Product Guide
...
Organization Administration
Kubeark Identity

Flows

4min
flows are a way to describe a series of stages a stage is a single logic or verification step they are used to authenticate users, enroll them, and more for instance, a standard login flow would consist of the following steps identification users identify themselves via a username or email address password the user's password is checked against the hash in the database log in flows context flows can be configured by setting up the independent context which holds all of the arbitrary data about the specific flow the flow context is created and managed by configuring policies, stages, and bindings, and it contains information about the configuration of the flow the identification stage, for example, allows the definition of whether users will be prompted for an email address, a username, or both while any data can be stored in the flow context, there are some reserved keys used by authentik stages below you will find a list with all the keys and their explanation common keys key description pending user the data of the user that is executing the flow this value is not set automatically, it is set via the identification stage prompt data used in the prompt stage; the value of any field within a prompt stage is written to the prompt data redirect stores the final redirect url that the user's browser will be sent to after the flow is finished executing successfully pending user identifier stores the final redirect url that the user's browser will be sent to after the flow is finished executing successfully application when an unauthenticated user attempts to access a secured resource, they are redirected to an authentication flow the application they attempted to access will be stored in the key attached to this object for example application github, with applicationbeing the key and github the value source when a user authenticates/enrolls via an external source, this will be set to the source they are using scenario specific keys key description consent header the title of the consent prompt shown in the consent stage consent permissions an optional list of all permissions that will be given to the application by granting consent in the consent stage title optional title of the form shown to the user in the autosubmit stage url url that the form will be submitted to in the autosubmit stage attrs key value pairs of the data that is included in the form and will be submitted to the url in the autosubmit stage groups used in the user write stage and represents the groups that the pending user will be added to user path path the pending user will be written to in the user write stage user backend set by the password stage after successfully authenticating the user and contains a dot notation to the authentication backend that was used to authenticate the user auth method set by the password stage, the authenticator validation stage, the oauth2 provider, and the api authentication depending on which method is used