GeoIP
authentik supports GeoIP to add additional information to login/authorization/enrollment requests, and make policy decisions based on the lookup result.
Configuration
Starting with authentik 2022.12, GeoIP is bundled and does not require any additional setup.
By default, the GeoIP database is loaded from /geoip/GeoLite2-City.mmdb. If more frequent database updates are desired, a volume can be mounted to /geoip to update this file externally. authentik will automatically re-load the file when it changes.
Deactivating GeoIP
If you want to disable GeoIP, you can set the path to a non-existent path and authentik will skip the GeoIP.
- docker-compose
- Kubernetes
AUTHENTIK_GEOIP=/tmp/non-existent-file
Afterwards, run the upgrade commands from the latest release notes.
authentik:
geoip: /tmp/non-existent-file
Afterwards, run the upgrade commands from the latest release notes.
External updates
Sign up for a free MaxMind account here.
- docker-compose
- Kubernetes
version: "3.2"
services:
server:
volumes:
- geoip:/geoip
worker:
volumes:
- geoip:/geoip
geoipupdate:
image: "maxmindinc/geoipupdate:latest"
volumes:
- "geoip:/usr/share/GeoIP"
environment:
GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
GEOIPUPDATE_FREQUENCY: "8"
GEOIPUPDATE_ACCOUNT_ID: "*your account ID*"
GEOIPUPDATE_LICENSE_KEY: "*your license key*"
volumes:
geoip:
driver: local
Afterwards, run the upgrade commands from the latest release notes.
geoip:
enabled: true
accountId: "*your account ID*"
licenseKey: "*your license key*"
editionIds: "GeoLite2-City"
image: maxmindinc/geoipupdate:v4.8
updateInterval: 8
Afterwards, run the upgrade commands from the latest release notes.