habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

website: bump prettier from 3.5.3 to 3.6.0 in /website (#15199)

Browse Source 
* website: bump prettier from 3.5.3 to 3.6.0 in /website

Bumps [prettier](https://github.com/prettier/prettier) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.5.3...3.6.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-version: 3.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
dependabot[bot]
2025-06-23 21:29:14 +02:00
committed by GitHub
parent 0c73572b0c
commit 0b6ab171ce
94 changed files with 5 additions and 5131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
website/integrations/services/1password/index.mdx
View File

@ -29,7 +29,6 @@ To support the integration of 1Password with authentik, you need to create an ap
1. Log in to authentik as an administrator, and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
@ -89,7 +88,6 @@ To support automated user provisioning, you need to create a group, and a SCIM p
1. Log in to authentik as an admin, and open the authentik Admin interface.
2. Navigate to **Applications** > **Providers** and click **Create**
- **Choose a Provider type**: select **SCIM** as the provider type.
- **Configure the Provider**: provide a name (e.g. `1password-scim`), and the following required configurations.
- Set the **URL** to `scim-bridge.company`.

1
website/integrations/services/actual-budget/index.mdx
View File

@ -32,7 +32,6 @@ To support the integration of Actual Budget with authentik, you need to create a
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.

13
website/integrations/services/apple/index.md
View File

@ -97,7 +97,6 @@ Apple Business Manager requires that we create three scope mappings for our OIDC
1. From the authentik Admin interface, navigate to **Customization -> Property Mappings** and click **Create**.
2. Select **Scope Mapping** and use the following values:
- **Name**: `Apple Business Manager profile`
- **Scope Name**: `profile`
- **Description**: _[optional]_ Set to inform user
@ -122,7 +121,6 @@ Apple Business Manager requires that we create three scope mappings for our OIDC
1. On the **Property Mappings** list, click **Create**.
2. Select **Scope Mapping** and use the following values:
- **Name**: `Apple Business Manager ssf.read`
- **Scope Name**: `ssf.read`
- **Description**: _[optional]_ Set to inform user
@ -135,7 +133,6 @@ Apple Business Manager requires that we create three scope mappings for our OIDC
1. On the **Property Mappings** list, click **Create**.
2. Select **Scope Mapping** and use the following values:
- **Name**: `Apple Business Manager ssf.manage`
- **Scope Name**: `ssf.manage`
- **Description**: _[optional]_ Set to inform user
@ -154,7 +151,6 @@ You can either generate a new key or import an existing one.
1. From the Admin interface, navigate to **System -> Certificates**
2. Click **Generate**, select **Signing Key**, and use the following values:
- **Common Name**: `apple-business-manager`
3. Click **Generate** and confirm that the new key is listed in the **Certificates** overview.
@ -165,7 +161,6 @@ Alternatively, you can use an existing key if you have one available.
1. From the Admin interface, navigate to **System -> Certificates**.
2. Click **Create** and use the following values:
- **Name**: `apple-business-manager`
- **Certificate**: Paste in your certificate
- **Private Key**: _[optional]_ Pastein your private key
@ -184,7 +179,6 @@ You can always find your provider's generated values by navigating to **Provider
1. From the authentik Admin interface, navigate to **Applications -> Providers** and click **Create**.
2. For the **Provider Type** select **OAuth2/OpenID Provider**, click **Next**, and use the following values.
- **Name**: `Apple Business Manager`
- **Authorization flow**: Select a flow that suits your organization's requirements.
- **Protocol settings**:
@ -214,7 +208,6 @@ While the OIDC provider handles the authentication flow, you'll need to create a
1. From the authentik Admin interface, navigate to **Applications -> Providers** and click **Create**.
2. Select **Shared Signals Framework Provider** and use the following values.
Any fields that can be left as their default values are omitted from the list.
- **Name** `Apple Business Manager SSF`
- **Signing Key**: `[Your Signing Key]`
- **Event Retention**: `days=30`
@ -244,7 +237,6 @@ The authentik user you will use to test the stream connection to Apple Business
### 6. Create application
1. From the authentik Admin interface, navigate to **Applications -> Applications**, click **Create**, and use the following values:
- **Name**: Apple Business Manager
- **Slug**: `abm`
- **Provider**: `Apple Business Manager`
@ -260,9 +252,7 @@ The authentik user you will use to test the stream connection to Apple Business
Before proceeding to Apple Business Manager, let's go over the values you've copied from authentik.
1. Verify that you have all the necessary values in your text editor:
- From the `Apple Business Manager` provider:
- [x] `Client ID`
- [x] `Client Secret`
- [x] `OpenID Configuration URL`
@ -271,7 +261,6 @@ Before proceeding to Apple Business Manager, let's go over the values you've cop
- [x] `SSF Config URL`
2. Modify URLs to include the default HTTPS port. Apple requires the port number to be included when providing the URLs in the configuration.
- Add port 443 to the SSF Config URL that you copied from the `Apple Business Manager SSF` provider:
```diff
@ -349,7 +338,6 @@ You're now ready to configure federated authentication with authentik.
3. To define how you want users to sign in, choose **Custom Identity Provider** and click **Continue**.
4. On the **Set up your Custom Identity Provider** page, use the following values:
- **Name**: `authentik`
- **Client ID**: _`Your Client ID`_
- **Client Secret**: _`Your Client Secret`_
@ -387,7 +375,6 @@ When creating test users, ensure that their role is set to Standard (or Student)
1. From the [Apple Business Manager dashboard](https://business.apple.com/), click **Users** on the sidebar, then click **Add**.
2. In the **Add New User** dialog, use the following values:
- **First Name**: `Jessie`
- **Last Name**: `Lorem`
- **Email**: `jessie@authentik.company`

1
website/integrations/services/argocd/index.md
View File

@ -29,7 +29,6 @@ To support the integration of ArgoCD with authentik, you need to create an appli
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.

1
website/integrations/services/atlassian/index.mdx
View File

@ -40,7 +40,6 @@ To support the integration of Atlassian Cloud with authentik, you need to create
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- Note the application slug, it will be required when filling out the **Identity provider SSO URL** later on.
- **Choose a Provider type**: select **SAML Provider** as the provider type.

2
website/integrations/services/aws/index.mdx
View File

@ -40,9 +40,7 @@ To support the integration of AWS with authentik using the classic IAM method, y
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create two **SAML Provider Property Mapping**s with the following settings:
- **Role Mapping:**
- **Name**: Choose a descriptive name
- **SAML Attribute Name**: `https://aws.amazon.com/SAML/Attributes/Role`
- **Friendly Name**: Leave blank

1
website/integrations/services/beszel/index.mdx
View File

@ -72,7 +72,6 @@ Beszel uses PocketBase as its server backend, and when you install Beszel you au
## User Creation
1. Manually Creating Users:
- Users are not created automatically when logging in with authentik. The owner must manually create each user in Beszel.
- To create users, go to the System Settings where you configured OpenID Connect.
- The URL for user creation is: `https://beszel.company>/\_/#/collections?collection=pb_users_auth`.

5
website/integrations/services/bitwarden/index.mdx
View File

@ -46,10 +46,8 @@ Bitwarden requires a first and last name for every user. However, authentik, by
1. Log in to authentik as an administrator, and open the authentik Admin interface.
2. Navigate to **Customization** > **Property Mappings** and click **Create**.
- **Select type**: select **Scope Mapping**.
- **Configure the Scope Mapping**: Provide a descriptive name (e.g. `Bitwarden Profile Scope`), and an optional description.
- **Scope name**: `profile`
- **Expression**:
@ -70,7 +68,6 @@ Bitwarden requires a first and last name for every user. However, authentik, by
1. Log in to authentik as an administrator, and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
@ -90,7 +87,6 @@ Bitwarden requires a first and last name for every user. However, authentik, by
1. Log in to the [Bitwarden dashboard](https://vault.bitwarden.com/#/login) as an administrator (choose `Accessing: bitwarden.eu` for Bitwarden accounts based in the EU). If you are using a self-hosted Bitwarden, go to `https://bitwarden.company/#/login`.
2. In the sidebar, navigate to **Admin Console** > **Settings** > **Single sign-on**, and enter the following settings:
- **Allow SSO authentication**: Select this option.
- **SSO Identifier**: enter a globally unique SSO identifier (this is not required if using self-hosted Bitwarden, or if you have claimed a domain, see the [Bitwarden Claimed Domains documentation](https://bitwarden.com/help/claimed-domains/)).
- **Type**: `OIDC`
@ -116,7 +112,6 @@ To support the integration of Bitwarden with authentik, you need to create an ap
1. Log in to authentik as an administrator, and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later.
- **Choose a Provider type**: select **SAML Provider** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.

1
website/integrations/services/bookstack/index.mdx
View File

@ -44,7 +44,6 @@ To support the integration of BookStack with authentik, you need to create an ap
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.

1
website/integrations/services/budibase/index.md
View File

@ -29,7 +29,6 @@ To support the integration of Budibase with authentik, you need to create an app
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.

1
website/integrations/services/filerise/index.mdx
View File

@ -29,7 +29,6 @@ To support the integration of FileRise with authentik, you need to create an app
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.

7
website/integrations/services/fleet/index.md
View File

@ -38,11 +38,9 @@ The workflow to configure authentik as a single sign-on for Fleet involves creat
2. For the **App name** enter `Fleet` and click **Next**.
3. For the **Provider Type** select **SAML**, click **Next**, and use the following values.
- **Name**: `Fleet`
- **Authorization flow**: Select a flow that suits your organization's requirements.
- **Protocol settings**:
- **Assertion Consumer Service URL**: `https://fleet.company/api/v1/fleet/sso/callback`
:::info Requiring an End User License Agreement
@ -63,7 +61,6 @@ The workflow to configure authentik as a single sign-on for Fleet involves creat
- **Audience**: `https://fleet.company`
- **Advanced protocol settings**:
(Any fields that can be left as their default values are omitted from the list below).
- **Signing Certificate**: Select a certificate enable **Sign assertions** and **Sign responses**.
- **NameID Property Mapping**: `authentik default SAML Mapping: Email`
@ -90,7 +87,6 @@ With these prerequisites in place, authentik is now configured to act as a singl
2. In the **Organization settings** tab, click **Single sign-on options**.
3. Check the box next to **Enable single sign-on** and use the following values:
- **Identity provider name**: `authentik`
- **Entity ID**: `authentik`
@ -98,7 +94,6 @@ With these prerequisites in place, authentik is now configured to act as a singl
Fleet's SSO configuration form will include two fields: **Metadata URL** and **Metadata**.
Only one of these fields is required, but you must provide at least one of them.
- If you copied the **Metadata URL** from authentik, paste the URL you copied earlier into the **Metadata URL** field.
- If you downloaded the metadata file from authentik, paste the contents of the XML file into the **Metadata** field.
@ -115,7 +110,6 @@ To verify that authentik and Fleet are correctly configured, you can test the SS
1. From the authentik Admin interface, navigate to **Directory -> Users** and click **Create**.
2. Enter the following details for the test user. All other fields can be left as their default values.
- **Name**: `Jessie Lorem`
- **Email**: `jessie@authentik.company`
@ -124,7 +118,6 @@ To verify that authentik and Fleet are correctly configured, you can test the SS
4. From the Fleet Admin interface, navigate to **Settings -> Users** and click **Add user**.
5. Enter the following details for the test user. All other fields can be left as their default values.
- **Full Name**: `Jessie Lorem`
- **Email**: `jessie@authentik.company`
- **Authentication**: `Single sign-on`

6
website/integrations/services/frappe/index.md
View File

@ -49,29 +49,23 @@ To support the integration of Frappe with authentik, you need to create an appli
## Frappe configuration
1. **Navigate to Integrations**
- From the Frappe main menu, go to **Integrations** and then select **Social Login Key**.
2. **Add a New Social Login Key**
- Click the black **+ New** button in the top-right corner.
![](./frappe1.png)
3. **Enter the Required Settings**
- **Client Credentials**
- **Enable Social Login**: Turn the toggle to the **on** position.
- **Client ID**: Enter the Client ID from the authentik wizard.
- **Client Secret**: Enter the Client Secret from the authentik wizard.
- **Configuration**
- **Sign-ups**: Set to **Allow**.
![](./frappe2.png)
- **Identity Details**
- **Base URL**: `https://authentik.company/`
- **Client URLs**:
- **Authorize URL**: `/application/o/authorize/`

2
website/integrations/services/gitea/index.md
View File

@ -91,7 +91,6 @@ You can add users to the groups at any point.
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **Scope Mapping** with the following configurations:
- **Name**: Choose a descriptive name (.e.g `authentik gitea OAuth Mapping: OpenID 'gitea'`)
- **Scope name**: `gitea`
- **Expression**:
@ -116,7 +115,6 @@ You can add users to the groups at any point.
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Providers** and click on the **Edit** icon of the Gitea provider.
3. Under **Advanced protocol settings** > **Scopes** add the following scopes to **Selected Scopes**:
- `authentik default OAuth Mapping: OpenID 'email'`
- `authentik default OAuth Mapping: OpenID 'profile'`
- `authentik default OAuth Mapping: OpenID 'openid'`

2
website/integrations/services/harbor/index.md
View File

@ -33,7 +33,6 @@ To support the integration of Harbor with authentik, you need to create an appli
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- **Protocol Settings**:
- **Redirect URI**:
- Strict: `https://harbor.company/c/oidc/callback/`.
@ -52,7 +51,6 @@ To support the integration of authentik with Harbor, you need to configure OIDC
1. Log in to the Harbor dashboard as an admin.
2. Navigate to **Configuration** and select the **Authentication** tab.
3. In the **Auth Mode** dropdown, select **OIDC** and provide the following required configurations.
- **OIDC Provider Name**: `authentik`
- **OIDC Endpoint**: `https://authentik.company/application/o/harbor`
- **OIDC Client ID**: client ID from authentik

2
website/integrations/services/home-assistant/index.md
View File

@ -34,7 +34,6 @@ This documentation lists only the settings that you need to change from their de
## authentik configuration
1. Create a **Proxy Provider** under **Applications** > **Providers** using the following settings:
- **Name**: Home Assistant
- **Authentication flow**: default-authentication-flow
- **Authorization flow**: default-provider-authorization-explicit-consent
@ -42,7 +41,6 @@ This documentation lists only the settings that you need to change from their de
- **Internal Host**: `http://hass.company:8123`
2. Create an **Application** under **Applications** > **Applications** using the following settings:
- **Name**: Home Assistant
- **Slug**: homeassistant
- **Provider**: Home Assistant (the provider you created in step 1)

1
website/integrations/services/immich/index.md
View File

@ -29,7 +29,6 @@ To support the integration of Immich with authentik, you need to create an appli
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.

2
website/integrations/services/jellyfin/index.md
View File

@ -131,7 +131,6 @@ https://raw.githubusercontent.com/9p4/jellyfin-plugin-sso/manifest-release/manif
6. Go back to the plugin tab.
7. Click the SSO-Auth plugin.
8. Fill out the Add / Update Provider Configuration:
- Name of OID Provider: `authentik`
- OID Endpoint: `https://authentik.company/application/o/jellyfin/.well-known/openid-configuration`
- OpenID Client ID: ClientID from provider
@ -140,7 +139,6 @@ https://raw.githubusercontent.com/9p4/jellyfin-plugin-sso/manifest-release/manif
- Enable Authorization by Plugin: **CHECKED**
9. If you want to use the role claim then also fill out these:
- Roles: roles to look for when authorizing access (should be done through authentik instead)
- Admin Roles: roles to look for when giving administrator privilege
- Role Claim: `groups`

4
website/integrations/services/knocknoc/index.md
View File

@ -32,7 +32,6 @@ To support the integration of Knocknoc with authentik, you need to create an app
- **Select type**: Select **SAML Provider Property Mapping** as the type and click **Next**.
- **Create SAML Provider Property Mapping**:
- **Name**: provide a descriptive name (e.g. `SAML to Knocknoc realName`)
- **SAML Attribute Name**: `realName`
- **Expression**:
@ -46,7 +45,6 @@ To support the integration of Knocknoc with authentik, you need to create an app
- **Select type**: Select **SAML Provider Property Mapping** as the type and click **Next**.
- **Create SAML Provider Property Mapping**:
- **Name**: provide a descriptive name (e.g. `SAML to Knocknoc groups`)
- **SAML Attribute Name**: `groups`
- **Expression**:
@ -57,7 +55,6 @@ To support the integration of Knocknoc with authentik, you need to create an app
- **Select type**: Select **SAML Provider Property Mapping** as the type and click **Next**.
- **Create SAML Provider Property Mapping**:
- **Name**: provide a descriptive name (e.g. `SAML to Knocknoc session duration`)
- **SAML Attribute Name**: `sessionDuration`
- **Expression**:
@ -97,7 +94,6 @@ This example will set session duration at 540 minutes. Change the value to match
1. Log in to Knocknoc and navigate to **Admin** > **Settings** > **SAML**
2. Set the following configuration:
- **Metadata URL**: **SAML Metadata URL** copied from the authentik provider.
- **Public URL**: `https://knocknoc.company`
- **Key file**: select a key file.

1
website/integrations/services/komodo/index.mdx
View File

@ -29,7 +29,6 @@ To support the integration of Komodo with authentik, you need to create an appli
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.

1
website/integrations/services/mautic/index.md
View File

@ -172,7 +172,6 @@ grep "RSA PRIVATE KEY" "Mautic Self-signed Certificate_private_key.pem"
This will prompt you to enter values for the certificate which you can choose freely.
For some, you can use authentik's generated values:
- **Organization Name**: `authentik`
- **Organizational Unit Name**: `Self-signed`
- **Common Name**: `Mautic Self-signed Certificate`

1
website/integrations/services/miniflux/index.md
View File

@ -29,7 +29,6 @@ To support the integration of Miniflux with authentik, you need to create an app
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name (e.g., `Miniflux`), an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: Select OAuth2/OpenID Provider as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later. - Set a `Strict` redirect URI to `https://miniflux.company/oauth2/oidc/callback` - Select any available signing key.

19
website/integrations/services/nextcloud/index.mdx
View File

@ -76,10 +76,8 @@ If you want to control user storage and designate Nextcloud administrators, you
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Customization** > **Property mappings** and click **Create**.
- **Select type**: select **Scope mapping**.
- **Create Scope Mapping**:
- **Name**: `Nextcloud Profile`
- **Scope name**: `nextcloud`
- **Expression**:
@ -118,7 +116,6 @@ To connect to an existing Nextcloud user, set the `nextcloud_user_id` attribute
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
@ -141,14 +138,12 @@ Depending on your Nextcloud configuration, you may need to use `https://nextclou
1. In Nextcloud, ensure that the **OpenID Connect user backend** app is installed.
2. Log in to Nextcloud as an administrator and navigate to **Settings** > **OpenID Connect**.
3. Click the **+** button and enter the following settings:
- **Identifier**: `authentik`
- **Client ID**: Client ID from authentik
- **Client secret**: Client secret from authentik
- **Discovery endpoint**: `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`
- **Scope**: `email nextcloud openid`
- Under **Attribute mappings**:
- **User ID mapping**: `sub` (or `user_id` for existing users)
- **Display name mapping**: `name`
- **Email mapping**: `email`
@ -207,7 +202,6 @@ If you require [server side encryption](https://docs.nextcloud.com/server/latest
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- Note the application slug because it will be required later.
- **Choose a Provider type**: select **SAML Provider** as the provider type.
@ -247,10 +241,8 @@ To configure group quotas you will need to create groups in authentik for each q
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Customization** > **Property mappings** and click **Create**.
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
- **Create SAML Provider Property Mapping**:
- **Name**: Provide a name for the property mapping.
- **SAML Attribute Name**: `nextcloud_quota`
- **Expression**:
@ -279,10 +271,8 @@ To grant Nextcloud admin access to authentik users you will need to create a pro
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Customization** > **Property mappings** and click **Create**.
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
- **Create SAML Provider Property Mapping**:
- **Name**: Provide a name for the property mapping.
- **SAML Attribute Name**: `http://schemas.xmlsoap.org/claims/Group`
- **Expression**:
@ -304,13 +294,11 @@ To grant Nextcloud admin access to authentik users you will need to create a pro
1. In Nextcloud, ensure that the **SSO & SAML Authentication** app is installed.
2. Log in to Nextcloud as an administrator, navigate to **Settings** > **SSO & SAML Authentication**, and configure the following settings:
- **Attribute to map the UID to**: `http://schemas.goauthentik.io/2021/02/saml/uid`
:::danger
Using the UID attribute as username is **not recommended** because of its mutable nature. If you map to the username instead, [disable username changing](https://docs.goauthentik.io/docs/sys-mgmt/settings#allow-users-to-change-username) and set the UID attribute to `http://schemas.goauthentik.io/2021/02/saml/username`.
:::
- **Optional display name**: `authentik`
- **Identifier of the IdP entity**: `https://authentik.company`
- **URL target for authentication requests**: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
@ -347,7 +335,6 @@ This documentation lists only the settings that you need to change from their de
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **LDAP** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name) and the bind flow to use for this provider
@ -359,7 +346,6 @@ This documentation lists only the settings that you need to change from their de
1. Log in to authentik as an admin, and open the authentik Admin interface.
2. Navigate to **Applications** > **Outposts** and click **Create**.
- **Name**: provide a suitable name for the outpost.
- **Type**: `LDAP`
- Under applications, add the newly created Nextcloud application to **Selected Applications**.
@ -371,9 +357,7 @@ This documentation lists only the settings that you need to change from their de
1. In Nextcloud, ensure that the **LDAP user and group backend** app is installed.
2. Log in to Nextcloud as an administrator.
3. Navigate to **Settings** > **LDAP user and group backend** and configure the following settings:
- On the **Server** tab:
- Click the **+** icon and enter the following settings:
- **Host**: enter the hostname/IP address of the authentik LDAP outpost preceded by `ldap://` or `ldaps://`. If using LDAPS you will also need to specify the certificate that is being used.
- **Port**: `389` or `636` for secure LDAP.
@ -381,11 +365,9 @@ This documentation lists only the settings that you need to change from their de
- Under **Base DN**, enter the **Search base** of the authentik LDAP provider.
- On the **Users** tab:
- Set **Only these object classes** to `Users`.
- On the **LDAP/AD integration** tab:
- Uncheck **LDAP/AD Username**.
- Set **Other Attributes** to `cn`.
- Click **Expert** in the top right corner and enter these settings:
@ -405,7 +387,6 @@ This documentation lists only the settings that you need to change from their de
- **Email Field**: `mailPrimaryAddress`
- On the **Groups** tab:
- Set **Only these object classes** to `groups`.
- Select the authentik groups that require Nextcloud access.

1
website/integrations/services/observium/index.md
View File

@ -85,7 +85,6 @@ To support the integration of Observium with authentik, you need to create an ap
```
Meaning of variables:
- `OIDCRedirectURI` is the same URI that is set for the authentik Provider.
- The `OIDCCryptoPassphrase` directive should be set to a random string, for more information, see [the official documentation](https://github.com/OpenIDC/mod_auth_openidc/blob/9c0909af71eb52283f4d3797e55d1efef64966f2/auth_openidc.conf#L15).
- `OIDCXForwardedHeaders` is necessary if your instance is behind a reverse proxy. If omitted, the module does not accept information from these headers.

1
website/integrations/services/omni/index.md
View File

@ -44,7 +44,6 @@ To support the integration of Omni with authentik, you need to create a property
- **Choose a Provider type**: select SAML Provider as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- **ACS URL**: `https://omni.company/saml/acs`
- **Service Provider Binding**: `Post`
- **Audience**: `https://omni.company/saml/metadata`

1
website/integrations/services/openproject/index.md
View File

@ -34,7 +34,6 @@ OpenProject requires a first and last name for each user. By default authentik o
- **Select type**: select **Scope Mapping** as the property mapping type.
- **Configure the Scope Mapping**: Provide a descriptive name (e.g. `Open Project Profile Scope`), and an optional description
- **Scope name**: `profile`
- **Expression**:

12
website/integrations/services/owncloud/index.md
View File

@ -35,45 +35,36 @@ The configuration for each application is nearly identical, except for the **Cli
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
- **Protocol settings:**
**Web UI:**
- **Signing Key**: Select any available signing key.
- **Client ID**: Use the value generated by authentik.
- **Client Secret**: Use the value generated by authentik.
- **Redirect URIs**:
- Strict: `https://owncloud.company/apps/openidconnect/redirect`
**Desktop Application**
- **Signing Key**: Select any available signing key.
- **Client ID**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-id).
- **Client Secret**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-secret).
- **Redirect URIs**:
- Regex: `http://localhost:\d+`
- Regex: `http://127.0.0.1:\d+`
**Android Application**
- **Signing Key**: Select any available signing key.
- **Client ID**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-id).
- **Client Secret**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-secret).
- **Redirect URI**:
- Strict: `oc://android.owncloud.com`
**iOS Application**
- **Signing Key**: Select any available signing key.
- **Client ID**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-id).
- **Client Secret**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-secret).
- **Redirect URI**:
- Strict: `oc://ios.owncloud.com`
- **Advanced protocol settings:**
@ -96,7 +87,6 @@ For other reverse proxies, consult the provider-specific documentation for guida
To enable OIDC functionality in ownCloud, follow these steps:
1. **Navigate to the Market**:
- Access the Market by visiting:
`https://owncloud.company/apps/market/#/`
or by clicking the **Hamburger Menu** in the top-left corner of any page in your ownCloud deployment and selecting **Market**.
@ -117,7 +107,6 @@ To enable OIDC functionality in ownCloud, follow these steps:
:::
3. **Create the `oidc.config.php` File**:
- Place a file named `oidc.config.php` in the same directory as the existing `config.php` file in your ownCloud installation.
- Files named with this pattern are treated as "override" files, allowing ownCloud to override matching configuration keys in the `config.php` file.
@ -202,7 +191,6 @@ For more information on other available configuration options, refer to the OIDC
You have successfully configured OIDC authentication through authentik. Here's what you can expect next:
- **Login Behavior:**
- If the `autoRedirectOnLoginPage` option is **set to false**, navigating to `https://owncloud.company` will present the standard login page, which now includes an "Log in with authentik" button (or any custom text defined in the `loginButtonName` field).
- If the `autoRedirectOnLoginPage` option is **set to true**, users will be automatically redirected to the authentik login page when attempting to access `https://owncloud.company`.

2
website/integrations/services/pangolin/index.mdx
View File

@ -29,7 +29,6 @@ To support the integration of Pangolin with authentik, you need to create an app
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
@ -44,7 +43,6 @@ To support the integration of Pangolin with authentik, you need to create an app
1. Log in to Pangolin as an administrator.
2. Navigate to **Server Admin** > **Identity Providers**, and click **Add Identity Provider**.
- Under **General Information**:
- **Name**: `authentik`
- **Auto Provision Users** _(optional)_: enable this option for authentik users to be automatically provisioned in Pangolin on first login.

1
website/integrations/services/paperless-ngx/index.mdx
View File

@ -29,7 +29,6 @@ To support the integration of Paperless-ngx with authentik, you need to create a
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.

2
website/integrations/services/pgadmin/index.md
View File

@ -33,7 +33,6 @@ To support the integration of pgAdmin with authentik, you need to create an appl
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
@ -51,7 +50,6 @@ To configure OAuth in pgAdmin, you can either use the `config_local.py` file or
### Using `config_local.py`
1. Locate or create the `config_local.py` file in the `/pgadmin4/` directory.
- If the file does not exist, create it manually.
2. Add the following configuration settings to `config_local.py`:

9
website/integrations/services/phpipam/index.md
View File

@ -39,34 +39,29 @@ You need to ensure users and groups exist before we proceed with the next steps.
The groups are used for property mappings later to give the user the correct permission level in the application. For this documentation there is an example for each of the 3 main default permission levels and an easy way to visualise the differences between them.
1. **Create test-user 0**
- username: test-user0
- Name: Test User0
- Email: test-user0@domain.company
- path: users
2. **Create test-user 1**
- username: test-user1
- Name: Test User1
- Email: test-user1@domain.company
- path: users
3. **Create test-user 2**
- username: test-user2
- Name: Test User2
- Email: test-user2@domain.company
- path: users
4. **Create all required groups (under _Directory/Groups_)**
- admin-permission-group
- operator-permission-group
- guest-permission-group
5. **Assign groups to users for testing**
- admin-permission-group
- Select Directory -> Groups
- Select `admin-permission-group`
@ -91,7 +86,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S
- Select Create -> SAML Property Mapping -> Next
1. display_name
- Name: phpipam-display-name
- SAML Attribute Name: display_name
- Expression:
@ -101,7 +95,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S
```
2. email
- Name: phpipam-email
- SAML Attribute Name: email
- Expression:
@ -111,7 +104,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S
```
3. is_admin
- Name: phpipam-is-admin
- SAML Attribute Name: is_admin
- Expression:
@ -121,7 +113,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S
```
4. groups
- Name: phpipam-groups
- SAML Attribute Name: groups
- Expression:

3
website/integrations/services/plesk/index.md
View File

@ -47,7 +47,6 @@ To support the integration of Plesk with authentik, you need to create an applic
## Plesk configuration
1. Install the OAuth login extension:
- Log in to your Plesk installation.
- Navigate to **Extensions** in the left sidebar.
- Select **Extensions Catalog**.
@ -55,12 +54,10 @@ To support the integration of Plesk with authentik, you need to create an applic
- Click **Install** next to the OAuth login extension.
2. Enable and configure OAuth authentication:
- After installation, select **Extensions** > **OAuth Login** in the left sidebar.
- Enable OAuth authentication using the toggle switch in the main configuration panel.
3. In the same panel, configure these OAuth settings:
- **Client ID**: Enter the Client ID from your authentik provider
- **Client Secret**: Enter the Client Secret from your authentik provider
- **Callback Host**: Enter your Plesk FQDN (example: `https://plesk.company`)

5
website/integrations/services/proxmox-ve/index.md
View File

@ -49,12 +49,10 @@ To support the integration of Proxmox with authentik, you need to create an appl
1. Log in to the Proxmox VE web interface using an administrative account.
2. Navigate to authentication source settings.
- Go to **Datacenter** > **Permissions** > **Realms**.
- Click **Add** and select **Realm** to open the Add Realm dialog.
3. Fill out the OpenID Connect settings.
- In the dialog that appears, fill in the following details:
- **Issuer URL**: Enter the Issuer URL from authentik (found in your provider's overview tab), e.g., `https://authentik.company/application/o/proxmox/`.
- **Realm**: Enter a name for this authentication source, such as `authentik`.
@ -69,15 +67,12 @@ To support the integration of Proxmox with authentik, you need to create an appl
![Proxmox Add OpenID Connect Server Dialog](proxmox-source.png)
4. **Save the configuration**.
- Click **Add** to save the settings.
5. **Assign permissions**
- After setting up the authentication source, go to **Permissions** to assign roles and permissions for each user as needed.
6. **Logging in**
- Users can select this authentication method from the Proxmox login screen, or if set as default, it will be automatically selected.
![Proxmox login page with authentik marked as default login method](proxmox-login.png)

5
website/integrations/services/push-security/index.mdx
View File

@ -30,10 +30,8 @@ Push Security requires separate first and last names for each user, but authenti
1. Log in to authentik as an administrator, and open the authentik Admin interface.
2. Navigate to **Customization** > **Property Mappings** and click **Create**.
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
- **Configure the SAML Provider Property Mapping**:
- **Name**: `givenname`
- **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`
- **Expression**:
@ -44,10 +42,8 @@ Push Security requires separate first and last names for each user, but authenti
3. Click **Finish**.
4. Click **Create** to create the second property mapping.
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
- **Configure the SAML Provider Property Mapping**:
- **Name**: `familyname`
- **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`
- **Expression**:
@ -62,7 +58,6 @@ Push Security requires separate first and last names for each user, but authenti
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- Take note of the application slug as it will be required later on.
- **Choose a Provider type**: select **SAML Provider** as the provider type.

1
website/integrations/services/rocketchat/index.md
View File

@ -65,7 +65,6 @@ In Rocket.chat, follow the procedure below:
![](./rocketchat6.png)
5. Scroll down to the new OAuth application, expand the dropdown, and enter the following settings:
- Enable: Turn the radio button to the _on_ position
- URL: https://authentik.company/application/o
- Token Path: /token/

1
website/integrations/services/semaphore/index.mdx
View File

@ -31,7 +31,6 @@ To support the integration of Semaphore with authentik, you need to create an ap
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.

3
website/integrations/services/stripe/index.mdx
View File

@ -56,11 +56,9 @@ To support the integration of Stripe with authentik, you need to create a group,
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **SAML Provider** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Set the **ACS URL** to `https://dashboard.stripe.com/login/saml/consume`.
- Set the **Audience** to `https://dashboard.stripe.com/saml/metadata`.
- Set the **Service Provider Binding** to `Post`.
@ -86,7 +84,6 @@ To support the integration of Stripe with authentik, you need to create a group,
3. Click **Add domain**, then input the domain that SSO users will use. For more information, see the [Stripe Proving Domain Owenership documentation](https://docs.stripe.com/get-started/account/sso/other#proving-domain-verification).
4. Once your domain is verified, click on the 3 dots next to the domain name, and click **Manage SSO Settings**.
5. Enter the following settings:
- **Identity Provider URL**: `https://auth.domain.com/application/saml/stripe/sso/binding/redirect/`
- **Issuer ID**: `authentik`
- **Identity Provider Certificate**: Paste in the contents of your authentik signing certificate.

1
website/integrations/services/tailscale/index.md
View File

@ -48,7 +48,6 @@ To support the integration of Tailscale with authentik, you need to create an ap
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.

1
website/integrations/services/uptime-kuma/index.md
View File

@ -35,7 +35,6 @@ To support the integration of Uptime Kuma with authentik, you need to create an
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **Proxy Provider** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Set the **External host** to `https://uptime-kuma.company`.
- Set the **Internal host** to `http://uptime-kuma:3001` where `uptime-kuma:3001` is the hostname and port of your Uptime Kuma container.
- Under **Advanced protocol settings**, set **Unauthenticated Paths** to the following to allow unauthenticated access to the public status page:

5
website/integrations/services/vmware-vcenter/index.md
View File

@ -49,7 +49,6 @@ To support the integration of vCenter with authentik, you need to create an appl
2. Click **Change Provider** in the top-right corner, and then select **Okta** from the drop-down list.
3. In the wizard, click **Run Prechecks**, select the confirmation box, and then click **Next**
- Enter the **Directory Name**. For example `authentik` or any other name.
- Add a **Domain Name**. For example `authentik.company`.
- Click on the Plus (+) sign to show the default domain name.
@ -57,7 +56,6 @@ To support the integration of vCenter with authentik, you need to create an appl
4. Click **Next**.
5. On the OpenID Connect page, enter the following values:
- Set **Identity Provider Name** to `authentik`.
- Set **Client Identifier** to the client ID from authentik.
- Set **Shared secret** to the client secret from authentik.
@ -66,14 +64,12 @@ To support the integration of vCenter with authentik, you need to create an appl
6. Click **Next**, and then **Finish**.
7. On the **Single Sign On -> Configuration** page, in the **User Provisioning** area, take the following steps:
- Copy the **Tenant URL** and save to a safe place.
- Click on **Generate** to generate a SCIM token.
- Click **Generate** in the newly opened modal box.
- Copy the token and save to a safe place.
8. Return to the authentik Admin interface.
- Create a SCIM provider with the name `vcenter-scim`.
- Paste the Tenant URL into **URL** field for the provider.
- Paste the token you saved into the **Token** field.
@ -84,7 +80,6 @@ To support the integration of vCenter with authentik, you need to create an appl
- Navigate to the provider and trigger a sync.
9. Return to vCenter.
- Navigate to **Administration -> Access Control -> Global Permissions**.
- Click **Add**.
- Select the Domain created above from the dropdown.

2
website/integrations/services/wazuh/index.mdx
View File

@ -38,7 +38,6 @@ To support the integration of Wazuh with authentik, you need to create a group,
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **SAML Provider Property Mapping** with the following settings:
- **Name**: Choose a descriptive name
- **SAML Attribute Name**: `Roles`
- **Friendly Name**: Leave blank
@ -192,7 +191,6 @@ And the `metadata_file`, `kibana_url`, and `exchange_key` parameters in the `sam
2. On the Wazuh dashboard click the upper-left menu icon ☰ to open the menu, go to **Server management** -> **Security** -> **Roles mapping**
3. Click **Create Role mapping** and configure the following parameters:
- **Role Name**: set a name for the role mapping (e.g. authentik_admins)
- **Roles**: select a role (e.g.`administrator`)
- **Custom rules**: Click **Add new rule** and set:

2
website/integrations/services/xcreds/index.mdx
View File

@ -22,7 +22,6 @@ To support the integration of XCreds with authentik, you need to create an appli
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
@ -47,7 +46,6 @@ After XCreds is installed on a target Mac you will need to configure it by creat
[ProfileCreator](https://github.com/ProfileCreator/ProfileCreator) is an open source macOS application used to create configuration policies. It is required to create a configuration policy for XCreds.
1. Open the **ProfileCreator** application and click on the `+` icon in the top left corner to create a new configuration policy:
- Under **General** provide a descriptive Payload Display Name, Payload Description, and Payload Organization.
2. Now you need to add a XCreds payload to the configuration policy. Click on the **Application Managed Preferences** icon in the left hand column that looks like an `A` (third icon from the left, in the left hand column).