--- host: 127.0.0.1 port: 9091 jwt_secret: secret_from_config logging: level: debug default_redirection_url: https://home.example.com:8080/ totp: issuer: authelia.com duo_api: hostname: api-123456789.example.com integration_key: ABCDEF authentication_backend: ldap: url: ldap://127.0.0.1 base_dn: dc=example,dc=com username_attribute: uid additional_users_dn: ou=users users_filter: (&({username_attribute}={input})(objectCategory=person)(objectClass=user)) additional_groups_dn: ou=groups groups_filter: (&(member={dn})(objectclass=groupOfNames)) group_name_attribute: cn mail_attribute: mail user: cn=admin,dc=example,dc=com access_control: default_policy: deny rules: # Rules applied to everyone - domain: public.example.com policy: bypass - domain: secure.example.com policy: one_factor # Network based rule, if not provided any network matches. networks: - 192.168.1.0/24 - domain: secure.example.com policy: two_factor - domain: [singlefactor.example.com, onefactor.example.com] policy: one_factor # Rules applied to 'admins' group - domain: "mx2.mail.example.com" subject: "group:admins" policy: deny - domain: "*.example.com" subject: "group:admins" policy: two_factor # Rules applied to 'dev' group - domain: dev.example.com resources: - "^/groups/dev/.*$" subject: "group:dev" policy: two_factor # Rules applied to user 'john' - domain: dev.example.com resources: - "^/users/john/.*$" subject: "user:john" policy: two_factor # Rules applied to 'dev' group and user 'john' - domain: dev.example.com resources: - "^/deny-all.*$" subject: ["group:dev", "user:john"] policy: deny # Rules applied to user 'harry' - domain: dev.example.com resources: - "^/users/harry/.*$" subject: "user:harry" policy: two_factor # Rules applied to user 'bob' - domain: "*.mail.example.com" subject: "user:bob" policy: two_factor - domain: "dev.example.com" resources: - "^/users/bob/.*$" subject: "user:bob" policy: two_factor session: name: authelia_session expiration: 3600000 # 1 hour inactivity: 300000 # 5 minutes domain: example.com redis: host: 127.0.0.1 port: 6379 regulation: max_retries: 3 find_time: 120 ban_time: 300 storage: mysql: host: 127.0.0.1 port: 3306 database: authelia username: authelia notifier: smtp: username: test host: 127.0.0.1 port: 1025 sender: admin@example.com disable_require_tls: true ...