diff --git a/README.md b/README.md index 584b6f8cb..03501cefa 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,12 @@ accepted before getting to the login page: ![first-factor-page](https://raw.githubusercontent.com/clems4ever/authelia/master/images/first_factor.png) ### 1st factor: LDAP -An LDAP server has been deployed for you with the following credentials: **user/password**. +An LDAP server has been deployed for you with the following credentials: + +- **john/password** is in the admin group and has access to every subdomain. +- **bob/password** is in the dev group and has only access to *secret2.test.local* +- **harry/password** is not in a group but has access to *secret1.test.local* +as per the configuration file. Type them in the login page and validate. Then, the second factor page should have appeared as shown below. @@ -99,6 +104,12 @@ email address. For the sake of the example, the email is delivered in the file ./notifications/notification.txt. Paste the link in your browser and you should be able to reset the password. +### Access Control +With **Authelia**, you can define your own access control rules for restricting +the access to certain subdomains to your users. Those rules are defined in the +configuration file and are per-user or per-group. Check out the +*config.template.yml* to see how they are defined. + ## Documentation ### Configuration The configuration of the server is defined in the file diff --git a/config.template.yml b/config.template.yml index d05e0de6e..d258a2a99 100644 --- a/config.template.yml +++ b/config.template.yml @@ -47,6 +47,7 @@ access_control: allowed_domains: - secret.test.local - secret1.test.local + - secret2.test.local - group: dev allowed_domains: - secret2.test.local