This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/blueprints/example/flows-login-2fa.yaml

91 lines
2.6 KiB
YAML

version: 1
entries:
- identifiers:
slug: default-authentication-flow
model: authentik_flows.flow
id: flow
attrs:
name: Default Authentication Flow
title: Welcome to authentik!
designation: authentication
- identifiers:
name: test-not-app-password
id: test-not-app-password
model: authentik_policies_expression.expressionpolicy
attrs:
execution_logging: false
expression: |
return context["auth_method"] != "app_password"
- identifiers:
name: default-authentication-login
id: default-authentication-login
model: authentik_stages_user_login.userloginstage
attrs:
session_duration: seconds=0
- identifiers:
name: default-authentication-identification
id: default-authentication-identification
model: authentik_stages_identification.identificationstage
attrs:
user_fields:
- email
- username
template: stages/identification/login.html
enrollment_flow: null
recovery_flow: null
- identifiers:
name: default-authentication-flow-mfa
id: default-authentication-flow-mfa
model: authentik_stages_authenticator_validate.AuthenticatorValidateStage
attrs: {}
- identifiers:
name: default-authentication-password
id: default-authentication-password
model: authentik_stages_password.passwordstage
attrs:
backends:
- authentik.core.auth.InbuiltBackend
- authentik.core.auth.TokenBackend
- authentik.sources.ldap.auth.LDAPBackend
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-authentication-identification
order: 10
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-authentication-password
order: 20
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-authentication-flow-mfa
order: 30
model: authentik_flows.flowstagebinding
id: flow-binding-mfa
attrs:
evaluate_on_plan: false
re_evaluate_policies: true
policy_engine_mode: any
invalid_response_action: retry
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-authentication-login
order: 100
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
policy: !KeyOf test-not-app-password
target: !KeyOf flow-binding-mfa
order: 0
model: authentik_policies.policybinding
attrs:
negate: false
enabled: true
timeout: 30