Access Control is the main authorization system in Authelia.
Authelia allows defining fine-grained rules-based access control policies. This list of rules is tested against any requests protected by Authelia and defines the level of authentication the user must pass to get authorization to the resource.
For instance a rule can look like this:
access_control: rules: - domain: dev.example.com resources: - '^/groups/dev/.*$' subject: 'group:dev' policy: two_factor methods: - GET - POST networks: - 192.168.1.0/24
This rule matches when the request targets the domain
dev.example.com, the path matches the regular expression
^/groups/dev/.*$, the user is a member of the
dev group, the request comes from a client on the 192.168.2.0/24
subnet, and the HTTP method verb is GET or POST. In that case, a two-factor policy is applied requiring the user to
authenticate with two factors.
Please check the dedicated documentation.