website/integrations-all: convert authentik configuration to wizard (#13144)
* init * 6 more * tana... * quick reformat * welp only time for one change * wip * wip * wip * wip * wip * wip * wip * wip * Revert "wip" This reverts commit e71f0d22e3f093350e8d12eaad5e5c0f9d38253c. * wip * wip * wip * wip * wip * wip * wip * wip * wip * a
This commit is contained in:
Dominic R
@ -19,25 +19,40 @@ The following placeholders are used in this guide:
|
||||
- `GitHub Users` is an authentik group used for holding GitHub users.
|
||||
- `GitHub Admins` is an authentik group used for indicating GitHub administrators.
|
||||
|
||||
First, create the two groups, in authentik, go to _Groups_, click _Create_ and put in `GitHub Users`, or your chosen user group name. Repeat this step with your Admin group as well.
|
||||
|
||||
Create a SAML provider with the following parameters:
|
||||
|
||||
- ACS URL: `https://github.company/saml/consume`
|
||||
- Audience: `https://github.company`
|
||||
- Issuer: `https://github.company`
|
||||
- Binding: `Post`
|
||||
|
||||
Under _Advanced protocol settings_, set a certificate for _Signing Certificate_.
|
||||
|
||||
Once the provider is created, it is advised to download the signing certificate as you will need it later.
|
||||
|
||||
Create a matching application for your SAML provider.
|
||||
|
||||
:::note
|
||||
This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
|
||||
:::
|
||||
|
||||
## authentik configuration
|
||||
|
||||
To support the integration of GitHub Enterprise Server with authentik, you need to create an application/provider pair in authentik.
|
||||
|
||||
:::note
|
||||
In order to use GitHub Enterprise Server, SCIM must also be set up.
|
||||
:::
|
||||
|
||||
### Create an application and provider in authentik
|
||||
|
||||
1. Log in to authentik as an admin, and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can create only an application, without a provider, by clicking **Create**.)
|
||||
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to <kbd>https://<em>github.company</em>/saml/consume</kbd>.
|
||||
- Set the **Audience** and **Issuer** to <kbd>https://<em>github.company</em></kbd>.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, select an available signing certificate. It is advised to download this certificate as it will be required later. It can be found under **System** > **Certificates** in the Admin Interface.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
3. Click **Submit** to save the new application and provider.
|
||||
|
||||
### Create the users and administrator groups
|
||||
|
||||
In the authentik Admin Interface, navigate to **Directory** > **Groups** and click **Create**. Set the group's name, any other desired settings, and click **Create**. Repeat this step twice: Once for the users group and once for the administrator group.
|
||||
|
||||
After creating the groups, select a group, navigate to the **Users** tab, and manage its members by using the **Add existing user** and **Create user** buttons as needed.
|
||||
|
||||
## SAML Configuration
|
||||
|
||||
If you are planning to use SCIM, (available from GHES 3.14.0) you should create a first admin user on your instance and go to your personal access tokens at `https://github.company/settings/tokens/new`, click _Generate new token_ and click _Generate new token (classic)_. Your token should have a descriptive name and ideally, no expiration date. For permission scopes, you need to select _admin:enterprise_. Click _Generate token_ and store the resulting token in a safe location.
|
||||
|
||||
Reference in New Issue
Block a user