Privacy Policy

Configuration

Example Configuration

This section is intended as an example configuration to help users with a rough contextual layout of this configuration section, it is not intended to explain the options. The configuration shown may not be a valid configuration, and you should see the options section below and the navigation links to properly understand each option individually.

configuration.yml
privacy_policy:
  enabled: false
  require_user_acceptance: false
  policy_url: ''

Options

This section describes the individual configuration options.

enabled

boolean false not required

Enables the display of the Privacy Policy link.

require_user_acceptance

boolean false not required

Requires users accept per-browser the Privacy Policy via a Dialog Drawer at the bottom of the page. The fact they have accepted is recorded and checked in the browser localStorage.

If the user has not accepted the policy they should not be able to interact with the Authelia UI via normal means.

Administrators who are required to abide by the GDPR or other privacy laws should be advised that OpenID Connect 1.0 clients configured with the implicit consent mode are unlikely to trigger the display of the Authelia UI if the user is already authenticated.

We won’t be adding checks like this to the implicit consent mode when that mode in particular is unlikely to be compliant with those laws, and that mode is not strictly compliant with the OpenID Connect 1.0 specifications. It is therefore recommended if require_user_acceptance is enabled then administrators should avoid using the implicit consent mode or do so at their own risk.

policy_url

string situational

The privacy policy URL is a URL which optionally is displayed in the frontend linking users to the administrators privacy policy. This is useful for users who wish to abide by laws such as the GDPR. Administrators can view the particulars of what Authelia collects out of the box with our Privacy Policy.

This value must be an absolute URL, and must have the https:// scheme.

This option is required if the enabled option is true.

Example:

configuration.yml
privacy_policy:
  enabled: true
  policy_url: 'https://www.example.com/privacy-policy'