Working with policies
For an overview of policies, refer to our documentation on Policies.
authentik provides several standard policy types, which can be configured for your specific needs. We also document several useful expression policies.
You can add expressions to our standard policies to further customize them.
To learn more, see the bindings and how to bind policy bindings to a new application when the application is created documentation (for example, to configure application-specific access).
Create a policy
To create a new policy, either a pre-configured one or an expression policy, follow these steps:
- Log in to authentik as an administrator and open the authentik Admin interface.
- Navigate to Customization > Policies.
- Click Create, and select the type of policy. Here you select whether you want to create a custom expression policy, or a standard, out-of-the box one.
- Define the policy and click Finish.
Bind a policy to a flow, stage, application, or source
After creating the policy, you can bind it to either a:
Bindings are instantiated objects themselves, and conceptually can be considered as the "connector" between the policy and the component to which it is bound. This is why you might read about "binding a binding", because technically, a binding is "spliced" into another binding, in order to intercept and enforce the criteria defined in the policy. To learn more refer to our Bindings documentation.
Bind a policy to a flow
These bindings control which users can access a flow.
- Log in to authentik as an administrator and open the authentik Admin interface.
- Navigate to Flows and Stages > Flows.
- In the list of flows, click on the name of the flow to which you want to bind a policy.
- Click on the Policy/Group/User Bindings tab at the top of the page.
- Here, you can decide if you want to create a new policy and bind it to the flow (Create and bind Policy), or if you want to select an existing policy and bind it to the flow (Bind existing policy/group/user).
Bind a policy to a stage binding
These bindings control which stages are applied to a flow.
- Log in to authentik as an administrator and open the authentik Admin interface.
- Navigate to Flows and Stages > Flows.
- In the list of flows, click on the name of the flow which has the stage to which you want to bind a policy.
- Click on the Stage Bindings tab at the top of the page.
- Click the arrow (>) beside the name of the stage to which you want to bind a policy. The details for that stage displays.
- Here, you can decide if you want to create a new policy and bind it to the stage binding (Create and bind Policy), or if you want to select an existing policy and bind it to the stage binding (Bind existing policy/group/user).
Bind a policy to an application
These bindings control which users or groups can access an application.
- Log in to authentik as an administrator and open the authentik Admin interface.
- Navigate to Applications > Applications.
- In the list of applications, click on the name of the application to which you want to bind a policy.
- Click on the Policy/Group/User Bindings tab at the top of the page.
- Here, select if you want to create a new policy and bind it to the application, or select an existing policy and bind it to the application:
- Create and bind Policy
- Bind existing Policy/Group/User
Bind a policy to a source
These bindings control which users or groups can access an application.
- Log in to authentik as an administrator and open the authentik Admin interface.
- Navigate to Directory > Federatin and Social login.
- In the list of sources, click on the name of the source to which you want to bind a policy.
- Click on the Policy Bindings tab at the top of the page.
- Here, select if you want to create a new policy and bind it to the application, or select an existing policy and bind it to the application:
- Create and bind Policy
- Bind existing Policy/Group/User