authentik/docs/policies/index.md

# Policies

## Kinds

There are two different kinds of policies; Standard Policy and Password Policy. Normal policies evaluate to True or False, and can be used everywhere. Password policies apply when a password is set (during user enrollment, recovery or anywhere else). These policies can be used to apply password rules such as length, complexity, etc. They can also be used to expire passwords after a certain amount of time.

## Standard Policies

---

### Reputation Policy

passbook keeps track of failed login attempts by source IP and attempted username. These values are saved as scores. Each failed login decreases the score for the client IP as well as the targeted username by 1 (one).

This policy can be used, for example, to prompt clients with a low score to pass a captcha before they can continue.

## Expression Policy

See [Expression Policy](expression.md).

## Password Policies

---

### Password Policy

This policy allows you to specify password rules, such as length and required characters.
The following rules can be set:

- Minimum amount of uppercase characters.
- Minimum amount of lowercase characters.
- Minimum amount of symbols characters.
- Minimum length.
- Symbol charset (define which characters are counted as symbols).

### Have I Been Pwned Policy

This policy checks the hashed password against the [Have I Been Pwned](https://haveibeenpwned.com/) API. This only sends the first 5 characters of the hashed password. The remaining comparison is done within passbook.

### Password-Expiry Policy

This policy can enforce regular password rotation by expiring set passwords after a finite amount of time. This forces users to set a new password.
docs: add initial structure, add docs for policies and factors 2019-12-09 20:00:45 +00:00			`# Policies`

			`## Kinds`

docs(terminology.md): clarity & capitalisation 2020-06-18 18:27:20 +00:00			`There are two different kinds of policies; Standard Policy and Password Policy. Normal policies evaluate to True or False, and can be used everywhere. Password policies apply when a password is set (during user enrollment, recovery or anywhere else). These policies can be used to apply password rules such as length, complexity, etc. They can also be used to expire passwords after a certain amount of time.`
docs: add initial structure, add docs for policies and factors 2019-12-09 20:00:45 +00:00
			`## Standard Policies`

docs: add docs for property mappings, switch to material theme 2019-12-10 10:25:34 +00:00			`---`

docs: add initial structure, add docs for policies and factors 2019-12-09 20:00:45 +00:00			`### Reputation Policy`

docs(terminology.md): clarity & capitalisation 2020-06-18 18:27:20 +00:00			`passbook keeps track of failed login attempts by source IP and attempted username. These values are saved as scores. Each failed login decreases the score for the client IP as well as the targeted username by 1 (one).`
docs: add initial structure, add docs for policies and factors 2019-12-09 20:00:45 +00:00
docs(terminology.md): clarity & capitalisation 2020-06-18 18:27:20 +00:00			`This policy can be used, for example, to prompt clients with a low score to pass a captcha before they can continue.`
docs: add initial structure, add docs for policies and factors 2019-12-09 20:00:45 +00:00
docs: update policy types, add docs for expression policies 2020-02-19 09:21:28 +00:00			`## Expression Policy`
docs: add initial structure, add docs for policies and factors 2019-12-09 20:00:45 +00:00
policies/expression: migrate to raw python instead of jinja2 (#49) * policies/expression: migrate to raw python instead of jinja2 * lib/expression: create base evaluator, custom subclass for policies * core: rewrite propertymappings to use python * providers/saml: update to new PropertyMappings * sources/ldap: update to new PropertyMappings * docs: update docs for new propertymappings * root: remove jinja2 * root: re-add jinja to lock file as its implicitly required 2020-06-05 10:00:27 +00:00			`See [Expression Policy](expression.md).`
docs: add initial structure, add docs for policies and factors 2019-12-09 20:00:45 +00:00
			`## Password Policies`

docs: add docs for property mappings, switch to material theme 2019-12-10 10:25:34 +00:00			`---`

docs: add initial structure, add docs for policies and factors 2019-12-09 20:00:45 +00:00			`### Password Policy`

docs(terminology.md): clarity & capitalisation 2020-06-18 18:27:20 +00:00			`This policy allows you to specify password rules, such as length and required characters.`
docs: add initial structure, add docs for policies and factors 2019-12-09 20:00:45 +00:00			`The following rules can be set:`

docs(terminology.md): clarity & capitalisation 2020-06-18 18:27:20 +00:00			`- Minimum amount of uppercase characters.`
			`- Minimum amount of lowercase characters.`
			`- Minimum amount of symbols characters.`
			`- Minimum length.`
			`- Symbol charset (define which characters are counted as symbols).`
docs: add initial structure, add docs for policies and factors 2019-12-09 20:00:45 +00:00
			`### Have I Been Pwned Policy`

docs(terminology.md): clarity & capitalisation 2020-06-18 18:27:20 +00:00			`This policy checks the hashed password against the [Have I Been Pwned](https://haveibeenpwned.com/) API. This only sends the first 5 characters of the hashed password. The remaining comparison is done within passbook.`
docs: add initial structure, add docs for policies and factors 2019-12-09 20:00:45 +00:00
			`### Password-Expiry Policy`

docs(terminology.md): clarity & capitalisation 2020-06-18 18:27:20 +00:00			`This policy can enforce regular password rotation by expiring set passwords after a finite amount of time. This forces users to set a new password.`