Product Guide
...
Organization Administration
Kubeark Identity

Policies

6min
policies are an important component of kubeark identity, allowing you to define the rules and procedures that govern how the users can interact with the platform, including authentication and enrollment flows, user attributes and others event matcher policy this policy is used by the events subsystem you can use this policy to match events by multiple different criteria, to choose when you get notified expression policy this evaluates an expression or a set of expressions to determine if the policy should be allowed or denied these expressions can reference context data, which includes data about the user, device, and other relevant information expression policies allow for greater flexibility and customization in managing access and permissions the passing of the policy is determined by the return value of the code use return true to pass a policy and return false to fail it available functions available functions ak message (message str) add a message, visible by the end user this can be used to show the reason why they were denied example ak message("access denied") return false regex match(value any, regex str) > bool check if value matches regular expression example return regex match(request user username, ' admin ') password expiry policy this policy aims to ensure that users change their passwords regularly by setting an expiration period for passwords when a password has reached the specified time limit, the policy expires the password, and the user is required to set a new password this helps enhance the security of the system by reducing the risk of password breaches or attacks password policy this policy allows you to specify password rules, such as length and required characters the following rules can be set minimum amount of uppercase characters minimum amount of lowercase characters minimum amount of symbols characters minimum length symbol charset (define which characters are counted as symbols) reputation policy this policy describes the ability to track failed login attempts based on the source ip and attempted username the policy stores these values as scores, where each failed login attempt results in a decrease of the client ip and targeted username scores by one this policy can be used, for example, to prompt clients with a low score to pass a captcha before they can continue to make sure this policy is executed correctly, set re evaluate policies when using it with a flow\\