website/integrations: standardize application slug placeholder in docs (#15007)

Standardizes application slug placeholder in docs

website/integrations/services/apache-guacamole/index.mdx

@@ -64,8 +64,8 @@ Docker containers are typically configured using environment variables. To ensur
     ```yaml showLineNumbers
     OPENID_AUTHORIZATION_ENDPOINT=https://authentik.company/application/o/authorize/
     OPENID_CLIENT_ID=<Client ID from authentik>
-    OPENID_ISSUER=https://authentik.company/application/o/<your-slug>/
+    OPENID_ISSUER=https://authentik.company/application/o/<application_slug>/
-    OPENID_JWKS_ENDPOINT=https://authentik.company/application/o/<your-slug>/jwks/
+    OPENID_JWKS_ENDPOINT=https://authentik.company/application/o/<application_slug>/jwks/
     OPENID_REDIRECT_URI=https://guacamole.company/
     OPENID_USERNAME_CLAIM_TYPE=preferred_username
     ```
@@ -83,8 +83,8 @@ Additionally, ensure your `guacamole.properties` file (typically located in `/et
     ```yaml showLineNumbers title="/etc/guacamole/guacamole.properties"
     openid-authorization-endpoint=https://authentik.company/application/o/authorize/
     openid-client-id=<Client ID from authentik>
-    openid-issuer=https://authentik.company/application/o/<your-slug>/
+    openid-issuer=https://authentik.company/application/o/<application_slug>/
-    openid-jwks-endpoint=https://authentik.company/application/o/<your-slug>/jwks/
+    openid-jwks-endpoint=https://authentik.company/application/o/<application_slug>/jwks/
     openid-redirect-uri=https://guacamole.company/
     openid-username-claim-type=preferred_username
     ```

website/integrations/services/argocd/index.md

@@ -78,7 +78,7 @@ url: https://argocd.company
 dex.config: |
     connectors:
     - config:
-        issuer: https://authentik.company/application/o/<application slug defined in step 2>/
+        issuer: https://authentik.company/application/o/<application_slug>/
         clientID: <client ID from the Provider above>
         clientSecret: $dex.authentik.clientSecret
         insecureEnableGroups: true

website/integrations/services/aruba-orchestrator/index.md

@@ -65,7 +65,7 @@ To support the integration of Aruba Orchestrator with authentik, you need to cre
     - **Name**: `authentik`
     - **Username Attribute**: `http://schemas.goauthentik.io/2021/02/saml/username`
     - **Issuer URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
-    - **SSO Endpoint**: `https://authentik.company/application/saml/<slug>/sso/binding/init/` (replace \<slug\> with application slug name)
+    - **SSO Endpoint**: `https://authentik.company/application/saml/<application_slug>/sso/binding/init/`
     - **IdP X509 Cert**: (paste in the downloaded signing certificate)
     - **ACS URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
     - **EdgeConnect SLO Endpoint**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/logout`

website/integrations/services/atlassian/index.mdx

@@ -67,7 +67,7 @@ To support the integration of Atlassian Cloud with authentik, you need to create
 5. Click **Set up SAML single sign-on** and then **Next**.
 6. Set the following required configurations:
     - **Identity provider Entity ID**: `authentik`
-    - **Identity provider SSO URL**: `https://authentik.company/application/saml/<application slug>/sso/binding/redirect/`
+    - **Identity provider SSO URL**: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
     - **Public x509 certificate**: enter the contents of the certificate that was downloaded in the previous section.
 7. Click **Add**.
 8. You will be shown a **Service provider entity URL** and **Service provider assertion consumer service URL**. Copy both, they will be required in authentik.

website/integrations/services/awx-tower/index.md

@@ -81,7 +81,7 @@ In the `SAML Enabled Identity Providers` paste the following configuration:
         "attr_username": "http://schemas.goauthentik.io/2021/02/saml/username",
         "attr_user_permanent_id": "http://schemas.goauthentik.io/2021/02/saml/uid",
         "x509cert": "MIIDEjCCAfqgAwIBAgIRAJZ9pOZ1g0xjiHtQAAejsMEwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UEAwwlcGFzc2Jvb2sgU2VsZi1zaWduZWQgU0FNTCBDZXJ0aWZpY2F0ZTAeFw0xOTEyMjYyMDEwNDFaFw0yMDEyMjYyMDEwNDFaMFkxLjAsBgNVBAMMJXBhc3Nib29rIFNlbGYtc2lnbmVkIFNBTUwgQ2VydGlmaWNhdGUxETAPBgNVBAoMCHBhc3Nib29rMRQwEgYDVQQLDAtTZWxmLXNpZ25lZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO/ktBYZkY9xAijF4acvzX6Q1K8KoIZeyde8fVgcWBz4L5FgDQ4/dni4k2YAcPdwteGL4nKVzetUzjbRCBUNuO6lqU4J4WNNX4Xg4Ir7XLRoAQeo+omTPBdpJ1p02HjtN5jT01umN3bK2yto1e37CJhK6WJiaXqRewPxh4lI4aqdj3BhFkJ3I3r2qxaWOAXQ6X7fg3w/ny7QP53//ouZo7hSLY3GIcRKgvdjjVM3OW5C3WLpOq5Dez5GWVJ17aeFCfGQ8bwFKde6qfYqyGcU9xHB36TtVHB9hSFP/tUFhkiSOxtsrYwCgCyXm4UTSpP+wiNyjKfFw7qGLBvA2hGTNw8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh9PeAqPRQk1/SSygIFADZBi08O/DPCshFwEHvJATIcTzcDD8UGAjXh+H5OlkDyX7KyrcaNvYaafCUo63A+WprdtdY5Ty6SBEwTYyiQyQfwM9BfK+imCoif1Ai7xAelD7p9lNazWq7JU+H/Ep7U7Q7LvpxAbK0JArt+IWTb2NcMb3OWE1r0gFbs44O1l6W9UbJTbyLMzbGbe5i+NHlgnwPwuhtRMh0NUYabGHKcHbhwyFhfGAQv2dAp5KF1E5gu6ZzCiFePzc0FrqXQyb2zpFYcJHXquiqaOeG7cZxRHYcjrl10Vxzki64XVA9BpdELgKSnupDGUEJsRUt3WVOmvZuA==",
-        "url": "https://authentik.company/application/saml/<slug>/sso/binding/redirect/",
+        "url": "https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/",
         "entity_id": "https://awx.company/sso/metadata/saml/",
         "attr_email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
         "attr_first_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"

website/integrations/services/bitwarden/index.mdx

@@ -143,8 +143,8 @@ To support the integration of Bitwarden with authentik, you need to create an ap
         - **Expect signed assertions**: Select this option.
     - Under **SAML identity provider configuration**:
         - **Entity ID**: `authentik`
-        - **Single sign-on service URL**: `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`
+        - **Single sign-on service URL**: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
-        - **Single log-out service URL**: `https://authentik.company/application/saml/<application-slug>/slo/binding/redirect/`
+        - **Single log-out service URL**: `https://authentik.company/application/saml/<application_slug>/slo/binding/redirect/`
         - **X509 public certificate**: Paste the contents of your certificate file.
 3. Under **SAML service provider configuration**, take note of the **SP entity ID** and **Assertion consumer service (ACS) URL** values. These will be required in the next section.
 4. Click **Save**.

website/integrations/services/coder/index.md

@@ -45,7 +45,7 @@ To support the integration of Coder with authentik, you need to create an applic
 To support the integration of Coder with authentik, add the following environment variables to your Coder deployment:
 
 ```yaml showLineNumbers
-CODER_OIDC_ISSUER_URL=https://authentik.company/application/o/<application slug>/
+CODER_OIDC_ISSUER_URL=https://authentik.company/application/o/<application_slug>/
 CODER_OIDC_EMAIL_DOMAIN=acme.company,acme-corp.company
 CODER_OIDC_CLIENT_ID=<Client ID from authentik>
 CODER_OIDC_CLIENT_SECRET=<Client secret from authentik>

website/integrations/services/filerise/index.mdx

@@ -45,7 +45,7 @@ To support the integration of FileRise with authentik, you need to create an app
 1. Log in to FileRise as an administrator.
 2. Click on your profile icon in the upper right corner, then select **Admin Panel**.
 3. Open the **OIDC Configuration & TOTP** section and configure the following settings:
-    - **OIDC Provider URL**: `https://authentik.company/application/o/<application-slug>/`
+    - **OIDC Provider URL**: `https://authentik.company/application/o/<application_slug>/`
     - **OIDC Client OpenID**: Client ID from authentik.
     - **OIDC Client Secret**: Client Secret from authentik.
     - **OIDC Redirect URI**: `https://filerise.company/api/auth/auth.php?oidc=callback`

website/integrations/services/fortigate-admin/index.md

@@ -69,20 +69,17 @@ Under **IdP Details**, set the following values:
 - **SP entity ID**: `https`
 - **IdP Type**: `Custom`
 - **IdP entity ID**: `https://authentik.company`
-- **IdP Login URL**: `https://authentik.company/application/saml/slug-from-authentik/sso/binding/redirect/`
+- **IdP Login URL**: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
-- **IdP Logout URL**: `https://authentik.company/application/saml/slug-from-authentik/slo/binding/redirect/`
+- **IdP Logout URL**: `https://authentik.company/application/saml/<application_slug>/slo/binding/redirect/`
 
 FortiGate creates a new user by default if one does not exist, so you will need to set the Default Admin Profile to the permissions you want any new users to have. (I have created a `no_permissions` profile to assign by default.)
 
 Under `SP Details` set the **SP entity ID** to `https`. Note it for later use (this is your Audience value of the authentik SP-provider).
 
-> [!IMPORTANT]
-> On both `IdP Login and Logout URL` change the `<SLUG>` to your own from the authentik application you have created.
-
 - Set `IdP Type` to `Custom`
 - Set `IdP entity ID` to `https://authentik.company`
-- Set `IdP Login URL` to `https://authentik.company/application/saml/<SLUG>/sso/binding/redirect/`
+- Set `IdP Login URL` to `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
-- Set `IdP Logout URL` to `https://authentik.company/application/saml/<SLUG>/slo/binding/redirect/`
+- Set `IdP Logout URL` to `https://authentik.company/application/saml/<application_slug>/slo/binding/redirect/`
 - Set `IdP Certificate` to `ak.cert`
 
 ## Troubleshooting

website/integrations/services/fortimanager/index.md

@@ -34,7 +34,7 @@ To support the integration of FortiManager with authentik, you need to create an
 - **Choose a Provider type**: select **SAML Provider** as the provider type.
 - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
     - Set the **ACS URL** to `https://fortimanager.company/saml/?acs`.
-    - Set the **Issuer** to `https://authentik.company/application/saml/application-slug/sso/binding/redirect/`.
+    - Set the **Issuer** to `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`.
     - Set the **Service Provider Binding** to `Post`.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 
@@ -48,8 +48,8 @@ To support the integration of FortiManager with authentik, you need to create an
 4. Choose the **Default Login Page** as either **Normal** or **Single Sign-On**. Selecting **Normal** allows both local and SAML authentication, while **Single Sign-On** restricts login to SAML only.
 5. By default, FortiManager creates a new user if one does not exist. Set the **Default Admin Profile** to assign the desired permissions to new users. A `no_permissions` profile is created by default for this purpose.
 6. Set the **IdP Type** field to **Custom**.
-7. For the **IdP Entity ID** field, enter: `https://authentik.company/application/saml/application-slug/sso/binding/redirect/`
+7. For the **IdP Entity ID** field, enter: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
-8. Set the **IdP Login URL** to: `https://authentik.company/application/saml/application-slug/sso/binding/redirect/`
+8. Set the **IdP Login URL** to: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
 9. Set the **IdP Logout URL** to: `https://authentik.company/`
 10. In the **IdP Certificate** field, import your authentik certificate (either self-signed or valid).
 

website/integrations/services/gitea/index.md

@@ -50,7 +50,7 @@ To support the integration of Gitea with authentik, you need to create an applic
     - **Client ID (Key)**: Enter the Client ID from authentik.
     - **Client Secret**: Enter the Client Secret from authentik.
     - **Icon URL**: `https://authentik.company/static/dist/assets/icons/icon.png`
-    - **OpenID Connect Auto Discovery URL**: `https://authentik.company/application/o/<slug>/.well-known/openid-configuration`
+    - **OpenID Connect Auto Discovery URL**: `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`
     - **Additional Scopes**: `email profile`
 
 ![](./gitea1.png)
@@ -158,7 +158,7 @@ gitea:
         provider: "openidConnect"
         key: "<Client ID from authentik>"
         secret: "<Client secret from authentik>"
-        autoDiscoverUrl: "https://authentik.company/application/o/<slug>/.well-known/openid-configuration"
+        autoDiscoverUrl: "https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration"
         iconUrl: "https://authentik.company/static/dist/assets/icons/icon.png"
         scopes: "email profile"
 ```
@@ -188,7 +188,7 @@ gitea:
         - name: "authentik"
         provider: "openidConnect"
         existingSecret: gitea-authentik-secret
-        autoDiscoverUrl: "https://authentik.company/application/o/<slug>/.well-known/openid-configuration"
+        autoDiscoverUrl: "https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration"
         iconUrl: "https://authentik.company/static/dist/assets/icons/icon.png"
         scopes: "email profile"
 ```

website/integrations/services/github-enterprise-cloud/index.md

@@ -55,7 +55,7 @@ In the left-hand navigation, within the `Settings` section, click `Authenticatio
 On this page:
 
 - Select the `Require SAML authentication` checkbox.
-- In `Sign on URL`, type `https://authentik.company/application/saml/<authentik application slug>/sso/binding/redirect/`
+- In `Sign on URL`, type `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
 - For `Issuer`, type `https://github.com/enterprises/foo` or the `Audience` you set in authentik
 - For `Public certificate`, paste the _full_ signing certificate into this field.
 - Verify that the `Signature method` and `Digest method` match your SAML provider settings in authentik.

website/integrations/services/github-organization/index.md

@@ -51,7 +51,7 @@ In the left-hand navigation, scroll down to the Security section and click `Auth
 On this page:
 
 - Select the `Enable SAML authentication` checkbox.
-- In `sign-on URL`, type `https://authentik.company/application/saml/<authentik application slug>/sso/binding/redirect/`
+- In `sign-on URL`, type `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
 - For `Issuer`, type `https://github.com/orgs/foo` or the `Audience` you set in authentik
 - For `Public certificate`, paste the _full_ signing certificate into this field.
 - Verify that the `Signature method` and `Digest method` match your SAML provider settings in authentik.

website/integrations/services/gitlab/index.mdx

@@ -78,7 +78,7 @@ gitlab_rails['omniauth_providers'] = [
       assertion_consumer_service_url: 'https://gitlab.company/users/auth/saml/callback',
       # Shown when navigating to certificates in authentik
       idp_cert_fingerprint: '4E:1E:CD:67:4A:67:5A:E9:6A:D0:3C:E6:DD:7A:F2:44:2E:76:00:6A',
-      idp_sso_target_url: 'https://authentik.company/application/saml/<gitlab application slug>/sso/binding/redirect/',
+      idp_sso_target_url: 'https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/',
       issuer: 'https://gitlab.company',
       name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
       attribute_statements: {
@@ -138,7 +138,7 @@ gitlab_rails['omniauth_providers'] = [
       name: 'openid_connect',
       scope: ['openid','profile','email'],
       response_type: 'code',
-      issuer: 'https://authentik.company/application/o/gitlab-slug/',
+      issuer: 'https://authentik.company/application/o/<application_slug>/',
       discovery: true,
       client_auth_method: 'query',
       uid_field: 'preferred_username',

website/integrations/services/glitchtip/index.md

@@ -60,7 +60,7 @@ sudo docker exec -it glitchtip-web-1 ./manage.py createsuperuser
 - Client ID: <Client ID from authentik>
 - Secret key: <Client Secret from authentik>
 - Key: leave blank
-- Settings: `{"server_url": "https://authentik.company/application/o/<Slug of the application from above>/"}`
+- Settings: `{"server_url": "https://authentik.company/application/o/<application_slug>/"}`
   The URL should match the **OpenID Configuration Issuer** URL for the authentik provider.
 
 This will add a **Log in with Authentik** button to the GlitchTip log in page. To add an authentik account to an existing GlitchTip account, log in using the username/password, click _Profile_, then click _Add Account_ in the _Social Auth Accounts_ section.

website/integrations/services/globalprotect/index.md

@@ -39,7 +39,7 @@ To support the integration of GlobalProtect with authentik, you need to create a
     - **Choose a Provider type**: Select **SAML Provider**.
     - **Configure the Provider**:
         - Set the **ACS URL** to `https://gp.company:443/SAML20/SP/ACS`. (Note the absence of the trailing slash and the inclusion of the web interface port)
-        - Set the **Issuer** to `https://authentik.company/application/saml/application-slug/sso/binding/redirect/`.
+        - Set the **Issuer** to `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`.
         - Set the **Service Provider Binding** to `Post`.
         - Under **Advanced protocol settings**, select an available signing certificate.
 3. Click **Submit** to save the new application and provider.

website/integrations/services/grafana/index.mdx

@@ -124,7 +124,7 @@ environment:
     GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://authentik.company/application/o/authorize/"
     GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://authentik.company/application/o/token/"
     GF_AUTH_GENERIC_OAUTH_API_URL: "https://authentik.company/application/o/userinfo/"
-    GF_AUTH_SIGNOUT_REDIRECT_URL: "https://authentik.company/application/o/<Slug of the application from above>/end-session/"
+    GF_AUTH_SIGNOUT_REDIRECT_URL: "https://authentik.company/application/o/<application_slug>/end-session/"
     # Optionally enable auto-login (bypasses Grafana login screen)
     GF_AUTH_OAUTH_AUTO_LOGIN: "true"
     # Optionally map user groups to Grafana roles
@@ -139,7 +139,7 @@ If you are using a config-file instead, you have to set these options:
 
 ```ini
 [auth]
-signout_redirect_url = https://authentik.company/application/o/<Slug of the application from above>/end-session/
+signout_redirect_url = https://authentik.company/application/o/<application_slug>/end-session/
 # Optionally enable auto-login
 oauth_auto_login = true
 
@@ -163,7 +163,7 @@ If you are using a Helm `values.yaml` file instead, you have to set these option
 ```yaml
 grafana.ini:
     auth:
-        signout_redirect_url: "https://authentik.company/application/o/<Slug of the application from above>/end-session/"
+        signout_redirect_url: "https://authentik.company/application/o/<application_slug>/end-session/"
         oauth_auto_login: true
     auth.generic_oauth:
         name: authentik

website/integrations/services/gravitee/index.md

@@ -56,5 +56,5 @@ Only settings that have been modified from default have been listed.
 - **Token Endpoint**: `https://authentik.company/application/o/token/`
 - **Authorize Endpoint**: `https://authentik.company/application/o/authorize/`
 - **Userinfo Endpoint**: `https://authentik.company/application/o/userinfo/`
-- **Userinfo Logout Endpoint**: `https://authentik.company/application/o/application-slug/end-session/`
+- **Userinfo Logout Endpoint**: `https://authentik.company/application/o/<application_slug>/end-session/`
 - **Scopes**: `email openid profile`

website/integrations/services/gravity/index.md

@@ -49,7 +49,7 @@ To support the integration of Gravity with authentik, you need to create an appl
 1. From the **Gravity administrative interface**, navigate to **Cluster** > **Roles** and click **API**.
 2. Under the **OIDC** sub-section, configure the following values:
 
-- **Issuer**: `https://authentik.company/application/o/application-slug/`
+- **Issuer**: `https://authentik.company/application/o/<application_slug>/`
 - **Client ID**: Your Client ID from authentik
 - **Client Secret**: Your Client Secret from authentik
 - **Redirect URL**: `https://gravity.company/auth/oidc/callback`

website/integrations/services/hashicorp-vault/index.md

@@ -53,7 +53,7 @@ Configure the oidc auth method, oidc discovery url is the OpenID Configuration I
 
 ```
 vault write auth/oidc/config \
-         oidc_discovery_url="https://authentik.company/application/o/vault-slug/" \
+         oidc_discovery_url="https://authentik.company/application/o/<application_slug>/" \
          oidc_client_id="Client ID" \
          oidc_client_secret="Client Secret" \
          default_role="reader"

website/integrations/services/homarr/index.md

@@ -48,7 +48,7 @@ Add the following environment variables to your Homarr configuration. Make sure
 AUTH_PROVIDERS="oidc,credentials"
 AUTH_OIDC_CLIENT_ID=<Client ID from authentik>
 AUTH_OIDC_CLIENT_SECRET=<Client secret from authentik>
-AUTH_OIDC_ISSUER=https://authentik.company/application/o/<slug from authentik>/
+AUTH_OIDC_ISSUER=https://authentik.company/application/o/<application_slug>/
 AUTH_OIDC_URI=https://authentik.company/application/o/authorize
 AUTH_OIDC_CLIENT_NAME=authentik
 OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING=true

website/integrations/services/jenkins/index.md

@@ -50,7 +50,7 @@ Modify the **Security Realm** option to select `Login with Openid Connect`.
 
 In the **Client id** and **Client secret** fields, enter the Client ID and Client Secret values from the provider you created.
 
-Set the configuration mode to **Automatic configuration** and set the **Well-known configuration endpoint** to `https://authentik.company/application/o/<Slug of the application from above>/.well-known/openid-configuration`
+Set the configuration mode to **Automatic configuration** and set the **Well-known configuration endpoint** to `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`
 
 Check the checkbox **Override scopes** and input the scopes `openid profile email` into the new input field.
 

website/integrations/services/kimai/index.md

@@ -82,11 +82,11 @@ kimai:
             idp:
                 entityId: "https://authentik.company/"
                 singleSignOnService:
-                    url: "https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/"
+                    url: "https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/"
                     binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
                 # the "single logout" feature was not yet tested, if you want to help, please let me know!
                 singleLogoutService:
-                    url: "https://authentik.company/application/saml/<application-slug>/slo/binding/redirect/"
+                    url: "https://authentik.company/application/saml/<application_slug>/slo/binding/redirect/"
                     binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
                 # Signing certificate from *Advanced protocol settings*
                 x509cert: "XXXXXXXXXXXXXXXXXXXXXXXXXXX=="

website/integrations/services/komga/index.md

@@ -69,5 +69,5 @@ spring:
                 provider:
                     authentik:
                         user-name-attribute: preferred_username
-                        issuer-uri: https://authentik.company/application/o/<application slug>/
+                        issuer-uri: https://authentik.company/application/o/<application_slug>/
 ```

website/integrations/services/komodo/index.mdx

@@ -48,7 +48,7 @@ To support the integration of Komodo with authentik, you need to create an appli
 
 ```yaml
 KOMODO_OIDC_ENABLED=true
-KOMODO_OIDC_PROVIDER=https://authentik.company/application/o/<application-slug>/
+KOMODO_OIDC_PROVIDER=https://authentik.company/application/o/<application_slug>/
 KOMODO_OIDC_CLIENT_ID=<authentik_client_ID>
 KOMODO_OIDC_CLIENT_SECRET=<authentik client secret>
 ```

website/integrations/services/linkwarden/index.md

@@ -47,7 +47,7 @@ To configure Linkwarden to use authentik, add the following values to your `.env
 ```
 NEXT_PUBLIC_AUTHENTIK_ENABLED=true
 AUTHENTIK_CUSTOM_NAME=authentik # Optionally set a custom provider name. Will be displayed on the login page
-AUTHENTIK_ISSUER=https://authentik.company/application/o/<application slug>
+AUTHENTIK_ISSUER=https://authentik.company/application/o/<application_slug>
 AUTHENTIK_CLIENT_ID=<Your Client ID>
 AUTHENTIK_CLIENT_SECRET=<Your Client Secret>
 ```

website/integrations/services/matrix-synapse/index.md

@@ -53,7 +53,7 @@ oidc_providers:
     - idp_id: authentik
       idp_name: authentik
       discover: true
-      issuer: "https://authentik.company/application/o/app-slug/"
+      issuer: "https://authentik.company/application/o/<application_slug>/"
       client_id: "*client id*"
       client_secret: "*client secret*"
       scopes:

website/integrations/services/mealie/index.md

@@ -52,7 +52,7 @@ To enable OIDC login with Mealie, update your environment variables to include t
 ```yaml showLineNumbers
 OIDC_AUTH_ENABLED=true
 OIDC_PROVIDER_NAME=authentik
-OIDC_CONFIGURATION_URL=https://authentik.company/application/o/<slug from authentik>/.well-known/openid-configuration
+OIDC_CONFIGURATION_URL=https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration
 OIDC_CLIENT_ID=<Client ID from authentik>
 OIDC_CLIENT_SECRET=<Client secret from authentik>
 OIDC_SIGNUP_ENABLED=true

website/integrations/services/minio/index.md

@@ -87,7 +87,7 @@ You can set up OpenID in two different ways: via the web interface or the comman
 From the sidebar of the main page, go to **Identity -> OpenID**, click **Create**, and then define the configuration as follows:
 
 - Name: MinIO
-- Config URL: `https://authentik.company/application/o/<minio slug>/.well-known/openid-configuration`
+- Config URL: `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`
 - Client ID: Your client ID from the previous step
 - Client Secret: Your client secret from the previous step
 - Scopes: `openid, email, profile, minio`
@@ -103,7 +103,7 @@ After that is done, run the following command to configure the OpenID provider:
 
 ```
 ~ mc admin config set myminio identity_openid \
-  config_url="https://authentik.company/application/o/<minio slug>/.well-known/openid-configuration" \
+  config_url="https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration" \
   client_id="<client id>" \
   client_secret="<client secret>" \
   scopes="openid,profile,email,minio"

website/integrations/services/netbird/index.md

@@ -88,7 +88,7 @@ NetBird requires the service account to have full administrative access to the a
 To configure NetBird to use authentik, add the following environment variables to your NetBird deployment:
 
 ```yaml showLineNumbers title="setup.env"
-NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://authentik.company/application/o/<application slug>/.well-known/openid-configuration"
+NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration"
 NETBIRD_USE_AUTH0=false
 NETBIRD_AUTH_CLIENT_ID="<Your Client ID>"
 NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access api"

website/integrations/services/netbox/index.md

@@ -54,11 +54,11 @@ REMOTE_AUTH_ENABLED='true'
 REMOTE_AUTH_BACKEND='social_core.backends.open_id_connect.OpenIdConnectAuth'
 
 # python-social-auth config
-SOCIAL_AUTH_OIDC_OIDC_ENDPOINT='https://authentik.company/application/o/<Application slug>/'
+SOCIAL_AUTH_OIDC_OIDC_ENDPOINT='https://authentik.company/application/o/<application_slug>/'
 SOCIAL_AUTH_OIDC_KEY='<Client ID>'
 SOCIAL_AUTH_OIDC_SECRET='<Client Secret>'
 SOCIAL_AUTH_OIDC_SCOPE=openid profile email roles
-LOGOUT_REDIRECT_URL='https://authentik.company/application/o/<Application slug>/end-session/'
+LOGOUT_REDIRECT_URL='https://authentik.company/application/o/<application_slug>/end-session/'
 ```
 
 The Netbox configuration needs to be extended, for this you can create a new file in the configuration folder, for example `authentik.py`.
@@ -90,7 +90,7 @@ LOGOUT_REDIRECT_URL = environ.get('LOGOUT_REDIRECT_URL')
 #SOCIAL_AUTH_OIDC_ENDPOINT = 'https://authentik.company/application/o/<Application
 #SOCIAL_AUTH_OIDC_KEY = '<Client ID>'
 #SOCIAL_AUTH_OIDC_SECRET = '<Client Secret>'
-#LOGOUT_REDIRECT_URL = 'https://authentik.company/application/o/<Application slug>/end-session/
+#LOGOUT_REDIRECT_URL = 'https://authentik.company/application/o/<application_slug>/end-session/
 ```
 
 ### Groups

website/integrations/services/nextcloud/index.mdx

@@ -145,7 +145,7 @@ Depending on your Nextcloud configuration, you may need to use `https://nextclou
     - **Identifier**: `authentik`
     - **Client ID**: Client ID from authentik
     - **Client secret**: Client secret from authentik
-    - **Discovery endpoint**: `https://authentik.company/application/o/<application-slug>/.well-known/openid-configuration`
+    - **Discovery endpoint**: `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`
     - **Scope**: `email profile openid`
     - Under **Attribute mappings**:
 
@@ -309,8 +309,8 @@ To grant Nextcloud admin access to authentik users you will need to create a pro
 
     - **Optional display name**: `authentik`
     - **Identifier of the IdP entity**: `https://authentik.company`
-    - **URL target for authentication requests**: `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`
+    - **URL target for authentication requests**: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
-    - **URL for SLO requests**: `https://authentik.company/application/saml/<application-slug>/slo/binding/redirect/`
+    - **URL for SLO requests**: `https://authentik.company/application/saml/<application_slug>/slo/binding/redirect/`
     - **Public X.509 certificate of the IdP**: Paste the contents of your certificate file.
     - **Set attribute mappings**:
         - **Display name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`

website/integrations/services/node-red/index.md

@@ -73,7 +73,7 @@ strategy: {
         icon:"fa-cloud",
         strategy: require("passport-openidconnect").Strategy,
         options: {
-                issuer: 'https://authentik.company/application/o/<application-slug>/',
+                issuer: 'https://authentik.company/application/o/<application_slug>/',
                 authorizationURL: 'https://authentik.company/application/o/authorize/',
                 tokenURL: 'https://authentik.company/application/o/token/',
                 userInfoURL: 'https://authentik.company/application/o/userinfo/',

website/integrations/services/open-webui/index.md

@@ -49,7 +49,7 @@ Enter the following details from the authentik provider:
 - Set **OAUTH_CLIENT_ID** to the Client ID copied from authentik.
 - Set **OAUTH_CLIENT_SECRET** to the Client Secret copied from authentik.
 - Set **OAUTH_PROVIDER_NAME** to `authentik`.
-- Set **OPENID_PROVIDER_URL** to `https://authentik.company/application/o/your-slug-here/.well-known/openid-configuration`.
+- Set **OPENID_PROVIDER_URL** to `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`.
 - Set **OPENID_REDIRECT_URI** to `https://openwebui.company/oauth/oidc/callback`.
 - If you wish for new users to be created on Open Web UI, set **ENABLE_OAUTH_SIGNUP** to 'true'.
 

website/integrations/services/outline/index.md

@@ -53,7 +53,7 @@ OIDC_CLIENT_SECRET=
 OIDC_AUTH_URI=https://authentik.company/application/o/authorize/
 OIDC_TOKEN_URI=https://authentik.company/application/o/token/
 OIDC_USERINFO_URI=https://authentik.company/application/o/userinfo/
-OIDC_LOGOUT_URI=https://authentik.company/application/o/wiki/end-session/
+OIDC_LOGOUT_URI=https://authentik.company/application/o/<application_slug>/end-session/
 OIDC_USERNAME_CLAIM=preferred_username
 OIDC_DISPLAY_NAME=authentik
 OIDC_SCOPES=openid profile email

website/integrations/services/paperless-ngx/index.mdx

@@ -71,7 +71,7 @@ environment:
                 "client_id": "<Client ID>",
                 "secret": "<Client Secret>",
                 "settings": {
-                  "server_url": "https://authentik.company/application/o/<slug>/.well-known/openid-configuration"
+                  "server_url": "https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration"
                 }
               }
             ],

website/integrations/services/pgadmin/index.md

@@ -68,7 +68,7 @@ To configure OAuth in pgAdmin, you can either use the `config_local.py` file or
         'OAUTH2_AUTHORIZATION_URL': 'https://authentik.company/application/o/authorize/',
         'OAUTH2_API_BASE_URL': 'https://authentik.company/',
         'OAUTH2_USERINFO_ENDPOINT': 'https://authentik.company/application/o/userinfo/',
-        'OAUTH2_SERVER_METADATA_URL': 'https://authentik.company/application/o/<App Slug>/.well-known/openid-configuration',
+        'OAUTH2_SERVER_METADATA_URL': 'https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration',
         'OAUTH2_SCOPE': 'openid email profile',
         'OAUTH2_ICON': '<Fontawesome icon key (e.g., fa-key)>',
         'OAUTH2_BUTTON_COLOR': '<Hexadecimal color code for the login button>'
@@ -90,7 +90,7 @@ For deployments using Docker or Kubernetes, you can configure OAuth using the fo
 ```bash
 PGADMIN_CONFIG_AUTHENTICATION_SOURCES="['oauth2', 'internal']"
 PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER=True
-PGADMIN_CONFIG_OAUTH2_CONFIG="[{'OAUTH2_NAME':'authentik','OAUTH2_DISPLAY_NAME':'Login with authentik','OAUTH2_CLIENT_ID':'<Client ID from authentik>','OAUTH2_CLIENT_SECRET':'<Client secret from authentik>','OAUTH2_TOKEN_URL':'https://authentik.company/application/o/token/','OAUTH2_AUTHORIZATION_URL':'https://authentik.company/application/o/authorize/','OAUTH2_API_BASE_URL':'https://authentik.company/','OAUTH2_USERINFO_ENDPOINT':'https://authentik.company/application/o/userinfo/','OAUTH2_SERVER_METADATA_URL':'https://authentik.company/application/o/<App Slug>/.well-known/openid-configuration','OAUTH2_SCOPE':'openid email profile','OAUTH2_ICON':'<Fontawesome icon key (e.g., fa-key)>','OAUTH2_BUTTON_COLOR':'<Hexadecimal color code for the login button>'}]"
+PGADMIN_CONFIG_OAUTH2_CONFIG="[{'OAUTH2_NAME':'authentik','OAUTH2_DISPLAY_NAME':'Login with authentik','OAUTH2_CLIENT_ID':'<Client ID from authentik>','OAUTH2_CLIENT_SECRET':'<Client secret from authentik>','OAUTH2_TOKEN_URL':'https://authentik.company/application/o/token/','OAUTH2_AUTHORIZATION_URL':'https://authentik.company/application/o/authorize/','OAUTH2_API_BASE_URL':'https://authentik.company/','OAUTH2_USERINFO_ENDPOINT':'https://authentik.company/application/o/userinfo/','OAUTH2_SERVER_METADATA_URL':'https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration','OAUTH2_SCOPE':'openid email profile','OAUTH2_ICON':'<Fontawesome icon key (e.g., fa-key)>','OAUTH2_BUTTON_COLOR':'<Hexadecimal color code for the login button>'}]"
 ```
 
 ### General Notes

website/integrations/services/powerdns-admin/index.md

@@ -41,9 +41,9 @@ Set the following values:
 ```env
 SAML_ENABLED=True
 SAML_PATH=os.path.join(os.path.dirname(file), 'saml')
-SAML_METADATA_URL=https://authentik.company/application/saml/<application-slug>/metadata/
+SAML_METADATA_URL=https://authentik.company/application/saml/<application_slug>/metadata/
 SAML_METADATA_CACHE_LIFETIME=1
-SAML_LOGOUT_URL=https://authentik.company/application/saml/<application-slug>/slo/binding/redirect/
+SAML_LOGOUT_URL=https://authentik.company/application/saml/<application_slug>/slo/binding/redirect/
 SAML_SP_ENTITY_ID=pdns-admin
 SAML_SP_CONTACT_NAME=me
 SAML_SP_CONTACT_MAIL=me

website/integrations/services/push-security/index.mdx

@@ -91,7 +91,7 @@ Push Security requires separate first and last names for each user, but authenti
 3. Click **Get Started**, select **Custom SAML**, and click **Next**.
 4. Copy both the **Single Sign-On URL** and the **Service Provider Entity URL**. You’ll need these values in the next section.
 5. Click **Next**.
-6. Choose **Manual**, and enter the following as the **Single Sign-On Login URL**: `https://authentik.company/application/saml/<application-slug>/sso/binding/post/`
+6. Choose **Manual**, and enter the following as the **Single Sign-On Login URL**: `https://authentik.company/application/saml/<application_slug>/sso/binding/post/`
 7. Click **Upload signing certificate**, and upload the certificate downloaded from authentik.
 8. _(Optional but recommended)_ Under **Advanced Settings**, enable **Sign request**. Then download the verification certificate. You’ll need to import this into authentik. Refer to the [authentik certificate documentation](../../../docs/sys-mgmt/certificates#external-certificates) for guidance.
 9. Click **Next**.

website/integrations/services/rustdesk-pro/index.mdx

@@ -54,11 +54,11 @@ To support the integration of Rustdesk Server Pro with authentik, you need to cr
     - Set **Name** to `authentik`
     - Set **Client ID** to the Client ID copied from authentik.
     - Set **Client secret** to the Client Secret copied from authentik.
-    - Set **Issuer** to `https://authentik.company/application/o/slug/`
+    - Set **Issuer** to `https://authentik.company/application/o/<application_slug>/`
     - Set **Authorization Endpoint** to `https://authentik.company/application/o/authorize/`
     - Set **Token Endpoint** to `https://authentik.company/application/o/token/`
     - Set **Userinfo Endpoint** to `https://authentik.company/application/o/userinfo/`
-    - Set **JWKS Endpoint** to `https://authentik.company/application/o/slug/jwks/`
+    - Set **JWKS Endpoint** to `https://authentik.company/application/o/<application_slug>/jwks/`
 
 :::info
 Users are created automatically on login. Permissions must be assigned by an administrator after user creation.

website/integrations/services/semaphore/index.mdx

@@ -53,7 +53,7 @@ Add the `oidc_providers` configuration:
   "oidc_providers": {
     "authentik": {
       "display_name": "Sign in with authentik",
-      "provider_url": "https://authentik.company/application/o/<slug>/",
+      "provider_url": "https://authentik.company/application/o/<application_slug>/",
       "client_id": "<client-id>",
       "client_secret": "<client-secret>",
       "redirect_url": "https://semaphore.company/api/auth/oidc/authentik/redirect/",

website/integrations/services/semgrep/index.md

@@ -55,7 +55,7 @@ This documentation lists only the settings that you need to change from their de
 5. Fill in the following:
     - **Display name**: Anything you like.
     - **Email domain**: `company`
-    - **IdP SSO URL**: `https://authentik.company/application/saml/<semgrep slug>/sso/binding/post/`
+    - **IdP SSO URL**: `https://authentik.company/application/saml/<application_slug>/sso/binding/post/`
     - **IdP Issuer ID**: `https://authentik.company`
     - **Upload/paste certificate**: Downloaded from the previous step.
 

website/integrations/services/skyhigh/index.md

@@ -31,11 +31,11 @@ This documentation lists only the settings that you need to change from their de
 
 While logged in to your Skyhigh Security Dashboard, click the configuration gear and navigate to `User Management` -> `SAML Configuration` -> `Skyhigh Cloud Users` tab
 
-Under the `Identity Provider` section enter the following values (replace `<slug>` with the name of the application slug you will use):
+Under the `Identity Provider` section enter the following values:
 
 - Issuer: `https://authentik.company/skyhigh-dashboard`
 - Certificate: Upload the signing certificate you will use for the Authentik provider
-- Login URL: `https://authentik.company/application/saml/<slug>/sso/binding/init/`
+- Login URL: `https://authentik.company/application/saml/<application_slug>/sso/binding/init/`
 - SP-Initiated Request Binding: HTTP-POST
 - User exclusions: Select at least one administrator account to login directly (in case something goes wrong with SAML)
 
@@ -78,11 +78,11 @@ While logged in to your Skyhigh Security Dashboard, click the configuration gear
 
 Under the `Setup SAML` section click the `New SAML` button.
 
-Configure your SAML provider as follows (replace `<slug>` with the name of your slug):
+Configure your SAML provider as follows:
 
 - SAML Configuration Name: Enter a descriptive name here
 - Service Provider Entity ID: `https://login.auth.ui.trellix.com/sso/saml2`
-- SAML Identity Provider URL: `https://authentik.company/application/saml/<slug>/sso/binding/post/`
+- SAML Identity Provider URL: `https://authentik.company/application/saml/<application_slug>/sso/binding/post/`
 - Identity Provider Entity ID: `https://authentik.company/skyhigh-swg`
 - User ID Attribute in SAML Response: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`
 - Group ID Attribute in SAML Response: `http://schemas.xmlsoap.org/claims/Group`

website/integrations/services/tandoor/index.md

@@ -46,7 +46,7 @@ Add the following environment variables to your tandoor configuration. Make sure
 
 ```sh
 SOCIAL_PROVIDERS=allauth.socialaccount.providers.openid_connect
-SOCIALACCOUNT_PROVIDERS='{"openid_connect":{"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"<Client ID from authentik>","secret":"<Client Secret from authentik>","settings":{"server_url":"https://authentik.company/application/o/<application slug>/.well-known/openid-configuration"}}]}}'
+SOCIALACCOUNT_PROVIDERS='{"openid_connect":{"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"<Client ID from authentik>","secret":"<Client Secret from authentik>","settings":{"server_url":"https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration"}}]}}'
 ```
 
 Restart the Tandoor service for the changes to take effect.

website/integrations/services/terrakube/index.md

@@ -56,7 +56,7 @@ This guide assumes that you have environment variables `$TERRAKUBE_OIDC_CLIENT_I
           id: TerrakubeClient
           name: TerrakubeClient
           config:
-              issuer: "https://authentik.company/application/o/<Your application slug>/"
+              issuer: "https://authentik.company/application/o/<application_slug>/"
               clientID: $TERRAKUBE_OIDC_CLIENT_ID
               clientSecret: $TERRAKUBE_OIDC_CLIENT_SECRET
               redirectURI: "https://terrakube-dex.company/dex/callback"

website/integrations/services/ubuntu-landscape/index.md

@@ -51,7 +51,7 @@ To support the integration of Landscape with authentik, you need to create an ap
 On the Landscape Server, edit the file `/etc/landscape/service.conf` and add the following snippet under the `[landscape]` section:
 
 ```
-oidc-issuer = https://authentik.company/application/o/<slug of the application you've created>/
+oidc-issuer = https://authentik.company/application/o/<application_slug>/
 oidc-client-id = <client ID of the provider you've created>
 oidc-client-secret = <client Secret of the provider you've created>
 ```

website/integrations/services/weblate/index.md

@@ -73,7 +73,7 @@ To support the integration of Weblate with authentik, you need to create an appl
 - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
     - Set the **ACS URL** to `https://weblate.company/accounts/complete/saml/`.
     - Set the **Audience** to `https://weblate.company/accounts/metadata/saml/`.
-    - Set the **Issuer** to `https://authentik.company/application/saml/application-slug/sso/binding/redirect/`.
+    - Set the **Issuer** to `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`.
     - Set the **Service Provider Binding** to `Post`.
     - Under **Advanced protocol settings**, select an available signing certificate. Then, under **Property mappings**, add the ones you just created.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
@@ -90,8 +90,8 @@ The variables below need to be set, depending on if you deploy in a container or
 Variables to set
 
 - ENABLE_HTTPS: `1`
-- SAML_IDP_ENTITY_ID: `https://authentik.company/application/saml/weblate-slug/sso/binding/redirect/`
+- SAML_IDP_ENTITY_ID: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
-- SAML_IDP_URL: `https://authentik.company/application/saml/weblate-slug/sso/binding/redirect/`
+- SAML_IDP_URL: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
 - SAML_IDP_X509CERT: `MIIFDjCCAvagAwIBAgIRAJV8hH0wGkhGvbhhDKppWIYwDQYJKoZIhvcNAQELBQAw....F9lT9hHwHhsnA=`
 
 The `SAML_IDP_X509CERT` is the certificate in the SAML Metadata `X509Certificate` key.

website/integrations/services/youtrack/index.md

@@ -54,7 +54,7 @@ To support the integration of YouTrack with authentik, you need to create an app
 2. Click **New module**, then select **SAML 2.0**.
 3. Fill out the form with the following information:
     - **Name**: Set an appropriate name (e.g. `authentik`)
-    - **SAML SSO URL**: `https://authentik.company/application/saml/<application slug>/sso/binding/redirect/`
+    - **SAML SSO URL**: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
     - **IdP entity ID**: `https://youtrack.company/admin/hub/`
     - **Certificate fingerprint**: Set to the SHA-256 fingerprint retrieved in the previous step.
 4. Click **Create** to submit the form and take note of the **ACS URL**.

website/integrations/services/zulip/index.md

@@ -65,7 +65,7 @@ SOCIAL_AUTH_SAML_ENABLED_IDPS: Dict[str, Any] = {
 
 	    # KEEP OTHER SETTINGS AS DEFAULT OR CONFIGURE THEM ACCORDING TO YOUR PREFERENCES
         "entity_id": "https://authentik.company",
-        "url": "https://authentik.company/application/saml/<application slug>/sso/binding/redirect/",
+        "url": "https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/",
         "display_name": "authentik SAML",
     },
 }