version: 1 metadata: labels: blueprints.goauthentik.io/instantiate: "false" name: Example - Two-factor Login entries: - identifiers: slug: default-authentication-flow model: authentik_flows.flow id: flow attrs: name: Default Authentication Flow title: Welcome to authentik! designation: authentication authentication: require_unauthenticated - identifiers: name: test-not-app-password id: test-not-app-password model: authentik_policies_expression.expressionpolicy attrs: expression: | return context["auth_method"] != "app_password" - identifiers: name: default-authentication-login id: default-authentication-login model: authentik_stages_user_login.userloginstage attrs: session_duration: seconds=0 - identifiers: name: default-authentication-identification id: default-authentication-identification model: authentik_stages_identification.identificationstage attrs: user_fields: - email - username template: stages/identification/login.html - identifiers: name: default-authentication-flow-mfa id: default-authentication-flow-mfa model: authentik_stages_authenticator_validate.authenticatorvalidatestage - identifiers: name: default-authentication-password id: default-authentication-password model: authentik_stages_password.passwordstage attrs: backends: - authentik.core.auth.InbuiltBackend - authentik.core.auth.TokenBackend - authentik.sources.ldap.auth.LDAPBackend - identifiers: target: !KeyOf flow stage: !KeyOf default-authentication-identification order: 10 model: authentik_flows.flowstagebinding - identifiers: target: !KeyOf flow stage: !KeyOf default-authentication-password order: 20 model: authentik_flows.flowstagebinding - identifiers: target: !KeyOf flow stage: !KeyOf default-authentication-flow-mfa order: 30 model: authentik_flows.flowstagebinding id: flow-binding-mfa attrs: re_evaluate_policies: true - identifiers: target: !KeyOf flow stage: !KeyOf default-authentication-login order: 100 model: authentik_flows.flowstagebinding - identifiers: policy: !KeyOf test-not-app-password target: !KeyOf flow-binding-mfa order: 0 model: authentik_policies.policybinding