Policies
Policies are an important component of Kubeark Identity, allowing you to define the rules and procedures that govern how the users can interact with the platform, including authentication and enrollment flows, user attributes and others.
This policy is used by the events subsystem. You can use this policy to match events by multiple different criteria, to choose when you get notified.
This evaluates an expression or a set of expressions to determine if the policy should be allowed or denied. These expressions can reference context data, which includes data about the user, device, and other relevant information. Expression policies allow for greater flexibility and customization in managing access and permissions.
The passing of the policy is determined by the return value of the code. Use
to pass a policy and
to fail it.
๏ปฟAvailable functions:๏ปฟ
ak_message (message: str) - Add a message, visible by the end user. This can be used to show the reason why they were denied
Example:
regex_match(value: Any, regex: str) -> bool - check if value matches Regular Expression
ย Example:
This policy aims to ensure that users change their passwords regularly by setting an expiration period for passwords. When a password has reached the specified time limit, the policy expires the password, and the user is required to set a new password. This helps enhance the security of the system by reducing the risk of password breaches or attacks.
This policy allows you to specify password rules, such as length and required characters. The following rules can be set:
- Minimum amount of uppercase characters.
- Minimum amount of lowercase characters.
- Minimum amount of symbols characters.
- Minimum length.
- Symbol charset (define which characters are counted as symbols).
This policy describes the ability to track failed login attempts based on the source IP and attempted username. The policy stores these values as scores, where each failed login attempt results in a decrease of the client IP and targeted username scores by one.
This policy can be used, for example, to prompt clients with a low score to pass a captcha before they can continue.
To make sure this policy is executed correctly, set Re-evaluate policies when using it with a flow\