Allow Any Authenticated User
Summary
Use with caution: Allow Any Authenticated User allows all requests for any user that authenticates against your identity provider.
For example, if you use a corporate GSuite account, an unrelated user with a Gmail account can access the upstream application.
Use of this setting means Pomerium will not enforce your centralized authorization policy for this route. The upstream is responsible for handling any authorization.
How to configure
- Core
- Enterprise
- Kubernetes
| YAML/JSON setting | Type | Default | Usage |
|---|---|---|---|
allow_any_authenticated_user | boolean | false | optional |
Enable Any Authenticated User in the Policy Builder in the Console:
| Name | Type | Default | Usage |
|---|---|---|---|
allow_any_authenticated_user | boolean | false | optional |
See Kubernetes Ingress reference for more information.
Examples
allow_any_authenticated_user: true
# ingress
ingress.pomerium.io/allow_any_authenticated_user: true