Title here
Summary here
First Factor
There are two ways to integrate Authelia with an authentication backend:
- LDAP: users are stored in remote servers like OpenLDAP, OpenDJ, FreeIPA, or Microsoft Active Directory.
- File: users are stored in YAML file with a hashed version of their password.
Configuration
Example Configuration
This section is intended as an example configuration to help users with a rough contextual layout of this configuration section, it is not intended to explain the options. The configuration shown may not be a valid configuration, and you should see the options section below and the navigation links to properly understand each option individually.
authentication_backend:
refresh_interval: '5m'
password_reset:
disable: false
custom_url: ''
password_change:
disable: falseOptions
This section describes the individual configuration options.
refresh_interval
Reference Note
This configuration option uses a common syntax. For more information please see both the configuration example and the Common Syntax: Duration reference guide.
Note
When using the File Provider this value has a default value of always as the cost in this
scenario is basically not measurable, users can, however, override this setting by setting an explicit value.
This setting controls the interval at which details are refreshed from the backend. The details refreshed in order of importance are the groups, email address, and display name. This is particularly useful for the File Provider when watch is enabled or generally with the LDAP Provider.
In addition to the duration values this option accepts always and disable as values; where always will always
refresh this value, and disable will never refresh the profile.
password_reset
disable
boolean
false
not required
This setting controls if users can reset their password from the web frontend or not.
custom_url
string
not required
The custom password reset URL. This replaces the inbuilt password reset functionality and disables the endpoints if this is configured to anything other than nothing or an empty string.
password_change
disable
boolean
false
not required
This setting controls if users can change their password from the web frontend or not.
file
The file authentication provider.
ldap
The LDAP authentication provider.