website/integrations: nextcloud: connect to existing user (#9155)

* doc: integration: nextcloud: connect to existing user Add instruction on how to link an existing Nextcloud user to the authentik user. Signed-off-by: Pierrick Guillaume <34305318+Fymyte@users.noreply.github.com> * Apply suggested changes Signed-off-by: Pierrick Guillaume <pierguill@gmail.com> * Fix missing letter Signed-off-by: Pierrick Guillaume <pierguill@gmail.com> * Run prettier * Remove tip * fix federated cloud id tip and indentation --------- Signed-off-by: Pierrick Guillaume <34305318+Fymyte@users.noreply.github.com> Signed-off-by: Pierrick Guillaume <pierguill@gmail.com> Co-authored-by: Pierrick Guillaume <pguillaume@sequans.com>
2024-05-02 14:23:07 +02:00
parent d2b8bd3635
commit 79af8b8638
1 changed files with 15 additions and 5 deletions
--- a/website/integrations/services/nextcloud/index.md
+++ b/website/integrations/services/nextcloud/index.md
@ -51,7 +51,7 @@ authentik already provides some default _scopes_ with _claims_ inside them, such

 ##### Custom profile scope

-If you do not need storage quota or group information in Nextcloud [skip to the next step](#provider-and-application).
+If you do not need storage quota, group information, or to manage already existing users in Nextcloud [skip to the next step](#provider-and-application).

 However, if you want to be able to control how much storage users in Nextcloud can use, as well as which users are recognized as Nextcloud administrators, you would need to make this information available in Nextcloud. To achieve this you would need to create a custom `profile` scope. To do so, go to _Customization_ -> _Property mappings_. Create a _Scope mapping_ with the following parameters:

@ -74,7 +74,10 @@ return {
    "name": request.user.name,
    "groups": groups,
    # To set a quota set the "nextcloud_quota" property in the user's attributes
-    "quota": user.group_attributes().get("nextcloud_quota", None)
+    "quota": user.group_attributes().get("nextcloud_quota", None),
+    # To connect an already existing user, set the "nextcloud_user_id" property in the
+    # user's attributes to the username of the corresponding user on Nextcloud.
+    "user_id": user.attributes.get("nextcloud_user_id", user.uuid),
 }
 ```

@ -84,6 +87,13 @@ To set a quota set the "nextcloud_quota" property in the user's attributes. This
 If set to a value, for example `1 GB`, user(s) will have 1GB storage quota. If the attribute is not set, user(s) will have unlimited storage.
 :::

+:::note
+To connect to an already existing Nextcloud user, set the "nextcloud_user_id" property in the user's attributes. This must be set for each individual user.
+
+The value of `nextcloud_user_id` must match the field `username` of the user on the Nextcloud instance. On Nextcloud, go to _Users_ to see the username of the user you are trying to connect to (Under user's `Display name`).
+If set to a value, for example `goauthentik`, it will try to connect to the `goauthentik` user on the Nextcloud instance. Otherwise, the user's UUID will be used.
+:::
+
 ##### Provider and Application

 Create a provider for Nextcloud. In the Admin Interface, go to _Applications_ -> _Providers_. Create an _OAuth2/OpenID Provider_ with the following parameters:
@ -129,7 +139,7 @@ Add a new provider using the `+` button and set the following values:
    :::
 -   Scope: `email`, `profile` (you can safely omit `openid` if you prefer)
 -   Attribute mappings:
-    -   User ID mapping: sub
+    -   User ID mapping: sub (or `user_id` if you need to connect to an already existing Nextcloud user)
    -   Display name mapping: name
    -   Email mapping: email
    -   Quota mapping: quota (leave empty if you have skipped the [custom profile scope](#custom-profile-scope) section)
@ -137,9 +147,9 @@ Add a new provider using the `+` button and set the following values:
        :::tip
        You need to enable the "Use group provisioning" checkmark to be able to write to this field
        :::
-   Use unique user ID: If you only have one provider you can uncheck this if you prefer.
+-   Use unique user ID: If you only have one provider you can deselect this if you prefer. This will affect your Federated Cloud ID, which you can check under _Personal settings_ -> _Sharing_ -> _Federated Cloud_. If the box is selected, nextcloud will pick a hashed value here (`437218904321784903214789023@nextcloud.instance` for example). Otherwise, it will use the mapped user ID (`<authentik's sub or user_id>@nextcloud.instance`).
    :::tip
-    To avoid your group assignment being a hash value, deselect **Use unique user ID**.
+    To avoid your federated cloud id being a hash value, deselect **Use unique user ID** and use `user_id` in the **User ID mapping** field.
    :::

 At this stage you should be able to login with SSO.