Skip to main content

Allow Any Authenticated User

Summary

Use with caution: Allow Any Authenticated User allows all requests for any user that authenticates against your identity provider.

For example, if you use a corporate GSuite account, an unrelated user with a Gmail account can access the upstream application.

Use of this setting means Pomerium will not enforce your centralized authorization policy for this route. The upstream is responsible for handling any authorization.

How to configure

YAML/JSON settingTypeDefaultUsage
allow_any_authenticated_userbooleanfalseoptional

Examples

allow_any_authenticated_user: true

# ingress
ingress.pomerium.io/allow_any_authenticated_user: true