wip: rename to authentik (#361)

* root: initial rename

* web: rename custom element prefix

* root: rename external functions with pb_ prefix

* root: fix formatting

* root: replace domain with goauthentik.io

* proxy: update path

* root: rename remaining prefixes

* flows: rename file extension

* root: pbadmin -> akadmin

* docs: fix image filenames

* lifecycle: ignore migration files

* ci: copy default config from current source before loading last tagged

* *: new sentry dsn

* tests: fix missing python3.9-dev package

* root: add additional migrations for service accounts created by outposts

* core: mark system-created service accounts with attribute

* policies/expression: fix pb_ replacement not working

* web: fix last linting errors, add lit-analyse

* policies/expressions: fix lint errors

* web: fix sidebar display on screens where not all items fit

* proxy: attempt to fix proxy pipeline

* proxy: use go env GOPATH to get gopath

* lib: fix user_default naming inconsistency

* docs: add upgrade docs

* docs: update screenshots to use authentik

* admin: fix create button on empty-state of outpost

* web: fix modal submit not refreshing SiteShell and Table

* web: fix height of app-card and height of generic icon

* web: fix rendering of subtext

* admin: fix version check error not being caught

* web: fix worker count not being shown

* docs: update screenshots

* root: new icon

* web: fix lint error

* admin: fix linting error

* root: migrate coverage config to pyproject

website/docs/integrations/services/aws/index.md

@@ -12,13 +12,13 @@ Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopte
 
 The following placeholders will be used:
 
--   `passbook.company` is the FQDN of the passbook install.
+-   `authentik.company` is the FQDN of the authentik install.
 
-Create an application in passbook and note the slug, as this will be used later. Create a SAML provider with the following parameters:
+Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
 
 -   ACS URL: `https://signin.aws.amazon.com/saml`
 -   Audience: `urn:amazon:webservices`
--   Issuer: `passbook`
+-   Issuer: `authentik`
 -   Binding: `Post`
 
 You can of course use a custom signing certificate, and adjust durations.
@@ -31,7 +31,7 @@ After you've created the Property Mappings below, add them to the Provider.
 
 Create an application, assign policies, and assign this provider.
 
-Export the metadata from passbook, and create an Identity Provider [here](https://console.aws.amazon.com/iam/home#/providers).
+Export the metadata from authentik, and create an Identity Provider [here](https://console.aws.amazon.com/iam/home#/providers).
 
 #### Role Mapping
 
@@ -42,23 +42,23 @@ This Mapping needs to have the SAML Name field set to "https://aws.amazon.com/SA
 As expression, you can return a static ARN like so
 
 ```python
-return "arn:aws:iam::123412341234:role/saml_role,arn:aws:iam::123412341234:saml-provider/passbook"
+return "arn:aws:iam::123412341234:role/saml_role,arn:aws:iam::123412341234:saml-provider/authentik"
 ```
 
 Or, if you want to assign AWS Roles based on Group membership, you can add a custom attribute to the Groups, for example "aws_role", and use this snippet below. Groups are sorted by name and later groups overwrite earlier groups' attributes.
 
 ```python
 role_name = user.group_attributes().get("aws_role", "")
-return f"arn:aws:iam::123412341234:role/{role_name},arn:aws:iam::123412341234:saml-provider/passbook"
+return f"arn:aws:iam::123412341234:role/{role_name},arn:aws:iam::123412341234:saml-provider/authentik"
 ```
 
 If you want to allow a user to choose from multiple roles, use this snippet
 
 ```python
 return [
-    "arn:aws:iam::123412341234:role/role_a,arn:aws:iam::123412341234:saml-provider/passbook",
-    "arn:aws:iam::123412341234:role/role_b,arn:aws:iam::123412341234:saml-provider/passbook",
-    "arn:aws:iam::123412341234:role/role_c,arn:aws:iam::123412341234:saml-provider/passbook",
+    "arn:aws:iam::123412341234:role/role_a,arn:aws:iam::123412341234:saml-provider/authentik",
+    "arn:aws:iam::123412341234:role/role_b,arn:aws:iam::123412341234:saml-provider/authentik",
+    "arn:aws:iam::123412341234:role/role_c,arn:aws:iam::123412341234:saml-provider/authentik",
 ]
 ```
 

website/docs/integrations/services/awx-tower/index.md

@@ -21,9 +21,9 @@ AWX is the open-source version of Tower. The term "AWX" will be used interchange
 The following placeholders will be used:
 
 -   `awx.company` is the FQDN of the AWX/Tower install.
--   `passbook.company` is the FQDN of the passbook install.
+-   `authentik.company` is the FQDN of the authentik install.
 
-Create an application in passbook and note the slug, as this will be used later. Create a SAML provider with the following parameters:
+Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
 
 -   ACS URL: `https://awx.company/sso/complete/saml/`
 -   Audience: `awx`
@@ -36,16 +36,16 @@ You can of course use a custom signing certificate, and adjust durations.
 
 Navigate to `https://awx.company/#/settings/auth` to configure SAML. Set the Field `SAML SERVICE PROVIDER ENTITY ID` to `awx`.
 
-For the fields `SAML SERVICE PROVIDER PUBLIC CERTIFICATE` and `SAML SERVICE PROVIDER PRIVATE KEY`, you can either use custom certificates, or use the self-signed pair generated by passbook.
+For the fields `SAML SERVICE PROVIDER PUBLIC CERTIFICATE` and `SAML SERVICE PROVIDER PRIVATE KEY`, you can either use custom certificates, or use the self-signed pair generated by authentik.
 
 Provide metadata in the `SAML Service Provider Organization Info` field:
 
 ```json
 {
     "en-US": {
-        "name": "passbook",
-        "url": "https://passbook.company",
-        "displayname": "passbook"
+        "name": "authentik",
+        "url": "https://authentik.company",
+        "displayname": "authentik"
     }
 }
 ```
@@ -63,11 +63,11 @@ In the `SAML Enabled Identity Providers` paste the following configuration:
 
 ```json
 {
-    "passbook": {
+    "authentik": {
         "attr_username": "urn:oid:2.16.840.1.113730.3.1.241",
         "attr_user_permanent_id": "urn:oid:0.9.2342.19200300.100.1.1",
         "x509cert": "MIIDEjCCAfqgAwIBAgIRAJZ9pOZ1g0xjiHtQAAejsMEwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UEAwwlcGFzc2Jvb2sgU2VsZi1zaWduZWQgU0FNTCBDZXJ0aWZpY2F0ZTAeFw0xOTEyMjYyMDEwNDFaFw0yMDEyMjYyMDEwNDFaMFkxLjAsBgNVBAMMJXBhc3Nib29rIFNlbGYtc2lnbmVkIFNBTUwgQ2VydGlmaWNhdGUxETAPBgNVBAoMCHBhc3Nib29rMRQwEgYDVQQLDAtTZWxmLXNpZ25lZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO/ktBYZkY9xAijF4acvzX6Q1K8KoIZeyde8fVgcWBz4L5FgDQ4/dni4k2YAcPdwteGL4nKVzetUzjbRCBUNuO6lqU4J4WNNX4Xg4Ir7XLRoAQeo+omTPBdpJ1p02HjtN5jT01umN3bK2yto1e37CJhK6WJiaXqRewPxh4lI4aqdj3BhFkJ3I3r2qxaWOAXQ6X7fg3w/ny7QP53//ouZo7hSLY3GIcRKgvdjjVM3OW5C3WLpOq5Dez5GWVJ17aeFCfGQ8bwFKde6qfYqyGcU9xHB36TtVHB9hSFP/tUFhkiSOxtsrYwCgCyXm4UTSpP+wiNyjKfFw7qGLBvA2hGTNw8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh9PeAqPRQk1/SSygIFADZBi08O/DPCshFwEHvJATIcTzcDD8UGAjXh+H5OlkDyX7KyrcaNvYaafCUo63A+WprdtdY5Ty6SBEwTYyiQyQfwM9BfK+imCoif1Ai7xAelD7p9lNazWq7JU+H/Ep7U7Q7LvpxAbK0JArt+IWTb2NcMb3OWE1r0gFbs44O1l6W9UbJTbyLMzbGbe5i+NHlgnwPwuhtRMh0NUYabGHKcHbhwyFhfGAQv2dAp5KF1E5gu6ZzCiFePzc0FrqXQyb2zpFYcJHXquiqaOeG7cZxRHYcjrl10Vxzki64XVA9BpdELgKSnupDGUEJsRUt3WVOmvZuA==",
-        "url": "https://passbook.company/application/saml/awx/login/",
+        "url": "https://authentik.company/application/saml/awx/login/",
         "attr_last_name": "User.LastName",
         "entity_id": "https://awx.company/sso/metadata/saml/",
         "attr_email": "urn:oid:0.9.2342.19200300.100.1.3",
@@ -76,4 +76,4 @@ In the `SAML Enabled Identity Providers` paste the following configuration:
 }
 ```
 
-`x509cert` is the certificate configured in passbook. Remove the `--BEGIN CERTIFICATE--` and `--END CERTIFICATE--` headers, then enter the cert as one non-breaking string.
+`x509cert` is the certificate configured in authentik. Remove the `--BEGIN CERTIFICATE--` and `--END CERTIFICATE--` headers, then enter the cert as one non-breaking string.

website/docs/integrations/services/gitlab/index.md

@@ -15,9 +15,9 @@ GitLab is a complete DevOps platform, delivered as a single application. This ma
 The following placeholders will be used:
 
 -   `gitlab.company` is the FQDN of the GitLab Install
--   `passbook.company` is the FQDN of the passbook Install
+-   `authentik.company` is the FQDN of the authentik Install
 
-Create an application in passbook and note the slug, as this will be used later. Create a SAML provider with the following parameters:
+Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
 
 -   ACS URL: `https://gitlab.company/users/auth/saml/callback`
 -   Audience: `https://gitlab.company`
@@ -45,7 +45,7 @@ gitlab_rails['omniauth_providers'] = [
     args: {
       assertion_consumer_service_url: 'https://gitlab.company/users/auth/saml/callback',
       idp_cert_fingerprint: '4E:1E:CD:67:4A:67:5A:E9:6A:D0:3C:E6:DD:7A:F2:44:2E:76:00:6A',
-      idp_sso_target_url: 'https://passbook.company/application/saml/<passbook application slug>/sso/binding/post/',
+      idp_sso_target_url: 'https://authentik.company/application/saml/<authentik application slug>/sso/binding/post/',
       issuer: 'https://gitlab.company',
       name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
       attribute_statements: {
@@ -54,7 +54,7 @@ gitlab_rails['omniauth_providers'] = [
         nickname: ['urn:oid:2.16.840.1.113730.3.1.241']
       }
     },
-    label: 'passbook'
+    label: 'authentik'
   }
 ]
 ```

website/docs/integrations/services/harbor/index.md

@@ -15,9 +15,9 @@ Harbor is an open source container image registry that secures images with role-
 The following placeholders will be used:
 
 -   `harbor.company` is the FQDN of the Harbor install.
--   `passbook.company` is the FQDN of the passbook install.
+-   `authentik.company` is the FQDN of the authentik install.
 
-Create an application in passbook. Create an OpenID provider with the following parameters:
+Create an application in authentik. Create an OpenID provider with the following parameters:
 
 -   Client Type: `Confidential`
 -   Response types: `code (Authorization Code Flow)`

website/docs/integrations/services/home-assistant/index.md

@@ -15,47 +15,47 @@ Open source home automation that puts local control and privacy first. Powered b
 The following placeholders will be used:
 
 -   `hass.company` is the FQDN of the Home-Assistant install.
--   `passbook.company` is the FQDN of the passbook install.
+-   `authentik.company` is the FQDN of the authentik install.
 
 :::note
-This setup uses https://github.com/BeryJu/hass-auth-header and the passbook proxy for authentication. When this [PR](https://github.com/home-assistant/core/pull/32926) is merged, this will no longer be necessary.
+This setup uses https://github.com/BeryJu/hass-auth-header and the authentik proxy for authentication. When this [PR](https://github.com/home-assistant/core/pull/32926) is merged, this will no longer be necessary.
 :::
 
 ## Home-Assistant
 
 This guide requires https://github.com/BeryJu/hass-auth-header, which can be installed as described in the Readme.
 
-Afterwards, make sure the `trusted_proxies` setting contains the IP(s) of the Host(s) passbook is running on.
+Afterwards, make sure the `trusted_proxies` setting contains the IP(s) of the Host(s) authentik is running on.
 
-With the default Header of `X-Forwarded-Preferred-Username` matching is done on a username basis, so your Name in Home-Assistant and your username in passbook have to match.
+With the default Header of `X-Forwarded-Preferred-Username` matching is done on a username basis, so your Name in Home-Assistant and your username in authentik have to match.
 
 If this is not the case, you can simply add an additional header for your user, which contains the Home-Assistant Name and authenticate based on that.
 
-For example add this to your user's properties and set the Header to `X-pb-hass-user`.
+For example add this to your user's properties and set the Header to `X-ak-hass-user`.
 
 ```yaml
 additionalHeaders:
-    X-pb-hass-user: some other name
+    X-ak-hass-user: some other name
 ```
 
-## passbook
+## authentik
 
 Create a Proxy Provider with the following values
 
 -   Internal host
 
-    If Home-Assistant is running in docker, and you're deploying the passbook proxy on the same host, set the value to `http://homeassistant:8123`, where Home-Assistant is the name of your container.
+    If Home-Assistant is running in docker, and you're deploying the authentik proxy on the same host, set the value to `http://homeassistant:8123`, where Home-Assistant is the name of your container.
 
-    If Home-Assistant is running on a different server than where you are deploying the passbook proxy, set the value to `http://hass.company:8123`.
+    If Home-Assistant is running on a different server than where you are deploying the authentik proxy, set the value to `http://hass.company:8123`.
 
 -   External host
 
     Set this to the external URL you will be accessing Home-Assistant from.
 
-Create an application in passbook and select the provider you've created above.
+Create an application in authentik and select the provider you've created above.
 
 ## Deployment
 
 Create an outpost deployment for the provider you've created above, as described [here](../../../outposts/outposts.md). Deploy this Outpost either on the same host or a different host that can access Home-Assistant.
 
-The outpost will connect to passbook and configure itself.
+The outpost will connect to authentik and configure itself.

website/docs/integrations/services/rancher/index.md

@@ -16,13 +16,13 @@ Rancher is a platform built to address the needs of the DevOps teams deploying a
 The following placeholders will be used:
 
 -   `rancher.company` is the FQDN of the Rancher install.
--   `passbook.company` is the FQDN of the passbook install.
+-   `authentik.company` is the FQDN of the authentik install.
 
-Create an application in passbook and note the slug, as this will be used later. Create a SAML provider with the following parameters:
+Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
 
 -   ACS URL: `https://rancher.company/v1-saml/adfs/saml/acs`
 -   Audience: `https://rancher.company/v1-saml/adfs/saml/metadata`
--   Issuer: `passbook`
+-   Issuer: `authentik`
 
 You can of course use a custom signing certificate, and adjust durations.
 

website/docs/integrations/services/sentry/index.md

@@ -19,13 +19,13 @@ better software faster with Sentry. Won’t you join them?
 The following placeholders will be used:
 
 -   `sentry.company` is the FQDN of the Sentry install.
--   `passbook.company` is the FQDN of the passbook install.
+-   `authentik.company` is the FQDN of the authentik install.
 
-Create an application in passbook. Create a SAML Provider with the following values
+Create an application in authentik. Create a SAML Provider with the following values
 
 -   ACS URL: `https://sentry.company/saml/acs/<sentry organisation name>/`
 -   Audience: `https://sentry.company/saml/metadata/<sentry organisation name>/`
--   Issuer: `passbook`
+-   Issuer: `authentik`
 -   Service Provider Binding: `Post`
 -   Property Mapping: Select all Autogenerated Mappings
 
@@ -37,7 +37,7 @@ Navigate to Settings -> Auth, and click on Configure next to SAML2
 
 ![](./auth.png)
 
-In passbook, get the Metadata URL by right-clicking `Download Metadata` and selecting Copy Link Address, and paste that URL into Sentry.
+In authentik, get the Metadata URL by right-clicking `Download Metadata` and selecting Copy Link Address, and paste that URL into Sentry.
 
 On the next screen, input these Values
 
@@ -45,4 +45,4 @@ IdP User ID: `urn:oid:0.9.2342.19200300.100.1.1`
 User Email: `urn:oid:0.9.2342.19200300.100.1.3`
 First Name: `urn:oid:2.5.4.3`
 
-After confirming, Sentry will authenticate with passbook, and you should be redirected back to a page confirming your settings.
+After confirming, Sentry will authenticate with authentik, and you should be redirected back to a page confirming your settings.

website/docs/integrations/services/sonarr/index.md

@@ -21,24 +21,24 @@ Sonarr is a PVR for Usenet and BitTorrent users. It can monitor multiple RSS fee
 The following placeholders will be used:
 
 -   `sonarr.company` is the FQDN of the Sonarr install.
--   `passbook.company` is the FQDN of the passbook install.
+-   `authentik.company` is the FQDN of the authentik install.
 
 Create a Proxy Provider with the following values
 
 -   Internal host
 
-    If Sonarr is running in docker, and you're deploying the passbook proxy on the same host, set the value to `http://sonarr:8989`, where sonarr is the name of your container.
+    If Sonarr is running in docker, and you're deploying the authentik proxy on the same host, set the value to `http://sonarr:8989`, where sonarr is the name of your container.
 
-    If Sonarr is running on a different server than where you are deploying the passbook proxy, set the value to `http://sonarr.company:8989`.
+    If Sonarr is running on a different server than where you are deploying the authentik proxy, set the value to `http://sonarr.company:8989`.
 
 -   External host
 
     Set this to the external URL you will be accessing Sonarr from.
 
-Create an application in passbook and select the provider you've created above.
+Create an application in authentik and select the provider you've created above.
 
 ## Deployment
 
 Create an outpost deployment for the provider you've created above, as described [here](../../../outposts/outposts.md). Deploy this Outpost either on the same host or a different host that can access Sonarr.
 
-The outpost will connect to passbook and configure itself.
+The outpost will connect to authentik and configure itself.

website/docs/integrations/services/tautulli/index.md

@@ -15,11 +15,11 @@ Tautulli is a 3rd party application that you can run alongside your Plex Media S
 The following placeholders will be used:
 
 -   `tautulli.company` is the FQDN of the Tautulli install.
--   `passbook.company` is the FQDN of the passbook install.
+-   `authentik.company` is the FQDN of the authentik install.
 
-## passbook Setup
+## authentik Setup
 
-Because Tautulli requires valid HTTP Basic credentials, you must save your HTTP Basic Credentials in passbook. The recommended way to do this is to create a Group. Name the group "Tautulli Users", for example. For this group, add the following attributes:
+Because Tautulli requires valid HTTP Basic credentials, you must save your HTTP Basic Credentials in authentik. The recommended way to do this is to create a Group. Name the group "Tautulli Users", for example. For this group, add the following attributes:
 
 ```yaml
 tautulli_user: username
@@ -28,13 +28,13 @@ tautulli_password: password
 
 Add all Tautulli users to the Group. You should also create a Group Membership Policy to limit access to the application.
 
-Create an application in passbook. Create a Proxy provider with the following parameters:
+Create an application in authentik. Create a Proxy provider with the following parameters:
 
 -   Internal host
 
-    If Tautulli is running in docker, and you're deploying the passbook proxy on the same host, set the value to `http://tautulli:3579`, where tautulli is the name of your container.
+    If Tautulli is running in docker, and you're deploying the authentik proxy on the same host, set the value to `http://tautulli:3579`, where tautulli is the name of your container.
 
-    If Tautulli is running on a different server to where you are deploying the passbook proxy, set the value to `http://tautulli.company:3579`.
+    If Tautulli is running on a different server to where you are deploying the authentik proxy, set the value to `http://tautulli.company:3579`.
 
 -   External host
 

website/docs/integrations/services/ubuntu-landscape/index.md

@@ -11,7 +11,7 @@ Landscape is a systems management tool developed by Canonical. It can be run on-
 :::
 
 :::warning
-This requires passbook 0.10.3 or newer.
+This requires authentik 0.10.3 or newer.
 :::
 
 ## Preparation
@@ -19,11 +19,11 @@ This requires passbook 0.10.3 or newer.
 The following placeholders will be used:
 
 -   `landscape.company` is the FQDN of the Landscape server.
--   `passbook.company` is the FQDN of the passbook install.
+-   `authentik.company` is the FQDN of the authentik install.
 
 Landscape uses the OpenID-Connect Protocol for single-sign on.
 
-## passbook Setup
+## authentik Setup
 
 Create an OAuth2/OpenID-Connect Provider with the default settings. Set the Redirect URIs to `https://landscape.company/login/handle-openid`. Select all Autogenerated Scopes.
 
@@ -36,7 +36,7 @@ Create an application and assign access policies to the application. Set the app
 On the Landscape Server, edit the file `/etc/landscape/service.conf` and add the following snippet under the `[landscape]` section:
 
 ```
-oidc-issuer = https://passbook.company/application/o/<slug of the application you've created>/
+oidc-issuer = https://authentik.company/application/o/<slug of the application you've created>/
 oidc-client-id = <client ID of the provider you've created>
 oidc-client-secret = <client Secret of the provider you've created>
 ```
@@ -47,7 +47,7 @@ Afterwards, run `sudo lsctl restart` to restart the Landscape services.
 
 To make an OpenID-Connect User admin, you have to insert some rows into the database.
 
-First login with your passbook user, and make sure the user is created successfully.
+First login with your authentik user, and make sure the user is created successfully.
 
 Run `sudo -u postgres psql landscape-standalone-main` on the Landscape server to open a PostgreSQL Prompt.
 Then run `select * from person;` to get a list of all users. Take note of the ID given to your new user.

website/docs/integrations/services/vmware-vcenter/index.md

@@ -11,7 +11,7 @@ vCenter Server is the centralized management utility for VMware, and is used to
 :::
 
 :::warning
-This requires passbook 0.10.3 or newer.
+This requires authentik 0.10.3 or newer.
 :::
 
 :::warning
@@ -27,9 +27,9 @@ It seems that the vCenter still needs to be joined to the Active Directory Domai
 The following placeholders will be used:
 
 -   `vcenter.company` is the FQDN of the vCenter server.
--   `passbook.company` is the FQDN of the passbook install.
+-   `authentik.company` is the FQDN of the authentik install.
 
-Since vCenter only allows OpenID-Connect in combination with Active Directory, it is recommended to have passbook sync with the same Active Directory.
+Since vCenter only allows OpenID-Connect in combination with Active Directory, it is recommended to have authentik sync with the same Active Directory.
 
 ### Step 1
 
@@ -61,7 +61,7 @@ Under _Providers_, create an OAuth2/OpenID Provider with these settings:
 -   Sub Mode: If your Email address Schema matches your UPN, select "Based on the User's Email...", otherwise select "Based on the User's UPN...".
 -   Scopes: Select the Scope Mapping you've created in Step 1
 
-![](./passbook_setup.png)
+![](./authentik_setup.png)
 
 ### Step 4
 
@@ -77,9 +77,9 @@ Click on _Change Identity Provider_ in the top-right corner.
 
 In the wizard, select "Microsoft ADFS" and click Next.
 
-Fill in the Client Identifier and Shared Secret from the Provider in passbook. For the OpenID Address, click on _View Setup URLs_ in passbook, and copy the OpenID Configuration URL.
+Fill in the Client Identifier and Shared Secret from the Provider in authentik. For the OpenID Address, click on _View Setup URLs_ in authentik, and copy the OpenID Configuration URL.
 
-On the next page, fill in your Active Directory Connection Details. These should be similar to what you have set in passbook.
+On the next page, fill in your Active Directory Connection Details. These should be similar to what you have set in authentik.
 
 ![](./vcenter_post_setup.png)
 

website/docs/integrations/sources/active-directory/index.md

@@ -7,7 +7,7 @@ title: Active Directory
 The following placeholders will be used:
 
 -   `ad.company` is the Name of the Active Directory domain.
--   `passbook.company` is the FQDN of the passbook install.
+-   `authentik.company` is the FQDN of the authentik install.
 
 ## Active Directory Setup
 
@@ -21,25 +21,25 @@ The following placeholders will be used:
 
 4. Open the Delegation of Control Wizard by right-clicking the domain.
 
-5. Select the passbook service user you've just created.
+5. Select the authentik service user you've just created.
 
 6. Ensure the "Reset user password and force password change at next logon" Option is checked.
 
     ![](./02_delegate.png)
 
-## passbook Setup
+## authentik Setup
 
-In passbook, create a new LDAP Source in Administration -> Sources.
+In authentik, create a new LDAP Source in Administration -> Sources.
 
 Use these settings:
 
 -   Server URI: `ldap://ad.company`
 
-    For passbook to be able to write passwords back to Active Directory, make sure to use `ldaps://`
+    For authentik to be able to write passwords back to Active Directory, make sure to use `ldaps://`
 
 -   Bind CN: `<name of your service user>@ad.company`
 -   Bind Password: The password you've given the user above
--   Base DN: The base DN which you want passbook to sync
+-   Base DN: The base DN which you want authentik to sync
 -   Property Mappings: Select all and click the right arrow
 
 The other settings might need to be adjusted based on the setup of your domain.
@@ -54,4 +54,4 @@ The other settings might need to be adjusted based on the setup of your domain.
 
 After you save the source, a synchronization will start in the background. When its done, you cen see the summary on the System Tasks page.
 
-![](./03_pb_status.png)
+![](./03_ak_status.png)