Example flows
You can apply these flows multiple times to stay updated; however, this discards all changes you've made.
The example flows provided below override the default flows. Review the contents of the example flow before importing and consider exporting the affected existing flows first.
These example flow blueprints are bundled with authentik. To import one, open the authentik Admin interface, navigate to Flows and Stages > Flows, click Import, select Local path, and choose the blueprint path shown below. You can also download the blueprint manually and import it with File upload.
Two-stage enrollment
Blueprint path: example/flows-enrollment-2-stage.yaml
Flow: right-click here and save the file.
Sign-up flow for new users that prompts them for their username, email, password, and name. No verification is done. Users are also immediately logged in after this flow.
Enrollment with email verification
Blueprint path: example/flows-enrollment-email-verification.yaml
Flow: right-click here and save the file.
Same flow as above, with an extra email verification stage.
You'll probably have to adjust the Email stage and set your connection details.
Two-factor login
Blueprint path: example/flows-login-2fa.yaml
Flow: right-click here and save the file.
Login flow that follows the default pattern (username/email, then password), but also checks for the user's OTP token, if they have one configured.
You can force two-factor authentication by editing the Not configured action in the Authenticator Validation Stage.
Log in with conditional CAPTCHA
Blueprint path: example/flows-login-conditional-captcha.yaml
Flow: right-click here and save the file.
Login flow that conditionally shows users a CAPTCHA, based on the reputation of their IP and username.
By default, the CAPTCHA test keys are used. You can get a proper key here.
Recovery with email and MFA verification
Blueprint path: example/flows-recovery-email-mfa-verification.yaml
Flow: right-click here and save the file.
With this recovery flow, the user is sent an email after they've identified themselves. After they click the link in the email, they must verify their configured MFA device, and are prompted for a new password and immediately logged in.
There's also a version of this flow available without MFA validation at example/flows-recovery-email-verification.yaml, which is not recommended.
User deletion
Blueprint path: example/flows-unenrollment.yaml
Flow: right-click here and save the file.
Flow for users to delete their account.
This is done without any warning.