website: bump prettier from 3.5.3 to 3.6.0 in /website (#15199)

* website: bump prettier from 3.5.3 to 3.6.0 in /website Bumps [prettier](https://github.com/prettier/prettier) from 3.5.3 to 3.6.0. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/prettier/compare/3.5.3...3.6.0) --- updated-dependencies: - dependency-name: prettier dependency-version: 3.6.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-06-23 21:29:14 +02:00
parent 0c73572b0c
commit 0b6ab171ce
94 changed files with 5 additions and 5131 deletions
--- a/website/docs/add-secure-apps/applications/manage_apps.mdx
+++ b/website/docs/add-secure-apps/applications/manage_apps.mdx
@ -13,7 +13,6 @@ To add an application to authentik and have it display on users' **My applicatio
 2. Navigate to **Applications -> Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can create only an application, without a provider, by clicking **Create.)**
 3. In the **New application** box, define the application details, the provider type and configuration settings, and bindings for the application.
    - **Application**: provide a name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider**: select the provider types for this application.
--- a/website/docs/add-secure-apps/flows-stages/flow/index.md
+++ b/website/docs/add-secure-apps/flows-stages/flow/index.md
@ -77,7 +77,6 @@ import Defaultflowlist from "../flow/flow_list/\_defaultflowlist.mdx";
    When the compatibility mode is enabled, authentik uses a polyfill which emulates the Shadow DOM APIs without actually using the feature, and instead a traditional DOM is rendered. This increases support for password managers, especially on mobile devices.
 - **Denied action**: Configure what happens when access to a flow is denied by a policy. By default, authentik will redirect to a `?next` parameter if set, and otherwise show an error message.
    - `MESSAGE_CONTINUE`: Show a message if no `?next` parameter is set, otherwise redirect.
    - `MESSAGE`: Always show error message.
    - `CONTINUE`: Always redirect, either to `?next` if set, otherwise to the default interface.
--- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_email/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_email/index.md
@ -16,17 +16,14 @@ To use the Email Authenticator Setup stage in a flow, follow these steps:
 1. [Create](../../flow/index.md#create-a-custom-flow) a new flow or edit an existing one.
 2. On the flow's **Stage Bindings** tab, click **Create and bind stage** to create and add the Email Authenticator Setup stage. (If the stage already exists, click **Bind existing stage**.)
 3. Configure the stage settings as described below.
    - **Name**: provide a descriptive name, such as Email Authenticator Setup.
    - **Authenticator type name**: define the display name for this stage.
    - **Use global connection settings**: the stage can be configured in two ways: global settings or stage-specific settings.
        - Enable (toggle on) the **Use global connection settings** option to use authentik's global email configuration. Note that you must already have configured your environment variables to use the global settings. See instructions for [Docker Compose](../../../../install-config/install/docker-compose#email-configuration-optional-but-recommended) and for [Kubernetes](../../../../install-config/install/kubernetes#optional-step-configure-global-email-credentials).
        - If you need different email settings for this stage, disable (toggle off) **Use global connection settings** and configure the following options:
        - **Connection settings**:
            - **SMTP Host**: SMTP server hostname (default: localhost)
            - **SMTP Port**: SMTP server port number(default: 25)
            - **SMTP Username**: SMTP authentication username (optional)
@ -37,7 +34,6 @@ To use the Email Authenticator Setup stage in a flow, follow these steps:
            - **From Address**: Email address that messages are sent from (default: system@authentik.local)
        - **Stage-specific settings**:
            - **Subject**: Email subject line (default: "authentik Sign-in code")
            - **Token Expiration**: Time in minutes that the sent token is valid (default: 30)
            - **Configuration flow**: select the flow to which you are binding this stage.
--- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index.md
@ -65,11 +65,9 @@ For detailed instructions, refer to Google documentation.
 2. In the Admin interface, navigate to **Flows -> Stages**.
 3. Click **Create**, and select **Endpoint Authenticator Google Device Trust Connector Stage**, and in the **New stage** box, define the following fields:
    - **Name**: define a descriptive name, such as "chrome-device-trust".
    - **Google Verified Access API**
        - **Credentials**: paste the contents of the JSON file (the key) that you downloaded earlier.
 4. Click **Finish**.
--- a/website/docs/add-secure-apps/flows-stages/stages/mtls/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/mtls/index.md
@ -105,13 +105,10 @@ When using authentik without a reverse proxy, select the certificate authorities
 4. In the Admin interface, navigate to **Flows -> Stages**.
 5. Click **Create**, and select **Mutual TLS Stage**, and in the **New stage** box, define the following fields:
    - **Name**: define a descriptive name, such as "chrome-device-trust".
    - **Stage-specific settings**
        - **Mode**: Configure the mode this stage operates in.
            - **Certificate optional**: When no certificate is provided by the user or the reverse proxy, the flow will continue to the next stage.
            - **Certificate required**: When no certificate is provided, the flow ends with an error message.
--- a/website/docs/add-secure-apps/flows-stages/stages/user_login/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/user_login/index.md
@ -21,7 +21,6 @@ When creating or editing this stage in the UI of the Admin interface, you can se
    :::
    You can set the session to expire after any duration using the syntax of `hours=1,minutes=2,seconds=3`. The following keys are allowed:
    - Microseconds
    - Milliseconds
    - Seconds
--- a/website/docs/add-secure-apps/outposts/integrations/docker.md
+++ b/website/docs/add-secure-apps/outposts/integrations/docker.md
@ -17,11 +17,9 @@ The following outpost settings are used:
 The container is created with the following hardcoded properties:
 - Labels
    - `io.goauthentik.outpost-uuid`: Used by authentik to identify the container, and to allow for name changes.
    Additionally, the proxy outposts have the following extra labels to add themselves into Traefik automatically.
    - `traefik.enable`: "true"
    - `traefik.http.routers.ak-outpost-<outpost-name>-router.rule`: `Host(...)`
    - `traefik.http.routers.ak-outpost-<outpost-name>-router.service`: `ak-outpost-<outpost-name>-service`
--- a/website/docs/add-secure-apps/providers/entra/add-entra-provider.md
+++ b/website/docs/add-secure-apps/providers/entra/add-entra-provider.md
@ -19,11 +19,9 @@ As detailed in the steps below, when you add an Entra ID provider in authentik y
 2.  In the Admin interface, navigate to **Applications -> Providers**.
 3.  Click **Create**, and in the **New provider** box select **Microsoft Entra Provider** as the type and click **Next**.
 4.  Define the following fields:
    - **Name**: define a descriptive name, such as "Entra provider".
    - **Protocol settings**
        - **Client ID**: enter the Client ID that you [copied from your Entra app](./setup-entra.md).
        - **Client Secret**: enter the secret from Entra.
        - **Tenant ID**: enter the Tenant ID from Entra.
@ -47,7 +45,6 @@ As detailed in the steps below, when you add an Entra ID provider in authentik y
 1. Log in as an admin to authentik, and go to the Admin interface.
 2. In the Admin interface, navigate to **Applications -> Applications**.
 3. Click **Create**, and define the following fields:
    - **Name**: provide a descriptive name.
    - **Slug**: enter the name of the app as you want it to appear in the URL.
    - **Group**: optionally, chose a group; apps in the same group are displayed together on the **My applications** page.
--- a/website/docs/add-secure-apps/providers/gws/add-gws-provider.md
+++ b/website/docs/add-secure-apps/providers/gws/add-gws-provider.md
@ -20,11 +20,9 @@ When adding the Google Workspace provider in authentik, you must define the **Ba
 2. In the Admin interface, navigate to **Applications -> Providers**.
 3. Click **Create**, and select **Google Workspace Provider**, and in the **New provider** box, define the following fields:
    - **Name**: define a descriptive name, such as "GWS provider".
    - **Protocol settings**
        - **Credentials**: paste the contents of the JSON file you downloaded earlier.
        - **Delegated Subject**: enter the email address of the user all of authentik's actions should be delegated to
        - **Default group email domain**: enter a default domain which will be used to generate the domain for groups synced from authentik.
@ -32,12 +30,10 @@ When adding the Google Workspace provider in authentik, you must define the **Ba
        - **Group deletion action**: determines what authentik will do when a group is deleted from authentik.
    - **User filtering**
        - **Exclude service accounts**: set whether to include or exclude service accounts.
        - **Group**: select any specific groups to enforce that filtering (for all actions) is done only for the selected groups.
    - **Attribute mapping**
        - **User Property Mappings**: select any applicable mappings, or use the default.
        - **Group Property Mappings**: select any applicable mappings, or use the default.
@ -51,7 +47,6 @@ When adding the Google Workspace provider in authentik, you must define the **Ba
   If you have also configured Google Workspace to log in using authentik following [these](https://docs.goauthentik.io/integrations/services/google/index), then this configuration can be done on the same app by adding this new provider as a backchannel provider on the existing app instead of creating a new app.
   :::
 3. Click **Create**, and in the **New provider** box, and define the following fields:
    - **Slug**: enter the name of the app as you want it to appear in the URL.
    - **Provider**: when _not_ used in conjunction with the Google SAML configuration should be left empty.
    - **Backchannel Providers**: this field is required for Google Workspace. Select the name of the Google Workspace provider that you created in the steps above.
--- a/website/docs/add-secure-apps/providers/rac/how-to-rac.md
+++ b/website/docs/add-secure-apps/providers/rac/how-to-rac.md
@ -36,7 +36,6 @@ Next, you need to add property mappings for each remote machine you want to acce
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Customization > Property Mappings** and click **Create**.
    - **Select Type**: RAC Property Mappings
    - **Create RAC Property Mapping**:
        - **Name**s: define a name for the property mapping, perhaps include the type of connection (RDP, SSH, VNC)
@ -61,7 +60,6 @@ Finally, you need to create an endpoint for each remote machine. Endpoints are d
 2. Navigate to **Applications > Providers**.
 3. Click the **Edit** button on the RAC provider that you previously created.
 4. On the Provider page, under **Endpoints**, click **Create**, and provide the following settings:
    - **Name**: define a name for the endpoint, perhaps include the type of connection (RDP, SSH, VNC).
    - **Protocol**: select the appropriate protocol.
    - **Host**: enter the host name or IP address of the remote machine.
--- a/website/docs/add-secure-apps/providers/rac/rac-public-key.md
+++ b/website/docs/add-secure-apps/providers/rac/rac-public-key.md
@ -53,7 +53,6 @@ SSH private keys can be configured via several methods:
 1.  Log in to authentik as an administrator, and open the authentik Admin interface.
 2.  Navigate to **Customization** > **Property Mappings** and click **Create**, then create a **RAC Provider Property Mapping** with the following settings:
    - **Name**: Choose a descriptive name
    - Under **Advanced Settings**:
        - **Expression**:
@ -82,7 +81,6 @@ SSH private keys can be configured via several methods:
 1.  Log in to authentik as an administrator, and open the authentik Admin interface.
 2.  Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **RAC Provider Property Mapping** with the following settings:
    - **Name**: Choose a descriptive name
    - Under **Advanced Settings**:
        - **Expression**:
--- a/website/docs/add-secure-apps/providers/ssf/create-ssf-provider.md
+++ b/website/docs/add-secure-apps/providers/ssf/create-ssf-provider.md
@ -43,7 +43,6 @@ The workflow to implement an SSF provider as a [backchannel provider](../../appl
 2. Click **Create**.
 3. Define the settings for the application:
    - **Name**: define a descriptive name of the application.
    - **Slug**: optionally define the internal application name used in URLs.
    - **Group**: optionally select a group that you want to have access to this application.
--- a/website/docs/customize/policies/expression.mdx
+++ b/website/docs/customize/policies/expression.mdx
@ -53,7 +53,6 @@ import Objects from "../../expressions/_objects.md";
 <Objects />
 - `request`: A PolicyRequest object, which has the following properties:
    - `request.user`: The current user, against which the policy is applied. See [User](../../users-sources/user/index.mdx)
        :::caution
@ -71,7 +70,6 @@ import Objects from "../../expressions/_objects.md";
    :::info
    For basic country matching, consider using a [GeoIP policy](./index.md#geoip-policy).
    :::
    - `continent`: a two character continent code like `NA` (North America) or `OC` (Oceania).
    - `country`: the two character [ISO 3166-1](https://en.wikipedia.org/wiki/ISO_3166-1) alpha code for the country.
    - `lat`: the approximate latitude of the location associated with the IP address.
@ -87,7 +85,6 @@ import Objects from "../../expressions/_objects.md";
    :::info
    For basic ASN matching, consider using a [GeoIP policy](./index.md#geoip-policy).
    :::
    - `asn`: the autonomous system number associated with the IP address.
    - `as_org`: the organization associated with the registered autonomous system number for the IP address.
    - `network`: the network associated with the record. In particular, this is the largest network where all of the fields except `ip_address` have the same value.
@ -112,7 +109,6 @@ Additionally, when the policy is executed from a flow, every variable from the f
 This includes the following:
 - `context['flow_plan']`: The actual flow plan itself, can be used to inject stages.
    - `context['flow_plan'].context`: The context of the currently active flow, which differs from the policy context. Some fields of flow plan context are passed to the root context, and updated from it, like 'prompt_data', but not every variable
    - `context['flow_plan'].context['redirect']`: The URL the user should be redirected to after the flow execution succeeds. (Optional)
@ -126,7 +122,6 @@ This includes the following:
    Depending on method, `context['auth_method_args']` is also set.
    Can be any of:
    - `password`: Standard password login
    - `auth_mfa`: MFA login (this method is only set if no password was used)
--- a/website/docs/developer-docs/docs/style-guide.mdx
+++ b/website/docs/developer-docs/docs/style-guide.mdx
@ -127,7 +127,6 @@ Whether to capitalize after a colon depends on the context. Typically, we do not
 - Typically, avoid using the word "may" in technical writing, as it implies permission rather than ability to perform an action. Instead, use **"can"** to suggest possibility.
 - **"Might"** should be used to indicate that something could happen under certain conditions, but use it sparingly. It implies unpredictability, which can be undesirable in software documentation.
    - **DON'T:** "You may use an Expression policy to enforce MFA adherence."
    - **DO:** "You can use an Expression policy to enforce MFA adherence."
    - **DO:** "Values might differ depending on the source of the property mappings."
@ -172,16 +171,13 @@ When writing out steps in a procedural topic, avoid starting with "Once...". Ins
 - When referring to authentik functionality and features, such as flows, stages, sources, or policies, do not capitalize and do not use bold or italic text. When possible link to the corresponding documentation.
 - Use **bold** to highlight:
    - UI elements such as field names, labels, buttons, or options (e.g., **Save** button, **Username** field).
    - Key actions in instructions (e.g., **Click Next**).
 - Use _italic_ for:
    - Emphasis, but sparingly, to avoid overuse. For example, you can use italics for important terms or concepts on first mention in a section. Do not use italics to indicate a variable or placeholder; instead use angle brackets as described under [Variables](#variables).
 - Use `code formatting` for:
    - Commands (e.g., `kubectl get nodes`).
    - File paths, file names, and directory names (e.g., `/usr/local/bin/`).
    - Inline code snippets (e.g., `.env`).
@ -211,7 +207,6 @@ To clearly indicate terms or values that are placeholders and require user input
 ### Titles and headers
 - Titles and headers (H1, H2, H3) should follow **sentence case capitalization**, meaning only the first word is capitalized, except for proper nouns or product names.
    - **DO:** "Configure the Google Workspace provider"
    - **DON'T:** "CONFIGURE THE GOOGLE WORKSPACE PROVIDER"
    - **DON'T:** "Configure The Google Workspace Provider"
@ -332,7 +327,6 @@ When documenting errors, follow this structure:
    ```
 - **Possible causes**:
    - Incorrect username or password.
    - Account locked due to multiple failed attempts.
@ -422,7 +416,6 @@ This level is for extremely serious situations, such as an action permanently re
    Note: Badges should be defined in the front matter, not in the markdown content. The system will automatically display the appropriate badges based on the front matter metadata.
 - **Directives**: You can also use directives in your markdown content to add badges inline:
    - `:ak-version[2025.4]` - Shows when a feature was introduced (requires semantic version)
    - `:ak-preview` - Indicates preview features
    - `:ak-enterprise` - Indicates features in our Enterprise offering
--- a/website/docs/developer-docs/releases/index.md
+++ b/website/docs/developer-docs/releases/index.md
@ -13,7 +13,6 @@
 - Create/update the release notes
    #### For initial releases:
    - Copy `website/docs/releases/_template.md` to `website/docs/releases/v2022.12.md` and replace `xxxx.x` with the version that is being released
    - Fill in the section of `Breaking changes` and `New features`, or remove the headers if there's nothing applicable
@ -35,7 +34,6 @@
    - Run `make website`
    #### For subsequent releases:
    - Paste the list of commits since the previous release into `website/docs/releases/v2022.12.md`, creating a new section called `## Fixed in 2022.12.2` underneath the `Minor changes/fixes` section
    - Run `make gen-changelog` and use the contents of `changelog.md`. Remove merged PRs from bumped dependencies unless they fix security issues or are otherwise notable. Remove merged PRs with the `website/` prefix.
@ -48,7 +46,6 @@
 - Push the tag and commit
 - A GitHub actions workflow will start to run a last test in container images and create a draft release on GitHub
 - Edit the draft GitHub release
    - Make sure the title is formatted `Release 2022.12.0`
    - Add the following to the release notes
--- a/website/docs/enterprise/manage-enterprise.mdx
+++ b/website/docs/enterprise/manage-enterprise.mdx
@ -32,7 +32,6 @@ In the Customer Portal you can remove members and invite new members to the orga
 2. On the **My organizations** page, click the name of the organization you want to edit membership in.
    Your organization page displays.
    - To remove a member, scroll down to the **Membership** area and then click **Remove** beside the name of the member.
    - To invite a new member, scroll down to the **Pending invitations** area, and enter the email address for the person, select the role, and then click **Invite**.
@ -150,7 +149,6 @@ Billing is based on each individual organization.
 3. Click **Manage Billing** in the top left of the page.
    On the billing page you can:
    - update your account information (address, name, phone number, and tax ID)
    - add a payment method
    - view your invoice and payment history
--- a/website/docs/install-config/configuration/configuration.mdx
+++ b/website/docs/install-config/configuration/configuration.mdx
@ -311,7 +311,6 @@ Disable the inbuilt update-checker. Defaults to `false`.
 - `AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE`
    Placeholders:
    - `%(type)s`: Outpost type; proxy, ldap, etc
    - `%(version)s`: Current version; 2021.4.1
    - `%(build_hash)s`: Build hash if you're running a beta version
@ -323,7 +322,6 @@ Disable the inbuilt update-checker. Defaults to `false`.
    Configure the automatic discovery of integrations. Defaults to `true`.
    By default, the following is discovered:
    - Kubernetes in-cluster config
    - Kubeconfig
    - Existence of a docker socket
--- a/website/docs/releases/2021/v2021.2.md
+++ b/website/docs/releases/2021/v2021.2.md
@ -14,7 +14,6 @@ slug: "/releases/2021.2"
 - Improved support for different LDAP Servers
    The LDAP source has improved support for non-Active Directory LDAP setups. This includes the following changes:
    - Switch to sync membership from groups to users rather than user to group
    - Fix users, which were removed from a group in LDAP not being removed from said group
    - Add support for LDAP servers which have core fields declared as lists
--- a/website/docs/releases/2021/v2021.4.md
+++ b/website/docs/releases/2021/v2021.4.md
@ -11,7 +11,6 @@ slug: "/releases/2021.4"
    You can now configure if _all_ policies need to pass, or if _any_ policy needs to pass.
    This can now be configured for the following objects:
    - Applications (access restrictions)
    - Sources
    - Flows
@ -27,7 +26,6 @@ slug: "/releases/2021.4"
 - New UI
    While the UI mostly looks the same, under the hood a lot has changed. The Web UI is now a Single-page application based on rollup and lit-html. This has several consequences and new features, for example:
    - You can now see a user's OAuth Access/Refresh tokens and the consents they've given
    - You can now see a per-object changelog based on the model_create/update/delete events being created.
    - A new API Browser is available under `https://authentink.company/api/v2beta/`
--- a/website/docs/releases/2021/v2021.5.md
+++ b/website/docs/releases/2021/v2021.5.md
@ -41,7 +41,6 @@ This feature is still in technical preview, so please report any Bugs you run in
    You can now configure how a source behaves after the user has authenticated themselves to the source. Previously, authentik always checked the unique identifier from the source, enrolled the user when the identifier didn't exist and authenticated the user otherwise.
    Now you can configure how the matching should be done:
    - Identifier: Keeps the old behaviour, can lead to duplicate user accounts
    - Email (link): If a user with the same Email address exists, they are linked. Can have security implications when a source doesn't validate email addresses.
    - Email (deny): Deny the flow if the Email address is already used.
--- a/website/docs/releases/2021/v2021.6.md
+++ b/website/docs/releases/2021/v2021.6.md
@ -16,7 +16,6 @@ slug: "/releases/2021.6"
    This version adds soft multi-tenancy. This means you can configure different branding settings and different default flows per domain.
    This also changes how a default flow is determined. Previously, for defaults flow, authentik would pick the first flow that
    - matches the required designation
    - comes first sorted by slug
    - is allowed by policies
--- a/website/docs/releases/2022/v2022.1.md
+++ b/website/docs/releases/2022/v2022.1.md
@ -16,7 +16,6 @@ This release mostly removes legacy fields and features that have been deprecated
    This release consolidates headers sent by authentik to have a common prefix.
    The following headers have been removed:
    - X-Auth-Username, use `X-authentik-username`
    - X-Auth-Groups, use `X-authentik-groups`
    - X-Forwarded-Email, use `X-authentik-email`
@ -34,7 +33,6 @@ This release mostly removes legacy fields and features that have been deprecated
 - Backup:
    The integrated backup has been deprecated for the following reasons:
    - Difficulty with restores not working properly
    - Inflexible configuration (fixed retention, limited to once a day, only S3 supported)
    - Most users will already have an existing backup infrastructure
--- a/website/docs/releases/2022/v2022.10.md
+++ b/website/docs/releases/2022/v2022.10.md
--- a/website/docs/releases/2022/v2022.11.md
+++ b/website/docs/releases/2022/v2022.11.md
@ -97,7 +97,6 @@ image:
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `check_static_rules` (boolean)
    - Added property `check_have_i_been_pwned` (boolean)
@ -135,7 +134,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `check_static_rules` (boolean)
    - Added property `check_have_i_been_pwned` (boolean)
@ -173,7 +171,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `check_static_rules` (boolean)
    - Added property `check_have_i_been_pwned` (boolean)
@ -194,19 +191,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Changed property `groups_obj` (array)
            Changed items (object): > Simplified Group Serializer for user's groups
            New optional properties:
            - `users_obj`
            * Deleted property `users` (array)
            * Deleted property `users_obj` (array)
@ -218,19 +211,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Changed property `groups_obj` (array)
            Changed items (object): > Simplified Group Serializer for user's groups
            New optional properties:
            - `users_obj`
            * Deleted property `users` (array)
            * Deleted property `users_obj` (array)
@ -242,19 +231,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Changed property `groups_obj` (array)
            Changed items (object): > Simplified Group Serializer for user's groups
            New optional properties:
            - `users_obj`
            * Deleted property `users` (array)
            * Deleted property `users_obj` (array)
@ -266,15 +251,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `groups_obj` (array)
        Changed items (object): > Simplified Group Serializer for user's groups
        New optional properties:
        - `users_obj`
        * Deleted property `users` (array)
        * Deleted property `users_obj` (array)
@ -286,15 +268,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `groups_obj` (array)
        Changed items (object): > Simplified Group Serializer for user's groups
        New optional properties:
        - `users_obj`
        * Deleted property `users` (array)
        * Deleted property `users_obj` (array)
@ -306,15 +285,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `groups_obj` (array)
        Changed items (object): > Simplified Group Serializer for user's groups
        New optional properties:
        - `users_obj`
        * Deleted property `users` (array)
        * Deleted property `users_obj` (array)
@ -326,19 +302,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Changed property `groups_obj` (array)
            Changed items (object): > Simplified Group Serializer for user's groups
            New optional properties:
            - `users_obj`
            * Deleted property `users` (array)
            * Deleted property `users_obj` (array)
@ -350,19 +322,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Changed property `groups_obj` (array)
            Changed items (object): > Simplified Group Serializer for user's groups
            New optional properties:
            - `users_obj`
            * Deleted property `users` (array)
            * Deleted property `users_obj` (array)
@ -374,19 +342,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Changed property `groups_obj` (array)
            Changed items (object): > Simplified Group Serializer for user's groups
            New optional properties:
            - `users_obj`
            * Deleted property `users` (array)
            * Deleted property `users_obj` (array)
@ -415,7 +379,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `check_static_rules` (boolean)
    - Added property `check_have_i_been_pwned` (boolean)
@ -448,11 +411,9 @@ Added: `zxcvbn_score_threshold` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Password Policy Serializer
        - Added property `check_static_rules` (boolean)
        - Added property `check_have_i_been_pwned` (boolean)
@ -473,19 +434,15 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Changed property `groups_obj` (array)
            Changed items (object): > Simplified Group Serializer for user's groups
            New optional properties:
            - `users_obj`
            * Deleted property `users` (array)
            * Deleted property `users_obj` (array)
@ -497,23 +454,18 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Token Serializer
        - Changed property `user_obj` (object)
            > User Serializer
            - Changed property `groups_obj` (array)
                Changed items (object): > Simplified Group Serializer for user's groups
                New optional properties:
                - `users_obj`
                * Deleted property `users` (array)
                * Deleted property `users_obj` (array)
@ -525,19 +477,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user` (object)
        > User Serializer
        - Changed property `groups_obj` (array)
            Changed items (object): > Simplified Group Serializer for user's groups
            New optional properties:
            - `users_obj`
            * Deleted property `users` (array)
            * Deleted property `users_obj` (array)
@ -549,15 +497,12 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `groups_obj` (array)
        Changed items (object): > Simplified Group Serializer for user's groups
        New optional properties:
        - `users_obj`
        * Deleted property `users` (array)
        * Deleted property `users_obj` (array)
@ -569,19 +514,15 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > User Serializer
        - Changed property `groups_obj` (array)
            Changed items (object): > Simplified Group Serializer for user's groups
            New optional properties:
            - `users_obj`
            * Deleted property `users` (array)
            * Deleted property `users_obj` (array)
@ -593,19 +534,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user` (object)
        > User Serializer
        - Changed property `groups_obj` (array)
            Changed items (object): > Simplified Group Serializer for user's groups
            New optional properties:
            - `users_obj`
            * Deleted property `users` (array)
            * Deleted property `users_obj` (array)
@ -617,19 +554,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user` (object)
        > User Serializer
        - Changed property `groups_obj` (array)
            Changed items (object): > Simplified Group Serializer for user's groups
            New optional properties:
            - `users_obj`
            * Deleted property `users` (array)
            * Deleted property `users_obj` (array)
@ -641,19 +574,15 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Changed property `groups_obj` (array)
            Changed items (object): > Simplified Group Serializer for user's groups
            New optional properties:
            - `users_obj`
            * Deleted property `users` (array)
            * Deleted property `users_obj` (array)
@ -665,23 +594,18 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > PolicyBinding Serializer
        - Changed property `user_obj` (object)
            > User Serializer
            - Changed property `groups_obj` (array)
                Changed items (object): > Simplified Group Serializer for user's groups
                New optional properties:
                - `users_obj`
                * Deleted property `users` (array)
                * Deleted property `users_obj` (array)
@ -693,23 +617,18 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > UserConsent Serializer
        - Changed property `user` (object)
            > User Serializer
            - Changed property `groups_obj` (array)
                Changed items (object): > Simplified Group Serializer for user's groups
                New optional properties:
                - `users_obj`
                * Deleted property `users` (array)
                * Deleted property `users_obj` (array)
@ -721,23 +640,18 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
        - Changed property `user` (object)
            > User Serializer
            - Changed property `groups_obj` (array)
                Changed items (object): > Simplified Group Serializer for user's groups
                New optional properties:
                - `users_obj`
                * Deleted property `users` (array)
                * Deleted property `users_obj` (array)
@ -749,23 +663,18 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
        - Changed property `user` (object)
            > User Serializer
            - Changed property `groups_obj` (array)
                Changed items (object): > Simplified Group Serializer for user's groups
                New optional properties:
                - `users_obj`
                * Deleted property `users` (array)
                * Deleted property `users_obj` (array)
--- a/website/docs/releases/2022/v2022.12.md
+++ b/website/docs/releases/2022/v2022.12.md
@ -183,7 +183,6 @@ image:
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `js_url` (string)
    - Added property `api_url` (string)
@ -213,7 +212,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `js_url` (string)
    - Added property `api_url` (string)
@ -243,7 +241,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `js_url` (string)
    - Added property `api_url` (string)
@ -261,9 +258,7 @@ Changed response : **200 OK**
    Updated `ak-stage-captcha` component:
    New required properties:
    - `js_url`
    * Added property `js_url` (string)
 ##### `POST` /flows/executor/&#123;flow_slug&#125;/
@ -276,9 +271,7 @@ Changed response : **200 OK**
    Updated `ak-stage-captcha` component:
    New required properties:
    - `js_url`
    * Added property `js_url` (string)
 ##### `POST` /stages/captcha/
@ -303,7 +296,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `js_url` (string)
    - Added property `api_url` (string)
@ -318,11 +310,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > CaptchaStage Serializer
        - Added property `js_url` (string)
        - Added property `api_url` (string)
--- a/website/docs/releases/2022/v2022.9.md
+++ b/website/docs/releases/2022/v2022.9.md
@ -44,7 +44,6 @@ slug: "/releases/2022.9"
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `admin_integration_key` (string)
 ##### `PUT` /stages/authenticator/duo/&#123;stage_uuid&#125;/
@ -62,7 +61,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `admin_integration_key` (string)
 ##### `PATCH` /stages/authenticator/duo/&#123;stage_uuid&#125;/
@ -80,7 +78,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `admin_integration_key` (string)
 ##### `GET` /flows/executor/&#123;flow_slug&#125;/
@ -92,11 +89,9 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    Added 'xak-flow-error' component:
    - Property `type` (string)
        Enum values:
        - `native`
        - `shell`
        - `redirect`
@ -104,7 +99,6 @@ Changed response : **200 OK**
    - Property `flow_info` (object)
        > Contextual flow information for a challenge
        - Property `title` (string)
        - Property `background` (string)
@ -114,7 +108,6 @@ Changed response : **200 OK**
        - Property `layout` (string)
            Enum values:
            - `stacked`
            - `content_left`
            - `content_right`
@ -144,11 +137,9 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    Added 'xak-flow-error' component:
    - Property `type` (string)
        Enum values:
        - `native`
        - `shell`
        - `redirect`
@ -156,7 +147,6 @@ Changed response : **200 OK**
    - Property `flow_info` (object)
        > Contextual flow information for a challenge
        - Property `title` (string)
        - Property `background` (string)
@ -166,7 +156,6 @@ Changed response : **200 OK**
        - Property `layout` (string)
            Enum values:
            - `stacked`
            - `content_left`
            - `content_right`
@ -202,7 +191,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `admin_integration_key` (string)
 ##### `GET` /stages/authenticator/duo/
@ -212,11 +200,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > AuthenticatorDuoStage Serializer
        - Added property `admin_integration_key` (string)
 ## Minor changes/fixes
--- a/website/docs/releases/2023/v2023.1.md
+++ b/website/docs/releases/2023/v2023.1.md
@ -156,21 +156,17 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `authorizations`
    - `logins`
    - `logins_failed`
    New optional properties:
    - `authorizations_per_1h`
    - `logins_failed_per_1h`
    - `logins_per_1h`
    * Added property `logins` (array)
        Items (object): > Coordinates for diagrams
        - Property `x_cord` (integer)
        - Property `y_cord` (integer)
@ -194,17 +190,14 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `authorizations`
    - `logins`
    - `logins_failed`
    New optional properties:
    - `authorizations_per_1h`
    - `logins_failed_per_1h`
    - `logins_per_1h`
    * Added property `logins` (array)
    * Added property `logins_failed` (array)
@ -226,9 +219,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `path`
    * Added property `content` (string)
 ##### `PUT` /managed/blueprints/&#123;instance_uuid&#125;/
@ -250,9 +241,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `path`
    * Added property `content` (string)
 ##### `PATCH` /managed/blueprints/&#123;instance_uuid&#125;/
@ -270,9 +259,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `path`
    * Added property `content` (string)
 ##### `POST` /managed/blueprints/&#123;instance_uuid&#125;/apply/
@ -284,9 +271,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `path`
    * Added property `content` (string)
 ##### `GET` /outposts/proxy/&#123;id&#125;/
@ -296,7 +281,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `intercept_header_auth` (boolean)
        > When enabled, this provider will intercept the authorization header and authenticate requests based on its value.
@ -307,13 +291,11 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Removed enum value:
        - `authentik.policies.hibp`
 ##### `PUT` /policies/event_matcher/&#123;policy_uuid&#125;/
@ -327,7 +309,6 @@ Changed content type : `application/json`
    > Match events created by selected application. When left empty, all applications are matched.
    Removed enum value:
    - `authentik.policies.hibp`
 ###### Return Type:
@ -335,13 +316,11 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Removed enum value:
        - `authentik.policies.hibp`
 ##### `PATCH` /policies/event_matcher/&#123;policy_uuid&#125;/
@ -355,7 +334,6 @@ Changed content type : `application/json`
    > Match events created by selected application. When left empty, all applications are matched.
    Removed enum value:
    - `authentik.policies.hibp`
 ###### Return Type:
@ -363,13 +341,11 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Removed enum value:
        - `authentik.policies.hibp`
 ##### `GET` /propertymappings/scope/&#123;pm_uuid&#125;/
@ -379,7 +355,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `scope_name` (string)
        > Scope name requested by the client
@ -397,7 +372,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `scope_name` (string)
        > Scope name requested by the client
@ -415,7 +389,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `scope_name` (string)
        > Scope name requested by the client
@ -428,9 +401,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `client_id`
    * Added property `client_id` (string)
    * Added property `intercept_header_auth` (boolean)
@ -460,9 +431,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `client_id`
    * Added property `client_id` (string)
    * Added property `intercept_header_auth` (boolean)
@ -490,9 +459,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `client_id`
    * Added property `client_id` (string)
    * Added property `intercept_header_auth` (boolean)
@ -512,9 +479,7 @@ Changed response : **200 OK**
    Changed items (object): > Serialize TaskInfo and TaskResult
    New required properties:
    - `task_duration`
    * Added property `task_duration` (integer)
 ##### `GET` /admin/system_tasks/&#123;id&#125;/
@ -526,9 +491,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `task_duration`
    * Added property `task_duration` (integer)
 ##### `POST` /managed/blueprints/
@ -550,9 +513,7 @@ Changed response : **201 Created**
 - Changed content type : `application/json`
    New optional properties:
    - `path`
    * Added property `content` (string)
 ##### `GET` /managed/blueprints/
@ -562,15 +523,12 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Info about a single blueprint instance file
        New optional properties:
        - `path`
        * Added property `content` (string)
 ##### `GET` /outposts/proxy/
@ -580,11 +538,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Proxy provider serializer for outposts
        - Added property `intercept_header_auth` (boolean)
            > When enabled, this provider will intercept the authorization header and authenticate requests based on its value.
@ -599,7 +555,6 @@ Changed content type : `application/json`
    > Match events created by selected application. When left empty, all applications are matched.
    Removed enum value:
    - `authentik.policies.hibp`
 ###### Return Type:
@ -607,13 +562,11 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Removed enum value:
        - `authentik.policies.hibp`
 ##### `GET` /policies/event_matcher/
@ -627,17 +580,14 @@ Changed: `app` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Event Matcher Policy Serializer
        - Changed property `app` (string)
            > Match events created by selected application. When left empty, all applications are matched.
            Removed enum value:
            - `authentik.policies.hibp`
 ##### `POST` /propertymappings/scope/
@ -654,7 +604,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `scope_name` (string)
        > Scope name requested by the client
@ -665,11 +614,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > ScopeMapping Serializer
        - Changed property `scope_name` (string)
            > Scope name requested by the client
@ -692,9 +639,7 @@ Changed response : **201 Created**
 - Changed content type : `application/json`
    New required properties:
    - `client_id`
    * Added property `client_id` (string)
    * Added property `intercept_header_auth` (boolean)
@ -710,15 +655,12 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > ProxyProvider Serializer
        New required properties:
        - `client_id`
        * Added property `client_id` (string)
        * Added property `intercept_header_auth` (boolean)
@ -736,10 +678,8 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `url_slo_post`
    - `url_slo_redirect`
    * Added property `url_slo_post` (string)
    * Added property `url_slo_redirect` (string)
@ -753,10 +693,8 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `url_slo_post`
    - `url_slo_redirect`
    * Added property `url_slo_post` (string)
    * Added property `url_slo_redirect` (string)
@ -770,10 +708,8 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `url_slo_post`
    - `url_slo_redirect`
    * Added property `url_slo_post` (string)
    * Added property `url_slo_redirect` (string)
@ -789,9 +725,7 @@ Changed response : **200 OK**
    Changed items (object): > Serialize TaskInfo and TaskResult
    New required properties:
    - `task_duration`
    * Added property `task_duration` (integer)
 ##### `POST` /providers/saml/
@ -803,10 +737,8 @@ Changed response : **201 Created**
 - Changed content type : `application/json`
    New required properties:
    - `url_slo_post`
    - `url_slo_redirect`
    * Added property `url_slo_post` (string)
    * Added property `url_slo_redirect` (string)
@ -818,16 +750,13 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > SAMLProvider Serializer
        New required properties:
        - `url_slo_post`
        - `url_slo_redirect`
        * Added property `url_slo_post` (string)
        * Added property `url_slo_redirect` (string)
@ -847,11 +776,9 @@ Added: `has_jwks` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `user_creation_mode` (string)
        Enum values:
        - `never_create`
        - `create_when_required`
        - `always_create`
@ -875,7 +802,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `user_creation_mode` (string)
    - Deleted property `can_create_users` (boolean)
@ -897,7 +823,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `user_creation_mode` (string)
    - Deleted property `can_create_users` (boolean)
@ -919,7 +844,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `user_creation_mode` (string)
    - Deleted property `can_create_users` (boolean)
@ -938,11 +862,9 @@ Deleted: `can_create_users` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > UserWriteStage Serializer
        - Added property `user_creation_mode` (string)
        - Deleted property `can_create_users` (boolean)
--- a/website/docs/releases/2023/v2023.10.md
+++ b/website/docs/releases/2023/v2023.10.md
@ -378,7 +378,6 @@ Changed: `uuid` in `path`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `mfa_support` (boolean)
        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -389,7 +388,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > - `authentik.admin` - authentik Admin
@ -443,7 +441,6 @@ Changed response : **200 OK**
        > - `authentik.enterprise` - authentik Enterprise
        Added enum values:
        - `authentik.rbac`
        - `authentik.stages.authenticator`
@ -525,7 +522,6 @@ Changed response : **200 OK**
        > - `authentik_enterprise.license` - License
        Added enum values:
        - `authentik_rbac.role`
        - `authentik_stages_authenticator_static.staticdevice`
        - `authentik_stages_authenticator_totp.totpdevice`
@ -590,7 +586,6 @@ Changed content type : `application/json`
    > - `authentik.enterprise` - authentik Enterprise
    Added enum values:
    - `authentik.rbac`
    - `authentik.stages.authenticator`
@ -672,7 +667,6 @@ Changed content type : `application/json`
    > - `authentik_enterprise.license` - License
    Added enum values:
    - `authentik_rbac.role`
    - `authentik_stages_authenticator_static.staticdevice`
    - `authentik_stages_authenticator_totp.totpdevice`
@ -683,7 +677,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > - `authentik.admin` - authentik Admin
@ -737,7 +730,6 @@ Changed response : **200 OK**
        > - `authentik.enterprise` - authentik Enterprise
        Added enum values:
        - `authentik.rbac`
        - `authentik.stages.authenticator`
@ -819,7 +811,6 @@ Changed response : **200 OK**
        > - `authentik_enterprise.license` - License
        Added enum values:
        - `authentik_rbac.role`
        - `authentik_stages_authenticator_static.staticdevice`
        - `authentik_stages_authenticator_totp.totpdevice`
@ -884,7 +875,6 @@ Changed content type : `application/json`
    > - `authentik.enterprise` - authentik Enterprise
    Added enum values:
    - `authentik.rbac`
    - `authentik.stages.authenticator`
@ -966,7 +956,6 @@ Changed content type : `application/json`
    > - `authentik_enterprise.license` - License
    Added enum values:
    - `authentik_rbac.role`
    - `authentik_stages_authenticator_static.staticdevice`
    - `authentik_stages_authenticator_totp.totpdevice`
@ -977,7 +966,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > - `authentik.admin` - authentik Admin
@ -1031,7 +1019,6 @@ Changed response : **200 OK**
        > - `authentik.enterprise` - authentik Enterprise
        Added enum values:
        - `authentik.rbac`
        - `authentik.stages.authenticator`
@ -1113,7 +1100,6 @@ Changed response : **200 OK**
        > - `authentik_enterprise.license` - License
        Added enum values:
        - `authentik_rbac.role`
        - `authentik_stages_authenticator_static.staticdevice`
        - `authentik_stages_authenticator_totp.totpdevice`
@ -1126,7 +1112,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `mfa_support` (boolean)
        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -1144,7 +1129,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `mfa_support` (boolean)
        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -1162,7 +1146,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `mfa_support` (boolean)
        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -1177,10 +1160,8 @@ Changed response : **200 OK**
    Changed items (object): > Serializer for SourceType
    New required properties:
    - `oidc_jwks_url`
    - `oidc_well_known_url`
    * Added property `oidc_well_known_url` (string)
    * Added property `oidc_jwks_url` (string)
@ -1288,9 +1269,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `roles_obj`
    * Added property `roles` (array)
        Items (string):
@ -1298,7 +1277,6 @@ Changed response : **200 OK**
    * Added property `roles_obj` (array)
        Items (object): > Role serializer
        - Property `pk` (string)
        - Property `name` (string)
@ -1324,9 +1302,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `roles_obj`
    * Added property `roles` (array)
    * Added property `roles_obj` (array)
@ -1352,9 +1328,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `roles_obj`
    * Added property `roles` (array)
    * Added property `roles_obj` (array)
@ -1374,15 +1348,12 @@ Changed: `group_uuid` in `path`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        New required properties:
        - `uuid`
        * Added property `uuid` (string)
 ##### `PUT` /core/tokens/&#123;identifier&#125;/
@ -1392,15 +1363,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        New required properties:
        - `uuid`
        * Added property `uuid` (string)
 ##### `PATCH` /core/tokens/&#123;identifier&#125;/
@ -1410,15 +1378,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        New required properties:
        - `uuid`
        * Added property `uuid` (string)
 ##### `GET` /core/users/&#123;id&#125;/
@ -1430,9 +1395,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `uuid`
    * Added property `uuid` (string)
 ##### `PUT` /core/users/&#123;id&#125;/
@ -1444,9 +1407,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `uuid`
    * Added property `uuid` (string)
 ##### `PATCH` /core/users/&#123;id&#125;/
@ -1458,9 +1419,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `uuid`
    * Added property `uuid` (string)
 ##### `GET` /enterprise/license/&#123;license_uuid&#125;/used_by/
@ -1478,15 +1437,12 @@ Changed: `license_uuid` in `path`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `group_obj` (object)
        > Group Serializer
        New required properties:
        - `roles_obj`
        * Added property `roles` (array)
        * Added property `roles_obj` (array)
@ -1498,15 +1454,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `group_obj` (object)
        > Group Serializer
        New required properties:
        - `roles_obj`
        * Added property `roles` (array)
        * Added property `roles_obj` (array)
@ -1518,15 +1471,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `group_obj` (object)
        > Group Serializer
        New required properties:
        - `roles_obj`
        * Added property `roles` (array)
        * Added property `roles_obj` (array)
@ -1578,11 +1528,9 @@ Changed: `uuid` in `path`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > RadiusProvider Serializer
        - Added property `mfa_support` (boolean)
            > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -1593,7 +1541,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `failure_result` (boolean)
        > Result if the Policy execution fails.
@ -1607,9 +1554,7 @@ Changed response : **200 OK**
        > Group Serializer
        New required properties:
        - `roles_obj`
        * Added property `roles` (array)
        * Added property `roles_obj` (array)
@ -1619,9 +1564,7 @@ Changed response : **200 OK**
        > User Serializer
        New required properties:
        - `uuid`
        * Added property `uuid` (string)
 ##### `PUT` /policies/bindings/&#123;policy_binding_uuid&#125;/
@ -1642,7 +1585,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `failure_result` (boolean)
        > Result if the Policy execution fails.
@ -1656,9 +1598,7 @@ Changed response : **200 OK**
        > Group Serializer
        New required properties:
        - `roles_obj`
        * Added property `roles` (array)
        * Added property `roles_obj` (array)
@ -1668,9 +1608,7 @@ Changed response : **200 OK**
        > User Serializer
        New required properties:
        - `uuid`
        * Added property `uuid` (string)
 ##### `PATCH` /policies/bindings/&#123;policy_binding_uuid&#125;/
@ -1691,7 +1629,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `failure_result` (boolean)
        > Result if the Policy execution fails.
@ -1705,9 +1642,7 @@ Changed response : **200 OK**
        > Group Serializer
        New required properties:
        - `roles_obj`
        * Added property `roles` (array)
        * Added property `roles_obj` (array)
@ -1717,9 +1652,7 @@ Changed response : **200 OK**
        > User Serializer
        New required properties:
        - `uuid`
        * Added property `uuid` (string)
 ##### `POST` /policies/event_matcher/
@ -1781,7 +1714,6 @@ Changed content type : `application/json`
    > - `authentik.enterprise` - authentik Enterprise
    Added enum values:
    - `authentik.rbac`
    - `authentik.stages.authenticator`
@ -1863,7 +1795,6 @@ Changed content type : `application/json`
    > - `authentik_enterprise.license` - License
    Added enum values:
    - `authentik_rbac.role`
    - `authentik_stages_authenticator_static.staticdevice`
    - `authentik_stages_authenticator_totp.totpdevice`
@ -1874,7 +1805,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > - `authentik.admin` - authentik Admin
@ -1928,7 +1858,6 @@ Changed response : **201 Created**
        > - `authentik.enterprise` - authentik Enterprise
        Added enum values:
        - `authentik.rbac`
        - `authentik.stages.authenticator`
@ -2010,7 +1939,6 @@ Changed response : **201 Created**
        > - `authentik_enterprise.license` - License
        Added enum values:
        - `authentik_rbac.role`
        - `authentik_stages_authenticator_static.staticdevice`
        - `authentik_stages_authenticator_totp.totpdevice`
@ -2023,11 +1951,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Event Matcher Policy Serializer
        - Changed property `app` (string)
            > - `authentik.admin` - authentik Admin
@ -2081,7 +2007,6 @@ Changed response : **200 OK**
            > - `authentik.enterprise` - authentik Enterprise
            Added enum values:
            - `authentik.rbac`
            - `authentik.stages.authenticator`
@ -2163,7 +2088,6 @@ Changed response : **200 OK**
            > - `authentik_enterprise.license` - License
            Added enum values:
            - `authentik_rbac.role`
            - `authentik_stages_authenticator_static.staticdevice`
            - `authentik_stages_authenticator_totp.totpdevice`
@ -2183,7 +2107,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `mfa_support` (boolean)
        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -2194,11 +2117,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > RadiusProvider Serializer
        - Added property `mfa_support` (boolean)
            > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -2209,7 +2130,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `default_relay_state` (string)
        > Default relay_state value for IDP-initiated logins
@ -2227,7 +2147,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `default_relay_state` (string)
        > Default relay_state value for IDP-initiated logins
@ -2245,7 +2164,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `default_relay_state` (string)
        > Default relay_state value for IDP-initiated logins
@ -2256,16 +2174,13 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `type` (object)
        > Serializer for SourceType
        New required properties:
        - `oidc_jwks_url`
        - `oidc_well_known_url`
        * Added property `oidc_well_known_url` (string)
        * Added property `oidc_jwks_url` (string)
@ -2277,16 +2192,13 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `type` (object)
        > Serializer for SourceType
        New required properties:
        - `oidc_jwks_url`
        - `oidc_well_known_url`
        * Added property `oidc_well_known_url` (string)
        * Added property `oidc_jwks_url` (string)
@ -2298,16 +2210,13 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `type` (object)
        > Serializer for SourceType
        New required properties:
        - `oidc_jwks_url`
        - `oidc_well_known_url`
        * Added property `oidc_well_known_url` (string)
        * Added property `oidc_jwks_url` (string)
@ -2327,9 +2236,7 @@ Changed response : **201 Created**
 - Changed content type : `application/json`
    New required properties:
    - `roles_obj`
    * Added property `roles` (array)
    * Added property `roles_obj` (array)
@ -2341,15 +2248,12 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Group Serializer
        New required properties:
        - `roles_obj`
        * Added property `roles` (array)
        * Added property `roles_obj` (array)
@ -2361,15 +2265,12 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        New required properties:
        - `uuid`
        * Added property `uuid` (string)
 ##### `GET` /core/tokens/
@ -2379,19 +2280,15 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Token Serializer
        - Changed property `user_obj` (object)
            > User Serializer
            New required properties:
            - `uuid`
            * Added property `uuid` (string)
 ##### `GET` /core/user_consent/&#123;id&#125;/
@ -2401,15 +2298,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user` (object)
        > User Serializer
        New required properties:
        - `uuid`
        * Added property `uuid` (string)
 ##### `POST` /core/users/
@ -2421,9 +2315,7 @@ Changed response : **201 Created**
 - Changed content type : `application/json`
    New required properties:
    - `uuid`
    * Added property `uuid` (string)
 ##### `GET` /core/users/
@ -2433,15 +2325,12 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > User Serializer
        New required properties:
        - `uuid`
        * Added property `uuid` (string)
 ##### `GET` /core/users/me/
@ -2451,15 +2340,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user` (object)
        > User Serializer for information a user can retrieve about themselves
        New required properties:
        - `system_permissions`
        * Added property `system_permissions` (array)
            > Get all system permissions assigned to the user
@ -2473,15 +2359,12 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `group_obj` (object)
        > Group Serializer
        New required properties:
        - `roles_obj`
        * Added property `roles` (array)
        * Added property `roles_obj` (array)
@ -2493,19 +2376,15 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > NotificationRule Serializer
        - Changed property `group_obj` (object)
            > Group Serializer
            New required properties:
            - `roles_obj`
            * Added property `roles` (array)
            * Added property `roles_obj` (array)
@ -2517,15 +2396,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user` (object)
        > User Serializer
        New required properties:
        - `uuid`
        * Added property `uuid` (string)
 ##### `GET` /oauth2/authorization_codes/&#123;id&#125;/
@ -2535,15 +2411,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user` (object)
        > User Serializer
        New required properties:
        - `uuid`
        * Added property `uuid` (string)
 ##### `GET` /oauth2/refresh_tokens/&#123;id&#125;/
@ -2553,15 +2426,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user` (object)
        > User Serializer
        New required properties:
        - `uuid`
        * Added property `uuid` (string)
 ##### `POST` /policies/bindings/
@ -2582,7 +2452,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `failure_result` (boolean)
        > Result if the Policy execution fails.
@ -2596,9 +2465,7 @@ Changed response : **201 Created**
        > Group Serializer
        New required properties:
        - `roles_obj`
        * Added property `roles` (array)
        * Added property `roles_obj` (array)
@ -2608,9 +2475,7 @@ Changed response : **201 Created**
        > User Serializer
        New required properties:
        - `uuid`
        * Added property `uuid` (string)
 ##### `GET` /policies/bindings/
@ -2620,11 +2485,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > PolicyBinding Serializer
        - Added property `failure_result` (boolean)
            > Result if the Policy execution fails.
@ -2638,9 +2501,7 @@ Changed response : **200 OK**
            > Group Serializer
            New required properties:
            - `roles_obj`
            * Added property `roles` (array)
            * Added property `roles_obj` (array)
@ -2650,9 +2511,7 @@ Changed response : **200 OK**
            > User Serializer
            New required properties:
            - `uuid`
            * Added property `uuid` (string)
 ##### `POST` /providers/saml/
@ -2669,7 +2528,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `default_relay_state` (string)
        > Default relay_state value for IDP-initiated logins
@ -2684,11 +2542,9 @@ Added: `default_relay_state` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > SAMLProvider Serializer
        - Added property `default_relay_state` (string)
            > Default relay_state value for IDP-initiated logins
@ -2699,16 +2555,13 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `type` (object)
        > Serializer for SourceType
        New required properties:
        - `oidc_jwks_url`
        - `oidc_well_known_url`
        * Added property `oidc_well_known_url` (string)
        * Added property `oidc_jwks_url` (string)
@ -2720,20 +2573,16 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > OAuth Source Serializer
        - Changed property `type` (object)
            > Serializer for SourceType
            New required properties:
            - `oidc_jwks_url`
            - `oidc_well_known_url`
            * Added property `oidc_well_known_url` (string)
            * Added property `oidc_jwks_url` (string)
@ -2745,7 +2594,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `verify_only` (boolean)
        > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
@ -2763,7 +2611,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `verify_only` (boolean)
        > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
@ -2781,7 +2628,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `verify_only` (boolean)
        > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
@ -2792,7 +2638,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `deny_message` (string)
 ##### `PUT` /stages/deny/&#123;stage_uuid&#125;/
@ -2808,7 +2653,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `deny_message` (string)
 ##### `PATCH` /stages/deny/&#123;stage_uuid&#125;/
@ -2824,7 +2668,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `deny_message` (string)
 ##### `GET` /core/user_consent/
@ -2834,19 +2677,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > UserConsent Serializer
        - Changed property `user` (object)
            > User Serializer
            New required properties:
            - `uuid`
            * Added property `uuid` (string)
 ##### `GET` /oauth2/access_tokens/
@ -2856,19 +2695,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
        - Changed property `user` (object)
            > User Serializer
            New required properties:
            - `uuid`
            * Added property `uuid` (string)
 ##### `GET` /oauth2/authorization_codes/
@ -2878,19 +2713,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
        - Changed property `user` (object)
            > User Serializer
            New required properties:
            - `uuid`
            * Added property `uuid` (string)
 ##### `GET` /oauth2/refresh_tokens/
@ -2900,19 +2731,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
        - Changed property `user` (object)
            > User Serializer
            New required properties:
            - `uuid`
            * Added property `uuid` (string)
 ##### `POST` /stages/authenticator/sms/
@ -2929,7 +2756,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `verify_only` (boolean)
        > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
@ -2940,11 +2766,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > AuthenticatorSMSStage Serializer
        - Changed property `verify_only` (boolean)
            > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
@ -2961,7 +2785,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `deny_message` (string)
 ##### `GET` /stages/deny/
@ -2975,9 +2798,7 @@ Added: `deny_message` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > DenyStage Serializer
        - Added property `deny_message` (string)
--- a/website/docs/releases/2023/v2023.2.md
+++ b/website/docs/releases/2023/v2023.2.md
@ -132,13 +132,11 @@ image:
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `sub_mode` (string)
        > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
        Added enum value:
        - `user_id`
 ##### `PUT` /providers/oauth2/&#123;id&#125;/
@ -152,7 +150,6 @@ Changed content type : `application/json`
    > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
    Added enum value:
    - `user_id`
 ###### Return Type:
@ -160,13 +157,11 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `sub_mode` (string)
        > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
        Added enum value:
        - `user_id`
 ##### `PATCH` /providers/oauth2/&#123;id&#125;/
@ -180,7 +175,6 @@ Changed content type : `application/json`
    > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
    Added enum value:
    - `user_id`
 ###### Return Type:
@ -188,13 +182,11 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `sub_mode` (string)
        > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
        Added enum value:
        - `user_id`
 ##### `POST` /providers/oauth2/
@ -208,7 +200,6 @@ Changed content type : `application/json`
    > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
    Added enum value:
    - `user_id`
 ###### Return Type:
@ -216,13 +207,11 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `sub_mode` (string)
        > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
        Added enum value:
        - `user_id`
 ##### `GET` /providers/oauth2/
@ -238,17 +227,14 @@ Changed: `sub_mode` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > OAuth2Provider Serializer
        - Changed property `sub_mode` (string)
            > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
            Added enum value:
            - `user_id`
 ##### `GET` /oauth2/authorization_codes/&#123;id&#125;/
@ -258,17 +244,14 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `provider` (object)
        > OAuth2Provider Serializer
        - Changed property `sub_mode` (string)
            > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
            Added enum value:
            - `user_id`
 ##### `GET` /oauth2/refresh_tokens/&#123;id&#125;/
@ -278,17 +261,14 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `provider` (object)
        > OAuth2Provider Serializer
        - Changed property `sub_mode` (string)
            > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
            Added enum value:
            - `user_id`
 ##### `GET` /oauth2/authorization_codes/
@ -298,21 +278,17 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
        - Changed property `provider` (object)
            > OAuth2Provider Serializer
            - Changed property `sub_mode` (string)
                > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
                Added enum value:
                - `user_id`
 ##### `GET` /oauth2/refresh_tokens/
@ -322,21 +298,17 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
        - Changed property `provider` (object)
            > OAuth2Provider Serializer
            - Changed property `sub_mode` (string)
                > Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
                Added enum value:
                - `user_id`
 ##### `GET` /stages/prompt/prompts/&#123;prompt_uuid&#125;/
@ -348,9 +320,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `name`
    * Added property `name` (string)
 ##### `PUT` /stages/prompt/prompts/&#123;prompt_uuid&#125;/
@ -372,9 +342,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `name`
    * Added property `name` (string)
 ##### `PATCH` /stages/prompt/prompts/&#123;prompt_uuid&#125;/
@ -392,9 +360,7 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `name`
    * Added property `name` (string)
 ##### `POST` /stages/prompt/prompts/
@ -416,9 +382,7 @@ Changed response : **201 Created**
 - Changed content type : `application/json`
    New required properties:
    - `name`
    * Added property `name` (string)
 ##### `GET` /stages/prompt/prompts/
@ -432,13 +396,10 @@ Added: `name` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Prompt Serializer
        New required properties:
        - `name`
        * Added property `name` (string)
--- a/website/docs/releases/2023/v2023.3.md
+++ b/website/docs/releases/2023/v2023.3.md
@ -16,7 +16,6 @@ slug: "/releases/2023.3"
    Documentation: [SCIM Provider](../../add-secure-apps/providers/scim/index.md)
 - Theming improvements
    - The custom.css file is now loaded in ShadowDOMs, allowing for much greater customization, as previously it was only possible to style elements outside of the ShadowDOM. See docs for [Flow](../../customize/interfaces/flow/customization.mdx), [User](../../customize/interfaces/user/customization.mdx) and [Admin](../../customize/interfaces/admin/customization.mdx) interfaces.
    - Previously, authentik would automatically switch between dark and light theme based on the users' browsers' settings. This can now be overridden to either force the light or dark theme, per user/group/tenant. See docs for [Flow](../../customize/interfaces/flow/customization.mdx), [User](../../customize/interfaces/user/customization.mdx) and [Admin](../../customize/interfaces/admin/customization.mdx) interfaces.
@ -156,13 +155,11 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Added enum value:
        - `authentik.providers.scim`
 ##### `PUT` /policies/event_matcher/&#123;policy_uuid&#125;/
@ -176,7 +173,6 @@ Changed content type : `application/json`
    > Match events created by selected application. When left empty, all applications are matched.
    Added enum value:
    - `authentik.providers.scim`
 ###### Return Type:
@ -184,13 +180,11 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Added enum value:
        - `authentik.providers.scim`
 ##### `PATCH` /policies/event_matcher/&#123;policy_uuid&#125;/
@ -204,7 +198,6 @@ Changed content type : `application/json`
    > Match events created by selected application. When left empty, all applications are matched.
    Added enum value:
    - `authentik.providers.scim`
 ###### Return Type:
@ -212,13 +205,11 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Added enum value:
        - `authentik.providers.scim`
 ##### `GET` /providers/oauth2/&#123;id&#125;/
@ -230,7 +221,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `PUT` /providers/oauth2/&#123;id&#125;/
@ -250,7 +240,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `PATCH` /providers/oauth2/&#123;id&#125;/
@ -262,7 +251,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `GET` /providers/proxy/&#123;id&#125;/
@ -274,7 +262,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `PUT` /providers/proxy/&#123;id&#125;/
@ -294,7 +281,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `PATCH` /providers/proxy/&#123;id&#125;/
@ -306,7 +292,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `GET` /core/groups/&#123;group_uuid&#125;/
@ -316,15 +301,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `users_obj` (array)
        Changed items (object): > Stripped down user serializer to show relevant users for groups
        New optional properties:
        - `avatar`
        * Deleted property `avatar` (string)
 ##### `PUT` /core/groups/&#123;group_uuid&#125;/
@ -334,15 +316,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `users_obj` (array)
        Changed items (object): > Stripped down user serializer to show relevant users for groups
        New optional properties:
        - `avatar`
        * Deleted property `avatar` (string)
 ##### `PATCH` /core/groups/&#123;group_uuid&#125;/
@ -352,15 +331,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `users_obj` (array)
        Changed items (object): > Stripped down user serializer to show relevant users for groups
        New optional properties:
        - `avatar`
        * Deleted property `avatar` (string)
 ##### `GET` /core/tenants/current/
@ -372,13 +348,10 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New required properties:
    - `ui_theme`
    * Added property `ui_theme` (object)
        Enum values:
        - `automatic`
        - `light`
        - `dark`
@ -390,19 +363,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `group_obj` (object)
        > Group Serializer
        - Changed property `users_obj` (array)
            Changed items (object): > Stripped down user serializer to show relevant users for groups
            New optional properties:
            - `avatar`
            * Deleted property `avatar` (string)
 ##### `PUT` /events/rules/&#123;pbm_uuid&#125;/
@ -412,19 +381,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `group_obj` (object)
        > Group Serializer
        - Changed property `users_obj` (array)
            Changed items (object): > Stripped down user serializer to show relevant users for groups
            New optional properties:
            - `avatar`
            * Deleted property `avatar` (string)
 ##### `PATCH` /events/rules/&#123;pbm_uuid&#125;/
@ -434,19 +399,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `group_obj` (object)
        > Group Serializer
        - Changed property `users_obj` (array)
            Changed items (object): > Stripped down user serializer to show relevant users for groups
            New optional properties:
            - `avatar`
            * Deleted property `avatar` (string)
 ##### `GET` /policies/bindings/&#123;policy_binding_uuid&#125;/
@ -456,19 +417,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `group_obj` (object)
        > Group Serializer
        - Changed property `users_obj` (array)
            Changed items (object): > Stripped down user serializer to show relevant users for groups
            New optional properties:
            - `avatar`
            * Deleted property `avatar` (string)
 ##### `PUT` /policies/bindings/&#123;policy_binding_uuid&#125;/
@ -478,19 +435,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `group_obj` (object)
        > Group Serializer
        - Changed property `users_obj` (array)
            Changed items (object): > Stripped down user serializer to show relevant users for groups
            New optional properties:
            - `avatar`
            * Deleted property `avatar` (string)
 ##### `PATCH` /policies/bindings/&#123;policy_binding_uuid&#125;/
@ -500,19 +453,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `group_obj` (object)
        > Group Serializer
        - Changed property `users_obj` (array)
            Changed items (object): > Stripped down user serializer to show relevant users for groups
            New optional properties:
            - `avatar`
            * Deleted property `avatar` (string)
 ##### `POST` /policies/event_matcher/
@ -526,7 +475,6 @@ Changed content type : `application/json`
    > Match events created by selected application. When left empty, all applications are matched.
    Added enum value:
    - `authentik.providers.scim`
 ###### Return Type:
@ -534,13 +482,11 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Added enum value:
        - `authentik.providers.scim`
 ##### `GET` /policies/event_matcher/
@ -550,17 +496,14 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Event Matcher Policy Serializer
        - Changed property `app` (string)
            > Match events created by selected application. When left empty, all applications are matched.
            Added enum value:
            - `authentik.providers.scim`
 ##### `GET` /providers/ldap/&#123;id&#125;/
@ -572,7 +515,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `PUT` /providers/ldap/&#123;id&#125;/
@ -592,7 +534,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `PATCH` /providers/ldap/&#123;id&#125;/
@ -604,7 +545,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `POST` /providers/oauth2/
@ -624,7 +564,6 @@ Changed response : **201 Created**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `GET` /providers/oauth2/
@ -634,13 +573,11 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > OAuth2Provider Serializer
        New optional properties:
        - `authorization_flow`
 ##### `POST` /providers/proxy/
@ -660,7 +597,6 @@ Changed response : **201 Created**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `GET` /providers/proxy/
@ -670,13 +606,11 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > ProxyProvider Serializer
        New optional properties:
        - `authorization_flow`
 ##### `GET` /providers/saml/&#123;id&#125;/
@ -688,7 +622,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `PUT` /providers/saml/&#123;id&#125;/
@ -708,7 +641,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `PATCH` /providers/saml/&#123;id&#125;/
@ -720,7 +652,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `GET` /stages/invitation/invitations/&#123;invite_uuid&#125;/
@ -730,15 +661,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `created_by` (object)
        > Stripped down user serializer to show relevant users for groups
        New optional properties:
        - `avatar`
        * Deleted property `avatar` (string)
 ##### `PUT` /stages/invitation/invitations/&#123;invite_uuid&#125;/
@ -748,15 +676,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `created_by` (object)
        > Stripped down user serializer to show relevant users for groups
        New optional properties:
        - `avatar`
        * Deleted property `avatar` (string)
 ##### `PATCH` /stages/invitation/invitations/&#123;invite_uuid&#125;/
@ -766,15 +691,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `created_by` (object)
        > Stripped down user serializer to show relevant users for groups
        New optional properties:
        - `avatar`
        * Deleted property `avatar` (string)
 ##### `POST` /core/groups/
@ -784,15 +706,12 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `users_obj` (array)
        Changed items (object): > Stripped down user serializer to show relevant users for groups
        New optional properties:
        - `avatar`
        * Deleted property `avatar` (string)
 ##### `GET` /core/groups/
@ -802,19 +721,15 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Group Serializer
        - Changed property `users_obj` (array)
            Changed items (object): > Stripped down user serializer to show relevant users for groups
            New optional properties:
            - `avatar`
            * Deleted property `avatar` (string)
 ##### `POST` /events/rules/
@ -824,19 +739,15 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `group_obj` (object)
        > Group Serializer
        - Changed property `users_obj` (array)
            Changed items (object): > Stripped down user serializer to show relevant users for groups
            New optional properties:
            - `avatar`
            * Deleted property `avatar` (string)
 ##### `GET` /events/rules/
@ -846,23 +757,18 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > NotificationRule Serializer
        - Changed property `group_obj` (object)
            > Group Serializer
            - Changed property `users_obj` (array)
                Changed items (object): > Stripped down user serializer to show relevant users for groups
                New optional properties:
                - `avatar`
                * Deleted property `avatar` (string)
 ##### `GET` /flows/bindings/&#123;fsb_uuid&#125;/
@ -872,7 +778,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `evaluate_on_plan` (boolean)
        > Evaluate policies during the Flow planning process.
@ -890,7 +795,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `evaluate_on_plan` (boolean)
        > Evaluate policies during the Flow planning process.
@ -908,7 +812,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `evaluate_on_plan` (boolean)
        > Evaluate policies during the Flow planning process.
@ -919,13 +822,11 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `provider` (object)
        > OAuth2Provider Serializer
        New optional properties:
        - `authorization_flow`
 ##### `GET` /oauth2/authorization_codes/&#123;id&#125;/
@ -935,13 +836,11 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `provider` (object)
        > OAuth2Provider Serializer
        New optional properties:
        - `authorization_flow`
 ##### `GET` /oauth2/refresh_tokens/&#123;id&#125;/
@ -951,13 +850,11 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `provider` (object)
        > OAuth2Provider Serializer
        New optional properties:
        - `authorization_flow`
 ##### `POST` /policies/bindings/
@ -967,19 +864,15 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `group_obj` (object)
        > Group Serializer
        - Changed property `users_obj` (array)
            Changed items (object): > Stripped down user serializer to show relevant users for groups
            New optional properties:
            - `avatar`
            * Deleted property `avatar` (string)
 ##### `GET` /policies/bindings/
@ -989,23 +882,18 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > PolicyBinding Serializer
        - Changed property `group_obj` (object)
            > Group Serializer
            - Changed property `users_obj` (array)
                Changed items (object): > Stripped down user serializer to show relevant users for groups
                New optional properties:
                - `avatar`
                * Deleted property `avatar` (string)
 ##### `POST` /providers/ldap/
@ -1025,7 +913,6 @@ Changed response : **201 Created**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `GET` /providers/ldap/
@ -1035,13 +922,11 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > LDAPProvider Serializer
        New optional properties:
        - `authorization_flow`
 ##### `POST` /providers/saml/
@ -1061,7 +946,6 @@ Changed response : **201 Created**
 - Changed content type : `application/json`
    New optional properties:
    - `authorization_flow`
 ##### `GET` /providers/saml/
@ -1071,13 +955,11 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > SAMLProvider Serializer
        New optional properties:
        - `authorization_flow`
 ##### `GET` /sources/user_connections/all/
@ -1093,15 +975,12 @@ Added: `user` in `query`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `created_by` (object)
        > Stripped down user serializer to show relevant users for groups
        New optional properties:
        - `avatar`
        * Deleted property `avatar` (string)
 ##### `GET` /stages/invitation/invitations/
@ -1111,19 +990,15 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Invitation Serializer
        - Changed property `created_by` (object)
            > Stripped down user serializer to show relevant users for groups
            New optional properties:
            - `avatar`
            * Deleted property `avatar` (string)
 ##### `GET` /stages/user_login/&#123;stage_uuid&#125;/
@ -1133,7 +1008,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `terminate_other_sessions` (boolean)
        > Terminate all other sessions of the user logging in.
@ -1151,7 +1025,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `terminate_other_sessions` (boolean)
        > Terminate all other sessions of the user logging in.
@ -1169,7 +1042,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `terminate_other_sessions` (boolean)
        > Terminate all other sessions of the user logging in.
@ -1187,7 +1059,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `evaluate_on_plan` (boolean)
        > Evaluate policies during the Flow planning process.
@ -1198,11 +1069,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > FlowStageBinding Serializer
        - Changed property `evaluate_on_plan` (boolean)
            > Evaluate policies during the Flow planning process.
@ -1213,22 +1082,18 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `plans` (array)
        Changed items (object): > Serializer for an active FlowPlan
        - Changed property `next_planned_stage` (object)
            > FlowStageBinding Serializer
            - Changed property `evaluate_on_plan` (boolean)
                > Evaluate policies during the Flow planning process.
        - Changed property `current_stage` (object)
            > FlowStageBinding Serializer
            - Changed property `evaluate_on_plan` (boolean)
                > Evaluate policies during the Flow planning process.
@ -1239,17 +1104,14 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
        - Changed property `provider` (object)
            > OAuth2Provider Serializer
            New optional properties:
            - `authorization_flow`
 ##### `GET` /oauth2/authorization_codes/
@ -1259,17 +1121,14 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
        - Changed property `provider` (object)
            > OAuth2Provider Serializer
            New optional properties:
            - `authorization_flow`
 ##### `GET` /oauth2/refresh_tokens/
@ -1279,17 +1138,14 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
        - Changed property `provider` (object)
            > OAuth2Provider Serializer
            New optional properties:
            - `authorization_flow`
 ##### `POST` /stages/user_login/
@ -1306,7 +1162,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `terminate_other_sessions` (boolean)
        > Terminate all other sessions of the user logging in.
@ -1321,10 +1176,8 @@ Added: `terminate_other_sessions` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > UserLoginStage Serializer
        - Added property `terminate_other_sessions` (boolean)
            > Terminate all other sessions of the user logging in.
--- a/website/docs/releases/2023/v2023.4.md
+++ b/website/docs/releases/2023/v2023.4.md
@ -152,7 +152,6 @@ image:
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > - `authentik.admin` - authentik Admin
@ -204,7 +203,6 @@ Changed response : **200 OK**
        > - `authentik.core` - authentik Core
        Added enum value:
        - `authentik.providers.radius`
 ##### `PUT` /policies/event_matcher/&#123;policy_uuid&#125;/
@ -264,7 +262,6 @@ Changed content type : `application/json`
    > - `authentik.core` - authentik Core
    Added enum value:
    - `authentik.providers.radius`
 ###### Return Type:
@ -272,7 +269,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > - `authentik.admin` - authentik Admin
@ -324,7 +320,6 @@ Changed response : **200 OK**
        > - `authentik.core` - authentik Core
        Added enum value:
        - `authentik.providers.radius`
 ##### `PATCH` /policies/event_matcher/&#123;policy_uuid&#125;/
@ -384,7 +379,6 @@ Changed content type : `application/json`
    > - `authentik.core` - authentik Core
    Added enum value:
    - `authentik.providers.radius`
 ###### Return Type:
@ -392,7 +386,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > - `authentik.admin` - authentik Admin
@ -444,7 +437,6 @@ Changed response : **200 OK**
        > - `authentik.core` - authentik Core
        Added enum value:
        - `authentik.providers.radius`
 ##### `GET` /providers/all/&#123;id&#125;/
@ -454,7 +446,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -465,7 +456,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -483,7 +473,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -501,7 +490,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -512,7 +500,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -530,7 +517,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -548,7 +534,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -559,11 +544,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `provider_obj` (object)
        > Provider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -574,11 +557,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `provider_obj` (object)
        > Provider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -589,11 +570,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `provider_obj` (object)
        > Provider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -604,7 +583,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `type` (string)
        > - `proxy` - Proxy
@ -612,13 +590,11 @@ Changed response : **200 OK**
        > - `radius` - Radius
        Added enum value:
        - `radius`
    - Changed property `providers_obj` (array)
        Changed items (object): > Provider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -635,7 +611,6 @@ Changed content type : `application/json`
    > - `radius` - Radius
    Added enum value:
    - `radius`
 ###### Return Type:
@ -643,7 +618,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `type` (string)
        > - `proxy` - Proxy
@ -651,13 +625,11 @@ Changed response : **200 OK**
        > - `radius` - Radius
        Added enum value:
        - `radius`
    - Changed property `providers_obj` (array)
        Changed items (object): > Provider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -674,7 +646,6 @@ Changed content type : `application/json`
    > - `radius` - Radius
    Added enum value:
    - `radius`
 ###### Return Type:
@ -682,7 +653,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `type` (string)
        > - `proxy` - Proxy
@ -690,13 +660,11 @@ Changed response : **200 OK**
        > - `radius` - Radius
        Added enum value:
        - `radius`
    - Changed property `providers_obj` (array)
        Changed items (object): > Provider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -757,7 +725,6 @@ Changed content type : `application/json`
    > - `authentik.core` - authentik Core
    Added enum value:
    - `authentik.providers.radius`
 ###### Return Type:
@ -765,7 +732,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > - `authentik.admin` - authentik Admin
@ -817,7 +783,6 @@ Changed response : **201 Created**
        > - `authentik.core` - authentik Core
        Added enum value:
        - `authentik.providers.radius`
 ##### `GET` /policies/event_matcher/
@ -827,11 +792,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Event Matcher Policy Serializer
        - Changed property `app` (string)
            > - `authentik.admin` - authentik Admin
@ -883,7 +846,6 @@ Changed response : **200 OK**
            > - `authentik.core` - authentik Core
            Added enum value:
            - `authentik.providers.radius`
 ##### `GET` /providers/all/
@ -893,11 +855,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Provider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -908,7 +868,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -926,7 +885,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -944,7 +902,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -962,7 +919,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -973,11 +929,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > OAuth2Provider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -995,7 +949,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1006,11 +959,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > ProxyProvider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1021,7 +972,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1039,7 +989,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1057,7 +1006,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1068,11 +1016,9 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `provider_obj` (object)
        > Provider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1083,15 +1029,12 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Application Serializer
        - Changed property `provider_obj` (object)
            > Provider Serializer
            - Added property `authentication_flow` (string)
                > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1102,15 +1045,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `application` (object)
        > Application Serializer
        - Changed property `provider_obj` (object)
            > Provider Serializer
            - Added property `authentication_flow` (string)
                > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1121,11 +1061,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `provider` (object)
        > OAuth2Provider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1136,11 +1074,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `provider` (object)
        > OAuth2Provider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1151,11 +1087,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `provider` (object)
        > OAuth2Provider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1172,7 +1106,6 @@ Changed content type : `application/json`
    > - `radius` - Radius
    Added enum value:
    - `radius`
 ###### Return Type:
@ -1180,7 +1113,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `type` (string)
        > - `proxy` - Proxy
@ -1188,13 +1120,11 @@ Changed response : **201 Created**
        > - `radius` - Radius
        Added enum value:
        - `radius`
    - Changed property `providers_obj` (array)
        Changed items (object): > Provider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1205,11 +1135,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Outpost Serializer
        - Changed property `type` (string)
            > - `proxy` - Proxy
@ -1217,13 +1145,11 @@ Changed response : **200 OK**
            > - `radius` - Radius
            Added enum value:
            - `radius`
        - Changed property `providers_obj` (array)
            Changed items (object): > Provider Serializer
            - Added property `authentication_flow` (string)
                > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1241,7 +1167,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1252,11 +1177,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > LDAPProvider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1274,7 +1197,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `authentication_flow` (string)
        > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1289,11 +1211,9 @@ Added: `authentication_flow` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > SAMLProvider Serializer
        - Added property `authentication_flow` (string)
            > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1304,7 +1224,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `remember_me_offset` (string)
        > Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
@ -1322,7 +1241,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `remember_me_offset` (string)
        > Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
@ -1340,7 +1258,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `remember_me_offset` (string)
        > Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
@ -1351,19 +1268,15 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > UserConsent Serializer
        - Changed property `application` (object)
            > Application Serializer
            - Changed property `provider_obj` (object)
                > Provider Serializer
                - Added property `authentication_flow` (string)
                    > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1376,7 +1289,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    Added 'ak-stage-user-login' component:
    - Property `type` (string)
        > - `native` - NATIVE
@ -1384,7 +1296,6 @@ Changed response : **200 OK**
        > - `redirect` - REDIRECT
        Enum values:
        - `native`
        - `shell`
        - `redirect`
@ -1392,7 +1303,6 @@ Changed response : **200 OK**
    - Property `flow_info` (object)
        > Contextual flow information for a challenge
        - Property `title` (string)
        - Property `background` (string)
@ -1408,7 +1318,6 @@ Changed response : **200 OK**
            > - `sidebar_right` - SIDEBAR_RIGHT
            Enum values:
            - `stacked`
            - `content_left`
            - `content_right`
@ -1424,15 +1333,12 @@ Changed response : **200 OK**
    - Property `pending_user_avatar` (string)
    Updated `ak-stage-prompt` component:
    - Changed property `fields` (array)
        Changed items (object): > Serializer for a single Prompt field
        New required properties:
        - `choices`
        * Added property `choices` (array)
            Items (string):
@ -1459,7 +1365,6 @@ Changed response : **200 OK**
            > - `ak-locale` - authentik: Selection of locales authentik supports
            Added enum values:
            - `text_area`
            - `text_area_read_only`
            - `radio-button-group`
@ -1485,15 +1390,12 @@ Changed response : **200 OK**
    Added 'ak-stage-user-login' component:
    Updated `ak-stage-prompt` component:
    - Changed property `fields` (array)
        Changed items (object): > Serializer for a single Prompt field
        New required properties:
        - `choices`
        * Added property `choices` (array)
        * Changed property `type` (string)
@ -1518,7 +1420,6 @@ Changed response : **200 OK**
            > - `ak-locale` - authentik: Selection of locales authentik supports
            Added enum values:
            - `text_area`
            - `text_area_read_only`
            - `radio-button-group`
@ -1531,15 +1432,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
        - Changed property `provider` (object)
            > OAuth2Provider Serializer
            - Added property `authentication_flow` (string)
                > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1550,15 +1448,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
        - Changed property `provider` (object)
            > OAuth2Provider Serializer
            - Added property `authentication_flow` (string)
                > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1569,15 +1464,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
        - Changed property `provider` (object)
            > OAuth2Provider Serializer
            - Added property `authentication_flow` (string)
                > Flow used for authentication when the associated application is accessed by an un-authenticated user.
@ -1588,7 +1480,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `placeholder` (string)
        > When creating a Radio Button Group or Dropdown, enable interpreting as expression and return a list to return multiple choices.
@ -1615,7 +1506,6 @@ Changed response : **200 OK**
        > - `ak-locale` - authentik: Selection of locales authentik supports
        Added enum values:
        - `text_area`
        - `text_area_read_only`
        - `radio-button-group`
@ -1653,7 +1543,6 @@ Changed content type : `application/json`
    > - `ak-locale` - authentik: Selection of locales authentik supports
    Added enum values:
    - `text_area`
    - `text_area_read_only`
    - `radio-button-group`
@ -1664,7 +1553,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `placeholder` (string)
        > When creating a Radio Button Group or Dropdown, enable interpreting as expression and return a list to return multiple choices.
@ -1691,7 +1579,6 @@ Changed response : **200 OK**
        > - `ak-locale` - authentik: Selection of locales authentik supports
        Added enum values:
        - `text_area`
        - `text_area_read_only`
        - `radio-button-group`
@ -1729,7 +1616,6 @@ Changed content type : `application/json`
    > - `ak-locale` - authentik: Selection of locales authentik supports
    Added enum values:
    - `text_area`
    - `text_area_read_only`
    - `radio-button-group`
@ -1740,7 +1626,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `placeholder` (string)
        > When creating a Radio Button Group or Dropdown, enable interpreting as expression and return a list to return multiple choices.
@ -1767,7 +1652,6 @@ Changed response : **200 OK**
        > - `ak-locale` - authentik: Selection of locales authentik supports
        Added enum values:
        - `text_area`
        - `text_area_read_only`
        - `radio-button-group`
@ -1787,7 +1671,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `remember_me_offset` (string)
        > Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
@ -1802,11 +1685,9 @@ Added: `remember_me_offset` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > UserLoginStage Serializer
        - Added property `remember_me_offset` (string)
            > Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
@ -1842,7 +1723,6 @@ Changed content type : `application/json`
    > - `ak-locale` - authentik: Selection of locales authentik supports
    Added enum values:
    - `text_area`
    - `text_area_read_only`
    - `radio-button-group`
@ -1853,7 +1733,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `placeholder` (string)
        > When creating a Radio Button Group or Dropdown, enable interpreting as expression and return a list to return multiple choices.
@ -1880,7 +1759,6 @@ Changed response : **201 Created**
        > - `ak-locale` - authentik: Selection of locales authentik supports
        Added enum values:
        - `text_area`
        - `text_area_read_only`
        - `radio-button-group`
@ -1934,11 +1812,9 @@ Changed: `type` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Prompt Serializer
        - Changed property `placeholder` (string)
            > When creating a Radio Button Group or Dropdown, enable interpreting as expression and return a list to return multiple choices.
@ -1965,7 +1841,6 @@ Changed response : **200 OK**
            > - `ak-locale` - authentik: Selection of locales authentik supports
            Added enum values:
            - `text_area`
            - `text_area_read_only`
            - `radio-button-group`
--- a/website/docs/releases/2023/v2023.5.md
+++ b/website/docs/releases/2023/v2023.5.md
--- a/website/docs/releases/2023/v2023.6.md
+++ b/website/docs/releases/2023/v2023.6.md
@ -111,7 +111,6 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.6
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `model` (object)
        > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
@ -188,7 +187,6 @@ Changed response : **200 OK**
        > - `authentik_core.token` - Token
        Enum values:
        - `authentik_crypto.certificatekeypair`
        - `authentik_events.event`
        - `authentik_events.notificationtransport`
@ -345,7 +343,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `model` (object)
        > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
        >
@ -505,7 +502,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `model` (object)
        > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
        >
@ -587,7 +583,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `mfa_support` (boolean)
        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -684,7 +679,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `model` (object)
        > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
        >
@ -770,11 +764,9 @@ Added: `model` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Event Matcher Policy Serializer
        - Added property `model` (object)
            > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
            >
@ -856,7 +848,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `mfa_support` (boolean)
        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -890,7 +881,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `mfa_support` (boolean)
        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -924,7 +914,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `mfa_support` (boolean)
        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -943,7 +932,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `client_certificate` (string)
        > Client certificate to authenticate against the LDAP Server's Certificate.
@ -967,7 +955,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `client_certificate` (string)
        > Client certificate to authenticate against the LDAP Server's Certificate.
@ -991,7 +978,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `client_certificate` (string)
        > Client certificate to authenticate against the LDAP Server's Certificate.
@ -1005,7 +991,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `verification_kp` (string)
        > When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
@ -1031,7 +1016,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `verification_kp` (string)
        > When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
@ -1057,7 +1041,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `verification_kp` (string)
        > When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
@ -1094,11 +1077,9 @@ Changed: `mode` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > LDAPProvider Serializer
        - Added property `mfa_support` (boolean)
            > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -1132,7 +1113,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `mfa_support` (boolean)
        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -1151,11 +1131,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > LDAPProvider Serializer
        - Added property `mfa_support` (boolean)
            > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
@ -1203,7 +1181,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `client_certificate` (string)
        > Client certificate to authenticate against the LDAP Server's Certificate.
@ -1223,11 +1200,9 @@ Added: `sni` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > LDAP Source Serializer
        - Added property `client_certificate` (string)
            > Client certificate to authenticate against the LDAP Server's Certificate.
@ -1270,7 +1245,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `verification_kp` (string)
        > When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
@ -1315,11 +1289,9 @@ Changed: `signature_algorithm` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > SAMLSource Serializer
        - Added property `verification_kp` (string)
            > When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
--- a/website/docs/releases/2023/v2023.8.md
+++ b/website/docs/releases/2023/v2023.8.md
@ -208,7 +208,6 @@ image:
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > - `authentik.admin` - authentik Admin
@ -260,7 +259,6 @@ Changed response : **200 OK**
        > - `authentik.enterprise` - authentik Enterprise
        Removed enum value:
        - `authentik.lib`
 ##### `PUT` /policies/event_matcher/&#123;policy_uuid&#125;/
@ -320,7 +318,6 @@ Changed content type : `application/json`
    > - `authentik.enterprise` - authentik Enterprise
    Removed enum value:
    - `authentik.lib`
 ###### Return Type:
@ -328,7 +325,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > - `authentik.admin` - authentik Admin
@ -380,7 +376,6 @@ Changed response : **200 OK**
        > - `authentik.enterprise` - authentik Enterprise
        Removed enum value:
        - `authentik.lib`
 ##### `PATCH` /policies/event_matcher/&#123;policy_uuid&#125;/
@ -440,7 +435,6 @@ Changed content type : `application/json`
    > - `authentik.enterprise` - authentik Enterprise
    Removed enum value:
    - `authentik.lib`
 ###### Return Type:
@ -448,7 +442,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > - `authentik.admin` - authentik Admin
@ -500,7 +493,6 @@ Changed response : **200 OK**
        > - `authentik.enterprise` - authentik Enterprise
        Removed enum value:
        - `authentik.lib`
 ##### `GET` /schema/
@ -548,11 +540,9 @@ Changed: `web_certificate` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Added property `type` (string)
            > - `internal` - Internal
@ -561,7 +551,6 @@ Changed response : **200 OK**
            > - `internal_service_account` - Internal Service Account
            Enum values:
            - `internal`
            - `external`
            - `service_account`
@ -574,11 +563,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Added property `type` (string)
            > - `internal` - Internal
            > - `external` - External
@ -592,11 +579,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Added property `type` (string)
            > - `internal` - Internal
            > - `external` - External
@ -610,7 +595,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `type` (string)
        > - `internal` - Internal
        > - `external` - External
@ -634,7 +618,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `type` (string)
        > - `internal` - Internal
        > - `external` - External
@ -658,7 +641,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `type` (string)
        > - `internal` - Internal
        > - `external` - External
@ -680,11 +662,9 @@ Changed: `name` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Added property `type` (string)
            > - `internal` - Internal
            > - `external` - External
@ -698,11 +678,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Added property `type` (string)
            > - `internal` - Internal
            > - `external` - External
@ -716,11 +694,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Added property `type` (string)
            > - `internal` - Internal
            > - `external` - External
@ -784,7 +760,6 @@ Changed content type : `application/json`
    > - `authentik.enterprise` - authentik Enterprise
    Removed enum value:
    - `authentik.lib`
 ###### Return Type:
@ -792,7 +767,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > - `authentik.admin` - authentik Admin
@ -844,7 +818,6 @@ Changed response : **201 Created**
        > - `authentik.enterprise` - authentik Enterprise
        Removed enum value:
        - `authentik.lib`
 ##### `GET` /policies/event_matcher/
@ -854,11 +827,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Event Matcher Policy Serializer
        - Changed property `app` (string)
            > - `authentik.admin` - authentik Admin
@ -910,7 +881,6 @@ Changed response : **200 OK**
            > - `authentik.enterprise` - authentik Enterprise
            Removed enum value:
            - `authentik.lib`
 ##### `POST` /core/tokens/
@ -920,11 +890,9 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Added property `type` (string)
            > - `internal` - Internal
            > - `external` - External
@ -938,15 +906,12 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Token Serializer
        - Changed property `user_obj` (object)
            > User Serializer
            - Added property `type` (string)
                > - `internal` - Internal
                > - `external` - External
@ -960,11 +925,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user` (object)
        > User Serializer
        - Added property `type` (string)
            > - `internal` - Internal
            > - `external` - External
@ -988,7 +951,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `type` (string)
        > - `internal` - Internal
        > - `external` - External
@ -1013,11 +975,9 @@ Changed: `uuid` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > User Serializer
        - Added property `type` (string)
            > - `internal` - Internal
            > - `external` - External
@ -1031,11 +991,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user` (object)
        > User Serializer for information a user can retrieve about themselves
        - Added property `type` (string)
            > - `internal` - Internal
            > - `external` - External
@ -1049,11 +1007,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user` (object)
        > User Serializer
        - Added property `type` (string)
            > - `internal` - Internal
            > - `external` - External
@ -1067,11 +1023,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user` (object)
        > User Serializer
        - Added property `type` (string)
            > - `internal` - Internal
            > - `external` - External
@ -1085,11 +1039,9 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `user` (object)
        > User Serializer
        - Added property `type` (string)
            > - `internal` - Internal
            > - `external` - External
@ -1103,11 +1055,9 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `user_obj` (object)
        > User Serializer
        - Added property `type` (string)
            > - `internal` - Internal
            > - `external` - External
@ -1121,15 +1071,12 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > PolicyBinding Serializer
        - Changed property `user_obj` (object)
            > User Serializer
            - Added property `type` (string)
                > - `internal` - Internal
                > - `external` - External
@ -1143,7 +1090,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `token_length` (integer)
    - Changed property `token_count` (integer)
@ -1163,7 +1109,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `token_length` (integer)
    - Changed property `token_count` (integer)
@ -1183,7 +1128,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `token_length` (integer)
    - Changed property `token_count` (integer)
@ -1195,15 +1139,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > UserConsent Serializer
        - Changed property `user` (object)
            > User Serializer
            - Added property `type` (string)
                > - `internal` - Internal
                > - `external` - External
@ -1217,15 +1158,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
        - Changed property `user` (object)
            > User Serializer
            - Added property `type` (string)
                > - `internal` - Internal
                > - `external` - External
@ -1239,15 +1177,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
        - Changed property `user` (object)
            > User Serializer
            - Added property `type` (string)
                > - `internal` - Internal
                > - `external` - External
@ -1261,15 +1196,12 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
        - Changed property `user` (object)
            > User Serializer
            - Added property `type` (string)
                > - `internal` - Internal
                > - `external` - External
@ -1291,7 +1223,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `token_length` (integer)
    - Changed property `token_count` (integer)
@ -1307,11 +1238,9 @@ Added: `token_length` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > AuthenticatorStaticStage Serializer
        - Added property `token_length` (integer)
        - Changed property `token_count` (integer)
--- a/website/docs/releases/2024/v2024.10.md
+++ b/website/docs/releases/2024/v2024.10.md
--- a/website/docs/releases/2024/v2024.12.md
+++ b/website/docs/releases/2024/v2024.12.md
--- a/website/docs/releases/2024/v2024.2.md
+++ b/website/docs/releases/2024/v2024.2.md
--- a/website/docs/releases/2024/v2024.4.md
+++ b/website/docs/releases/2024/v2024.4.md
--- a/website/docs/releases/2024/v2024.6.md
+++ b/website/docs/releases/2024/v2024.6.md
@ -389,21 +389,17 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.6
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `runtime` (object)
        > Get versions
        New required properties:
        - `authentik_version`
        - `openssl_fips_mode`
        - `openssl_version`
        New optional properties:
        - `gunicorn_version`
        * Added property `openssl_version` (string)
        * Added property `openssl_fips_mode` (boolean)
@ -419,21 +415,17 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `runtime` (object)
        > Get versions
        New required properties:
        - `authentik_version`
        - `openssl_fips_mode`
        - `openssl_version`
        New optional properties:
        - `gunicorn_version`
        * Added property `openssl_version` (string)
        * Added property `openssl_fips_mode` (boolean)
@ -451,7 +443,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    Changed items (object): > Types of an object that can be created
    - Added property `icon_url` (string)
 ##### `GET` /outposts/instances/{#123;uuid}#125;/health/
@ -465,12 +456,10 @@ Changed response : **200 OK**
    Changed items (object): > Outpost health status
    New required properties:
    - `fips_enabled`
    - `golang_version`
    - `openssl_enabled`
    - `openssl_version`
    * Added property `golang_version` (string)
    * Added property `openssl_enabled` (boolean)
@ -489,7 +478,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    Changed items (object): > Types of an object that can be created
    - Added property `icon_url` (string)
 ##### `GET` /policies/all/types/
@ -501,7 +489,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    Changed items (object): > Types of an object that can be created
    - Added property `icon_url` (string)
 ##### `GET` /policies/event_matcher/{#123;policy_uuid}#125;/
@ -511,13 +498,11 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Added enum values:
        - `authentik.enterprise.providers.google_workspace`
        - `authentik.enterprise.providers.microsoft_entra`
@ -526,7 +511,6 @@ Changed response : **200 OK**
        > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
        Added enum values:
        - `authentik_providers_google_workspace.googleworkspaceprovider`
        - `authentik_providers_google_workspace.googleworkspaceprovidermapping`
        - `authentik_providers_microsoft_entra.microsoftentraprovider`
@ -543,7 +527,6 @@ Changed content type : `application/json`
    > Match events created by selected application. When left empty, all applications are matched.
    Added enum values:
    - `authentik.enterprise.providers.google_workspace`
    - `authentik.enterprise.providers.microsoft_entra`
@ -552,7 +535,6 @@ Changed content type : `application/json`
    > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
    Added enum values:
    - `authentik_providers_google_workspace.googleworkspaceprovider`
    - `authentik_providers_google_workspace.googleworkspaceprovidermapping`
    - `authentik_providers_microsoft_entra.microsoftentraprovider`
@ -563,13 +545,11 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Added enum values:
        - `authentik.enterprise.providers.google_workspace`
        - `authentik.enterprise.providers.microsoft_entra`
@ -578,7 +558,6 @@ Changed response : **200 OK**
        > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
        Added enum values:
        - `authentik_providers_google_workspace.googleworkspaceprovider`
        - `authentik_providers_google_workspace.googleworkspaceprovidermapping`
        - `authentik_providers_microsoft_entra.microsoftentraprovider`
@ -595,7 +574,6 @@ Changed content type : `application/json`
    > Match events created by selected application. When left empty, all applications are matched.
    Added enum values:
    - `authentik.enterprise.providers.google_workspace`
    - `authentik.enterprise.providers.microsoft_entra`
@ -604,7 +582,6 @@ Changed content type : `application/json`
    > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
    Added enum values:
    - `authentik_providers_google_workspace.googleworkspaceprovider`
    - `authentik_providers_google_workspace.googleworkspaceprovidermapping`
    - `authentik_providers_microsoft_entra.microsoftentraprovider`
@ -615,13 +592,11 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Added enum values:
        - `authentik.enterprise.providers.google_workspace`
        - `authentik.enterprise.providers.microsoft_entra`
@ -630,7 +605,6 @@ Changed response : **200 OK**
        > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
        Added enum values:
        - `authentik_providers_google_workspace.googleworkspaceprovider`
        - `authentik_providers_google_workspace.googleworkspaceprovidermapping`
        - `authentik_providers_microsoft_entra.microsoftentraprovider`
@ -657,7 +631,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    Changed items (object): > Types of an object that can be created
    - Added property `icon_url` (string)
 ##### `GET` /providers/all/types/
@ -669,7 +642,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    Changed items (object): > Types of an object that can be created
    - Added property `icon_url` (string)
 ##### `GET` /sources/all/types/
@ -681,7 +653,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    Changed items (object): > Types of an object that can be created
    - Added property `icon_url` (string)
 ##### `GET` /stages/all/types/
@ -693,7 +664,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    Changed items (object): > Types of an object that can be created
    - Added property `icon_url` (string)
 ##### `GET` /stages/email/templates/
@ -705,7 +675,6 @@ Changed response : **200 OK**
 - Changed content type : `application/json`
    Changed items (object): > Types of an object that can be created
    - Added property `icon_url` (string)
 ##### `GET` /core/groups/{#123;group_uuid}#125;/
@ -725,7 +694,6 @@ Changed content type : `application/json`
    > Match events created by selected application. When left empty, all applications are matched.
    Added enum values:
    - `authentik.enterprise.providers.google_workspace`
    - `authentik.enterprise.providers.microsoft_entra`
@ -734,7 +702,6 @@ Changed content type : `application/json`
    > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
    Added enum values:
    - `authentik_providers_google_workspace.googleworkspaceprovider`
    - `authentik_providers_google_workspace.googleworkspaceprovidermapping`
    - `authentik_providers_microsoft_entra.microsoftentraprovider`
@ -745,13 +712,11 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Added enum values:
        - `authentik.enterprise.providers.google_workspace`
        - `authentik.enterprise.providers.microsoft_entra`
@ -760,7 +725,6 @@ Changed response : **201 Created**
        > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
        Added enum values:
        - `authentik_providers_google_workspace.googleworkspaceprovider`
        - `authentik_providers_google_workspace.googleworkspaceprovidermapping`
        - `authentik_providers_microsoft_entra.microsoftentraprovider`
@ -773,17 +737,14 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Event Matcher Policy Serializer
        - Changed property `app` (string)
            > Match events created by selected application. When left empty, all applications are matched.
            Added enum values:
            - `authentik.enterprise.providers.google_workspace`
            - `authentik.enterprise.providers.microsoft_entra`
@ -792,7 +753,6 @@ Changed response : **200 OK**
            > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
            Added enum values:
            - `authentik_providers_google_workspace.googleworkspaceprovider`
            - `authentik_providers_google_workspace.googleworkspaceprovidermapping`
            - `authentik_providers_microsoft_entra.microsoftentraprovider`
@ -817,7 +777,6 @@ Changed content type : `application/json`
 - Changed property `model` (string)
    Added enum values:
    - `authentik_providers_google_workspace.googleworkspaceprovider`
    - `authentik_providers_google_workspace.googleworkspaceprovidermapping`
    - `authentik_providers_microsoft_entra.microsoftentraprovider`
@ -832,7 +791,6 @@ Changed content type : `application/json`
 - Changed property `model` (string)
    Added enum values:
    - `authentik_providers_google_workspace.googleworkspaceprovider`
    - `authentik_providers_google_workspace.googleworkspaceprovidermapping`
    - `authentik_providers_microsoft_entra.microsoftentraprovider`
@ -847,7 +805,6 @@ Changed content type : `application/json`
 - Changed property `model` (string)
    Added enum values:
    - `authentik_providers_google_workspace.googleworkspaceprovider`
    - `authentik_providers_google_workspace.googleworkspaceprovidermapping`
    - `authentik_providers_microsoft_entra.microsoftentraprovider`
@ -862,7 +819,6 @@ Changed content type : `application/json`
 - Changed property `model` (string)
    Added enum values:
    - `authentik_providers_google_workspace.googleworkspaceprovider`
    - `authentik_providers_google_workspace.googleworkspaceprovidermapping`
    - `authentik_providers_microsoft_entra.microsoftentraprovider`
@ -875,7 +831,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `PUT` /sources/ldap/{#123;slug}#125;/
@ -885,7 +840,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `PATCH` /sources/ldap/{#123;slug}#125;/
@ -895,7 +849,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `GET` /sources/oauth/{#123;slug}#125;/
@ -905,7 +858,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `PUT` /sources/oauth/{#123;slug}#125;/
@ -915,7 +867,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `PATCH` /sources/oauth/{#123;slug}#125;/
@ -925,7 +876,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `GET` /sources/plex/{#123;slug}#125;/
@ -935,7 +885,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `PUT` /sources/plex/{#123;slug}#125;/
@ -945,7 +894,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `PATCH` /sources/plex/{#123;slug}#125;/
@ -955,7 +903,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `GET` /sources/saml/{#123;slug}#125;/
@ -965,7 +912,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `PUT` /sources/saml/{#123;slug}#125;/
@ -975,7 +921,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `PATCH` /sources/saml/{#123;slug}#125;/
@ -985,7 +930,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `GET` /events/system_tasks/{#123;uuid}#125;/
@ -995,7 +939,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `expires` (string)
    - Added property `expiring` (boolean)
@ -1019,7 +962,6 @@ Changed: `model` in `query`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `GET` /sources/ldap/
@ -1029,11 +971,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > LDAP Source Serializer
        - Changed property `icon` (string)
 ##### `POST` /sources/oauth/
@ -1043,7 +983,6 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `GET` /sources/oauth/
@ -1053,11 +992,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > OAuth Source Serializer
        - Changed property `icon` (string)
 ##### `POST` /sources/plex/
@ -1067,7 +1004,6 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `GET` /sources/plex/
@ -1077,11 +1013,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Plex Source Serializer
        - Changed property `icon` (string)
 ##### `POST` /sources/saml/
@ -1091,7 +1025,6 @@ Changed response : **200 OK**
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `icon` (string)
 ##### `GET` /sources/saml/
@ -1101,11 +1034,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > SAMLSource Serializer
        - Changed property `icon` (string)
 ##### `GET` /stages/captcha/{#123;stage_uuid}#125;/
@ -1115,7 +1046,6 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `score_min_threshold` (number)
    - Added property `score_max_threshold` (number)
@ -1141,7 +1071,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `score_min_threshold` (number)
    - Added property `score_max_threshold` (number)
@ -1167,7 +1096,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `score_min_threshold` (number)
    - Added property `score_max_threshold` (number)
@ -1184,14 +1112,12 @@ Changed content type : `application/json`
 - Changed property `provider_model` (string)
    Added enum values:
    - `authentik_providers_google_workspace.googleworkspaceprovider`
    - `authentik_providers_microsoft_entra.microsoftentraprovider`
 - Changed property `provider` (object)
    Added 'authentik_providers_google_workspace.googleworkspaceprovider' provider_model:
    - Property `name` (string)
    - Property `property_mappings` (array)
@ -1217,7 +1143,6 @@ Changed content type : `application/json`
    - Property `user_delete_action` (string)
        Enum values:
        - `do_nothing`
        - `delete`
        - `suspend`
@ -1227,7 +1152,6 @@ Changed content type : `application/json`
    - Property `default_group_email_domain` (string)
    Added 'authentik_providers_microsoft_entra.microsoftentraprovider' provider_model:
    - Property `name` (string)
    - Property `property_mappings` (array)
@ -1257,11 +1181,9 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Serialize TaskInfo and TaskResult
        - Added property `expires` (string)
        - Added property `expiring` (boolean)
@ -1284,7 +1206,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `score_min_threshold` (number)
    - Added property `score_max_threshold` (number)
@ -1299,11 +1220,9 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > CaptchaStage Serializer
        - Added property `score_min_threshold` (number)
        - Added property `score_max_threshold` (number)
--- a/website/docs/releases/2024/v2024.8.md
+++ b/website/docs/releases/2024/v2024.8.md
--- a/website/docs/releases/2025/v2025.2.md
+++ b/website/docs/releases/2025/v2025.2.md
--- a/website/docs/releases/2025/v2025.4.md
+++ b/website/docs/releases/2025/v2025.4.md
--- a/website/docs/releases/2025/v2025.6.md
+++ b/website/docs/releases/2025/v2025.6.md
@ -14,7 +14,6 @@ slug: "/releases/2025.6"
 ## Breaking changes
 - **Helm chart dependencies upgrades**:
    - The PostgreSQL chart has been updated to version 16.7.4. The PostgreSQL image is no longer pinned in authentik's default values and has been upgraded from version 15 to 17. Follow our [PostgreSQL upgrade instructions](../../troubleshooting/postgres/upgrade_kubernetes.md) to update to the latest PostgreSQL version.
    - The Redis chart has been updated to version 21.1.6. There are no breaking changes and Redis has been upgraded from version 7 to 8.
@ -184,7 +183,6 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.6
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `client_certificates` (array)
        > Certificates used for client authentication.
@ -205,7 +203,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `client_certificates` (array)
        > Certificates used for client authentication.
@ -223,7 +220,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `client_certificates` (array)
        > Certificates used for client authentication.
@ -234,13 +230,11 @@ Changed response : **200 OK**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Added enum value:
        - `authentik.enterprise.stages.mtls`
    - Changed property `model` (string)
@ -248,7 +242,6 @@ Changed response : **200 OK**
        > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
        Added enum value:
        - `authentik_stages_mtls.mutualtlsstage`
 ##### `PUT` /policies/event_matcher/&#123;policy_uuid&#125;/
@ -262,7 +255,6 @@ Changed content type : `application/json`
    > Match events created by selected application. When left empty, all applications are matched.
    Added enum value:
    - `authentik.enterprise.stages.mtls`
 - Changed property `model` (string)
@ -270,7 +262,6 @@ Changed content type : `application/json`
    > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
    Added enum value:
    - `authentik_stages_mtls.mutualtlsstage`
 ###### Return Type:
@ -278,13 +269,11 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Added enum value:
        - `authentik.enterprise.stages.mtls`
    - Changed property `model` (string)
@ -292,7 +281,6 @@ Changed response : **200 OK**
        > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
        Added enum value:
        - `authentik_stages_mtls.mutualtlsstage`
 ##### `PATCH` /policies/event_matcher/&#123;policy_uuid&#125;/
@ -306,7 +294,6 @@ Changed content type : `application/json`
    > Match events created by selected application. When left empty, all applications are matched.
    Added enum value:
    - `authentik.enterprise.stages.mtls`
 - Changed property `model` (string)
@ -314,7 +301,6 @@ Changed content type : `application/json`
    > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
    Added enum value:
    - `authentik_stages_mtls.mutualtlsstage`
 ###### Return Type:
@ -322,13 +308,11 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Added enum value:
        - `authentik.enterprise.stages.mtls`
    - Changed property `model` (string)
@ -336,7 +320,6 @@ Changed response : **200 OK**
        > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
        Added enum value:
        - `authentik_stages_mtls.mutualtlsstage`
 ##### `POST` /core/brands/
@ -353,7 +336,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `client_certificates` (array)
        > Certificates used for client authentication.
@ -368,11 +350,9 @@ Added: `client_certificates` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Brand Serializer
        - Added property `client_certificates` (array)
            > Certificates used for client authentication.
@ -387,7 +367,6 @@ Changed content type : `application/json`
    > Match events created by selected application. When left empty, all applications are matched.
    Added enum value:
    - `authentik.enterprise.stages.mtls`
 - Changed property `model` (string)
@ -395,7 +374,6 @@ Changed content type : `application/json`
    > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
    Added enum value:
    - `authentik_stages_mtls.mutualtlsstage`
 ###### Return Type:
@ -403,13 +381,11 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Changed property `app` (string)
        > Match events created by selected application. When left empty, all applications are matched.
        Added enum value:
        - `authentik.enterprise.stages.mtls`
    - Changed property `model` (string)
@ -417,7 +393,6 @@ Changed response : **201 Created**
        > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
        Added enum value:
        - `authentik_stages_mtls.mutualtlsstage`
 ##### `GET` /policies/event_matcher/
@ -427,17 +402,14 @@ Changed response : **201 Created**
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > Event Matcher Policy Serializer
        - Changed property `app` (string)
            > Match events created by selected application. When left empty, all applications are matched.
            Added enum value:
            - `authentik.enterprise.stages.mtls`
        - Changed property `model` (string)
@ -445,7 +417,6 @@ Changed response : **200 OK**
            > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
            Added enum value:
            - `authentik_stages_mtls.mutualtlsstage`
 ##### `POST` /rbac/permissions/assigned_by_roles/&#123;uuid&#125;/assign/
@ -457,7 +428,6 @@ Changed content type : `application/json`
 - Changed property `model` (string)
    Added enum value:
    - `authentik_stages_mtls.mutualtlsstage`
 ##### `PATCH` /rbac/permissions/assigned_by_roles/&#123;uuid&#125;/unassign/
@ -469,7 +439,6 @@ Changed content type : `application/json`
 - Changed property `model` (string)
    Added enum value:
    - `authentik_stages_mtls.mutualtlsstage`
 ##### `POST` /rbac/permissions/assigned_by_users/&#123;id&#125;/assign/
@ -481,7 +450,6 @@ Changed content type : `application/json`
 - Changed property `model` (string)
    Added enum value:
    - `authentik_stages_mtls.mutualtlsstage`
 ##### `PATCH` /rbac/permissions/assigned_by_users/&#123;id&#125;/unassign/
@ -493,7 +461,6 @@ Changed content type : `application/json`
 - Changed property `model` (string)
    Added enum value:
    - `authentik_stages_mtls.mutualtlsstage`
 ##### `GET` /sources/ldap/&#123;slug&#125;/
@ -503,7 +470,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `delete_not_found_objects` (boolean)
        > Delete authentik users and groups which were previously supplied by this source, but are now missing from it.
@ -521,7 +487,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `delete_not_found_objects` (boolean)
        > Delete authentik users and groups which were previously supplied by this source, but are now missing from it.
@ -539,7 +504,6 @@ Changed content type : `application/json`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Added property `delete_not_found_objects` (boolean)
        > Delete authentik users and groups which were previously supplied by this source, but are now missing from it.
@ -569,7 +533,6 @@ Changed content type : `application/json`
 Changed response : **201 Created**
 - Changed content type : `application/json`
    - Added property `delete_not_found_objects` (boolean)
        > Delete authentik users and groups which were previously supplied by this source, but are now missing from it.
@ -584,10 +547,8 @@ Added: `delete_not_found_objects` in `query`
 Changed response : **200 OK**
 - Changed content type : `application/json`
    - Changed property `results` (array)
        Changed items (object): > LDAP Source Serializer
        - Added property `delete_not_found_objects` (boolean)
            > Delete authentik users and groups which were previously supplied by this source, but are now missing from it.
--- a/website/docs/releases/old/v0.14.md
+++ b/website/docs/releases/old/v0.14.md
@ -12,7 +12,6 @@ slug: "/releases/0.14"
 - Events now have a more general purpose, rather than just logging audit actions.
    The following new events are now logged:
    - Policy Execution (Has to be enabled on a per-policy basis)
    - Policy Exceptions
    - Property Mapping Exceptions
--- a/website/docs/sys-mgmt/certificates.md
+++ b/website/docs/sys-mgmt/certificates.md
@ -70,12 +70,10 @@ These commands import certificates under the specified names. They are safe to r
 authentik uses the following rules to import certificates:
 - **Root directory files**: Files in the root directory are imported based on their filename
    - `/foo.pem` will be imported as the keypair `foo`
    - Files are classified as private keys if they contain `PRIVATE KEY`, otherwise as certificates
 - **Certbot convention**: Files named `fullchain.pem` or `privkey.pem` will use their parent folder's name
    - Files in paths containing `archive` are ignored (to better support certbot setups)
 - **Flexible organization**: Files can use any directory structure and extension
--- a/website/docs/sys-mgmt/settings.md
+++ b/website/docs/sys-mgmt/settings.md
@ -16,7 +16,6 @@ Default: `gravatar,initials`
 - Any URL: If you want to use images hosted on another server, you can set any URL.
    Additionally, these placeholders can be used:
    - `%(username)s`: The user's username
    - `%(mail_hash)s`: The email address, md5 hashed
    - `%(upn)s`: The user's UPN, if set (otherwise an empty string)
--- a/website/docs/users-sources/access-control/initial_permissions.mdx
+++ b/website/docs/users-sources/access-control/initial_permissions.mdx
@ -43,18 +43,15 @@ To create a new set of initial permissions and apply them to either a single use
 2. [Create a new role](../roles/manage_roles.md): navigate to **Directory** > **Roles** and click **Create**.
 3. [Create a new group](../groups/manage_groups.mdx): navigate to **Directory** > **Groups** and click **Create**. After creating the group:
    - [assign the new role to the group](../groups/manage_groups.mdx#assign-a-role-to-a-group)
    - [add any members](../user/user_basic_operations.md#add-a-user-to-a-group) that require the initial permissions. You can add already existing users, or [create new users](../user/user_basic_operations.md#create-a-user).
 4. Create an initial permissions object: navigate to **Directory** > **Initial Permissions** and click **Create**. Configure the following settings:
    - **Name**: Provide a descriptive name for the new initial permissions object.
    - **Role**: Select the role to which you want to apply initial permissions. When a member of a group with this assigned role creates an object, initial permissions will be applied to that object.
    - **Mode**: select whether you want to attach the initial permission to a _role_ or to a _single user_.
        - **Role**: select this to allow everyone with that role (i.e. everyone in a group to which this role is assigned) to be able to see each others' objects.
        - **User**: select this to apply the initial permissions _only_ to a user
--- a/website/docs/users-sources/sources/directory-sync/active-directory/index.md
+++ b/website/docs/users-sources/sources/directory-sync/active-directory/index.md
@ -48,7 +48,6 @@ To support the integration of authentik with Active Directory, you will need to
 4. Provide a name, slug, and the following required configurations:
    Under **Connection Settings**:
    - **Server URI**: `ldap://ad.company`
    :::note
@ -56,18 +55,15 @@ To support the integration of authentik with Active Directory, you will need to
    Multiple servers can be specified by separating URIs with a comma (e.g. `ldap://dc1.ad.company,ldap://dc2.ad.company`). If a DNS entry with multiple records is used, authentik will select a random entry when first connecting.
    :::
    - **Bind CN**: `<service account>@ad.company`
    - **Bind Password**: the password of the service account created in the previous section.
    - **Base DN**: the base DN which you want authentik to sync.
    Under **LDAP Attribute Mapping**:
    - **User Property Mappings**: select all Mappings which start with "authentik default LDAP" and "authentik default Active Directory"
    - **Group Property Mappings**: select "authentik default LDAP Mapping: Name"
    Under **Additional Settings** _(optional)_ configurations that may need to be adjusted based on the setup of your domain:
    - **Group**: if enabled, all synchronized groups will be given this group as a parent.
    - **Addition User/Group DN**: additional DN which is _prepended_ to your Base DN configured above, to limit the scope of synchronization for Users and Groups.
    - **User object filter**: which objects should be considered users (e.g. `(objectClass=user)`). For Active Directory set it to `(&(objectClass=user)(!(objectClass=computer)))` to exclude Computer accounts.
--- a/website/docs/users-sources/sources/protocols/ldap/index.md
+++ b/website/docs/users-sources/sources/protocols/ldap/index.md
@ -24,7 +24,6 @@ To create or edit a source in authentik, open the Admin interface and navigate t
 #### Connection settings
 - **Server URI**: URI to your LDAP server/Domain Controller. You can specify multiple servers by separating URIs with a comma, like `ldap://ldap1.company,ldap://ldap2.company`. When using a DNS entry with multiple Records, authentik will select a random entry when first connecting.
    - **Enable StartTLS**: Enables StartTLS functionality. To use LDAPS instead, use port `636`.
    - **Use Server URI for SNI verification**: this setting is required for servers using TLS 1.3+
--- a/website/integrations/services/1password/index.mdx
+++ b/website/integrations/services/1password/index.mdx
@ -29,7 +29,6 @@ To support the integration of 1Password with authentik, you need to create an ap
 1. Log in to authentik as an administrator, and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
@ -89,7 +88,6 @@ To support automated user provisioning, you need to create a group, and a SCIM p
 1. Log in to authentik as an admin, and open the authentik Admin interface.
 2. Navigate to **Applications** > **Providers** and click **Create**
    - **Choose a Provider type**: select **SCIM** as the provider type.
    - **Configure the Provider**: provide a name (e.g. `1password-scim`), and the following required configurations.
        - Set the **URL** to `scim-bridge.company`.
--- a/website/integrations/services/actual-budget/index.mdx
+++ b/website/integrations/services/actual-budget/index.mdx
@ -32,7 +32,6 @@ To support the integration of Actual Budget with authentik, you need to create a
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
--- a/website/integrations/services/apple/index.md
+++ b/website/integrations/services/apple/index.md
@ -97,7 +97,6 @@ Apple Business Manager requires that we create three scope mappings for our OIDC
 1. From the authentik Admin interface, navigate to **Customization -> Property Mappings** and click **Create**.
 2. Select **Scope Mapping** and use the following values:
    - **Name**: `Apple Business Manager profile`
    - **Scope Name**: `profile`
    - **Description**: _[optional]_ Set to inform user
@ -122,7 +121,6 @@ Apple Business Manager requires that we create three scope mappings for our OIDC
 1. On the **Property Mappings** list, click **Create**.
 2. Select **Scope Mapping** and use the following values:
    - **Name**: `Apple Business Manager ssf.read`
    - **Scope Name**: `ssf.read`
    - **Description**: _[optional]_ Set to inform user
@ -135,7 +133,6 @@ Apple Business Manager requires that we create three scope mappings for our OIDC
 1. On the **Property Mappings** list, click **Create**.
 2. Select **Scope Mapping** and use the following values:
    - **Name**: `Apple Business Manager ssf.manage`
    - **Scope Name**: `ssf.manage`
    - **Description**: _[optional]_ Set to inform user
@ -154,7 +151,6 @@ You can either generate a new key or import an existing one.
 1. From the Admin interface, navigate to **System -> Certificates**
 2. Click **Generate**, select **Signing Key**, and use the following values:
    - **Common Name**: `apple-business-manager`
 3. Click **Generate** and confirm that the new key is listed in the **Certificates** overview.
@ -165,7 +161,6 @@ Alternatively, you can use an existing key if you have one available.
 1. From the Admin interface, navigate to **System -> Certificates**.
 2. Click **Create** and use the following values:
    - **Name**: `apple-business-manager`
    - **Certificate**: Paste in your certificate
    - **Private Key**: _[optional]_ Pastein your private key
@ -184,7 +179,6 @@ You can always find your provider's generated values by navigating to **Provider
 1. From the authentik Admin interface, navigate to **Applications -> Providers** and click **Create**.
 2. For the **Provider Type** select **OAuth2/OpenID Provider**, click **Next**, and use the following values.
    - **Name**: `Apple Business Manager`
    - **Authorization flow**: Select a flow that suits your organization's requirements.
    - **Protocol settings**:
@ -214,7 +208,6 @@ While the OIDC provider handles the authentication flow, you'll need to create a
 1. From the authentik Admin interface, navigate to **Applications -> Providers** and click **Create**.
 2. Select **Shared Signals Framework Provider** and use the following values.
   Any fields that can be left as their default values are omitted from the list.
    - **Name** `Apple Business Manager SSF`
    - **Signing Key**: `[Your Signing Key]`
    - **Event Retention**: `days=30`
@ -244,7 +237,6 @@ The authentik user you will use to test the stream connection to Apple Business
 ### 6. Create application
 1. From the authentik Admin interface, navigate to **Applications -> Applications**, click **Create**, and use the following values:
    - **Name**: Apple Business Manager
    - **Slug**: `abm`
    - **Provider**: `Apple Business Manager`
@ -260,9 +252,7 @@ The authentik user you will use to test the stream connection to Apple Business
 Before proceeding to Apple Business Manager, let's go over the values you've copied from authentik.
 1. Verify that you have all the necessary values in your text editor:
    - From the `Apple Business Manager` provider:
        - [x] `Client ID`
        - [x] `Client Secret`
        - [x] `OpenID Configuration URL`
@ -271,7 +261,6 @@ Before proceeding to Apple Business Manager, let's go over the values you've cop
        - [x] `SSF Config URL`
 2. Modify URLs to include the default HTTPS port. Apple requires the port number to be included when providing the URLs in the configuration.
    - Add port 443 to the SSF Config URL that you copied from the `Apple Business Manager SSF` provider:
        ```diff
@ -349,7 +338,6 @@ You're now ready to configure federated authentication with authentik.
 3. To define how you want users to sign in, choose **Custom Identity Provider** and click **Continue**.
 4. On the **Set up your Custom Identity Provider** page, use the following values:
    - **Name**: `authentik`
    - **Client ID**: _`Your Client ID`_
    - **Client Secret**: _`Your Client Secret`_
@ -387,7 +375,6 @@ When creating test users, ensure that their role is set to Standard (or Student)
 1. From the [Apple Business Manager dashboard](https://business.apple.com/), click **Users** on the sidebar, then click **Add**.
 2. In the **Add New User** dialog, use the following values:
    - **First Name**: `Jessie`
    - **Last Name**: `Lorem`
    - **Email**: `jessie@authentik.company`
--- a/website/integrations/services/argocd/index.md
+++ b/website/integrations/services/argocd/index.md
@ -29,7 +29,6 @@ To support the integration of ArgoCD with authentik, you need to create an appli
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
--- a/website/integrations/services/atlassian/index.mdx
+++ b/website/integrations/services/atlassian/index.mdx
@ -40,7 +40,6 @@ To support the integration of Atlassian Cloud with authentik, you need to create
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
        - Note the application slug, it will be required when filling out the **Identity provider SSO URL** later on.
    - **Choose a Provider type**: select **SAML Provider** as the provider type.
--- a/website/integrations/services/aws/index.mdx
+++ b/website/integrations/services/aws/index.mdx
@ -40,9 +40,7 @@ To support the integration of AWS with authentik using the classic IAM method, y
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create two **SAML Provider Property Mapping**s with the following settings:
    - **Role Mapping:**
        - **Name**: Choose a descriptive name
        - **SAML Attribute Name**: `https://aws.amazon.com/SAML/Attributes/Role`
        - **Friendly Name**: Leave blank
--- a/website/integrations/services/beszel/index.mdx
+++ b/website/integrations/services/beszel/index.mdx
@ -72,7 +72,6 @@ Beszel uses PocketBase as its server backend, and when you install Beszel you au
 ## User Creation
 1. Manually Creating Users:
    - Users are not created automatically when logging in with authentik. The owner must manually create each user in Beszel.
    - To create users, go to the System Settings where you configured OpenID Connect.
    - The URL for user creation is: `https://beszel.company>/\_/#/collections?collection=pb_users_auth`.
--- a/website/integrations/services/bitwarden/index.mdx
+++ b/website/integrations/services/bitwarden/index.mdx
@ -46,10 +46,8 @@ Bitwarden requires a first and last name for every user. However, authentik, by
 1. Log in to authentik as an administrator, and open the authentik Admin interface.
 2. Navigate to **Customization** > **Property Mappings** and click **Create**.
    - **Select type**: select **Scope Mapping**.
    - **Configure the Scope Mapping**: Provide a descriptive name (e.g. `Bitwarden Profile Scope`), and an optional description.
        - **Scope name**: `profile`
        - **Expression**:
@ -70,7 +68,6 @@ Bitwarden requires a first and last name for every user. However, authentik, by
 1. Log in to authentik as an administrator, and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
@ -90,7 +87,6 @@ Bitwarden requires a first and last name for every user. However, authentik, by
 1. Log in to the [Bitwarden dashboard](https://vault.bitwarden.com/#/login) as an administrator (choose `Accessing: bitwarden.eu` for Bitwarden accounts based in the EU). If you are using a self-hosted Bitwarden, go to `https://bitwarden.company/#/login`.
 2. In the sidebar, navigate to **Admin Console** > **Settings** > **Single sign-on**, and enter the following settings:
    - **Allow SSO authentication**: Select this option.
    - **SSO Identifier**: enter a globally unique SSO identifier (this is not required if using self-hosted Bitwarden, or if you have claimed a domain, see the [Bitwarden Claimed Domains documentation](https://bitwarden.com/help/claimed-domains/)).
    - **Type**: `OIDC`
@ -116,7 +112,6 @@ To support the integration of Bitwarden with authentik, you need to create an ap
 1. Log in to authentik as an administrator, and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later.
    - **Choose a Provider type**: select **SAML Provider** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
--- a/website/integrations/services/bookstack/index.mdx
+++ b/website/integrations/services/bookstack/index.mdx
@ -44,7 +44,6 @@ To support the integration of BookStack with authentik, you need to create an ap
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
--- a/website/integrations/services/budibase/index.md
+++ b/website/integrations/services/budibase/index.md
@ -29,7 +29,6 @@ To support the integration of Budibase with authentik, you need to create an app
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
--- a/website/integrations/services/filerise/index.mdx
+++ b/website/integrations/services/filerise/index.mdx
@ -29,7 +29,6 @@ To support the integration of FileRise with authentik, you need to create an app
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
--- a/website/integrations/services/fleet/index.md
+++ b/website/integrations/services/fleet/index.md
@ -38,11 +38,9 @@ The workflow to configure authentik as a single sign-on for Fleet involves creat
 2. For the **App name** enter `Fleet` and click **Next**.
 3. For the **Provider Type** select **SAML**, click **Next**, and use the following values.
    - **Name**: `Fleet`
    - **Authorization flow**: Select a flow that suits your organization's requirements.
    - **Protocol settings**:
        - **Assertion Consumer Service URL**: `https://fleet.company/api/v1/fleet/sso/callback`
            :::info Requiring an End User License Agreement
@ -63,7 +61,6 @@ The workflow to configure authentik as a single sign-on for Fleet involves creat
        - **Audience**: `https://fleet.company`
        - **Advanced protocol settings**:
          (Any fields that can be left as their default values are omitted from the list below).
            - **Signing Certificate**: Select a certificate enable **Sign assertions** and **Sign responses**.
            - **NameID Property Mapping**: `authentik default SAML Mapping: Email`
@ -90,7 +87,6 @@ With these prerequisites in place, authentik is now configured to act as a singl
 2. In the **Organization settings** tab, click **Single sign-on options**.
 3. Check the box next to **Enable single sign-on** and use the following values:
    - **Identity provider name**: `authentik`
    - **Entity ID**: `authentik`
@ -98,7 +94,6 @@ With these prerequisites in place, authentik is now configured to act as a singl
        Fleet's SSO configuration form will include two fields: **Metadata URL** and **Metadata**.
        Only one of these fields is required, but you must provide at least one of them.
        - If you copied the **Metadata URL** from authentik, paste the URL you copied earlier into the **Metadata URL** field.
        - If you downloaded the metadata file from authentik, paste the contents of the XML file into the **Metadata** field.
@ -115,7 +110,6 @@ To verify that authentik and Fleet are correctly configured, you can test the SS
 1. From the authentik Admin interface, navigate to **Directory -> Users** and click **Create**.
 2. Enter the following details for the test user. All other fields can be left as their default values.
    - **Name**: `Jessie Lorem`
    - **Email**: `jessie@authentik.company`
@ -124,7 +118,6 @@ To verify that authentik and Fleet are correctly configured, you can test the SS
 4. From the Fleet Admin interface, navigate to **Settings -> Users** and click **Add user**.
 5. Enter the following details for the test user. All other fields can be left as their default values.
    - **Full Name**: `Jessie Lorem`
    - **Email**: `jessie@authentik.company`
    - **Authentication**: `Single sign-on`
--- a/website/integrations/services/frappe/index.md
+++ b/website/integrations/services/frappe/index.md
@ -49,29 +49,23 @@ To support the integration of Frappe with authentik, you need to create an appli
 ## Frappe configuration
 1. **Navigate to Integrations**
    - From the Frappe main menu, go to **Integrations** and then select **Social Login Key**.
 2. **Add a New Social Login Key**
    - Click the black **+ New** button in the top-right corner.
      ![](./frappe1.png)
 3. **Enter the Required Settings**
    - **Client Credentials**
        - **Enable Social Login**: Turn the toggle to the **on** position.
        - **Client ID**: Enter the Client ID from the authentik wizard.
        - **Client Secret**: Enter the Client Secret from the authentik wizard.
    - **Configuration**
        - **Sign-ups**: Set to **Allow**.
          ![](./frappe2.png)
    - **Identity Details**
        - **Base URL**: `https://authentik.company/`
        - **Client URLs**:
            - **Authorize URL**: `/application/o/authorize/`
--- a/website/integrations/services/gitea/index.md
+++ b/website/integrations/services/gitea/index.md
@ -91,7 +91,6 @@ You can add users to the groups at any point.
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **Scope Mapping** with the following configurations:
    - **Name**: Choose a descriptive name (.e.g `authentik gitea OAuth Mapping: OpenID 'gitea'`)
    - **Scope name**: `gitea`
    - **Expression**:
@ -116,7 +115,6 @@ You can add users to the groups at any point.
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Providers** and click on the **Edit** icon of the Gitea provider.
 3. Under **Advanced protocol settings** > **Scopes** add the following scopes to **Selected Scopes**:
    - `authentik default OAuth Mapping: OpenID 'email'`
    - `authentik default OAuth Mapping: OpenID 'profile'`
    - `authentik default OAuth Mapping: OpenID 'openid'`
--- a/website/integrations/services/harbor/index.md
+++ b/website/integrations/services/harbor/index.md
@ -33,7 +33,6 @@ To support the integration of Harbor with authentik, you need to create an appli
 - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
 - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
 - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
    - **Protocol Settings**:
        - **Redirect URI**:
            - Strict: `https://harbor.company/c/oidc/callback/`.
@ -52,7 +51,6 @@ To support the integration of authentik with Harbor, you need to configure OIDC
 1. Log in to the Harbor dashboard as an admin.
 2. Navigate to **Configuration** and select the **Authentication** tab.
 3. In the **Auth Mode** dropdown, select **OIDC** and provide the following required configurations.
    - **OIDC Provider Name**: `authentik`
    - **OIDC Endpoint**: `https://authentik.company/application/o/harbor`
    - **OIDC Client ID**: client ID from authentik
--- a/website/integrations/services/home-assistant/index.md
+++ b/website/integrations/services/home-assistant/index.md
@ -34,7 +34,6 @@ This documentation lists only the settings that you need to change from their de
 ## authentik configuration
 1. Create a **Proxy Provider** under **Applications** > **Providers** using the following settings:
    - **Name**: Home Assistant
    - **Authentication flow**: default-authentication-flow
    - **Authorization flow**: default-provider-authorization-explicit-consent
@ -42,7 +41,6 @@ This documentation lists only the settings that you need to change from their de
    - **Internal Host**: `http://hass.company:8123`
 2. Create an **Application** under **Applications** > **Applications** using the following settings:
    - **Name**: Home Assistant
    - **Slug**: homeassistant
    - **Provider**: Home Assistant (the provider you created in step 1)
--- a/website/integrations/services/immich/index.md
+++ b/website/integrations/services/immich/index.md
@ -29,7 +29,6 @@ To support the integration of Immich with authentik, you need to create an appli
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
--- a/website/integrations/services/jellyfin/index.md
+++ b/website/integrations/services/jellyfin/index.md
@ -131,7 +131,6 @@ https://raw.githubusercontent.com/9p4/jellyfin-plugin-sso/manifest-release/manif
 6. Go back to the plugin tab.
 7. Click the SSO-Auth plugin.
 8. Fill out the Add / Update Provider Configuration:
    - Name of OID Provider: `authentik`
    - OID Endpoint: `https://authentik.company/application/o/jellyfin/.well-known/openid-configuration`
    - OpenID Client ID: ClientID from provider
@ -140,7 +139,6 @@ https://raw.githubusercontent.com/9p4/jellyfin-plugin-sso/manifest-release/manif
    - Enable Authorization by Plugin: **CHECKED**
 9. If you want to use the role claim then also fill out these:
    - Roles: roles to look for when authorizing access (should be done through authentik instead)
    - Admin Roles: roles to look for when giving administrator privilege
    - Role Claim: `groups`
--- a/website/integrations/services/knocknoc/index.md
+++ b/website/integrations/services/knocknoc/index.md
@ -32,7 +32,6 @@ To support the integration of Knocknoc with authentik, you need to create an app
 - **Select type**: Select **SAML Provider Property Mapping** as the type and click **Next**.
 - **Create SAML Provider Property Mapping**:
    - **Name**: provide a descriptive name (e.g. `SAML to Knocknoc realName`)
    - **SAML Attribute Name**: `realName`
    - **Expression**:
@ -46,7 +45,6 @@ To support the integration of Knocknoc with authentik, you need to create an app
 - **Select type**: Select **SAML Provider Property Mapping** as the type and click **Next**.
 - **Create SAML Provider Property Mapping**:
    - **Name**: provide a descriptive name (e.g. `SAML to Knocknoc groups`)
    - **SAML Attribute Name**: `groups`
    - **Expression**:
@ -57,7 +55,6 @@ To support the integration of Knocknoc with authentik, you need to create an app
 - **Select type**: Select **SAML Provider Property Mapping** as the type and click **Next**.
 - **Create SAML Provider Property Mapping**:
    - **Name**: provide a descriptive name (e.g. `SAML to Knocknoc session duration`)
    - **SAML Attribute Name**: `sessionDuration`
    - **Expression**:
@ -97,7 +94,6 @@ This example will set session duration at 540 minutes. Change the value to match
 1. Log in to Knocknoc and navigate to **Admin** > **Settings** > **SAML**
 2. Set the following configuration:
    - **Metadata URL**: **SAML Metadata URL** copied from the authentik provider.
    - **Public URL**: `https://knocknoc.company`
    - **Key file**: select a key file.
--- a/website/integrations/services/komodo/index.mdx
+++ b/website/integrations/services/komodo/index.mdx
@ -29,7 +29,6 @@ To support the integration of Komodo with authentik, you need to create an appli
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
--- a/website/integrations/services/mautic/index.md
+++ b/website/integrations/services/mautic/index.md
@ -172,7 +172,6 @@ grep "RSA PRIVATE KEY" "Mautic Self-signed Certificate_private_key.pem"
    This will prompt you to enter values for the certificate which you can choose freely.
    For some, you can use authentik's generated values:
    - **Organization Name**: `authentik`
    - **Organizational Unit Name**: `Self-signed`
    - **Common Name**: `Mautic Self-signed Certificate`
--- a/website/integrations/services/miniflux/index.md
+++ b/website/integrations/services/miniflux/index.md
@ -29,7 +29,6 @@ To support the integration of Miniflux with authentik, you need to create an app
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name (e.g., `Miniflux`), an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: Select OAuth2/OpenID Provider as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later. - Set a `Strict` redirect URI to `https://miniflux.company/oauth2/oidc/callback` - Select any available signing key.
--- a/website/integrations/services/nextcloud/index.mdx
+++ b/website/integrations/services/nextcloud/index.mdx
@ -76,10 +76,8 @@ If you want to control user storage and designate Nextcloud administrators, you
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Customization** > **Property mappings** and click **Create**.
    - **Select type**: select **Scope mapping**.
    - **Create Scope Mapping**:
        - **Name**: `Nextcloud Profile`
        - **Scope name**: `nextcloud`
        - **Expression**:
@ -118,7 +116,6 @@ To connect to an existing Nextcloud user, set the `nextcloud_user_id` attribute
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
@ -141,14 +138,12 @@ Depending on your Nextcloud configuration, you may need to use `https://nextclou
 1. In Nextcloud, ensure that the **OpenID Connect user backend** app is installed.
 2. Log in to Nextcloud as an administrator and navigate to **Settings** > **OpenID Connect**.
 3. Click the **+** button and enter the following settings:
    - **Identifier**: `authentik`
    - **Client ID**: Client ID from authentik
    - **Client secret**: Client secret from authentik
    - **Discovery endpoint**: `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`
    - **Scope**: `email nextcloud openid`
    - Under **Attribute mappings**:
        - **User ID mapping**: `sub` (or `user_id` for existing users)
        - **Display name mapping**: `name`
        - **Email mapping**: `email`
@ -207,7 +202,6 @@ If you require [server side encryption](https://docs.nextcloud.com/server/latest
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
        - Note the application slug because it will be required later.
    - **Choose a Provider type**: select **SAML Provider** as the provider type.
@ -247,10 +241,8 @@ To configure group quotas you will need to create groups in authentik for each q
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Customization** > **Property mappings** and click **Create**.
    - **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
    - **Create SAML Provider Property Mapping**:
        - **Name**: Provide a name for the property mapping.
        - **SAML Attribute Name**: `nextcloud_quota`
        - **Expression**:
@ -279,10 +271,8 @@ To grant Nextcloud admin access to authentik users you will need to create a pro
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Customization** > **Property mappings** and click **Create**.
    - **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
    - **Create SAML Provider Property Mapping**:
        - **Name**: Provide a name for the property mapping.
        - **SAML Attribute Name**: `http://schemas.xmlsoap.org/claims/Group`
        - **Expression**:
@ -304,13 +294,11 @@ To grant Nextcloud admin access to authentik users you will need to create a pro
 1. In Nextcloud, ensure that the **SSO & SAML Authentication** app is installed.
 2. Log in to Nextcloud as an administrator, navigate to **Settings** > **SSO & SAML Authentication**, and configure the following settings:
    - **Attribute to map the UID to**: `http://schemas.goauthentik.io/2021/02/saml/uid`
    :::danger
    Using the UID attribute as username is **not recommended** because of its mutable nature. If you map to the username instead, [disable username changing](https://docs.goauthentik.io/docs/sys-mgmt/settings#allow-users-to-change-username) and set the UID attribute to `http://schemas.goauthentik.io/2021/02/saml/username`.
    :::
    - **Optional display name**: `authentik`
    - **Identifier of the IdP entity**: `https://authentik.company`
    - **URL target for authentication requests**: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
@ -347,7 +335,6 @@ This documentation lists only the settings that you need to change from their de
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **LDAP** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name) and the bind flow to use for this provider
@ -359,7 +346,6 @@ This documentation lists only the settings that you need to change from their de
 1. Log in to authentik as an admin, and open the authentik Admin interface.
 2. Navigate to **Applications** > **Outposts** and click **Create**.
    - **Name**: provide a suitable name for the outpost.
    - **Type**: `LDAP`
    - Under applications, add the newly created Nextcloud application to **Selected Applications**.
@ -371,9 +357,7 @@ This documentation lists only the settings that you need to change from their de
 1. In Nextcloud, ensure that the **LDAP user and group backend** app is installed.
 2. Log in to Nextcloud as an administrator.
 3. Navigate to **Settings** > **LDAP user and group backend** and configure the following settings:
    - On the **Server** tab:
        - Click the **+** icon and enter the following settings:
            - **Host**: enter the hostname/IP address of the authentik LDAP outpost preceded by `ldap://` or `ldaps://`. If using LDAPS you will also need to specify the certificate that is being used.
            - **Port**: `389` or `636` for secure LDAP.
@ -381,11 +365,9 @@ This documentation lists only the settings that you need to change from their de
            - Under **Base DN**, enter the **Search base** of the authentik LDAP provider.
    - On the **Users** tab:
        - Set **Only these object classes** to `Users`.
    - On the **LDAP/AD integration** tab:
        - Uncheck **LDAP/AD Username**.
        - Set **Other Attributes** to `cn`.
        - Click **Expert** in the top right corner and enter these settings:
@ -405,7 +387,6 @@ This documentation lists only the settings that you need to change from their de
                - **Email Field**: `mailPrimaryAddress`
    - On the **Groups** tab:
        - Set **Only these object classes** to `groups`.
        - Select the authentik groups that require Nextcloud access.
--- a/website/integrations/services/observium/index.md
+++ b/website/integrations/services/observium/index.md
@ -85,7 +85,6 @@ To support the integration of Observium with authentik, you need to create an ap
    ```
    Meaning of variables:
    - `OIDCRedirectURI` is the same URI that is set for the authentik Provider.
    - The `OIDCCryptoPassphrase` directive should be set to a random string, for more information, see [the official documentation](https://github.com/OpenIDC/mod_auth_openidc/blob/9c0909af71eb52283f4d3797e55d1efef64966f2/auth_openidc.conf#L15).
    - `OIDCXForwardedHeaders` is necessary if your instance is behind a reverse proxy. If omitted, the module does not accept information from these headers.
--- a/website/integrations/services/omni/index.md
+++ b/website/integrations/services/omni/index.md
@ -44,7 +44,6 @@ To support the integration of Omni with authentik, you need to create a property
 - **Choose a Provider type**: select SAML Provider as the provider type.
 - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
    - **ACS URL**: `https://omni.company/saml/acs`
    - **Service Provider Binding**: `Post`
    - **Audience**: `https://omni.company/saml/metadata`
--- a/website/integrations/services/openproject/index.md
+++ b/website/integrations/services/openproject/index.md
@ -34,7 +34,6 @@ OpenProject requires a first and last name for each user. By default authentik o
 - **Select type**: select **Scope Mapping** as the property mapping type.
 - **Configure the Scope Mapping**: Provide a descriptive name (e.g. `Open Project Profile Scope`), and an optional description
    - **Scope name**: `profile`
    - **Expression**:
--- a/website/integrations/services/owncloud/index.md
+++ b/website/integrations/services/owncloud/index.md
@ -35,45 +35,36 @@ The configuration for each application is nearly identical, except for the **Cli
 - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
 - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
 - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
    - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
    - **Protocol settings:**
        **Web UI:**
        - **Signing Key**: Select any available signing key.
        - **Client ID**: Use the value generated by authentik.
        - **Client Secret**: Use the value generated by authentik.
        - **Redirect URIs**:
            - Strict: `https://owncloud.company/apps/openidconnect/redirect`
        **Desktop Application**
        - **Signing Key**: Select any available signing key.
        - **Client ID**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-id).
        - **Client Secret**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-secret).
        - **Redirect URIs**:
            - Regex: `http://localhost:\d+`
            - Regex: `http://127.0.0.1:\d+`
        **Android Application**
        - **Signing Key**: Select any available signing key.
        - **Client ID**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-id).
        - **Client Secret**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-secret).
        - **Redirect URI**:
            - Strict: `oc://android.owncloud.com`
        **iOS Application**
        - **Signing Key**: Select any available signing key.
        - **Client ID**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-id).
        - **Client Secret**: Use the predefined value found in the [ownCloud admin manual](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#client-secret).
        - **Redirect URI**:
            - Strict: `oc://ios.owncloud.com`
    - **Advanced protocol settings:**
@ -96,7 +87,6 @@ For other reverse proxies, consult the provider-specific documentation for guida
 To enable OIDC functionality in ownCloud, follow these steps:
 1.  **Navigate to the Market**:
    - Access the Market by visiting:
      `https://owncloud.company/apps/market/#/`
      or by clicking the **Hamburger Menu** in the top-left corner of any page in your ownCloud deployment and selecting **Market**.
@ -117,7 +107,6 @@ To enable OIDC functionality in ownCloud, follow these steps:
    :::
 3.  **Create the `oidc.config.php` File**:
    - Place a file named `oidc.config.php` in the same directory as the existing `config.php` file in your ownCloud installation.
    - Files named with this pattern are treated as "override" files, allowing ownCloud to override matching configuration keys in the `config.php` file.
@ -202,7 +191,6 @@ For more information on other available configuration options, refer to the OIDC
 You have successfully configured OIDC authentication through authentik. Here's what you can expect next:
 - **Login Behavior:**
    - If the `autoRedirectOnLoginPage` option is **set to false**, navigating to `https://owncloud.company` will present the standard login page, which now includes an "Log in with authentik" button (or any custom text defined in the `loginButtonName` field).
    - If the `autoRedirectOnLoginPage` option is **set to true**, users will be automatically redirected to the authentik login page when attempting to access `https://owncloud.company`.
--- a/website/integrations/services/pangolin/index.mdx
+++ b/website/integrations/services/pangolin/index.mdx
@ -29,7 +29,6 @@ To support the integration of Pangolin with authentik, you need to create an app
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
@ -44,7 +43,6 @@ To support the integration of Pangolin with authentik, you need to create an app
 1. Log in to Pangolin as an administrator.
 2. Navigate to **Server Admin** > **Identity Providers**, and click **Add Identity Provider**.
    - Under **General Information**:
        - **Name**: `authentik`
        - **Auto Provision Users** _(optional)_: enable this option for authentik users to be automatically provisioned in Pangolin on first login.
--- a/website/integrations/services/paperless-ngx/index.mdx
+++ b/website/integrations/services/paperless-ngx/index.mdx
@ -29,7 +29,6 @@ To support the integration of Paperless-ngx with authentik, you need to create a
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
--- a/website/integrations/services/pgadmin/index.md
+++ b/website/integrations/services/pgadmin/index.md
@ -33,7 +33,6 @@ To support the integration of pgAdmin with authentik, you need to create an appl
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
@ -51,7 +50,6 @@ To configure OAuth in pgAdmin, you can either use the `config_local.py` file or
 ### Using `config_local.py`
 1. Locate or create the `config_local.py` file in the `/pgadmin4/` directory.
    - If the file does not exist, create it manually.
 2. Add the following configuration settings to `config_local.py`:
--- a/website/integrations/services/phpipam/index.md
+++ b/website/integrations/services/phpipam/index.md
@ -39,34 +39,29 @@ You need to ensure users and groups exist before we proceed with the next steps.
 The groups are used for property mappings later to give the user the correct permission level in the application. For this documentation there is an example for each of the 3 main default permission levels and an easy way to visualise the differences between them.
 1. **Create test-user 0**
    - username: test-user0
    - Name: Test User0
    - Email: test-user0@domain.company
    - path: users
 2. **Create test-user 1**
    - username: test-user1
    - Name: Test User1
    - Email: test-user1@domain.company
    - path: users
 3. **Create test-user 2**
    - username: test-user2
    - Name: Test User2
    - Email: test-user2@domain.company
    - path: users
 4. **Create all required groups (under _Directory/Groups_)**
    - admin-permission-group
    - operator-permission-group
    - guest-permission-group
 5. **Assign groups to users for testing**
    - admin-permission-group
        - Select Directory -> Groups
        - Select `admin-permission-group`
@ -91,7 +86,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S
 - Select Create -> SAML Property Mapping -> Next
 1. display_name
    - Name: phpipam-display-name
    - SAML Attribute Name: display_name
    - Expression:
@ -101,7 +95,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S
    ```
 2. email
    - Name: phpipam-email
    - SAML Attribute Name: email
    - Expression:
@ -111,7 +104,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S
    ```
 3. is_admin
    - Name: phpipam-is-admin
    - SAML Attribute Name: is_admin
    - Expression:
@ -121,7 +113,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S
    ```
 4. groups
    - Name: phpipam-groups
    - SAML Attribute Name: groups
    - Expression:
--- a/website/integrations/services/plesk/index.md
+++ b/website/integrations/services/plesk/index.md
@ -47,7 +47,6 @@ To support the integration of Plesk with authentik, you need to create an applic
 ## Plesk configuration
 1. Install the OAuth login extension:
    - Log in to your Plesk installation.
    - Navigate to **Extensions** in the left sidebar.
    - Select **Extensions Catalog**.
@ -55,12 +54,10 @@ To support the integration of Plesk with authentik, you need to create an applic
    - Click **Install** next to the OAuth login extension.
 2. Enable and configure OAuth authentication:
    - After installation, select **Extensions** > **OAuth Login** in the left sidebar.
    - Enable OAuth authentication using the toggle switch in the main configuration panel.
 3. In the same panel, configure these OAuth settings:
    - **Client ID**: Enter the Client ID from your authentik provider
    - **Client Secret**: Enter the Client Secret from your authentik provider
    - **Callback Host**: Enter your Plesk FQDN (example: `https://plesk.company`)
--- a/website/integrations/services/proxmox-ve/index.md
+++ b/website/integrations/services/proxmox-ve/index.md
@ -49,12 +49,10 @@ To support the integration of Proxmox with authentik, you need to create an appl
 1. Log in to the Proxmox VE web interface using an administrative account.
 2. Navigate to authentication source settings.
    - Go to **Datacenter** > **Permissions** > **Realms**.
    - Click **Add** and select **Realm** to open the Add Realm dialog.
 3. Fill out the OpenID Connect settings.
    - In the dialog that appears, fill in the following details:
        - **Issuer URL**: Enter the Issuer URL from authentik (found in your provider's overview tab), e.g., `https://authentik.company/application/o/proxmox/`.
        - **Realm**: Enter a name for this authentication source, such as `authentik`.
@ -69,15 +67,12 @@ To support the integration of Proxmox with authentik, you need to create an appl
    ![Proxmox Add OpenID Connect Server Dialog](proxmox-source.png)
 4. **Save the configuration**.
    - Click **Add** to save the settings.
 5. **Assign permissions**
    - After setting up the authentication source, go to **Permissions** to assign roles and permissions for each user as needed.
 6. **Logging in**
    - Users can select this authentication method from the Proxmox login screen, or if set as default, it will be automatically selected.
    ![Proxmox login page with authentik marked as default login method](proxmox-login.png)
--- a/website/integrations/services/push-security/index.mdx
+++ b/website/integrations/services/push-security/index.mdx
@ -30,10 +30,8 @@ Push Security requires separate first and last names for each user, but authenti
 1. Log in to authentik as an administrator, and open the authentik Admin interface.
 2. Navigate to **Customization** > **Property Mappings** and click **Create**.
    - **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
    - **Configure the SAML Provider Property Mapping**:
        - **Name**: `givenname`
        - **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`
        - **Expression**:
@ -44,10 +42,8 @@ Push Security requires separate first and last names for each user, but authenti
 3. Click **Finish**.
 4. Click **Create** to create the second property mapping.
    - **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
    - **Configure the SAML Provider Property Mapping**:
        - **Name**: `familyname`
        - **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`
        - **Expression**:
@ -62,7 +58,6 @@ Push Security requires separate first and last names for each user, but authenti
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
        - Take note of the application slug as it will be required later on.
    - **Choose a Provider type**: select **SAML Provider** as the provider type.
--- a/website/integrations/services/rocketchat/index.md
+++ b/website/integrations/services/rocketchat/index.md
@ -65,7 +65,6 @@ In Rocket.chat, follow the procedure below:
 ![](./rocketchat6.png)
 5. Scroll down to the new OAuth application, expand the dropdown, and enter the following settings:
    - Enable: Turn the radio button to the _on_ position
    - URL: https://authentik.company/application/o
    - Token Path: /token/
--- a/website/integrations/services/semaphore/index.mdx
+++ b/website/integrations/services/semaphore/index.mdx
@ -31,7 +31,6 @@ To support the integration of Semaphore with authentik, you need to create an ap
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
--- a/website/integrations/services/stripe/index.mdx
+++ b/website/integrations/services/stripe/index.mdx
@ -56,11 +56,9 @@ To support the integration of Stripe with authentik, you need to create a group,
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **SAML Provider** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
        - Set the **ACS URL** to `https://dashboard.stripe.com/login/saml/consume`.
        - Set the **Audience** to `https://dashboard.stripe.com/saml/metadata`.
        - Set the **Service Provider Binding** to `Post`.
@ -86,7 +84,6 @@ To support the integration of Stripe with authentik, you need to create a group,
 3. Click **Add domain**, then input the domain that SSO users will use. For more information, see the [Stripe Proving Domain Owenership documentation](https://docs.stripe.com/get-started/account/sso/other#proving-domain-verification).
 4. Once your domain is verified, click on the 3 dots next to the domain name, and click **Manage SSO Settings**.
 5. Enter the following settings:
    - **Identity Provider URL**: `https://auth.domain.com/application/saml/stripe/sso/binding/redirect/`
    - **Issuer ID**: `authentik`
    - **Identity Provider Certificate**: Paste in the contents of your authentik signing certificate.
--- a/website/integrations/services/tailscale/index.md
+++ b/website/integrations/services/tailscale/index.md
@ -48,7 +48,6 @@ To support the integration of Tailscale with authentik, you need to create an ap
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
--- a/website/integrations/services/uptime-kuma/index.md
+++ b/website/integrations/services/uptime-kuma/index.md
@ -35,7 +35,6 @@ To support the integration of Uptime Kuma with authentik, you need to create an
 - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
 - **Choose a Provider type**: select **Proxy Provider** as the provider type.
 - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
    - Set the **External host** to `https://uptime-kuma.company`.
    - Set the **Internal host** to `http://uptime-kuma:3001` where `uptime-kuma:3001` is the hostname and port of your Uptime Kuma container.
    - Under **Advanced protocol settings**, set **Unauthenticated Paths** to the following to allow unauthenticated access to the public status page:
--- a/website/integrations/services/vmware-vcenter/index.md
+++ b/website/integrations/services/vmware-vcenter/index.md
@ -49,7 +49,6 @@ To support the integration of vCenter with authentik, you need to create an appl
 2. Click **Change Provider** in the top-right corner, and then select **Okta** from the drop-down list.
 3. In the wizard, click **Run Prechecks**, select the confirmation box, and then click **Next**
    - Enter the **Directory Name**. For example `authentik` or any other name.
    - Add a **Domain Name**. For example `authentik.company`.
    - Click on the Plus (+) sign to show the default domain name.
@ -57,7 +56,6 @@ To support the integration of vCenter with authentik, you need to create an appl
 4. Click **Next**.
 5. On the OpenID Connect page, enter the following values:
    - Set **Identity Provider Name** to `authentik`.
    - Set **Client Identifier** to the client ID from authentik.
    - Set **Shared secret** to the client secret from authentik.
@ -66,14 +64,12 @@ To support the integration of vCenter with authentik, you need to create an appl
 6. Click **Next**, and then **Finish**.
 7. On the **Single Sign On -> Configuration** page, in the **User Provisioning** area, take the following steps:
    - Copy the **Tenant URL** and save to a safe place.
    - Click on **Generate** to generate a SCIM token.
    - Click **Generate** in the newly opened modal box.
    - Copy the token and save to a safe place.
 8. Return to the authentik Admin interface.
    - Create a SCIM provider with the name `vcenter-scim`.
    - Paste the Tenant URL into **URL** field for the provider.
    - Paste the token you saved into the **Token** field.
@ -84,7 +80,6 @@ To support the integration of vCenter with authentik, you need to create an appl
    - Navigate to the provider and trigger a sync.
 9. Return to vCenter.
    - Navigate to **Administration -> Access Control -> Global Permissions**.
    - Click **Add**.
    - Select the Domain created above from the dropdown.
--- a/website/integrations/services/wazuh/index.mdx
+++ b/website/integrations/services/wazuh/index.mdx
@ -38,7 +38,6 @@ To support the integration of Wazuh with authentik, you need to create a group,
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **SAML Provider Property Mapping** with the following settings:
    - **Name**: Choose a descriptive name
    - **SAML Attribute Name**: `Roles`
    - **Friendly Name**: Leave blank
@ -192,7 +191,6 @@ And the `metadata_file`, `kibana_url`, and `exchange_key` parameters in the `sam
 2. On the Wazuh dashboard click the upper-left menu icon ☰ to open the menu, go to **Server management** -> **Security** -> **Roles mapping**
 3. Click **Create Role mapping** and configure the following parameters:
    - **Role Name**: set a name for the role mapping (e.g. authentik_admins)
    - **Roles**: select a role (e.g.`administrator`)
    - **Custom rules**: Click **Add new rule** and set:
--- a/website/integrations/services/xcreds/index.mdx
+++ b/website/integrations/services/xcreds/index.mdx
@ -22,7 +22,6 @@ To support the integration of XCreds with authentik, you need to create an appli
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
@ -47,7 +46,6 @@ After XCreds is installed on a target Mac you will need to configure it by creat
 [ProfileCreator](https://github.com/ProfileCreator/ProfileCreator) is an open source macOS application used to create configuration policies. It is required to create a configuration policy for XCreds.
 1. Open the **ProfileCreator** application and click on the `+` icon in the top left corner to create a new configuration policy:
    - Under **General** provide a descriptive Payload Display Name, Payload Description, and Payload Organization.
 2. Now you need to add a XCreds payload to the configuration policy. Click on the **Application Managed Preferences** icon in the left hand column that looks like an `A` (third icon from the left, in the left hand column).
--- a/website/integrations/template/service.md
+++ b/website/integrations/template/service.md
@ -31,7 +31,6 @@ _Any specific info about this integration can go here._
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
        - _If there are any specific settings required, list them here. Refer to the [ownCloud integration documentation](https://github.com/goauthentik/authentik/blob/main/website/integrations/services/owncloud/index.md) for a complex requirements example._
    - **Choose a Provider type**: _If there is a specific provider type required, state that here._
--- a/website/package-lock.json
+++ b/website/package-lock.json
@ -19,7 +19,6 @@
                "@goauthentik/docusaurus-config": "^1.1.0",
                "@goauthentik/tsconfig": "^1.0.4",
                "@mdx-js/react": "^3.1.0",
                "@swc/html-linux-x64-gnu": "1.12.5",
                "clsx": "^2.1.1",
                "docusaurus-plugin-openapi-docs": "^4.4.0",
                "docusaurus-theme-openapi-docs": "^4.4.0",
@ -53,7 +52,7 @@
                "fast-glob": "^3.3.3",
                "netlify-plugin-cache": "^1.0.3",
                "npm-run-all": "^4.1.5",
-                "prettier": "^3.5.3",
+                "prettier": "^3.6.0",
                "prettier-plugin-packagejson": "^2.5.15",
                "typescript": "^5.8.3",
                "typescript-eslint": "^8.34.1"
@ -22266,9 +22265,9 @@
            }
        },
        "node_modules/prettier": {
-            "version": "3.5.3",
+            "version": "3.6.0",
-            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.5.3.tgz",
+            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.6.0.tgz",
-            "integrity": "sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==",
+            "integrity": "sha512-ujSB9uXHJKzM/2GBuE0hBOUgC77CN3Bnpqa+g80bkv3T3A93wL/xlzDATHhnhkzifz/UE2SNOvmbTz5hSkDlHw==",
            "dev": true,
            "license": "MIT",
            "bin": {
--- a/website/package.json
+++ b/website/package.json
@ -69,7 +69,7 @@
        "fast-glob": "^3.3.3",
        "netlify-plugin-cache": "^1.0.3",
        "npm-run-all": "^4.1.5",
-        "prettier": "^3.5.3",
+        "prettier": "^3.6.0",
        "prettier-plugin-packagejson": "^2.5.15",
        "typescript": "^5.8.3",
        "typescript-eslint": "^8.34.1"