdateTenantSettingsResponseContent]:
         """
@@ -612,15 +660,27 @@ async def update(
         session_lifetime : typing.Optional[int]
             Number of hours a session will stay valid.
 
+        session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes a session will stay valid. Cannot be specified together with `session_lifetime`.
+
         idle_session_lifetime : typing.Optional[int]
             Number of hours for which a session can be inactive before the user must log in again.
 
+        idle_session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes a session can be inactive before the user must log in again. Cannot be specified together with `idle_session_lifetime`.
+
         ephemeral_session_lifetime : typing.Optional[int]
             Number of hours an ephemeral (non-persistent) session will stay valid.
 
         idle_ephemeral_session_lifetime : typing.Optional[int]
             Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again.
 
+        ephemeral_session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes an ephemeral (non-persistent) session will stay valid. Cannot be specified together with `ephemeral_session_lifetime`.
+
+        idle_ephemeral_session_lifetime_in_minutes : typing.Optional[int]
+            Number of minutes an ephemeral (non-persistent) session can be inactive before the user must log in again. Cannot be specified together with `idle_ephemeral_session_lifetime`.
+
         sandbox_version : typing.Optional[str]
             Selected sandbox version for the extensibility environment
 
@@ -633,6 +693,8 @@ async def update(
         enabled_locales : typing.Optional[typing.Sequence[TenantSettingsSupportedLocalesEnum]]
             Supported locales for the user interface
 
+        security_headers : typing.Optional[TenantSettingsNullableSecurityHeaders]
+
         session_cookie : typing.Optional[SessionCookieSchema]
 
         sessions : typing.Optional[TenantSettingsSessions]
@@ -672,8 +734,13 @@ async def update(
         phone_consolidated_experience : typing.Optional[bool]
             Whether Phone Consolidated Experience is enabled for this tenant.
 
+        include_session_metadata_in_tenant_logs : typing.Optional[bool]
+            Whether session metadata is included in specific tenant logs (slo, oidc_backchannel_logout_failed, oidc_backchannel_logout_succeeded).
+
         dynamic_client_registration_security_mode : typing.Optional[TenantSettingsDynamicClientRegistrationSecurityMode]
 
+        country_codes : typing.Optional[TenantSettingsCountryCodes]
+
         request_options : typing.Optional[RequestOptions]
             Request-specific configuration.
 
@@ -712,13 +779,22 @@ async def update(
                 "support_url": support_url,
                 "allowed_logout_urls": allowed_logout_urls,
                 "session_lifetime": session_lifetime,
+                "session_lifetime_in_minutes": session_lifetime_in_minutes,
                 "idle_session_lifetime": idle_session_lifetime,
+                "idle_session_lifetime_in_minutes": idle_session_lifetime_in_minutes,
                 "ephemeral_session_lifetime": ephemeral_session_lifetime,
                 "idle_ephemeral_session_lifetime": idle_ephemeral_session_lifetime,
+                "ephemeral_session_lifetime_in_minutes": ephemeral_session_lifetime_in_minutes,
+                "idle_ephemeral_session_lifetime_in_minutes": idle_ephemeral_session_lifetime_in_minutes,
                 "sandbox_version": sandbox_version,
                 "legacy_sandbox_version": legacy_sandbox_version,
                 "default_redirection_uri": default_redirection_uri,
                 "enabled_locales": enabled_locales,
+                "security_headers": convert_and_respect_annotation_metadata(
+                    object_=security_headers,
+                    annotation=typing.Optional[TenantSettingsNullableSecurityHeaders],
+                    direction="write",
+                ),
                 "session_cookie": convert_and_respect_annotation_metadata(
                     object_=session_cookie, annotation=typing.Optional[SessionCookieSchema], direction="write"
                 ),
@@ -741,7 +817,11 @@ async def update(
                 "client_id_metadata_document_supported": client_id_metadata_document_supported,
                 "enable_ai_guide": enable_ai_guide,
                 "phone_consolidated_experience": phone_consolidated_experience,
+                "include_session_metadata_in_tenant_logs": include_session_metadata_in_tenant_logs,
                 "dynamic_client_registration_security_mode": dynamic_client_registration_security_mode,
+                "country_codes": convert_and_respect_annotation_metadata(
+                    object_=country_codes, annotation=typing.Optional[TenantSettingsCountryCodes], direction="write"
+                ),
             },
             headers={
                 "content-type": "application/json",
diff --git a/src/auth0/management/token_exchange_profiles/client.py b/src/auth0/management/token_exchange_profiles/client.py
index fb62916a..a63c12b1 100644
--- a/src/auth0/management/token_exchange_profiles/client.py
+++ b/src/auth0/management/token_exchange_profiles/client.py
@@ -41,15 +41,14 @@ def list(
         """
         Retrieve a list of all Token Exchange Profiles available in your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         This endpoint supports Checkpoint pagination. To search by checkpoint, use the following parameters:
-        <ul>
-        <li><code>from</code>: Optional id from which to start selection.</li>
-        <li><code>take</code>: The total amount of entries to retrieve when using the from parameter. Defaults to 50.</li>
-        </ul>
 
-        <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no pages are remaining.
+        - `from`: Optional id from which to start selection.
+        - `take`: The total amount of entries to retrieve when using the from parameter. Defaults to 50.
+
+        **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
 
         Parameters
         ----------
@@ -98,7 +97,7 @@ def create(
         """
         Create a new Token Exchange Profile within your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -150,7 +149,7 @@ def get(
         """
         Retrieve details about a single Token Exchange Profile specified by ID.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -183,7 +182,7 @@ def delete(self, id: str, *, request_options: typing.Optional[RequestOptions] =
         """
         Delete a Token Exchange Profile within your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</a>. It is your responsibility to securely validate the user's subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -222,7 +221,7 @@ def update(
         """
         Update a Token Exchange Profile within your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</a>. It is your responsibility to securely validate the user's subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -284,15 +283,14 @@ async def list(
         """
         Retrieve a list of all Token Exchange Profiles available in your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         This endpoint supports Checkpoint pagination. To search by checkpoint, use the following parameters:
-        <ul>
-        <li><code>from</code>: Optional id from which to start selection.</li>
-        <li><code>take</code>: The total amount of entries to retrieve when using the from parameter. Defaults to 50.</li>
-        </ul>
 
-        <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no pages are remaining.
+        - `from`: Optional id from which to start selection.
+        - `take`: The total amount of entries to retrieve when using the from parameter. Defaults to 50.
+
+        **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
 
         Parameters
         ----------
@@ -350,7 +348,7 @@ async def create(
         """
         Create a new Token Exchange Profile within your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -410,7 +408,7 @@ async def get(
         """
         Retrieve details about a single Token Exchange Profile specified by ID.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -451,7 +449,7 @@ async def delete(self, id: str, *, request_options: typing.Optional[RequestOptio
         """
         Delete a Token Exchange Profile within your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</a>. It is your responsibility to securely validate the user's subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -498,7 +496,7 @@ async def update(
         """
         Update a Token Exchange Profile within your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</a>. It is your responsibility to securely validate the user's subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
diff --git a/src/auth0/management/token_exchange_profiles/raw_client.py b/src/auth0/management/token_exchange_profiles/raw_client.py
index b270dcdb..31515b33 100644
--- a/src/auth0/management/token_exchange_profiles/raw_client.py
+++ b/src/auth0/management/token_exchange_profiles/raw_client.py
@@ -42,15 +42,14 @@ def list(
         """
         Retrieve a list of all Token Exchange Profiles available in your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         This endpoint supports Checkpoint pagination. To search by checkpoint, use the following parameters:
-        <ul>
-        <li><code>from</code>: Optional id from which to start selection.</li>
-        <li><code>take</code>: The total amount of entries to retrieve when using the from parameter. Defaults to 50.</li>
-        </ul>
 
-        <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no pages are remaining.
+        - `from`: Optional id from which to start selection.
+        - `take`: The total amount of entries to retrieve when using the from parameter. Defaults to 50.
+
+        **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
 
         Parameters
         ----------
@@ -160,7 +159,7 @@ def create(
         """
         Create a new Token Exchange Profile within your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -278,7 +277,7 @@ def get(
         """
         Retrieve details about a single Token Exchange Profile specified by ID.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -376,7 +375,7 @@ def delete(self, id: str, *, request_options: typing.Optional[RequestOptions] =
         """
         Delete a Token Exchange Profile within your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</a>. It is your responsibility to securely validate the user's subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -451,7 +450,7 @@ def update(
         """
         Update a Token Exchange Profile within your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</a>. It is your responsibility to securely validate the user's subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -531,6 +530,17 @@ def update(
                         ),
                     ),
                 )
+            if _response.status_code == 409:
+                raise ConflictError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -566,15 +576,14 @@ async def list(
         """
         Retrieve a list of all Token Exchange Profiles available in your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         This endpoint supports Checkpoint pagination. To search by checkpoint, use the following parameters:
-        <ul>
-        <li><code>from</code>: Optional id from which to start selection.</li>
-        <li><code>take</code>: The total amount of entries to retrieve when using the from parameter. Defaults to 50.</li>
-        </ul>
 
-        <b>Note</b>: The first time you call this endpoint using checkpoint pagination, omit the <code>from</code> parameter. If there are more results, a <code>next</code> value is included in the response. You can use this for subsequent API calls. When <code>next</code> is no longer included in the response, no pages are remaining.
+        - `from`: Optional id from which to start selection.
+        - `take`: The total amount of entries to retrieve when using the from parameter. Defaults to 50.
+
+        **Note**: The first time you call this endpoint using checkpoint pagination, omit the `from` parameter. If there are more results, a `next` value is included in the response. You can use this for subsequent API calls. When `next` is no longer included in the response, no pages are remaining.
 
         Parameters
         ----------
@@ -687,7 +696,7 @@ async def create(
         """
         Create a new Token Exchange Profile within your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -805,7 +814,7 @@ async def get(
         """
         Retrieve details about a single Token Exchange Profile specified by ID.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta’s Master Subscription Agreement</a>. It is your responsibility to securely validate the user’s subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta’s Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user’s subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -905,7 +914,7 @@ async def delete(
         """
         Delete a Token Exchange Profile within your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</a>. It is your responsibility to securely validate the user's subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -980,7 +989,7 @@ async def update(
         """
         Update a Token Exchange Profile within your tenant.
 
-        By using this feature, you agree to the applicable Free Trial terms in <a href="https://www.okta.com/legal/">Okta's Master Subscription Agreement</a>. It is your responsibility to securely validate the user's subject_token. See <a href="https://auth0.com/docs/authenticate/custom-token-exchange">User Guide</a> for more details.
+        By using this feature, you agree to the applicable Free Trial terms in [Okta's Master Subscription Agreement](https://www.okta.com/legal/). It is your responsibility to securely validate the user's subject_token. See [User Guide](https://auth0.com/docs/authenticate/custom-token-exchange) for more details.
 
         Parameters
         ----------
@@ -1060,6 +1069,17 @@ async def update(
                         ),
                     ),
                 )
+            if _response.status_code == 409:
+                raise ConflictError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/types/__init__.py b/src/auth0/management/types/__init__.py
index 8c65437e..514c7669 100644
--- a/src/auth0/management/types/__init__.py
+++ b/src/auth0/management/types/__init__.py
@@ -107,12 +107,7 @@
     from .bot_detection_monitoring_mode_enabled import BotDetectionMonitoringModeEnabled
     from .branding_colors import BrandingColors
     from .branding_font import BrandingFont
-    from .branding_identifiers import BrandingIdentifiers
-    from .branding_login_display_enum import BrandingLoginDisplayEnum
     from .branding_page_background import BrandingPageBackground
-    from .branding_phone_display import BrandingPhoneDisplay
-    from .branding_phone_formatting_enum import BrandingPhoneFormattingEnum
-    from .branding_phone_masking_enum import BrandingPhoneMaskingEnum
     from .branding_theme_borders import BrandingThemeBorders
     from .branding_theme_borders_buttons_style_enum import BrandingThemeBordersButtonsStyleEnum
     from .branding_theme_borders_inputs_style_enum import BrandingThemeBordersInputsStyleEnum
@@ -449,6 +444,7 @@
     from .connection_id import ConnectionId
     from .connection_id_token_encryption_alg_values_supported import ConnectionIdTokenEncryptionAlgValuesSupported
     from .connection_id_token_encryption_enc_values_supported import ConnectionIdTokenEncryptionEncValuesSupported
+    from .connection_id_token_session_expiry_supported import ConnectionIdTokenSessionExpirySupported
     from .connection_id_token_signed_response_alg_enum import ConnectionIdTokenSignedResponseAlgEnum
     from .connection_id_token_signed_response_algs import ConnectionIdTokenSignedResponseAlgs
     from .connection_id_token_signing_alg_values_supported import ConnectionIdTokenSigningAlgValuesSupported
@@ -825,6 +821,7 @@
     from .connection_waad_protocol import ConnectionWaadProtocol
     from .connection_waad_protocol_enum_azure_ad import ConnectionWaadProtocolEnumAzureAd
     from .connections_metadata import ConnectionsMetadata
+    from .content_security_policy_config import ContentSecurityPolicyConfig
     from .create_action_module_response_content import CreateActionModuleResponseContent
     from .create_action_module_version_response_content import CreateActionModuleVersionResponseContent
     from .create_action_response_content import CreateActionResponseContent
@@ -1119,6 +1116,18 @@
     from .created_user_authentication_method_type_enum import CreatedUserAuthenticationMethodTypeEnum
     from .credential_device_type_enum import CredentialDeviceTypeEnum
     from .credential_id import CredentialId
+    from .csp_directives import CspDirectives
+    from .csp_flag import CspFlag
+    from .csp_flags import CspFlags
+    from .csp_policies import CspPolicies
+    from .csp_policy import CspPolicy
+    from .csp_policy_mode import CspPolicyMode
+    from .csp_policy_reporting import CspPolicyReporting
+    from .csp_report_to import CspReportTo
+    from .csp_report_to_endpoint import CspReportToEndpoint
+    from .csp_report_to_endpoints import CspReportToEndpoints
+    from .csp_reporting_endpoints import CspReportingEndpoints
+    from .csp_reporting_infrastructure import CspReportingInfrastructure
     from .custom_domain import CustomDomain
     from .custom_domain_custom_client_ip_header import CustomDomainCustomClientIpHeader
     from .custom_domain_custom_client_ip_header_enum import CustomDomainCustomClientIpHeaderEnum
@@ -3131,6 +3140,10 @@
     from .synchronize_groups_enum import SynchronizeGroupsEnum
     from .synchronized_group_payload import SynchronizedGroupPayload
     from .tenant_oidc_logout_settings import TenantOidcLogoutSettings
+    from .tenant_settings_country_codes import TenantSettingsCountryCodes
+    from .tenant_settings_country_codes_mode import TenantSettingsCountryCodesMode
+    from .tenant_settings_country_codes_mode_response import TenantSettingsCountryCodesModeResponse
+    from .tenant_settings_country_codes_response import TenantSettingsCountryCodesResponse
     from .tenant_settings_device_flow import TenantSettingsDeviceFlow
     from .tenant_settings_device_flow_charset import TenantSettingsDeviceFlowCharset
     from .tenant_settings_dynamic_client_registration_security_mode import (
@@ -3140,6 +3153,7 @@
     from .tenant_settings_flags import TenantSettingsFlags
     from .tenant_settings_guardian_page import TenantSettingsGuardianPage
     from .tenant_settings_mtls import TenantSettingsMtls
+    from .tenant_settings_nullable_security_headers import TenantSettingsNullableSecurityHeaders
     from .tenant_settings_password_page import TenantSettingsPasswordPage
     from .tenant_settings_resource_parameter_profile import TenantSettingsResourceParameterProfile
     from .tenant_settings_sessions import TenantSettingsSessions
@@ -3170,12 +3184,7 @@
     from .update_bot_detection_settings_response_content import UpdateBotDetectionSettingsResponseContent
     from .update_branding_colors import UpdateBrandingColors
     from .update_branding_font import UpdateBrandingFont
-    from .update_branding_identifiers import UpdateBrandingIdentifiers
-    from .update_branding_login_display_enum import UpdateBrandingLoginDisplayEnum
     from .update_branding_page_background import UpdateBrandingPageBackground
-    from .update_branding_phone_display import UpdateBrandingPhoneDisplay
-    from .update_branding_phone_formatting_enum import UpdateBrandingPhoneFormattingEnum
-    from .update_branding_phone_masking_enum import UpdateBrandingPhoneMaskingEnum
     from .update_branding_phone_provider_response_content import UpdateBrandingPhoneProviderResponseContent
     from .update_branding_response_content import UpdateBrandingResponseContent
     from .update_branding_theme_response_content import UpdateBrandingThemeResponseContent
@@ -3371,6 +3380,8 @@
     from .verify_email_ticket_response_content import VerifyEmailTicketResponseContent
     from .x_509_certificate_credential import X509CertificateCredential
     from .x_509_certificate_credential_type_enum import X509CertificateCredentialTypeEnum
+    from .xss_protection_config import XssProtectionConfig
+    from .xss_protection_mode import XssProtectionMode
 _dynamic_imports: typing.Dict[str, str] = {
     "Action": ".action",
     "ActionBase": ".action_base",
@@ -3461,12 +3472,7 @@
     "BotDetectionMonitoringModeEnabled": ".bot_detection_monitoring_mode_enabled",
     "BrandingColors": ".branding_colors",
     "BrandingFont": ".branding_font",
-    "BrandingIdentifiers": ".branding_identifiers",
-    "BrandingLoginDisplayEnum": ".branding_login_display_enum",
     "BrandingPageBackground": ".branding_page_background",
-    "BrandingPhoneDisplay": ".branding_phone_display",
-    "BrandingPhoneFormattingEnum": ".branding_phone_formatting_enum",
-    "BrandingPhoneMaskingEnum": ".branding_phone_masking_enum",
     "BrandingThemeBorders": ".branding_theme_borders",
     "BrandingThemeBordersButtonsStyleEnum": ".branding_theme_borders_buttons_style_enum",
     "BrandingThemeBordersInputsStyleEnum": ".branding_theme_borders_inputs_style_enum",
@@ -3771,6 +3777,7 @@
     "ConnectionId": ".connection_id",
     "ConnectionIdTokenEncryptionAlgValuesSupported": ".connection_id_token_encryption_alg_values_supported",
     "ConnectionIdTokenEncryptionEncValuesSupported": ".connection_id_token_encryption_enc_values_supported",
+    "ConnectionIdTokenSessionExpirySupported": ".connection_id_token_session_expiry_supported",
     "ConnectionIdTokenSignedResponseAlgEnum": ".connection_id_token_signed_response_alg_enum",
     "ConnectionIdTokenSignedResponseAlgs": ".connection_id_token_signed_response_algs",
     "ConnectionIdTokenSigningAlgValuesSupported": ".connection_id_token_signing_alg_values_supported",
@@ -4127,6 +4134,7 @@
     "ConnectionWaadProtocol": ".connection_waad_protocol",
     "ConnectionWaadProtocolEnumAzureAd": ".connection_waad_protocol_enum_azure_ad",
     "ConnectionsMetadata": ".connections_metadata",
+    "ContentSecurityPolicyConfig": ".content_security_policy_config",
     "CreateActionModuleResponseContent": ".create_action_module_response_content",
     "CreateActionModuleVersionResponseContent": ".create_action_module_version_response_content",
     "CreateActionResponseContent": ".create_action_response_content",
@@ -4383,6 +4391,18 @@
     "CreatedUserAuthenticationMethodTypeEnum": ".created_user_authentication_method_type_enum",
     "CredentialDeviceTypeEnum": ".credential_device_type_enum",
     "CredentialId": ".credential_id",
+    "CspDirectives": ".csp_directives",
+    "CspFlag": ".csp_flag",
+    "CspFlags": ".csp_flags",
+    "CspPolicies": ".csp_policies",
+    "CspPolicy": ".csp_policy",
+    "CspPolicyMode": ".csp_policy_mode",
+    "CspPolicyReporting": ".csp_policy_reporting",
+    "CspReportTo": ".csp_report_to",
+    "CspReportToEndpoint": ".csp_report_to_endpoint",
+    "CspReportToEndpoints": ".csp_report_to_endpoints",
+    "CspReportingEndpoints": ".csp_reporting_endpoints",
+    "CspReportingInfrastructure": ".csp_reporting_infrastructure",
     "CustomDomain": ".custom_domain",
     "CustomDomainCustomClientIpHeader": ".custom_domain_custom_client_ip_header",
     "CustomDomainCustomClientIpHeaderEnum": ".custom_domain_custom_client_ip_header_enum",
@@ -5869,6 +5889,10 @@
     "SynchronizeGroupsEnum": ".synchronize_groups_enum",
     "SynchronizedGroupPayload": ".synchronized_group_payload",
     "TenantOidcLogoutSettings": ".tenant_oidc_logout_settings",
+    "TenantSettingsCountryCodes": ".tenant_settings_country_codes",
+    "TenantSettingsCountryCodesMode": ".tenant_settings_country_codes_mode",
+    "TenantSettingsCountryCodesModeResponse": ".tenant_settings_country_codes_mode_response",
+    "TenantSettingsCountryCodesResponse": ".tenant_settings_country_codes_response",
     "TenantSettingsDeviceFlow": ".tenant_settings_device_flow",
     "TenantSettingsDeviceFlowCharset": ".tenant_settings_device_flow_charset",
     "TenantSettingsDynamicClientRegistrationSecurityMode": ".tenant_settings_dynamic_client_registration_security_mode",
@@ -5876,6 +5900,7 @@
     "TenantSettingsFlags": ".tenant_settings_flags",
     "TenantSettingsGuardianPage": ".tenant_settings_guardian_page",
     "TenantSettingsMtls": ".tenant_settings_mtls",
+    "TenantSettingsNullableSecurityHeaders": ".tenant_settings_nullable_security_headers",
     "TenantSettingsPasswordPage": ".tenant_settings_password_page",
     "TenantSettingsResourceParameterProfile": ".tenant_settings_resource_parameter_profile",
     "TenantSettingsSessions": ".tenant_settings_sessions",
@@ -5906,12 +5931,7 @@
     "UpdateBotDetectionSettingsResponseContent": ".update_bot_detection_settings_response_content",
     "UpdateBrandingColors": ".update_branding_colors",
     "UpdateBrandingFont": ".update_branding_font",
-    "UpdateBrandingIdentifiers": ".update_branding_identifiers",
-    "UpdateBrandingLoginDisplayEnum": ".update_branding_login_display_enum",
     "UpdateBrandingPageBackground": ".update_branding_page_background",
-    "UpdateBrandingPhoneDisplay": ".update_branding_phone_display",
-    "UpdateBrandingPhoneFormattingEnum": ".update_branding_phone_formatting_enum",
-    "UpdateBrandingPhoneMaskingEnum": ".update_branding_phone_masking_enum",
     "UpdateBrandingPhoneProviderResponseContent": ".update_branding_phone_provider_response_content",
     "UpdateBrandingResponseContent": ".update_branding_response_content",
     "UpdateBrandingThemeResponseContent": ".update_branding_theme_response_content",
@@ -6081,6 +6101,8 @@
     "VerifyEmailTicketResponseContent": ".verify_email_ticket_response_content",
     "X509CertificateCredential": ".x_509_certificate_credential",
     "X509CertificateCredentialTypeEnum": ".x_509_certificate_credential_type_enum",
+    "XssProtectionConfig": ".xss_protection_config",
+    "XssProtectionMode": ".xss_protection_mode",
 }
 
 
@@ -6195,12 +6217,7 @@ def __dir__():
     "BotDetectionMonitoringModeEnabled",
     "BrandingColors",
     "BrandingFont",
-    "BrandingIdentifiers",
-    "BrandingLoginDisplayEnum",
     "BrandingPageBackground",
-    "BrandingPhoneDisplay",
-    "BrandingPhoneFormattingEnum",
-    "BrandingPhoneMaskingEnum",
     "BrandingThemeBorders",
     "BrandingThemeBordersButtonsStyleEnum",
     "BrandingThemeBordersInputsStyleEnum",
@@ -6505,6 +6522,7 @@ def __dir__():
     "ConnectionId",
     "ConnectionIdTokenEncryptionAlgValuesSupported",
     "ConnectionIdTokenEncryptionEncValuesSupported",
+    "ConnectionIdTokenSessionExpirySupported",
     "ConnectionIdTokenSignedResponseAlgEnum",
     "ConnectionIdTokenSignedResponseAlgs",
     "ConnectionIdTokenSigningAlgValuesSupported",
@@ -6861,6 +6879,7 @@ def __dir__():
     "ConnectionWaadProtocol",
     "ConnectionWaadProtocolEnumAzureAd",
     "ConnectionsMetadata",
+    "ContentSecurityPolicyConfig",
     "CreateActionModuleResponseContent",
     "CreateActionModuleVersionResponseContent",
     "CreateActionResponseContent",
@@ -7117,6 +7136,18 @@ def __dir__():
     "CreatedUserAuthenticationMethodTypeEnum",
     "CredentialDeviceTypeEnum",
     "CredentialId",
+    "CspDirectives",
+    "CspFlag",
+    "CspFlags",
+    "CspPolicies",
+    "CspPolicy",
+    "CspPolicyMode",
+    "CspPolicyReporting",
+    "CspReportTo",
+    "CspReportToEndpoint",
+    "CspReportToEndpoints",
+    "CspReportingEndpoints",
+    "CspReportingInfrastructure",
     "CustomDomain",
     "CustomDomainCustomClientIpHeader",
     "CustomDomainCustomClientIpHeaderEnum",
@@ -8603,6 +8634,10 @@ def __dir__():
     "SynchronizeGroupsEnum",
     "SynchronizedGroupPayload",
     "TenantOidcLogoutSettings",
+    "TenantSettingsCountryCodes",
+    "TenantSettingsCountryCodesMode",
+    "TenantSettingsCountryCodesModeResponse",
+    "TenantSettingsCountryCodesResponse",
     "TenantSettingsDeviceFlow",
     "TenantSettingsDeviceFlowCharset",
     "TenantSettingsDynamicClientRegistrationSecurityMode",
@@ -8610,6 +8645,7 @@ def __dir__():
     "TenantSettingsFlags",
     "TenantSettingsGuardianPage",
     "TenantSettingsMtls",
+    "TenantSettingsNullableSecurityHeaders",
     "TenantSettingsPasswordPage",
     "TenantSettingsResourceParameterProfile",
     "TenantSettingsSessions",
@@ -8640,12 +8676,7 @@ def __dir__():
     "UpdateBotDetectionSettingsResponseContent",
     "UpdateBrandingColors",
     "UpdateBrandingFont",
-    "UpdateBrandingIdentifiers",
-    "UpdateBrandingLoginDisplayEnum",
     "UpdateBrandingPageBackground",
-    "UpdateBrandingPhoneDisplay",
-    "UpdateBrandingPhoneFormattingEnum",
-    "UpdateBrandingPhoneMaskingEnum",
     "UpdateBrandingPhoneProviderResponseContent",
     "UpdateBrandingResponseContent",
     "UpdateBrandingThemeResponseContent",
@@ -8815,4 +8846,6 @@ def __dir__():
     "VerifyEmailTicketResponseContent",
     "X509CertificateCredential",
     "X509CertificateCredentialTypeEnum",
+    "XssProtectionConfig",
+    "XssProtectionMode",
 ]
diff --git a/src/auth0/management/types/acul_context_enum.py b/src/auth0/management/types/acul_context_enum.py
index 9627470f..ca924aad 100644
--- a/src/auth0/management/types/acul_context_enum.py
+++ b/src/auth0/management/types/acul_context_enum.py
@@ -21,6 +21,7 @@
         "untrusted_data.authorization_params.ui_locales",
         "user.organizations",
         "transaction.custom_domain.domain",
+        "experiment",
     ],
     typing.Any,
 ]
diff --git a/src/auth0/management/types/branding_login_display_enum.py b/src/auth0/management/types/branding_login_display_enum.py
deleted file mode 100644
index 16f9096e..00000000
--- a/src/auth0/management/types/branding_login_display_enum.py
+++ /dev/null
@@ -1,5 +0,0 @@
-# This file was auto-generated by Fern from our API Definition.
-
-import typing
-
-BrandingLoginDisplayEnum = typing.Union[typing.Literal["unified", "separate"], typing.Any]
diff --git a/src/auth0/management/types/branding_phone_formatting_enum.py b/src/auth0/management/types/branding_phone_formatting_enum.py
deleted file mode 100644
index a4867f42..00000000
--- a/src/auth0/management/types/branding_phone_formatting_enum.py
+++ /dev/null
@@ -1,5 +0,0 @@
-# This file was auto-generated by Fern from our API Definition.
-
-import typing
-
-BrandingPhoneFormattingEnum = typing.Union[typing.Literal["regional", "international"], typing.Any]
diff --git a/src/auth0/management/types/branding_phone_masking_enum.py b/src/auth0/management/types/branding_phone_masking_enum.py
deleted file mode 100644
index 3eca30b9..00000000
--- a/src/auth0/management/types/branding_phone_masking_enum.py
+++ /dev/null
@@ -1,5 +0,0 @@
-# This file was auto-generated by Fern from our API Definition.
-
-import typing
-
-BrandingPhoneMaskingEnum = typing.Union[typing.Literal["show_all", "hide_country_code", "mask_digits"], typing.Any]
diff --git a/src/auth0/management/types/client_my_organization_patch_configuration.py b/src/auth0/management/types/client_my_organization_patch_configuration.py
index a754e0dc..4eb70a77 100644
--- a/src/auth0/management/types/client_my_organization_patch_configuration.py
+++ b/src/auth0/management/types/client_my_organization_patch_configuration.py
@@ -31,6 +31,10 @@ class ClientMyOrganizationPatchConfiguration(UniversalBaseModel):
     """
 
     connection_deletion_behavior: ClientMyOrganizationDeletionBehaviorEnum
+    invitation_landing_client_id: typing.Optional[str] = pydantic.Field(default=None)
+    """
+    The client ID this client uses while creating invitations through My Organization API.
+    """
 
     if IS_PYDANTIC_V2:
         model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
diff --git a/src/auth0/management/types/client_my_organization_post_configuration.py b/src/auth0/management/types/client_my_organization_post_configuration.py
index 3296fc79..6055ead0 100644
--- a/src/auth0/management/types/client_my_organization_post_configuration.py
+++ b/src/auth0/management/types/client_my_organization_post_configuration.py
@@ -31,6 +31,10 @@ class ClientMyOrganizationPostConfiguration(UniversalBaseModel):
     """
 
     connection_deletion_behavior: ClientMyOrganizationDeletionBehaviorEnum
+    invitation_landing_client_id: typing.Optional[str] = pydantic.Field(default=None)
+    """
+    The client ID this client uses while creating invitations through My Organization API.
+    """
 
     if IS_PYDANTIC_V2:
         model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
diff --git a/src/auth0/management/types/client_my_organization_response_configuration.py b/src/auth0/management/types/client_my_organization_response_configuration.py
index 4a123842..4f98f3ab 100644
--- a/src/auth0/management/types/client_my_organization_response_configuration.py
+++ b/src/auth0/management/types/client_my_organization_response_configuration.py
@@ -31,6 +31,10 @@ class ClientMyOrganizationResponseConfiguration(UniversalBaseModel):
     """
 
     connection_deletion_behavior: ClientMyOrganizationDeletionBehaviorEnum
+    invitation_landing_client_id: typing.Optional[str] = pydantic.Field(default=None)
+    """
+    The client ID this client uses while creating invitations through My Organization API.
+    """
 
     if IS_PYDANTIC_V2:
         model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
diff --git a/src/auth0/management/types/connection_id_token_session_expiry_supported.py b/src/auth0/management/types/connection_id_token_session_expiry_supported.py
new file mode 100644
index 00000000..7c8e3894
--- /dev/null
+++ b/src/auth0/management/types/connection_id_token_session_expiry_supported.py
@@ -0,0 +1,6 @@
+# This file was auto-generated by Fern from our API Definition.
+
+ConnectionIdTokenSessionExpirySupported = bool
+"""
+Indicates whether the identity provider supports session expiry via the id_token. If true, the system will use the session_expiry claim in the id_token to determine session expiry.
+"""
diff --git a/src/auth0/management/types/connection_options_common_oidc.py b/src/auth0/management/types/connection_options_common_oidc.py
index af151e7d..40a764a9 100644
--- a/src/auth0/management/types/connection_options_common_oidc.py
+++ b/src/auth0/management/types/connection_options_common_oidc.py
@@ -12,6 +12,7 @@
 from .connection_dpop_signing_alg_enum import ConnectionDpopSigningAlgEnum
 from .connection_federated_connections_access_tokens import ConnectionFederatedConnectionsAccessTokens
 from .connection_icon_url import ConnectionIconUrl
+from .connection_id_token_session_expiry_supported import ConnectionIdTokenSessionExpirySupported
 from .connection_id_token_signed_response_algs import ConnectionIdTokenSignedResponseAlgs
 from .connection_issuer import ConnectionIssuer
 from .connection_jwks_uri import ConnectionJwksUri
@@ -41,6 +42,7 @@ class ConnectionOptionsCommonOidc(UniversalBaseModel):
     dpop_signing_alg: typing.Optional[ConnectionDpopSigningAlgEnum] = None
     federated_connections_access_tokens: typing.Optional[ConnectionFederatedConnectionsAccessTokens] = None
     icon_url: typing.Optional[ConnectionIconUrl] = None
+    id_token_session_expiry_supported: typing.Optional[ConnectionIdTokenSessionExpirySupported] = None
     id_token_signed_response_algs: typing.Optional[ConnectionIdTokenSignedResponseAlgs] = None
     issuer: typing.Optional[ConnectionIssuer] = None
     jwks_uri: typing.Optional[ConnectionJwksUri] = None
diff --git a/src/auth0/management/types/connection_properties_options.py b/src/auth0/management/types/connection_properties_options.py
index 848c1a2f..6fb288da 100644
--- a/src/auth0/management/types/connection_properties_options.py
+++ b/src/auth0/management/types/connection_properties_options.py
@@ -13,6 +13,7 @@
 from .connection_dpop_signing_alg_enum import ConnectionDpopSigningAlgEnum
 from .connection_federated_connections_access_tokens import ConnectionFederatedConnectionsAccessTokens
 from .connection_gateway_authentication import ConnectionGatewayAuthentication
+from .connection_id_token_session_expiry_supported import ConnectionIdTokenSessionExpirySupported
 from .connection_id_token_signed_response_algs import ConnectionIdTokenSignedResponseAlgs
 from .connection_identifier_precedence_enum import ConnectionIdentifierPrecedenceEnum
 from .connection_passkey_options import ConnectionPasskeyOptions
@@ -104,6 +105,7 @@ class ConnectionPropertiesOptions(UniversalBaseModel):
     token_endpoint_auth_method: typing.Optional[ConnectionTokenEndpointAuthMethodEnum] = None
     token_endpoint_auth_signing_alg: typing.Optional[ConnectionTokenEndpointAuthSigningAlgEnum] = None
     token_endpoint_jwtca_aud_format: typing.Optional[ConnectionTokenEndpointJwtcaAudFormatEnumOidc] = None
+    id_token_session_expiry_supported: typing.Optional[ConnectionIdTokenSessionExpirySupported] = None
 
     if IS_PYDANTIC_V2:
         model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
diff --git a/src/auth0/management/types/branding_identifiers.py b/src/auth0/management/types/content_security_policy_config.py
similarity index 50%
rename from src/auth0/management/types/branding_identifiers.py
rename to src/auth0/management/types/content_security_policy_config.py
index 9be4f687..bd98e7bc 100644
--- a/src/auth0/management/types/branding_identifiers.py
+++ b/src/auth0/management/types/content_security_policy_config.py
@@ -4,22 +4,22 @@
 
 import pydantic
 from ..core.pydantic_utilities import IS_PYDANTIC_V2, UniversalBaseModel
-from .branding_login_display_enum import BrandingLoginDisplayEnum
-from .branding_phone_display import BrandingPhoneDisplay
+from .csp_policies import CspPolicies
+from .csp_reporting_infrastructure import CspReportingInfrastructure
 
 
-class BrandingIdentifiers(UniversalBaseModel):
+class ContentSecurityPolicyConfig(UniversalBaseModel):
     """
-    Identifier input display settings.
+    Content Security Policy configuration with multi-policy support.
     """
 
-    login_display: typing.Optional[BrandingLoginDisplayEnum] = None
-    otp_autocomplete: typing.Optional[bool] = pydantic.Field(default=None)
+    enabled: typing.Optional[bool] = pydantic.Field(default=None)
     """
-    Whether OTP autocomplete (autocomplete="one-time-code") is enabled.
+    Whether CSP is enabled.
     """
 
-    phone_display: typing.Optional[BrandingPhoneDisplay] = None
+    policies: typing.Optional[CspPolicies] = None
+    reporting_infrastructure: typing.Optional[CspReportingInfrastructure] = None
 
     if IS_PYDANTIC_V2:
         model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
diff --git a/src/auth0/management/types/create_phone_template_response_content.py b/src/auth0/management/types/create_phone_template_response_content.py
index d7900dd8..a7c5bffd 100644
--- a/src/auth0/management/types/create_phone_template_response_content.py
+++ b/src/auth0/management/types/create_phone_template_response_content.py
@@ -9,7 +9,7 @@
 
 
 class CreatePhoneTemplateResponseContent(UniversalBaseModel):
-    id: str
+    id: typing.Optional[str] = None
     channel: typing.Optional[str] = None
     customizable: typing.Optional[bool] = None
     tenant: typing.Optional[str] = None
diff --git a/src/auth0/management/types/csp_directives.py b/src/auth0/management/types/csp_directives.py
new file mode 100644
index 00000000..1256fbab
--- /dev/null
+++ b/src/auth0/management/types/csp_directives.py
@@ -0,0 +1,8 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+CspDirectives = typing.Dict[str, typing.List[str]]
+"""
+CSP directives map. Keys are directive names, values are arrays of directive values.
+"""
diff --git a/src/auth0/management/types/csp_flag.py b/src/auth0/management/types/csp_flag.py
new file mode 100644
index 00000000..009249ae
--- /dev/null
+++ b/src/auth0/management/types/csp_flag.py
@@ -0,0 +1,5 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+CspFlag = typing.Union[typing.Literal["upgrade-insecure-requests", "block-all-mixed-content"], typing.Any]
diff --git a/src/auth0/management/types/csp_flags.py b/src/auth0/management/types/csp_flags.py
new file mode 100644
index 00000000..eff524fa
--- /dev/null
+++ b/src/auth0/management/types/csp_flags.py
@@ -0,0 +1,10 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+from .csp_flag import CspFlag
+
+CspFlags = typing.List[CspFlag]
+"""
+CSP flags (bare directives without values).
+"""
diff --git a/src/auth0/management/types/csp_policies.py b/src/auth0/management/types/csp_policies.py
new file mode 100644
index 00000000..29f534b2
--- /dev/null
+++ b/src/auth0/management/types/csp_policies.py
@@ -0,0 +1,10 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+from .csp_policy import CspPolicy
+
+CspPolicies = typing.List[CspPolicy]
+"""
+Array of CSP policies (enforcing and/or reporting).
+"""
diff --git a/src/auth0/management/types/csp_policy.py b/src/auth0/management/types/csp_policy.py
new file mode 100644
index 00000000..29572f89
--- /dev/null
+++ b/src/auth0/management/types/csp_policy.py
@@ -0,0 +1,30 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+import pydantic
+from ..core.pydantic_utilities import IS_PYDANTIC_V2, UniversalBaseModel
+from .csp_directives import CspDirectives
+from .csp_flags import CspFlags
+from .csp_policy_mode import CspPolicyMode
+from .csp_policy_reporting import CspPolicyReporting
+
+
+class CspPolicy(UniversalBaseModel):
+    """
+    A single CSP policy with mode, directives, flags, and optional reporting.
+    """
+
+    mode: typing.Optional[CspPolicyMode] = None
+    directives: typing.Optional[CspDirectives] = None
+    flags: typing.Optional[CspFlags] = None
+    reporting: typing.Optional[CspPolicyReporting] = None
+
+    if IS_PYDANTIC_V2:
+        model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
+    else:
+
+        class Config:
+            frozen = True
+            smart_union = True
+            extra = pydantic.Extra.allow
diff --git a/src/auth0/management/types/csp_policy_mode.py b/src/auth0/management/types/csp_policy_mode.py
new file mode 100644
index 00000000..0023d028
--- /dev/null
+++ b/src/auth0/management/types/csp_policy_mode.py
@@ -0,0 +1,5 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+CspPolicyMode = typing.Union[typing.Literal["enforcing", "reporting"], typing.Any]
diff --git a/src/auth0/management/types/csp_policy_reporting.py b/src/auth0/management/types/csp_policy_reporting.py
new file mode 100644
index 00000000..347eedf3
--- /dev/null
+++ b/src/auth0/management/types/csp_policy_reporting.py
@@ -0,0 +1,31 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+import pydantic
+from ..core.pydantic_utilities import IS_PYDANTIC_V2, UniversalBaseModel
+
+
+class CspPolicyReporting(UniversalBaseModel):
+    """
+    Per-policy reporting configuration.
+    """
+
+    report_uri: typing.Optional[str] = pydantic.Field(default=None)
+    """
+    HTTPS endpoint for CSP violation reports.
+    """
+
+    report_to_group: typing.Optional[str] = pydantic.Field(default=None)
+    """
+    Report-To group name for modern reporting.
+    """
+
+    if IS_PYDANTIC_V2:
+        model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
+    else:
+
+        class Config:
+            frozen = True
+            smart_union = True
+            extra = pydantic.Extra.allow
diff --git a/src/auth0/management/types/csp_report_to.py b/src/auth0/management/types/csp_report_to.py
new file mode 100644
index 00000000..6f57b5e3
--- /dev/null
+++ b/src/auth0/management/types/csp_report_to.py
@@ -0,0 +1,34 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+import pydantic
+from ..core.pydantic_utilities import IS_PYDANTIC_V2, UniversalBaseModel
+from .csp_report_to_endpoints import CspReportToEndpoints
+
+
+class CspReportTo(UniversalBaseModel):
+    """
+    Report-To header configuration.
+    """
+
+    group: typing.Optional[str] = pydantic.Field(default=None)
+    """
+    Reporting group identifier.
+    """
+
+    max_age: typing.Optional[int] = pydantic.Field(default=None)
+    """
+    Maximum age in seconds for the Report-To header.
+    """
+
+    endpoints: typing.Optional[CspReportToEndpoints] = None
+
+    if IS_PYDANTIC_V2:
+        model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
+    else:
+
+        class Config:
+            frozen = True
+            smart_union = True
+            extra = pydantic.Extra.allow
diff --git a/src/auth0/management/types/update_branding_phone_display.py b/src/auth0/management/types/csp_report_to_endpoint.py
similarity index 58%
rename from src/auth0/management/types/update_branding_phone_display.py
rename to src/auth0/management/types/csp_report_to_endpoint.py
index 90ac0d68..cc207b62 100644
--- a/src/auth0/management/types/update_branding_phone_display.py
+++ b/src/auth0/management/types/csp_report_to_endpoint.py
@@ -4,17 +4,17 @@
 
 import pydantic
 from ..core.pydantic_utilities import IS_PYDANTIC_V2, UniversalBaseModel
-from .update_branding_phone_formatting_enum import UpdateBrandingPhoneFormattingEnum
-from .update_branding_phone_masking_enum import UpdateBrandingPhoneMaskingEnum
 
 
-class UpdateBrandingPhoneDisplay(UniversalBaseModel):
+class CspReportToEndpoint(UniversalBaseModel):
     """
-    Phone number display settings.
+    A single reporting endpoint.
     """
 
-    masking: UpdateBrandingPhoneMaskingEnum
-    formatting: UpdateBrandingPhoneFormattingEnum
+    url: typing.Optional[str] = pydantic.Field(default=None)
+    """
+    HTTPS URL for the reporting endpoint.
+    """
 
     if IS_PYDANTIC_V2:
         model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
diff --git a/src/auth0/management/types/csp_report_to_endpoints.py b/src/auth0/management/types/csp_report_to_endpoints.py
new file mode 100644
index 00000000..b6855986
--- /dev/null
+++ b/src/auth0/management/types/csp_report_to_endpoints.py
@@ -0,0 +1,10 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+from .csp_report_to_endpoint import CspReportToEndpoint
+
+CspReportToEndpoints = typing.List[CspReportToEndpoint]
+"""
+Array of reporting endpoints.
+"""
diff --git a/src/auth0/management/types/csp_reporting_endpoints.py b/src/auth0/management/types/csp_reporting_endpoints.py
new file mode 100644
index 00000000..346eb20a
--- /dev/null
+++ b/src/auth0/management/types/csp_reporting_endpoints.py
@@ -0,0 +1,8 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+CspReportingEndpoints = typing.Dict[str, str]
+"""
+Reporting-Endpoints header configuration (key-value pairs).
+"""
diff --git a/src/auth0/management/types/branding_phone_display.py b/src/auth0/management/types/csp_reporting_infrastructure.py
similarity index 57%
rename from src/auth0/management/types/branding_phone_display.py
rename to src/auth0/management/types/csp_reporting_infrastructure.py
index 70e99a39..5710abaf 100644
--- a/src/auth0/management/types/branding_phone_display.py
+++ b/src/auth0/management/types/csp_reporting_infrastructure.py
@@ -4,17 +4,17 @@
 
 import pydantic
 from ..core.pydantic_utilities import IS_PYDANTIC_V2, UniversalBaseModel
-from .branding_phone_formatting_enum import BrandingPhoneFormattingEnum
-from .branding_phone_masking_enum import BrandingPhoneMaskingEnum
+from .csp_report_to import CspReportTo
+from .csp_reporting_endpoints import CspReportingEndpoints
 
 
-class BrandingPhoneDisplay(UniversalBaseModel):
+class CspReportingInfrastructure(UniversalBaseModel):
     """
-    Phone number display settings.
+    Global reporting infrastructure configuration.
     """
 
-    masking: typing.Optional[BrandingPhoneMaskingEnum] = None
-    formatting: typing.Optional[BrandingPhoneFormattingEnum] = None
+    report_to: typing.Optional[CspReportTo] = None
+    reporting_endpoints: typing.Optional[CspReportingEndpoints] = None
 
     if IS_PYDANTIC_V2:
         model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
diff --git a/src/auth0/management/types/get_branding_response_content.py b/src/auth0/management/types/get_branding_response_content.py
index c7c7ec8d..d510b59f 100644
--- a/src/auth0/management/types/get_branding_response_content.py
+++ b/src/auth0/management/types/get_branding_response_content.py
@@ -6,7 +6,6 @@
 from ..core.pydantic_utilities import IS_PYDANTIC_V2, UniversalBaseModel
 from .branding_colors import BrandingColors
 from .branding_font import BrandingFont
-from .branding_identifiers import BrandingIdentifiers
 
 
 class GetBrandingResponseContent(UniversalBaseModel):
@@ -21,7 +20,6 @@ class GetBrandingResponseContent(UniversalBaseModel):
     URL for the logo. Must use HTTPS.
     """
 
-    identifiers: typing.Optional[BrandingIdentifiers] = None
     font: typing.Optional[BrandingFont] = None
 
     if IS_PYDANTIC_V2:
diff --git a/src/auth0/management/types/get_phone_template_response_content.py b/src/auth0/management/types/get_phone_template_response_content.py
index 04e7c669..ade414d7 100644
--- a/src/auth0/management/types/get_phone_template_response_content.py
+++ b/src/auth0/management/types/get_phone_template_response_content.py
@@ -9,7 +9,7 @@
 
 
 class GetPhoneTemplateResponseContent(UniversalBaseModel):
-    id: str
+    id: typing.Optional[str] = None
     channel: typing.Optional[str] = None
     customizable: typing.Optional[bool] = None
     tenant: typing.Optional[str] = None
diff --git a/src/auth0/management/types/get_tenant_settings_response_content.py b/src/auth0/management/types/get_tenant_settings_response_content.py
index e17e0316..b75fecb7 100644
--- a/src/auth0/management/types/get_tenant_settings_response_content.py
+++ b/src/auth0/management/types/get_tenant_settings_response_content.py
@@ -8,6 +8,7 @@
 from .session_cookie_schema import SessionCookieSchema
 from .supported_locales import SupportedLocales
 from .tenant_oidc_logout_settings import TenantOidcLogoutSettings
+from .tenant_settings_country_codes_response import TenantSettingsCountryCodesResponse
 from .tenant_settings_device_flow import TenantSettingsDeviceFlow
 from .tenant_settings_dynamic_client_registration_security_mode import (
     TenantSettingsDynamicClientRegistrationSecurityMode,
@@ -16,6 +17,7 @@
 from .tenant_settings_flags import TenantSettingsFlags
 from .tenant_settings_guardian_page import TenantSettingsGuardianPage
 from .tenant_settings_mtls import TenantSettingsMtls
+from .tenant_settings_nullable_security_headers import TenantSettingsNullableSecurityHeaders
 from .tenant_settings_password_page import TenantSettingsPasswordPage
 from .tenant_settings_resource_parameter_profile import TenantSettingsResourceParameterProfile
 from .tenant_settings_sessions import TenantSettingsSessions
@@ -108,6 +110,7 @@ class GetTenantSettingsResponseContent(UniversalBaseModel):
     Supported locales for the user interface.
     """
 
+    security_headers: typing.Optional[TenantSettingsNullableSecurityHeaders] = None
     session_cookie: typing.Optional[SessionCookieSchema] = None
     sessions: typing.Optional[TenantSettingsSessions] = None
     oidc_logout: typing.Optional[TenantOidcLogoutSettings] = None
@@ -160,9 +163,15 @@ class GetTenantSettingsResponseContent(UniversalBaseModel):
     Whether Auth0 Guide (AI-powered assistance) is enabled for this tenant.
     """
 
+    include_session_metadata_in_tenant_logs: typing.Optional[bool] = pydantic.Field(default=None)
+    """
+    Whether session metadata is included in specific tenant logs (slo, oidc_backchannel_logout_failed, oidc_backchannel_logout_succeeded).
+    """
+
     dynamic_client_registration_security_mode: typing.Optional[TenantSettingsDynamicClientRegistrationSecurityMode] = (
         None
     )
+    country_codes: typing.Optional[TenantSettingsCountryCodesResponse] = None
 
     if IS_PYDANTIC_V2:
         model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
diff --git a/src/auth0/management/types/patch_rate_limit_policy_configuration_request_content_action.py b/src/auth0/management/types/patch_rate_limit_policy_configuration_request_content_action.py
index 8f2793c1..4c5af507 100644
--- a/src/auth0/management/types/patch_rate_limit_policy_configuration_request_content_action.py
+++ b/src/auth0/management/types/patch_rate_limit_policy_configuration_request_content_action.py
@@ -17,7 +17,7 @@ class PatchRateLimitPolicyConfigurationRequestContentAction(UniversalBaseModel):
 
     limit: int = pydantic.Field()
     """
-    The maximum number of requests allowed in a single refresh window.
+    The maximum number of requests allowed per second.
     """
 
     redirect_uri: str = pydantic.Field()
diff --git a/src/auth0/management/types/patch_rate_limit_policy_configuration_request_content_one.py b/src/auth0/management/types/patch_rate_limit_policy_configuration_request_content_one.py
index fee3c933..20b69ea4 100644
--- a/src/auth0/management/types/patch_rate_limit_policy_configuration_request_content_one.py
+++ b/src/auth0/management/types/patch_rate_limit_policy_configuration_request_content_one.py
@@ -17,7 +17,7 @@ class PatchRateLimitPolicyConfigurationRequestContentOne(UniversalBaseModel):
 
     limit: int = pydantic.Field()
     """
-    The maximum number of requests allowed in a single refresh window.
+    The maximum number of requests allowed per second.
     """
 
     if IS_PYDANTIC_V2:
diff --git a/src/auth0/management/types/phone_template.py b/src/auth0/management/types/phone_template.py
index c8aa8c91..26d30a9e 100644
--- a/src/auth0/management/types/phone_template.py
+++ b/src/auth0/management/types/phone_template.py
@@ -9,7 +9,7 @@
 
 
 class PhoneTemplate(UniversalBaseModel):
-    id: str
+    id: typing.Optional[str] = None
     channel: typing.Optional[str] = None
     customizable: typing.Optional[bool] = None
     tenant: typing.Optional[str] = None
diff --git a/src/auth0/management/types/prompt_group_name_enum.py b/src/auth0/management/types/prompt_group_name_enum.py
index 30e32a76..9a304c44 100644
--- a/src/auth0/management/types/prompt_group_name_enum.py
+++ b/src/auth0/management/types/prompt_group_name_enum.py
@@ -40,6 +40,7 @@
         "captcha",
         "brute-force-protection",
         "async-approval-flow",
+        "confirmation",
     ],
     typing.Any,
 ]
diff --git a/src/auth0/management/types/rate_limit_policy_configuration_action.py b/src/auth0/management/types/rate_limit_policy_configuration_action.py
index 159cf1e0..daff62bc 100644
--- a/src/auth0/management/types/rate_limit_policy_configuration_action.py
+++ b/src/auth0/management/types/rate_limit_policy_configuration_action.py
@@ -15,7 +15,7 @@ class RateLimitPolicyConfigurationAction(UniversalBaseModel):
 
     limit: int = pydantic.Field()
     """
-    The maximum number of requests allowed in a single refresh window.
+    The maximum number of requests allowed per second.
     """
 
     redirect_uri: str = pydantic.Field()
diff --git a/src/auth0/management/types/rate_limit_policy_configuration_one.py b/src/auth0/management/types/rate_limit_policy_configuration_one.py
index ed90431e..416fb94f 100644
--- a/src/auth0/management/types/rate_limit_policy_configuration_one.py
+++ b/src/auth0/management/types/rate_limit_policy_configuration_one.py
@@ -15,7 +15,7 @@ class RateLimitPolicyConfigurationOne(UniversalBaseModel):
 
     limit: int = pydantic.Field()
     """
-    The maximum number of requests allowed in a single refresh window.
+    The maximum number of requests allowed per second.
     """
 
     if IS_PYDANTIC_V2:
diff --git a/src/auth0/management/types/reset_phone_template_response_content.py b/src/auth0/management/types/reset_phone_template_response_content.py
index 64e1cf88..7d3b9028 100644
--- a/src/auth0/management/types/reset_phone_template_response_content.py
+++ b/src/auth0/management/types/reset_phone_template_response_content.py
@@ -9,7 +9,7 @@
 
 
 class ResetPhoneTemplateResponseContent(UniversalBaseModel):
-    id: str
+    id: typing.Optional[str] = None
     channel: typing.Optional[str] = None
     customizable: typing.Optional[bool] = None
     tenant: typing.Optional[str] = None
diff --git a/src/auth0/management/types/screen_group_name_enum.py b/src/auth0/management/types/screen_group_name_enum.py
index 1a5722d3..2000828e 100644
--- a/src/auth0/management/types/screen_group_name_enum.py
+++ b/src/auth0/management/types/screen_group_name_enum.py
@@ -92,6 +92,7 @@
         "async-approval-error",
         "async-approval-accepted",
         "async-approval-denied",
+        "confirmation",
         "async-approval-wrong-user",
     ],
     typing.Any,
diff --git a/src/auth0/management/types/tenant_settings_country_codes.py b/src/auth0/management/types/tenant_settings_country_codes.py
new file mode 100644
index 00000000..3549eb09
--- /dev/null
+++ b/src/auth0/management/types/tenant_settings_country_codes.py
@@ -0,0 +1,31 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+import pydantic
+import typing_extensions
+from ..core.pydantic_utilities import IS_PYDANTIC_V2, UniversalBaseModel
+from ..core.serialization import FieldMetadata
+from .tenant_settings_country_codes_mode import TenantSettingsCountryCodesMode
+
+
+class TenantSettingsCountryCodes(UniversalBaseModel):
+    """
+    Phone country code configuration for identifier input.
+    """
+
+    list_: typing_extensions.Annotated[
+        typing.Optional[typing.List[str]],
+        FieldMetadata(alias="list"),
+        pydantic.Field(alias="list", description="Array of ISO 3166-1 alpha-2 country codes."),
+    ] = None
+    mode: typing.Optional[TenantSettingsCountryCodesMode] = None
+
+    if IS_PYDANTIC_V2:
+        model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
+    else:
+
+        class Config:
+            frozen = True
+            smart_union = True
+            extra = pydantic.Extra.allow
diff --git a/src/auth0/management/types/tenant_settings_country_codes_mode.py b/src/auth0/management/types/tenant_settings_country_codes_mode.py
new file mode 100644
index 00000000..c3f1cb10
--- /dev/null
+++ b/src/auth0/management/types/tenant_settings_country_codes_mode.py
@@ -0,0 +1,5 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+TenantSettingsCountryCodesMode = typing.Union[typing.Literal["allow", "deny"], typing.Any]
diff --git a/src/auth0/management/types/tenant_settings_country_codes_mode_response.py b/src/auth0/management/types/tenant_settings_country_codes_mode_response.py
new file mode 100644
index 00000000..ac28c6dc
--- /dev/null
+++ b/src/auth0/management/types/tenant_settings_country_codes_mode_response.py
@@ -0,0 +1,5 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+TenantSettingsCountryCodesModeResponse = typing.Union[typing.Literal["allow", "deny"], typing.Any]
diff --git a/src/auth0/management/types/tenant_settings_country_codes_response.py b/src/auth0/management/types/tenant_settings_country_codes_response.py
new file mode 100644
index 00000000..4b7e9991
--- /dev/null
+++ b/src/auth0/management/types/tenant_settings_country_codes_response.py
@@ -0,0 +1,31 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+import pydantic
+import typing_extensions
+from ..core.pydantic_utilities import IS_PYDANTIC_V2, UniversalBaseModel
+from ..core.serialization import FieldMetadata
+from .tenant_settings_country_codes_mode_response import TenantSettingsCountryCodesModeResponse
+
+
+class TenantSettingsCountryCodesResponse(UniversalBaseModel):
+    """
+    Phone country code configuration for identifier input.
+    """
+
+    list_: typing_extensions.Annotated[
+        typing.Optional[typing.List[str]],
+        FieldMetadata(alias="list"),
+        pydantic.Field(alias="list", description="Array of ISO 3166-1 alpha-2 country codes."),
+    ] = None
+    mode: typing.Optional[TenantSettingsCountryCodesModeResponse] = None
+
+    if IS_PYDANTIC_V2:
+        model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
+    else:
+
+        class Config:
+            frozen = True
+            smart_union = True
+            extra = pydantic.Extra.allow
diff --git a/src/auth0/management/types/tenant_settings_nullable_security_headers.py b/src/auth0/management/types/tenant_settings_nullable_security_headers.py
new file mode 100644
index 00000000..aa6ca1ee
--- /dev/null
+++ b/src/auth0/management/types/tenant_settings_nullable_security_headers.py
@@ -0,0 +1,26 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+import pydantic
+from ..core.pydantic_utilities import IS_PYDANTIC_V2, UniversalBaseModel
+from .content_security_policy_config import ContentSecurityPolicyConfig
+from .xss_protection_config import XssProtectionConfig
+
+
+class TenantSettingsNullableSecurityHeaders(UniversalBaseModel):
+    """
+    Security headers configuration for tenant responses.
+    """
+
+    content_security_policy: typing.Optional[ContentSecurityPolicyConfig] = None
+    x_xss_protection: typing.Optional[XssProtectionConfig] = None
+
+    if IS_PYDANTIC_V2:
+        model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
+    else:
+
+        class Config:
+            frozen = True
+            smart_union = True
+            extra = pydantic.Extra.allow
diff --git a/src/auth0/management/types/update_branding_identifiers.py b/src/auth0/management/types/update_branding_identifiers.py
deleted file mode 100644
index 8fbc199d..00000000
--- a/src/auth0/management/types/update_branding_identifiers.py
+++ /dev/null
@@ -1,31 +0,0 @@
-# This file was auto-generated by Fern from our API Definition.
-
-import typing
-
-import pydantic
-from ..core.pydantic_utilities import IS_PYDANTIC_V2, UniversalBaseModel
-from .update_branding_login_display_enum import UpdateBrandingLoginDisplayEnum
-from .update_branding_phone_display import UpdateBrandingPhoneDisplay
-
-
-class UpdateBrandingIdentifiers(UniversalBaseModel):
-    """
-    Identifier input display settings.
-    """
-
-    login_display: typing.Optional[UpdateBrandingLoginDisplayEnum] = None
-    otp_autocomplete: typing.Optional[bool] = pydantic.Field(default=None)
-    """
-    Whether OTP autocomplete (autocomplete="one-time-code") is enabled.
-    """
-
-    phone_display: typing.Optional[UpdateBrandingPhoneDisplay] = None
-
-    if IS_PYDANTIC_V2:
-        model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
-    else:
-
-        class Config:
-            frozen = True
-            smart_union = True
-            extra = pydantic.Extra.allow
diff --git a/src/auth0/management/types/update_branding_login_display_enum.py b/src/auth0/management/types/update_branding_login_display_enum.py
deleted file mode 100644
index 120b327b..00000000
--- a/src/auth0/management/types/update_branding_login_display_enum.py
+++ /dev/null
@@ -1,5 +0,0 @@
-# This file was auto-generated by Fern from our API Definition.
-
-import typing
-
-UpdateBrandingLoginDisplayEnum = typing.Union[typing.Literal["unified", "separate"], typing.Any]
diff --git a/src/auth0/management/types/update_branding_phone_formatting_enum.py b/src/auth0/management/types/update_branding_phone_formatting_enum.py
deleted file mode 100644
index 49ea43ca..00000000
--- a/src/auth0/management/types/update_branding_phone_formatting_enum.py
+++ /dev/null
@@ -1,5 +0,0 @@
-# This file was auto-generated by Fern from our API Definition.
-
-import typing
-
-UpdateBrandingPhoneFormattingEnum = typing.Union[typing.Literal["regional", "international"], typing.Any]
diff --git a/src/auth0/management/types/update_branding_phone_masking_enum.py b/src/auth0/management/types/update_branding_phone_masking_enum.py
deleted file mode 100644
index 46f9ade9..00000000
--- a/src/auth0/management/types/update_branding_phone_masking_enum.py
+++ /dev/null
@@ -1,7 +0,0 @@
-# This file was auto-generated by Fern from our API Definition.
-
-import typing
-
-UpdateBrandingPhoneMaskingEnum = typing.Union[
-    typing.Literal["show_all", "hide_country_code", "mask_digits"], typing.Any
-]
diff --git a/src/auth0/management/types/update_branding_response_content.py b/src/auth0/management/types/update_branding_response_content.py
index 930647cf..0aa9bd46 100644
--- a/src/auth0/management/types/update_branding_response_content.py
+++ b/src/auth0/management/types/update_branding_response_content.py
@@ -6,7 +6,6 @@
 from ..core.pydantic_utilities import IS_PYDANTIC_V2, UniversalBaseModel
 from .branding_colors import BrandingColors
 from .branding_font import BrandingFont
-from .branding_identifiers import BrandingIdentifiers
 
 
 class UpdateBrandingResponseContent(UniversalBaseModel):
@@ -21,7 +20,6 @@ class UpdateBrandingResponseContent(UniversalBaseModel):
     URL for the logo. Must use HTTPS.
     """
 
-    identifiers: typing.Optional[BrandingIdentifiers] = None
     font: typing.Optional[BrandingFont] = None
 
     if IS_PYDANTIC_V2:
diff --git a/src/auth0/management/types/update_connection_options.py b/src/auth0/management/types/update_connection_options.py
index c72129db..0e8d0312 100644
--- a/src/auth0/management/types/update_connection_options.py
+++ b/src/auth0/management/types/update_connection_options.py
@@ -13,6 +13,7 @@
 from .connection_dpop_signing_alg_enum import ConnectionDpopSigningAlgEnum
 from .connection_federated_connections_access_tokens import ConnectionFederatedConnectionsAccessTokens
 from .connection_gateway_authentication import ConnectionGatewayAuthentication
+from .connection_id_token_session_expiry_supported import ConnectionIdTokenSessionExpirySupported
 from .connection_id_token_signed_response_algs import ConnectionIdTokenSignedResponseAlgs
 from .connection_identifier_precedence_enum import ConnectionIdentifierPrecedenceEnum
 from .connection_passkey_options import ConnectionPasskeyOptions
@@ -104,6 +105,7 @@ class UpdateConnectionOptions(UniversalBaseModel):
     token_endpoint_auth_method: typing.Optional[ConnectionTokenEndpointAuthMethodEnum] = None
     token_endpoint_auth_signing_alg: typing.Optional[ConnectionTokenEndpointAuthSigningAlgEnum] = None
     token_endpoint_jwtca_aud_format: typing.Optional[ConnectionTokenEndpointJwtcaAudFormatEnumOidc] = None
+    id_token_session_expiry_supported: typing.Optional[ConnectionIdTokenSessionExpirySupported] = None
 
     if IS_PYDANTIC_V2:
         model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
diff --git a/src/auth0/management/types/update_phone_template_response_content.py b/src/auth0/management/types/update_phone_template_response_content.py
index a216caea..5c4efde8 100644
--- a/src/auth0/management/types/update_phone_template_response_content.py
+++ b/src/auth0/management/types/update_phone_template_response_content.py
@@ -9,7 +9,7 @@
 
 
 class UpdatePhoneTemplateResponseContent(UniversalBaseModel):
-    id: str
+    id: typing.Optional[str] = None
     channel: typing.Optional[str] = None
     customizable: typing.Optional[bool] = None
     tenant: typing.Optional[str] = None
diff --git a/src/auth0/management/types/update_tenant_settings_response_content.py b/src/auth0/management/types/update_tenant_settings_response_content.py
index a6d8a35e..c518cbec 100644
--- a/src/auth0/management/types/update_tenant_settings_response_content.py
+++ b/src/auth0/management/types/update_tenant_settings_response_content.py
@@ -8,6 +8,7 @@
 from .session_cookie_schema import SessionCookieSchema
 from .supported_locales import SupportedLocales
 from .tenant_oidc_logout_settings import TenantOidcLogoutSettings
+from .tenant_settings_country_codes_response import TenantSettingsCountryCodesResponse
 from .tenant_settings_device_flow import TenantSettingsDeviceFlow
 from .tenant_settings_dynamic_client_registration_security_mode import (
     TenantSettingsDynamicClientRegistrationSecurityMode,
@@ -16,6 +17,7 @@
 from .tenant_settings_flags import TenantSettingsFlags
 from .tenant_settings_guardian_page import TenantSettingsGuardianPage
 from .tenant_settings_mtls import TenantSettingsMtls
+from .tenant_settings_nullable_security_headers import TenantSettingsNullableSecurityHeaders
 from .tenant_settings_password_page import TenantSettingsPasswordPage
 from .tenant_settings_resource_parameter_profile import TenantSettingsResourceParameterProfile
 from .tenant_settings_sessions import TenantSettingsSessions
@@ -108,6 +110,7 @@ class UpdateTenantSettingsResponseContent(UniversalBaseModel):
     Supported locales for the user interface.
     """
 
+    security_headers: typing.Optional[TenantSettingsNullableSecurityHeaders] = None
     session_cookie: typing.Optional[SessionCookieSchema] = None
     sessions: typing.Optional[TenantSettingsSessions] = None
     oidc_logout: typing.Optional[TenantOidcLogoutSettings] = None
@@ -160,9 +163,15 @@ class UpdateTenantSettingsResponseContent(UniversalBaseModel):
     Whether Auth0 Guide (AI-powered assistance) is enabled for this tenant.
     """
 
+    include_session_metadata_in_tenant_logs: typing.Optional[bool] = pydantic.Field(default=None)
+    """
+    Whether session metadata is included in specific tenant logs (slo, oidc_backchannel_logout_failed, oidc_backchannel_logout_succeeded).
+    """
+
     dynamic_client_registration_security_mode: typing.Optional[TenantSettingsDynamicClientRegistrationSecurityMode] = (
         None
     )
+    country_codes: typing.Optional[TenantSettingsCountryCodesResponse] = None
 
     if IS_PYDANTIC_V2:
         model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
diff --git a/src/auth0/management/types/xss_protection_config.py b/src/auth0/management/types/xss_protection_config.py
new file mode 100644
index 00000000..c4027db2
--- /dev/null
+++ b/src/auth0/management/types/xss_protection_config.py
@@ -0,0 +1,33 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+import pydantic
+from ..core.pydantic_utilities import IS_PYDANTIC_V2, UniversalBaseModel
+from .xss_protection_mode import XssProtectionMode
+
+
+class XssProtectionConfig(UniversalBaseModel):
+    """
+    X-XSS-Protection header configuration (deprecated header, use CSP instead).
+    """
+
+    enabled: typing.Optional[bool] = pydantic.Field(default=None)
+    """
+    Whether X-XSS-Protection header is enabled.
+    """
+
+    mode: typing.Optional[XssProtectionMode] = None
+    report_uri: typing.Optional[str] = pydantic.Field(default=None)
+    """
+    HTTPS endpoint for X-XSS-Protection violation reports.
+    """
+
+    if IS_PYDANTIC_V2:
+        model_config: typing.ClassVar[pydantic.ConfigDict] = pydantic.ConfigDict(extra="allow", frozen=True)  # type: ignore # Pydantic v2
+    else:
+
+        class Config:
+            frozen = True
+            smart_union = True
+            extra = pydantic.Extra.allow
diff --git a/src/auth0/management/types/xss_protection_mode.py b/src/auth0/management/types/xss_protection_mode.py
new file mode 100644
index 00000000..fea7bd49
--- /dev/null
+++ b/src/auth0/management/types/xss_protection_mode.py
@@ -0,0 +1,5 @@
+# This file was auto-generated by Fern from our API Definition.
+
+import typing
+
+XssProtectionMode = typing.Union[typing.Literal["block"], typing.Any]
diff --git a/src/auth0/management/user_blocks/client.py b/src/auth0/management/user_blocks/client.py
index 4cf1f59a..8c336b8e 100644
--- a/src/auth0/management/user_blocks/client.py
+++ b/src/auth0/management/user_blocks/client.py
@@ -32,7 +32,7 @@ def list_by_identifier(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> ListUserBlocksByIdentifierResponseContent:
         """
-        Retrieve details of all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for a user with the given identifier (username, phone number, or email).
+        Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for a user with the given identifier (username, phone number, or email).
 
         Parameters
         ----------
@@ -74,9 +74,9 @@ def list_by_identifier(
 
     def delete_by_identifier(self, *, identifier: str, request_options: typing.Optional[RequestOptions] = None) -> None:
         """
-        Remove all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given identifier (username, phone number, or email).
+        Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given identifier (username, phone number, or email).
 
-        Note: This endpoint does not unblock users that were <a href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</a>.
+        Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
 
         Parameters
         ----------
@@ -112,7 +112,7 @@ def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> ListUserBlocksResponseContent:
         """
-        Retrieve details of all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given ID.
+        Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
 
         Parameters
         ----------
@@ -152,9 +152,9 @@ def list(
 
     def delete(self, id: str, *, request_options: typing.Optional[RequestOptions] = None) -> None:
         """
-        Remove all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given ID.
+        Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
 
-        Note: This endpoint does not unblock users that were <a href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</a>.
+        Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
 
         Parameters
         ----------
@@ -206,7 +206,7 @@ async def list_by_identifier(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> ListUserBlocksByIdentifierResponseContent:
         """
-        Retrieve details of all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for a user with the given identifier (username, phone number, or email).
+        Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for a user with the given identifier (username, phone number, or email).
 
         Parameters
         ----------
@@ -258,9 +258,9 @@ async def delete_by_identifier(
         self, *, identifier: str, request_options: typing.Optional[RequestOptions] = None
     ) -> None:
         """
-        Remove all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given identifier (username, phone number, or email).
+        Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given identifier (username, phone number, or email).
 
-        Note: This endpoint does not unblock users that were <a href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</a>.
+        Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
 
         Parameters
         ----------
@@ -304,7 +304,7 @@ async def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> ListUserBlocksResponseContent:
         """
-        Retrieve details of all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given ID.
+        Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
 
         Parameters
         ----------
@@ -352,9 +352,9 @@ async def main() -> None:
 
     async def delete(self, id: str, *, request_options: typing.Optional[RequestOptions] = None) -> None:
         """
-        Remove all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given ID.
+        Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
 
-        Note: This endpoint does not unblock users that were <a href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</a>.
+        Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
 
         Parameters
         ----------
diff --git a/src/auth0/management/user_blocks/raw_client.py b/src/auth0/management/user_blocks/raw_client.py
index 24a34c34..4d2cb80f 100644
--- a/src/auth0/management/user_blocks/raw_client.py
+++ b/src/auth0/management/user_blocks/raw_client.py
@@ -32,7 +32,7 @@ def list_by_identifier(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[ListUserBlocksByIdentifierResponseContent]:
         """
-        Retrieve details of all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for a user with the given identifier (username, phone number, or email).
+        Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for a user with the given identifier (username, phone number, or email).
 
         Parameters
         ----------
@@ -129,9 +129,9 @@ def delete_by_identifier(
         self, *, identifier: str, request_options: typing.Optional[RequestOptions] = None
     ) -> HttpResponse[None]:
         """
-        Remove all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given identifier (username, phone number, or email).
+        Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given identifier (username, phone number, or email).
 
-        Note: This endpoint does not unblock users that were <a href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</a>.
+        Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
 
         Parameters
         ----------
@@ -217,7 +217,7 @@ def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> HttpResponse[ListUserBlocksResponseContent]:
         """
-        Retrieve details of all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given ID.
+        Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
 
         Parameters
         ----------
@@ -322,9 +322,9 @@ def list(
 
     def delete(self, id: str, *, request_options: typing.Optional[RequestOptions] = None) -> HttpResponse[None]:
         """
-        Remove all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given ID.
+        Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
 
-        Note: This endpoint does not unblock users that were <a href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</a>.
+        Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
 
         Parameters
         ----------
@@ -423,7 +423,7 @@ async def list_by_identifier(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[ListUserBlocksByIdentifierResponseContent]:
         """
-        Retrieve details of all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for a user with the given identifier (username, phone number, or email).
+        Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for a user with the given identifier (username, phone number, or email).
 
         Parameters
         ----------
@@ -520,9 +520,9 @@ async def delete_by_identifier(
         self, *, identifier: str, request_options: typing.Optional[RequestOptions] = None
     ) -> AsyncHttpResponse[None]:
         """
-        Remove all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given identifier (username, phone number, or email).
+        Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given identifier (username, phone number, or email).
 
-        Note: This endpoint does not unblock users that were <a href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</a>.
+        Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
 
         Parameters
         ----------
@@ -608,7 +608,7 @@ async def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncHttpResponse[ListUserBlocksResponseContent]:
         """
-        Retrieve details of all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given ID.
+        Retrieve details of all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
 
         Parameters
         ----------
@@ -715,9 +715,9 @@ async def delete(
         self, id: str, *, request_options: typing.Optional[RequestOptions] = None
     ) -> AsyncHttpResponse[None]:
         """
-        Remove all <a href="https://auth0.com/docs/secure/attack-protection/brute-force-protection">Brute-force Protection</a> blocks for the user with the given ID.
+        Remove all [Brute-force Protection](https://auth0.com/docs/secure/attack-protection/brute-force-protection) blocks for the user with the given ID.
 
-        Note: This endpoint does not unblock users that were <a href="https://auth0.com/docs/user-profile#block-and-unblock-a-user">blocked by a tenant administrator</a>.
+        Note: This endpoint does not unblock users that were [blocked by a tenant administrator](https://auth0.com/docs/user-profile#block-and-unblock-a-user).
 
         Parameters
         ----------
diff --git a/src/auth0/management/user_grants/client.py b/src/auth0/management/user_grants/client.py
index e9e09601..b6b96f52 100644
--- a/src/auth0/management/user_grants/client.py
+++ b/src/auth0/management/user_grants/client.py
@@ -37,7 +37,7 @@ def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> SyncPager[UserGrant, ListUserGrantsOffsetPaginatedResponseContent]:
         """
-        Retrieve the <a href="https://auth0.com/docs/api-auth/which-oauth-flow-to-use">grants</a> associated with your account.
+        Retrieve the [grants](https://auth0.com/docs/api-auth/which-oauth-flow-to-use) associated with your account.
 
         Parameters
         ----------
@@ -186,7 +186,7 @@ async def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncPager[UserGrant, ListUserGrantsOffsetPaginatedResponseContent]:
         """
-        Retrieve the <a href="https://auth0.com/docs/api-auth/which-oauth-flow-to-use">grants</a> associated with your account.
+        Retrieve the [grants](https://auth0.com/docs/api-auth/which-oauth-flow-to-use) associated with your account.
 
         Parameters
         ----------
diff --git a/src/auth0/management/user_grants/raw_client.py b/src/auth0/management/user_grants/raw_client.py
index d8fbf6a1..8c2d713f 100644
--- a/src/auth0/management/user_grants/raw_client.py
+++ b/src/auth0/management/user_grants/raw_client.py
@@ -35,7 +35,7 @@ def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> SyncPager[UserGrant, ListUserGrantsOffsetPaginatedResponseContent]:
         """
-        Retrieve the <a href="https://auth0.com/docs/api-auth/which-oauth-flow-to-use">grants</a> associated with your account.
+        Retrieve the [grants](https://auth0.com/docs/api-auth/which-oauth-flow-to-use) associated with your account.
 
         Parameters
         ----------
@@ -297,7 +297,7 @@ async def list(
         request_options: typing.Optional[RequestOptions] = None,
     ) -> AsyncPager[UserGrant, ListUserGrantsOffsetPaginatedResponseContent]:
         """
-        Retrieve the <a href="https://auth0.com/docs/api-auth/which-oauth-flow-to-use">grants</a> associated with your account.
+        Retrieve the [grants](https://auth0.com/docs/api-auth/which-oauth-flow-to-use) associated with your account.
 
         Parameters
         ----------
diff --git a/src/auth0/management/users/effective_roles/raw_client.py b/src/auth0/management/users/effective_roles/raw_client.py
index 2afa42c1..c3f6e378 100644
--- a/src/auth0/management/users/effective_roles/raw_client.py
+++ b/src/auth0/management/users/effective_roles/raw_client.py
@@ -12,6 +12,7 @@
 from ...core.request_options import RequestOptions
 from ...errors.bad_request_error import BadRequestError
 from ...errors.forbidden_error import ForbiddenError
+from ...errors.not_found_error import NotFoundError
 from ...errors.too_many_requests_error import TooManyRequestsError
 from ...errors.unauthorized_error import UnauthorizedError
 from ...types.list_user_effective_roles_response_content import ListUserEffectiveRolesResponseContent
@@ -114,6 +115,17 @@ def list(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -233,6 +245,17 @@ async def _get_next():
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/users/effective_roles/sources/groups/raw_client.py b/src/auth0/management/users/effective_roles/sources/groups/raw_client.py
index 9689408e..2dd6c39a 100644
--- a/src/auth0/management/users/effective_roles/sources/groups/raw_client.py
+++ b/src/auth0/management/users/effective_roles/sources/groups/raw_client.py
@@ -12,6 +12,7 @@
 from .....core.request_options import RequestOptions
 from .....errors.bad_request_error import BadRequestError
 from .....errors.forbidden_error import ForbiddenError
+from .....errors.not_found_error import NotFoundError
 from .....errors.too_many_requests_error import TooManyRequestsError
 from .....errors.unauthorized_error import UnauthorizedError
 from .....types.group import Group
@@ -120,6 +121,17 @@ def list(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -245,6 +257,17 @@ async def _get_next():
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/src/auth0/management/users/groups/raw_client.py b/src/auth0/management/users/groups/raw_client.py
index 0811220f..784f9a45 100644
--- a/src/auth0/management/users/groups/raw_client.py
+++ b/src/auth0/management/users/groups/raw_client.py
@@ -12,6 +12,7 @@
 from ...core.request_options import RequestOptions
 from ...errors.bad_request_error import BadRequestError
 from ...errors.forbidden_error import ForbiddenError
+from ...errors.not_found_error import NotFoundError
 from ...errors.too_many_requests_error import TooManyRequestsError
 from ...errors.unauthorized_error import UnauthorizedError
 from ...types.get_user_groups_paginated_response_content import GetUserGroupsPaginatedResponseContent
@@ -126,6 +127,17 @@ def get(
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
@@ -257,6 +269,17 @@ async def _get_next():
                         ),
                     ),
                 )
+            if _response.status_code == 404:
+                raise NotFoundError(
+                    headers=dict(_response.headers),
+                    body=typing.cast(
+                        typing.Any,
+                        parse_obj_as(
+                            type_=typing.Any,  # type: ignore
+                            object_=_response.json(),
+                        ),
+                    ),
+                )
             if _response.status_code == 429:
                 raise TooManyRequestsError(
                     headers=dict(_response.headers),
diff --git a/wiremock/wiremock-mappings.json b/wiremock/wiremock-mappings.json
index e8ce3de0..6f440065 100644
--- a/wiremock/wiremock-mappings.json
+++ b/wiremock/wiremock-mappings.json
@@ -282,7 +282,7 @@
       },
       "response": {
         "status": 200,
-        "body": "{\n  \"colors\": {\n    \"primary\": \"primary\",\n    \"page_background\": \"page_background\"\n  },\n  \"favicon_url\": \"favicon_url\",\n  \"logo_url\": \"logo_url\",\n  \"identifiers\": {\n    \"login_display\": \"unified\",\n    \"otp_autocomplete\": true,\n    \"phone_display\": {\n      \"masking\": \"show_all\",\n      \"formatting\": \"regional\"\n    }\n  },\n  \"font\": {\n    \"url\": \"url\"\n  }\n}",
+        "body": "{\n  \"colors\": {\n    \"primary\": \"primary\",\n    \"page_background\": \"page_background\"\n  },\n  \"favicon_url\": \"favicon_url\",\n  \"logo_url\": \"logo_url\",\n  \"font\": {\n    \"url\": \"url\"\n  }\n}",
         "headers": {
           "Content-Type": "application/json"
         }
@@ -314,7 +314,7 @@
       },
       "response": {
         "status": 200,
-        "body": "{\n  \"colors\": {\n    \"primary\": \"primary\",\n    \"page_background\": \"page_background\"\n  },\n  \"favicon_url\": \"favicon_url\",\n  \"logo_url\": \"logo_url\",\n  \"identifiers\": {\n    \"login_display\": \"unified\",\n    \"otp_autocomplete\": true,\n    \"phone_display\": {\n      \"masking\": \"show_all\",\n      \"formatting\": \"regional\"\n    }\n  },\n  \"font\": {\n    \"url\": \"url\"\n  }\n}",
+        "body": "{\n  \"colors\": {\n    \"primary\": \"primary\",\n    \"page_background\": \"page_background\"\n  },\n  \"favicon_url\": \"favicon_url\",\n  \"logo_url\": \"logo_url\",\n  \"font\": {\n    \"url\": \"url\"\n  }\n}",
         "headers": {
           "Content-Type": "application/json"
         }
@@ -603,7 +603,7 @@
       },
       "response": {
         "status": 201,
-        "body": "{\n  \"client_id\": \"client_id\",\n  \"tenant\": \"tenant\",\n  \"name\": \"name\",\n  \"description\": \"description\",\n  \"global\": true,\n  \"client_secret\": \"client_secret\",\n  \"app_type\": \"native\",\n  \"logo_uri\": \"logo_uri\",\n  \"is_first_party\": true,\n  \"oidc_conformant\": true,\n  \"callbacks\": [\n    \"callbacks\"\n  ],\n  \"allowed_origins\": [\n    \"allowed_origins\"\n  ],\n  \"web_origins\": [\n    \"web_origins\"\n  ],\n  \"client_aliases\": [\n    \"client_aliases\"\n  ],\n  \"allowed_clients\": [\n    \"allowed_clients\"\n  ],\n  \"allowed_logout_urls\": [\n    \"allowed_logout_urls\"\n  ],\n  \"session_transfer\": {\n    \"can_create_session_transfer_token\": true,\n    \"enforce_cascade_revocation\": true,\n    \"allowed_authentication_methods\": [\n      \"cookie\"\n    ],\n    \"enforce_device_binding\": \"ip\",\n    \"allow_refresh_token\": true,\n    \"enforce_online_refresh_tokens\": true,\n    \"delegation\": {\n      \"allow_delegated_access\": true,\n      \"enforce_device_binding\": \"ip\"\n    }\n  },\n  \"oidc_logout\": {\n    \"backchannel_logout_urls\": [\n      \"backchannel_logout_urls\"\n    ],\n    \"backchannel_logout_initiators\": {\n      \"mode\": \"custom\",\n      \"selected_initiators\": [\n        \"rp-logout\"\n      ]\n    },\n    \"backchannel_logout_session_metadata\": {\n      \"include\": true\n    }\n  },\n  \"grant_types\": [\n    \"grant_types\"\n  ],\n  \"jwt_configuration\": {\n    \"lifetime_in_seconds\": 1,\n    \"secret_encoded\": true,\n    \"scopes\": {\n      \"key\": \"value\"\n    },\n    \"alg\": \"HS256\"\n  },\n  \"signing_keys\": [\n    {\n      \"pkcs7\": \"pkcs7\",\n      \"cert\": \"cert\",\n      \"subject\": \"subject\"\n    }\n  ],\n  \"encryption_key\": {\n    \"pub\": \"pub\",\n    \"cert\": \"cert\",\n    \"subject\": \"subject\"\n  },\n  \"sso\": true,\n  \"sso_disabled\": true,\n  \"cross_origin_authentication\": true,\n  \"cross_origin_loc\": \"cross_origin_loc\",\n  \"custom_login_page_on\": true,\n  \"custom_login_page\": \"custom_login_page\",\n  \"custom_login_page_preview\": \"custom_login_page_preview\",\n  \"form_template\": \"form_template\",\n  \"addons\": {\n    \"aws\": {\n      \"principal\": \"principal\",\n      \"role\": \"role\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"azure_blob\": {\n      \"accountName\": \"accountName\",\n      \"storageAccessKey\": \"storageAccessKey\",\n      \"containerName\": \"containerName\",\n      \"blobName\": \"blobName\",\n      \"expiration\": 1,\n      \"signedIdentifier\": \"signedIdentifier\",\n      \"blob_read\": true,\n      \"blob_write\": true,\n      \"blob_delete\": true,\n      \"container_read\": true,\n      \"container_write\": true,\n      \"container_delete\": true,\n      \"container_list\": true\n    },\n    \"azure_sb\": {\n      \"namespace\": \"namespace\",\n      \"sasKeyName\": \"sasKeyName\",\n      \"sasKey\": \"sasKey\",\n      \"entityPath\": \"entityPath\",\n      \"expiration\": 1\n    },\n    \"rms\": {\n      \"url\": \"url\"\n    },\n    \"mscrm\": {\n      \"url\": \"url\"\n    },\n    \"slack\": {\n      \"team\": \"team\"\n    },\n    \"sentry\": {\n      \"org_slug\": \"org_slug\",\n      \"base_url\": \"base_url\"\n    },\n    \"box\": {\n      \"key\": \"value\"\n    },\n    \"cloudbees\": {\n      \"key\": \"value\"\n    },\n    \"concur\": {\n      \"key\": \"value\"\n    },\n    \"dropbox\": {\n      \"key\": \"value\"\n    },\n    \"echosign\": {\n      \"domain\": \"domain\"\n    },\n    \"egnyte\": {\n      \"domain\": \"domain\"\n    },\n    \"firebase\": {\n      \"secret\": \"secret\",\n      \"private_key_id\": \"private_key_id\",\n      \"private_key\": \"private_key\",\n      \"client_email\": \"client_email\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"newrelic\": {\n      \"account\": \"account\"\n    },\n    \"office365\": {\n      \"domain\": \"domain\",\n      \"connection\": \"connection\"\n    },\n    \"salesforce\": {\n      \"entity_id\": \"entity_id\"\n    },\n    \"salesforce_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"salesforce_sandbox_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"samlp\": {\n      \"mappings\": {\n        \"key\": \"value\"\n      },\n      \"audience\": \"audience\",\n      \"recipient\": \"recipient\",\n      \"createUpnClaim\": true,\n      \"mapUnknownClaimsAsIs\": true,\n      \"passthroughClaimsWithNoMapping\": true,\n      \"mapIdentities\": true,\n      \"signatureAlgorithm\": \"signatureAlgorithm\",\n      \"digestAlgorithm\": \"digestAlgorithm\",\n      \"issuer\": \"issuer\",\n      \"destination\": \"destination\",\n      \"lifetimeInSeconds\": 1,\n      \"signResponse\": true,\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\",\n      \"nameIdentifierProbes\": [\n        \"nameIdentifierProbes\"\n      ],\n      \"authnContextClassRef\": \"authnContextClassRef\"\n    },\n    \"layer\": {\n      \"providerId\": \"providerId\",\n      \"keyId\": \"keyId\",\n      \"privateKey\": \"privateKey\",\n      \"principal\": \"principal\",\n      \"expiration\": 1\n    },\n    \"sap_api\": {\n      \"clientid\": \"clientid\",\n      \"usernameAttribute\": \"usernameAttribute\",\n      \"tokenEndpointUrl\": \"tokenEndpointUrl\",\n      \"scope\": \"scope\",\n      \"servicePassword\": \"servicePassword\",\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\"\n    },\n    \"sharepoint\": {\n      \"url\": \"url\",\n      \"external_url\": [\n        \"external_url\"\n      ]\n    },\n    \"springcm\": {\n      \"acsurl\": \"acsurl\"\n    },\n    \"wams\": {\n      \"masterkey\": \"masterkey\"\n    },\n    \"wsfed\": {\n      \"key\": \"value\"\n    },\n    \"zendesk\": {\n      \"accountName\": \"accountName\"\n    },\n    \"zoom\": {\n      \"account\": \"account\"\n    },\n    \"sso_integration\": {\n      \"name\": \"name\",\n      \"version\": \"version\"\n    }\n  },\n  \"token_endpoint_auth_method\": \"none\",\n  \"is_token_endpoint_ip_header_trusted\": true,\n  \"client_metadata\": {\n    \"key\": \"value\"\n  },\n  \"mobile\": {\n    \"android\": {\n      \"app_package_name\": \"app_package_name\",\n      \"sha256_cert_fingerprints\": [\n        \"sha256_cert_fingerprints\"\n      ]\n    },\n    \"ios\": {\n      \"team_id\": \"team_id\",\n      \"app_bundle_identifier\": \"app_bundle_identifier\"\n    }\n  },\n  \"initiate_login_uri\": \"initiate_login_uri\",\n  \"refresh_token\": {\n    \"rotation_type\": \"rotating\",\n    \"expiration_type\": \"expiring\",\n    \"leeway\": 1,\n    \"token_lifetime\": 1,\n    \"infinite_token_lifetime\": true,\n    \"idle_token_lifetime\": 1,\n    \"infinite_idle_token_lifetime\": true,\n    \"policies\": [\n      {\n        \"audience\": \"audience\",\n        \"scope\": [\n          \"scope\"\n        ]\n      }\n    ]\n  },\n  \"default_organization\": {\n    \"organization_id\": \"organization_id\",\n    \"flows\": [\n      \"client_credentials\"\n    ]\n  },\n  \"organization_usage\": \"deny\",\n  \"organization_require_behavior\": \"no_prompt\",\n  \"organization_discovery_methods\": [\n    \"email\"\n  ],\n  \"client_authentication_methods\": {\n    \"private_key_jwt\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"self_signed_tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    }\n  },\n  \"require_pushed_authorization_requests\": true,\n  \"require_proof_of_possession\": true,\n  \"signed_request_object\": {\n    \"required\": true,\n    \"credentials\": [\n      {\n        \"id\": \"id\"\n      }\n    ]\n  },\n  \"compliance_level\": \"none\",\n  \"skip_non_verifiable_callback_uri_confirmation_prompt\": true,\n  \"token_exchange\": {\n    \"allow_any_profile_of_type\": [\n      \"custom_authentication\"\n    ]\n  },\n  \"par_request_expiry\": 1,\n  \"token_quota\": {\n    \"client_credentials\": {\n      \"enforce\": true,\n      \"per_day\": 1,\n      \"per_hour\": 1\n    }\n  },\n  \"express_configuration\": {\n    \"initiate_login_uri_template\": \"initiate_login_uri_template\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"enable_client\": true,\n    \"enable_organization\": true,\n    \"linked_clients\": [\n      {\n        \"client_id\": \"client_id\"\n      }\n    ],\n    \"okta_oin_client_id\": \"okta_oin_client_id\",\n    \"admin_login_domain\": \"admin_login_domain\",\n    \"oin_submission_id\": \"oin_submission_id\"\n  },\n  \"my_organization_configuration\": {\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"allowed_strategies\": [\n      \"pingfederate\"\n    ],\n    \"connection_deletion_behavior\": \"allow\"\n  },\n  \"third_party_security_mode\": \"strict\",\n  \"redirection_policy\": \"allow_always\",\n  \"resource_server_identifier\": \"resource_server_identifier\",\n  \"async_approval_notification_channels\": [\n    \"guardian-push\"\n  ],\n  \"external_metadata_type\": \"cimd\",\n  \"external_metadata_created_by\": \"admin\",\n  \"external_client_id\": \"external_client_id\",\n  \"jwks_uri\": \"jwks_uri\"\n}",
+        "body": "{\n  \"client_id\": \"client_id\",\n  \"tenant\": \"tenant\",\n  \"name\": \"name\",\n  \"description\": \"description\",\n  \"global\": true,\n  \"client_secret\": \"client_secret\",\n  \"app_type\": \"native\",\n  \"logo_uri\": \"logo_uri\",\n  \"is_first_party\": true,\n  \"oidc_conformant\": true,\n  \"callbacks\": [\n    \"callbacks\"\n  ],\n  \"allowed_origins\": [\n    \"allowed_origins\"\n  ],\n  \"web_origins\": [\n    \"web_origins\"\n  ],\n  \"client_aliases\": [\n    \"client_aliases\"\n  ],\n  \"allowed_clients\": [\n    \"allowed_clients\"\n  ],\n  \"allowed_logout_urls\": [\n    \"allowed_logout_urls\"\n  ],\n  \"session_transfer\": {\n    \"can_create_session_transfer_token\": true,\n    \"enforce_cascade_revocation\": true,\n    \"allowed_authentication_methods\": [\n      \"cookie\"\n    ],\n    \"enforce_device_binding\": \"ip\",\n    \"allow_refresh_token\": true,\n    \"enforce_online_refresh_tokens\": true,\n    \"delegation\": {\n      \"allow_delegated_access\": true,\n      \"enforce_device_binding\": \"ip\"\n    }\n  },\n  \"oidc_logout\": {\n    \"backchannel_logout_urls\": [\n      \"backchannel_logout_urls\"\n    ],\n    \"backchannel_logout_initiators\": {\n      \"mode\": \"custom\",\n      \"selected_initiators\": [\n        \"rp-logout\"\n      ]\n    },\n    \"backchannel_logout_session_metadata\": {\n      \"include\": true\n    }\n  },\n  \"grant_types\": [\n    \"grant_types\"\n  ],\n  \"jwt_configuration\": {\n    \"lifetime_in_seconds\": 1,\n    \"secret_encoded\": true,\n    \"scopes\": {\n      \"key\": \"value\"\n    },\n    \"alg\": \"HS256\"\n  },\n  \"signing_keys\": [\n    {\n      \"pkcs7\": \"pkcs7\",\n      \"cert\": \"cert\",\n      \"subject\": \"subject\"\n    }\n  ],\n  \"encryption_key\": {\n    \"pub\": \"pub\",\n    \"cert\": \"cert\",\n    \"subject\": \"subject\"\n  },\n  \"sso\": true,\n  \"sso_disabled\": true,\n  \"cross_origin_authentication\": true,\n  \"cross_origin_loc\": \"cross_origin_loc\",\n  \"custom_login_page_on\": true,\n  \"custom_login_page\": \"custom_login_page\",\n  \"custom_login_page_preview\": \"custom_login_page_preview\",\n  \"form_template\": \"form_template\",\n  \"addons\": {\n    \"aws\": {\n      \"principal\": \"principal\",\n      \"role\": \"role\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"azure_blob\": {\n      \"accountName\": \"accountName\",\n      \"storageAccessKey\": \"storageAccessKey\",\n      \"containerName\": \"containerName\",\n      \"blobName\": \"blobName\",\n      \"expiration\": 1,\n      \"signedIdentifier\": \"signedIdentifier\",\n      \"blob_read\": true,\n      \"blob_write\": true,\n      \"blob_delete\": true,\n      \"container_read\": true,\n      \"container_write\": true,\n      \"container_delete\": true,\n      \"container_list\": true\n    },\n    \"azure_sb\": {\n      \"namespace\": \"namespace\",\n      \"sasKeyName\": \"sasKeyName\",\n      \"sasKey\": \"sasKey\",\n      \"entityPath\": \"entityPath\",\n      \"expiration\": 1\n    },\n    \"rms\": {\n      \"url\": \"url\"\n    },\n    \"mscrm\": {\n      \"url\": \"url\"\n    },\n    \"slack\": {\n      \"team\": \"team\"\n    },\n    \"sentry\": {\n      \"org_slug\": \"org_slug\",\n      \"base_url\": \"base_url\"\n    },\n    \"box\": {\n      \"key\": \"value\"\n    },\n    \"cloudbees\": {\n      \"key\": \"value\"\n    },\n    \"concur\": {\n      \"key\": \"value\"\n    },\n    \"dropbox\": {\n      \"key\": \"value\"\n    },\n    \"echosign\": {\n      \"domain\": \"domain\"\n    },\n    \"egnyte\": {\n      \"domain\": \"domain\"\n    },\n    \"firebase\": {\n      \"secret\": \"secret\",\n      \"private_key_id\": \"private_key_id\",\n      \"private_key\": \"private_key\",\n      \"client_email\": \"client_email\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"newrelic\": {\n      \"account\": \"account\"\n    },\n    \"office365\": {\n      \"domain\": \"domain\",\n      \"connection\": \"connection\"\n    },\n    \"salesforce\": {\n      \"entity_id\": \"entity_id\"\n    },\n    \"salesforce_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"salesforce_sandbox_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"samlp\": {\n      \"mappings\": {\n        \"key\": \"value\"\n      },\n      \"audience\": \"audience\",\n      \"recipient\": \"recipient\",\n      \"createUpnClaim\": true,\n      \"mapUnknownClaimsAsIs\": true,\n      \"passthroughClaimsWithNoMapping\": true,\n      \"mapIdentities\": true,\n      \"signatureAlgorithm\": \"signatureAlgorithm\",\n      \"digestAlgorithm\": \"digestAlgorithm\",\n      \"issuer\": \"issuer\",\n      \"destination\": \"destination\",\n      \"lifetimeInSeconds\": 1,\n      \"signResponse\": true,\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\",\n      \"nameIdentifierProbes\": [\n        \"nameIdentifierProbes\"\n      ],\n      \"authnContextClassRef\": \"authnContextClassRef\"\n    },\n    \"layer\": {\n      \"providerId\": \"providerId\",\n      \"keyId\": \"keyId\",\n      \"privateKey\": \"privateKey\",\n      \"principal\": \"principal\",\n      \"expiration\": 1\n    },\n    \"sap_api\": {\n      \"clientid\": \"clientid\",\n      \"usernameAttribute\": \"usernameAttribute\",\n      \"tokenEndpointUrl\": \"tokenEndpointUrl\",\n      \"scope\": \"scope\",\n      \"servicePassword\": \"servicePassword\",\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\"\n    },\n    \"sharepoint\": {\n      \"url\": \"url\",\n      \"external_url\": [\n        \"external_url\"\n      ]\n    },\n    \"springcm\": {\n      \"acsurl\": \"acsurl\"\n    },\n    \"wams\": {\n      \"masterkey\": \"masterkey\"\n    },\n    \"wsfed\": {\n      \"key\": \"value\"\n    },\n    \"zendesk\": {\n      \"accountName\": \"accountName\"\n    },\n    \"zoom\": {\n      \"account\": \"account\"\n    },\n    \"sso_integration\": {\n      \"name\": \"name\",\n      \"version\": \"version\"\n    }\n  },\n  \"token_endpoint_auth_method\": \"none\",\n  \"is_token_endpoint_ip_header_trusted\": true,\n  \"client_metadata\": {\n    \"key\": \"value\"\n  },\n  \"mobile\": {\n    \"android\": {\n      \"app_package_name\": \"app_package_name\",\n      \"sha256_cert_fingerprints\": [\n        \"sha256_cert_fingerprints\"\n      ]\n    },\n    \"ios\": {\n      \"team_id\": \"team_id\",\n      \"app_bundle_identifier\": \"app_bundle_identifier\"\n    }\n  },\n  \"initiate_login_uri\": \"initiate_login_uri\",\n  \"refresh_token\": {\n    \"rotation_type\": \"rotating\",\n    \"expiration_type\": \"expiring\",\n    \"leeway\": 1,\n    \"token_lifetime\": 1,\n    \"infinite_token_lifetime\": true,\n    \"idle_token_lifetime\": 1,\n    \"infinite_idle_token_lifetime\": true,\n    \"policies\": [\n      {\n        \"audience\": \"audience\",\n        \"scope\": [\n          \"scope\"\n        ]\n      }\n    ]\n  },\n  \"default_organization\": {\n    \"organization_id\": \"organization_id\",\n    \"flows\": [\n      \"client_credentials\"\n    ]\n  },\n  \"organization_usage\": \"deny\",\n  \"organization_require_behavior\": \"no_prompt\",\n  \"organization_discovery_methods\": [\n    \"email\"\n  ],\n  \"client_authentication_methods\": {\n    \"private_key_jwt\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"self_signed_tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    }\n  },\n  \"require_pushed_authorization_requests\": true,\n  \"require_proof_of_possession\": true,\n  \"signed_request_object\": {\n    \"required\": true,\n    \"credentials\": [\n      {\n        \"id\": \"id\"\n      }\n    ]\n  },\n  \"compliance_level\": \"none\",\n  \"skip_non_verifiable_callback_uri_confirmation_prompt\": true,\n  \"token_exchange\": {\n    \"allow_any_profile_of_type\": [\n      \"custom_authentication\"\n    ]\n  },\n  \"par_request_expiry\": 1,\n  \"token_quota\": {\n    \"client_credentials\": {\n      \"enforce\": true,\n      \"per_day\": 1,\n      \"per_hour\": 1\n    }\n  },\n  \"express_configuration\": {\n    \"initiate_login_uri_template\": \"initiate_login_uri_template\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"enable_client\": true,\n    \"enable_organization\": true,\n    \"linked_clients\": [\n      {\n        \"client_id\": \"client_id\"\n      }\n    ],\n    \"okta_oin_client_id\": \"okta_oin_client_id\",\n    \"admin_login_domain\": \"admin_login_domain\",\n    \"oin_submission_id\": \"oin_submission_id\"\n  },\n  \"my_organization_configuration\": {\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"allowed_strategies\": [\n      \"pingfederate\"\n    ],\n    \"connection_deletion_behavior\": \"allow\",\n    \"invitation_landing_client_id\": \"invitation_landing_client_id\"\n  },\n  \"third_party_security_mode\": \"strict\",\n  \"redirection_policy\": \"allow_always\",\n  \"resource_server_identifier\": \"resource_server_identifier\",\n  \"async_approval_notification_channels\": [\n    \"guardian-push\"\n  ],\n  \"external_metadata_type\": \"cimd\",\n  \"external_metadata_created_by\": \"admin\",\n  \"external_client_id\": \"external_client_id\",\n  \"jwks_uri\": \"jwks_uri\"\n}",
         "headers": {
           "Content-Type": "application/json"
         }
@@ -709,7 +709,7 @@
       },
       "response": {
         "status": 200,
-        "body": "{\n  \"client_id\": \"client_id\",\n  \"tenant\": \"tenant\",\n  \"name\": \"name\",\n  \"description\": \"description\",\n  \"global\": true,\n  \"client_secret\": \"client_secret\",\n  \"app_type\": \"native\",\n  \"logo_uri\": \"logo_uri\",\n  \"is_first_party\": true,\n  \"oidc_conformant\": true,\n  \"callbacks\": [\n    \"callbacks\"\n  ],\n  \"allowed_origins\": [\n    \"allowed_origins\"\n  ],\n  \"web_origins\": [\n    \"web_origins\"\n  ],\n  \"client_aliases\": [\n    \"client_aliases\"\n  ],\n  \"allowed_clients\": [\n    \"allowed_clients\"\n  ],\n  \"allowed_logout_urls\": [\n    \"allowed_logout_urls\"\n  ],\n  \"session_transfer\": {\n    \"can_create_session_transfer_token\": true,\n    \"enforce_cascade_revocation\": true,\n    \"allowed_authentication_methods\": [\n      \"cookie\"\n    ],\n    \"enforce_device_binding\": \"ip\",\n    \"allow_refresh_token\": true,\n    \"enforce_online_refresh_tokens\": true,\n    \"delegation\": {\n      \"allow_delegated_access\": true,\n      \"enforce_device_binding\": \"ip\"\n    }\n  },\n  \"oidc_logout\": {\n    \"backchannel_logout_urls\": [\n      \"backchannel_logout_urls\"\n    ],\n    \"backchannel_logout_initiators\": {\n      \"mode\": \"custom\",\n      \"selected_initiators\": [\n        \"rp-logout\"\n      ]\n    },\n    \"backchannel_logout_session_metadata\": {\n      \"include\": true\n    }\n  },\n  \"grant_types\": [\n    \"grant_types\"\n  ],\n  \"jwt_configuration\": {\n    \"lifetime_in_seconds\": 1,\n    \"secret_encoded\": true,\n    \"scopes\": {\n      \"key\": \"value\"\n    },\n    \"alg\": \"HS256\"\n  },\n  \"signing_keys\": [\n    {\n      \"pkcs7\": \"pkcs7\",\n      \"cert\": \"cert\",\n      \"subject\": \"subject\"\n    }\n  ],\n  \"encryption_key\": {\n    \"pub\": \"pub\",\n    \"cert\": \"cert\",\n    \"subject\": \"subject\"\n  },\n  \"sso\": true,\n  \"sso_disabled\": true,\n  \"cross_origin_authentication\": true,\n  \"cross_origin_loc\": \"cross_origin_loc\",\n  \"custom_login_page_on\": true,\n  \"custom_login_page\": \"custom_login_page\",\n  \"custom_login_page_preview\": \"custom_login_page_preview\",\n  \"form_template\": \"form_template\",\n  \"addons\": {\n    \"aws\": {\n      \"principal\": \"principal\",\n      \"role\": \"role\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"azure_blob\": {\n      \"accountName\": \"accountName\",\n      \"storageAccessKey\": \"storageAccessKey\",\n      \"containerName\": \"containerName\",\n      \"blobName\": \"blobName\",\n      \"expiration\": 1,\n      \"signedIdentifier\": \"signedIdentifier\",\n      \"blob_read\": true,\n      \"blob_write\": true,\n      \"blob_delete\": true,\n      \"container_read\": true,\n      \"container_write\": true,\n      \"container_delete\": true,\n      \"container_list\": true\n    },\n    \"azure_sb\": {\n      \"namespace\": \"namespace\",\n      \"sasKeyName\": \"sasKeyName\",\n      \"sasKey\": \"sasKey\",\n      \"entityPath\": \"entityPath\",\n      \"expiration\": 1\n    },\n    \"rms\": {\n      \"url\": \"url\"\n    },\n    \"mscrm\": {\n      \"url\": \"url\"\n    },\n    \"slack\": {\n      \"team\": \"team\"\n    },\n    \"sentry\": {\n      \"org_slug\": \"org_slug\",\n      \"base_url\": \"base_url\"\n    },\n    \"box\": {\n      \"key\": \"value\"\n    },\n    \"cloudbees\": {\n      \"key\": \"value\"\n    },\n    \"concur\": {\n      \"key\": \"value\"\n    },\n    \"dropbox\": {\n      \"key\": \"value\"\n    },\n    \"echosign\": {\n      \"domain\": \"domain\"\n    },\n    \"egnyte\": {\n      \"domain\": \"domain\"\n    },\n    \"firebase\": {\n      \"secret\": \"secret\",\n      \"private_key_id\": \"private_key_id\",\n      \"private_key\": \"private_key\",\n      \"client_email\": \"client_email\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"newrelic\": {\n      \"account\": \"account\"\n    },\n    \"office365\": {\n      \"domain\": \"domain\",\n      \"connection\": \"connection\"\n    },\n    \"salesforce\": {\n      \"entity_id\": \"entity_id\"\n    },\n    \"salesforce_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"salesforce_sandbox_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"samlp\": {\n      \"mappings\": {\n        \"key\": \"value\"\n      },\n      \"audience\": \"audience\",\n      \"recipient\": \"recipient\",\n      \"createUpnClaim\": true,\n      \"mapUnknownClaimsAsIs\": true,\n      \"passthroughClaimsWithNoMapping\": true,\n      \"mapIdentities\": true,\n      \"signatureAlgorithm\": \"signatureAlgorithm\",\n      \"digestAlgorithm\": \"digestAlgorithm\",\n      \"issuer\": \"issuer\",\n      \"destination\": \"destination\",\n      \"lifetimeInSeconds\": 1,\n      \"signResponse\": true,\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\",\n      \"nameIdentifierProbes\": [\n        \"nameIdentifierProbes\"\n      ],\n      \"authnContextClassRef\": \"authnContextClassRef\"\n    },\n    \"layer\": {\n      \"providerId\": \"providerId\",\n      \"keyId\": \"keyId\",\n      \"privateKey\": \"privateKey\",\n      \"principal\": \"principal\",\n      \"expiration\": 1\n    },\n    \"sap_api\": {\n      \"clientid\": \"clientid\",\n      \"usernameAttribute\": \"usernameAttribute\",\n      \"tokenEndpointUrl\": \"tokenEndpointUrl\",\n      \"scope\": \"scope\",\n      \"servicePassword\": \"servicePassword\",\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\"\n    },\n    \"sharepoint\": {\n      \"url\": \"url\",\n      \"external_url\": [\n        \"external_url\"\n      ]\n    },\n    \"springcm\": {\n      \"acsurl\": \"acsurl\"\n    },\n    \"wams\": {\n      \"masterkey\": \"masterkey\"\n    },\n    \"wsfed\": {\n      \"key\": \"value\"\n    },\n    \"zendesk\": {\n      \"accountName\": \"accountName\"\n    },\n    \"zoom\": {\n      \"account\": \"account\"\n    },\n    \"sso_integration\": {\n      \"name\": \"name\",\n      \"version\": \"version\"\n    }\n  },\n  \"token_endpoint_auth_method\": \"none\",\n  \"is_token_endpoint_ip_header_trusted\": true,\n  \"client_metadata\": {\n    \"key\": \"value\"\n  },\n  \"mobile\": {\n    \"android\": {\n      \"app_package_name\": \"app_package_name\",\n      \"sha256_cert_fingerprints\": [\n        \"sha256_cert_fingerprints\"\n      ]\n    },\n    \"ios\": {\n      \"team_id\": \"team_id\",\n      \"app_bundle_identifier\": \"app_bundle_identifier\"\n    }\n  },\n  \"initiate_login_uri\": \"initiate_login_uri\",\n  \"refresh_token\": {\n    \"rotation_type\": \"rotating\",\n    \"expiration_type\": \"expiring\",\n    \"leeway\": 1,\n    \"token_lifetime\": 1,\n    \"infinite_token_lifetime\": true,\n    \"idle_token_lifetime\": 1,\n    \"infinite_idle_token_lifetime\": true,\n    \"policies\": [\n      {\n        \"audience\": \"audience\",\n        \"scope\": [\n          \"scope\"\n        ]\n      }\n    ]\n  },\n  \"default_organization\": {\n    \"organization_id\": \"organization_id\",\n    \"flows\": [\n      \"client_credentials\"\n    ]\n  },\n  \"organization_usage\": \"deny\",\n  \"organization_require_behavior\": \"no_prompt\",\n  \"organization_discovery_methods\": [\n    \"email\"\n  ],\n  \"client_authentication_methods\": {\n    \"private_key_jwt\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"self_signed_tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    }\n  },\n  \"require_pushed_authorization_requests\": true,\n  \"require_proof_of_possession\": true,\n  \"signed_request_object\": {\n    \"required\": true,\n    \"credentials\": [\n      {\n        \"id\": \"id\"\n      }\n    ]\n  },\n  \"compliance_level\": \"none\",\n  \"skip_non_verifiable_callback_uri_confirmation_prompt\": true,\n  \"token_exchange\": {\n    \"allow_any_profile_of_type\": [\n      \"custom_authentication\"\n    ]\n  },\n  \"par_request_expiry\": 1,\n  \"token_quota\": {\n    \"client_credentials\": {\n      \"enforce\": true,\n      \"per_day\": 1,\n      \"per_hour\": 1\n    }\n  },\n  \"express_configuration\": {\n    \"initiate_login_uri_template\": \"initiate_login_uri_template\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"enable_client\": true,\n    \"enable_organization\": true,\n    \"linked_clients\": [\n      {\n        \"client_id\": \"client_id\"\n      }\n    ],\n    \"okta_oin_client_id\": \"okta_oin_client_id\",\n    \"admin_login_domain\": \"admin_login_domain\",\n    \"oin_submission_id\": \"oin_submission_id\"\n  },\n  \"my_organization_configuration\": {\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"allowed_strategies\": [\n      \"pingfederate\"\n    ],\n    \"connection_deletion_behavior\": \"allow\"\n  },\n  \"third_party_security_mode\": \"strict\",\n  \"redirection_policy\": \"allow_always\",\n  \"resource_server_identifier\": \"resource_server_identifier\",\n  \"async_approval_notification_channels\": [\n    \"guardian-push\"\n  ],\n  \"external_metadata_type\": \"cimd\",\n  \"external_metadata_created_by\": \"admin\",\n  \"external_client_id\": \"external_client_id\",\n  \"jwks_uri\": \"jwks_uri\"\n}",
+        "body": "{\n  \"client_id\": \"client_id\",\n  \"tenant\": \"tenant\",\n  \"name\": \"name\",\n  \"description\": \"description\",\n  \"global\": true,\n  \"client_secret\": \"client_secret\",\n  \"app_type\": \"native\",\n  \"logo_uri\": \"logo_uri\",\n  \"is_first_party\": true,\n  \"oidc_conformant\": true,\n  \"callbacks\": [\n    \"callbacks\"\n  ],\n  \"allowed_origins\": [\n    \"allowed_origins\"\n  ],\n  \"web_origins\": [\n    \"web_origins\"\n  ],\n  \"client_aliases\": [\n    \"client_aliases\"\n  ],\n  \"allowed_clients\": [\n    \"allowed_clients\"\n  ],\n  \"allowed_logout_urls\": [\n    \"allowed_logout_urls\"\n  ],\n  \"session_transfer\": {\n    \"can_create_session_transfer_token\": true,\n    \"enforce_cascade_revocation\": true,\n    \"allowed_authentication_methods\": [\n      \"cookie\"\n    ],\n    \"enforce_device_binding\": \"ip\",\n    \"allow_refresh_token\": true,\n    \"enforce_online_refresh_tokens\": true,\n    \"delegation\": {\n      \"allow_delegated_access\": true,\n      \"enforce_device_binding\": \"ip\"\n    }\n  },\n  \"oidc_logout\": {\n    \"backchannel_logout_urls\": [\n      \"backchannel_logout_urls\"\n    ],\n    \"backchannel_logout_initiators\": {\n      \"mode\": \"custom\",\n      \"selected_initiators\": [\n        \"rp-logout\"\n      ]\n    },\n    \"backchannel_logout_session_metadata\": {\n      \"include\": true\n    }\n  },\n  \"grant_types\": [\n    \"grant_types\"\n  ],\n  \"jwt_configuration\": {\n    \"lifetime_in_seconds\": 1,\n    \"secret_encoded\": true,\n    \"scopes\": {\n      \"key\": \"value\"\n    },\n    \"alg\": \"HS256\"\n  },\n  \"signing_keys\": [\n    {\n      \"pkcs7\": \"pkcs7\",\n      \"cert\": \"cert\",\n      \"subject\": \"subject\"\n    }\n  ],\n  \"encryption_key\": {\n    \"pub\": \"pub\",\n    \"cert\": \"cert\",\n    \"subject\": \"subject\"\n  },\n  \"sso\": true,\n  \"sso_disabled\": true,\n  \"cross_origin_authentication\": true,\n  \"cross_origin_loc\": \"cross_origin_loc\",\n  \"custom_login_page_on\": true,\n  \"custom_login_page\": \"custom_login_page\",\n  \"custom_login_page_preview\": \"custom_login_page_preview\",\n  \"form_template\": \"form_template\",\n  \"addons\": {\n    \"aws\": {\n      \"principal\": \"principal\",\n      \"role\": \"role\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"azure_blob\": {\n      \"accountName\": \"accountName\",\n      \"storageAccessKey\": \"storageAccessKey\",\n      \"containerName\": \"containerName\",\n      \"blobName\": \"blobName\",\n      \"expiration\": 1,\n      \"signedIdentifier\": \"signedIdentifier\",\n      \"blob_read\": true,\n      \"blob_write\": true,\n      \"blob_delete\": true,\n      \"container_read\": true,\n      \"container_write\": true,\n      \"container_delete\": true,\n      \"container_list\": true\n    },\n    \"azure_sb\": {\n      \"namespace\": \"namespace\",\n      \"sasKeyName\": \"sasKeyName\",\n      \"sasKey\": \"sasKey\",\n      \"entityPath\": \"entityPath\",\n      \"expiration\": 1\n    },\n    \"rms\": {\n      \"url\": \"url\"\n    },\n    \"mscrm\": {\n      \"url\": \"url\"\n    },\n    \"slack\": {\n      \"team\": \"team\"\n    },\n    \"sentry\": {\n      \"org_slug\": \"org_slug\",\n      \"base_url\": \"base_url\"\n    },\n    \"box\": {\n      \"key\": \"value\"\n    },\n    \"cloudbees\": {\n      \"key\": \"value\"\n    },\n    \"concur\": {\n      \"key\": \"value\"\n    },\n    \"dropbox\": {\n      \"key\": \"value\"\n    },\n    \"echosign\": {\n      \"domain\": \"domain\"\n    },\n    \"egnyte\": {\n      \"domain\": \"domain\"\n    },\n    \"firebase\": {\n      \"secret\": \"secret\",\n      \"private_key_id\": \"private_key_id\",\n      \"private_key\": \"private_key\",\n      \"client_email\": \"client_email\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"newrelic\": {\n      \"account\": \"account\"\n    },\n    \"office365\": {\n      \"domain\": \"domain\",\n      \"connection\": \"connection\"\n    },\n    \"salesforce\": {\n      \"entity_id\": \"entity_id\"\n    },\n    \"salesforce_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"salesforce_sandbox_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"samlp\": {\n      \"mappings\": {\n        \"key\": \"value\"\n      },\n      \"audience\": \"audience\",\n      \"recipient\": \"recipient\",\n      \"createUpnClaim\": true,\n      \"mapUnknownClaimsAsIs\": true,\n      \"passthroughClaimsWithNoMapping\": true,\n      \"mapIdentities\": true,\n      \"signatureAlgorithm\": \"signatureAlgorithm\",\n      \"digestAlgorithm\": \"digestAlgorithm\",\n      \"issuer\": \"issuer\",\n      \"destination\": \"destination\",\n      \"lifetimeInSeconds\": 1,\n      \"signResponse\": true,\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\",\n      \"nameIdentifierProbes\": [\n        \"nameIdentifierProbes\"\n      ],\n      \"authnContextClassRef\": \"authnContextClassRef\"\n    },\n    \"layer\": {\n      \"providerId\": \"providerId\",\n      \"keyId\": \"keyId\",\n      \"privateKey\": \"privateKey\",\n      \"principal\": \"principal\",\n      \"expiration\": 1\n    },\n    \"sap_api\": {\n      \"clientid\": \"clientid\",\n      \"usernameAttribute\": \"usernameAttribute\",\n      \"tokenEndpointUrl\": \"tokenEndpointUrl\",\n      \"scope\": \"scope\",\n      \"servicePassword\": \"servicePassword\",\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\"\n    },\n    \"sharepoint\": {\n      \"url\": \"url\",\n      \"external_url\": [\n        \"external_url\"\n      ]\n    },\n    \"springcm\": {\n      \"acsurl\": \"acsurl\"\n    },\n    \"wams\": {\n      \"masterkey\": \"masterkey\"\n    },\n    \"wsfed\": {\n      \"key\": \"value\"\n    },\n    \"zendesk\": {\n      \"accountName\": \"accountName\"\n    },\n    \"zoom\": {\n      \"account\": \"account\"\n    },\n    \"sso_integration\": {\n      \"name\": \"name\",\n      \"version\": \"version\"\n    }\n  },\n  \"token_endpoint_auth_method\": \"none\",\n  \"is_token_endpoint_ip_header_trusted\": true,\n  \"client_metadata\": {\n    \"key\": \"value\"\n  },\n  \"mobile\": {\n    \"android\": {\n      \"app_package_name\": \"app_package_name\",\n      \"sha256_cert_fingerprints\": [\n        \"sha256_cert_fingerprints\"\n      ]\n    },\n    \"ios\": {\n      \"team_id\": \"team_id\",\n      \"app_bundle_identifier\": \"app_bundle_identifier\"\n    }\n  },\n  \"initiate_login_uri\": \"initiate_login_uri\",\n  \"refresh_token\": {\n    \"rotation_type\": \"rotating\",\n    \"expiration_type\": \"expiring\",\n    \"leeway\": 1,\n    \"token_lifetime\": 1,\n    \"infinite_token_lifetime\": true,\n    \"idle_token_lifetime\": 1,\n    \"infinite_idle_token_lifetime\": true,\n    \"policies\": [\n      {\n        \"audience\": \"audience\",\n        \"scope\": [\n          \"scope\"\n        ]\n      }\n    ]\n  },\n  \"default_organization\": {\n    \"organization_id\": \"organization_id\",\n    \"flows\": [\n      \"client_credentials\"\n    ]\n  },\n  \"organization_usage\": \"deny\",\n  \"organization_require_behavior\": \"no_prompt\",\n  \"organization_discovery_methods\": [\n    \"email\"\n  ],\n  \"client_authentication_methods\": {\n    \"private_key_jwt\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"self_signed_tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    }\n  },\n  \"require_pushed_authorization_requests\": true,\n  \"require_proof_of_possession\": true,\n  \"signed_request_object\": {\n    \"required\": true,\n    \"credentials\": [\n      {\n        \"id\": \"id\"\n      }\n    ]\n  },\n  \"compliance_level\": \"none\",\n  \"skip_non_verifiable_callback_uri_confirmation_prompt\": true,\n  \"token_exchange\": {\n    \"allow_any_profile_of_type\": [\n      \"custom_authentication\"\n    ]\n  },\n  \"par_request_expiry\": 1,\n  \"token_quota\": {\n    \"client_credentials\": {\n      \"enforce\": true,\n      \"per_day\": 1,\n      \"per_hour\": 1\n    }\n  },\n  \"express_configuration\": {\n    \"initiate_login_uri_template\": \"initiate_login_uri_template\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"enable_client\": true,\n    \"enable_organization\": true,\n    \"linked_clients\": [\n      {\n        \"client_id\": \"client_id\"\n      }\n    ],\n    \"okta_oin_client_id\": \"okta_oin_client_id\",\n    \"admin_login_domain\": \"admin_login_domain\",\n    \"oin_submission_id\": \"oin_submission_id\"\n  },\n  \"my_organization_configuration\": {\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"allowed_strategies\": [\n      \"pingfederate\"\n    ],\n    \"connection_deletion_behavior\": \"allow\",\n    \"invitation_landing_client_id\": \"invitation_landing_client_id\"\n  },\n  \"third_party_security_mode\": \"strict\",\n  \"redirection_policy\": \"allow_always\",\n  \"resource_server_identifier\": \"resource_server_identifier\",\n  \"async_approval_notification_channels\": [\n    \"guardian-push\"\n  ],\n  \"external_metadata_type\": \"cimd\",\n  \"external_metadata_created_by\": \"admin\",\n  \"external_client_id\": \"external_client_id\",\n  \"jwks_uri\": \"jwks_uri\"\n}",
         "headers": {
           "Content-Type": "application/json"
         }
@@ -781,7 +781,7 @@
       },
       "response": {
         "status": 200,
-        "body": "{\n  \"client_id\": \"client_id\",\n  \"tenant\": \"tenant\",\n  \"name\": \"name\",\n  \"description\": \"description\",\n  \"global\": true,\n  \"client_secret\": \"client_secret\",\n  \"app_type\": \"native\",\n  \"logo_uri\": \"logo_uri\",\n  \"is_first_party\": true,\n  \"oidc_conformant\": true,\n  \"callbacks\": [\n    \"callbacks\"\n  ],\n  \"allowed_origins\": [\n    \"allowed_origins\"\n  ],\n  \"web_origins\": [\n    \"web_origins\"\n  ],\n  \"client_aliases\": [\n    \"client_aliases\"\n  ],\n  \"allowed_clients\": [\n    \"allowed_clients\"\n  ],\n  \"allowed_logout_urls\": [\n    \"allowed_logout_urls\"\n  ],\n  \"session_transfer\": {\n    \"can_create_session_transfer_token\": true,\n    \"enforce_cascade_revocation\": true,\n    \"allowed_authentication_methods\": [\n      \"cookie\"\n    ],\n    \"enforce_device_binding\": \"ip\",\n    \"allow_refresh_token\": true,\n    \"enforce_online_refresh_tokens\": true,\n    \"delegation\": {\n      \"allow_delegated_access\": true,\n      \"enforce_device_binding\": \"ip\"\n    }\n  },\n  \"oidc_logout\": {\n    \"backchannel_logout_urls\": [\n      \"backchannel_logout_urls\"\n    ],\n    \"backchannel_logout_initiators\": {\n      \"mode\": \"custom\",\n      \"selected_initiators\": [\n        \"rp-logout\"\n      ]\n    },\n    \"backchannel_logout_session_metadata\": {\n      \"include\": true\n    }\n  },\n  \"grant_types\": [\n    \"grant_types\"\n  ],\n  \"jwt_configuration\": {\n    \"lifetime_in_seconds\": 1,\n    \"secret_encoded\": true,\n    \"scopes\": {\n      \"key\": \"value\"\n    },\n    \"alg\": \"HS256\"\n  },\n  \"signing_keys\": [\n    {\n      \"pkcs7\": \"pkcs7\",\n      \"cert\": \"cert\",\n      \"subject\": \"subject\"\n    }\n  ],\n  \"encryption_key\": {\n    \"pub\": \"pub\",\n    \"cert\": \"cert\",\n    \"subject\": \"subject\"\n  },\n  \"sso\": true,\n  \"sso_disabled\": true,\n  \"cross_origin_authentication\": true,\n  \"cross_origin_loc\": \"cross_origin_loc\",\n  \"custom_login_page_on\": true,\n  \"custom_login_page\": \"custom_login_page\",\n  \"custom_login_page_preview\": \"custom_login_page_preview\",\n  \"form_template\": \"form_template\",\n  \"addons\": {\n    \"aws\": {\n      \"principal\": \"principal\",\n      \"role\": \"role\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"azure_blob\": {\n      \"accountName\": \"accountName\",\n      \"storageAccessKey\": \"storageAccessKey\",\n      \"containerName\": \"containerName\",\n      \"blobName\": \"blobName\",\n      \"expiration\": 1,\n      \"signedIdentifier\": \"signedIdentifier\",\n      \"blob_read\": true,\n      \"blob_write\": true,\n      \"blob_delete\": true,\n      \"container_read\": true,\n      \"container_write\": true,\n      \"container_delete\": true,\n      \"container_list\": true\n    },\n    \"azure_sb\": {\n      \"namespace\": \"namespace\",\n      \"sasKeyName\": \"sasKeyName\",\n      \"sasKey\": \"sasKey\",\n      \"entityPath\": \"entityPath\",\n      \"expiration\": 1\n    },\n    \"rms\": {\n      \"url\": \"url\"\n    },\n    \"mscrm\": {\n      \"url\": \"url\"\n    },\n    \"slack\": {\n      \"team\": \"team\"\n    },\n    \"sentry\": {\n      \"org_slug\": \"org_slug\",\n      \"base_url\": \"base_url\"\n    },\n    \"box\": {\n      \"key\": \"value\"\n    },\n    \"cloudbees\": {\n      \"key\": \"value\"\n    },\n    \"concur\": {\n      \"key\": \"value\"\n    },\n    \"dropbox\": {\n      \"key\": \"value\"\n    },\n    \"echosign\": {\n      \"domain\": \"domain\"\n    },\n    \"egnyte\": {\n      \"domain\": \"domain\"\n    },\n    \"firebase\": {\n      \"secret\": \"secret\",\n      \"private_key_id\": \"private_key_id\",\n      \"private_key\": \"private_key\",\n      \"client_email\": \"client_email\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"newrelic\": {\n      \"account\": \"account\"\n    },\n    \"office365\": {\n      \"domain\": \"domain\",\n      \"connection\": \"connection\"\n    },\n    \"salesforce\": {\n      \"entity_id\": \"entity_id\"\n    },\n    \"salesforce_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"salesforce_sandbox_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"samlp\": {\n      \"mappings\": {\n        \"key\": \"value\"\n      },\n      \"audience\": \"audience\",\n      \"recipient\": \"recipient\",\n      \"createUpnClaim\": true,\n      \"mapUnknownClaimsAsIs\": true,\n      \"passthroughClaimsWithNoMapping\": true,\n      \"mapIdentities\": true,\n      \"signatureAlgorithm\": \"signatureAlgorithm\",\n      \"digestAlgorithm\": \"digestAlgorithm\",\n      \"issuer\": \"issuer\",\n      \"destination\": \"destination\",\n      \"lifetimeInSeconds\": 1,\n      \"signResponse\": true,\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\",\n      \"nameIdentifierProbes\": [\n        \"nameIdentifierProbes\"\n      ],\n      \"authnContextClassRef\": \"authnContextClassRef\"\n    },\n    \"layer\": {\n      \"providerId\": \"providerId\",\n      \"keyId\": \"keyId\",\n      \"privateKey\": \"privateKey\",\n      \"principal\": \"principal\",\n      \"expiration\": 1\n    },\n    \"sap_api\": {\n      \"clientid\": \"clientid\",\n      \"usernameAttribute\": \"usernameAttribute\",\n      \"tokenEndpointUrl\": \"tokenEndpointUrl\",\n      \"scope\": \"scope\",\n      \"servicePassword\": \"servicePassword\",\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\"\n    },\n    \"sharepoint\": {\n      \"url\": \"url\",\n      \"external_url\": [\n        \"external_url\"\n      ]\n    },\n    \"springcm\": {\n      \"acsurl\": \"acsurl\"\n    },\n    \"wams\": {\n      \"masterkey\": \"masterkey\"\n    },\n    \"wsfed\": {\n      \"key\": \"value\"\n    },\n    \"zendesk\": {\n      \"accountName\": \"accountName\"\n    },\n    \"zoom\": {\n      \"account\": \"account\"\n    },\n    \"sso_integration\": {\n      \"name\": \"name\",\n      \"version\": \"version\"\n    }\n  },\n  \"token_endpoint_auth_method\": \"none\",\n  \"is_token_endpoint_ip_header_trusted\": true,\n  \"client_metadata\": {\n    \"key\": \"value\"\n  },\n  \"mobile\": {\n    \"android\": {\n      \"app_package_name\": \"app_package_name\",\n      \"sha256_cert_fingerprints\": [\n        \"sha256_cert_fingerprints\"\n      ]\n    },\n    \"ios\": {\n      \"team_id\": \"team_id\",\n      \"app_bundle_identifier\": \"app_bundle_identifier\"\n    }\n  },\n  \"initiate_login_uri\": \"initiate_login_uri\",\n  \"refresh_token\": {\n    \"rotation_type\": \"rotating\",\n    \"expiration_type\": \"expiring\",\n    \"leeway\": 1,\n    \"token_lifetime\": 1,\n    \"infinite_token_lifetime\": true,\n    \"idle_token_lifetime\": 1,\n    \"infinite_idle_token_lifetime\": true,\n    \"policies\": [\n      {\n        \"audience\": \"audience\",\n        \"scope\": [\n          \"scope\"\n        ]\n      }\n    ]\n  },\n  \"default_organization\": {\n    \"organization_id\": \"organization_id\",\n    \"flows\": [\n      \"client_credentials\"\n    ]\n  },\n  \"organization_usage\": \"deny\",\n  \"organization_require_behavior\": \"no_prompt\",\n  \"organization_discovery_methods\": [\n    \"email\"\n  ],\n  \"client_authentication_methods\": {\n    \"private_key_jwt\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"self_signed_tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    }\n  },\n  \"require_pushed_authorization_requests\": true,\n  \"require_proof_of_possession\": true,\n  \"signed_request_object\": {\n    \"required\": true,\n    \"credentials\": [\n      {\n        \"id\": \"id\"\n      }\n    ]\n  },\n  \"compliance_level\": \"none\",\n  \"skip_non_verifiable_callback_uri_confirmation_prompt\": true,\n  \"token_exchange\": {\n    \"allow_any_profile_of_type\": [\n      \"custom_authentication\"\n    ]\n  },\n  \"par_request_expiry\": 1,\n  \"token_quota\": {\n    \"client_credentials\": {\n      \"enforce\": true,\n      \"per_day\": 1,\n      \"per_hour\": 1\n    }\n  },\n  \"express_configuration\": {\n    \"initiate_login_uri_template\": \"initiate_login_uri_template\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"enable_client\": true,\n    \"enable_organization\": true,\n    \"linked_clients\": [\n      {\n        \"client_id\": \"client_id\"\n      }\n    ],\n    \"okta_oin_client_id\": \"okta_oin_client_id\",\n    \"admin_login_domain\": \"admin_login_domain\",\n    \"oin_submission_id\": \"oin_submission_id\"\n  },\n  \"my_organization_configuration\": {\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"allowed_strategies\": [\n      \"pingfederate\"\n    ],\n    \"connection_deletion_behavior\": \"allow\"\n  },\n  \"third_party_security_mode\": \"strict\",\n  \"redirection_policy\": \"allow_always\",\n  \"resource_server_identifier\": \"resource_server_identifier\",\n  \"async_approval_notification_channels\": [\n    \"guardian-push\"\n  ],\n  \"external_metadata_type\": \"cimd\",\n  \"external_metadata_created_by\": \"admin\",\n  \"external_client_id\": \"external_client_id\",\n  \"jwks_uri\": \"jwks_uri\"\n}",
+        "body": "{\n  \"client_id\": \"client_id\",\n  \"tenant\": \"tenant\",\n  \"name\": \"name\",\n  \"description\": \"description\",\n  \"global\": true,\n  \"client_secret\": \"client_secret\",\n  \"app_type\": \"native\",\n  \"logo_uri\": \"logo_uri\",\n  \"is_first_party\": true,\n  \"oidc_conformant\": true,\n  \"callbacks\": [\n    \"callbacks\"\n  ],\n  \"allowed_origins\": [\n    \"allowed_origins\"\n  ],\n  \"web_origins\": [\n    \"web_origins\"\n  ],\n  \"client_aliases\": [\n    \"client_aliases\"\n  ],\n  \"allowed_clients\": [\n    \"allowed_clients\"\n  ],\n  \"allowed_logout_urls\": [\n    \"allowed_logout_urls\"\n  ],\n  \"session_transfer\": {\n    \"can_create_session_transfer_token\": true,\n    \"enforce_cascade_revocation\": true,\n    \"allowed_authentication_methods\": [\n      \"cookie\"\n    ],\n    \"enforce_device_binding\": \"ip\",\n    \"allow_refresh_token\": true,\n    \"enforce_online_refresh_tokens\": true,\n    \"delegation\": {\n      \"allow_delegated_access\": true,\n      \"enforce_device_binding\": \"ip\"\n    }\n  },\n  \"oidc_logout\": {\n    \"backchannel_logout_urls\": [\n      \"backchannel_logout_urls\"\n    ],\n    \"backchannel_logout_initiators\": {\n      \"mode\": \"custom\",\n      \"selected_initiators\": [\n        \"rp-logout\"\n      ]\n    },\n    \"backchannel_logout_session_metadata\": {\n      \"include\": true\n    }\n  },\n  \"grant_types\": [\n    \"grant_types\"\n  ],\n  \"jwt_configuration\": {\n    \"lifetime_in_seconds\": 1,\n    \"secret_encoded\": true,\n    \"scopes\": {\n      \"key\": \"value\"\n    },\n    \"alg\": \"HS256\"\n  },\n  \"signing_keys\": [\n    {\n      \"pkcs7\": \"pkcs7\",\n      \"cert\": \"cert\",\n      \"subject\": \"subject\"\n    }\n  ],\n  \"encryption_key\": {\n    \"pub\": \"pub\",\n    \"cert\": \"cert\",\n    \"subject\": \"subject\"\n  },\n  \"sso\": true,\n  \"sso_disabled\": true,\n  \"cross_origin_authentication\": true,\n  \"cross_origin_loc\": \"cross_origin_loc\",\n  \"custom_login_page_on\": true,\n  \"custom_login_page\": \"custom_login_page\",\n  \"custom_login_page_preview\": \"custom_login_page_preview\",\n  \"form_template\": \"form_template\",\n  \"addons\": {\n    \"aws\": {\n      \"principal\": \"principal\",\n      \"role\": \"role\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"azure_blob\": {\n      \"accountName\": \"accountName\",\n      \"storageAccessKey\": \"storageAccessKey\",\n      \"containerName\": \"containerName\",\n      \"blobName\": \"blobName\",\n      \"expiration\": 1,\n      \"signedIdentifier\": \"signedIdentifier\",\n      \"blob_read\": true,\n      \"blob_write\": true,\n      \"blob_delete\": true,\n      \"container_read\": true,\n      \"container_write\": true,\n      \"container_delete\": true,\n      \"container_list\": true\n    },\n    \"azure_sb\": {\n      \"namespace\": \"namespace\",\n      \"sasKeyName\": \"sasKeyName\",\n      \"sasKey\": \"sasKey\",\n      \"entityPath\": \"entityPath\",\n      \"expiration\": 1\n    },\n    \"rms\": {\n      \"url\": \"url\"\n    },\n    \"mscrm\": {\n      \"url\": \"url\"\n    },\n    \"slack\": {\n      \"team\": \"team\"\n    },\n    \"sentry\": {\n      \"org_slug\": \"org_slug\",\n      \"base_url\": \"base_url\"\n    },\n    \"box\": {\n      \"key\": \"value\"\n    },\n    \"cloudbees\": {\n      \"key\": \"value\"\n    },\n    \"concur\": {\n      \"key\": \"value\"\n    },\n    \"dropbox\": {\n      \"key\": \"value\"\n    },\n    \"echosign\": {\n      \"domain\": \"domain\"\n    },\n    \"egnyte\": {\n      \"domain\": \"domain\"\n    },\n    \"firebase\": {\n      \"secret\": \"secret\",\n      \"private_key_id\": \"private_key_id\",\n      \"private_key\": \"private_key\",\n      \"client_email\": \"client_email\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"newrelic\": {\n      \"account\": \"account\"\n    },\n    \"office365\": {\n      \"domain\": \"domain\",\n      \"connection\": \"connection\"\n    },\n    \"salesforce\": {\n      \"entity_id\": \"entity_id\"\n    },\n    \"salesforce_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"salesforce_sandbox_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"samlp\": {\n      \"mappings\": {\n        \"key\": \"value\"\n      },\n      \"audience\": \"audience\",\n      \"recipient\": \"recipient\",\n      \"createUpnClaim\": true,\n      \"mapUnknownClaimsAsIs\": true,\n      \"passthroughClaimsWithNoMapping\": true,\n      \"mapIdentities\": true,\n      \"signatureAlgorithm\": \"signatureAlgorithm\",\n      \"digestAlgorithm\": \"digestAlgorithm\",\n      \"issuer\": \"issuer\",\n      \"destination\": \"destination\",\n      \"lifetimeInSeconds\": 1,\n      \"signResponse\": true,\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\",\n      \"nameIdentifierProbes\": [\n        \"nameIdentifierProbes\"\n      ],\n      \"authnContextClassRef\": \"authnContextClassRef\"\n    },\n    \"layer\": {\n      \"providerId\": \"providerId\",\n      \"keyId\": \"keyId\",\n      \"privateKey\": \"privateKey\",\n      \"principal\": \"principal\",\n      \"expiration\": 1\n    },\n    \"sap_api\": {\n      \"clientid\": \"clientid\",\n      \"usernameAttribute\": \"usernameAttribute\",\n      \"tokenEndpointUrl\": \"tokenEndpointUrl\",\n      \"scope\": \"scope\",\n      \"servicePassword\": \"servicePassword\",\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\"\n    },\n    \"sharepoint\": {\n      \"url\": \"url\",\n      \"external_url\": [\n        \"external_url\"\n      ]\n    },\n    \"springcm\": {\n      \"acsurl\": \"acsurl\"\n    },\n    \"wams\": {\n      \"masterkey\": \"masterkey\"\n    },\n    \"wsfed\": {\n      \"key\": \"value\"\n    },\n    \"zendesk\": {\n      \"accountName\": \"accountName\"\n    },\n    \"zoom\": {\n      \"account\": \"account\"\n    },\n    \"sso_integration\": {\n      \"name\": \"name\",\n      \"version\": \"version\"\n    }\n  },\n  \"token_endpoint_auth_method\": \"none\",\n  \"is_token_endpoint_ip_header_trusted\": true,\n  \"client_metadata\": {\n    \"key\": \"value\"\n  },\n  \"mobile\": {\n    \"android\": {\n      \"app_package_name\": \"app_package_name\",\n      \"sha256_cert_fingerprints\": [\n        \"sha256_cert_fingerprints\"\n      ]\n    },\n    \"ios\": {\n      \"team_id\": \"team_id\",\n      \"app_bundle_identifier\": \"app_bundle_identifier\"\n    }\n  },\n  \"initiate_login_uri\": \"initiate_login_uri\",\n  \"refresh_token\": {\n    \"rotation_type\": \"rotating\",\n    \"expiration_type\": \"expiring\",\n    \"leeway\": 1,\n    \"token_lifetime\": 1,\n    \"infinite_token_lifetime\": true,\n    \"idle_token_lifetime\": 1,\n    \"infinite_idle_token_lifetime\": true,\n    \"policies\": [\n      {\n        \"audience\": \"audience\",\n        \"scope\": [\n          \"scope\"\n        ]\n      }\n    ]\n  },\n  \"default_organization\": {\n    \"organization_id\": \"organization_id\",\n    \"flows\": [\n      \"client_credentials\"\n    ]\n  },\n  \"organization_usage\": \"deny\",\n  \"organization_require_behavior\": \"no_prompt\",\n  \"organization_discovery_methods\": [\n    \"email\"\n  ],\n  \"client_authentication_methods\": {\n    \"private_key_jwt\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"self_signed_tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    }\n  },\n  \"require_pushed_authorization_requests\": true,\n  \"require_proof_of_possession\": true,\n  \"signed_request_object\": {\n    \"required\": true,\n    \"credentials\": [\n      {\n        \"id\": \"id\"\n      }\n    ]\n  },\n  \"compliance_level\": \"none\",\n  \"skip_non_verifiable_callback_uri_confirmation_prompt\": true,\n  \"token_exchange\": {\n    \"allow_any_profile_of_type\": [\n      \"custom_authentication\"\n    ]\n  },\n  \"par_request_expiry\": 1,\n  \"token_quota\": {\n    \"client_credentials\": {\n      \"enforce\": true,\n      \"per_day\": 1,\n      \"per_hour\": 1\n    }\n  },\n  \"express_configuration\": {\n    \"initiate_login_uri_template\": \"initiate_login_uri_template\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"enable_client\": true,\n    \"enable_organization\": true,\n    \"linked_clients\": [\n      {\n        \"client_id\": \"client_id\"\n      }\n    ],\n    \"okta_oin_client_id\": \"okta_oin_client_id\",\n    \"admin_login_domain\": \"admin_login_domain\",\n    \"oin_submission_id\": \"oin_submission_id\"\n  },\n  \"my_organization_configuration\": {\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"allowed_strategies\": [\n      \"pingfederate\"\n    ],\n    \"connection_deletion_behavior\": \"allow\",\n    \"invitation_landing_client_id\": \"invitation_landing_client_id\"\n  },\n  \"third_party_security_mode\": \"strict\",\n  \"redirection_policy\": \"allow_always\",\n  \"resource_server_identifier\": \"resource_server_identifier\",\n  \"async_approval_notification_channels\": [\n    \"guardian-push\"\n  ],\n  \"external_metadata_type\": \"cimd\",\n  \"external_metadata_created_by\": \"admin\",\n  \"external_client_id\": \"external_client_id\",\n  \"jwks_uri\": \"jwks_uri\"\n}",
         "headers": {
           "Content-Type": "application/json"
         }
@@ -817,7 +817,7 @@
       },
       "response": {
         "status": 200,
-        "body": "{\n  \"client_id\": \"client_id\",\n  \"tenant\": \"tenant\",\n  \"name\": \"name\",\n  \"description\": \"description\",\n  \"global\": true,\n  \"client_secret\": \"client_secret\",\n  \"app_type\": \"native\",\n  \"logo_uri\": \"logo_uri\",\n  \"is_first_party\": true,\n  \"oidc_conformant\": true,\n  \"callbacks\": [\n    \"callbacks\"\n  ],\n  \"allowed_origins\": [\n    \"allowed_origins\"\n  ],\n  \"web_origins\": [\n    \"web_origins\"\n  ],\n  \"client_aliases\": [\n    \"client_aliases\"\n  ],\n  \"allowed_clients\": [\n    \"allowed_clients\"\n  ],\n  \"allowed_logout_urls\": [\n    \"allowed_logout_urls\"\n  ],\n  \"session_transfer\": {\n    \"can_create_session_transfer_token\": true,\n    \"enforce_cascade_revocation\": true,\n    \"allowed_authentication_methods\": [\n      \"cookie\"\n    ],\n    \"enforce_device_binding\": \"ip\",\n    \"allow_refresh_token\": true,\n    \"enforce_online_refresh_tokens\": true,\n    \"delegation\": {\n      \"allow_delegated_access\": true,\n      \"enforce_device_binding\": \"ip\"\n    }\n  },\n  \"oidc_logout\": {\n    \"backchannel_logout_urls\": [\n      \"backchannel_logout_urls\"\n    ],\n    \"backchannel_logout_initiators\": {\n      \"mode\": \"custom\",\n      \"selected_initiators\": [\n        \"rp-logout\"\n      ]\n    },\n    \"backchannel_logout_session_metadata\": {\n      \"include\": true\n    }\n  },\n  \"grant_types\": [\n    \"grant_types\"\n  ],\n  \"jwt_configuration\": {\n    \"lifetime_in_seconds\": 1,\n    \"secret_encoded\": true,\n    \"scopes\": {\n      \"key\": \"value\"\n    },\n    \"alg\": \"HS256\"\n  },\n  \"signing_keys\": [\n    {\n      \"pkcs7\": \"pkcs7\",\n      \"cert\": \"cert\",\n      \"subject\": \"subject\"\n    }\n  ],\n  \"encryption_key\": {\n    \"pub\": \"pub\",\n    \"cert\": \"cert\",\n    \"subject\": \"subject\"\n  },\n  \"sso\": true,\n  \"sso_disabled\": true,\n  \"cross_origin_authentication\": true,\n  \"cross_origin_loc\": \"cross_origin_loc\",\n  \"custom_login_page_on\": true,\n  \"custom_login_page\": \"custom_login_page\",\n  \"custom_login_page_preview\": \"custom_login_page_preview\",\n  \"form_template\": \"form_template\",\n  \"addons\": {\n    \"aws\": {\n      \"principal\": \"principal\",\n      \"role\": \"role\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"azure_blob\": {\n      \"accountName\": \"accountName\",\n      \"storageAccessKey\": \"storageAccessKey\",\n      \"containerName\": \"containerName\",\n      \"blobName\": \"blobName\",\n      \"expiration\": 1,\n      \"signedIdentifier\": \"signedIdentifier\",\n      \"blob_read\": true,\n      \"blob_write\": true,\n      \"blob_delete\": true,\n      \"container_read\": true,\n      \"container_write\": true,\n      \"container_delete\": true,\n      \"container_list\": true\n    },\n    \"azure_sb\": {\n      \"namespace\": \"namespace\",\n      \"sasKeyName\": \"sasKeyName\",\n      \"sasKey\": \"sasKey\",\n      \"entityPath\": \"entityPath\",\n      \"expiration\": 1\n    },\n    \"rms\": {\n      \"url\": \"url\"\n    },\n    \"mscrm\": {\n      \"url\": \"url\"\n    },\n    \"slack\": {\n      \"team\": \"team\"\n    },\n    \"sentry\": {\n      \"org_slug\": \"org_slug\",\n      \"base_url\": \"base_url\"\n    },\n    \"box\": {\n      \"key\": \"value\"\n    },\n    \"cloudbees\": {\n      \"key\": \"value\"\n    },\n    \"concur\": {\n      \"key\": \"value\"\n    },\n    \"dropbox\": {\n      \"key\": \"value\"\n    },\n    \"echosign\": {\n      \"domain\": \"domain\"\n    },\n    \"egnyte\": {\n      \"domain\": \"domain\"\n    },\n    \"firebase\": {\n      \"secret\": \"secret\",\n      \"private_key_id\": \"private_key_id\",\n      \"private_key\": \"private_key\",\n      \"client_email\": \"client_email\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"newrelic\": {\n      \"account\": \"account\"\n    },\n    \"office365\": {\n      \"domain\": \"domain\",\n      \"connection\": \"connection\"\n    },\n    \"salesforce\": {\n      \"entity_id\": \"entity_id\"\n    },\n    \"salesforce_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"salesforce_sandbox_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"samlp\": {\n      \"mappings\": {\n        \"key\": \"value\"\n      },\n      \"audience\": \"audience\",\n      \"recipient\": \"recipient\",\n      \"createUpnClaim\": true,\n      \"mapUnknownClaimsAsIs\": true,\n      \"passthroughClaimsWithNoMapping\": true,\n      \"mapIdentities\": true,\n      \"signatureAlgorithm\": \"signatureAlgorithm\",\n      \"digestAlgorithm\": \"digestAlgorithm\",\n      \"issuer\": \"issuer\",\n      \"destination\": \"destination\",\n      \"lifetimeInSeconds\": 1,\n      \"signResponse\": true,\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\",\n      \"nameIdentifierProbes\": [\n        \"nameIdentifierProbes\"\n      ],\n      \"authnContextClassRef\": \"authnContextClassRef\"\n    },\n    \"layer\": {\n      \"providerId\": \"providerId\",\n      \"keyId\": \"keyId\",\n      \"privateKey\": \"privateKey\",\n      \"principal\": \"principal\",\n      \"expiration\": 1\n    },\n    \"sap_api\": {\n      \"clientid\": \"clientid\",\n      \"usernameAttribute\": \"usernameAttribute\",\n      \"tokenEndpointUrl\": \"tokenEndpointUrl\",\n      \"scope\": \"scope\",\n      \"servicePassword\": \"servicePassword\",\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\"\n    },\n    \"sharepoint\": {\n      \"url\": \"url\",\n      \"external_url\": [\n        \"external_url\"\n      ]\n    },\n    \"springcm\": {\n      \"acsurl\": \"acsurl\"\n    },\n    \"wams\": {\n      \"masterkey\": \"masterkey\"\n    },\n    \"wsfed\": {\n      \"key\": \"value\"\n    },\n    \"zendesk\": {\n      \"accountName\": \"accountName\"\n    },\n    \"zoom\": {\n      \"account\": \"account\"\n    },\n    \"sso_integration\": {\n      \"name\": \"name\",\n      \"version\": \"version\"\n    }\n  },\n  \"token_endpoint_auth_method\": \"none\",\n  \"is_token_endpoint_ip_header_trusted\": true,\n  \"client_metadata\": {\n    \"key\": \"value\"\n  },\n  \"mobile\": {\n    \"android\": {\n      \"app_package_name\": \"app_package_name\",\n      \"sha256_cert_fingerprints\": [\n        \"sha256_cert_fingerprints\"\n      ]\n    },\n    \"ios\": {\n      \"team_id\": \"team_id\",\n      \"app_bundle_identifier\": \"app_bundle_identifier\"\n    }\n  },\n  \"initiate_login_uri\": \"initiate_login_uri\",\n  \"refresh_token\": {\n    \"rotation_type\": \"rotating\",\n    \"expiration_type\": \"expiring\",\n    \"leeway\": 1,\n    \"token_lifetime\": 1,\n    \"infinite_token_lifetime\": true,\n    \"idle_token_lifetime\": 1,\n    \"infinite_idle_token_lifetime\": true,\n    \"policies\": [\n      {\n        \"audience\": \"audience\",\n        \"scope\": [\n          \"scope\"\n        ]\n      }\n    ]\n  },\n  \"default_organization\": {\n    \"organization_id\": \"organization_id\",\n    \"flows\": [\n      \"client_credentials\"\n    ]\n  },\n  \"organization_usage\": \"deny\",\n  \"organization_require_behavior\": \"no_prompt\",\n  \"organization_discovery_methods\": [\n    \"email\"\n  ],\n  \"client_authentication_methods\": {\n    \"private_key_jwt\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"self_signed_tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    }\n  },\n  \"require_pushed_authorization_requests\": true,\n  \"require_proof_of_possession\": true,\n  \"signed_request_object\": {\n    \"required\": true,\n    \"credentials\": [\n      {\n        \"id\": \"id\"\n      }\n    ]\n  },\n  \"compliance_level\": \"none\",\n  \"skip_non_verifiable_callback_uri_confirmation_prompt\": true,\n  \"token_exchange\": {\n    \"allow_any_profile_of_type\": [\n      \"custom_authentication\"\n    ]\n  },\n  \"par_request_expiry\": 1,\n  \"token_quota\": {\n    \"client_credentials\": {\n      \"enforce\": true,\n      \"per_day\": 1,\n      \"per_hour\": 1\n    }\n  },\n  \"express_configuration\": {\n    \"initiate_login_uri_template\": \"initiate_login_uri_template\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"enable_client\": true,\n    \"enable_organization\": true,\n    \"linked_clients\": [\n      {\n        \"client_id\": \"client_id\"\n      }\n    ],\n    \"okta_oin_client_id\": \"okta_oin_client_id\",\n    \"admin_login_domain\": \"admin_login_domain\",\n    \"oin_submission_id\": \"oin_submission_id\"\n  },\n  \"my_organization_configuration\": {\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"allowed_strategies\": [\n      \"pingfederate\"\n    ],\n    \"connection_deletion_behavior\": \"allow\"\n  },\n  \"third_party_security_mode\": \"strict\",\n  \"redirection_policy\": \"allow_always\",\n  \"resource_server_identifier\": \"resource_server_identifier\",\n  \"async_approval_notification_channels\": [\n    \"guardian-push\"\n  ],\n  \"external_metadata_type\": \"cimd\",\n  \"external_metadata_created_by\": \"admin\",\n  \"external_client_id\": \"external_client_id\",\n  \"jwks_uri\": \"jwks_uri\"\n}",
+        "body": "{\n  \"client_id\": \"client_id\",\n  \"tenant\": \"tenant\",\n  \"name\": \"name\",\n  \"description\": \"description\",\n  \"global\": true,\n  \"client_secret\": \"client_secret\",\n  \"app_type\": \"native\",\n  \"logo_uri\": \"logo_uri\",\n  \"is_first_party\": true,\n  \"oidc_conformant\": true,\n  \"callbacks\": [\n    \"callbacks\"\n  ],\n  \"allowed_origins\": [\n    \"allowed_origins\"\n  ],\n  \"web_origins\": [\n    \"web_origins\"\n  ],\n  \"client_aliases\": [\n    \"client_aliases\"\n  ],\n  \"allowed_clients\": [\n    \"allowed_clients\"\n  ],\n  \"allowed_logout_urls\": [\n    \"allowed_logout_urls\"\n  ],\n  \"session_transfer\": {\n    \"can_create_session_transfer_token\": true,\n    \"enforce_cascade_revocation\": true,\n    \"allowed_authentication_methods\": [\n      \"cookie\"\n    ],\n    \"enforce_device_binding\": \"ip\",\n    \"allow_refresh_token\": true,\n    \"enforce_online_refresh_tokens\": true,\n    \"delegation\": {\n      \"allow_delegated_access\": true,\n      \"enforce_device_binding\": \"ip\"\n    }\n  },\n  \"oidc_logout\": {\n    \"backchannel_logout_urls\": [\n      \"backchannel_logout_urls\"\n    ],\n    \"backchannel_logout_initiators\": {\n      \"mode\": \"custom\",\n      \"selected_initiators\": [\n        \"rp-logout\"\n      ]\n    },\n    \"backchannel_logout_session_metadata\": {\n      \"include\": true\n    }\n  },\n  \"grant_types\": [\n    \"grant_types\"\n  ],\n  \"jwt_configuration\": {\n    \"lifetime_in_seconds\": 1,\n    \"secret_encoded\": true,\n    \"scopes\": {\n      \"key\": \"value\"\n    },\n    \"alg\": \"HS256\"\n  },\n  \"signing_keys\": [\n    {\n      \"pkcs7\": \"pkcs7\",\n      \"cert\": \"cert\",\n      \"subject\": \"subject\"\n    }\n  ],\n  \"encryption_key\": {\n    \"pub\": \"pub\",\n    \"cert\": \"cert\",\n    \"subject\": \"subject\"\n  },\n  \"sso\": true,\n  \"sso_disabled\": true,\n  \"cross_origin_authentication\": true,\n  \"cross_origin_loc\": \"cross_origin_loc\",\n  \"custom_login_page_on\": true,\n  \"custom_login_page\": \"custom_login_page\",\n  \"custom_login_page_preview\": \"custom_login_page_preview\",\n  \"form_template\": \"form_template\",\n  \"addons\": {\n    \"aws\": {\n      \"principal\": \"principal\",\n      \"role\": \"role\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"azure_blob\": {\n      \"accountName\": \"accountName\",\n      \"storageAccessKey\": \"storageAccessKey\",\n      \"containerName\": \"containerName\",\n      \"blobName\": \"blobName\",\n      \"expiration\": 1,\n      \"signedIdentifier\": \"signedIdentifier\",\n      \"blob_read\": true,\n      \"blob_write\": true,\n      \"blob_delete\": true,\n      \"container_read\": true,\n      \"container_write\": true,\n      \"container_delete\": true,\n      \"container_list\": true\n    },\n    \"azure_sb\": {\n      \"namespace\": \"namespace\",\n      \"sasKeyName\": \"sasKeyName\",\n      \"sasKey\": \"sasKey\",\n      \"entityPath\": \"entityPath\",\n      \"expiration\": 1\n    },\n    \"rms\": {\n      \"url\": \"url\"\n    },\n    \"mscrm\": {\n      \"url\": \"url\"\n    },\n    \"slack\": {\n      \"team\": \"team\"\n    },\n    \"sentry\": {\n      \"org_slug\": \"org_slug\",\n      \"base_url\": \"base_url\"\n    },\n    \"box\": {\n      \"key\": \"value\"\n    },\n    \"cloudbees\": {\n      \"key\": \"value\"\n    },\n    \"concur\": {\n      \"key\": \"value\"\n    },\n    \"dropbox\": {\n      \"key\": \"value\"\n    },\n    \"echosign\": {\n      \"domain\": \"domain\"\n    },\n    \"egnyte\": {\n      \"domain\": \"domain\"\n    },\n    \"firebase\": {\n      \"secret\": \"secret\",\n      \"private_key_id\": \"private_key_id\",\n      \"private_key\": \"private_key\",\n      \"client_email\": \"client_email\",\n      \"lifetime_in_seconds\": 1\n    },\n    \"newrelic\": {\n      \"account\": \"account\"\n    },\n    \"office365\": {\n      \"domain\": \"domain\",\n      \"connection\": \"connection\"\n    },\n    \"salesforce\": {\n      \"entity_id\": \"entity_id\"\n    },\n    \"salesforce_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"salesforce_sandbox_api\": {\n      \"clientid\": \"clientid\",\n      \"principal\": \"principal\",\n      \"communityName\": \"communityName\",\n      \"community_url_section\": \"community_url_section\"\n    },\n    \"samlp\": {\n      \"mappings\": {\n        \"key\": \"value\"\n      },\n      \"audience\": \"audience\",\n      \"recipient\": \"recipient\",\n      \"createUpnClaim\": true,\n      \"mapUnknownClaimsAsIs\": true,\n      \"passthroughClaimsWithNoMapping\": true,\n      \"mapIdentities\": true,\n      \"signatureAlgorithm\": \"signatureAlgorithm\",\n      \"digestAlgorithm\": \"digestAlgorithm\",\n      \"issuer\": \"issuer\",\n      \"destination\": \"destination\",\n      \"lifetimeInSeconds\": 1,\n      \"signResponse\": true,\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\",\n      \"nameIdentifierProbes\": [\n        \"nameIdentifierProbes\"\n      ],\n      \"authnContextClassRef\": \"authnContextClassRef\"\n    },\n    \"layer\": {\n      \"providerId\": \"providerId\",\n      \"keyId\": \"keyId\",\n      \"privateKey\": \"privateKey\",\n      \"principal\": \"principal\",\n      \"expiration\": 1\n    },\n    \"sap_api\": {\n      \"clientid\": \"clientid\",\n      \"usernameAttribute\": \"usernameAttribute\",\n      \"tokenEndpointUrl\": \"tokenEndpointUrl\",\n      \"scope\": \"scope\",\n      \"servicePassword\": \"servicePassword\",\n      \"nameIdentifierFormat\": \"nameIdentifierFormat\"\n    },\n    \"sharepoint\": {\n      \"url\": \"url\",\n      \"external_url\": [\n        \"external_url\"\n      ]\n    },\n    \"springcm\": {\n      \"acsurl\": \"acsurl\"\n    },\n    \"wams\": {\n      \"masterkey\": \"masterkey\"\n    },\n    \"wsfed\": {\n      \"key\": \"value\"\n    },\n    \"zendesk\": {\n      \"accountName\": \"accountName\"\n    },\n    \"zoom\": {\n      \"account\": \"account\"\n    },\n    \"sso_integration\": {\n      \"name\": \"name\",\n      \"version\": \"version\"\n    }\n  },\n  \"token_endpoint_auth_method\": \"none\",\n  \"is_token_endpoint_ip_header_trusted\": true,\n  \"client_metadata\": {\n    \"key\": \"value\"\n  },\n  \"mobile\": {\n    \"android\": {\n      \"app_package_name\": \"app_package_name\",\n      \"sha256_cert_fingerprints\": [\n        \"sha256_cert_fingerprints\"\n      ]\n    },\n    \"ios\": {\n      \"team_id\": \"team_id\",\n      \"app_bundle_identifier\": \"app_bundle_identifier\"\n    }\n  },\n  \"initiate_login_uri\": \"initiate_login_uri\",\n  \"refresh_token\": {\n    \"rotation_type\": \"rotating\",\n    \"expiration_type\": \"expiring\",\n    \"leeway\": 1,\n    \"token_lifetime\": 1,\n    \"infinite_token_lifetime\": true,\n    \"idle_token_lifetime\": 1,\n    \"infinite_idle_token_lifetime\": true,\n    \"policies\": [\n      {\n        \"audience\": \"audience\",\n        \"scope\": [\n          \"scope\"\n        ]\n      }\n    ]\n  },\n  \"default_organization\": {\n    \"organization_id\": \"organization_id\",\n    \"flows\": [\n      \"client_credentials\"\n    ]\n  },\n  \"organization_usage\": \"deny\",\n  \"organization_require_behavior\": \"no_prompt\",\n  \"organization_discovery_methods\": [\n    \"email\"\n  ],\n  \"client_authentication_methods\": {\n    \"private_key_jwt\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    },\n    \"self_signed_tls_client_auth\": {\n      \"credentials\": [\n        {\n          \"id\": \"id\"\n        }\n      ]\n    }\n  },\n  \"require_pushed_authorization_requests\": true,\n  \"require_proof_of_possession\": true,\n  \"signed_request_object\": {\n    \"required\": true,\n    \"credentials\": [\n      {\n        \"id\": \"id\"\n      }\n    ]\n  },\n  \"compliance_level\": \"none\",\n  \"skip_non_verifiable_callback_uri_confirmation_prompt\": true,\n  \"token_exchange\": {\n    \"allow_any_profile_of_type\": [\n      \"custom_authentication\"\n    ]\n  },\n  \"par_request_expiry\": 1,\n  \"token_quota\": {\n    \"client_credentials\": {\n      \"enforce\": true,\n      \"per_day\": 1,\n      \"per_hour\": 1\n    }\n  },\n  \"express_configuration\": {\n    \"initiate_login_uri_template\": \"initiate_login_uri_template\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"enable_client\": true,\n    \"enable_organization\": true,\n    \"linked_clients\": [\n      {\n        \"client_id\": \"client_id\"\n      }\n    ],\n    \"okta_oin_client_id\": \"okta_oin_client_id\",\n    \"admin_login_domain\": \"admin_login_domain\",\n    \"oin_submission_id\": \"oin_submission_id\"\n  },\n  \"my_organization_configuration\": {\n    \"connection_profile_id\": \"connection_profile_id\",\n    \"user_attribute_profile_id\": \"user_attribute_profile_id\",\n    \"allowed_strategies\": [\n      \"pingfederate\"\n    ],\n    \"connection_deletion_behavior\": \"allow\",\n    \"invitation_landing_client_id\": \"invitation_landing_client_id\"\n  },\n  \"third_party_security_mode\": \"strict\",\n  \"redirection_policy\": \"allow_always\",\n  \"resource_server_identifier\": \"resource_server_identifier\",\n  \"async_approval_notification_channels\": [\n    \"guardian-push\"\n  ],\n  \"external_metadata_type\": \"cimd\",\n  \"external_metadata_created_by\": \"admin\",\n  \"external_client_id\": \"external_client_id\",\n  \"jwks_uri\": \"jwks_uri\"\n}",
         "headers": {
           "Content-Type": "application/json"
         }
@@ -14334,7 +14334,7 @@
       },
       "response": {
         "status": 200,
-        "body": "{\n  \"change_password\": {\n    \"enabled\": true,\n    \"html\": \"html\"\n  },\n  \"guardian_mfa_page\": {\n    \"enabled\": true,\n    \"html\": \"html\"\n  },\n  \"default_audience\": \"default_audience\",\n  \"default_directory\": \"default_directory\",\n  \"error_page\": {\n    \"html\": \"html\",\n    \"show_log_link\": true,\n    \"url\": \"url\"\n  },\n  \"device_flow\": {\n    \"charset\": \"base20\",\n    \"mask\": \"mask\"\n  },\n  \"default_token_quota\": {\n    \"clients\": {\n      \"client_credentials\": {}\n    },\n    \"organizations\": {\n      \"client_credentials\": {}\n    }\n  },\n  \"flags\": {\n    \"change_pwd_flow_v1\": true,\n    \"enable_apis_section\": true,\n    \"disable_impersonation\": true,\n    \"enable_client_connections\": true,\n    \"enable_pipeline2\": true,\n    \"allow_legacy_delegation_grant_types\": true,\n    \"allow_legacy_ro_grant_types\": true,\n    \"allow_legacy_tokeninfo_endpoint\": true,\n    \"enable_legacy_profile\": true,\n    \"enable_idtoken_api2\": true,\n    \"enable_public_signup_user_exists_error\": true,\n    \"enable_sso\": true,\n    \"allow_changing_enable_sso\": true,\n    \"disable_clickjack_protection_headers\": true,\n    \"no_disclose_enterprise_connections\": true,\n    \"enforce_client_authentication_on_passwordless_start\": true,\n    \"enable_adfs_waad_email_verification\": true,\n    \"revoke_refresh_token_grant\": true,\n    \"dashboard_log_streams_next\": true,\n    \"dashboard_insights_view\": true,\n    \"disable_fields_map_fix\": true,\n    \"mfa_show_factor_list_on_enrollment\": true,\n    \"remove_alg_from_jwks\": true,\n    \"improved_signup_bot_detection_in_classic\": true,\n    \"genai_trial\": true,\n    \"enable_dynamic_client_registration\": true,\n    \"disable_management_api_sms_obfuscation\": true,\n    \"trust_azure_adfs_email_verified_connection_property\": true,\n    \"custom_domains_provisioning\": true\n  },\n  \"friendly_name\": \"friendly_name\",\n  \"picture_url\": \"picture_url\",\n  \"support_email\": \"support_email\",\n  \"support_url\": \"support_url\",\n  \"allowed_logout_urls\": [\n    \"allowed_logout_urls\"\n  ],\n  \"session_lifetime\": 1.1,\n  \"idle_session_lifetime\": 1.1,\n  \"ephemeral_session_lifetime\": 1.1,\n  \"idle_ephemeral_session_lifetime\": 1.1,\n  \"sandbox_version\": \"sandbox_version\",\n  \"legacy_sandbox_version\": \"legacy_sandbox_version\",\n  \"sandbox_versions_available\": [\n    \"sandbox_versions_available\"\n  ],\n  \"default_redirection_uri\": \"default_redirection_uri\",\n  \"enabled_locales\": [\n    \"am\"\n  ],\n  \"session_cookie\": {\n    \"mode\": \"persistent\"\n  },\n  \"sessions\": {\n    \"oidc_logout_prompt_enabled\": true\n  },\n  \"oidc_logout\": {\n    \"rp_logout_end_session_endpoint_discovery\": true\n  },\n  \"allow_organization_name_in_authentication_api\": true,\n  \"customize_mfa_in_postlogin_action\": true,\n  \"acr_values_supported\": [\n    \"acr_values_supported\"\n  ],\n  \"mtls\": {\n    \"enable_endpoint_aliases\": true\n  },\n  \"pushed_authorization_requests_supported\": true,\n  \"authorization_response_iss_parameter_supported\": true,\n  \"skip_non_verifiable_callback_uri_confirmation_prompt\": true,\n  \"resource_parameter_profile\": \"audience\",\n  \"client_id_metadata_document_supported\": true,\n  \"phone_consolidated_experience\": true,\n  \"enable_ai_guide\": true,\n  \"dynamic_client_registration_security_mode\": \"strict\"\n}",
+        "body": "{\n  \"change_password\": {\n    \"enabled\": true,\n    \"html\": \"html\"\n  },\n  \"guardian_mfa_page\": {\n    \"enabled\": true,\n    \"html\": \"html\"\n  },\n  \"default_audience\": \"default_audience\",\n  \"default_directory\": \"default_directory\",\n  \"error_page\": {\n    \"html\": \"html\",\n    \"show_log_link\": true,\n    \"url\": \"url\"\n  },\n  \"device_flow\": {\n    \"charset\": \"base20\",\n    \"mask\": \"mask\"\n  },\n  \"default_token_quota\": {\n    \"clients\": {\n      \"client_credentials\": {}\n    },\n    \"organizations\": {\n      \"client_credentials\": {}\n    }\n  },\n  \"flags\": {\n    \"change_pwd_flow_v1\": true,\n    \"enable_apis_section\": true,\n    \"disable_impersonation\": true,\n    \"enable_client_connections\": true,\n    \"enable_pipeline2\": true,\n    \"allow_legacy_delegation_grant_types\": true,\n    \"allow_legacy_ro_grant_types\": true,\n    \"allow_legacy_tokeninfo_endpoint\": true,\n    \"enable_legacy_profile\": true,\n    \"enable_idtoken_api2\": true,\n    \"enable_public_signup_user_exists_error\": true,\n    \"enable_sso\": true,\n    \"allow_changing_enable_sso\": true,\n    \"disable_clickjack_protection_headers\": true,\n    \"no_disclose_enterprise_connections\": true,\n    \"enforce_client_authentication_on_passwordless_start\": true,\n    \"enable_adfs_waad_email_verification\": true,\n    \"revoke_refresh_token_grant\": true,\n    \"dashboard_log_streams_next\": true,\n    \"dashboard_insights_view\": true,\n    \"disable_fields_map_fix\": true,\n    \"mfa_show_factor_list_on_enrollment\": true,\n    \"remove_alg_from_jwks\": true,\n    \"improved_signup_bot_detection_in_classic\": true,\n    \"genai_trial\": true,\n    \"enable_dynamic_client_registration\": true,\n    \"disable_management_api_sms_obfuscation\": true,\n    \"trust_azure_adfs_email_verified_connection_property\": true,\n    \"custom_domains_provisioning\": true\n  },\n  \"friendly_name\": \"friendly_name\",\n  \"picture_url\": \"picture_url\",\n  \"support_email\": \"support_email\",\n  \"support_url\": \"support_url\",\n  \"allowed_logout_urls\": [\n    \"allowed_logout_urls\"\n  ],\n  \"session_lifetime\": 1.1,\n  \"idle_session_lifetime\": 1.1,\n  \"ephemeral_session_lifetime\": 1.1,\n  \"idle_ephemeral_session_lifetime\": 1.1,\n  \"sandbox_version\": \"sandbox_version\",\n  \"legacy_sandbox_version\": \"legacy_sandbox_version\",\n  \"sandbox_versions_available\": [\n    \"sandbox_versions_available\"\n  ],\n  \"default_redirection_uri\": \"default_redirection_uri\",\n  \"enabled_locales\": [\n    \"am\"\n  ],\n  \"security_headers\": {\n    \"content_security_policy\": {\n      \"enabled\": true,\n      \"policies\": [\n        {}\n      ]\n    },\n    \"x_xss_protection\": {\n      \"enabled\": true,\n      \"mode\": \"block\",\n      \"report_uri\": \"report_uri\"\n    }\n  },\n  \"session_cookie\": {\n    \"mode\": \"persistent\"\n  },\n  \"sessions\": {\n    \"oidc_logout_prompt_enabled\": true\n  },\n  \"oidc_logout\": {\n    \"rp_logout_end_session_endpoint_discovery\": true\n  },\n  \"allow_organization_name_in_authentication_api\": true,\n  \"customize_mfa_in_postlogin_action\": true,\n  \"acr_values_supported\": [\n    \"acr_values_supported\"\n  ],\n  \"mtls\": {\n    \"enable_endpoint_aliases\": true\n  },\n  \"pushed_authorization_requests_supported\": true,\n  \"authorization_response_iss_parameter_supported\": true,\n  \"skip_non_verifiable_callback_uri_confirmation_prompt\": true,\n  \"resource_parameter_profile\": \"audience\",\n  \"client_id_metadata_document_supported\": true,\n  \"phone_consolidated_experience\": true,\n  \"enable_ai_guide\": true,\n  \"include_session_metadata_in_tenant_logs\": true,\n  \"dynamic_client_registration_security_mode\": \"strict\",\n  \"country_codes\": {\n    \"list\": [\n      \"list\"\n    ],\n    \"mode\": \"allow\"\n  }\n}",
         "headers": {
           "Content-Type": "application/json"
         }
@@ -14366,7 +14366,7 @@
       },
       "response": {
         "status": 200,
-        "body": "{\n  \"change_password\": {\n    \"enabled\": true,\n    \"html\": \"html\"\n  },\n  \"guardian_mfa_page\": {\n    \"enabled\": true,\n    \"html\": \"html\"\n  },\n  \"default_audience\": \"default_audience\",\n  \"default_directory\": \"default_directory\",\n  \"error_page\": {\n    \"html\": \"html\",\n    \"show_log_link\": true,\n    \"url\": \"url\"\n  },\n  \"device_flow\": {\n    \"charset\": \"base20\",\n    \"mask\": \"mask\"\n  },\n  \"default_token_quota\": {\n    \"clients\": {\n      \"client_credentials\": {}\n    },\n    \"organizations\": {\n      \"client_credentials\": {}\n    }\n  },\n  \"flags\": {\n    \"change_pwd_flow_v1\": true,\n    \"enable_apis_section\": true,\n    \"disable_impersonation\": true,\n    \"enable_client_connections\": true,\n    \"enable_pipeline2\": true,\n    \"allow_legacy_delegation_grant_types\": true,\n    \"allow_legacy_ro_grant_types\": true,\n    \"allow_legacy_tokeninfo_endpoint\": true,\n    \"enable_legacy_profile\": true,\n    \"enable_idtoken_api2\": true,\n    \"enable_public_signup_user_exists_error\": true,\n    \"enable_sso\": true,\n    \"allow_changing_enable_sso\": true,\n    \"disable_clickjack_protection_headers\": true,\n    \"no_disclose_enterprise_connections\": true,\n    \"enforce_client_authentication_on_passwordless_start\": true,\n    \"enable_adfs_waad_email_verification\": true,\n    \"revoke_refresh_token_grant\": true,\n    \"dashboard_log_streams_next\": true,\n    \"dashboard_insights_view\": true,\n    \"disable_fields_map_fix\": true,\n    \"mfa_show_factor_list_on_enrollment\": true,\n    \"remove_alg_from_jwks\": true,\n    \"improved_signup_bot_detection_in_classic\": true,\n    \"genai_trial\": true,\n    \"enable_dynamic_client_registration\": true,\n    \"disable_management_api_sms_obfuscation\": true,\n    \"trust_azure_adfs_email_verified_connection_property\": true,\n    \"custom_domains_provisioning\": true\n  },\n  \"friendly_name\": \"friendly_name\",\n  \"picture_url\": \"picture_url\",\n  \"support_email\": \"support_email\",\n  \"support_url\": \"support_url\",\n  \"allowed_logout_urls\": [\n    \"allowed_logout_urls\"\n  ],\n  \"session_lifetime\": 1.1,\n  \"idle_session_lifetime\": 1.1,\n  \"ephemeral_session_lifetime\": 1.1,\n  \"idle_ephemeral_session_lifetime\": 1.1,\n  \"sandbox_version\": \"sandbox_version\",\n  \"legacy_sandbox_version\": \"legacy_sandbox_version\",\n  \"sandbox_versions_available\": [\n    \"sandbox_versions_available\"\n  ],\n  \"default_redirection_uri\": \"default_redirection_uri\",\n  \"enabled_locales\": [\n    \"am\"\n  ],\n  \"session_cookie\": {\n    \"mode\": \"persistent\"\n  },\n  \"sessions\": {\n    \"oidc_logout_prompt_enabled\": true\n  },\n  \"oidc_logout\": {\n    \"rp_logout_end_session_endpoint_discovery\": true\n  },\n  \"allow_organization_name_in_authentication_api\": true,\n  \"customize_mfa_in_postlogin_action\": true,\n  \"acr_values_supported\": [\n    \"acr_values_supported\"\n  ],\n  \"mtls\": {\n    \"enable_endpoint_aliases\": true\n  },\n  \"pushed_authorization_requests_supported\": true,\n  \"authorization_response_iss_parameter_supported\": true,\n  \"skip_non_verifiable_callback_uri_confirmation_prompt\": true,\n  \"resource_parameter_profile\": \"audience\",\n  \"client_id_metadata_document_supported\": true,\n  \"phone_consolidated_experience\": true,\n  \"enable_ai_guide\": true,\n  \"dynamic_client_registration_security_mode\": \"strict\"\n}",
+        "body": "{\n  \"change_password\": {\n    \"enabled\": true,\n    \"html\": \"html\"\n  },\n  \"guardian_mfa_page\": {\n    \"enabled\": true,\n    \"html\": \"html\"\n  },\n  \"default_audience\": \"default_audience\",\n  \"default_directory\": \"default_directory\",\n  \"error_page\": {\n    \"html\": \"html\",\n    \"show_log_link\": true,\n    \"url\": \"url\"\n  },\n  \"device_flow\": {\n    \"charset\": \"base20\",\n    \"mask\": \"mask\"\n  },\n  \"default_token_quota\": {\n    \"clients\": {\n      \"client_credentials\": {}\n    },\n    \"organizations\": {\n      \"client_credentials\": {}\n    }\n  },\n  \"flags\": {\n    \"change_pwd_flow_v1\": true,\n    \"enable_apis_section\": true,\n    \"disable_impersonation\": true,\n    \"enable_client_connections\": true,\n    \"enable_pipeline2\": true,\n    \"allow_legacy_delegation_grant_types\": true,\n    \"allow_legacy_ro_grant_types\": true,\n    \"allow_legacy_tokeninfo_endpoint\": true,\n    \"enable_legacy_profile\": true,\n    \"enable_idtoken_api2\": true,\n    \"enable_public_signup_user_exists_error\": true,\n    \"enable_sso\": true,\n    \"allow_changing_enable_sso\": true,\n    \"disable_clickjack_protection_headers\": true,\n    \"no_disclose_enterprise_connections\": true,\n    \"enforce_client_authentication_on_passwordless_start\": true,\n    \"enable_adfs_waad_email_verification\": true,\n    \"revoke_refresh_token_grant\": true,\n    \"dashboard_log_streams_next\": true,\n    \"dashboard_insights_view\": true,\n    \"disable_fields_map_fix\": true,\n    \"mfa_show_factor_list_on_enrollment\": true,\n    \"remove_alg_from_jwks\": true,\n    \"improved_signup_bot_detection_in_classic\": true,\n    \"genai_trial\": true,\n    \"enable_dynamic_client_registration\": true,\n    \"disable_management_api_sms_obfuscation\": true,\n    \"trust_azure_adfs_email_verified_connection_property\": true,\n    \"custom_domains_provisioning\": true\n  },\n  \"friendly_name\": \"friendly_name\",\n  \"picture_url\": \"picture_url\",\n  \"support_email\": \"support_email\",\n  \"support_url\": \"support_url\",\n  \"allowed_logout_urls\": [\n    \"allowed_logout_urls\"\n  ],\n  \"session_lifetime\": 1.1,\n  \"idle_session_lifetime\": 1.1,\n  \"ephemeral_session_lifetime\": 1.1,\n  \"idle_ephemeral_session_lifetime\": 1.1,\n  \"sandbox_version\": \"sandbox_version\",\n  \"legacy_sandbox_version\": \"legacy_sandbox_version\",\n  \"sandbox_versions_available\": [\n    \"sandbox_versions_available\"\n  ],\n  \"default_redirection_uri\": \"default_redirection_uri\",\n  \"enabled_locales\": [\n    \"am\"\n  ],\n  \"security_headers\": {\n    \"content_security_policy\": {\n      \"enabled\": true,\n      \"policies\": [\n        {}\n      ]\n    },\n    \"x_xss_protection\": {\n      \"enabled\": true,\n      \"mode\": \"block\",\n      \"report_uri\": \"report_uri\"\n    }\n  },\n  \"session_cookie\": {\n    \"mode\": \"persistent\"\n  },\n  \"sessions\": {\n    \"oidc_logout_prompt_enabled\": true\n  },\n  \"oidc_logout\": {\n    \"rp_logout_end_session_endpoint_discovery\": true\n  },\n  \"allow_organization_name_in_authentication_api\": true,\n  \"customize_mfa_in_postlogin_action\": true,\n  \"acr_values_supported\": [\n    \"acr_values_supported\"\n  ],\n  \"mtls\": {\n    \"enable_endpoint_aliases\": true\n  },\n  \"pushed_authorization_requests_supported\": true,\n  \"authorization_response_iss_parameter_supported\": true,\n  \"skip_non_verifiable_callback_uri_confirmation_prompt\": true,\n  \"resource_parameter_profile\": \"audience\",\n  \"client_id_metadata_document_supported\": true,\n  \"phone_consolidated_experience\": true,\n  \"enable_ai_guide\": true,\n  \"include_session_metadata_in_tenant_logs\": true,\n  \"dynamic_client_registration_security_mode\": \"strict\",\n  \"country_codes\": {\n    \"list\": [\n      \"list\"\n    ],\n    \"mode\": \"allow\"\n  }\n}",
         "headers": {
           "Content-Type": "application/json"
         }

From 62954f535970448d7a5d4a4303f6eb0149faa47f Mon Sep 17 00:00:00 2001
From: fern-api <115122769+fern-api[bot]@users.noreply.github.com>
Date: Tue, 9 Jun 2026 04:56:07 +0000
Subject: [PATCH 2/3] [fern-replay] Applied customizations

Patches applied (1):
  - patch-4894603d: chore: Restore custom wiring in management/__init__.py

Patches with unresolved conflicts (1):
  - patch-7271f157: Revert wrapper file to preserve Auth0 telemetry customizations
    Run `fern-replay resolve` to apply these customizations.
---
 .fern/replay.lock                           | 128 +++++++++++++-------
 src/auth0/management/__init__.py            |  11 ++
 src/auth0/management/core/client_wrapper.py |  14 ++-
 3 files changed, 108 insertions(+), 45 deletions(-)

diff --git a/.fern/replay.lock b/.fern/replay.lock
index fe66dab4..6ebfe41d 100644
--- a/.fern/replay.lock
+++ b/.fern/replay.lock
@@ -37,22 +37,28 @@ generations:
     cli_version: unknown
     generator_versions:
       fernapi/fern-python-sdk: 5.14.3
-current_generation: 15127abb8ab299907925c41e89122d50dbe138d5
+  - commit_sha: 37e2dc1df848770f503b919fe905d3259e046cfd
+    tree_hash: 6fed7a877e08cfbe542991d28cb3afdd90ccaefa
+    timestamp: 2026-06-09T04:56:00.721Z
+    cli_version: unknown
+    generator_versions:
+      fernapi/fern-python-sdk: 5.14.3
+current_generation: 37e2dc1df848770f503b919fe905d3259e046cfd
 patches:
   - id: patch-4894603d
-    content_hash: sha256:2c5caf4188d616dc6d0a85d59c179069d6a73a541af915ce9b8c3340c97afd31
+    content_hash: sha256:1e1d0c5ec0a0ef9039b8ae4d3484e5468180bb5af2012392406259e0ab6a589f
     original_commit: 4894603d03409962bc60a34712de8abffe919e2c
     original_message: "chore: Restore custom wiring in management/__init__.py"
     original_author: Kunal Dawar <kunal.dawar@okta.com>
-    base_generation: 15127abb8ab299907925c41e89122d50dbe138d5
+    base_generation: 37e2dc1df848770f503b919fe905d3259e046cfd
     files:
       - src/auth0/management/__init__.py
     patch_content: |
       diff --git a/src/auth0/management/__init__.py b/src/auth0/management/__init__.py
-      index a48ff10..46ef694 100644
+      index 46d8ec2b..e96cb4b5 100644
       --- a/src/auth0/management/__init__.py
       +++ b/src/auth0/management/__init__.py
-      @@ -2783,6 +2783,8 @@ if typing.TYPE_CHECKING:
+      @@ -2794,6 +2794,8 @@ if typing.TYPE_CHECKING:
            from .environment import Auth0Environment
            from .event_streams import EventStreamsCreateRequest
            from .version import __version__
@@ -61,7 +67,7 @@ patches:
        _dynamic_imports: typing.Dict[str, str] = {
            "Action": ".types",
            "ActionBase": ".types",
-      @@ -2843,6 +2845,8 @@ _dynamic_imports: typing.Dict[str, str] = {
+      @@ -2854,6 +2856,8 @@ _dynamic_imports: typing.Dict[str, str] = {
            "AssociateOrganizationClientGrantResponseContent": ".types",
            "AsyncApprovalNotificationsChannelsEnum": ".types",
            "AsyncAuth0": ".client",
@@ -70,15 +76,15 @@ patches:
            "AttackProtectionCaptchaArkoseResponseContent": ".types",
            "AttackProtectionCaptchaAuthChallengeRequest": ".types",
            "AttackProtectionCaptchaAuthChallengeResponseContent": ".types",
-      @@ -3802,6 +3806,7 @@ _dynamic_imports: typing.Dict[str, str] = {
-           "CredentialDeviceTypeEnum": ".types",
-           "CredentialId": ".types",
+      @@ -3822,6 +3826,7 @@ _dynamic_imports: typing.Dict[str, str] = {
+           "CspReportingEndpoints": ".types",
+           "CspReportingInfrastructure": ".types",
            "CustomDomain": ".types",
       +    "CustomDomainHeader": ".management_client",
            "CustomDomainCustomClientIpHeader": ".types",
            "CustomDomainCustomClientIpHeaderEnum": ".types",
            "CustomDomainProvisioningTypeEnum": ".types",
-      @@ -5073,6 +5078,7 @@ _dynamic_imports: typing.Dict[str, str] = {
+      @@ -5093,6 +5098,7 @@ _dynamic_imports: typing.Dict[str, str] = {
            "LogStreamSumoEnum": ".types",
            "LogStreamSumoResponseSchema": ".types",
            "LogStreamSumoSink": ".types",
@@ -86,7 +92,7 @@ patches:
            "MdlPresentationProperties": ".types",
            "MdlPresentationRequest": ".types",
            "MdlPresentationRequestProperties": ".types",
-      @@ -5318,6 +5324,7 @@ _dynamic_imports: typing.Dict[str, str] = {
+      @@ -5343,6 +5349,7 @@ _dynamic_imports: typing.Dict[str, str] = {
            "TokenQuota": ".types",
            "TokenQuotaClientCredentials": ".types",
            "TokenQuotaConfiguration": ".types",
@@ -94,7 +100,7 @@ patches:
            "TooManyRequestsError": ".errors",
            "TooManyRequestsSchema": ".types",
            "TooManyRequestsSchemaError": ".types",
-      @@ -5641,6 +5648,8 @@ __all__ = [
+      @@ -5663,6 +5670,8 @@ __all__ = [
            "AssociateOrganizationClientGrantResponseContent",
            "AsyncApprovalNotificationsChannelsEnum",
            "AsyncAuth0",
@@ -103,7 +109,7 @@ patches:
            "AttackProtectionCaptchaArkoseResponseContent",
            "AttackProtectionCaptchaAuthChallengeRequest",
            "AttackProtectionCaptchaAuthChallengeResponseContent",
-      @@ -7871,6 +7880,7 @@ __all__ = [
+      @@ -7902,6 +7911,7 @@ __all__ = [
            "LogStreamSumoEnum",
            "LogStreamSumoResponseSchema",
            "LogStreamSumoSink",
@@ -111,7 +117,7 @@ patches:
            "MdlPresentationProperties",
            "MdlPresentationRequest",
            "MdlPresentationRequestProperties",
-      @@ -8113,6 +8123,7 @@ __all__ = [
+      @@ -8149,6 +8159,7 @@ __all__ = [
            "TestEventDataContent",
            "TokenExchangeProfileResponseContent",
            "TokenExchangeProfileTypeEnum",
@@ -219,12 +225,7 @@ patches:
                 BotDetectionMonitoringModeEnabled,
                 BrandingColors,
                 BrandingFont,
-                BrandingIdentifiers,
-                BrandingLoginDisplayEnum,
                 BrandingPageBackground,
-                BrandingPhoneDisplay,
-                BrandingPhoneFormattingEnum,
-                BrandingPhoneMaskingEnum,
                 BrandingThemeBorders,
                 BrandingThemeBordersButtonsStyleEnum,
                 BrandingThemeBordersInputsStyleEnum,
@@ -529,6 +530,7 @@ patches:
                 ConnectionId,
                 ConnectionIdTokenEncryptionAlgValuesSupported,
                 ConnectionIdTokenEncryptionEncValuesSupported,
+                ConnectionIdTokenSessionExpirySupported,
                 ConnectionIdTokenSignedResponseAlgEnum,
                 ConnectionIdTokenSignedResponseAlgs,
                 ConnectionIdTokenSigningAlgValuesSupported,
@@ -885,6 +887,7 @@ patches:
                 ConnectionWaadProtocol,
                 ConnectionWaadProtocolEnumAzureAd,
                 ConnectionsMetadata,
+                ContentSecurityPolicyConfig,
                 CreateActionModuleResponseContent,
                 CreateActionModuleVersionResponseContent,
                 CreateActionResponseContent,
@@ -1141,6 +1144,18 @@ patches:
                 CreatedUserAuthenticationMethodTypeEnum,
                 CredentialDeviceTypeEnum,
                 CredentialId,
+                CspDirectives,
+                CspFlag,
+                CspFlags,
+                CspPolicies,
+                CspPolicy,
+                CspPolicyMode,
+                CspPolicyReporting,
+                CspReportTo,
+                CspReportToEndpoint,
+                CspReportToEndpoints,
+                CspReportingEndpoints,
+                CspReportingInfrastructure,
                 CustomDomain,
                 CustomDomainCustomClientIpHeader,
                 CustomDomainCustomClientIpHeaderEnum,
@@ -2627,6 +2642,10 @@ patches:
                 SynchronizeGroupsEnum,
                 SynchronizedGroupPayload,
                 TenantOidcLogoutSettings,
+                TenantSettingsCountryCodes,
+                TenantSettingsCountryCodesMode,
+                TenantSettingsCountryCodesModeResponse,
+                TenantSettingsCountryCodesResponse,
                 TenantSettingsDeviceFlow,
                 TenantSettingsDeviceFlowCharset,
                 TenantSettingsDynamicClientRegistrationSecurityMode,
@@ -2634,6 +2653,7 @@ patches:
                 TenantSettingsFlags,
                 TenantSettingsGuardianPage,
                 TenantSettingsMtls,
+                TenantSettingsNullableSecurityHeaders,
                 TenantSettingsPasswordPage,
                 TenantSettingsResourceParameterProfile,
                 TenantSettingsSessions,
@@ -2664,12 +2684,7 @@ patches:
                 UpdateBotDetectionSettingsResponseContent,
                 UpdateBrandingColors,
                 UpdateBrandingFont,
-                UpdateBrandingIdentifiers,
-                UpdateBrandingLoginDisplayEnum,
                 UpdateBrandingPageBackground,
-                UpdateBrandingPhoneDisplay,
-                UpdateBrandingPhoneFormattingEnum,
-                UpdateBrandingPhoneMaskingEnum,
                 UpdateBrandingPhoneProviderResponseContent,
                 UpdateBrandingResponseContent,
                 UpdateBrandingThemeResponseContent,
@@ -2839,6 +2854,8 @@ patches:
                 VerifyEmailTicketResponseContent,
                 X509CertificateCredential,
                 X509CertificateCredentialTypeEnum,
+                XssProtectionConfig,
+                XssProtectionMode,
             )
             from .errors import (
                 BadRequestError,
@@ -3004,12 +3021,7 @@ patches:
             "BotDetectionMonitoringModeEnabled": ".types",
             "BrandingColors": ".types",
             "BrandingFont": ".types",
-            "BrandingIdentifiers": ".types",
-            "BrandingLoginDisplayEnum": ".types",
             "BrandingPageBackground": ".types",
-            "BrandingPhoneDisplay": ".types",
-            "BrandingPhoneFormattingEnum": ".types",
-            "BrandingPhoneMaskingEnum": ".types",
             "BrandingThemeBorders": ".types",
             "BrandingThemeBordersButtonsStyleEnum": ".types",
             "BrandingThemeBordersInputsStyleEnum": ".types",
@@ -3315,6 +3327,7 @@ patches:
             "ConnectionId": ".types",
             "ConnectionIdTokenEncryptionAlgValuesSupported": ".types",
             "ConnectionIdTokenEncryptionEncValuesSupported": ".types",
+            "ConnectionIdTokenSessionExpirySupported": ".types",
             "ConnectionIdTokenSignedResponseAlgEnum": ".types",
             "ConnectionIdTokenSignedResponseAlgs": ".types",
             "ConnectionIdTokenSigningAlgValuesSupported": ".types",
@@ -3671,6 +3684,7 @@ patches:
             "ConnectionWaadProtocol": ".types",
             "ConnectionWaadProtocolEnumAzureAd": ".types",
             "ConnectionsMetadata": ".types",
+            "ContentSecurityPolicyConfig": ".types",
             "ContentTooLargeError": ".errors",
             "CreateActionModuleResponseContent": ".types",
             "CreateActionModuleVersionResponseContent": ".types",
@@ -3928,6 +3942,18 @@ patches:
             "CreatedUserAuthenticationMethodTypeEnum": ".types",
             "CredentialDeviceTypeEnum": ".types",
             "CredentialId": ".types",
+            "CspDirectives": ".types",
+            "CspFlag": ".types",
+            "CspFlags": ".types",
+            "CspPolicies": ".types",
+            "CspPolicy": ".types",
+            "CspPolicyMode": ".types",
+            "CspPolicyReporting": ".types",
+            "CspReportTo": ".types",
+            "CspReportToEndpoint": ".types",
+            "CspReportToEndpoints": ".types",
+            "CspReportingEndpoints": ".types",
+            "CspReportingInfrastructure": ".types",
             "CustomDomain": ".types",
             "CustomDomainHeader": ".management_client",
             "CustomDomainCustomClientIpHeader": ".types",
@@ -5426,6 +5452,10 @@ patches:
             "SynchronizeGroupsEnum": ".types",
             "SynchronizedGroupPayload": ".types",
             "TenantOidcLogoutSettings": ".types",
+            "TenantSettingsCountryCodes": ".types",
+            "TenantSettingsCountryCodesMode": ".types",
+            "TenantSettingsCountryCodesModeResponse": ".types",
+            "TenantSettingsCountryCodesResponse": ".types",
             "TenantSettingsDeviceFlow": ".types",
             "TenantSettingsDeviceFlowCharset": ".types",
             "TenantSettingsDynamicClientRegistrationSecurityMode": ".types",
@@ -5433,6 +5463,7 @@ patches:
             "TenantSettingsFlags": ".types",
             "TenantSettingsGuardianPage": ".types",
             "TenantSettingsMtls": ".types",
+            "TenantSettingsNullableSecurityHeaders": ".types",
             "TenantSettingsPasswordPage": ".types",
             "TenantSettingsResourceParameterProfile": ".types",
             "TenantSettingsSessions": ".types",
@@ -5466,12 +5497,7 @@ patches:
             "UpdateBotDetectionSettingsResponseContent": ".types",
             "UpdateBrandingColors": ".types",
             "UpdateBrandingFont": ".types",
-            "UpdateBrandingIdentifiers": ".types",
-            "UpdateBrandingLoginDisplayEnum": ".types",
             "UpdateBrandingPageBackground": ".types",
-            "UpdateBrandingPhoneDisplay": ".types",
-            "UpdateBrandingPhoneFormattingEnum": ".types",
-            "UpdateBrandingPhoneMaskingEnum": ".types",
             "UpdateBrandingPhoneProviderResponseContent": ".types",
             "UpdateBrandingResponseContent": ".types",
             "UpdateBrandingThemeResponseContent": ".types",
@@ -5641,6 +5667,8 @@ patches:
             "VerifyEmailTicketResponseContent": ".types",
             "X509CertificateCredential": ".types",
             "X509CertificateCredentialTypeEnum": ".types",
+            "XssProtectionConfig": ".types",
+            "XssProtectionMode": ".types",
             "__version__": ".version",
             "actions": ".actions",
             "anomaly": ".anomaly",
@@ -5807,12 +5835,7 @@ patches:
             "BotDetectionMonitoringModeEnabled",
             "BrandingColors",
             "BrandingFont",
-            "BrandingIdentifiers",
-            "BrandingLoginDisplayEnum",
             "BrandingPageBackground",
-            "BrandingPhoneDisplay",
-            "BrandingPhoneFormattingEnum",
-            "BrandingPhoneMaskingEnum",
             "BrandingThemeBorders",
             "BrandingThemeBordersButtonsStyleEnum",
             "BrandingThemeBordersInputsStyleEnum",
@@ -6118,6 +6141,7 @@ patches:
             "ConnectionId",
             "ConnectionIdTokenEncryptionAlgValuesSupported",
             "ConnectionIdTokenEncryptionEncValuesSupported",
+            "ConnectionIdTokenSessionExpirySupported",
             "ConnectionIdTokenSignedResponseAlgEnum",
             "ConnectionIdTokenSignedResponseAlgs",
             "ConnectionIdTokenSigningAlgValuesSupported",
@@ -6474,6 +6498,7 @@ patches:
             "ConnectionWaadProtocol",
             "ConnectionWaadProtocolEnumAzureAd",
             "ConnectionsMetadata",
+            "ContentSecurityPolicyConfig",
             "ContentTooLargeError",
             "CreateActionModuleResponseContent",
             "CreateActionModuleVersionResponseContent",
@@ -6731,6 +6756,18 @@ patches:
             "CreatedUserAuthenticationMethodTypeEnum",
             "CredentialDeviceTypeEnum",
             "CredentialId",
+            "CspDirectives",
+            "CspFlag",
+            "CspFlags",
+            "CspPolicies",
+            "CspPolicy",
+            "CspPolicyMode",
+            "CspPolicyReporting",
+            "CspReportTo",
+            "CspReportToEndpoint",
+            "CspReportToEndpoints",
+            "CspReportingEndpoints",
+            "CspReportingInfrastructure",
             "CustomDomain",
             "CustomDomainCustomClientIpHeader",
             "CustomDomainCustomClientIpHeaderEnum",
@@ -8228,6 +8265,10 @@ patches:
             "SynchronizeGroupsEnum",
             "SynchronizedGroupPayload",
             "TenantOidcLogoutSettings",
+            "TenantSettingsCountryCodes",
+            "TenantSettingsCountryCodesMode",
+            "TenantSettingsCountryCodesModeResponse",
+            "TenantSettingsCountryCodesResponse",
             "TenantSettingsDeviceFlow",
             "TenantSettingsDeviceFlowCharset",
             "TenantSettingsDynamicClientRegistrationSecurityMode",
@@ -8235,6 +8276,7 @@ patches:
             "TenantSettingsFlags",
             "TenantSettingsGuardianPage",
             "TenantSettingsMtls",
+            "TenantSettingsNullableSecurityHeaders",
             "TenantSettingsPasswordPage",
             "TenantSettingsResourceParameterProfile",
             "TenantSettingsSessions",
@@ -8268,12 +8310,7 @@ patches:
             "UpdateBotDetectionSettingsResponseContent",
             "UpdateBrandingColors",
             "UpdateBrandingFont",
-            "UpdateBrandingIdentifiers",
-            "UpdateBrandingLoginDisplayEnum",
             "UpdateBrandingPageBackground",
-            "UpdateBrandingPhoneDisplay",
-            "UpdateBrandingPhoneFormattingEnum",
-            "UpdateBrandingPhoneMaskingEnum",
             "UpdateBrandingPhoneProviderResponseContent",
             "UpdateBrandingResponseContent",
             "UpdateBrandingThemeResponseContent",
@@ -8443,6 +8480,8 @@ patches:
             "VerifyEmailTicketResponseContent",
             "X509CertificateCredential",
             "X509CertificateCredentialTypeEnum",
+            "XssProtectionConfig",
+            "XssProtectionMode",
             "__version__",
             "actions",
             "anomaly",
@@ -8671,3 +8710,4 @@ patches:
                     token = await self._async_token()
                     headers["Authorization"] = f"Bearer {token}"
                 return headers
+    status: unresolved
diff --git a/src/auth0/management/__init__.py b/src/auth0/management/__init__.py
index 46d8ec2b..e96cb4b5 100644
--- a/src/auth0/management/__init__.py
+++ b/src/auth0/management/__init__.py
@@ -2794,6 +2794,8 @@
     from .environment import Auth0Environment
     from .event_streams import EventStreamsCreateRequest
     from .version import __version__
+    from .management_client import AsyncManagementClient, CustomDomainHeader, ManagementClient
+    from .token_provider import AsyncTokenProvider, TokenProvider
 _dynamic_imports: typing.Dict[str, str] = {
     "Action": ".types",
     "ActionBase": ".types",
@@ -2854,6 +2856,8 @@
     "AssociateOrganizationClientGrantResponseContent": ".types",
     "AsyncApprovalNotificationsChannelsEnum": ".types",
     "AsyncAuth0": ".client",
+    "AsyncManagementClient": ".management_client",
+    "AsyncTokenProvider": ".token_provider",
     "AttackProtectionCaptchaArkoseResponseContent": ".types",
     "AttackProtectionCaptchaAuthChallengeRequest": ".types",
     "AttackProtectionCaptchaAuthChallengeResponseContent": ".types",
@@ -3822,6 +3826,7 @@
     "CspReportingEndpoints": ".types",
     "CspReportingInfrastructure": ".types",
     "CustomDomain": ".types",
+    "CustomDomainHeader": ".management_client",
     "CustomDomainCustomClientIpHeader": ".types",
     "CustomDomainCustomClientIpHeaderEnum": ".types",
     "CustomDomainProvisioningTypeEnum": ".types",
@@ -5093,6 +5098,7 @@
     "LogStreamSumoEnum": ".types",
     "LogStreamSumoResponseSchema": ".types",
     "LogStreamSumoSink": ".types",
+    "ManagementClient": ".management_client",
     "MdlPresentationProperties": ".types",
     "MdlPresentationRequest": ".types",
     "MdlPresentationRequestProperties": ".types",
@@ -5343,6 +5349,7 @@
     "TokenQuota": ".types",
     "TokenQuotaClientCredentials": ".types",
     "TokenQuotaConfiguration": ".types",
+    "TokenProvider": ".token_provider",
     "TooManyRequestsError": ".errors",
     "TooManyRequestsSchema": ".types",
     "TooManyRequestsSchemaError": ".types",
@@ -5663,6 +5670,8 @@ def __dir__():
     "AssociateOrganizationClientGrantResponseContent",
     "AsyncApprovalNotificationsChannelsEnum",
     "AsyncAuth0",
+    "AsyncManagementClient",
+    "AsyncTokenProvider",
     "AttackProtectionCaptchaArkoseResponseContent",
     "AttackProtectionCaptchaAuthChallengeRequest",
     "AttackProtectionCaptchaAuthChallengeResponseContent",
@@ -7902,6 +7911,7 @@ def __dir__():
     "LogStreamSumoEnum",
     "LogStreamSumoResponseSchema",
     "LogStreamSumoSink",
+    "ManagementClient",
     "MdlPresentationProperties",
     "MdlPresentationRequest",
     "MdlPresentationRequestProperties",
@@ -8149,6 +8159,7 @@ def __dir__():
     "TestEventDataContent",
     "TokenExchangeProfileResponseContent",
     "TokenExchangeProfileTypeEnum",
+    "TokenProvider",
     "TokenQuota",
     "TokenQuotaClientCredentials",
     "TokenQuotaConfiguration",
diff --git a/src/auth0/management/core/client_wrapper.py b/src/auth0/management/core/client_wrapper.py
index b1aed4b2..cebdcce7 100644
--- a/src/auth0/management/core/client_wrapper.py
+++ b/src/auth0/management/core/client_wrapper.py
@@ -1,6 +1,11 @@
 # This file was auto-generated by Fern from our API Definition.
+# Modified by Auth0 to use Auth0 telemetry format with dynamic versioning
 
+import base64
+import platform
+import sys
 import typing
+from json import dumps
 
 import httpx
 from .http_client import AsyncHttpClient, HttpClient
@@ -26,7 +31,14 @@ def __init__(
         self._logging = logging
 
     def get_headers(self) -> typing.Dict[str, str]:
-        import platform
+        py_version = platform.python_version()
+        version = sys.modules["auth0"].__version__
+
+        auth0_client = dumps({
+            "name": "auth0-python",
+            "version": version,
+            "env": {"python": py_version}
+        }).encode("utf-8")
 
         headers: typing.Dict[str, str] = {
             "User-Agent": "auth0-python/5.6.0",

From 890745054ac47cc83eff9b5732ec22090e149441 Mon Sep 17 00:00:00 2001
From: Kunal Dawar <kunal.dawar@okta.com>
Date: Tue, 9 Jun 2026 11:09:11 +0530
Subject: [PATCH 3/3] [fern-replay] Resolved conflicts

Patches replayed:
  - patch-4894603d: chore: Restore custom wiring in management/__init__.py
  - patch-7271f157: Revert wrapper file to preserve Auth0 telemetry customizations
---
 .fern/replay.lock                           | 17 ++++++++---------
 src/auth0/management/core/client_wrapper.py |  8 ++------
 2 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/.fern/replay.lock b/.fern/replay.lock
index 6ebfe41d..1d1666a3 100644
--- a/.fern/replay.lock
+++ b/.fern/replay.lock
@@ -37,20 +37,20 @@ generations:
     cli_version: unknown
     generator_versions:
       fernapi/fern-python-sdk: 5.14.3
-  - commit_sha: 37e2dc1df848770f503b919fe905d3259e046cfd
+  - commit_sha: bf4df4483c8f8211870c074c6e5725aabf31d339
     tree_hash: 6fed7a877e08cfbe542991d28cb3afdd90ccaefa
     timestamp: 2026-06-09T04:56:00.721Z
     cli_version: unknown
     generator_versions:
       fernapi/fern-python-sdk: 5.14.3
-current_generation: 37e2dc1df848770f503b919fe905d3259e046cfd
+current_generation: bf4df4483c8f8211870c074c6e5725aabf31d339
 patches:
   - id: patch-4894603d
     content_hash: sha256:1e1d0c5ec0a0ef9039b8ae4d3484e5468180bb5af2012392406259e0ab6a589f
     original_commit: 4894603d03409962bc60a34712de8abffe919e2c
     original_message: "chore: Restore custom wiring in management/__init__.py"
     original_author: Kunal Dawar <kunal.dawar@okta.com>
-    base_generation: 37e2dc1df848770f503b919fe905d3259e046cfd
+    base_generation: bf4df4483c8f8211870c074c6e5725aabf31d339
     files:
       - src/auth0/management/__init__.py
     patch_content: |
@@ -8531,16 +8531,16 @@ patches:
         ]
     user_owned: true
   - id: patch-7271f157
-    content_hash: sha256:e5f014e7f8c379a0b7c3815222df83e115d542c5c9685b2a9d16285e1d18f800
+    content_hash: sha256:cd98dd1948587cf3396a2eacf46626176784bd00996eb660374161bfef686e93
     original_commit: 7271f15759cfb545c9ef82b5a4f519ffe0a89db2
     original_message: Revert wrapper file to preserve Auth0 telemetry customizations
     original_author: Kunal Dawar <kunal.dawar@okta.com>
-    base_generation: 15127abb8ab299907925c41e89122d50dbe138d5
+    base_generation: bf4df4483c8f8211870c074c6e5725aabf31d339
     files:
       - src/auth0/management/core/client_wrapper.py
     patch_content: |
       diff --git a/src/auth0/management/core/client_wrapper.py b/src/auth0/management/core/client_wrapper.py
-      index cad2e31..60ebc5a 100644
+      index b1aed4b..60ebc5a 100644
       --- a/src/auth0/management/core/client_wrapper.py
       +++ b/src/auth0/management/core/client_wrapper.py
       @@ -1,6 +1,11 @@
@@ -8570,12 +8570,12 @@ patches:
       +        }).encode("utf-8")
        
                headers: typing.Dict[str, str] = {
-      -            "User-Agent": "auth0-python/5.5.0",
+      -            "User-Agent": "auth0-python/5.6.0",
       -            "X-Fern-Language": "Python",
       -            "X-Fern-Runtime": f"python/{platform.python_version()}",
       -            "X-Fern-Platform": f"{platform.system().lower()}/{platform.release()}",
       -            "X-Fern-SDK-Name": "auth0-python",
-      -            "X-Fern-SDK-Version": "5.5.0",
+      -            "X-Fern-SDK-Version": "5.6.0",
       +            "User-Agent": f"Python/{py_version}",
       +            "Auth0-Client": base64.b64encode(auth0_client).decode(),
                    **(self.get_custom_headers() or {}),
@@ -8710,4 +8710,3 @@ patches:
                     token = await self._async_token()
                     headers["Authorization"] = f"Bearer {token}"
                 return headers
-    status: unresolved
diff --git a/src/auth0/management/core/client_wrapper.py b/src/auth0/management/core/client_wrapper.py
index cebdcce7..60ebc5a6 100644
--- a/src/auth0/management/core/client_wrapper.py
+++ b/src/auth0/management/core/client_wrapper.py
@@ -41,12 +41,8 @@ def get_headers(self) -> typing.Dict[str, str]:
         }).encode("utf-8")
 
         headers: typing.Dict[str, str] = {
-            "User-Agent": "auth0-python/5.6.0",
-            "X-Fern-Language": "Python",
-            "X-Fern-Runtime": f"python/{platform.python_version()}",
-            "X-Fern-Platform": f"{platform.system().lower()}/{platform.release()}",
-            "X-Fern-SDK-Name": "auth0-python",
-            "X-Fern-SDK-Version": "5.6.0",
+            "User-Agent": f"Python/{py_version}",
+            "Auth0-Client": base64.b64encode(auth0_client).decode(),
             **(self.get_custom_headers() or {}),
         }
         headers["Authorization"] = f"Bearer {self._get_token()}"