ghndrx/authentik-terraform
1
0
Fork 0
mirror of https://github.com/ghndrx/authentik-terraform.git synced 2026-02-10 06:44:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
authentik-terraform/terraform.tfvars.example
Greg Hendrickson 5d2535067e feat: Add custom MFA authentication flow with configurable enforcement 
- Add authentication-flow.tf with complete MFA auth flow:
  - Identification -> Password -> MFA validation -> Session stages
  - Brute-force reputation policy binding
  - Evaluates policies on plan for user context

- Add configuration variables:
  - enable_mfa_flow: Toggle custom MFA flow (default: false)
  - mfa_enforcement: skip/configure/deny (default: configure)

- Fix existing issues:
  - rbac-groups.tf: parent -> parents (list)
  - source-google.tf: Use variables instead of deprecated sops
  - Google source now conditional (created only if credentials provided)

- Update README:
  - Document MFA enforcement levels
  - Add authentication-flow.tf to file structure
  - Explain Option 1 (Terraform) vs Option 2 (manual UI) for MFA setup

Security: Custom flow includes brute-force protection policy bound
at flow level, not just stage level.
2026-02-09 16:03:32 +00:00

32 lines
1.2 KiB
Plaintext
Raw Permalink Blame History

# Example terraform.tfvars - Copy to terraform.tfvars and fill in your values
# NEVER commit terraform.tfvars to git!
# Authentik Connection (required)
authentik_url = "https://auth.example.com"
authentik_token = "your-api-token-here"
# Google OAuth (optional - leave empty to skip)
google_client_id = ""
google_client_secret = ""
# Application URLs (set the ones you want to configure)
argocd_url = "https://argocd.example.com"
grafana_url = "https://grafana.example.com"
home_assistant_url = "https://home.example.com"
immich_url = "https://photos.example.com"
uptime_kuma_url = "https://status.example.com"
sonarr_url = "https://sonarr.example.com"
radarr_url = "https://radarr.example.com"
prowlarr_url = "https://prowlarr.example.com"
portainer_url = "https://portainer.example.com"
# LDAP Configuration
ldap_base_dn = "dc=ldap,dc=example,dc=com"
# Security Configuration
enable_mfa_flow = false # Set to true to enable MFA authentication flow
mfa_enforcement = "configure" # Options: skip, configure, deny
# - skip: MFA optional, no prompt if not configured
# - configure: Prompt users to set up MFA on login
# - deny: Block login if MFA not configured (use after users have set up MFA)
Reference in New Issue View Git Blame Copy Permalink