Skip to main content

GeoIP

authentik supports GeoIP to add additional information to login/authorization/enrollment requests. Additionally, a GeoIP policy can be used to make policy decisions based on the lookup result.

Configuration

info

Starting with authentik 2022.12, GeoIP is bundled and does not require any additional setup.

By default, the GeoIP database is loaded from /geoip/GeoLite2-City.mmdb. If more frequent database updates are desired, a volume can be mounted to /geoip to update this file externally. authentik will automatically re-load the file when it changes.

Deactivating GeoIP

If you want to disable GeoIP, you can set the path to a non-existent path and authentik will skip the GeoIP.

Add the following block to your .env file:

AUTHENTIK_EVENTS__CONTEXT_PROCESSORS__GEOIP=/tmp/non-existent-file
AUTHENTIK_EVENTS__CONTEXT_PROCESSORS__ASN=/tmp/non-existent-file

Afterwards, run the upgrade commands from the latest release notes.

External updates

Sign up for a free MaxMind account here.

Add the following block to a docker-compose.override.yml file in the same folder as the authentik docker-compose file:

services:
server:
volumes:
- geoip:/geoip
worker:
volumes:
- geoip:/geoip
geoipupdate:
image: "maxmindinc/geoipupdate:latest"
volumes:
- "geoip:/usr/share/GeoIP"
environment:
GEOIPUPDATE_EDITION_IDS: "GeoLite2-City GeoLite2-ASN"
GEOIPUPDATE_FREQUENCY: "8"
GEOIPUPDATE_ACCOUNT_ID: "*your account ID*"
GEOIPUPDATE_LICENSE_KEY: "*your license key*"
volumes:
geoip:
driver: local

Afterwards, run the upgrade commands from the latest release notes.