Open DrMurx opened 1 year ago
yacob841
commented
5 months ago Yeah, I was surprised at this. I finally added a second user and had to go through all apps assigning them policies to fix it. It’s disappointing this has been unaddressed for so long. Security tip, always default closed…
BeryJu
commented
2 months ago Initially we'll add this as a system setting which, when enabled, will make applications inaccessible without any policies/etc attached
Simon-CR
commented
2 months ago I have the same issue where I need to revisit each of my applications in order to create binding that I should be able to have as my "default"
The documentation reads:
This feels against all security best practices, as default settings should be as limited as possible.
I'd like to propose a "Default Binding" for applications which is always in place for all applications with no custom bindings. This default binding should be set to "Deny all users" policy initially. The administrator might customize it to their taste.
For backwards compatibility, the default binding may be set to an "Allow all users" policy for existing Authentik setups so it doesn't break logins when the administrator upgrades from an Authentik version which doesn't have this feature.