Event Matcher Policy
Use an Event Matcher policy when you want to match authentik events by a small set of built-in fields instead of writing a custom expression.
This policy is most commonly used with Notification Rules.
When to use it
Use an Event Matcher policy when you want to react to events such as:
- a failed login
- a model being created, updated, or deleted
- activity from a specific authentik app
- activity from a specific client IP
For more complex matching, such as network ranges or logic across multiple event fields, use an Expression policy instead.
What it matches
An Event Matcher policy can match on:
- action
- app
- model
- exact client IP
Any field you leave empty is treated as a wildcard. Any field you configure must match for the policy to pass.
This policy is useful only when an event object is present in the policy context, such as when a notification rule evaluates an event.
Create an Event Matcher policy
- Log in to authentik as an administrator and open the authentik Admin interface.
- Navigate to Customization > Policies.
- Click Create and select Event Matcher Policy.
- Configure the fields you want to match.
- Click Finish.
Common use
To send notifications for a subset of authentik events:
- Create an Event Matcher policy.
- Create or edit a Notification Rule.
- Bind the policy to that notification rule.
Be aware that an event has to match all configured fields in the policy, otherwise the notification rule will not trigger.