website/integrations: fix typos, update language and styling (#14978)

* Typo and improved language * Changes "admin" to "administrator" and updates indentation * Updates miniflux to newer styling * Combines two notes at beginning of jellyfin doc into one * Replaces all "your application slug" with "application_slug" and replaces tags that are no longer in use * Replaces tags that are no longer in use * Updates immich indentation, application_slug and removes tags * Updated bookstack indentation, tags and application slug * Removes kbd and em tags, and updates the application slug * Gix metadata header in bookstack doc * Lint fix miniflux * ArgoCD indentation --------- Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
2025-06-10 12:48:49 +01:00
parent 74b5380f32
commit 6d4c9a3446
21 changed files with 108 additions and 115 deletions
--- a/website/integrations/services/actual-budget/index.mdx
+++ b/website/integrations/services/actual-budget/index.mdx
@ -33,13 +33,13 @@ To support the integration of Actual Budget with authentik, you need to create a
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)

- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
-    - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
-    - Set a `Strict` redirect URI to `https://actual.company/openid/callback`.
-    - Select any available signing key. Actual Budget only supports the RS256 algorithm. Be aware of this when choosing a signing key.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
+    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
+    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
+    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
+        - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
+        - Set a `Strict` redirect URI to `https://actual.company/openid/callback`.
+        - Select any available signing key. Actual Budget only supports the RS256 algorithm. Be aware of this when choosing a signing key.
+    - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.

 3. Click **Submit** to save the new application and provider.

@ -56,7 +56,7 @@ To support the integration of Actual Budget with authentik, you need to create a
  You can configure OpenID Connect with Actual Budget by adding the following variables to your `.env` file.

    ```yaml showLineNumbers
-    ACTUAL_OPENID_DISCOVERY_URL=https://authentik.company/application/o/<your-application-slug>/
+    ACTUAL_OPENID_DISCOVERY_URL=https://authentik.company/application/o/<application_slug>/
    ACTUAL_OPENID_CLIENT_ID=Your Client ID from authentik
    ACTUAL_OPENID_CLIENT_SECRET=Your Client Secret from authentik
    ACTUAL_OPENID_SERVER_HOSTNAME=https://actual.company
@ -69,7 +69,7 @@ You can configure Actual Budget to authenticate users with OpenID Connect by mod

 ```json showLineNumbers title="/data/config.json"
  "openId": {
-          "issuer": "https://authentik.company/application/o/<your-application-slug>/",
+          "issuer": "https://authentik.company/application/o/<application_slug>/",
          "client_id": "<Client ID from authentik>",
          "client_secret": "<Client Secret from authentik>",
          "server_hostname": "https://actual.company",
@ -89,7 +89,7 @@ Alternatively, it is possible to configure OpenID Connect via the UI.
      5. Scroll up and click **Start using OpenID** under the **Authentication method** section.
      6. Fill in the following values:
          - **OpenID Provider**: authentik
-          - **OpenID provider URL**: `https://authentik.company/application/o/your-application-slug/`
+          - **OpenID provider URL**: `https://authentik.company/application/o/<application_slug>/`
          - **Client ID**: Enter the **Client ID** from authentik
          - **Client Secret**: Enter the **Client Secret** from authentik

--- a/website/integrations/services/adventurelog/index.mdx
+++ b/website/integrations/services/adventurelog/index.mdx
@ -56,7 +56,7 @@ To support the integration of AdventureLog with authentik, you need to create an
        - **Secret Key**: Enter the Client Secret from authentik
        - **Key**: Leave this line blank
        - Under **Settings**:
-            - **server_url**: <kbd><em>https://authentik.company</em>/application/o/<em>your-application-slug</em>/</kbd>
+            - **server_url**: `https://authentik.company/application/o/<application_slug>/`
            - **Sites**: move over the sites you want to enable authentik on, usually `example.com` and `www.example.com` unless you renamed your sites.

 ### Linking to Existing Account
--- a/website/integrations/services/argocd/index.md
+++ b/website/integrations/services/argocd/index.md
@ -30,19 +30,19 @@ To support the integration of ArgoCD with authentik, you need to create an appli
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)

- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
-    - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
-    - Add two `Strict` redirect URI and set them to `https://argocd.company/api/dex/callback` and `https://localhost:8085/auth/callback`.
-    - Select any available signing key.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
+    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
+    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
+    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
+        - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
+        - Add two `Strict` redirect URI and set them to `https://argocd.company/api/dex/callback` and `https://localhost:8085/auth/callback`.
+        - Select any available signing key.
+    - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.

 3. Click **Submit** to save the new application and provider.

 ### Create the users and administrator groups

-Using the authentik Admin interface, navigate to **Directory** -> **Groups** and click **Create** to create two required groups: `ArgoCD Admins` for administrator users and `ArgoCD Viewers` for read-only users.
+Using the authentik Admin interface, navigate to **Directory** > **Groups** and click **Create** to create two required groups: `ArgoCD Admins` for administrator users and `ArgoCD Viewers` for read-only users.

 After creating the groups, select a group, navigate to the **Users** tab, and manage its members by using the **Add existing user** and **Create user** buttons as needed.

--- a/website/integrations/services/atlassian/index.mdx
+++ b/website/integrations/services/atlassian/index.mdx
@ -79,9 +79,9 @@ To support the integration of Atlassian Cloud with authentik, you need to create

 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Providers** and click the **Edit** icon of the newly created Atlassian Cloud provider.
-3. Under **Protocol settgins**, set the following required configurations:
-    - **ACS URL**: set the acs url to the copied **Service provider assertion consumer service URL** (e.g. https://auth.atlassian.com/login/callback?connection=saml-example).
-    - **Audience**: set the audience to the copied **Service provider entity URL** (e.g. https://auth.atlassian.com/saml/example).
+3. Under **Protocol settings**, set the following required configurations:
+    - **ACS URL**: set to the **Service provider assertion consumer service URL** from Atlassian Cloud (e.g. https://auth.atlassian.com/login/callback?connection=saml-example).
+    - **Audience**: set to the **Service provider entity URL** from Atlassian Cloud (e.g. https://auth.atlassian.com/saml/example).
 4. Click **Update**

 ## Enabling SSO in Atlassian Cloud
--- a/website/integrations/services/aws/index.mdx
+++ b/website/integrations/services/aws/index.mdx
@ -30,7 +30,7 @@ import Tabs from "@theme/Tabs";
 ### Prerequisites

 - An AWS account with permissions to create IAM roles and identity providers
- An authentik instance with admin access
+- An authentik instance with administrator access

 ### authentik configuration

@ -111,7 +111,7 @@ To support the integration of AWS with authentik using the classic IAM method, y
 ### Prerequisites

 - An AWS account with IAM Identity Center enabled
- An authentik instance with admin access
+- An authentik instance with administrator access
 - A certificate for signing SAML assertions (you can use authentik's default or provide your own)

 ### authentik configuration
@ -152,8 +152,8 @@ To support the integration of AWS with authentik using IAM Identity Center, you
 ### Prerequisites

 - Completed either Classic IAM or IAM Identity Center setup
- AWS Identity Center enabled with admin access
- authentik instance with admin access
+- AWS Identity Center enabled with administrator access
+- authentik instance with administrator access

 ### authentik configuration

--- a/website/integrations/services/bookstack/index.mdx
+++ b/website/integrations/services/bookstack/index.mdx
@ -45,13 +45,13 @@ To support the integration of BookStack with authentik, you need to create an ap
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)

- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
-    - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later.
-    - Set a `Strict` redirect URI to <kbd>https://<em>bookstack.company</em>/oidc/callback/</kbd>.
-    - Select any available signing key.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
+    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
+    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
+    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
+        - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later.
+        - Set a `Strict` redirect URI to `https://bookstack.company/oidc/callback/`.
+        - Select any available signing key.
+    - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.

 3. Click **Submit** to save the new application and provider.

@ -66,7 +66,7 @@ Once that's done, the next step is to update your `.env` file to include the fol
    OIDC_DISPLAY_NAME_CLAIMS=name # Claim(s) for the user's display name. Can have multiple attributes listed, separated with a '|' in which case those values will be joined with a space.
    OIDC_CLIENT_ID=<Client ID from authentik>
    OIDC_CLIENT_SECRET=<Client Secret from authentik>
-    OIDC_ISSUER=https://authentik.company/application/o/<your-application-slug>
+    OIDC_ISSUER=https://authentik.company/application/o/<application_slug>
    OIDC_ISSUER_DISCOVER=true
    OIDC_END_SESSION_ENDPOINT=true
    ```
@ -88,10 +88,10 @@ To support the integration of BookStack with authentik, you need to create an ap
 - **Choose a Provider type**: select **SAML Provider** as the provider type.
 - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
    - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later.
-    - Set the **ACS URL** to <kbd>https://<em>bookstack.company</em>/saml2/acs</kbd>.
-    - Set the **Issuer** to <kbd>https://<em>authentik.company</em></kbd>.
+    - Set the **ACS URL** to `https://bookstack.company/saml2/acs`.
+    - Set the **Issuer** to `https://authentik.company`.
    - Set the **Service Provider Binding** to `Post`.
-    - Set the **Audience** to <kbd>https://<em>bookstack.company</em>/saml2/metadata</kbd>.
+    - Set the **Audience** to `https://bookstack.company/saml2/metadata`.
    - Under **Advanced protocol settings**, set **Signing Certificate** to use any available certificate.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.

@ -99,8 +99,11 @@ To support the integration of BookStack with authentik, you need to create an ap

 ### Obtain the SAML metadata URL

-1. In the authentik Admin Interface, nagiate to **Applications** > **Providers** and click on the provider tied to the application/provider pair created in the previous step.
-2. Under the **Related objects** section, click **Copy download URL**. Take note of this value as you will need it later.
+### Get metadata URL
+
+1. Log in to authentik as an administrator and open the authentik Admin interface.
+2. Navigate to **Applications** > **Providers** and click on the name of the provider that you created in the previous section (e.g. `Provider for bookstack`).
+3. Under **Related objects** > **Metadata**, click on **Copy download URL**. This is your authentik metadata URL and it will be required in the next section.

 ## Bookstack configuration

@ -115,7 +118,7 @@ Once that's done, the next step is to update your `.env` file to include the fol
    SAML2_USER_TO_GROUPS=true
    SAML2_GROUP_ATTRIBUTE=http://schemas.xmlsoap.org/claims/Group
    SAML2_DISPLAY_NAME_ATTRIBUTES=http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
-    SAML2_IDP_ENTITYID=https://authentik.company/api/v3/providers/saml/<your-application-slug>/metadata/?download
+    SAML2_IDP_ENTITYID=<authentik metadata URL>
    SAML2_AUTOLOAD_METADATA=true
    ```

--- a/website/integrations/services/budibase/index.md
+++ b/website/integrations/services/budibase/index.md
@ -30,13 +30,13 @@ To support the integration of Budibase with authentik, you need to create an app
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)

- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
-    - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
-    - Set a `Strict` redirect URI to `https://budibase.company/api/global/auth/oidc/callback`.
-    - Select any available signing key.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
+    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
+    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
+    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
+        - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
+        - Set a `Strict` redirect URI to `https://budibase.company/api/global/auth/oidc/callback`.
+        - Select any available signing key.
+    - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.

 3. Click **Submit** to save the new application and provider.

@ -44,7 +44,7 @@ To support the integration of Budibase with authentik, you need to create an app

 From the main page of your Budibase installation, add the following values under the **Auth** section of the builder:

- **Config URL**: `https://authentik.company/application/o/your-application-slug/.well-known/openid-configuration`
+- **Config URL**: `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`
 - **Client ID**: `Client ID from authentik`
 - **Client Secret**: `Client Secret from authentik`
 - **Callback URL**: `https://budibase.company/api/global/auth/oidc/callback/`
--- a/website/integrations/services/chronograf/index.mdx
+++ b/website/integrations/services/chronograf/index.mdx
@ -52,7 +52,7 @@ Refer to the [Chronograf configuration options documentation](https://docs.influ
    ```yaml showLineNumbers
    PUBLIC_URL=https://chronograf.company
    TOKEN_SECRET=Your random secret
-    JWKS_URL=https://authentik.company/application/o/<your-application-slug>/jwks/
+    JWKS_URL=https://authentik.company/application/o/<application_slug>/jwks/
    GENERIC_NAME=authentik
    GENERIC_CLIENT_ID=<Your Client ID>
    GENERIC_CLIENT_SECRET=<Your Client Secret>
--- a/website/integrations/services/espocrm/index.md
+++ b/website/integrations/services/espocrm/index.md
@ -53,13 +53,13 @@ Configure the following fields:

 - **Client ID**: The Client ID from authentik
 - **Client Secret**: The Client Secret from authentik
- **Authorization Redirect URI**: <kbd>https://<em>espocrm.company</em>/oauth-callback.php</kbd>
+- **Authorization Redirect URI**: `https://espocrm.company/oauth-callback.php`
 - **Fallback Login**: Toggle this option if you wish to have the option to use EspoCRM's integrated login as a fallback.
 - **Allow OIDC login for admin users**: Toggle this option if you wish to allow administrator users to log in with OIDC.
- **Authorization Endpoint**: <kbd>https://<em>authentik.company</em>/application/o/authorize</kbd>
- **Token Endpoint**: <kbd>https://<em>authentik.company</em>/application/o/token</kbd>
- **JSON Web Key Set Endpoint**: <kbd>https://<em>authentik.company</em>/application/o/<em>your-application-slug</em>/jwks</kbd>
- **Logout URL**: <kbd>https://<em>authentik.company</em>/application/o/<em>your-application-slug</em>/end_session</kbd>
+- **Authorization Endpoint**: `https://authentik.company/application/o/authorize`
+- **Token Endpoint**: `https://authentik.company/application/o/token`
+- **JSON Web Key Set Endpoint**: `https://authentik.company/application/o/<application_slug>/jwks`
+- **Logout URL**: `https://authentik.company/application/o/<application_slug>/end_session`

 ## Configuration verification

--- a/website/integrations/services/firezone/index.md
+++ b/website/integrations/services/firezone/index.md
@ -56,8 +56,8 @@ Set the following values in the Firezone UI:
 - **Response type**: Keep the default value: `code`
 - **Client ID**: Use the Client ID from authentik
 - **Client Secret**: Use the Client Secret from authentik
- **Discovery Document URI**: <kbd>https://<em>authentik.company</em>/application/o/<em>your-application-slug</em>/.well-known/openid-configuration</kbd>
- **Redirect URI**: <kbd>https://<em>firezone.company</em>/auth/oidc/authentik/callback/</kbd>
+- **Discovery Document URI**: `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`
+- **Redirect URI**: `https://firezone.company/auth/oidc/authentik/callback/`
 - **Auth-create Users**: Turn this on

 ## Configuration verification
--- a/website/integrations/services/fortigate-ssl/index.md
+++ b/website/integrations/services/fortigate-ssl/index.md
@ -34,7 +34,7 @@ To support the integration of FortiGate SSLVPN with authentik, you need to creat

 ### Create a user group

-1. Log in to authentik as an admin and navigate to the admin Interface.
+1. Log in to authentik as an administrator and navigate to the admin Interface.
 2. Navigate to **Directory** > **Groups** and click **Create**.
 3. Set a descriptive name for the group (e.g. "FortiGate SSLVPN Users").
 4. Add the users who should have access to the SSLVPN.
--- a/website/integrations/services/freshrss/index.mdx
+++ b/website/integrations/services/freshrss/index.mdx
@ -54,7 +54,7 @@ To enable OIDC login with FreshRSS, update your `.env` file to include the follo

    ```yaml showLineNumbers
    OIDC_ENABLED=1
-    OIDC_PROVIDER_METADATA_URL=https://authentik.company/application/o/<your-application-slug>/.well-known/openid-configuration
+    OIDC_PROVIDER_METADATA_URL=https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration
    OIDC_CLIENT_ID=<Your Client ID from authentik<>
    OIDC_CLIENT_SECRET=<Your Client Secret from authentik>
    OIDC_X_FORWARDED_HEADERS=X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host
--- a/website/integrations/services/gatus/index.mdx
+++ b/website/integrations/services/gatus/index.mdx
@ -56,7 +56,7 @@ Gatus automatically updates its configuration approximately every 30 seconds. If
    ```yaml showLineNumbers title="config.yaml"
    security:
        oidc:
-            issuer-url: https://authentik.company/application/o/<your-application-slug>/
+            issuer-url: https://authentik.company/application/o/<application_slug>/
            client-id: $\{OIDC_CLIENT_ID}
            client-secret: $\{OIDC_CLIENT_SECRET}
            redirect-url: https://gatus.company/authorization-code/callback
--- a/website/integrations/services/github-enterprise-server/index.md
+++ b/website/integrations/services/github-enterprise-server/index.md
@ -55,7 +55,7 @@ After creating the groups, select a group, navigate to the **Users** tab, and ma

 ## SAML Configuration

-If you are planning to use SCIM, (available from GHES 3.14.0) you should create a first admin user on your instance and go to your personal access tokens at `https://github.company/settings/tokens/new`, click _Generate new token_ and click _Generate new token (classic)_. Your token should have a descriptive name and ideally, no expiration date. For permission scopes, you need to select _admin:enterprise_. Click _Generate token_ and store the resulting token in a safe location.
+If you are planning to use SCIM, (available from GHES 3.14.0) you should create a first administrator user on your instance and go to your personal access tokens at `https://github.company/settings/tokens/new`, click _Generate new token_ and click _Generate new token (classic)_. Your token should have a descriptive name and ideally, no expiration date. For permission scopes, you need to select _admin:enterprise_. Click _Generate token_ and store the resulting token in a safe location.

 To enable SAML, navigate to your appliance maintenance settings. These are found at `https://github.company:8443`. Here, sign in with an administrator user and go to the Authentication section.

@ -66,7 +66,7 @@ On this page:
 - For _Issuer_, use the _Audience_ you set in authentik.
 - Verify that the _Signature method_ and _Digest method_ match your SAML provider settings in authentik.
 - For _Validation certificate_, upload the signing certificate you downloaded after creating the provider.
- If you plan to enable SCIM, select _Allow creation of accounts with built-in authentication_ and _Disable administrator demotion/promotion_ options. These are selected so you can use your admin user as an emergency non-SSO account, as well as create machine users, and to ensure users are not promoted outside your IdP.
+- If you plan to enable SCIM, select _Allow creation of accounts with built-in authentication_ and _Disable administrator demotion/promotion_ options. These are selected so you can use your administrator user as an emergency non-SSO account, as well as create machine users, and to ensure users are not promoted outside your IdP.
 - In the _User attributes_ section, enter `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress` in the _Username_ field to ensure the emails become normalized into usernames in GitHub.
 - Press Save settings on the left-hand side and wait for the changes to apply.

@ -78,7 +78,7 @@ Once the appliance has saved the settings and reloaded the services, you should

 This section only applies if you have taken the steps prior to prepare the instance for SCIM enablement.

-After enabling SAML, log into your initial admin account again. Click the user portrait in tee top right, click _Enterprise settings_, click _Settigs_ in the left-hand sidebar, click _Authentication security_. On this page you have to check _Enable SCIM configuration_ and press _Save_. After which you should get a message reading _SCIM Enabled_.
+After enabling SAML, log into your initial administrator account again. Click the user portrait in tee top right, click _Enterprise settings_, click _Settigs_ in the left-hand sidebar, click _Authentication security_. On this page you have to check _Enable SCIM configuration_ and press _Save_. After which you should get a message reading _SCIM Enabled_.

 Before we create a SCIM provider, we have to create a new Property Mapping. In authentik, go to _Customization_, then _Property Mappings_. Here, click _Create_, select _SCIM Provider Mapping_. Name the mapping something memorable and paste the following code in the _Expression_ field:

--- a/website/integrations/services/globalprotect/index.md
+++ b/website/integrations/services/globalprotect/index.md
@ -33,7 +33,7 @@ To support the integration of GlobalProtect with authentik, you need to create a

 ### Create an Application and Provider in authentik

-1. Log in to authentik as an admin and open the authentik Admin interface.
+1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
    - **Application**: Provide a descriptive name, an optional group, and UI settings. Take note of the **slug** as it will be required later.
    - **Choose a Provider type**: Select **SAML Provider**.
@ -46,7 +46,7 @@ To support the integration of GlobalProtect with authentik, you need to create a

 ### Download the metadata

-1. Log in to authentik as an admin and open the authentik Admin interface.
+1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Providers** > **_Provider Name_** and download the SAML metadata.

 ## GlobalProtect configuration
--- a/website/integrations/services/hashicorp-cloud/index.md
+++ b/website/integrations/services/hashicorp-cloud/index.md
@ -32,7 +32,7 @@ To support the integration of HashiCorp Cloud with authentik, you need to create

 ### Create an Application and Provider in authentik

-1. Log in to authentik as an admin and open the authentik Admin interface.
+1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider**.
    - **Application**: Provide a descriptive name, an optional group, and UI settings. Take note of the **slug** as it will be required later.
    - **Choose a Provider type**: Select **SAML Provider**.
--- a/website/integrations/services/immich/index.md
+++ b/website/integrations/services/immich/index.md
@ -30,13 +30,13 @@ To support the integration of Immich with authentik, you need to create an appli
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)

- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
-    - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
-    - Add three `Strict` redirect URIs and set them to <kbd>app.immich:///oauth-callback</kbd>, <kbd>https://<em>immich.company</em>/auth/login</kbd>, and <kbd>https://<em>immich.company</em>/user-settings</kbd>.
-    - Select any available signing key.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
+    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
+    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
+    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
+        - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
+        - Add three `Strict` redirect URIs and set them to `app.immich:///oauth-callback`, `https://immich.company/auth/login`, and `https://immich.company/user-settings`.
+        - Select any available signing key.
+    - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.

 3. Click **Submit** to save the new application and provider.

@ -46,7 +46,7 @@ Immich documentation can be found here: https://immich.app/docs/administration/o

 1. In Immich, navigate to **Administration** > **Settings** > **OAuth Authentication**
 2. Configure Immich as follows:
-    - **Issuer URL**: <kbd>https://<em>authentik.company</em>/application/o/<em>application-slug</em>/</kbd>
+    - **Issuer URL**: `https://authentik.company/application/o/<application_slug>/`
    - **Client ID**: Enter your Client ID from authentik
    - **Client Secret**: Enter your Client Secret from authentik
    - **Scope**: `openid email profile`
--- a/website/integrations/services/jellyfin/index.md
+++ b/website/integrations/services/jellyfin/index.md
@ -11,11 +11,7 @@ support_level: community
 > -- https://jellyfin.org

 :::note
-Jellyfin does not have any native external authentication support as of the writing of this page.
-:::
-
-:::note
-Currently, there are two plugins for Jellyfin that provide external authentication, an OIDC plugin and an LDAP plugin.
+Jellyfin does not have any native external authentication support as of the writing of this page. Currently, there are two plugins for Jellyfin that provide external authentication, an OIDC plugin and an LDAP plugin.
 :::

 :::caution
@ -47,7 +43,7 @@ No additional authentik configuration needs to be configured. Follow the LDAP ou
 1. If you don't have one already, create an LDAP bind user before starting these steps.
    - Ideally, this user doesn't have any permissions other than the ability to view other users. However, some functions do require an account with permissions.
    - This user must be part of the group that is specified in the "Search group" in the LDAP outpost.
-2. Navigate to your Jellyfin installation and log in with the admin account or currently configured local admin.
+2. Navigate to your Jellyfin installation and log in with the administrator account or currently configured local admin.
 3. Open the **Administrator dashboard** and go to the **Plugins** section.
 4. Click **Catalog** at the top of the page, and locate the "LDAP Authentication Plugin"
 5. Install the plugin. You may need to restart Jellyfin to finish installation.
@ -122,7 +118,7 @@ Set the launch URL to `https://jellyfin.company/sso/OID/start/authentik`

 ### Jellyfin Configuration

-1. Log in to Jellyfin with an admin account and navigate to the **Admin Dashboard** by selecting your profile icon in the top right, then clicking **Dashboard**.
+1. Log in to Jellyfin with an administrator account and navigate to the **Admin Dashboard** by selecting your profile icon in the top right, then clicking **Dashboard**.
 2. Go to **Dashboard > Plugins > Repositories**.
 3. Click the **+** in the top left to add a new repository. Use the following URL and name it "SSO-Auth":

@ -146,7 +142,7 @@ https://raw.githubusercontent.com/9p4/jellyfin-plugin-sso/manifest-release/manif
 9. If you want to use the role claim then also fill out these:

    - Roles: roles to look for when authorizing access (should be done through authentik instead)
-    - Admin Roles: roles to look for when giving admin privilege
+    - Admin Roles: roles to look for when giving administrator privilege
    - Role Claim: `groups`

 10. Hit **Save** at the bottom.
--- a/website/integrations/services/miniflux/index.md
+++ b/website/integrations/services/miniflux/index.md
@ -30,16 +30,10 @@ To support the integration of Miniflux with authentik, you need to create an app
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)

- **Application**: provide a descriptive name (e.g., `Miniflux`), an optional group for the type of application, the policy engine mode, and optional UI settings.
-
- **Choose a Provider type**: Select OAuth2/OpenID Provider as the provider type.
-
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
-
-    - **Redirect URI**:
-        - Strict: `https://miniflux.company/oauth2/oidc/callback`
-
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
+    - **Application**: provide a descriptive name (e.g., `Miniflux`), an optional group for the type of application, the policy engine mode, and optional UI settings.
+    - **Choose a Provider type**: Select OAuth2/OpenID Provider as the provider type.
+    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later. - Set a `Strict` redirect URI to `https://miniflux.company/oauth2/oidc/callback` - Select any available signing key.
+    - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.

 3. Click **Submit** to save the new application and provider.

@ -47,14 +41,14 @@ To support the integration of Miniflux with authentik, you need to create an app

 Add the following environment variables to your Miniflux configuration. Make sure to fill in the client ID, client secret, and OpenID Connect well-known URL from your authentik instance.

-```sh
-OAUTH2_PROVIDER=oidc
-OAUTH2_CLIENT_ID=<Client ID from authentik>
-OAUTH2_CLIENT_SECRET=<Client Secret from authentik>
-OAUTH2_REDIRECT_URL=https://miniflux.company/oauth2/oidc/callback
-OAUTH2_OIDC_DISCOVERY_ENDPOINT=https://authentik.company/application/o/<application slug>/
-OAUTH2_USER_CREATION=1
-```
+    ```sh
+    OAUTH2_PROVIDER=oidc
+    OAUTH2_CLIENT_ID=<Client ID from authentik>
+    OAUTH2_CLIENT_SECRET=<Client Secret from authentik>
+    OAUTH2_REDIRECT_URL=https://miniflux.company/oauth2/oidc/callback
+    OAUTH2_OIDC_DISCOVERY_ENDPOINT=https://authentik.company/application/o/<application_slug>/
+    OAUTH2_USER_CREATION=1
+    ```

 :::note
 The trailing `.well-known/openid-configuration` is not required for `OAUTH2_OIDC_DISCOVERY_ENDPOINT`
--- a/website/integrations/services/pgadmin/index.md
+++ b/website/integrations/services/pgadmin/index.md
@ -34,13 +34,13 @@ To support the integration of pgAdmin with authentik, you need to create an appl
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)

- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
-    - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
-    - Set a `Strict` redirect URI to `https://pgadmin.company/oauth2/authorize`.
-    - Select any available signing key.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
+    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
+    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
+    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
+        - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
+        - Set a `Strict` redirect URI to `https://pgadmin.company/oauth2/authorize`.
+        - Select any available signing key.
+    - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.

 3. Click **Submit** to save the new application and provider.

@ -101,7 +101,7 @@ PGADMIN_CONFIG_OAUTH2_CONFIG="[{'OAUTH2_NAME':'authentik','OAUTH2_DISPLAY_NAME':
    AUTHENTICATION_SOURCES = ['oauth2']
    ```

-    Ensure that you promote at least one user to an admin before disabling the internal authentication.
+    Ensure that you promote at least one user to an administrator before disabling the internal authentication.

 - To **disable automatic user creation**, set:
    ```python
--- a/website/integrations/services/semaphore/index.mdx
+++ b/website/integrations/services/semaphore/index.mdx
@ -32,13 +32,13 @@ To support the integration of Semaphore with authentik, you need to create an ap
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)

- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
-    - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
-    - Set a `Strict` redirect URI to `https://semaphore.company/api/auth/oidc/authentik/redirect`.
-    - Select any available signing key.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
+    - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
+    - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
+    - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
+        - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
+        - Set a `Strict` redirect URI to `https://semaphore.company/api/auth/oidc/authentik/redirect`.
+        - Select any available signing key.
+    - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.

 3. Click **Submit** to save the new application and provider.

@ -90,5 +90,5 @@ More information on this can be found in the Semaphore documentation https://doc
 - If you are redirected back to the `https://semaphore.company` URL you did everything correct.

 :::info
-Users are created upon logging in with authentik. They will not have the rights to create anything initially. These permissions must be assigned later by the local admin created during the first login to the Semaphore UI.
+Users are created upon logging in with authentik. They will not have the rights to create anything initially. These permissions must be assigned later by the local administrator created during the first login to the Semaphore UI.
 :::