Allow Any Authenticated User
Summary
Use with caution: Allow Any Authenticated User allows all requests for any user or service account that authenticates against your identity provider.
For example, if you use a corporate GSuite account, an unrelated user with a Gmail account can access the upstream application.
Use of this setting means Pomerium will not enforce your centralized authorization policy for this route. The upstream is responsible for handling any authorization.
How to configure
- Core
- Enterprise
- Kubernetes
| YAML/JSON setting | Type | Default | Usage |
|---|---|---|---|
allow_any_authenticated_user | boolean | false | optional |
Examples
allow_any_authenticated_user: 'true'
Enable Any Authenticated User in the Policy Builder in the Console:
| Annotation name | Type | Default | Usage |
|---|---|---|---|
allow_any_authenticated_user | boolean | false | optional |
Examples
ingress.pomerium.io/allow_any_authenticated_user: true