website: split integrations partially (#15076)

* config for split

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update alllll the links

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add redirect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add separate job for integrations build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update website/netlify.toml

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Jens L. <jens@beryju.org>

* Revert "update alllll the links"

This reverts commit 872c5870a8.

* absolute relative URLs only

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* but use a plugin to rewrite them

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix external URL regex

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make rewrite plugin more re-usable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix the reverse links

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix root redirect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix rediret

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix root redirect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix redirect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
#	.github/workflows/ci-website.yml
#	website/docusaurus.config.esm.mjs

.github/workflows/ci-website.yml

@@ -49,6 +49,7 @@ jobs:
       matrix:
         job:
           - build
+          - build:integrations
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4

website/docs/add-secure-apps/providers/gws/add-gws-provider.md

@@ -10,7 +10,7 @@ For more information about using a Google Workspace provider, see the [Overview]
 To create a Google Workspace provider in authentik, you must have already [configured Google Workspace](./setup-gws.md) to integrate with authentik.
 
 :::info
-When adding the Google Workspace provider in authentik, you must define the **Backchannel provider** using the name of the Google Workspace provider that you created in authentik. If you have also configured Google Workspace to log in using authentik following [these](../../../../integrations/services/google/), then this configuration can be done on the same app.
+When adding the Google Workspace provider in authentik, you must define the **Backchannel provider** using the name of the Google Workspace provider that you created in authentik. If you have also configured Google Workspace to log in using authentik following [these](/integrations/services/google/), then this configuration can be done on the same app.
 :::
 
 ### Create the Google Workspace provider in authentik

website/docs/releases/2025/v2025.4.md

@@ -81,20 +81,20 @@ Previously, sessions were stored by default in the cache. Now, they are stored i
 
 An integration is a how authentik connects to third-party applications, directories, and other identity providers. The following integration guides were recently added.
 
-- [Apple Business Manager](../../../integrations/services/apple/)
-- [FleetDM](../../../integrations/services/fleet/)
-- [Gravity](../../../integrations/services/gravity/)
-- [Homarr](../../../integrations/services/homarr/)
-- [KnocKnoc](../../../integrations/services/knocknoc)
-- [Mautic](../../../integrations/services/mautic/)
-- [Mailcow](../../../integrations/services/mailcow/)
-- [Mealie](../../../integrations/services/mealie/)
-- [OpenProject](../../../integrations/services/openproject)
-- [Sidero Omni](../../../integrations/services/omni)
-- [Tandoor](../../../integrations/services/tandoor/)
-- [Wazuh](../../../integrations/services/wazuh)
-- [XCreds](../../../integrations/services/xcreds)
-- [Zipline](../../../integrations/services/zipline/)
+- [Apple Business Manager](/integrations/services/apple/)
+- [FleetDM](/integrations/services/fleet/)
+- [Gravity](/integrations/services/gravity/)
+- [Homarr](/integrations/services/homarr/)
+- [KnocKnoc](/integrations/services/knocknoc)
+- [Mautic](/integrations/services/mautic/)
+- [Mailcow](/integrations/services/mailcow/)
+- [Mealie](/integrations/services/mealie/)
+- [OpenProject](/integrations/services/openproject)
+- [Sidero Omni](/integrations/services/omni)
+- [Tandoor](/integrations/services/tandoor/)
+- [Wazuh](/integrations/services/wazuh)
+- [XCreds](/integrations/services/xcreds)
+- [Zipline](/integrations/services/zipline/)
 
 ## Upgrading
 

website/docs/releases/2025/v2025.6.md

@@ -37,15 +37,15 @@ slug: "/releases/2025.6"
 
 An integration is how authentik connects to third-party applications, directories, and other identity providers. The following integration guides were recently added to our documentation:
 
-- [Atlassian Cloud (Jira, Confluence, etc)](../../../integrations/services/atlassian/)
-- [Coder](../../../integrations/services/coder/)
-- [FileRise](../../../integrations/services/filerise/)
-- [Komodo](../../../integrations/services/komodo/)
-- [Pangolin](../../../integrations/services/pangolin/)
-- [Push Security](../../../integrations/services/push-security/)
-- [Stripe](../../../integrations/services/stripe/)
-- [Tailscale](../../../integrations/services/tailscale/)
-- [YouTrack](../../../integrations/services/youtrack/)
+- [Atlassian Cloud (Jira, Confluence, etc)](/integrations/services/atlassian/)
+- [Coder](/integrations/services/coder/)
+- [FileRise](/integrations/services/filerise/)
+- [Komodo](/integrations/services/komodo/)
+- [Pangolin](/integrations/services/pangolin/)
+- [Push Security](/integrations/services/push-security/)
+- [Stripe](/integrations/services/stripe/)
+- [Tailscale](/integrations/services/tailscale/)
+- [YouTrack](/integrations/services/youtrack/)
 
 ## Upgrading
 

website/docs/users-sources/sources/social-logins/google/index.mdx

@@ -10,7 +10,7 @@ This page provides an overview of how to configure each protocol as a federated
 :::info{title="authentik as a third-party IdP"}
 authentik can also be configuration to authenticate users into Google services.
 
-For more information, see the [Google Workspace Integration](../../../../../integrations/services/google/) guide.
+For more information, see the [Google Workspace Integration](/integrations/services/google/) guide.
 
 ## Google Cloud (OAuth)
 

website/docusaurus.config.esm.mjs

@@ -11,6 +11,7 @@ import remarkDirective from "remark-directive";
 import remarkGithub, { defaultBuildUrl } from "remark-github";
 
 import remarkEnterpriseDirective from "./remark/enterprise-directive.mjs";
+import remarkLinkRewrite from "./remark/link-rewrite-directive.mjs";
 import remarkPreviewDirective from "./remark/preview-directive.mjs";
 import remarkSupportDirective from "./remark/support-directive.mjs";
 import remarkVersionDirective from "./remark/version-directive.mjs";
@@ -43,9 +44,10 @@ const config = createDocusaurusConfig({
                     target: "_self",
                 },
                 {
-                    to: "integrations/",
+                    to: "https://integrations.goauthentik.io",
                     label: "Integrations",
                     position: "left",
+                    target: "_self",
                 },
                 {
                     to: "docs/",
@@ -86,6 +88,7 @@ const config = createDocusaurusConfig({
             appId: "36ROD0O0FV",
             apiKey: "727db511300ca9aec5425645bbbddfb5",
             indexName: "goauthentik",
+            externalUrlRegex: /(:\/\/goauthentik\.io|integrations\.goauthentik\.io)/.toString(),
         },
     },
     presets: [
@@ -94,6 +97,7 @@ const config = createDocusaurusConfig({
             /** @type {Preset.Options} */ ({
                 docs: {
                     id: "docs",
+                    routeBasePath: "docs",
                     sidebarPath: "./sidebars/docs.mjs",
                     showLastUpdateTime: false,
                     editUrl: "https://github.com/goauthentik/authentik/edit/main/website/",
@@ -101,6 +105,9 @@ const config = createDocusaurusConfig({
 
                     beforeDefaultRemarkPlugins: [
                         remarkDirective,
+                        remarkLinkRewrite(
+                            new Map([["/integrations", "https://integrations.goauthentik.io"]]),
+                        ),
                         remarkVersionDirective,
                         remarkEnterpriseDirective,
                         remarkPreviewDirective,
@@ -131,16 +138,6 @@ const config = createDocusaurusConfig({
         ],
     ],
     plugins: [
-        [
-            "@docusaurus/plugin-content-docs",
-            {
-                id: "docsIntegrations",
-                path: "integrations",
-                routeBasePath: "integrations",
-                sidebarPath: "./sidebars/integrations.mjs",
-                editUrl: "https://github.com/goauthentik/authentik/edit/main/website/",
-            },
-        ],
         [
             "docusaurus-plugin-openapi-docs",
             {

website/integrations/docusaurus.config.cjs

@@ -0,0 +1,12 @@
+/**
+ * @file CommonJS Docusaurus config adapter.
+ *
+ * This exists to allow an ESM Docusaurus configuration to be imported in a CommonJS.
+ *
+ * @import Config from "./docusaurus.config.esm.mjs"
+ */
+
+/**
+ * @see {@linkcode Config} for the Docusaurus configuration type.
+ */
+module.exports = import("./docusaurus.config.esm.mjs").then(($) => $.default);

website/integrations/docusaurus.config.esm.mjs

@@ -0,0 +1,139 @@
+/**
+ * @file Docusaurus config.
+ *
+ * @import * as Preset from "@docusaurus/preset-classic";
+ * @import { BuildUrlValues } from "remark-github";
+ */
+import { createDocusaurusConfig } from "@goauthentik/docusaurus-config";
+import { createRequire } from "node:module";
+import remarkDirective from "remark-directive";
+import remarkGithub, { defaultBuildUrl } from "remark-github";
+
+import remarkEnterpriseDirective from "../remark/enterprise-directive.mjs";
+import remarkLinkRewrite from "../remark/link-rewrite-directive.mjs";
+import remarkPreviewDirective from "../remark/preview-directive.mjs";
+import remarkSupportDirective from "../remark/support-directive.mjs";
+import remarkVersionDirective from "../remark/version-directive.mjs";
+
+const require = createRequire(import.meta.url);
+
+/**
+ * Documentation site configuration for Docusaurus.
+ */
+const config = createDocusaurusConfig({
+    url: "https://integrations.goauthentik.io",
+    future: {
+        experimental_faster: true,
+    },
+    themes: ["@docusaurus/theme-mermaid"],
+    themeConfig: {
+        image: "img/social.png",
+        navbar: {
+            logo: {
+                alt: "authentik logo",
+                src: "img/icon_left_brand.svg",
+                href: "https://goauthentik.io/",
+                target: "_self",
+            },
+            items: [
+                {
+                    to: "https://goauthentik.io/features",
+                    label: "Features",
+                    position: "left",
+                    target: "_self",
+                },
+                {
+                    to: "integrations/",
+                    label: "Integrations",
+                    position: "left",
+                },
+                {
+                    to: "https://docs.goauthentik.io",
+                    label: "Documentation",
+                    position: "left",
+                    target: "_self",
+                },
+                {
+                    to: "https://goauthentik.io/pricing/",
+                    label: "Pricing",
+                    position: "left",
+                    target: "_self",
+                },
+                {
+                    to: "https://goauthentik.io/blog",
+                    label: "Blog",
+                    position: "left",
+                    target: "_self",
+                },
+                {
+                    "href": "https://github.com/goauthentik/authentik",
+                    "data-icon": "github",
+                    "aria-label": "GitHub",
+                    "position": "right",
+                },
+                {
+                    "href": "https://goauthentik.io/discord",
+                    "data-icon": "discord",
+                    "aria-label": "Discord",
+                    "position": "right",
+                },
+            ],
+        },
+        footer: {
+            links: [],
+            copyright: `Copyright © ${new Date().getFullYear()} Authentik Security Inc. Built with Docusaurus.`,
+        },
+        algolia: {
+            appId: "36ROD0O0FV",
+            apiKey: "727db511300ca9aec5425645bbbddfb5",
+            indexName: "goauthentik",
+            externalUrlRegex: /(:\/\/goauthentik\.io|docs\.goauthentik\.io)/.toString(),
+        },
+    },
+    presets: [
+        [
+            "@docusaurus/preset-classic",
+            /** @type {Preset.Options} */ ({
+                docs: {
+                    id: "docsIntegrations",
+                    path: "integrations",
+                    routeBasePath: "integrations",
+                    sidebarPath: "./sidebars/integrations.mjs",
+                    editUrl: "https://github.com/goauthentik/authentik/edit/main/website/",
+                    showLastUpdateTime: false,
+
+                    beforeDefaultRemarkPlugins: [
+                        remarkDirective,
+                        remarkLinkRewrite(new Map([["/docs", "https://docs.goauthentik.io"]])),
+                        remarkVersionDirective,
+                        remarkEnterpriseDirective,
+                        remarkPreviewDirective,
+                        remarkSupportDirective,
+                    ],
+                    remarkPlugins: [
+                        [
+                            remarkGithub,
+                            {
+                                repository: "goauthentik/authentik",
+                                /**
+                                 * @param {BuildUrlValues} values
+                                 */
+                                buildUrl: (values) => {
+                                    // Only replace issues and PR links
+                                    return values.type === "issue" || values.type === "mention"
+                                        ? defaultBuildUrl(values)
+                                        : false;
+                                },
+                            },
+                        ],
+                    ],
+                },
+                theme: {
+                    customCss: require.resolve("@goauthentik/docusaurus-config/css/index.css"),
+                },
+            }),
+        ],
+    ],
+});
+
+export default config;

website/integrations/index.mdx

@@ -12,12 +12,12 @@ Integrations are categorized into two categories: **Applications** and **Sources
 
 Applications include vendor tools such as Google Workspace, GitHub, Slack, or AWS. These applications can be integrated with authentik to provide single sign-on capabilities to securely authenticate users.
 
-If you want to integrate an application that isn't listed, authentik can be configured to work with most applications that support authentication protocols such as [SAML](../docs/add-secure-apps/providers/saml), [OAuth and OpenID Connect](../docs/add-secure-apps/providers/oauth2).
+If you want to integrate an application that isn't listed, authentik can be configured to work with most applications that support authentication protocols such as [SAML](/docs/add-secure-apps/providers/saml), [OAuth and OpenID Connect](/docs/add-secure-apps/providers/oauth2).
 
 To learn more, refer to the [Applications](../integrations/services) page.
 
 ### Federated and social sources
 
-Sources are a way for authentik to use external user credentials for authentication. Supported integrations with external sources via authentik include federated directories like Active Directory and social logins such as Facebook, Twitter, etc. These integrations support all major protocols, including [LDAP](../docs/users-sources/sources/protocols/ldap), [SCIM](../docs/users-sources/sources/protocols/scim), [SAML](../docs/users-sources/sources/protocols/saml), and [OAuth and OpenID Connect](../docs/users-sources/sources/protocols/oauth)
+Sources are a way for authentik to use external user credentials for authentication. Supported integrations with external sources via authentik include federated directories like Active Directory and social logins such as Facebook, Twitter, etc. These integrations support all major protocols, including [LDAP](/docs/users-sources/sources/protocols/ldap), [SCIM](/docs/users-sources/sources/protocols/scim), [SAML](/docs/users-sources/sources/protocols/saml), and [OAuth and OpenID Connect](/docs/users-sources/sources/protocols/oauth)
 
-To learn more, refer to the [Sources](../docs/users-sources/sources) page.
+To learn more, refer to the [Sources](/docs/users-sources/sources) page.

website/integrations/services/apple/index.md

@@ -209,7 +209,7 @@ You can always find your provider's generated values by navigating to **Provider
 
 ### 4. Create Shared Signals Framework provider
 
-While the OIDC provider handles the authentication flow, you'll need to create a [Shared Signals Framework provider](../../../docs/add-secure-apps/providers/ssf/) to handle the backchannel communication between authentik and Apple Business Manager.
+While the OIDC provider handles the authentication flow, you'll need to create a [Shared Signals Framework provider](/docs/add-secure-apps/providers/ssf/) to handle the backchannel communication between authentik and Apple Business Manager.
 
 1. From the authentik Admin interface, navigate to **Applications -> Providers** and click **Create**.
 2. Select **Shared Signals Framework Provider** and use the following values.

website/integrations/services/mautic/index.md

@@ -16,7 +16,7 @@ The following placeholders are used in this guide:
 
 - `mautic.company` is the FQDN of the Mautic installation.
 - `authentik.company` is the FQDN of the authentik installation.
-- `mautic-provider` is the [SAML provider](../../../docs/add-secure-apps/providers/saml) whose settings will be imported into Mautic.
+- `mautic-provider` is the [SAML provider](/docs/add-secure-apps/providers/saml) whose settings will be imported into Mautic.
 
 :::info
 This documentation lists only the settings that you need to change from their default values.
@@ -39,7 +39,7 @@ To support the integration of Mautic with authentik, you need to create property
 
 ### Create property mappings
 
-Because Mautic requires a first name and last name attribute, create two [SAML provider property mappings](../../../docs/users-sources/sources/property-mappings):
+Because Mautic requires a first name and last name attribute, create two [SAML provider property mappings](/docs/users-sources/sources/property-mappings):
 
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Customization** > **Property Mappings** and click **Create**:

website/integrations/services/push-security/index.mdx

@@ -93,7 +93,7 @@ Push Security requires separate first and last names for each user, but authenti
 5. Click **Next**.
 6. Choose **Manual**, and enter the following as the **Single Sign-On Login URL**: `https://authentik.company/application/saml/<application-slug>/sso/binding/post/`
 7. Click **Upload signing certificate**, and upload the certificate downloaded from authentik.
-8. _(Optional but recommended)_ Under **Advanced Settings**, enable **Sign request**. Then download the verification certificate. You’ll need to import this into authentik. Refer to the [authentik certificate documentation](../../../docs/sys-mgmt/certificates#external-certificates) for guidance.
+8. _(Optional but recommended)_ Under **Advanced Settings**, enable **Sign request**. Then download the verification certificate. You’ll need to import this into authentik. Refer to the [authentik certificate documentation](/docs/sys-mgmt/certificates#external-certificates) for guidance.
 9. Click **Next**.
 10. On the **Attribute Mapping** page, click **Next** without making changes.
 11. Leave the **Test SSO** page open. You’ll return to it after completing the next section.

website/integrations/services/sssd/index.md

@@ -36,12 +36,12 @@ This documentation lists only the settings that you need to change from their de
 :::
 
 :::warning
-The provider configuration assumes that connections to the outpost use LDAPS, with properly configured certificates on both authentik and the host running sssd. LDAPS is the recommended protocol for secure communication. For details on setting up SSL and StartTLS on the outpost, refer to [authentik’s LDAP provider documentation](../../../docs/add-secure-apps/providers/ldap#ssl--starttls).
+The provider configuration assumes that connections to the outpost use LDAPS, with properly configured certificates on both authentik and the host running sssd. LDAPS is the recommended protocol for secure communication. For details on setting up SSL and StartTLS on the outpost, refer to [authentik’s LDAP provider documentation](/docs/add-secure-apps/providers/ldap#ssl--starttls).
 :::
 
 ## authentik configuration
 
-Follow [official documentation](../../../docs/add-secure-apps/outposts/#create-and-configure-an-outpost) to create an **LDAP outpost**. If you already have an LDAP outpost configured, you can use it without additional setup. No further configuration in authentik is needed.
+Follow [official documentation](/docs/add-secure-apps/outposts/#create-and-configure-an-outpost) to create an **LDAP outpost**. If you already have an LDAP outpost configured, you can use it without additional setup. No further configuration in authentik is needed.
 
 ## sssd configuration
 

website/integrations/services/thelounge/index.md

@@ -29,7 +29,7 @@ This documentation lists only the settings that you need to change from their de
 
 ## authentik configuration
 
-Follow [official documentation](../../../docs/add-secure-apps/outposts/#create-and-configure-an-outpost) to create an **LDAP outpost**. If you already have an LDAP outpost configured, you can use it without additional setup. No further configuration in authentik is needed.
+Follow [official documentation](/docs/add-secure-apps/outposts/#create-and-configure-an-outpost) to create an **LDAP outpost**. If you already have an LDAP outpost configured, you can use it without additional setup. No further configuration in authentik is needed.
 
 ### The Lounge configuration
 

website/netlify.toml

@@ -51,6 +51,12 @@
   to = "/docs/sources/:splat"
   status = 302
 
+# Split integrations to separate deploy
+[[redirects]]
+  from = "/integrations/*"
+  to = "https://integrations.goauthentik.io/integrations/:splat"
+  status = 302
+
 # Split Property Mappings docs between Providers and Sources
 [[redirects]]
   from = "/docs/property-mappings/"

website/package.json

@@ -9,6 +9,7 @@
         "build:api": "docusaurus gen-api-docs all",
         "build:docker": "cp ../docker-compose.yml ./static/docker-compose.yml",
         "build:docusaurus": "cross-env NODE_OPTIONS='--max_old_space_size=65536' docusaurus build",
+        "build:integrations": "cross-env NODE_OPTIONS='--max_old_space_size=65536' docusaurus build --config integrations/docusaurus.config.cjs",
         "build:schema": "cp -f ../schema.yml ./static/schema.yml",
         "deploy": "docusaurus deploy",
         "docusaurus": "docusaurus",
@@ -21,7 +22,8 @@
         "start": "docusaurus start",
         "swizzle": "docusaurus swizzle",
         "test": "node --test",
-        "watch": "run-s build:schema build:api start"
+        "watch": "run-s build:schema build:api start",
+        "watch:integrations": "docusaurus start --config integrations/docusaurus.config.cjs"
     },
     "dependencies": {
         "@docusaurus/core": "^3.7.0",

website/remark/link-rewrite-directive.mjs

@@ -0,0 +1,31 @@
+/**
+ * @import { Root } from "mdast";
+ */
+import { visit } from "unist-util-visit";
+
+/**
+ * Remark plugin to transform relative links to docs to absolute URLs
+ * @param {Map<string, string>} rewriteMap Map of urls to rewrite where the key is the prefix to check for and the value is the domain to add
+ */
+function remarkLinkRewrite(rewriteMap) {
+    return () => {
+        /**
+         * @param {Root} tree The MDAST tree to transform.
+         */
+        return async (tree) => {
+            visit(tree, (node) => {
+                if (node.type !== "link") {
+                    return;
+                }
+                rewriteMap.forEach((v, k) => {
+                    if (!node.url.startsWith(k)) {
+                        return;
+                    }
+                    node.url = `${v}${node.url}`;
+                });
+            });
+        };
+    };
+}
+
+export default remarkLinkRewrite;

website/src/pages/index.tsx

@@ -1,8 +1,27 @@
+import { PluginOptions } from "@docusaurus/plugin-content-docs";
+import { Options } from "@docusaurus/preset-classic";
 import { Redirect } from "@docusaurus/router";
+import { PresetConfigDefined } from "@docusaurus/types";
+import useDocusaurusContext from "@docusaurus/useDocusaurusContext";
 import React from "react";
 
 function Home() {
-    return <Redirect to="/docs" />;
+    const { siteConfig } = useDocusaurusContext();
+    const presets = siteConfig.presets as PresetConfigDefined[];
+    const presetClassic = presets
+        .filter((v) => {
+            return !(v instanceof String);
+        })
+        .filter(([name, _]) => {
+            return name === "@docusaurus/preset-classic";
+        })
+        .map(([_, config]) => {
+            return config;
+        });
+    const presetConfig = presetClassic[0] as Options;
+    const docsConfig = presetConfig.docs as PluginOptions;
+    const presetURL = `/${docsConfig.routeBasePath}`;
+    return <Redirect to={presetURL} />;
 }
 
 export default Home;