habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

website/integrations: standardize application slug placeholder in docs (#15007)

Browse Source 
Standardizes application slug placeholder in docs
This commit is contained in:
Dewi Roberts
2025-06-11 16:52:21 +01:00
committed by GitHub
parent a44375a9d8
commit 6ec745ddc0
49 changed files with 77 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
website/integrations/services/apache-guacamole/index.mdx
View File

@ -64,8 +64,8 @@ Docker containers are typically configured using environment variables. To ensur
```yaml showLineNumbers
OPENID_AUTHORIZATION_ENDPOINT=https://authentik.company/application/o/authorize/
OPENID_CLIENT_ID=<Client ID from authentik>
OPENID_ISSUER=https://authentik.company/application/o/<your-slug>/
OPENID_JWKS_ENDPOINT=https://authentik.company/application/o/<your-slug>/jwks/
OPENID_ISSUER=https://authentik.company/application/o/<application_slug>/
OPENID_JWKS_ENDPOINT=https://authentik.company/application/o/<application_slug>/jwks/
OPENID_REDIRECT_URI=https://guacamole.company/
OPENID_USERNAME_CLAIM_TYPE=preferred_username
```
@ -83,8 +83,8 @@ Additionally, ensure your `guacamole.properties` file (typically located in `/et
```yaml showLineNumbers title="/etc/guacamole/guacamole.properties"
openid-authorization-endpoint=https://authentik.company/application/o/authorize/
openid-client-id=<Client ID from authentik>
openid-issuer=https://authentik.company/application/o/<your-slug>/
openid-jwks-endpoint=https://authentik.company/application/o/<your-slug>/jwks/
openid-issuer=https://authentik.company/application/o/<application_slug>/
openid-jwks-endpoint=https://authentik.company/application/o/<application_slug>/jwks/
openid-redirect-uri=https://guacamole.company/
openid-username-claim-type=preferred_username
```

2
website/integrations/services/argocd/index.md
View File

@ -78,7 +78,7 @@ url: https://argocd.company
dex.config: |
connectors:
- config:
issuer: https://authentik.company/application/o/<application slug defined in step 2>/
issuer: https://authentik.company/application/o/<application_slug>/
clientID: <client ID from the Provider above>
clientSecret: $dex.authentik.clientSecret
insecureEnableGroups: true

2
website/integrations/services/aruba-orchestrator/index.md
View File

@ -65,7 +65,7 @@ To support the integration of Aruba Orchestrator with authentik, you need to cre
- **Name**: `authentik`
- **Username Attribute**: `http://schemas.goauthentik.io/2021/02/saml/username`
- **Issuer URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
- **SSO Endpoint**: `https://authentik.company/application/saml/<slug>/sso/binding/init/` (replace \<slug\> with application slug name)
- **SSO Endpoint**: `https://authentik.company/application/saml/<application_slug>/sso/binding/init/`
- **IdP X509 Cert**: (paste in the downloaded signing certificate)
- **ACS URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`
- **EdgeConnect SLO Endpoint**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/logout`

2
website/integrations/services/atlassian/index.mdx
View File

@ -67,7 +67,7 @@ To support the integration of Atlassian Cloud with authentik, you need to create
5. Click **Set up SAML single sign-on** and then **Next**.
6. Set the following required configurations:
- **Identity provider Entity ID**: `authentik`
- **Identity provider SSO URL**: `https://authentik.company/application/saml/<application slug>/sso/binding/redirect/`
- **Identity provider SSO URL**: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
- **Public x509 certificate**: enter the contents of the certificate that was downloaded in the previous section.
7. Click **Add**.
8. You will be shown a **Service provider entity URL** and **Service provider assertion consumer service URL**. Copy both, they will be required in authentik.

2
website/integrations/services/awx-tower/index.md
View File

@ -81,7 +81,7 @@ In the `SAML Enabled Identity Providers` paste the following configuration:
"attr_username": "http://schemas.goauthentik.io/2021/02/saml/username",
"attr_user_permanent_id": "http://schemas.goauthentik.io/2021/02/saml/uid",
"x509cert": "MIIDEjCCAfqgAwIBAgIRAJZ9pOZ1g0xjiHtQAAejsMEwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UEAwwlcGFzc2Jvb2sgU2VsZi1zaWduZWQgU0FNTCBDZXJ0aWZpY2F0ZTAeFw0xOTEyMjYyMDEwNDFaFw0yMDEyMjYyMDEwNDFaMFkxLjAsBgNVBAMMJXBhc3Nib29rIFNlbGYtc2lnbmVkIFNBTUwgQ2VydGlmaWNhdGUxETAPBgNVBAoMCHBhc3Nib29rMRQwEgYDVQQLDAtTZWxmLXNpZ25lZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO/ktBYZkY9xAijF4acvzX6Q1K8KoIZeyde8fVgcWBz4L5FgDQ4/dni4k2YAcPdwteGL4nKVzetUzjbRCBUNuO6lqU4J4WNNX4Xg4Ir7XLRoAQeo+omTPBdpJ1p02HjtN5jT01umN3bK2yto1e37CJhK6WJiaXqRewPxh4lI4aqdj3BhFkJ3I3r2qxaWOAXQ6X7fg3w/ny7QP53//ouZo7hSLY3GIcRKgvdjjVM3OW5C3WLpOq5Dez5GWVJ17aeFCfGQ8bwFKde6qfYqyGcU9xHB36TtVHB9hSFP/tUFhkiSOxtsrYwCgCyXm4UTSpP+wiNyjKfFw7qGLBvA2hGTNw8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh9PeAqPRQk1/SSygIFADZBi08O/DPCshFwEHvJATIcTzcDD8UGAjXh+H5OlkDyX7KyrcaNvYaafCUo63A+WprdtdY5Ty6SBEwTYyiQyQfwM9BfK+imCoif1Ai7xAelD7p9lNazWq7JU+H/Ep7U7Q7LvpxAbK0JArt+IWTb2NcMb3OWE1r0gFbs44O1l6W9UbJTbyLMzbGbe5i+NHlgnwPwuhtRMh0NUYabGHKcHbhwyFhfGAQv2dAp5KF1E5gu6ZzCiFePzc0FrqXQyb2zpFYcJHXquiqaOeG7cZxRHYcjrl10Vxzki64XVA9BpdELgKSnupDGUEJsRUt3WVOmvZuA==",
"url": "https://authentik.company/application/saml/<slug>/sso/binding/redirect/",
"url": "https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/",
"entity_id": "https://awx.company/sso/metadata/saml/",
"attr_email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"attr_first_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"

4
website/integrations/services/bitwarden/index.mdx
View File

@ -143,8 +143,8 @@ To support the integration of Bitwarden with authentik, you need to create an ap
- **Expect signed assertions**: Select this option.
- Under **SAML identity provider configuration**:
- **Entity ID**: `authentik`
- **Single sign-on service URL**: `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`
- **Single log-out service URL**: `https://authentik.company/application/saml/<application-slug>/slo/binding/redirect/`
- **Single sign-on service URL**: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
- **Single log-out service URL**: `https://authentik.company/application/saml/<application_slug>/slo/binding/redirect/`
- **X509 public certificate**: Paste the contents of your certificate file.
3. Under **SAML service provider configuration**, take note of the **SP entity ID** and **Assertion consumer service (ACS) URL** values. These will be required in the next section.
4. Click **Save**.

2
website/integrations/services/coder/index.md
View File

@ -45,7 +45,7 @@ To support the integration of Coder with authentik, you need to create an applic
To support the integration of Coder with authentik, add the following environment variables to your Coder deployment:
```yaml showLineNumbers
CODER_OIDC_ISSUER_URL=https://authentik.company/application/o/<application slug>/
CODER_OIDC_ISSUER_URL=https://authentik.company/application/o/<application_slug>/
CODER_OIDC_EMAIL_DOMAIN=acme.company,acme-corp.company
CODER_OIDC_CLIENT_ID=<Client ID from authentik>
CODER_OIDC_CLIENT_SECRET=<Client secret from authentik>

2
website/integrations/services/filerise/index.mdx
View File

@ -45,7 +45,7 @@ To support the integration of FileRise with authentik, you need to create an app
1. Log in to FileRise as an administrator.
2. Click on your profile icon in the upper right corner, then select **Admin Panel**.
3. Open the **OIDC Configuration & TOTP** section and configure the following settings:
- **OIDC Provider URL**: `https://authentik.company/application/o/<application-slug>/`
- **OIDC Provider URL**: `https://authentik.company/application/o/<application_slug>/`
- **OIDC Client OpenID**: Client ID from authentik.
- **OIDC Client Secret**: Client Secret from authentik.
- **OIDC Redirect URI**: `https://filerise.company/api/auth/auth.php?oidc=callback`

11
website/integrations/services/fortigate-admin/index.md
View File

@ -69,20 +69,17 @@ Under **IdP Details**, set the following values:
- **SP entity ID**: `https`
- **IdP Type**: `Custom`
- **IdP entity ID**: `https://authentik.company`
- **IdP Login URL**: `https://authentik.company/application/saml/slug-from-authentik/sso/binding/redirect/`
- **IdP Logout URL**: `https://authentik.company/application/saml/slug-from-authentik/slo/binding/redirect/`
- **IdP Login URL**: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
- **IdP Logout URL**: `https://authentik.company/application/saml/<application_slug>/slo/binding/redirect/`
FortiGate creates a new user by default if one does not exist, so you will need to set the Default Admin Profile to the permissions you want any new users to have. (I have created a `no_permissions` profile to assign by default.)
Under `SP Details` set the **SP entity ID** to `https`. Note it for later use (this is your Audience value of the authentik SP-provider).
> [!IMPORTANT]
> On both `IdP Login and Logout URL` change the `<SLUG>` to your own from the authentik application you have created.
- Set `IdP Type` to `Custom`
- Set `IdP entity ID` to `https://authentik.company`
- Set `IdP Login URL` to `https://authentik.company/application/saml/<SLUG>/sso/binding/redirect/`
- Set `IdP Logout URL` to `https://authentik.company/application/saml/<SLUG>/slo/binding/redirect/`
- Set `IdP Login URL` to `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
- Set `IdP Logout URL` to `https://authentik.company/application/saml/<application_slug>/slo/binding/redirect/`
- Set `IdP Certificate` to `ak.cert`
## Troubleshooting

6
website/integrations/services/fortimanager/index.md
View File

@ -34,7 +34,7 @@ To support the integration of FortiManager with authentik, you need to create an
- **Choose a Provider type**: select **SAML Provider** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Set the **ACS URL** to `https://fortimanager.company/saml/?acs`.
- Set the **Issuer** to `https://authentik.company/application/saml/application-slug/sso/binding/redirect/`.
- Set the **Issuer** to `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`.
- Set the **Service Provider Binding** to `Post`.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
@ -48,8 +48,8 @@ To support the integration of FortiManager with authentik, you need to create an
4. Choose the **Default Login Page** as either **Normal** or **Single Sign-On**. Selecting **Normal** allows both local and SAML authentication, while **Single Sign-On** restricts login to SAML only.
5. By default, FortiManager creates a new user if one does not exist. Set the **Default Admin Profile** to assign the desired permissions to new users. A `no_permissions` profile is created by default for this purpose.
6. Set the **IdP Type** field to **Custom**.
7. For the **IdP Entity ID** field, enter: `https://authentik.company/application/saml/application-slug/sso/binding/redirect/`
8. Set the **IdP Login URL** to: `https://authentik.company/application/saml/application-slug/sso/binding/redirect/`
7. For the **IdP Entity ID** field, enter: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
8. Set the **IdP Login URL** to: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
9. Set the **IdP Logout URL** to: `https://authentik.company/`
10. In the **IdP Certificate** field, import your authentik certificate (either self-signed or valid).

6
website/integrations/services/gitea/index.md
View File

@ -50,7 +50,7 @@ To support the integration of Gitea with authentik, you need to create an applic
- **Client ID (Key)**: Enter the Client ID from authentik.
- **Client Secret**: Enter the Client Secret from authentik.
- **Icon URL**: `https://authentik.company/static/dist/assets/icons/icon.png`
- **OpenID Connect Auto Discovery URL**: `https://authentik.company/application/o/<slug>/.well-known/openid-configuration`
- **OpenID Connect Auto Discovery URL**: `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`
- **Additional Scopes**: `email profile`
![](./gitea1.png)
@ -158,7 +158,7 @@ gitea:
provider: "openidConnect"
key: "<Client ID from authentik>"
secret: "<Client secret from authentik>"
autoDiscoverUrl: "https://authentik.company/application/o/<slug>/.well-known/openid-configuration"
autoDiscoverUrl: "https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration"
iconUrl: "https://authentik.company/static/dist/assets/icons/icon.png"
scopes: "email profile"
```
@ -188,7 +188,7 @@ gitea:
- name: "authentik"
provider: "openidConnect"
existingSecret: gitea-authentik-secret
autoDiscoverUrl: "https://authentik.company/application/o/<slug>/.well-known/openid-configuration"
autoDiscoverUrl: "https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration"
iconUrl: "https://authentik.company/static/dist/assets/icons/icon.png"
scopes: "email profile"
```

2
website/integrations/services/github-enterprise-cloud/index.md
View File

@ -55,7 +55,7 @@ In the left-hand navigation, within the `Settings` section, click `Authenticatio
On this page:
- Select the `Require SAML authentication` checkbox.
- In `Sign on URL`, type `https://authentik.company/application/saml/<authentik application slug>/sso/binding/redirect/`
- In `Sign on URL`, type `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
- For `Issuer`, type `https://github.com/enterprises/foo` or the `Audience` you set in authentik
- For `Public certificate`, paste the _full_ signing certificate into this field.
- Verify that the `Signature method` and `Digest method` match your SAML provider settings in authentik.

2
website/integrations/services/github-organization/index.md
View File

@ -51,7 +51,7 @@ In the left-hand navigation, scroll down to the Security section and click `Auth
On this page:
- Select the `Enable SAML authentication` checkbox.
- In `sign-on URL`, type `https://authentik.company/application/saml/<authentik application slug>/sso/binding/redirect/`
- In `sign-on URL`, type `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
- For `Issuer`, type `https://github.com/orgs/foo` or the `Audience` you set in authentik
- For `Public certificate`, paste the _full_ signing certificate into this field.
- Verify that the `Signature method` and `Digest method` match your SAML provider settings in authentik.

4
website/integrations/services/gitlab/index.mdx
View File

@ -78,7 +78,7 @@ gitlab_rails['omniauth_providers'] = [
assertion_consumer_service_url: 'https://gitlab.company/users/auth/saml/callback',
# Shown when navigating to certificates in authentik
idp_cert_fingerprint: '4E:1E:CD:67:4A:67:5A:E9:6A:D0:3C:E6:DD:7A:F2:44:2E:76:00:6A',
idp_sso_target_url: 'https://authentik.company/application/saml/<gitlab application slug>/sso/binding/redirect/',
idp_sso_target_url: 'https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/',
issuer: 'https://gitlab.company',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
attribute_statements: {
@ -138,7 +138,7 @@ gitlab_rails['omniauth_providers'] = [
name: 'openid_connect',
scope: ['openid','profile','email'],
response_type: 'code',
issuer: 'https://authentik.company/application/o/gitlab-slug/',
issuer: 'https://authentik.company/application/o/<application_slug>/',
discovery: true,
client_auth_method: 'query',
uid_field: 'preferred_username',

2
website/integrations/services/glitchtip/index.md
View File

@ -60,7 +60,7 @@ sudo docker exec -it glitchtip-web-1 ./manage.py createsuperuser
- Client ID: &lt;Client ID from authentik>
- Secret key: &lt;Client Secret from authentik>
- Key: leave blank
- Settings: `{"server_url": "https://authentik.company/application/o/<Slug of the application from above>/"}`
- Settings: `{"server_url": "https://authentik.company/application/o/<application_slug>/"}`
The URL should match the **OpenID Configuration Issuer** URL for the authentik provider.
This will add a **Log in with Authentik** button to the GlitchTip log in page. To add an authentik account to an existing GlitchTip account, log in using the username/password, click _Profile_, then click _Add Account_ in the _Social Auth Accounts_ section.

2
website/integrations/services/globalprotect/index.md
View File

@ -39,7 +39,7 @@ To support the integration of GlobalProtect with authentik, you need to create a
- **Choose a Provider type**: Select **SAML Provider**.
- **Configure the Provider**:
- Set the **ACS URL** to `https://gp.company:443/SAML20/SP/ACS`. (Note the absence of the trailing slash and the inclusion of the web interface port)
- Set the **Issuer** to `https://authentik.company/application/saml/application-slug/sso/binding/redirect/`.
- Set the **Issuer** to `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`.
- Set the **Service Provider Binding** to `Post`.
- Under **Advanced protocol settings**, select an available signing certificate.
3. Click **Submit** to save the new application and provider.

6
website/integrations/services/grafana/index.mdx
View File

@ -124,7 +124,7 @@ environment:
GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://authentik.company/application/o/authorize/"
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://authentik.company/application/o/token/"
GF_AUTH_GENERIC_OAUTH_API_URL: "https://authentik.company/application/o/userinfo/"
GF_AUTH_SIGNOUT_REDIRECT_URL: "https://authentik.company/application/o/<Slug of the application from above>/end-session/"
GF_AUTH_SIGNOUT_REDIRECT_URL: "https://authentik.company/application/o/<application_slug>/end-session/"
# Optionally enable auto-login (bypasses Grafana login screen)
GF_AUTH_OAUTH_AUTO_LOGIN: "true"
# Optionally map user groups to Grafana roles
@ -139,7 +139,7 @@ If you are using a config-file instead, you have to set these options:
```ini
[auth]
signout_redirect_url = https://authentik.company/application/o/<Slug of the application from above>/end-session/
signout_redirect_url = https://authentik.company/application/o/<application_slug>/end-session/
# Optionally enable auto-login
oauth_auto_login = true
@ -163,7 +163,7 @@ If you are using a Helm `values.yaml` file instead, you have to set these option
```yaml
grafana.ini:
auth:
signout_redirect_url: "https://authentik.company/application/o/<Slug of the application from above>/end-session/"
signout_redirect_url: "https://authentik.company/application/o/<application_slug>/end-session/"
oauth_auto_login: true
auth.generic_oauth:
name: authentik

2
website/integrations/services/gravitee/index.md
View File

@ -56,5 +56,5 @@ Only settings that have been modified from default have been listed.
- **Token Endpoint**: `https://authentik.company/application/o/token/`
- **Authorize Endpoint**: `https://authentik.company/application/o/authorize/`
- **Userinfo Endpoint**: `https://authentik.company/application/o/userinfo/`
- **Userinfo Logout Endpoint**: `https://authentik.company/application/o/application-slug/end-session/`
- **Userinfo Logout Endpoint**: `https://authentik.company/application/o/<application_slug>/end-session/`
- **Scopes**: `email openid profile`

2
website/integrations/services/gravity/index.md
View File

@ -49,7 +49,7 @@ To support the integration of Gravity with authentik, you need to create an appl
1. From the **Gravity administrative interface**, navigate to **Cluster** > **Roles** and click **API**.
2. Under the **OIDC** sub-section, configure the following values:
- **Issuer**: `https://authentik.company/application/o/application-slug/`
- **Issuer**: `https://authentik.company/application/o/<application_slug>/`
- **Client ID**: Your Client ID from authentik
- **Client Secret**: Your Client Secret from authentik
- **Redirect URL**: `https://gravity.company/auth/oidc/callback`

2
website/integrations/services/hashicorp-vault/index.md
View File

@ -53,7 +53,7 @@ Configure the oidc auth method, oidc discovery url is the OpenID Configuration I
```
vault write auth/oidc/config \
oidc_discovery_url="https://authentik.company/application/o/vault-slug/" \
oidc_discovery_url="https://authentik.company/application/o/<application_slug>/" \
oidc_client_id="Client ID" \
oidc_client_secret="Client Secret" \
default_role="reader"

2
website/integrations/services/homarr/index.md
View File

@ -48,7 +48,7 @@ Add the following environment variables to your Homarr configuration. Make sure
AUTH_PROVIDERS="oidc,credentials"
AUTH_OIDC_CLIENT_ID=<Client ID from authentik>
AUTH_OIDC_CLIENT_SECRET=<Client secret from authentik>
AUTH_OIDC_ISSUER=https://authentik.company/application/o/<slug from authentik>/
AUTH_OIDC_ISSUER=https://authentik.company/application/o/<application_slug>/
AUTH_OIDC_URI=https://authentik.company/application/o/authorize
AUTH_OIDC_CLIENT_NAME=authentik
OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING=true

2
website/integrations/services/jenkins/index.md
View File

@ -50,7 +50,7 @@ Modify the **Security Realm** option to select `Login with Openid Connect`.
In the **Client id** and **Client secret** fields, enter the Client ID and Client Secret values from the provider you created.
Set the configuration mode to **Automatic configuration** and set the **Well-known configuration endpoint** to `https://authentik.company/application/o/<Slug of the application from above>/.well-known/openid-configuration`
Set the configuration mode to **Automatic configuration** and set the **Well-known configuration endpoint** to `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`
Check the checkbox **Override scopes** and input the scopes `openid profile email` into the new input field.

4
website/integrations/services/kimai/index.md
View File

@ -82,11 +82,11 @@ kimai:
idp:
entityId: "https://authentik.company/"
singleSignOnService:
url: "https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/"
url: "https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/"
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
# the "single logout" feature was not yet tested, if you want to help, please let me know!
singleLogoutService:
url: "https://authentik.company/application/saml/<application-slug>/slo/binding/redirect/"
url: "https://authentik.company/application/saml/<application_slug>/slo/binding/redirect/"
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
# Signing certificate from *Advanced protocol settings*
x509cert: "XXXXXXXXXXXXXXXXXXXXXXXXXXX=="

2
website/integrations/services/komga/index.md
View File

@ -69,5 +69,5 @@ spring:
provider:
authentik:
user-name-attribute: preferred_username
issuer-uri: https://authentik.company/application/o/<application slug>/
issuer-uri: https://authentik.company/application/o/<application_slug>/
```

2
website/integrations/services/komodo/index.mdx
View File

@ -48,7 +48,7 @@ To support the integration of Komodo with authentik, you need to create an appli
```yaml
KOMODO_OIDC_ENABLED=true
KOMODO_OIDC_PROVIDER=https://authentik.company/application/o/<application-slug>/
KOMODO_OIDC_PROVIDER=https://authentik.company/application/o/<application_slug>/
KOMODO_OIDC_CLIENT_ID=<authentik_client_ID>
KOMODO_OIDC_CLIENT_SECRET=<authentik client secret>
```

2
website/integrations/services/linkwarden/index.md
View File

@ -47,7 +47,7 @@ To configure Linkwarden to use authentik, add the following values to your `.env
```
NEXT_PUBLIC_AUTHENTIK_ENABLED=true
AUTHENTIK_CUSTOM_NAME=authentik # Optionally set a custom provider name. Will be displayed on the login page
AUTHENTIK_ISSUER=https://authentik.company/application/o/<application slug>
AUTHENTIK_ISSUER=https://authentik.company/application/o/<application_slug>
AUTHENTIK_CLIENT_ID=<Your Client ID>
AUTHENTIK_CLIENT_SECRET=<Your Client Secret>
```

2
website/integrations/services/matrix-synapse/index.md
View File

@ -53,7 +53,7 @@ oidc_providers:
- idp_id: authentik
idp_name: authentik
discover: true
issuer: "https://authentik.company/application/o/app-slug/"
issuer: "https://authentik.company/application/o/<application_slug>/"
client_id: "*client id*"
client_secret: "*client secret*"
scopes:

2
website/integrations/services/mealie/index.md
View File

@ -52,7 +52,7 @@ To enable OIDC login with Mealie, update your environment variables to include t
```yaml showLineNumbers
OIDC_AUTH_ENABLED=true
OIDC_PROVIDER_NAME=authentik
OIDC_CONFIGURATION_URL=https://authentik.company/application/o/<slug from authentik>/.well-known/openid-configuration
OIDC_CONFIGURATION_URL=https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration
OIDC_CLIENT_ID=<Client ID from authentik>
OIDC_CLIENT_SECRET=<Client secret from authentik>
OIDC_SIGNUP_ENABLED=true

4
website/integrations/services/minio/index.md
View File

@ -87,7 +87,7 @@ You can set up OpenID in two different ways: via the web interface or the comman
From the sidebar of the main page, go to **Identity -> OpenID**, click **Create**, and then define the configuration as follows:
- Name: MinIO
- Config URL: `https://authentik.company/application/o/<minio slug>/.well-known/openid-configuration`
- Config URL: `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`
- Client ID: Your client ID from the previous step
- Client Secret: Your client secret from the previous step
- Scopes: `openid, email, profile, minio`
@ -103,7 +103,7 @@ After that is done, run the following command to configure the OpenID provider:
```
~ mc admin config set myminio identity_openid \
config_url="https://authentik.company/application/o/<minio slug>/.well-known/openid-configuration" \
config_url="https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration" \
client_id="<client id>" \
client_secret="<client secret>" \
scopes="openid,profile,email,minio"

2
website/integrations/services/netbird/index.md
View File

@ -88,7 +88,7 @@ NetBird requires the service account to have full administrative access to the a
To configure NetBird to use authentik, add the following environment variables to your NetBird deployment:
```yaml showLineNumbers title="setup.env"
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://authentik.company/application/o/<application slug>/.well-known/openid-configuration"
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration"
NETBIRD_USE_AUTH0=false
NETBIRD_AUTH_CLIENT_ID="<Your Client ID>"
NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access api"

6
website/integrations/services/netbox/index.md
View File

@ -54,11 +54,11 @@ REMOTE_AUTH_ENABLED='true'
REMOTE_AUTH_BACKEND='social_core.backends.open_id_connect.OpenIdConnectAuth'
# python-social-auth config
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT='https://authentik.company/application/o/<Application slug>/'
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT='https://authentik.company/application/o/<application_slug>/'
SOCIAL_AUTH_OIDC_KEY='<Client ID>'
SOCIAL_AUTH_OIDC_SECRET='<Client Secret>'
SOCIAL_AUTH_OIDC_SCOPE=openid profile email roles
LOGOUT_REDIRECT_URL='https://authentik.company/application/o/<Application slug>/end-session/'
LOGOUT_REDIRECT_URL='https://authentik.company/application/o/<application_slug>/end-session/'
```
The Netbox configuration needs to be extended, for this you can create a new file in the configuration folder, for example `authentik.py`.
@ -90,7 +90,7 @@ LOGOUT_REDIRECT_URL = environ.get('LOGOUT_REDIRECT_URL')
#SOCIAL_AUTH_OIDC_ENDPOINT = 'https://authentik.company/application/o/<Application
#SOCIAL_AUTH_OIDC_KEY = '<Client ID>'
#SOCIAL_AUTH_OIDC_SECRET = '<Client Secret>'
#LOGOUT_REDIRECT_URL = 'https://authentik.company/application/o/<Application slug>/end-session/
#LOGOUT_REDIRECT_URL = 'https://authentik.company/application/o/<application_slug>/end-session/
```
### Groups

6
website/integrations/services/nextcloud/index.mdx
View File

@ -145,7 +145,7 @@ Depending on your Nextcloud configuration, you may need to use `https://nextclou
- **Identifier**: `authentik`
- **Client ID**: Client ID from authentik
- **Client secret**: Client secret from authentik
- **Discovery endpoint**: `https://authentik.company/application/o/<application-slug>/.well-known/openid-configuration`
- **Discovery endpoint**: `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`
- **Scope**: `email profile openid`
- Under **Attribute mappings**:
@ -309,8 +309,8 @@ To grant Nextcloud admin access to authentik users you will need to create a pro
- **Optional display name**: `authentik`
- **Identifier of the IdP entity**: `https://authentik.company`
- **URL target for authentication requests**: `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`
- **URL for SLO requests**: `https://authentik.company/application/saml/<application-slug>/slo/binding/redirect/`
- **URL target for authentication requests**: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
- **URL for SLO requests**: `https://authentik.company/application/saml/<application_slug>/slo/binding/redirect/`
- **Public X.509 certificate of the IdP**: Paste the contents of your certificate file.
- **Set attribute mappings**:
- **Display name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`

2
website/integrations/services/node-red/index.md
View File

@ -73,7 +73,7 @@ strategy: {
icon:"fa-cloud",
strategy: require("passport-openidconnect").Strategy,
options: {
issuer: 'https://authentik.company/application/o/<application-slug>/',
issuer: 'https://authentik.company/application/o/<application_slug>/',
authorizationURL: 'https://authentik.company/application/o/authorize/',
tokenURL: 'https://authentik.company/application/o/token/',
userInfoURL: 'https://authentik.company/application/o/userinfo/',

2
website/integrations/services/open-webui/index.md
View File

@ -49,7 +49,7 @@ Enter the following details from the authentik provider:
- Set **OAUTH_CLIENT_ID** to the Client ID copied from authentik.
- Set **OAUTH_CLIENT_SECRET** to the Client Secret copied from authentik.
- Set **OAUTH_PROVIDER_NAME** to `authentik`.
- Set **OPENID_PROVIDER_URL** to `https://authentik.company/application/o/your-slug-here/.well-known/openid-configuration`.
- Set **OPENID_PROVIDER_URL** to `https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration`.
- Set **OPENID_REDIRECT_URI** to `https://openwebui.company/oauth/oidc/callback`.
- If you wish for new users to be created on Open Web UI, set **ENABLE_OAUTH_SIGNUP** to 'true'.

2
website/integrations/services/outline/index.md
View File

@ -53,7 +53,7 @@ OIDC_CLIENT_SECRET=
OIDC_AUTH_URI=https://authentik.company/application/o/authorize/
OIDC_TOKEN_URI=https://authentik.company/application/o/token/
OIDC_USERINFO_URI=https://authentik.company/application/o/userinfo/
OIDC_LOGOUT_URI=https://authentik.company/application/o/wiki/end-session/
OIDC_LOGOUT_URI=https://authentik.company/application/o/<application_slug>/end-session/
OIDC_USERNAME_CLAIM=preferred_username
OIDC_DISPLAY_NAME=authentik
OIDC_SCOPES=openid profile email

2
website/integrations/services/paperless-ngx/index.mdx
View File

@ -71,7 +71,7 @@ environment:
"client_id": "<Client ID>",
"secret": "<Client Secret>",
"settings": {
"server_url": "https://authentik.company/application/o/<slug>/.well-known/openid-configuration"
"server_url": "https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration"
}
}
],

4
website/integrations/services/pgadmin/index.md
View File

@ -68,7 +68,7 @@ To configure OAuth in pgAdmin, you can either use the `config_local.py` file or
'OAUTH2_AUTHORIZATION_URL': 'https://authentik.company/application/o/authorize/',
'OAUTH2_API_BASE_URL': 'https://authentik.company/',
'OAUTH2_USERINFO_ENDPOINT': 'https://authentik.company/application/o/userinfo/',
'OAUTH2_SERVER_METADATA_URL': 'https://authentik.company/application/o/<App Slug>/.well-known/openid-configuration',
'OAUTH2_SERVER_METADATA_URL': 'https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration',
'OAUTH2_SCOPE': 'openid email profile',
'OAUTH2_ICON': '<Fontawesome icon key (e.g., fa-key)>',
'OAUTH2_BUTTON_COLOR': '<Hexadecimal color code for the login button>'
@ -90,7 +90,7 @@ For deployments using Docker or Kubernetes, you can configure OAuth using the fo
```bash
PGADMIN_CONFIG_AUTHENTICATION_SOURCES="['oauth2', 'internal']"
PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER=True
PGADMIN_CONFIG_OAUTH2_CONFIG="[{'OAUTH2_NAME':'authentik','OAUTH2_DISPLAY_NAME':'Login with authentik','OAUTH2_CLIENT_ID':'<Client ID from authentik>','OAUTH2_CLIENT_SECRET':'<Client secret from authentik>','OAUTH2_TOKEN_URL':'https://authentik.company/application/o/token/','OAUTH2_AUTHORIZATION_URL':'https://authentik.company/application/o/authorize/','OAUTH2_API_BASE_URL':'https://authentik.company/','OAUTH2_USERINFO_ENDPOINT':'https://authentik.company/application/o/userinfo/','OAUTH2_SERVER_METADATA_URL':'https://authentik.company/application/o/<App Slug>/.well-known/openid-configuration','OAUTH2_SCOPE':'openid email profile','OAUTH2_ICON':'<Fontawesome icon key (e.g., fa-key)>','OAUTH2_BUTTON_COLOR':'<Hexadecimal color code for the login button>'}]"
PGADMIN_CONFIG_OAUTH2_CONFIG="[{'OAUTH2_NAME':'authentik','OAUTH2_DISPLAY_NAME':'Login with authentik','OAUTH2_CLIENT_ID':'<Client ID from authentik>','OAUTH2_CLIENT_SECRET':'<Client secret from authentik>','OAUTH2_TOKEN_URL':'https://authentik.company/application/o/token/','OAUTH2_AUTHORIZATION_URL':'https://authentik.company/application/o/authorize/','OAUTH2_API_BASE_URL':'https://authentik.company/','OAUTH2_USERINFO_ENDPOINT':'https://authentik.company/application/o/userinfo/','OAUTH2_SERVER_METADATA_URL':'https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration','OAUTH2_SCOPE':'openid email profile','OAUTH2_ICON':'<Fontawesome icon key (e.g., fa-key)>','OAUTH2_BUTTON_COLOR':'<Hexadecimal color code for the login button>'}]"
```
### General Notes

4
website/integrations/services/powerdns-admin/index.md
View File

@ -41,9 +41,9 @@ Set the following values:
```env
SAML_ENABLED=True
SAML_PATH=os.path.join(os.path.dirname(file), 'saml')
SAML_METADATA_URL=https://authentik.company/application/saml/<application-slug>/metadata/
SAML_METADATA_URL=https://authentik.company/application/saml/<application_slug>/metadata/
SAML_METADATA_CACHE_LIFETIME=1
SAML_LOGOUT_URL=https://authentik.company/application/saml/<application-slug>/slo/binding/redirect/
SAML_LOGOUT_URL=https://authentik.company/application/saml/<application_slug>/slo/binding/redirect/
SAML_SP_ENTITY_ID=pdns-admin
SAML_SP_CONTACT_NAME=me
SAML_SP_CONTACT_MAIL=me

2
website/integrations/services/push-security/index.mdx
View File

@ -91,7 +91,7 @@ Push Security requires separate first and last names for each user, but authenti
3. Click **Get Started**, select **Custom SAML**, and click **Next**.
4. Copy both the **Single Sign-On URL** and the **Service Provider Entity URL**. Youll need these values in the next section.
5. Click **Next**.
6. Choose **Manual**, and enter the following as the **Single Sign-On Login URL**: `https://authentik.company/application/saml/<application-slug>/sso/binding/post/`
6. Choose **Manual**, and enter the following as the **Single Sign-On Login URL**: `https://authentik.company/application/saml/<application_slug>/sso/binding/post/`
7. Click **Upload signing certificate**, and upload the certificate downloaded from authentik.
8. _(Optional but recommended)_ Under **Advanced Settings**, enable **Sign request**. Then download the verification certificate. Youll need to import this into authentik. Refer to the [authentik certificate documentation](../../../docs/sys-mgmt/certificates#external-certificates) for guidance.
9. Click **Next**.

4
website/integrations/services/rustdesk-pro/index.mdx
View File

@ -54,11 +54,11 @@ To support the integration of Rustdesk Server Pro with authentik, you need to cr
- Set **Name** to `authentik`
- Set **Client ID** to the Client ID copied from authentik.
- Set **Client secret** to the Client Secret copied from authentik.
- Set **Issuer** to `https://authentik.company/application/o/slug/`
- Set **Issuer** to `https://authentik.company/application/o/<application_slug>/`
- Set **Authorization Endpoint** to `https://authentik.company/application/o/authorize/`
- Set **Token Endpoint** to `https://authentik.company/application/o/token/`
- Set **Userinfo Endpoint** to `https://authentik.company/application/o/userinfo/`
- Set **JWKS Endpoint** to `https://authentik.company/application/o/slug/jwks/`
- Set **JWKS Endpoint** to `https://authentik.company/application/o/<application_slug>/jwks/`
:::info
Users are created automatically on login. Permissions must be assigned by an administrator after user creation.

2
website/integrations/services/semaphore/index.mdx
View File

@ -53,7 +53,7 @@ Add the `oidc_providers` configuration:
"oidc_providers": {
"authentik": {
"display_name": "Sign in with authentik",
"provider_url": "https://authentik.company/application/o/<slug>/",
"provider_url": "https://authentik.company/application/o/<application_slug>/",
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"redirect_url": "https://semaphore.company/api/auth/oidc/authentik/redirect/",

2
website/integrations/services/semgrep/index.md
View File

@ -55,7 +55,7 @@ This documentation lists only the settings that you need to change from their de
5. Fill in the following:
- **Display name**: Anything you like.
- **Email domain**: `company`
- **IdP SSO URL**: `https://authentik.company/application/saml/<semgrep slug>/sso/binding/post/`
- **IdP SSO URL**: `https://authentik.company/application/saml/<application_slug>/sso/binding/post/`
- **IdP Issuer ID**: `https://authentik.company`
- **Upload/paste certificate**: Downloaded from the previous step.

8
website/integrations/services/skyhigh/index.md
View File

@ -31,11 +31,11 @@ This documentation lists only the settings that you need to change from their de
While logged in to your Skyhigh Security Dashboard, click the configuration gear and navigate to `User Management` -> `SAML Configuration` -> `Skyhigh Cloud Users` tab
Under the `Identity Provider` section enter the following values (replace `<slug>` with the name of the application slug you will use):
Under the `Identity Provider` section enter the following values:
- Issuer: `https://authentik.company/skyhigh-dashboard`
- Certificate: Upload the signing certificate you will use for the Authentik provider
- Login URL: `https://authentik.company/application/saml/<slug>/sso/binding/init/`
- Login URL: `https://authentik.company/application/saml/<application_slug>/sso/binding/init/`
- SP-Initiated Request Binding: HTTP-POST
- User exclusions: Select at least one administrator account to login directly (in case something goes wrong with SAML)
@ -78,11 +78,11 @@ While logged in to your Skyhigh Security Dashboard, click the configuration gear
Under the `Setup SAML` section click the `New SAML` button.
Configure your SAML provider as follows (replace `<slug>` with the name of your slug):
Configure your SAML provider as follows:
- SAML Configuration Name: Enter a descriptive name here
- Service Provider Entity ID: `https://login.auth.ui.trellix.com/sso/saml2`
- SAML Identity Provider URL: `https://authentik.company/application/saml/<slug>/sso/binding/post/`
- SAML Identity Provider URL: `https://authentik.company/application/saml/<application_slug>/sso/binding/post/`
- Identity Provider Entity ID: `https://authentik.company/skyhigh-swg`
- User ID Attribute in SAML Response: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`
- Group ID Attribute in SAML Response: `http://schemas.xmlsoap.org/claims/Group`

2
website/integrations/services/tandoor/index.md
View File

@ -46,7 +46,7 @@ Add the following environment variables to your tandoor configuration. Make sure
```sh
SOCIAL_PROVIDERS=allauth.socialaccount.providers.openid_connect
SOCIALACCOUNT_PROVIDERS='{"openid_connect":{"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"<Client ID from authentik>","secret":"<Client Secret from authentik>","settings":{"server_url":"https://authentik.company/application/o/<application slug>/.well-known/openid-configuration"}}]}}'
SOCIALACCOUNT_PROVIDERS='{"openid_connect":{"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"<Client ID from authentik>","secret":"<Client Secret from authentik>","settings":{"server_url":"https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration"}}]}}'
```
Restart the Tandoor service for the changes to take effect.

2
website/integrations/services/terrakube/index.md
View File

@ -56,7 +56,7 @@ This guide assumes that you have environment variables `$TERRAKUBE_OIDC_CLIENT_I
id: TerrakubeClient
name: TerrakubeClient
config:
issuer: "https://authentik.company/application/o/<Your application slug>/"
issuer: "https://authentik.company/application/o/<application_slug>/"
clientID: $TERRAKUBE_OIDC_CLIENT_ID
clientSecret: $TERRAKUBE_OIDC_CLIENT_SECRET
redirectURI: "https://terrakube-dex.company/dex/callback"

2
website/integrations/services/ubuntu-landscape/index.md
View File

@ -51,7 +51,7 @@ To support the integration of Landscape with authentik, you need to create an ap
On the Landscape Server, edit the file `/etc/landscape/service.conf` and add the following snippet under the `[landscape]` section:
```
oidc-issuer = https://authentik.company/application/o/<slug of the application you've created>/
oidc-issuer = https://authentik.company/application/o/<application_slug>/
oidc-client-id = <client ID of the provider you've created>
oidc-client-secret = <client Secret of the provider you've created>
```

6
website/integrations/services/weblate/index.md
View File

@ -73,7 +73,7 @@ To support the integration of Weblate with authentik, you need to create an appl
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Set the **ACS URL** to `https://weblate.company/accounts/complete/saml/`.
- Set the **Audience** to `https://weblate.company/accounts/metadata/saml/`.
- Set the **Issuer** to `https://authentik.company/application/saml/application-slug/sso/binding/redirect/`.
- Set the **Issuer** to `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`.
- Set the **Service Provider Binding** to `Post`.
- Under **Advanced protocol settings**, select an available signing certificate. Then, under **Property mappings**, add the ones you just created.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
@ -90,8 +90,8 @@ The variables below need to be set, depending on if you deploy in a container or
Variables to set
- ENABLE_HTTPS: `1`
- SAML_IDP_ENTITY_ID: `https://authentik.company/application/saml/weblate-slug/sso/binding/redirect/`
- SAML_IDP_URL: `https://authentik.company/application/saml/weblate-slug/sso/binding/redirect/`
- SAML_IDP_ENTITY_ID: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
- SAML_IDP_URL: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
- SAML_IDP_X509CERT: `MIIFDjCCAvagAwIBAgIRAJV8hH0wGkhGvbhhDKppWIYwDQYJKoZIhvcNAQELBQAw....F9lT9hHwHhsnA=`
The `SAML_IDP_X509CERT` is the certificate in the SAML Metadata `X509Certificate` key.

2
website/integrations/services/youtrack/index.md
View File

@ -54,7 +54,7 @@ To support the integration of YouTrack with authentik, you need to create an app
2. Click **New module**, then select **SAML 2.0**.
3. Fill out the form with the following information:
- **Name**: Set an appropriate name (e.g. `authentik`)
- **SAML SSO URL**: `https://authentik.company/application/saml/<application slug>/sso/binding/redirect/`
- **SAML SSO URL**: `https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/`
- **IdP entity ID**: `https://youtrack.company/admin/hub/`
- **Certificate fingerprint**: Set to the SHA-256 fingerprint retrieved in the previous step.
4. Click **Create** to submit the form and take note of the **ACS URL**.

2
website/integrations/services/zulip/index.md
View File

@ -65,7 +65,7 @@ SOCIAL_AUTH_SAML_ENABLED_IDPS: Dict[str, Any] = {
# KEEP OTHER SETTINGS AS DEFAULT OR CONFIGURE THEM ACCORDING TO YOUR PREFERENCES
"entity_id": "https://authentik.company",
"url": "https://authentik.company/application/saml/<application slug>/sso/binding/redirect/",
"url": "https://authentik.company/application/saml/<application_slug>/sso/binding/redirect/",
"display_name": "authentik SAML",
},
}