From 88d3b7f5a4e4bb8e35d3af6c0bafae7d18b22dbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcelo=20Elizeche=20Land=C3=B3?= Date: Mon, 24 Feb 2025 14:41:08 -0300 Subject: [PATCH] website/docs: Add Passkeys reference where WebAuthn is mentioned (#13167) * Add Passkeys reference in several parts where WebAuthn is mentioned for better docs UX and SEO) * Add version badge to Webauthn / passkeys authenticator * fix linting issues * Better wording to differenciate concepts * Revert to css class for version badge because the ak-version tag don't support versions=<2023 --- .../docs/add-secure-apps/flows-stages/flow/context/index.mdx | 2 +- .../flows-stages/stages/authenticator_validate/index.mdx | 2 +- .../flows-stages/stages/authenticator_webauthn/index.mdx | 4 +++- website/docs/add-secure-apps/providers/ldap/generic_setup.md | 2 +- website/docs/customize/policies/expression.mdx | 2 +- website/docs/developer-docs/index.md | 2 +- 6 files changed, 8 insertions(+), 6 deletions(-) diff --git a/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx b/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx index 74a5bec96a..af5856036d 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx +++ b/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx @@ -154,7 +154,7 @@ Possible options: - `token` (Authenticated via API token) - `ldap` (Authenticated via LDAP bind from an LDAP source) - `auth_mfa` (Authentication via MFA device without password) -- `auth_webauthn_pwl` (Passwordless authentication via WebAuthn) +- `auth_webauthn_pwl` (Passwordless authentication via WebAuthn with Passkeys) - `jwt` ([M2M](../../../providers/oauth2/client_credentials.mdx) authentication via an existing JWT) ##### `auth_method_args` (dictionary) diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx b/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx index 5b595c4887..1be1737cd7 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx @@ -34,7 +34,7 @@ You can configure this stage to only ask for MFA validation if the user hasn't a Firefox has some known issues regarding TouchID (see https://bugzilla.mozilla.org/show_bug.cgi?id=1536482) ::: -Passwordless authentication currently only supports WebAuthn devices, like security keys and biometrics. For an alternate passwordless setup, see [Password stage](../password/index.md#passwordless-login), which supports other types. +Passwordless authentication currently only supports WebAuthn devices, which provides for the use of passkeys, security keys and biometrics. For an alternate passwordless setup, see [Password stage](../password/index.md#passwordless-login), which supports other types. To configure passwordless authentication, create a new Flow with the designation set to _Authentication_. diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx b/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx index 8b2da6dbec..8e1c6cb682 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx @@ -1,7 +1,9 @@ --- -title: WebAuthn Authenticator Setup stage +title: WebAuthn / Passkeys Authenticator setup stage --- +authentik 2021.3.1+ + This stage configures a WebAuthn-based Authenticator. This can either be a browser, biometrics or a Security stick like a YubiKey. ### Options diff --git a/website/docs/add-secure-apps/providers/ldap/generic_setup.md b/website/docs/add-secure-apps/providers/ldap/generic_setup.md index 571a5bc1a4..a065882eb0 100644 --- a/website/docs/add-secure-apps/providers/ldap/generic_setup.md +++ b/website/docs/add-secure-apps/providers/ldap/generic_setup.md @@ -9,7 +9,7 @@ title: Create an LDAP provider Note the DN of this user will be `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io` :::info -Note: The `default-authentication-flow` validates MFA by default, and currently everything but SMS-based devices and WebAuthn devices are supported by LDAP. If you plan to use only dedicated service accounts to bind to LDAP, or don't use SMS-based authenticators, then you can use the default flow and skip the extra steps below and continue at [Create LDAP Application & Provider](#create-ldap-application--provider) +Note: The `default-authentication-flow` validates MFA by default, and currently everything but SMS-based devices and WebAuthn (which enables passkey-based authentication) devices are supported by LDAP. If you plan to use only dedicated service accounts to bind to LDAP, or don't use SMS-based authenticators, then you can use the default flow and skip the extra steps below and continue at [Create LDAP Application & Provider](#create-ldap-application--provider) ::: ### LDAP Flow diff --git a/website/docs/customize/policies/expression.mdx b/website/docs/customize/policies/expression.mdx index 756ae1f203..47409da2c3 100644 --- a/website/docs/customize/policies/expression.mdx +++ b/website/docs/customize/policies/expression.mdx @@ -145,7 +145,7 @@ This includes the following: } ``` - - `auth_webauthn_pwl`: Password-less WebAuthn login + - `auth_webauthn_pwl`: Password-less WebAuthn with Passkeys login - `jwt`: OAuth Machine-to-machine login via external JWT - `app_password`: App password (token) diff --git a/website/docs/developer-docs/index.md b/website/docs/developer-docs/index.md index 6164dcf990..8f66cfa738 100644 --- a/website/docs/developer-docs/index.md +++ b/website/docs/developer-docs/index.md @@ -73,7 +73,7 @@ authentik │   ├── authenticator_static - Configure TOTP backup keys │   ├── authenticator_totp - Configure a TOTP authenticator │   ├── authenticator_validate - Validate any authenticator -│   ├── authenticator_webauthn - Configure a WebAuthn authenticator +│   ├── authenticator_webauthn - Configure a WebAuthn / Passkeys authenticator │   ├── captcha - Make the user pass a captcha │   ├── consent - Let the user decide if they want to consent to an action │   ├── deny - Static deny, can be used with policies