authentik icon indicating copy to clipboard operation
authentik copied to clipboard

Published 20 hours ago verified publisher icon goauthentik

Default application binding

Open DrMurx opened this issue 2 years ago • 1 comments

The documentation reads:

By default, all users can access applications when no policies are bound.

This feels against all security best practices, as default settings should be as limited as possible.

I'd like to propose a "Default Binding" for applications which is always in place for all applications with no custom bindings. This default binding should be set to "Deny all users" policy initially. The administrator might customize it to their taste.

For backwards compatibility, the default binding may be set to an "Allow all users" policy for existing Authentik setups so it doesn't break logins when the administrator upgrades from an Authentik version which doesn't have this feature.

DrMurx avatar Oct 05 '22 13:10 DrMurx

Yeah, I was surprised at this. I finally added a second user and had to go through all apps assigning them policies to fix it. It’s disappointing this has been unaddressed for so long. Security tip, always default closed…

yacob841 avatar Jan 27 '24 05:01 yacob841

Initially we'll add this as a system setting which, when enabled, will make applications inaccessible without any policies/etc attached

BeryJu avatar Apr 11 '24 16:04 BeryJu

I have the same issue where I need to revisit each of my applications in order to create binding that I should be able to have as my "default"

Simon-CR avatar Apr 12 '24 12:04 Simon-CR