Files
authentik/website/docs/customize/policies/expression/unique_email.md
Timon Klinkert 9640992c3c website/docs: Update unique email expression policy to exclude current user (#21555)
* Update unique_email.md to also exclude current user

Signed-off-by: Timon Klinkert <83671398+DenuxPlays@users.noreply.github.com>

* Applied review suggestion

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: Timon Klinkert <83671398+DenuxPlays@users.noreply.github.com>

---------

Signed-off-by: Timon Klinkert <83671398+DenuxPlays@users.noreply.github.com>
Co-authored-by: Jens L. <jens@beryju.org>
2026-04-13 18:53:34 +00:00

1.0 KiB

title
title
Ensure unique email addresses

Due to the database design of authentik, email addresses are by default not required to be unique. However, this behavior can be changed using an expression policy.

The snippet below can be used in an expression policy within enrollment flows. The policy should be bound to any stage before the User write stage, or with the Prompt stage.

# Ensure this matches the *Field Key* value of the prompt
field_name = "email"
email = request.context["prompt_data"][field_name]

pending_user = request.context.get("pending_user")

from authentik.core.models import User

query = User.objects.filter(email__iexact=email)

if pending_user:
    query = query.exclude(pk=pending_user.pk)
elif request.user and request.user.is_authenticated:
    query = query.exclude(pk=request.user.pk)

if query.exists():
    ak_message("Email address in use")
    return False

return True