diff --git a/.env.sample b/.env.sample
index 900589c..f267524 100644
--- a/.env.sample
+++ b/.env.sample
@@ -34,6 +34,7 @@ AUTHENTIK_IMPERSONATION=true
 WELCOME_MESSAGE="Welcome to Authentik"
 DEFAULT_LANGUAGE=en
 AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
+LOGOUT_REDIRECT="https://$DOMAIN"
 COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/"
 
 EMAIL_SUBJECT="Account Recovery"
diff --git a/compose.yml b/compose.yml
index 28161a9..c4e886c 100644
--- a/compose.yml
+++ b/compose.yml
@@ -26,6 +26,7 @@ x-env: &env
     - EMAIL_SUBJECT
     - EMAIL_TOKEN_EXPIRY_MINUTES
     - DOMAIN
+    - LOGOUT_REDIRECT
 
 version: '3.8'
 services:
@@ -91,6 +92,7 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
       - custom-templates:/templates
       - /dev/null:/blueprints/default/10-flow-default-authentication-flow.yaml
+      - /dev/null:/blueprints/default/10-flow-default-invalidation-flow.yaml
     configs:
       - source: custom_flows
         target: /blueprints/custom_flows.yaml
diff --git a/custom_flows.yaml.tmpl b/custom_flows.yaml.tmpl
index 099ddea..d81cf6a 100644
--- a/custom_flows.yaml.tmpl
+++ b/custom_flows.yaml.tmpl
@@ -334,6 +334,55 @@ entries:
     target: !KeyOf invitation-enrollment-flow
   model: authentik_flows.flowstagebinding
 
+######## Invalidation Flow ########
+- identifiers:
+    slug: logout-flow
+  id: logout-flow
+  model: authentik_flows.flow
+  attrs:
+    name: Logout
+    title: Logout Flow
+    designation: invalidation
+
+### STAGES
+
+- id: logout-stage
+  identifiers:
+    name: logout-stage
+  model: authentik_stages_user_logout.userlogoutstage
+
+### STAGE BINDINGS
+
+- identifiers:
+    order: 0
+    stage: !KeyOf logout-stage
+    target: !KeyOf logout-flow
+  model: authentik_flows.flowstagebinding
+  attrs:
+    re_evaluate_policies: true
+  id: logout-stage-binding
+
+### POLICIES
+- attrs:
+    execution_logging: true
+    expression: 'context[''flow_plan''].context[''redirect''] = ''{{ env "LOGOUT_REDIRECT" }}''
+
+    return True'
+  identifiers:
+    name: redirect-policy
+  id: redirect-policy
+  model: authentik_policies_expression.expressionpolicy
+
+### POLICY BINDINGS
+- identifiers:
+    policy: !KeyOf redirect-policy
+    target: !KeyOf logout-stage-binding
+    order: 0
+  model: authentik_policies.policybinding
+  attrs:
+    enabled: {{ if eq (env "LOGOUT_REDIRECT") "" }} false {{ else }} true {{ end }}
+    timeout: 30
+
 ######## System Tenant ##########
 - attrs:
     attributes:
@@ -347,7 +396,7 @@ entries:
     # event_retention: days=365
     flow_authentication: !KeyOf authentication_flow
     flow_recovery: !KeyOf recovery_flow
-    flow_invalidation: !Find [authentik_flows.flow, [slug, default-invalidation-flow]]
+    flow_invalidation: !KeyOf logout-flow
     flow_user_settings: !Find [authentik_flows.flow, [slug, default-user-settings-flow]]
   identifiers:
     pk: 047cce25-aae2-4b02-9f96-078e155f803d