From 4671d4afb4d32988ca0058a33888862bd9652b16 Mon Sep 17 00:00:00 2001 From: Jens L Date: Wed, 19 Apr 2023 16:13:45 +0200 Subject: [PATCH] enterprise: initial license (#5293) * enterprise: add enterprise license and app Signed-off-by: Jens Langhammer * add license and terms Signed-off-by: Jens Langhammer * don't build enterprise into docker for now Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- .dockerignore | 1 + LICENSE | 9 ++- authentik/api/v3/config.py | 3 + authentik/enterprise/LICENSE | 45 +++++++++++++ authentik/enterprise/apps.py | 11 ++++ authentik/enterprise/settings.py | 1 + authentik/root/settings.py | 9 +++ website/src/pages/legal/terms.md | 107 +++++++++++++++++++++++++++++++ 8 files changed, 184 insertions(+), 2 deletions(-) create mode 100644 authentik/enterprise/LICENSE create mode 100644 authentik/enterprise/apps.py create mode 100644 authentik/enterprise/settings.py create mode 100644 website/src/pages/legal/terms.md diff --git a/.dockerignore b/.dockerignore index b1eb0cd9b..1e6a89ac0 100644 --- a/.dockerignore +++ b/.dockerignore @@ -6,3 +6,4 @@ dist/** build/** build_docs/** Dockerfile +authentik/enterprise diff --git a/LICENSE b/LICENSE index d555023e3..66089a4c2 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,11 @@ -MIT License +Copyright (c) 2023 Jens Langhammer -Copyright (c) 2022 Jens Langhammer +Portions of this software are licensed as follows: +* All content residing under the "website/" directory of this repository is licensed under "Creative Commons: CC BY-SA 4.0 license". +* All content that resides under the "authentik/enterprise/" directory of this repository, if that directory exists, is licensed under the license defined in "authentik/enterprise/LICENSE". +* All client-side JavaScript (when served directly or after being compiled, arranged, augmented, or combined), is licensed under the "MIT Expat" license. +* All third party components incorporated into the authentik are licensed under the original license provided by the owner of the applicable component. +* Content outside of the above mentioned directories or restrictions above is available under the "MIT" license as defined below. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/authentik/api/v3/config.py b/authentik/api/v3/config.py index e7f815b43..b0d825105 100644 --- a/authentik/api/v3/config.py +++ b/authentik/api/v3/config.py @@ -29,6 +29,7 @@ class Capabilities(models.TextChoices): CAN_GEO_IP = "can_geo_ip" CAN_IMPERSONATE = "can_impersonate" CAN_DEBUG = "can_debug" + IS_ENTERPRISE = "is_enterprise" class ErrorReportingConfigSerializer(PassiveSerializer): @@ -70,6 +71,8 @@ class ConfigView(APIView): caps.append(Capabilities.CAN_IMPERSONATE) if settings.DEBUG: # pragma: no cover caps.append(Capabilities.CAN_DEBUG) + if "authentik.enterprise" in settings.INSTALLED_APPS: + caps.append(Capabilities.IS_ENTERPRISE) return caps def get_config(self) -> ConfigSerializer: diff --git a/authentik/enterprise/LICENSE b/authentik/enterprise/LICENSE new file mode 100644 index 000000000..4c9ad4a75 --- /dev/null +++ b/authentik/enterprise/LICENSE @@ -0,0 +1,45 @@ +The authentik Enterprise Edition (EE) license (the “EE License”) +Copyright (c) 2022-present Authentik Security Inc. + +With regard to the authentik Software: + +This software and associated documentation files (the "Software") may only be +used in production, if you (and any entity that you represent) have agreed to, +and are in compliance with, the Authentik Subscription Terms of Service, available +at https://goauthentik.io/legal/terms (the "EE Terms"), or other +agreement governing the use of the Software, as agreed by you and authentik Security Inc, +and otherwise have a valid authentik Enterprise Edition subscription for the +correct number of user seats. Subject to the foregoing sentence, you are free to +modify this Software and publish patches to the Software. You agree that Authentik +Security Inc. and/or its licensors (as applicable) retain all right, title and interest +in and to all such modifications and/or patches, and all such modifications and/or +patches may only be used, copied, modified, displayed, distributed, or otherwise +exploited with a valid authentik Enterprise Edition subscription for the correct +number of user seats. Notwithstanding the foregoing, you may copy and modify +the Software for development and testing purposes, without requiring a +subscription. You agree that Authentik Security Inc. and/or its +licensors (as applicable) retain all right, title and interest in +and to all such modifications. You are not granted any other rights +beyond what is expressly stated herein. Subject to the +foregoing, it is forbidden to copy, merge, publish, distribute, sublicense, +and/or sell the Software. + +This EE License applies only to the part of this Software that is not +distributed as part of authentik Open Source (OSS). Any part of this Software +distributed as part of authentik OSS or is served client-side as an image, font, +cascading stylesheet (CSS), file which produces or is compiled, arranged, +augmented, or combined into client-side JavaScript, in whole or in part, is +copyrighted under the MIT license. The full text of this EE License shall +be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +For all third party components incorporated into the authentik Software, those +components are licensed under the original license provided by the owner of the +applicable component. diff --git a/authentik/enterprise/apps.py b/authentik/enterprise/apps.py new file mode 100644 index 000000000..02062aa3e --- /dev/null +++ b/authentik/enterprise/apps.py @@ -0,0 +1,11 @@ +"""Enterprise app config""" +from authentik.blueprints.apps import ManagedAppConfig + + +class AuthentikEnterpriseConfig(ManagedAppConfig): + """Enterprise app config""" + + name = "authentik.enterprise" + label = "authentik_enterprise" + verbose_name = "authentik Enterprise" + default = True diff --git a/authentik/enterprise/settings.py b/authentik/enterprise/settings.py new file mode 100644 index 000000000..916dbce3b --- /dev/null +++ b/authentik/enterprise/settings.py @@ -0,0 +1 @@ +"""Enterprise additional settings""" diff --git a/authentik/root/settings.py b/authentik/root/settings.py index 61362bfab..36c815d49 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -492,3 +492,12 @@ if DEBUG: INSTALLED_APPS.append("authentik.core") CONFIG.log("info", "Booting authentik", version=__version__) + +# Attempt to load enterprise app, if available +try: + importlib.import_module("authentik.enterprise.apps") + CONFIG.log("info", "Enabled authentik enterprise") + INSTALLED_APPS.append("authentik.enterprise") + _update_settings("authentik.enterprise.settings") +except ImportError: + pass diff --git a/website/src/pages/legal/terms.md b/website/src/pages/legal/terms.md new file mode 100644 index 000000000..e57c9c9c4 --- /dev/null +++ b/website/src/pages/legal/terms.md @@ -0,0 +1,107 @@ +--- +title: Authentik Subscription Terms +--- + +# Authentik Subscription Terms + +By signing this agreement, you and any entity that you represent ("Customer") are unconditionally consenting to be bound by and are becoming a party to these Authentik Subscription Terms ("Agreement") as of the date of Customer's first download of the Licensed Materials (the "Effective Date"). + +Customer's continued use of the software or any Licensed Materials provided by Authentik Security Inc. (a Delaware corporation with its principal offices located on Market St in San Francisco CA) or one of its affiliates and/or subsidiaries, as specified on an order form or quote ("Authentik") shall also constitute assent to the terms of this agreement. + +If these terms are considered an offer, acceptance is expressly limited to these terms. If you are executing this agreement on behalf of an organization, you represent that you have the authority to do so. + +## 1. LICENSE AND SUPPORT + +1.1 Subject to the terms and conditions of this Agreement, Authentik hereby grants to Customer and its Affiliates (as defined below) a limited, non-exclusive, non-transferable, non-sublicensable license for Customer’s and its Affiliates’ employees and contractors to (1) internally (a) use, reproduce, modify, prepare derivative works based upon, and display the code of Authentik Enterprise Edition ("Authentik EE") at the tier level selected by Customer or set forth on a Quote (as defined below), if applicable with the specifications generally promulgated by Authentik from time to time (the “Software”) solely (i) for its internal use in connection with the development of Customer’s and/or its Affiliates’ own software, and (ii) by the number of Hosts (defined below) for which Customer has paid Authentik; and (b) use the documentation, training materials or other materials supplied by Authentik (the “Other Authentik Materials”); and (2) modify the Software and publish patches to the Software. + +Notwithstanding anything to the contrary, Customer agrees that Authentik and/or its licensors (as applicable) retain all right, title and interest in and to all Software incorporated in such modifications and/or patches, and all such Software may only be used, copied, modified, displayed, distributed, or otherwise exploited in full compliance with this Agreement, and with a valid Authentik Enterprise Edition subscription for the correct number of Hosts. + +The Software and Other Authentik Materials are collectively referred to herein as the “Licensed Materials.” + +“Affiliate” means any entity(ies) controlling, controlled by, and/or under common control with a party hereto, where “control” means the ownership of more than 50% of the voting securities in such entity. + +"User" means each individual end-user (person or machine) of Customer and/or its Affiliates (including, without limitation, employees, agents or consultants thereof) with access to the Licensed Materials hereunder. + +"Host" means each individual machine (real or virtual, including servers, containers, workstations, smartphones, POS, industrial controls, gateways, sensors, IoT endpoints, or any other physical or simulated computing interface or machine) of Customer and/or its Affiliates (including, without limitation, employees, agents or consultants thereof) with access to Licensed Materials hereunder. + +1.2 Subject to the terms hereof, Authentik will provide reasonable support to Customer for the Licensed Materials as set forth at https://authentikdm.com, for the support plan selected and paid for by Customer. Notwithstanding anything to the contrary, in the event that Customer does not reasonably comply with written specifications or instructions from Authentik’s service engineers regarding any support issue or request (including without limitation, failure to make backups of Customer’s Licensed Materials) (each, a “Support Issue”), Authentik may terminate its support obligations to Customer with respect to such Support Issue upon fifteen (15) days’ written notice if Customer does not cure such noncompliance within the notice period. + +1.2.1 Authentik will use reasonable commercial efforts to respond to support questions by phone or email during the next business day. The number of support questions is not limited. + +## 2. RESTRICTIONS AND RESPONSIBILITIES + +2.1 Except as expressly authorized in Section 1.1, Customer will not, and will not permit any third party to: use the Licensed Materials for any purpose other than as specifically authorized in Section 1, or in such a manner that would enable any unlicensed person to access the Licensed Materials; use the Licensed Materials or any other Authentik software for timesharing or service bureau purposes or for any purpose other than its and its Affiliates’ own internal use (including without limitation, sublicensing, distributing, selling, reselling any of the foregoing); except as expressly permitted herein; use the Licensed Materials in connection with any high risk or strict liability activity (including, without limitation, space travel, firefighting, police operations, power plant operation, military operations, rescue operations, hospital and medical operations or the like); use the Licensed Materials or software other than in accordance with this Agreement and in compliance with all applicable laws and regulations (including but not limited to any privacy laws, and laws and regulations concerning intellectual property, consumer and child protection, obscenity or defamation); or use the Licensed Materials in any manner that (1) is harmful, fraudulent, deceptive, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, or libelous (including without limitation, accessing any computer, computer system, network, software, or data without authorization, breaching the security of another user or system, and/or attempting to circumvent any Host or User authentication or security process), (2) impersonates any person or entity, including without limitation any employee or representative of Authentik, or (3) contains a virus, trojan horse, worm, time bomb, unsolicited bulk, commercial, or “spam” message, or other harmful computer code, file, or program (including without limitation, password guessing programs, decoders, password gatherers, keystroke loggers, cracking tools, packet sniffers, and/or encryption circumvention programs). + +2.2 Customer will cooperate with Authentik in connection with the performance of this Agreement by making available such personnel and information as may be reasonably required, and taking such other actions as Authentik may reasonably request. Customer will also cooperate with Authentik in establishing a password or other procedures for verifying that only designated employees of Customer have access to any administrative functions of the Licensed Materials. Customer shall maintain during the term of this Agreement and through the end of the third year after the date on which the final payment is made under this Agreement, books, records, contracts and accounts relating to the payments due Authentik under this Agreement (collectively, the “Customer Records”). Authentik may, at its sole expense, upon 30 days’ prior written notice to Customer and during Customer’s normal business hours and subject to industry-standard confidentiality obligations, hire an independent third party auditor to audit the Customer Records only to verify the amounts payable under this Agreement. If an audit reveals underpayment, then Customer shall promptly pay the deficiency to Authentik plus late fees pursuant to Section 5.2. Authentik shall bear the cost of an audit unless the audit reveals underpayment by more than 5% for the audited period, in which case Customer shall promptly pay Authentik for the reasonable costs of the audit. + +2.3 Customer will be responsible for maintaining the security of Customer’s account, passwords (including but not limited to administrative and User passwords and credentials for Hosts like e) and files, and for all uses of Customer account with or without Customer’s knowledge or consent. + +## 3. CONFIDENTIALITY + +3.1 Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose information relating to the Disclosing Party’s technology or business (hereinafter referred to as “Proprietary Information” of the Disclosing Party). Without limiting the foregoing, the Licensed Materials are Authentik Proprietary Information. + +3.2 The Receiving Party agrees: (i) not to divulge to any third person any such Proprietary Information, (ii) to give access to such Proprietary Information solely to those employees with a need to have access thereto for purposes of this Agreement, and (iii) to take the same security precautions to protect against disclosure or unauthorized use of such Proprietary Information that the party takes with its own proprietary information, but in no event will a party apply less than reasonable precautions to protect such Proprietary Information. The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party, or (b) was in its possession or known by it prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing Proprietary Information pursuant to any judicial or governmental order, provided that the Receiving Party gives the Disclosing Party reasonable prior notice of such disclosure to contest such order. In any event, Authentik may collect data with respect to and report on the aggregate response rate and other aggregate measures of the Licensed Materials’ performance and Customer’s usage of the Licensed Materials; provided that Authentik will not identify Customer as the source of any such data without Customer’s prior written consent. For the avoidance of doubt, use of a third party to host the data collected shall not be deemed a disclosure. + +3.3 Each party acknowledges and agrees that the other may suffer irreparable damage in the event of a breach of the terms of Sections 1.1, 2.1 or 3.2 of this Agreement and that such party will be entitled to seek injunctive relief (without the necessity of posting a bond) in the event of any such breach. + +3.4 Both parties will have the right to disclose the existence of the relationship between the parties, but not the terms and conditions of this Agreement, unless such disclosure of the Agreement terms is approved in writing by both Parties prior to such disclosure, or is included in a filing required to be made by a party with a governmental authority (provided such party will use reasonable efforts to obtain confidential treatment or a protective order) or is made on a confidential basis as reasonably necessary to potential investors or acquirers. + +## 4. INTELLECTUAL PROPERTY RIGHTS + +4.1 Except as expressly set forth herein, Authentik alone (and its licensors, where applicable) will retain all intellectual property rights relating to the Licensed Materials and any suggestions, ideas, enhancement requests, feedback, code, or other recommendations provided by Customer, its Affiliates or any third party relating to the Licensed Materials, which are hereby assigned to Authentik. This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Licensed Materials, or any intellectual property rights. + +4.2 Customer shall not remove, alter or obscure any of Authentik’s (or its licensors’) copyright notices, proprietary legends, trademark or service mark attributions, patent markings or other indicia of Authentik’s (or its licensors’) ownership or contribution from the Licensed Materials. Additionally, Customer agrees to reproduce and include Authentik’s (and its licensors’) proprietary and copyright notices on any copies of the Licensed Materials, or on any portion thereof, including reproduction of the copyright notice. Notwithstanding anything to the contrary herein, certain components of the Licensed Materials, including without limitation, any component of the Licensed Materials distributed by Authentik as part of the Authentik Community Edition, are licensed by third parties pursuant to the terms of certain third party licenses described in such source code annotations. + +4.3 Customer and its licensors shall (and Customer hereby represents and warrants that they do) have and retain all right, title and interest (including, without limitation, sole ownership of) all software, information, content and data provided by or on behalf of Customer or made available or otherwise distributed through use of the Licensed Materials (“Content”) and the intellectual property rights with respect to that Content. If Authentik receives any notice or claim that any Content, or Customer’s activities hereunder (including without limitation, with respect to any Content), infringes or violates the rights of a third party or any applicable law or regulation (a “Claim”), Customer will indemnify, defend and hold Authentik harmless from all liability, damages, settlements, attorney fees and other costs and expenses in connection with any such Claim, as incurred. The immediately foregoing indemnity obligations are expressly conditioned on Authentik providing Customer with prompt notice of, and reasonable cooperation and sole control over the defense and/or settlement of the applicable Claim. Subject to the foregoing, Authentik may participate in the defense and/or settlement of any applicable Claim with counsel of its choosing at its own expense. + +4.4 Authentik will defend, indemnify and hold Customer harmless from liability and other amounts paid or payable to unaffiliated third parties resulting from (i) the infringement or violation of any intellectual property or proprietary rights by the Licensed Materials or (ii) the violation of applicable law or regulation by Authentik in performance of its obligations hereunder, provided Authentik is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement thereof. Subject to the foregoing, Customer may participate in the defense and/or settlement of any claim that is indemnifiable by Authentik with counsel of its choosing at its own expense. The foregoing obligations do not apply with respect to portions or components of the Licensed Materials (i) not created by Authentik, (ii) that are modified after delivery by Authentik, (iii) combined with other products, processes or materials where the alleged infringement relates to such combination, (iv) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (v) where Customer’s use of the Licensed Materials is not strictly in accordance with this Agreement and all related documentation. + +## 5. PAYMENT OF FEES + +5.1 Unless and until Authentik and Customer have executed a quote document specifically referencing this Agreement with respect to amounts due on account of the Licensed Materials (a “Quote”, which is hereby incorporated by reference, if applicable), and unless Customer’s subscription to (and payment with respect to) the Licensed Materials has been made on Customer’s behalf by a reseller, Customer will pay Authentik the applicable fees as set forth at https://authentikdm.com (the “Pricing”) for the Licensed Materials selected and/or used by Customer (the “Fees”) without any right of set-off or deduction. On each anniversary of the Effective Date, Authentik will invoice Customer (or its reseller, if applicable) with respect to any and all additional Customer Hosts of the Licensed Materials beyond those for whom Customer has pre-paid, as of such date (and for whom the Fees due pursuant to such invoice will be the then-current per-year Host fee with respect to the year just ended, and the then current per-year Host fee with respect to all subsequent years, unless otherwise agreed in writing by both parties (collectively, a “True-Up”)). For Customers that have pre-paid all Fees for multi-year subscriptions for Licensed Materials pursuant to a Quote, on each anniversary of the Effective Date during the term of this Agreement, (i) a new license key will be provided, and (ii) a True-Up will be conducted. All additional Hosts purchased shall be co-terminated through the end of the original Subscription period. + +5.2 All payments will be made in accordance with the payment schedule and the method of payment set forth in the Pricing. If not otherwise specified, (a) Authentik will invoice Customer with respect to Fees up-front, for each term of the Customer's subscription (as applicable), and (b) payments will be due within thirty (30) days of Customer's receipt of correct invoice. Except as expressly set forth in this Agreement, all Fees paid and/or due hereunder (including any prepaid amounts) are non-refundable, including without limitation if this Agreement is terminated in accordance with Section 6 below. If Customer terminates this Agreement pursuant to Section 6.2 within 45 calendar days from receipt of the initial invoice for the Licensed Materials, Authentik will refund all Fees paid hereunder. + +5.3 Any unpaid fees are subject to a finance charge of one percent (1.0%) per month, or the maximum permitted by law, whichever is lower, plus all expenses of collection, including reasonable attorneys’ fees. Fees under this Agreement are exclusive of all taxes, including national, state or provincial and local use, sales, value-added, property and similar taxes, if any. Customer agrees to pay such taxes (excluding US taxes based on Authentik's net income) unless Customer has provided Authentik with a valid exemption certificate. In the case of any withholding requirements, Customer will pay any required withholding itself and will not reduce the amount paid to Authentik on account thereof. + +## 6. TERMINATION + +6.1 This Agreement shall continue until terminated in accordance with this Section 6. Either party may terminate this Agreement upon 15 days’ written notice to the other party hereto in the event that Customer has no then-current subscription and license key with respect to the Licensed Materials. + +6.2 Customer may terminate this Agreement at any time upon written notice to Authentik. Either party may terminate this Agreement immediately upon 15 days’ written notice to the other party in the event of any material breach of this Agreement (including without limitation, any breach of Section 2.2 and/or failure to pay any amounts when due hereunder) by such party where such material breach is not cured during such notice period. + +6.3 Either party may terminate this Agreement, without notice, (i) upon the institution by or against the other party of insolvency, receivership or bankruptcy proceedings (provided such proceedings are not dismissed within one hundred twenty (120) days of such institution), (ii) upon the other party's making an assignment for the benefit of creditors, or (iii) upon the other party's dissolution or ceasing to do business without a successor. + +6.4 Customer’s rights to the Licensed Materials, and any licenses granted hereunder, shall terminate upon any termination of this Agreement. In the event that Customer terminates this Agreement pursuant to the second sentence of Section 6.2 above, Authentik will refund to Customer a pro-rated portion of pre-paid Fees for Services not actually received by Customer as of the date of such termination. The following Sections will survive any termination of this Agreement: 2 through 6 (except for Section 4.3), and 8 through 11. + +## 7. WARRANTY; CUSTOMER SOFTWARE SECURITY + +Authentik represents and warrants that (i) it has all rights and licenses necessary for it to perform its obligations hereunder, and (ii) it will not knowingly include, in any Authentik software released to the public and provided to Customer hereunder, any computer code or other computer instructions, devices or techniques, including without limitation those known as disabling devices, trojans, or time bombs, that are intentionally designed to disrupt, disable, harm, infect, defraud, damage, or otherwise impede in any manner, the operation of a network, computer program or computer system or any component thereof, including its security or user data. If, at any time, Authentik fails to comply with the warranty in this Section, Customer may promptly notify Authentik in writing of any such noncompliance. Authentik will, within thirty (30) days of receipt of such written notification, either correct the noncompliance or provide Customer with a plan for correcting the noncompliance. If the noncompliance is not corrected or if a reasonably acceptable plan for correcting them is not established during such period, Customer may terminate this Agreement as its sole and exclusive remedy for such noncompliance. + +## 8. WARRANTY DISCLAIMER + +EXCEPT AS EXPRESSLY STATED HEREIN, THE LICENSED MATERIALS, SOFTWARE AND AUTHENTIK PROPRIETARY INFORMATION AND ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED "AS-IS," WITHOUT ANY WARRANTIES OF ANY KIND. AUTHENTIK AND ITS LICENSORS HEREBY DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. + +## 9. LIMITATION OF LIABILITY + +EXCEPT WITH RESPECT TO BREACH(ES) OF SECTION 1.1 AND/OR 2.1, IN NO EVENT WILL EITHER PARTY OR THEIR LICENSORS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THE LICENSED MATERIALS OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT, ANY DELAY OR INABILITY TO USE THE LICENSED MATERIALS OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE ARISING FROM THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, LOSS OF REVENUE OR ANTICIPATED PROFITS OR LOST BUSINESS OR LOST SALES, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES. EXCEPT WITH RESPECT TO BREACH(ES) OF SECTION 1.1 AND/OR 2.1, THE TOTAL LIABILITY OF EACH PARTY AND ITS LICENSORS, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE OR STRICT LIABILITY), OR OTHERWISE, WILL NOT EXCEED, IN THE AGGREGATE, THE GREATER OF (i) ONE THOUSAND DOLLARS ($1,000), OR (ii) THE FEES PAID TO AUTHENTIK HEREUNDER IN ONE YEAR PERIOD ENDING ON THE DATE THAT A CLAIM OR DEMAND IS FIRST ASSERTED. THE FOREGOING LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. + +## 10. U.S. GOVERNMENT MATTERS + +Notwithstanding anything else, Customer may not provide to any person or export or re-export or allow the export or re-export of the Licensed Materials or any software or anything related thereto or any direct product thereof (collectively “Controlled Subject Matter”), in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. Without limiting the foregoing Customer acknowledges and agrees that the Controlled Subject Matter will not be used or transferred or otherwise exported or re-exported to countries as to which the United States maintains an embargo (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders (collectively, “Designated Nationals”). The lists of Embargoed Countries and Designated Nationals are subject to change without notice. Use of the Licensed Materials is representation and warranty that neither the User nor Host is located in, under the control of, or a national or resident of an Embargoed Country or Designated National. The Controlled Subject Matter may use or include encryption technology that is subject to licensing requirements under the U.S. Export Administration Regulations. As defined in FAR section 2.101, any software and documentation provided by Authentik are “commercial items” and according to DFAR section 252.2277014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement. + +## 11. MISCELLANEOUS + +If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement is not assignable, transferable or sublicensable by either party without the other party’s prior written consent, not to be unreasonably withheld or delayed; provided that either party may transfer and/or assign this Agreement to a successor in the event of a sale of all or substantially all of its business or assets to which this Agreement relates. Both parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed or otherwise agreed to by each party, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and neither party has any authority of any kind to bind the other in any respect whatsoever. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Authentik will not be liable for any loss resulting from a cause over which it does not have direct control. This Agreement will be governed by the laws of the State of California, U.S.A. without regard to its conflict of laws provisions. The federal and state courts sitting in San Francisco County, California, U.S.A. will have proper and exclusive jurisdiction and venue with respect to any disputes arising from or related to the subject matter of this Agreement. + +## 12. DATA PRIVACY + +Customer shall ensure that any and all information or data, including without limitation, personal data, used by Customer in connection with the Agreement (“Customer Data”) is collected, processed, transferred and used in full compliance with Applicable Data Protection Laws (as defined below) and that it has all obtained all necessary authorizations and consents from any data subjects to process Customer Data. Customer shall adopt and maintain appropriate organizational, technical and security measures prior to any such collection, processing or transfer in order to protect against unauthorized access to or use of Customer Data. Customer shall immediately inform Authentik upon becoming aware of any breach within the meaning of Applicable Data Protection Law relating to Customer Data (a “Security Incident”) and to cooperate with Authentik in any investigation thereof and in the implementation of any measures reasonably required to be taken in response thereto. If required by Applicable Data Protection Laws, the parties will enter into standard contractual clauses under GDPR (as defined below) for the transfer of any Customer Data outside of the European Union. For purposes hereof: (a) “Applicable Data Protection Laws” means any applicable laws, statutes or regulations as may be amended, extended or re-enacted from time to time which relate to personal data including without limitation (i) prior to 25 May 2018, the EU Data Protection Directive 95/46/EC as transposed into EU Member State law; (ii) from and after 25 May 2018, GDPR and any EU Member State laws implementing the GDPR; and (iii) the e-Privacy Directive 2002/58/EC, as amended and as transposed into EU Member State law and any legislation replacing the e-Privacy Directive and (b) “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Counsel of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, + +[THE REMAINDER OF THIS PAGE INTENTIONALLY LEFT BLANK] + +**IN WITNESS WHEREOF,** the parties have executed this Agreement as of the Effective Date. + +_This work, "authentik Subscription Terms", is a derivative of "[Fleet Subscription Terms](https://fleetdm.com/legal/terms)", by [Fleet Device Management Inc.](https://fleetdm.com/handbook/company), used under CC BY-SA 4.0. "authentik Subscription Terms" is licensed under CC BY-SA 4.0 by Authentik Security Inc._ + +[![License: CC BY-SA 4.0](https://licensebuttons.net/l/by-sa/4.0/80x15.png)](https://creativecommons.org/licenses/by-sa/4.0/)