Skip to main content

Bind Stages and Policies to Flows

A flow is a container, and its behavior is determined by the Stages you bind to it. You can further refine this behavior by attaching Policies (logic gates) to those stages or to the flow itself. Bindings act as the "connector" between the logic (Policy) and the execution step (Stage or Flow).

Bindings are instantiated objects themselves. To learn more about the underlying architecture, refer to the Bindings documentation.

1. Define the sequence (Stage bindings)

To define what happens in a flow, you must bind stages in a specific sequence. You can either use existing components or create new ones on the fly.

Option A: Bind existing stages

Most flows rely on reusable, existing stages (like default-authentication-login). To bind these to your flow:

  1. Navigate to Flows and Stages > Flows and click the name of your flow to which you want to bind one or more stages.
  2. Select the Stage Bindings tab.
  3. Click Bind existing stage.
  4. Select the stage you want to use from the list.
  5. Order Matters: Ensure the stage is in the correct position (for example, Identification → Password → Login).

Option B: Create and bind a new stage

Use this option when you need a unique stage that doesn't exist yet, such as a custom Prompt Stage for displaying specific text. To create and bind a new stage:

  1. Navigate to Flows and Stages > Flows and click the name of your flow.
  2. Select the Stage Bindings tab and click Create and bind Stage.
  3. Select Type: Choose (Prompt, etc.) Stage.
  4. Configure the Stage Details:
    • Name: Enter a descriptive name for the stage.
    • Fields: Remove any pre-selected fields by clicking the x icon. Add your specific custom prompts (e.g., username, password) from the dropdown, if you selected the prompt stage type.
    • Validation Policies: Remove any pre-selected policies by clicking the x icon to ensure the stage runs without default restrictions.
  5. Click Finish to save.

2. Apply logic and access control (Policy bindings)

Policies allow you to add conditions to your flows, determining who can access them and which steps they must complete.

Create a Policy

To create a new policy, either a pre-configured one or an expression policy, follow these steps:

  1. Log in as an administrator and open the Admin interface.
  2. Navigate to Customization > Policies.
  3. Click Create, and select the type of policy.
    Here, you select whether you want to create a custom expression policy or a standard, out-of-the-box one.
  4. Define the policy and click Finish.

Bind a policy to a flow

These bindings control entry access (for example, restricting an admin flow to specific IP addresses or user groups).

  1. Navigate to Flows and Stages > Flows.
  2. In the list of flows, click on the name of the flow to which you want to bind a policy.
  3. Click on the Policy/Group/User Bindings tab at the top of the page.
  4. Select your preferred action:
    • Create and bind Policy: Create a new policy and bind it immediately.
    • Bind existing policy/group/user: Select an existing policy to bind to the flow.

Bind a policy to a stage

These bindings control conditional execution (such as only showing a "CAPTCHA" stage if a user's reputation is low).

  1. Navigate to Flows and Stages > Flows.
  2. In the list of flows, click on the name of the flow containing the stage you want to modify.
  3. Click on the Stage Bindings tab at the top of the page.
  4. Click the arrow (>) beside the name of the stage to which you want to bind a policy to display the details.
  5. Select your preferred action:
    • Create and bind Policy: Create a new policy and bind it immediately.
    • Bind existing policy/group/user: Select an existing policy to bind to the stage.

Execution timing: Dynamic vs. planned

When binding a policy to a stage, you can control when the logic is checked using the Evaluate when flow is planned setting:

  • Dynamic evaluation (Default): Policies are evaluated right before the stage is presented to the user. This is flexible and allows the flow to change based on the outcome of previous stages (e.g., a policy checking if a password was just changed).
  • Plan evaluation: If you enable Evaluate when flow is planned, the policy is checked immediately when the flow starts. This generates a fixed "Flow Plan." Use this if the decision to show a stage should be made solely on initial context (like the user's IP address).

Now that you understand how to bind Stages and Policies, you can customize the user experience and secure your platform.

Customize Authentication Flows

Modify text prompts, configure timeouts, and brand the interface to match your organization's identity.

Secure the Platform

Configure global reputation policies and event retention to protect your organization from brute-force attacks.

Identity Providers Reference

Review the supported provider types and their specific characteristics.