Skip to main content

17 docs tagged with "policy"

View all tags

Device compliance policy

Device compliance policies are used to limit access to authentik and applications based on Device Compliance information.

Ensure unique email addresses

By default, authentik does not require email addresses to be unique. If you want to enforce uniqueness, use an expression policy during enrollment or profile-edit flows.

Event Matcher Policy

Use an Event Matcher policy when you want to match authentik events against a small set of built-in fields instead of writing a custom expression.

Expression Policies

Expression policies let you write custom Python for cases where the built-in policy types are not enough.

GeoIP Policy

Use a GeoIP policy when you want to make access decisions based on where a request appears to come from.

Password Policy

Use a Password policy when you want to validate a password entered in a prompt stage.

Password Uniqueness Policy

The Password Uniqueness policy is an enterprise policy that prevents users from reusing previously used passwords.

Policies

Policies are reusable checks in authentik. They let you control whether a user can access an application, whether a stage in a flow should run, whether a source can be used, or whether data entered in a prompt stage is valid.

Policy Bindings and Evaluation

For step-by-step instructions on creating and attaching policies, see Working with policies. This page focuses on where policy bindings apply, how authentik evaluates them, and which options affect the result.

Reputation Policy

Use a Reputation policy when you want authentik to react to repeated failed authentication attempts from a username, a client IP, or both.