website/docs: remove mention of wizard (#13126)
* first pass at removing wizard * missed one * Replaced the word modal wth the word box or simply rewrote to avoid saying modal. * typo --------- Co-authored-by: Tana M Berry <tana@goauthentik.com>
This commit is contained in:
		| @ -4,37 +4,21 @@ title: Manage applications | ||||
|  | ||||
| Managing the applications that your team uses involves several tasks, from initially adding the application and provider, to controlling access and visibility of the application, to providing access URLs. | ||||
|  | ||||
| ## Add new applications | ||||
|  | ||||
| Learn how to add new applications from our video or follow the instructions below. | ||||
|  | ||||
| ### Video | ||||
|  | ||||
| <iframe | ||||
|     width="560" | ||||
|     height="315" | ||||
|     src="https://www.youtube.com/embed/broUAWrIWDI;start=22" | ||||
|     title="YouTube video player" | ||||
|     frameborder="0" | ||||
|     allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" | ||||
|     allowfullscreen | ||||
| ></iframe> | ||||
|  | ||||
| ### Instructions | ||||
|  | ||||
| To add an application to authentik and have it display on users' **My applications** page, you can use the Application Wizard, which creates both the new application and the required provider at the same time. | ||||
| To add an application to authentik and have it display on users' **My applications** page, follow these steps: | ||||
|  | ||||
| 1. Log into authentik as an admin, and navigate to **Applications --> Applications**. | ||||
| 1. Log in to authentik as an admin, and open the authentik Admin interface. | ||||
|  | ||||
| 2. Click **Create with Wizard**. (Alternatively, use our legacy process and click **Create**. The legacy process requires that the application and its authentication provider be configured separately.) | ||||
| 2. Navigate to **Applications -> Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can create only an application, without a provider, by clicking **Create.)** | ||||
|  | ||||
| 3. In the **New application** wizard, define the application details, the provider type, bindings for the application. | ||||
| 3. In the **New application** box, define the application details, the provider type and configuration settings, and bindings for the application. | ||||
|  | ||||
|     - **Application**: provide a name, an optional group for the type of application, the policy engine mode, and optional UI settings. | ||||
|  | ||||
|     - **Choose a Provider**: select the provider types for this application. | ||||
|  | ||||
|     - **Configure a Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and any additional required configurations. | ||||
|     - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and any additional required configurations. | ||||
|  | ||||
|     - **Configure Bindings**: to manage the listing and access to applications on a user's **My applications** page, you can optionally create a [binding](../flows-stages/bindings/index.md) between the application and a specific policy, group, or user. Note that if you do not define any bindings, then all users have access to the application. For more information about user access, refer to our documentation about [authorization](#policy-driven-authorization) and [hiding an application](#hide-applications). | ||||
|  | ||||
| @ -95,8 +79,8 @@ return { | ||||
| 3. Click the **Application entitlements** tab at the top of the page, and then click **Create entitlement**. Provide a name for the entitlement, enter any optional **Attributes**, and then click **Create**. | ||||
| 4. In the list locate the entitlement to which you want to bind a user or group, and then **click the caret (>) to expand the entitlement details.** | ||||
| 5. In the expanded area, click **Bind existing Group/User**. | ||||
| 6. In the **Create Binding** modal box, select either the tab for **Group** or **User**, and then in the drop-down list, select the group or user. | ||||
| 7. Optionally, configure additional settings for the binding, and then click **Create** to create the binding and close the modal box. | ||||
| 6. In the **Create Binding** box, select either the tab for **Group** or **User**, and then in the drop-down list, select the group or user. | ||||
| 7. Optionally, configure additional settings for the binding, and then click **Create** to create the binding and close the box. | ||||
|  | ||||
| ## Hide applications | ||||
|  | ||||
|  | ||||
| @ -9,5 +9,5 @@ For instructions to create a binding, refer to the documentation for the specifi | ||||
| - [Bind a stage to a flow](../stages/index.md#bind-a-stage-to-a-flow) | ||||
| - [Bind a policy to a flow or stage](../../../customize/policies/working_with_policies#bind-a-policy-to-a-flow-or-stage) | ||||
| - [Bind users or groups to a specific application with an Application Entitlement](../../applications/manage_apps.mdx#application-entitlements) | ||||
| - [Bind a policy to a specific application when you create a new app using the Wizard](../../applications/manage_apps.mdx#instructions) | ||||
| - [Bind a policy to a specific application when you create a new application and provider](../../applications/manage_apps.mdx#instructions) | ||||
| - [Bind users and groups to a stage binding, to define whether or not that stage is shown](../stages/index.md#bind-users-and-groups-to-a-flows-stage-binding) | ||||
|  | ||||
| @ -26,7 +26,7 @@ For detailed instructions, refer to Google documentation. | ||||
| ### Create a Google cloud project | ||||
|  | ||||
| 1. Open the Google Cloud Console (https://cloud.google.com/cloud-console). | ||||
| 2. In upper left, click the drop-down box to open the **Select a project** modal box, and then select **New Project**. | ||||
| 2. In upper left, click the drop-down box to open the **Select a project** box, and then select **New Project**. | ||||
| 3. Create a new project and give it a name like "authentik GWS". | ||||
| 4. Use the search bar at the top of your new project page to search for "API Library". | ||||
| 5. On the **API Library** page, use the search bar again to find "Chrome Verified Access API". | ||||
| @ -47,7 +47,7 @@ For detailed instructions, refer to Google documentation. | ||||
|  | ||||
| 1. On the **Service accounts** page, click the account that you just created. | ||||
| 2. Click the **Keys** tab at top of the page, the click **Add Key -> Create new key**. | ||||
| 3. In the Create modal box, select JSON as the key type, and then click **Create**. | ||||
| 3. In the Create box, select JSON as the key type, and then click **Create**. | ||||
|    A pop-up displays with the private key, and the key is saved to your computer as a JSON file. | ||||
|    Later, when you create the stage in authentik, you will add this key in the **Credentials** field. | ||||
| 4. On the service account page, click the **Details** tab, and expand the **Advanced settings** area. | ||||
| @ -64,7 +64,7 @@ For detailed instructions, refer to Google documentation. | ||||
|  | ||||
| 2. In the Admin interface, navigate to **Flows -> Stages**. | ||||
|  | ||||
| 3. Click **Create**, and select **Endpoint Authenticator Google Device Trust Connector Stage**, and in the **New stage** modal box, define the following fields: | ||||
| 3. Click **Create**, and select **Endpoint Authenticator Google Device Trust Connector Stage**, and in the **New stage** box, define the following fields: | ||||
|  | ||||
|     - **Name**: define a descriptive name, such as "chrome-device-trust". | ||||
|  | ||||
|  | ||||
| @ -70,8 +70,8 @@ To bind a user or a group to a stage binding for a specific flow, follow these s | ||||
|  | ||||
|  | ||||
| 6. In the expanded area, click **Bind existing policy/group/user**. | ||||
| 7. In the **Create Binding** modal box, select either the tab for **Group** or **User**. | ||||
| 7. In the **Create Binding** box, select either the tab for **Group** or **User**. | ||||
| 8. In the drop-down list, select the group or user. | ||||
| 9. Optionally, configure additional settings for the binding, and then click **Create** to create the binding and close the modal box. | ||||
| 9. Optionally, configure additional settings for the binding, and then click **Create** to create the binding and close the box. | ||||
|  | ||||
| Learn more about [bindings](../bindings/index.md) and [working with them](../bindings/work_with_bindings.md). | ||||
|  | ||||
| @ -35,7 +35,7 @@ Any change made to the outpost's associated app or provider immediately triggers | ||||
|     - **Applications**: select the applications that you want the outpost to serve | ||||
|     - **Advanced settings** (*optional*): For further optional configuration settings, refer to [Configuration](#configuration) below. | ||||
|  | ||||
|     4. Click **Create** to save your new outpost settings and close the modal. | ||||
|     4. Click **Create** to save your new outpost settings and close the box. | ||||
|  | ||||
| Upon creation, a service account and a token is generated. The service account only has permissions to read the outpost and provider configuration. This token is used by the outpost to connect to authentik. | ||||
|  | ||||
|  | ||||
| @ -17,7 +17,7 @@ As detailed in the steps below, when you add an Entra ID provider in authentik y | ||||
|  | ||||
| 1.  Log in as an admin to authentik, and go to the Admin interface. | ||||
| 2.  In the Admin interface, navigate to **Applications -> Providers**. | ||||
| 3.  Click **Create**, and in the **New provider** modal box select **Microsoft Entra Provider** as the type and click **Next**. | ||||
| 3.  Click **Create**, and in the **New provider** box select **Microsoft Entra Provider** as the type and click **Next**. | ||||
| 4.  Define the following fields: | ||||
|  | ||||
|     - **Name**: define a descriptive name, such as "Entra provider". | ||||
| @ -46,7 +46,7 @@ As detailed in the steps below, when you add an Entra ID provider in authentik y | ||||
|  | ||||
| 1. Log in as an admin to authentik, and go to the Admin interface. | ||||
| 2. In the Admin interface, navigate to **Applications -> Applications**. | ||||
| 3. Click **Create**, and in the **Create Application** modal box define the following fields: | ||||
| 3. Click **Create**, and define the following fields: | ||||
|  | ||||
|     - **Name**: provide a descriptive name. | ||||
|     - **Slug**: enter the name of the app as you want it to appear in the URL. | ||||
|  | ||||
| @ -19,7 +19,7 @@ When adding the Google Workspace provider in authentik, you must define the **Ba | ||||
|  | ||||
| 2. In the Admin interface, navigate to **Applications -> Providers**. | ||||
|  | ||||
| 3. Click **Create**, and select **Google Workspace Provider**, and in the **New provider** modal box, define the following fields: | ||||
| 3. Click **Create**, and select **Google Workspace Provider**, and in the **New provider** box, define the following fields: | ||||
|  | ||||
|     - **Name**: define a descriptive name, such as "GWS provider". | ||||
|  | ||||
| @ -50,7 +50,7 @@ When adding the Google Workspace provider in authentik, you must define the **Ba | ||||
|    :::info | ||||
|    If you have also configured Google Workspace to log in using authentik following [these](https://docs.goauthentik.io/integrations/services/google/index), then this configuration can be done on the same app by adding this new provider as a backchannel provider on the existing app instead of creating a new app. | ||||
|    ::: | ||||
| 3. Click **Create**, and in the **New provider** modal box, and define the following fields: | ||||
| 3. Click **Create**, and in the **New provider** box, and define the following fields: | ||||
|  | ||||
|     - **Slug**: enter the name of the app as you want it to appear in the URL. | ||||
|     - **Provider**: when _not_ used in conjunction with the Google SAML configuration should be left empty. | ||||
|  | ||||
| @ -20,7 +20,7 @@ For detailed instructions, refer to Google documentation. | ||||
| ### Create a Google cloud project | ||||
|  | ||||
| 1. Open the Google Cloud Console (https://cloud.google.com/cloud-console). | ||||
| 2. In upper left, click the drop-down box to open the **Select a project** modal box, and then select **New Project**. | ||||
| 2. In upper left, click the drop-down box to open the **Select a project** box, and then select **New Project**. | ||||
| 3. Create a new project and give it a name like "authentik GWS" | ||||
| 4. Use the search bar at the top of your new project page to search for "API Library". | ||||
| 5. On the **API Library** page, use the search bar again to find "Admin SDK API". | ||||
| @ -41,7 +41,7 @@ For detailed instructions, refer to Google documentation. | ||||
|  | ||||
| 1. On the **Service accounts** page, click the account that you just created. | ||||
| 2. Click the **Keys** tab at top of the page, the click **Add Key -> Create new key**. | ||||
| 3. In the Create modal box, select JSON as the key type, and then click **Create**. | ||||
| 3. In the Create box, select JSON as the key type, and then click **Create**. | ||||
|    A pop-up displays with the private key, and the key is saved to your computer as a JSON file. | ||||
|    Later, when you create your authentik provider for Google Workspace, you will add this key in the **Credentials** field. | ||||
| 4. On the service account page, click the **Details** tab, and expand the **Advanced settings** area. | ||||
| @ -49,7 +49,7 @@ For detailed instructions, refer to Google documentation. | ||||
| 6. Log in to the Admin Console, and then navigate to **Security -> Access and data control -> API controls**. | ||||
| 7. On the **API controls** page, click **Manage Domain Wide Delegation**. | ||||
| 8. On the **Domain Wide Delegation** page, click **Add new**. | ||||
| 9. In the **Add a new client ID** modal box, paste in the Client ID that you copied from the Admin console earlier (the value from the downloaded JSON file) and paste in the following scope documents: | ||||
| 9. In the **Add a new client ID** box, paste in the Client ID that you copied from the Admin console earlier (the value from the downloaded JSON file) and paste in the following scope documents: | ||||
|     - `https://www.googleapis.com/auth/admin.directory.user` | ||||
|     - `https://www.googleapis.com/auth/admin.directory.group` | ||||
|     - `https://www.googleapis.com/auth/admin.directory.group.member` | ||||
|  | ||||
| @ -11,7 +11,7 @@ Providers are the "other half" of [applications](../applications/index.md). They | ||||
|  | ||||
| Applications can use additional providers to augment the functionality of the main provider. For more information, see [Backchannel providers](../applications/manage_apps.mdx#backchannel-providers). | ||||
|  | ||||
| You can create a new provider in the Admin interface, or you can use the [Application wizard](../applications/manage_apps.mdx#instructions) to create a new application and its provider at the same time. | ||||
| You can create a new provider in the Admin interface, or you can use the [**Create with provider** option](../applications/manage_apps.mdx#instructions) to create a new application and its provider at the same time. | ||||
|  | ||||
| When you create certain types of providers, you need to select specific [flows](../flows-stages/flow/index.md) to apply to users who access authentik via the provider. To learn more, refer to our [default flow documentation](../flows-stages/flow/examples/default_flows.md). | ||||
|  | ||||
|  | ||||
| @ -46,7 +46,7 @@ Note: The `default-authentication-flow` validates MFA by default, and currently | ||||
|  | ||||
| ### Create LDAP Application & Provider | ||||
|  | ||||
| 1. Create the LDAP Application under _Applications_ -> _Applications_ -> _Create With Wizard_ and name it `LDAP`. | ||||
| 1. Create the LDAP Application under _Applications_ -> _Applications_ -> _Create With provider_ and name it `LDAP`. | ||||
|     | ||||
|     | ||||
|  | ||||
| @ -55,7 +55,7 @@ Note: The `default-authentication-flow` validates MFA by default, and currently | ||||
| 1. Navigate to the LDAP Provider under _Applications_ -> _Providers_ -> `Provider for LDAP`. | ||||
| 2. Switch to the _Permissions_ tab. | ||||
| 3. Click the _Assign to new user_ button to select a user to assign the full directory search permission to. | ||||
| 4. Select the `ldapservice` user in the modal by typing in its username. Select the _Search full LDAP directory_ permission and click _Assign_ | ||||
| 4. Select the `ldapservice` user typing in its username. Select the _Search full LDAP directory_ permission and click _Assign_ | ||||
|  | ||||
| ### Create LDAP Outpost | ||||
|  | ||||
|  | ||||
| @ -2,13 +2,13 @@ | ||||
| title: Create an OAuth2 provider | ||||
| --- | ||||
|  | ||||
| To add a provider (and the application that uses the provider for authentication) use the Application Wizard, which creates both the new application and the required provider at the same time. For typical scenarios, authentik recommends that you use the Wizard to create both the application and the provider together. (Alternatively, use our legacy process: navigate to **Applications --> Providers**, and then click **Create**.) | ||||
| To add a provider (and the application that uses the provider for authentication) use the ** Create with provider** option, which creates both the new application and the required provider at the same time. For typical scenarios, authentik recommends that you create both the application and the provider together. (Alternatively, use our legacy process: navigate to **Applications --> Providers**, and then click **Create**.) | ||||
|  | ||||
| 1. Log into authentik as an admin, and navigate to **Applications --> Applications**. | ||||
| 1. Log in to authentik as an admin, and open the authentik Admin interface. | ||||
|  | ||||
| 2. Click **Create with Wizard**. | ||||
| 2. Navigate to **Applications -> Applications** and click **Create with provider** to create an application and provider pair. (Alternatively you can create only an application, without a provider, by clicking **Create**.) | ||||
|  | ||||
| 3. In the **New application** wizard, define the application details, and then click **Next**. | ||||
| 3. In the **New application** box, define the application details, and then click **Next**. | ||||
|  | ||||
| 4. Select the **Provider Type** of **OAuth2/OIDC**, and then click **Next**. | ||||
|  | ||||
|  | ||||
| @ -26,7 +26,7 @@ The first step is to create the RAC app and provider. | ||||
|  | ||||
| 2. In the Admin interface, navigate to **Applications -> Applications**. | ||||
|  | ||||
| 3. Click **Create with Wizard**. Follow the [instructions](../../applications/manage_apps.mdx#instructions) to create your RAC application and provider. | ||||
| 3. Click **Create with provider**. Follow the [instructions](../../applications/manage_apps.mdx#instructions) to create your RAC application and provider. | ||||
|  | ||||
| ### Step 2. Create RAC property mapping | ||||
|  | ||||
| @ -36,7 +36,7 @@ Next, you need to add a property mapping for each of the remote machines you wan | ||||
|  | ||||
| 2. On the **Property Mappings** page, click **Create**. | ||||
|  | ||||
| 3. On the **New property mapping** modal, set the following: | ||||
| 3. On the **New property mapping** box, set the following: | ||||
|  | ||||
|     - **Select Type**: RAC Property Mappings | ||||
|     - **Create RAC Property Mapping**: | ||||
| @ -52,7 +52,7 @@ Next, you need to add a property mapping for each of the remote machines you wan | ||||
|         - Advanced settings: | ||||
|             - **Expressions**: optional, using Python you can define custom [expressions](../property-mappings/expression.mdx). | ||||
|  | ||||
| 4. Click **Finish** to save your settings and close the modal. | ||||
| 4. Click **Finish** to save your settings and close the box. | ||||
|  | ||||
| ### Step 3. Create Endpoints for the Provider | ||||
|  | ||||
| @ -64,7 +64,7 @@ Finally, you need to create an endpoint for each remote machine. Endpoints are d | ||||
|  | ||||
| 3. On the Provider page, under **Endpoints**, click **Create**. | ||||
|  | ||||
| 4. On the **Create Endpoint** modal, provide the following settings: | ||||
| 4. On the **Create Endpoint** box, provide the following settings: | ||||
|  | ||||
|     - **Name**: define a name for the endpoint, perhaps include the type of connection (RDP, SSH, VNC) | ||||
|     - **Protocol**: select the appropriate protocol | ||||
| @ -73,7 +73,7 @@ Finally, you need to create an endpoint for each remote machine. Endpoints are d | ||||
|     - **Property mapping**: select either the property mapping that you created in Step 2, or use one of the default settings. | ||||
|     - **Advance settings**: optional | ||||
|  | ||||
| 5. Click **Create** to save your settings and close the modal. | ||||
| 5. Click **Create** to save your settings and close the box. | ||||
|  | ||||
| ### Access the remote machine | ||||
|  | ||||
|  | ||||
| @ -8,7 +8,7 @@ authentik provides several [standard policy types](./index.md#standard-policies) | ||||
|  | ||||
| We also document how to use a policy to [whitelist email domains](./expression/whitelist_email.md) and to [ensure unique email addresses](./expression/unique_email.md). | ||||
|  | ||||
| To learn more see also [bindings](../../add-secure-apps/flows-stages/bindings/index.md) and how to use the [authentik Wizard to bind policy bindings to the new application](../../add-secure-apps/applications/manage_apps.mdx#add-new-applications) (for example, to configure application-specific access). | ||||
| To learn more see also [bindings](../../add-secure-apps/flows-stages/bindings/index.md) and how to [bind policy bindings to a new application when yo create the application](../../add-secure-apps/applications/manage_apps.mdx#instructions) (for example, to configure application-specific access). | ||||
|  | ||||
| ## Create a policy | ||||
|  | ||||
|  | ||||
| @ -51,12 +51,12 @@ To assign or remove _object_ permissions for a specific user: | ||||
|     1. Click the **User Object Permissions** tab, and then click **Assign to new user**. | ||||
|     2. In the **User** drop-down, select the user object. | ||||
|     3. Use the toggles to set which permissions on that selected user object you want to grant to (or remove from) the specific user. | ||||
|     4. Click **Assign** to save your settings and close the modal. | ||||
|     4. Click **Assign** to save your settings and close the box. | ||||
| 5. To assign or remove permissions that another _role_ has on this specific user: | ||||
|     1. Click the **Role Object Permissions** tab, and then click **Assign to new role**. | ||||
|     2. In the **User** drop-down, select the user object. | ||||
|     3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role. | ||||
|     4. Click **Assign** to save your settings and close the modal. | ||||
|     4. Click **Assign** to save your settings and close the box. | ||||
|  | ||||
| To assign or remove _global_ permissions for a user: | ||||
|  | ||||
| @ -65,8 +65,8 @@ To assign or remove _global_ permissions for a user: | ||||
| 3. Click the **Permissions** tab at the top of the page. | ||||
| 4. Click **Assigned Global Permissions** to the left. | ||||
| 5. In the **Assign permissions** area, click **Assign Permission**. | ||||
| 6. In the **Assign permission to user** modal box, click the plus sign (**+**) and then click the checkbox beside each permission that you want to assign to the user. To remove permissions, deselect the checkbox. | ||||
| 7. Click **Add**, and then click **Assign** to save your changes and close the modal. | ||||
| 6. In the **Assign permission to user** box, click the plus sign (**+**) and then click the checkbox beside each permission that you want to assign to the user. To remove permissions, deselect the checkbox. | ||||
| 7. Click **Add**, and then click **Assign** to save your changes and close the box. | ||||
|  | ||||
| ### Assign or remove permissions on a specific group | ||||
|  | ||||
| @ -84,12 +84,12 @@ To assign or remove _object_ permissions on a specific group by users and roles: | ||||
|     1. Click **User Object Permissions** to the left, and then click **Assign to new user**. | ||||
|     2. In the **User** drop-down, select the user object. | ||||
|     3. Use the toggles to set which permissions on that selected group you want to grant to (or remove from) the specific user. | ||||
|     4. Click **Assign** to save your settings and close the modal. | ||||
|     4. Click **Assign** to save your settings and close the box. | ||||
| 4. To assign or remove permissions that another _role_ has on this specific group: | ||||
|     1. Click **Role Object Permissions** to the left, and then click **Assign to new role**. | ||||
|     2. In the **Role** drop-down, select the role. | ||||
|     3. Use the toggles to set which permissions you want to grant to (or remove from ) the selected role. | ||||
|     4. Click **Assign** to save your settings and close the modal. | ||||
|     4. Click **Assign** to save your settings and close the box. | ||||
|  | ||||
| ### Assign or remove permissions for a specific role | ||||
|  | ||||
| @ -102,12 +102,12 @@ To assign or remove _object_ permissions for a specific role: | ||||
|     1. Click **User Object Permissions** to the left, and then click **Assign to new user**. | ||||
|     2. In the **User** drop-down, select the user object. | ||||
|     3. Use the toggles to set which permissions on that role you want to grant to (or remove from) the selected user. | ||||
|     4. Click **Assign** to save your settings and close the modal. | ||||
|     4. Click **Assign** to save your settings and close the box. | ||||
| 4. To assign or remove permissions that another _role_ has on this specific group: | ||||
|     1. Click **Role Object Permissions** to the left, and then click **Assign to new role**. | ||||
|     2. In the **Role** drop-down, select the role. | ||||
|     3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role. | ||||
|     4. Click **Assign** to save your settings and close the modal. | ||||
|     4. Click **Assign** to save your settings and close the box. | ||||
|  | ||||
| To assign or remove _global_ permissions for a role: | ||||
|  | ||||
| @ -115,8 +115,8 @@ To assign or remove _global_ permissions for a role: | ||||
| 2. Select a specific role by clicking on the role's name. | ||||
| 3. Click the **Permissions** tab at the top of the page. | ||||
| 4. Click **Assigned Global Permissions** to the left, and then click **Assign Permission**. | ||||
| 5. In the **Assign permissions to role** modal, click the plus sign (**+**) and then click the checkbox beside each permission that you want to assign to the role. To remove permissions, deselect the checkbox. | ||||
| 6. Click **Assign** to save your changes and close the modal. | ||||
| 5. In the **Assign permissions to role** box, click the plus sign (**+**) and then click the checkbox beside each permission that you want to assign to the role. To remove permissions, deselect the checkbox. | ||||
| 6. Click **Assign** to save your changes and close the box. | ||||
|  | ||||
| ### Assign or remove flow permissions | ||||
|  | ||||
| @ -129,4 +129,4 @@ To assign or remove _global_ permissions for a role: | ||||
|  | ||||
| 1. Go to the Admin interface and navigate to **Flows and Stages -> Stagess**. | ||||
| 2. On the row for the specific stage that you want to manage permissions, click the **lock icon**. | ||||
| 3. On the **Update Permissions** modal window, you can add or remove the assigned permissions using the **User Object Permissions** and the **Role Object Permissions** tabs. | ||||
| 3. On the **Update Permissions** box, you can add or remove the assigned permissions using the **User Object Permissions** and the **Role Object Permissions** tabs. | ||||
|  | ||||
| @ -11,7 +11,7 @@ To create a new group, follow these steps: | ||||
|  | ||||
| 1. In the Admin interface, navigate to **Directory > Groups**. | ||||
| 2. Click **Create** at the top of the Groups page. | ||||
| 3. In the Create modal, define the following: | ||||
| 3. In the Create box, define the following: | ||||
|     - **Name** of the group | ||||
|     - Whether or not users in that group will all be **super-users** (means anyone in that group has all permissions on everything) | ||||
|     - The **Parent** group | ||||
|  | ||||
| @ -14,7 +14,7 @@ In authentik, we assign roles to groups, not to individual users. | ||||
| To create a new role, follow these steps: | ||||
|  | ||||
| 1. In the Admin interface, navigate to **Directory > Roles**. | ||||
| 2. Click **Create**, enter the name of the role, and then click **Create** in the modal. | ||||
| 2. Click **Create**, enter the name of the role, and then click **Create** in the box. | ||||
| 3. Next, [assign permissions to the role](../access-control/manage_permissions.md#assign-or-remove-permissions-for-a-specific-role). | ||||
|  | ||||
| ## Modify a role | ||||
| @ -44,5 +44,5 @@ In authentik, each role can only be applied to a single group at a time. | ||||
| 1. To assign the role to a group, navigate to **Directory -> Groups**. | ||||
| 2. Click the name of the group to which you want to add a role. | ||||
| 3. On the group's detail page, on the Overview tab, click **Edit** in the **Group Info** area. | ||||
| 4. On the **Update Group** modal, in the **Roles** field, select the roles you want to assign to the group from the list of **Available Roles** in the left box (you can select multiple roles at once by holding the Shift key while selecting the roles), and then click the appropriate arrow icon to move them into the **Selected Roles** box. | ||||
| 5. Click **Update** to add the role(s) and close the modal. | ||||
| 4. On the **Update Group** box, in the **Roles** field, select the roles you want to assign to the group from the list of **Available Roles** in the left box (you can select multiple roles at once by holding the Shift key while selecting the roles), and then click the appropriate arrow icon to move them into the **Selected Roles** box. | ||||
| 5. Click **Update** to add the role(s) and close the box. | ||||
|  | ||||
| @ -8,7 +8,7 @@ The base SCIM URL is in the format of `https://authentik.company/source/scim/<so | ||||
|  | ||||
| ## First steps | ||||
|  | ||||
| To set up an SCIM source, log in as an administrator into authentik. Navigate to **Directory->Federation & Social login**, and click on **Create**. Select the **SCIM Source** type in the wizard, and give the source a name. | ||||
| To set up an SCIM source, log in as an administrator into authentik. Navigate to **Directory->Federation & Social login**, and click on **Create**. Select the **SCIM Source** type, and give the source a name. | ||||
|  | ||||
| After the source is created, click on the name of the source in the list, and you will see the **SCIM Base URL** which is used by the SCIM client. Use the **Click to copy token** button to copy the token which is used by the client to authenticate SCIM requests. | ||||
|  | ||||
|  | ||||
| @ -50,7 +50,7 @@ Finally, you need to publish the Facebook app. | ||||
|  | ||||
| 1. Log into authentik as admin, and then navigate to **Directory -> Federation & Social login** | ||||
| 2. Click **Create**. | ||||
| 3. In the **New Source** modal box, for **Select type** select **Facebook OAuth Source** and then click **Next**. | ||||
| 3. In the **New Source** box, for **Select type** select **Facebook OAuth Source** and then click **Next**. | ||||
| 4. Define the following fields: | ||||
|     - **Name**: provide a descriptive name | ||||
|     - **Slug**: leave default value (If you choose a different slug then the default, the URL will need to be updated to reflect the change) | ||||
| @ -64,7 +64,7 @@ Finally, you need to publish the Facebook app. | ||||
|     - **Flow settings** | ||||
|         - **Authentication flow**: leave the default `default-source-authentication` option. | ||||
|         - **Enrollment flow**: leave the default `default-source-enrollment` option. | ||||
| 5. Click **Finish** to save your settings and close the modal box. | ||||
| 5. Click **Finish** to save your settings and close the box. | ||||
|  | ||||
| You now have Facebook as a source. Verify by checking that appears on the **Directory -> Federation & Social login** page in authentik. | ||||
|  | ||||
|  | ||||
| @ -137,7 +137,7 @@ Start by logging into your authentik instance as an administrator and navigating | ||||
|  | ||||
| In the Admin interface, navigate to **Directory -> Federation & Social login** and press **Create**. | ||||
|  | ||||
| In the **New source** modal, choose **SAML Source** and continue by filling in the following fields: | ||||
| In the **New source** box, choose **SAML Source** and continue by filling in the following fields: | ||||
|  | ||||
| | Field | Value            | | ||||
| | ----- | ---------------- | | ||||
|  | ||||
| @ -31,7 +31,7 @@ At the top of the Flows page, click **Import**, and then select the `flows-enrol | ||||
|  | ||||
| **Step 3. Create the invitation object** | ||||
|  | ||||
| In the Admin UI, navigate to **Directory --> Invitations**, and then click **Create** to open the **Create Invitation** modal. Define the following fields: | ||||
| In the Admin UI, navigate to **Directory --> Invitations**, and then click **Create** to open the **Create Invitation** box. Define the following fields: | ||||
|  | ||||
| - **Name**: provide a name for your invitation object. | ||||
| - **Expires**: select a date for when you want the invitation to expire. | ||||
| @ -42,7 +42,7 @@ In the Admin UI, navigate to **Directory --> Invitations**, and then click **Cre | ||||
|  | ||||
| - **Single use**: specify whether or not you want the invitation to expire after a single use. | ||||
|  | ||||
| Click **Save** to save the new invitation and close the modal and return to the **Invitations** page. | ||||
| Click **Save** to save the new invitation and close the box and return to the **Invitations** page. | ||||
|  | ||||
| **Step 3. Email the invitation** | ||||
|  | ||||
|  | ||||
| @ -24,11 +24,12 @@ This documentation lists only the settings that you need to change from their de | ||||
| ## authentik configuration | ||||
|  | ||||
| 1. From the authentik Admin interface navigate to **Applications** -> **Applications** on the left sidebar. | ||||
| 2. Create an application and an OAuth2/OpenID provider using the [wizard](https://docs.goauthentik.io/docs/add-secure-apps/applications/manage_apps#add-new-applications). | ||||
|  | ||||
| 2. Create an application and an OAuth2/OpenID provider using the [Application modal](https://docs.goauthentik.io/docs/add-secure-apps/applications/manage_apps#instructions). | ||||
|     - Note the application slug, client ID, and client secret, as they will be required later. | ||||
|     - Set a strict redirect URI to `https://chronograf.company/oauth/authentik/callback`. | ||||
|     - Choose a signing key (any available key is acceptable). | ||||
| 3. Complete and submit the settings to close the wizard. | ||||
| 3. Complete and submit the settings to close the modal. | ||||
|  | ||||
| ## Chronograf configuration | ||||
|  | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	 Tana M Berry
					Tana M Berry