website: bump prettier from 3.5.3 to 3.6.0 in /website (#15199)
* website: bump prettier from 3.5.3 to 3.6.0 in /website Bumps [prettier](https://github.com/prettier/prettier) from 3.5.3 to 3.6.0. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/prettier/compare/3.5.3...3.6.0) --- updated-dependencies: - dependency-name: prettier dependency-version: 3.6.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
dependabot[bot]
@ -29,7 +29,6 @@ To support the integration of 1Password with authentik, you need to create an ap
|
||||
|
||||
1. Log in to authentik as an administrator, and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
@ -89,7 +88,6 @@ To support automated user provisioning, you need to create a group, and a SCIM p
|
||||
|
||||
1. Log in to authentik as an admin, and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Providers** and click **Create**
|
||||
|
||||
- **Choose a Provider type**: select **SCIM** as the provider type.
|
||||
- **Configure the Provider**: provide a name (e.g. `1password-scim`), and the following required configurations.
|
||||
- Set the **URL** to `scim-bridge.company`.
|
||||
|
||||
@ -32,7 +32,6 @@ To support the integration of Actual Budget with authentik, you need to create a
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
@ -97,7 +97,6 @@ Apple Business Manager requires that we create three scope mappings for our OIDC
|
||||
1. From the authentik Admin interface, navigate to **Customization -> Property Mappings** and click **Create**.
|
||||
|
||||
2. Select **Scope Mapping** and use the following values:
|
||||
|
||||
- **Name**: `Apple Business Manager profile`
|
||||
- **Scope Name**: `profile`
|
||||
- **Description**: _[optional]_ Set to inform user
|
||||
@ -122,7 +121,6 @@ Apple Business Manager requires that we create three scope mappings for our OIDC
|
||||
1. On the **Property Mappings** list, click **Create**.
|
||||
|
||||
2. Select **Scope Mapping** and use the following values:
|
||||
|
||||
- **Name**: `Apple Business Manager ssf.read`
|
||||
- **Scope Name**: `ssf.read`
|
||||
- **Description**: _[optional]_ Set to inform user
|
||||
@ -135,7 +133,6 @@ Apple Business Manager requires that we create three scope mappings for our OIDC
|
||||
1. On the **Property Mappings** list, click **Create**.
|
||||
|
||||
2. Select **Scope Mapping** and use the following values:
|
||||
|
||||
- **Name**: `Apple Business Manager ssf.manage`
|
||||
- **Scope Name**: `ssf.manage`
|
||||
- **Description**: _[optional]_ Set to inform user
|
||||
@ -154,7 +151,6 @@ You can either generate a new key or import an existing one.
|
||||
|
||||
1. From the Admin interface, navigate to **System -> Certificates**
|
||||
2. Click **Generate**, select **Signing Key**, and use the following values:
|
||||
|
||||
- **Common Name**: `apple-business-manager`
|
||||
|
||||
3. Click **Generate** and confirm that the new key is listed in the **Certificates** overview.
|
||||
@ -165,7 +161,6 @@ Alternatively, you can use an existing key if you have one available.
|
||||
|
||||
1. From the Admin interface, navigate to **System -> Certificates**.
|
||||
2. Click **Create** and use the following values:
|
||||
|
||||
- **Name**: `apple-business-manager`
|
||||
- **Certificate**: Paste in your certificate
|
||||
- **Private Key**: _[optional]_ Pastein your private key
|
||||
@ -184,7 +179,6 @@ You can always find your provider's generated values by navigating to **Provider
|
||||
|
||||
1. From the authentik Admin interface, navigate to **Applications -> Providers** and click **Create**.
|
||||
2. For the **Provider Type** select **OAuth2/OpenID Provider**, click **Next**, and use the following values.
|
||||
|
||||
- **Name**: `Apple Business Manager`
|
||||
- **Authorization flow**: Select a flow that suits your organization's requirements.
|
||||
- **Protocol settings**:
|
||||
@ -214,7 +208,6 @@ While the OIDC provider handles the authentication flow, you'll need to create a
|
||||
1. From the authentik Admin interface, navigate to **Applications -> Providers** and click **Create**.
|
||||
2. Select **Shared Signals Framework Provider** and use the following values.
|
||||
Any fields that can be left as their default values are omitted from the list.
|
||||
|
||||
- **Name** `Apple Business Manager SSF`
|
||||
- **Signing Key**: `[Your Signing Key]`
|
||||
- **Event Retention**: `days=30`
|
||||
@ -244,7 +237,6 @@ The authentik user you will use to test the stream connection to Apple Business
|
||||
### 6. Create application
|
||||
|
||||
1. From the authentik Admin interface, navigate to **Applications -> Applications**, click **Create**, and use the following values:
|
||||
|
||||
- **Name**: Apple Business Manager
|
||||
- **Slug**: `abm`
|
||||
- **Provider**: `Apple Business Manager`
|
||||
@ -260,9 +252,7 @@ The authentik user you will use to test the stream connection to Apple Business
|
||||
Before proceeding to Apple Business Manager, let's go over the values you've copied from authentik.
|
||||
|
||||
1. Verify that you have all the necessary values in your text editor:
|
||||
|
||||
- From the `Apple Business Manager` provider:
|
||||
|
||||
- [x] `Client ID`
|
||||
- [x] `Client Secret`
|
||||
- [x] `OpenID Configuration URL`
|
||||
@ -271,7 +261,6 @@ Before proceeding to Apple Business Manager, let's go over the values you've cop
|
||||
- [x] `SSF Config URL`
|
||||
|
||||
2. Modify URLs to include the default HTTPS port. Apple requires the port number to be included when providing the URLs in the configuration.
|
||||
|
||||
- Add port 443 to the SSF Config URL that you copied from the `Apple Business Manager SSF` provider:
|
||||
|
||||
```diff
|
||||
@ -349,7 +338,6 @@ You're now ready to configure federated authentication with authentik.
|
||||
3. To define how you want users to sign in, choose **Custom Identity Provider** and click **Continue**.
|
||||
|
||||
4. On the **Set up your Custom Identity Provider** page, use the following values:
|
||||
|
||||
- **Name**: `authentik`
|
||||
- **Client ID**: _`Your Client ID`_
|
||||
- **Client Secret**: _`Your Client Secret`_
|
||||
@ -387,7 +375,6 @@ When creating test users, ensure that their role is set to Standard (or Student)
|
||||
|
||||
1. From the [Apple Business Manager dashboard](https://business.apple.com/), click **Users** on the sidebar, then click **Add**.
|
||||
2. In the **Add New User** dialog, use the following values:
|
||||
|
||||
- **First Name**: `Jessie`
|
||||
- **Last Name**: `Lorem`
|
||||
- **Email**: `jessie@authentik.company`
|
||||
|
||||
@ -29,7 +29,6 @@ To support the integration of ArgoCD with authentik, you need to create an appli
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
@ -40,7 +40,6 @@ To support the integration of Atlassian Cloud with authentik, you need to create
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- Note the application slug, it will be required when filling out the **Identity provider SSO URL** later on.
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
|
||||
@ -40,9 +40,7 @@ To support the integration of AWS with authentik using the classic IAM method, y
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create two **SAML Provider Property Mapping**s with the following settings:
|
||||
|
||||
- **Role Mapping:**
|
||||
|
||||
- **Name**: Choose a descriptive name
|
||||
- **SAML Attribute Name**: `https://aws.amazon.com/SAML/Attributes/Role`
|
||||
- **Friendly Name**: Leave blank
|
||||
|
||||
@ -72,7 +72,6 @@ Beszel uses PocketBase as its server backend, and when you install Beszel you au
|
||||
## User Creation
|
||||
|
||||
1. Manually Creating Users:
|
||||
|
||||
- Users are not created automatically when logging in with authentik. The owner must manually create each user in Beszel.
|
||||
- To create users, go to the System Settings where you configured OpenID Connect.
|
||||
- The URL for user creation is: `https://beszel.company>/\_/#/collections?collection=pb_users_auth`.
|
||||
|
||||
@ -46,10 +46,8 @@ Bitwarden requires a first and last name for every user. However, authentik, by
|
||||
|
||||
1. Log in to authentik as an administrator, and open the authentik Admin interface.
|
||||
2. Navigate to **Customization** > **Property Mappings** and click **Create**.
|
||||
|
||||
- **Select type**: select **Scope Mapping**.
|
||||
- **Configure the Scope Mapping**: Provide a descriptive name (e.g. `Bitwarden Profile Scope`), and an optional description.
|
||||
|
||||
- **Scope name**: `profile`
|
||||
- **Expression**:
|
||||
|
||||
@ -70,7 +68,6 @@ Bitwarden requires a first and last name for every user. However, authentik, by
|
||||
|
||||
1. Log in to authentik as an administrator, and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
@ -90,7 +87,6 @@ Bitwarden requires a first and last name for every user. However, authentik, by
|
||||
|
||||
1. Log in to the [Bitwarden dashboard](https://vault.bitwarden.com/#/login) as an administrator (choose `Accessing: bitwarden.eu` for Bitwarden accounts based in the EU). If you are using a self-hosted Bitwarden, go to `https://bitwarden.company/#/login`.
|
||||
2. In the sidebar, navigate to **Admin Console** > **Settings** > **Single sign-on**, and enter the following settings:
|
||||
|
||||
- **Allow SSO authentication**: Select this option.
|
||||
- **SSO Identifier**: enter a globally unique SSO identifier (this is not required if using self-hosted Bitwarden, or if you have claimed a domain, see the [Bitwarden Claimed Domains documentation](https://bitwarden.com/help/claimed-domains/)).
|
||||
- **Type**: `OIDC`
|
||||
@ -116,7 +112,6 @@ To support the integration of Bitwarden with authentik, you need to create an ap
|
||||
|
||||
1. Log in to authentik as an administrator, and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later.
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
@ -44,7 +44,6 @@ To support the integration of BookStack with authentik, you need to create an ap
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
@ -29,7 +29,6 @@ To support the integration of Budibase with authentik, you need to create an app
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
@ -29,7 +29,6 @@ To support the integration of FileRise with authentik, you need to create an app
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
@ -38,11 +38,9 @@ The workflow to configure authentik as a single sign-on for Fleet involves creat
|
||||
2. For the **App name** enter `Fleet` and click **Next**.
|
||||
|
||||
3. For the **Provider Type** select **SAML**, click **Next**, and use the following values.
|
||||
|
||||
- **Name**: `Fleet`
|
||||
- **Authorization flow**: Select a flow that suits your organization's requirements.
|
||||
- **Protocol settings**:
|
||||
|
||||
- **Assertion Consumer Service URL**: `https://fleet.company/api/v1/fleet/sso/callback`
|
||||
|
||||
:::info Requiring an End User License Agreement
|
||||
@ -63,7 +61,6 @@ The workflow to configure authentik as a single sign-on for Fleet involves creat
|
||||
- **Audience**: `https://fleet.company`
|
||||
- **Advanced protocol settings**:
|
||||
(Any fields that can be left as their default values are omitted from the list below).
|
||||
|
||||
- **Signing Certificate**: Select a certificate enable **Sign assertions** and **Sign responses**.
|
||||
- **NameID Property Mapping**: `authentik default SAML Mapping: Email`
|
||||
|
||||
@ -90,7 +87,6 @@ With these prerequisites in place, authentik is now configured to act as a singl
|
||||
2. In the **Organization settings** tab, click **Single sign-on options**.
|
||||
|
||||
3. Check the box next to **Enable single sign-on** and use the following values:
|
||||
|
||||
- **Identity provider name**: `authentik`
|
||||
- **Entity ID**: `authentik`
|
||||
|
||||
@ -98,7 +94,6 @@ With these prerequisites in place, authentik is now configured to act as a singl
|
||||
|
||||
Fleet's SSO configuration form will include two fields: **Metadata URL** and **Metadata**.
|
||||
Only one of these fields is required, but you must provide at least one of them.
|
||||
|
||||
- If you copied the **Metadata URL** from authentik, paste the URL you copied earlier into the **Metadata URL** field.
|
||||
|
||||
- If you downloaded the metadata file from authentik, paste the contents of the XML file into the **Metadata** field.
|
||||
@ -115,7 +110,6 @@ To verify that authentik and Fleet are correctly configured, you can test the SS
|
||||
|
||||
1. From the authentik Admin interface, navigate to **Directory -> Users** and click **Create**.
|
||||
2. Enter the following details for the test user. All other fields can be left as their default values.
|
||||
|
||||
- **Name**: `Jessie Lorem`
|
||||
- **Email**: `jessie@authentik.company`
|
||||
|
||||
@ -124,7 +118,6 @@ To verify that authentik and Fleet are correctly configured, you can test the SS
|
||||
4. From the Fleet Admin interface, navigate to **Settings -> Users** and click **Add user**.
|
||||
|
||||
5. Enter the following details for the test user. All other fields can be left as their default values.
|
||||
|
||||
- **Full Name**: `Jessie Lorem`
|
||||
- **Email**: `jessie@authentik.company`
|
||||
- **Authentication**: `Single sign-on`
|
||||
|
||||
@ -49,29 +49,23 @@ To support the integration of Frappe with authentik, you need to create an appli
|
||||
## Frappe configuration
|
||||
|
||||
1. **Navigate to Integrations**
|
||||
|
||||
- From the Frappe main menu, go to **Integrations** and then select **Social Login Key**.
|
||||
|
||||
2. **Add a New Social Login Key**
|
||||
|
||||
- Click the black **+ New** button in the top-right corner.
|
||||
|
||||
|
||||
3. **Enter the Required Settings**
|
||||
|
||||
- **Client Credentials**
|
||||
|
||||
- **Enable Social Login**: Turn the toggle to the **on** position.
|
||||
- **Client ID**: Enter the Client ID from the authentik wizard.
|
||||
- **Client Secret**: Enter the Client Secret from the authentik wizard.
|
||||
|
||||
- **Configuration**
|
||||
|
||||
- **Sign-ups**: Set to **Allow**.
|
||||
|
||||
|
||||
- **Identity Details**
|
||||
|
||||
- **Base URL**: `https://authentik.company/`
|
||||
- **Client URLs**:
|
||||
- **Authorize URL**: `/application/o/authorize/`
|
||||
|
||||
@ -91,7 +91,6 @@ You can add users to the groups at any point.
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **Scope Mapping** with the following configurations:
|
||||
|
||||
- **Name**: Choose a descriptive name (.e.g `authentik gitea OAuth Mapping: OpenID 'gitea'`)
|
||||
- **Scope name**: `gitea`
|
||||
- **Expression**:
|
||||
@ -116,7 +115,6 @@ You can add users to the groups at any point.
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Providers** and click on the **Edit** icon of the Gitea provider.
|
||||
3. Under **Advanced protocol settings** > **Scopes** add the following scopes to **Selected Scopes**:
|
||||
|
||||
- `authentik default OAuth Mapping: OpenID 'email'`
|
||||
- `authentik default OAuth Mapping: OpenID 'profile'`
|
||||
- `authentik default OAuth Mapping: OpenID 'openid'`
|
||||
|
||||
@ -33,7 +33,6 @@ To support the integration of Harbor with authentik, you need to create an appli
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
- **Protocol Settings**:
|
||||
- **Redirect URI**:
|
||||
- Strict: `https://harbor.company/c/oidc/callback/`.
|
||||
@ -52,7 +51,6 @@ To support the integration of authentik with Harbor, you need to configure OIDC
|
||||
1. Log in to the Harbor dashboard as an admin.
|
||||
2. Navigate to **Configuration** and select the **Authentication** tab.
|
||||
3. In the **Auth Mode** dropdown, select **OIDC** and provide the following required configurations.
|
||||
|
||||
- **OIDC Provider Name**: `authentik`
|
||||
- **OIDC Endpoint**: `https://authentik.company/application/o/harbor`
|
||||
- **OIDC Client ID**: client ID from authentik
|
||||
|
||||
@ -34,7 +34,6 @@ This documentation lists only the settings that you need to change from their de
|
||||
## authentik configuration
|
||||
|
||||
1. Create a **Proxy Provider** under **Applications** > **Providers** using the following settings:
|
||||
|
||||
- **Name**: Home Assistant
|
||||
- **Authentication flow**: default-authentication-flow
|
||||
- **Authorization flow**: default-provider-authorization-explicit-consent
|
||||
@ -42,7 +41,6 @@ This documentation lists only the settings that you need to change from their de
|
||||
- **Internal Host**: `http://hass.company:8123`
|
||||
|
||||
2. Create an **Application** under **Applications** > **Applications** using the following settings:
|
||||
|
||||
- **Name**: Home Assistant
|
||||
- **Slug**: homeassistant
|
||||
- **Provider**: Home Assistant (the provider you created in step 1)
|
||||
|
||||
@ -29,7 +29,6 @@ To support the integration of Immich with authentik, you need to create an appli
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
@ -131,7 +131,6 @@ https://raw.githubusercontent.com/9p4/jellyfin-plugin-sso/manifest-release/manif
|
||||
6. Go back to the plugin tab.
|
||||
7. Click the SSO-Auth plugin.
|
||||
8. Fill out the Add / Update Provider Configuration:
|
||||
|
||||
- Name of OID Provider: `authentik`
|
||||
- OID Endpoint: `https://authentik.company/application/o/jellyfin/.well-known/openid-configuration`
|
||||
- OpenID Client ID: ClientID from provider
|
||||
@ -140,7 +139,6 @@ https://raw.githubusercontent.com/9p4/jellyfin-plugin-sso/manifest-release/manif
|
||||
- Enable Authorization by Plugin: **CHECKED**
|
||||
|
||||
9. If you want to use the role claim then also fill out these:
|
||||
|
||||
- Roles: roles to look for when authorizing access (should be done through authentik instead)
|
||||
- Admin Roles: roles to look for when giving administrator privilege
|
||||
- Role Claim: `groups`
|
||||
|
||||
@ -32,7 +32,6 @@ To support the integration of Knocknoc with authentik, you need to create an app
|
||||
|
||||
- **Select type**: Select **SAML Provider Property Mapping** as the type and click **Next**.
|
||||
- **Create SAML Provider Property Mapping**:
|
||||
|
||||
- **Name**: provide a descriptive name (e.g. `SAML to Knocknoc realName`)
|
||||
- **SAML Attribute Name**: `realName`
|
||||
- **Expression**:
|
||||
@ -46,7 +45,6 @@ To support the integration of Knocknoc with authentik, you need to create an app
|
||||
|
||||
- **Select type**: Select **SAML Provider Property Mapping** as the type and click **Next**.
|
||||
- **Create SAML Provider Property Mapping**:
|
||||
|
||||
- **Name**: provide a descriptive name (e.g. `SAML to Knocknoc groups`)
|
||||
- **SAML Attribute Name**: `groups`
|
||||
- **Expression**:
|
||||
@ -57,7 +55,6 @@ To support the integration of Knocknoc with authentik, you need to create an app
|
||||
|
||||
- **Select type**: Select **SAML Provider Property Mapping** as the type and click **Next**.
|
||||
- **Create SAML Provider Property Mapping**:
|
||||
|
||||
- **Name**: provide a descriptive name (e.g. `SAML to Knocknoc session duration`)
|
||||
- **SAML Attribute Name**: `sessionDuration`
|
||||
- **Expression**:
|
||||
@ -97,7 +94,6 @@ This example will set session duration at 540 minutes. Change the value to match
|
||||
|
||||
1. Log in to Knocknoc and navigate to **Admin** > **Settings** > **SAML**
|
||||
2. Set the following configuration:
|
||||
|
||||
- **Metadata URL**: **SAML Metadata URL** copied from the authentik provider.
|
||||
- **Public URL**: `https://knocknoc.company`
|
||||
- **Key file**: select a key file.
|
||||
|
||||
@ -29,7 +29,6 @@ To support the integration of Komodo with authentik, you need to create an appli
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
@ -172,7 +172,6 @@ grep "RSA PRIVATE KEY" "Mautic Self-signed Certificate_private_key.pem"
|
||||
|
||||
This will prompt you to enter values for the certificate which you can choose freely.
|
||||
For some, you can use authentik's generated values:
|
||||
|
||||
- **Organization Name**: `authentik`
|
||||
- **Organizational Unit Name**: `Self-signed`
|
||||
- **Common Name**: `Mautic Self-signed Certificate`
|
||||
|
||||
@ -29,7 +29,6 @@ To support the integration of Miniflux with authentik, you need to create an app
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name (e.g., `Miniflux`), an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: Select OAuth2/OpenID Provider as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later. - Set a `Strict` redirect URI to `https://miniflux.company/oauth2/oidc/callback` - Select any available signing key.
|
||||
|
||||
@ -76,10 +76,8 @@ If you want to control user storage and designate Nextcloud administrators, you
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Customization** > **Property mappings** and click **Create**.
|
||||
|
||||
- **Select type**: select **Scope mapping**.
|
||||
- **Create Scope Mapping**:
|
||||
|
||||
- **Name**: `Nextcloud Profile`
|
||||
- **Scope name**: `nextcloud`
|
||||
- **Expression**:
|
||||
@ -118,7 +116,6 @@ To connect to an existing Nextcloud user, set the `nextcloud_user_id` attribute
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
@ -141,14 +138,12 @@ Depending on your Nextcloud configuration, you may need to use `https://nextclou
|
||||
1. In Nextcloud, ensure that the **OpenID Connect user backend** app is installed.
|
||||
2. Log in to Nextcloud as an administrator and navigate to **Settings** > **OpenID Connect**.
|
||||
3. Click the **+** button and enter the following settings:
|
||||
|
||||
- **Identifier**: `authentik`
|
||||
- **Client ID**: Client ID from authentik
|
||||
- **Client secret**: Client secret from authentik
|
||||
- **Discovery endpoint**: `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`
|
||||
- **Scope**: `email nextcloud openid`
|
||||
- Under **Attribute mappings**:
|
||||
|
||||
- **User ID mapping**: `sub` (or `user_id` for existing users)
|
||||
- **Display name mapping**: `name`
|
||||
- **Email mapping**: `email`
|
||||
@ -207,7 +202,6 @@ If you require [server side encryption](https://docs.nextcloud.com/server/latest
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- Note the application slug because it will be required later.
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
@ -247,10 +241,8 @@ To configure group quotas you will need to create groups in authentik for each q
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Customization** > **Property mappings** and click **Create**.
|
||||
|
||||
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
|
||||
- **Create SAML Provider Property Mapping**:
|
||||
|
||||
- **Name**: Provide a name for the property mapping.
|
||||
- **SAML Attribute Name**: `nextcloud_quota`
|
||||
- **Expression**:
|
||||
@ -279,10 +271,8 @@ To grant Nextcloud admin access to authentik users you will need to create a pro
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Customization** > **Property mappings** and click **Create**.
|
||||
|
||||
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
|
||||
- **Create SAML Provider Property Mapping**:
|
||||
|
||||
- **Name**: Provide a name for the property mapping.
|
||||
- **SAML Attribute Name**: `http://schemas.xmlsoap.org/claims/Group`
|
||||
- **Expression**:
|
||||
@ -304,13 +294,11 @@ To grant Nextcloud admin access to authentik users you will need to create a pro
|
||||
|
||||
1. In Nextcloud, ensure that the **SSO & SAML Authentication** app is installed.
|
||||
2. Log in to Nextcloud as an administrator, navigate to **Settings** > **SSO & SAML Authentication**, and configure the following settings:
|
||||
|
||||
- **Attribute to map the UID to**: `http://schemas.goauthentik.io/2021/02/saml/uid`
|
||||
|
||||
:::danger
|
||||
Using the UID attribute as username is **not recommended** because of its mutable nature. If you map to the username instead, [disable username changing](https://docs.goauthentik.io/docs/sys-mgmt/settings#allow-users-to-change-username) and set the UID attribute to `http://schemas.goauthentik.io/2021/02/saml/username`.
|
||||
:::
|
||||
|
||||
- **Optional display name**: `authentik`
|
||||
- **Identifier of the IdP entity**: `https://authentik.company`
|
||||
- **URL target for authentication requests**: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
|
||||
@ -347,7 +335,6 @@ This documentation lists only the settings that you need to change from their de
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **LDAP** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name) and the bind flow to use for this provider
|
||||
@ -359,7 +346,6 @@ This documentation lists only the settings that you need to change from their de
|
||||
|
||||
1. Log in to authentik as an admin, and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Outposts** and click **Create**.
|
||||
|
||||
- **Name**: provide a suitable name for the outpost.
|
||||
- **Type**: `LDAP`
|
||||
- Under applications, add the newly created Nextcloud application to **Selected Applications**.
|
||||
@ -371,9 +357,7 @@ This documentation lists only the settings that you need to change from their de
|
||||
1. In Nextcloud, ensure that the **LDAP user and group backend** app is installed.
|
||||
2. Log in to Nextcloud as an administrator.
|
||||
3. Navigate to **Settings** > **LDAP user and group backend** and configure the following settings:
|
||||
|
||||
- On the **Server** tab:
|
||||
|
||||
- Click the **+** icon and enter the following settings:
|
||||
- **Host**: enter the hostname/IP address of the authentik LDAP outpost preceded by `ldap://` or `ldaps://`. If using LDAPS you will also need to specify the certificate that is being used.
|
||||
- **Port**: `389` or `636` for secure LDAP.
|
||||
@ -381,11 +365,9 @@ This documentation lists only the settings that you need to change from their de
|
||||
- Under **Base DN**, enter the **Search base** of the authentik LDAP provider.
|
||||
|
||||
- On the **Users** tab:
|
||||
|
||||
- Set **Only these object classes** to `Users`.
|
||||
|
||||
- On the **LDAP/AD integration** tab:
|
||||
|
||||
- Uncheck **LDAP/AD Username**.
|
||||
- Set **Other Attributes** to `cn`.
|
||||
- Click **Expert** in the top right corner and enter these settings:
|
||||
@ -405,7 +387,6 @@ This documentation lists only the settings that you need to change from their de
|
||||
- **Email Field**: `mailPrimaryAddress`
|
||||
|
||||
- On the **Groups** tab:
|
||||
|
||||
- Set **Only these object classes** to `groups`.
|
||||
- Select the authentik groups that require Nextcloud access.
|
||||
|
||||
|
||||
@ -85,7 +85,6 @@ To support the integration of Observium with authentik, you need to create an ap
|
||||
```
|
||||
|
||||
Meaning of variables:
|
||||
|
||||
- `OIDCRedirectURI` is the same URI that is set for the authentik Provider.
|
||||
- The `OIDCCryptoPassphrase` directive should be set to a random string, for more information, see [the official documentation](https://github.com/OpenIDC/mod_auth_openidc/blob/9c0909af71eb52283f4d3797e55d1efef64966f2/auth_openidc.conf#L15).
|
||||
- `OIDCXForwardedHeaders` is necessary if your instance is behind a reverse proxy. If omitted, the module does not accept information from these headers.
|
||||
|
||||
@ -44,7 +44,6 @@ To support the integration of Omni with authentik, you need to create a property
|
||||
- **Choose a Provider type**: select SAML Provider as the provider type.
|
||||
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
- **ACS URL**: `https://omni.company/saml/acs`
|
||||
- **Service Provider Binding**: `Post`
|
||||
- **Audience**: `https://omni.company/saml/metadata`
|
||||
|
||||
@ -34,7 +34,6 @@ OpenProject requires a first and last name for each user. By default authentik o
|
||||
|
||||
- **Select type**: select **Scope Mapping** as the property mapping type.
|
||||
- **Configure the Scope Mapping**: Provide a descriptive name (e.g. `Open Project Profile Scope`), and an optional description
|
||||
|
||||
- **Scope name**: `profile`
|
||||
- **Expression**:
|
||||
|
||||
|
||||
@ -35,45 +35,36 @@ The configuration for each application is nearly identical, except for the **Cli
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
- Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
|
||||
- **Protocol settings:**
|
||||
|
||||
**Web UI:**
|
||||
|
||||
- **Signing Key**: Select any available signing key.
|
||||
- **Client ID**: Use the value generated by authentik.
|
||||
- **Client Secret**: Use the value generated by authentik.
|
||||
- **Redirect URIs**:
|
||||
|
||||
- Strict: `https://owncloud.company/apps/openidconnect/redirect`
|
||||
|
||||
**Desktop Application**
|
||||
|
||||
- **Signing Key**: Select any available signing key.
|
||||
- **Client ID**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-id).
|
||||
- **Client Secret**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-secret).
|
||||
- **Redirect URIs**:
|
||||
|
||||
- Regex: `http://localhost:\d+`
|
||||
- Regex: `http://127.0.0.1:\d+`
|
||||
|
||||
**Android Application**
|
||||
|
||||
- **Signing Key**: Select any available signing key.
|
||||
- **Client ID**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-id).
|
||||
- **Client Secret**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-secret).
|
||||
- **Redirect URI**:
|
||||
|
||||
- Strict: `oc://android.owncloud.com`
|
||||
|
||||
**iOS Application**
|
||||
|
||||
- **Signing Key**: Select any available signing key.
|
||||
- **Client ID**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-id).
|
||||
- **Client Secret**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-secret).
|
||||
- **Redirect URI**:
|
||||
|
||||
- Strict: `oc://ios.owncloud.com`
|
||||
|
||||
- **Advanced protocol settings:**
|
||||
@ -96,7 +87,6 @@ For other reverse proxies, consult the provider-specific documentation for guida
|
||||
To enable OIDC functionality in ownCloud, follow these steps:
|
||||
|
||||
1. **Navigate to the Market**:
|
||||
|
||||
- Access the Market by visiting:
|
||||
`https://owncloud.company/apps/market/#/`
|
||||
or by clicking the **Hamburger Menu** in the top-left corner of any page in your ownCloud deployment and selecting **Market**.
|
||||
@ -117,7 +107,6 @@ To enable OIDC functionality in ownCloud, follow these steps:
|
||||
:::
|
||||
|
||||
3. **Create the `oidc.config.php` File**:
|
||||
|
||||
- Place a file named `oidc.config.php` in the same directory as the existing `config.php` file in your ownCloud installation.
|
||||
- Files named with this pattern are treated as "override" files, allowing ownCloud to override matching configuration keys in the `config.php` file.
|
||||
|
||||
@ -202,7 +191,6 @@ For more information on other available configuration options, refer to the OIDC
|
||||
You have successfully configured OIDC authentication through authentik. Here's what you can expect next:
|
||||
|
||||
- **Login Behavior:**
|
||||
|
||||
- If the `autoRedirectOnLoginPage` option is **set to false**, navigating to `https://owncloud.company` will present the standard login page, which now includes an "Log in with authentik" button (or any custom text defined in the `loginButtonName` field).
|
||||
- If the `autoRedirectOnLoginPage` option is **set to true**, users will be automatically redirected to the authentik login page when attempting to access `https://owncloud.company`.
|
||||
|
||||
|
||||
@ -29,7 +29,6 @@ To support the integration of Pangolin with authentik, you need to create an app
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
@ -44,7 +43,6 @@ To support the integration of Pangolin with authentik, you need to create an app
|
||||
|
||||
1. Log in to Pangolin as an administrator.
|
||||
2. Navigate to **Server Admin** > **Identity Providers**, and click **Add Identity Provider**.
|
||||
|
||||
- Under **General Information**:
|
||||
- **Name**: `authentik`
|
||||
- **Auto Provision Users** _(optional)_: enable this option for authentik users to be automatically provisioned in Pangolin on first login.
|
||||
|
||||
@ -29,7 +29,6 @@ To support the integration of Paperless-ngx with authentik, you need to create a
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
@ -33,7 +33,6 @@ To support the integration of pgAdmin with authentik, you need to create an appl
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
@ -51,7 +50,6 @@ To configure OAuth in pgAdmin, you can either use the `config_local.py` file or
|
||||
### Using `config_local.py`
|
||||
|
||||
1. Locate or create the `config_local.py` file in the `/pgadmin4/` directory.
|
||||
|
||||
- If the file does not exist, create it manually.
|
||||
|
||||
2. Add the following configuration settings to `config_local.py`:
|
||||
|
||||
@ -39,34 +39,29 @@ You need to ensure users and groups exist before we proceed with the next steps.
|
||||
The groups are used for property mappings later to give the user the correct permission level in the application. For this documentation there is an example for each of the 3 main default permission levels and an easy way to visualise the differences between them.
|
||||
|
||||
1. **Create test-user 0**
|
||||
|
||||
- username: test-user0
|
||||
- Name: Test User0
|
||||
- Email: test-user0@domain.company
|
||||
- path: users
|
||||
|
||||
2. **Create test-user 1**
|
||||
|
||||
- username: test-user1
|
||||
- Name: Test User1
|
||||
- Email: test-user1@domain.company
|
||||
- path: users
|
||||
|
||||
3. **Create test-user 2**
|
||||
|
||||
- username: test-user2
|
||||
- Name: Test User2
|
||||
- Email: test-user2@domain.company
|
||||
- path: users
|
||||
|
||||
4. **Create all required groups (under _Directory/Groups_)**
|
||||
|
||||
- admin-permission-group
|
||||
- operator-permission-group
|
||||
- guest-permission-group
|
||||
|
||||
5. **Assign groups to users for testing**
|
||||
|
||||
- admin-permission-group
|
||||
- Select Directory -> Groups
|
||||
- Select `admin-permission-group`
|
||||
@ -91,7 +86,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S
|
||||
- Select Create -> SAML Property Mapping -> Next
|
||||
|
||||
1. display_name
|
||||
|
||||
- Name: phpipam-display-name
|
||||
- SAML Attribute Name: display_name
|
||||
- Expression:
|
||||
@ -101,7 +95,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S
|
||||
```
|
||||
|
||||
2. email
|
||||
|
||||
- Name: phpipam-email
|
||||
- SAML Attribute Name: email
|
||||
- Expression:
|
||||
@ -111,7 +104,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S
|
||||
```
|
||||
|
||||
3. is_admin
|
||||
|
||||
- Name: phpipam-is-admin
|
||||
- SAML Attribute Name: is_admin
|
||||
- Expression:
|
||||
@ -121,7 +113,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S
|
||||
```
|
||||
|
||||
4. groups
|
||||
|
||||
- Name: phpipam-groups
|
||||
- SAML Attribute Name: groups
|
||||
- Expression:
|
||||
|
||||
@ -47,7 +47,6 @@ To support the integration of Plesk with authentik, you need to create an applic
|
||||
## Plesk configuration
|
||||
|
||||
1. Install the OAuth login extension:
|
||||
|
||||
- Log in to your Plesk installation.
|
||||
- Navigate to **Extensions** in the left sidebar.
|
||||
- Select **Extensions Catalog**.
|
||||
@ -55,12 +54,10 @@ To support the integration of Plesk with authentik, you need to create an applic
|
||||
- Click **Install** next to the OAuth login extension.
|
||||
|
||||
2. Enable and configure OAuth authentication:
|
||||
|
||||
- After installation, select **Extensions** > **OAuth Login** in the left sidebar.
|
||||
- Enable OAuth authentication using the toggle switch in the main configuration panel.
|
||||
|
||||
3. In the same panel, configure these OAuth settings:
|
||||
|
||||
- **Client ID**: Enter the Client ID from your authentik provider
|
||||
- **Client Secret**: Enter the Client Secret from your authentik provider
|
||||
- **Callback Host**: Enter your Plesk FQDN (example: `https://plesk.company`)
|
||||
|
||||
@ -49,12 +49,10 @@ To support the integration of Proxmox with authentik, you need to create an appl
|
||||
1. Log in to the Proxmox VE web interface using an administrative account.
|
||||
|
||||
2. Navigate to authentication source settings.
|
||||
|
||||
- Go to **Datacenter** > **Permissions** > **Realms**.
|
||||
- Click **Add** and select **Realm** to open the Add Realm dialog.
|
||||
|
||||
3. Fill out the OpenID Connect settings.
|
||||
|
||||
- In the dialog that appears, fill in the following details:
|
||||
- **Issuer URL**: Enter the Issuer URL from authentik (found in your provider's overview tab), e.g., `https://authentik.company/application/o/proxmox/`.
|
||||
- **Realm**: Enter a name for this authentication source, such as `authentik`.
|
||||
@ -69,15 +67,12 @@ To support the integration of Proxmox with authentik, you need to create an appl
|
||||
|
||||
|
||||
4. **Save the configuration**.
|
||||
|
||||
- Click **Add** to save the settings.
|
||||
|
||||
5. **Assign permissions**
|
||||
|
||||
- After setting up the authentication source, go to **Permissions** to assign roles and permissions for each user as needed.
|
||||
|
||||
6. **Logging in**
|
||||
|
||||
- Users can select this authentication method from the Proxmox login screen, or if set as default, it will be automatically selected.
|
||||
|
||||
|
||||
|
||||
@ -30,10 +30,8 @@ Push Security requires separate first and last names for each user, but authenti
|
||||
|
||||
1. Log in to authentik as an administrator, and open the authentik Admin interface.
|
||||
2. Navigate to **Customization** > **Property Mappings** and click **Create**.
|
||||
|
||||
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
|
||||
- **Configure the SAML Provider Property Mapping**:
|
||||
|
||||
- **Name**: `givenname`
|
||||
- **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`
|
||||
- **Expression**:
|
||||
@ -44,10 +42,8 @@ Push Security requires separate first and last names for each user, but authenti
|
||||
|
||||
3. Click **Finish**.
|
||||
4. Click **Create** to create the second property mapping.
|
||||
|
||||
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
|
||||
- **Configure the SAML Provider Property Mapping**:
|
||||
|
||||
- **Name**: `familyname`
|
||||
- **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`
|
||||
- **Expression**:
|
||||
@ -62,7 +58,6 @@ Push Security requires separate first and last names for each user, but authenti
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- Take note of the application slug as it will be required later on.
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
|
||||
@ -65,7 +65,6 @@ In Rocket.chat, follow the procedure below:
|
||||
|
||||
|
||||
5. Scroll down to the new OAuth application, expand the dropdown, and enter the following settings:
|
||||
|
||||
- Enable: Turn the radio button to the _on_ position
|
||||
- URL: https://authentik.company/application/o
|
||||
- Token Path: /token/
|
||||
|
||||
@ -31,7 +31,6 @@ To support the integration of Semaphore with authentik, you need to create an ap
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
@ -56,11 +56,9 @@ To support the integration of Stripe with authentik, you need to create a group,
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
- Set the **ACS URL** to `https://dashboard.stripe.com/login/saml/consume`.
|
||||
- Set the **Audience** to `https://dashboard.stripe.com/saml/metadata`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
@ -86,7 +84,6 @@ To support the integration of Stripe with authentik, you need to create a group,
|
||||
3. Click **Add domain**, then input the domain that SSO users will use. For more information, see the [Stripe Proving Domain Owenership documentation](https://docs.stripe.com/get-started/account/sso/other#proving-domain-verification).
|
||||
4. Once your domain is verified, click on the 3 dots next to the domain name, and click **Manage SSO Settings**.
|
||||
5. Enter the following settings:
|
||||
|
||||
- **Identity Provider URL**: `https://auth.domain.com/application/saml/stripe/sso/binding/redirect/`
|
||||
- **Issuer ID**: `authentik`
|
||||
- **Identity Provider Certificate**: Paste in the contents of your authentik signing certificate.
|
||||
|
||||
@ -48,7 +48,6 @@ To support the integration of Tailscale with authentik, you need to create an ap
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
@ -35,7 +35,6 @@ To support the integration of Uptime Kuma with authentik, you need to create an
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **Proxy Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
|
||||
- Set the **External host** to `https://uptime-kuma.company`.
|
||||
- Set the **Internal host** to `http://uptime-kuma:3001` where `uptime-kuma:3001` is the hostname and port of your Uptime Kuma container.
|
||||
- Under **Advanced protocol settings**, set **Unauthenticated Paths** to the following to allow unauthenticated access to the public status page:
|
||||
|
||||
@ -49,7 +49,6 @@ To support the integration of vCenter with authentik, you need to create an appl
|
||||
2. Click **Change Provider** in the top-right corner, and then select **Okta** from the drop-down list.
|
||||
|
||||
3. In the wizard, click **Run Prechecks**, select the confirmation box, and then click **Next**
|
||||
|
||||
- Enter the **Directory Name**. For example `authentik` or any other name.
|
||||
- Add a **Domain Name**. For example `authentik.company`.
|
||||
- Click on the Plus (+) sign to show the default domain name.
|
||||
@ -57,7 +56,6 @@ To support the integration of vCenter with authentik, you need to create an appl
|
||||
4. Click **Next**.
|
||||
|
||||
5. On the OpenID Connect page, enter the following values:
|
||||
|
||||
- Set **Identity Provider Name** to `authentik`.
|
||||
- Set **Client Identifier** to the client ID from authentik.
|
||||
- Set **Shared secret** to the client secret from authentik.
|
||||
@ -66,14 +64,12 @@ To support the integration of vCenter with authentik, you need to create an appl
|
||||
6. Click **Next**, and then **Finish**.
|
||||
|
||||
7. On the **Single Sign On -> Configuration** page, in the **User Provisioning** area, take the following steps:
|
||||
|
||||
- Copy the **Tenant URL** and save to a safe place.
|
||||
- Click on **Generate** to generate a SCIM token.
|
||||
- Click **Generate** in the newly opened modal box.
|
||||
- Copy the token and save to a safe place.
|
||||
|
||||
8. Return to the authentik Admin interface.
|
||||
|
||||
- Create a SCIM provider with the name `vcenter-scim`.
|
||||
- Paste the Tenant URL into **URL** field for the provider.
|
||||
- Paste the token you saved into the **Token** field.
|
||||
@ -84,7 +80,6 @@ To support the integration of vCenter with authentik, you need to create an appl
|
||||
- Navigate to the provider and trigger a sync.
|
||||
|
||||
9. Return to vCenter.
|
||||
|
||||
- Navigate to **Administration -> Access Control -> Global Permissions**.
|
||||
- Click **Add**.
|
||||
- Select the Domain created above from the dropdown.
|
||||
|
||||
@ -38,7 +38,6 @@ To support the integration of Wazuh with authentik, you need to create a group,
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **SAML Provider Property Mapping** with the following settings:
|
||||
|
||||
- **Name**: Choose a descriptive name
|
||||
- **SAML Attribute Name**: `Roles`
|
||||
- **Friendly Name**: Leave blank
|
||||
@ -192,7 +191,6 @@ And the `metadata_file`, `kibana_url`, and `exchange_key` parameters in the `sam
|
||||
2. On the Wazuh dashboard click the upper-left menu icon ☰ to open the menu, go to **Server management** -> **Security** -> **Roles mapping**
|
||||
|
||||
3. Click **Create Role mapping** and configure the following parameters:
|
||||
|
||||
- **Role Name**: set a name for the role mapping (e.g. authentik_admins)
|
||||
- **Roles**: select a role (e.g.`administrator`)
|
||||
- **Custom rules**: Click **Add new rule** and set:
|
||||
|
||||
@ -22,7 +22,6 @@ To support the integration of XCreds with authentik, you need to create an appli
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
@ -47,7 +46,6 @@ After XCreds is installed on a target Mac you will need to configure it by creat
|
||||
[ProfileCreator](https://github.com/ProfileCreator/ProfileCreator) is an open source macOS application used to create configuration policies. It is required to create a configuration policy for XCreds.
|
||||
|
||||
1. Open the **ProfileCreator** application and click on the `+` icon in the top left corner to create a new configuration policy:
|
||||
|
||||
- Under **General** provide a descriptive Payload Display Name, Payload Description, and Payload Organization.
|
||||
|
||||
2. Now you need to add a XCreds payload to the configuration policy. Click on the **Application Managed Preferences** icon in the left hand column that looks like an `A` (third icon from the left, in the left hand column).
|
||||
|
||||
@ -31,7 +31,6 @@ _Any specific info about this integration can go here._
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- _If there are any specific settings required, list them here. Refer to the [ownCloud integration documentation](https://github.com/goauthentik/authentik/blob/main/website/integrations/services/owncloud/index.md) for a complex requirements example._
|
||||
- **Choose a Provider type**: _If there is a specific provider type required, state that here._
|
||||
|
||||
Reference in New Issue
Block a user