From 9a89a5f94bc2199474592e5583e08a5e8d24ef74 Mon Sep 17 00:00:00 2001 From: Tana M Berry Date: Tue, 8 Oct 2024 14:07:19 -0500 Subject: [PATCH] website: latest migration to new structure (#11522) * first pass * dependency shenanigans * move blueprints * few broken links * change config the throw errors * internal file edits * fighting links * remove sidebarDev * fix subdomain Signed-off-by: Jens Langhammer * fix relative URL Signed-off-by: Jens Langhammer * fix mismatched package versions Signed-off-by: Jens Langhammer * fix api reference build Signed-off-by: Jens Langhammer * test tweak * links hell * more links hell * links hell2 * yep last of the links * last broken link fixed * re-add cves Signed-off-by: Jens Langhammer * add devdocs redirects * add dir * tweak netlify.toml * move latest 2 CVES into dir * fix links to moved cves * typoed title fix * fix link * remove banner * remove committed api docs Signed-off-by: Marc 'risson' Schmitt * integrations: remove version dropdown Signed-off-by: Marc 'risson' Schmitt * Update Makefile Signed-off-by: Marc 'risson' Schmitt * change doc links in web as well Signed-off-by: Marc 'risson' Schmitt * fix some more docs paths Signed-off-by: Marc 'risson' Schmitt * fix more docs paths Signed-off-by: Marc 'risson' Schmitt * ci: require ci-web.build for merging Signed-off-by: Marc 'risson' Schmitt * Revert "ci: require ci-web.build for merging" This reverts commit b99a4842a9556c5553ac2a5658eeb2bc10b7b937. * remove sluf for Application * put slug back in * minor fix to trigger deploy --------- Signed-off-by: Jens Langhammer Signed-off-by: Marc 'risson' Schmitt Co-authored-by: Tana M Berry Co-authored-by: Jens Langhammer Co-authored-by: Marc 'risson' Schmitt --- .github/pull_request_template.md | 2 +- Makefile | 3 +- README.md | 2 +- authentik/blueprints/v1/importer.py | 2 +- authentik/lib/default.yml | 2 +- authentik/outposts/models.py | 2 +- authentik/stages/prompt/models.py | 2 +- scripts/api-ts-templates/README.mustache | 2 +- .../admin/applications/ApplicationListPage.ts | 2 +- web/src/admin/blueprints/BlueprintForm.ts | 2 +- .../admin/outposts/OutpostDeploymentModal.ts | 4 +- web/src/admin/outposts/OutpostForm.ts | 4 +- .../expression/ExpressionPolicyForm.ts | 4 +- .../BasePropertyMappingForm.ts | 2 +- .../PropertyMappingProviderRACForm.ts | 2 +- .../PropertyMappingSourceLDAPForm.ts | 2 +- .../PropertyMappingSourceOAuthForm.ts | 2 +- .../PropertyMappingSourcePlexForm.ts | 2 +- .../PropertyMappingSourceSAMLForm.ts | 2 +- .../PropertyMappingSourceSCIMForm.ts | 2 +- .../oauth2/OAuth2ProviderViewPage.ts | 2 +- .../providers/proxy/ProxyProviderViewPage.ts | 18 +- .../providers/scim/SCIMProviderViewPage.ts | 2 +- website/.gitignore | 2 +- .../applications/index.md | 4 +- .../applications/manage_apps.md | 0 .../flows-stages}/flow/context/index.md | 24 +- .../flows-stages}/flow/create-flow.png | Bin .../flows-stages}/flow/examples/flows.md | 0 .../flows-stages}/flow/examples/snippets.md | 0 .../flows-stages}/flow/executors/headless.md | 6 +- .../flows-stages}/flow/executors/if-flow.md | 2 +- .../flows-stages}/flow/executors/sfe.md | 6 +- .../flow/executors/user-settings.md | 2 +- .../flows-stages}/flow/flow-inspector.png | Bin .../flows-stages}/flow/index.md | 22 +- .../flows-stages}/flow/inspector.md | 6 +- .../flows-stages}/flow/layouts.md | 0 .../flow/layouts/content_left.png | Bin .../flow/layouts/content_right.png | Bin .../flow/layouts/sidebar_left.png | Bin .../flow/layouts/sidebar_right.png | Bin .../flows-stages}/flow/layouts/stacked.png | Bin .../flows-stages}/flow/simple_stages.png | Bin .../stages/authenticator_duo/index.md | 0 .../stages/authenticator_sms/index.md | 2 +- .../stages/authenticator_static/index.md | 0 .../stages/authenticator_totp/index.md | 0 .../stages/authenticator_validate/index.md | 10 +- .../stages/authenticator_webauthn/index.md | 0 .../stages/captcha/captcha-admin.png | Bin .../flows-stages}/stages/captcha/index.md | 2 +- .../flows-stages}/stages/deny.md | 0 .../stages/email/custom_template.png | Bin .../stages/email/email_recovery.png | Bin .../flows-stages}/stages/email/index.mdx | 4 +- .../stages/identification/index.md | 4 +- .../flows-stages}/stages/index.md | 4 +- .../flows-stages}/stages/invitation/index.md | 2 +- .../flows-stages}/stages/password/index.md | 0 .../flows-stages}/stages/prompt/index.md | 4 +- .../flows-stages}/stages/source/index.md | 8 +- .../flows-stages}/stages/user_delete.md | 0 .../flows-stages}/stages/user_login/index.md | 2 +- .../stages/user_login/stay_signed_in.png | Bin .../flows-stages/stages/user_logout.md | 5 + .../flows-stages}/stages/user_write.md | 0 .../{ => add-secure-apps}/outposts/_config.md | 0 .../outposts/embedded/embedded.mdx | 0 .../{ => add-secure-apps}/outposts/index.mdx | 2 +- .../outposts/integrations/docker.md | 2 +- .../outposts/integrations/kubernetes.md | 2 +- .../outposts/manual-deploy-docker-compose.md | 0 .../outposts/manual-deploy-kubernetes.md | 0 .../outposts/outpost-create.png | Bin .../outposts/upgrading.md | 0 .../outposts/upgrading_outdated.png | Bin .../providers/entra/add-entra-provider.md | 0 .../providers/entra/index.md | 4 +- .../providers/entra/setup-entra.md | 4 +- .../providers/gws/add-gws-provider.md | 4 +- .../providers/gws/index.md | 4 +- .../providers/gws/setup-gws.md | 0 .../{ => add-secure-apps}/providers/index.mdx | 0 .../providers/ldap/general_setup1.png | Bin .../providers/ldap/general_setup10.png | Bin .../providers/ldap/general_setup11.png | Bin .../providers/ldap/general_setup12.png | Bin .../providers/ldap/general_setup13.png | Bin .../providers/ldap/general_setup14.png | Bin .../providers/ldap/general_setup15.png | Bin .../providers/ldap/general_setup16.png | Bin .../providers/ldap/general_setup2.png | Bin .../providers/ldap/general_setup3.png | Bin .../providers/ldap/general_setup4.png | Bin .../providers/ldap/general_setup5.png | Bin .../providers/ldap/general_setup6.png | Bin .../providers/ldap/general_setup7.png | Bin .../providers/ldap/general_setup8.png | Bin .../providers/ldap/general_setup9.png | Bin .../providers/ldap/generic_setup.md | 0 .../providers/ldap/index.md | 18 +- .../providers/oauth2/client_credentials.md | 2 +- .../providers/oauth2/device_code.md | 0 .../providers/oauth2/index.md | 2 +- .../property-mappings/expression.mdx | 6 +- .../providers/property-mappings/index.md | 0 .../providers/proxy/__placeholders.md | 0 .../providers/proxy/_caddy_standalone.md | 0 .../providers/proxy/_envoy_istio.md | 0 .../providers/proxy/_nginx_ingress.md | 0 .../providers/proxy/_nginx_proxy_manager.md | 0 .../providers/proxy/_nginx_standalone.md | 0 .../providers/proxy/_traefik_compose.md | 0 .../providers/proxy/_traefik_ingress.md | 0 .../providers/proxy/_traefik_standalone.md | 0 .../providers/proxy/custom_headers.md | 0 .../providers/proxy/forward_auth.mdx | 0 .../providers/proxy/header_authentication.md | 0 .../providers/proxy/index.md | 0 .../providers/proxy/server_caddy.mdx | 0 .../providers/proxy/server_envoy.mdx | 0 .../providers/proxy/server_nginx.mdx | 0 .../providers/proxy/server_traefik.mdx | 0 .../providers/rac/how-to-rac.md | 2 +- .../providers/rac/index.md | 4 +- .../providers/rac/rac-v3.png | Bin .../providers/radius/index.mdx | 14 +- .../providers/saml/index.md | 2 +- .../providers/scim/index.md | 0 website/docs/core/architecture.md | 6 +- website/docs/core/terminology.md | 8 +- .../customize}/blueprints/export.md | 0 .../customize}/blueprints/index.md | 0 .../customize}/blueprints/v1/example.md | 0 .../customize}/blueprints/v1/meta.md | 0 .../customize}/blueprints/v1/models.md | 0 .../customize}/blueprints/v1/structure.md | 0 .../customize}/blueprints/v1/tags.md | 0 website/docs/{core => customize}/brands.md | 0 .../interfaces/_global/customcss.mdx | 0 .../interfaces/_global/global.mdx | 0 .../interfaces/admin/customization.mdx | 0 .../interfaces/flow/customization.mdx | 0 .../interfaces/user/customization.mdx | 0 .../{ => customize}/policies/expression.mdx | 12 +- .../docs/{ => customize}/policies/index.md | 6 +- .../working_with_policies/unique_email.md | 2 +- .../working_with_policies/whitelist_email.md | 0 .../working_with_policies.md | 4 +- website/{ => docs}/developer-docs/api/api.md | 0 .../{ => docs}/developer-docs/api/clients.md | 0 .../developer-docs/api/flow-executor.md | 2 +- .../api/making-schema-changes.md | 0 .../developer-docs/api/websocket.md | 0 .../developer-docs/docs/style-guide.mdx | 0 .../developer-docs/docs/templates/combo.md | 0 .../docs/templates/combo.tmpl.md | 0 .../docs/templates/conceptual.md | 0 .../docs/templates/conceptual.tmpl.md | 0 .../developer-docs/docs/templates/index.md | 0 .../docs/templates/procedural.md | 0 .../docs/templates/procedural.tmpl.md | 0 .../docs/templates/reference.md | 0 .../docs/templates/reference.tmpl.md | 0 .../docs/writing-documentation.md | 0 ...ntal-brandon-frie-rdHeGGn7rwQ-unsplash.jpg | Bin .../developer-docs/hackathon/index.md | 2 +- website/{ => docs}/developer-docs/index.md | 7 +- .../developer-docs/releases/index.md | 0 .../setup/frontend-dev-environment.md | 6 +- .../setup/full-dev-environment.md | 0 .../setup/website-dev-environment.md | 0 .../{ => docs}/developer-docs/translation.md | 0 website/docs/enterprise/get-started.md | 8 +- website/docs/enterprise/manage-enterprise.md | 6 +- website/docs/expressions/_functions.md | 2 +- website/docs/expressions/_user.md | 2 +- website/docs/flow/stages/user_logout.md | 5 - website/docs/index.mdx | 9 +- .../air-gapped.mdx | 4 +- .../automated-install.md | 0 .../{installation => install-config}/beta.mdx | 0 .../configuration}/configuration.mdx | 0 .../dashboard.png | Bin .../docs/{core => install-config}/geoip.mdx | 2 +- .../index.mdx | 2 +- .../install}/docker-compose.mdx | 8 +- .../install}/kubernetes.md | 2 +- .../reverse-proxy.md | 0 .../storage-s3.md | 2 +- .../upgrade.mdx | 0 .../version1.png | Bin website/docs/releases/2021/v2021.1.md | 6 +- website/docs/releases/2021/v2021.5.md | 2 +- website/docs/releases/2022/v2022.1.md | 2 +- website/docs/releases/2022/v2022.10.md | 8 +- website/docs/releases/2022/v2022.11.md | 6 +- website/docs/releases/2022/v2022.12.md | 4 +- website/docs/releases/2022/v2022.3.md | 2 +- website/docs/releases/2022/v2022.5.md | 6 +- website/docs/releases/2022/v2022.8.md | 4 +- website/docs/releases/2022/v2022.9.md | 4 +- website/docs/releases/2023/v2023.1.md | 4 +- website/docs/releases/2023/v2023.10.md | 10 +- website/docs/releases/2023/v2023.2.md | 4 +- website/docs/releases/2023/v2023.3.md | 6 +- website/docs/releases/2023/v2023.4.md | 12 +- website/docs/releases/2023/v2023.5.md | 8 +- website/docs/releases/2023/v2023.6.md | 4 +- website/docs/releases/2023/v2023.8.md | 8 +- website/docs/releases/2024/v2024.2.md | 14 +- website/docs/releases/2024/v2024.4.md | 14 +- website/docs/releases/2024/v2024.6.md | 22 +- website/docs/releases/2024/v2024.8.md | 16 +- website/docs/releases/_template.md | 2 +- website/docs/releases/old/v0.10.md | 6 +- .../{ => audits-and-certs}/2023-06-cure53.md | 2 +- .../security/{ => cves}/CVE-2022-23555.md | 0 .../security/{ => cves}/CVE-2022-46145.md | 0 .../security/{ => cves}/CVE-2022-46172.md | 0 .../security/{ => cves}/CVE-2023-26481.md | 0 .../security/{ => cves}/CVE-2023-36456.md | 0 .../security/{ => cves}/CVE-2023-39522.md | 0 .../security/{ => cves}/CVE-2023-48228.md | 0 .../security/{ => cves}/CVE-2024-21637.md | 0 .../security/{ => cves}/CVE-2024-23647.md | 0 .../security/{ => cves}/CVE-2024-37905.md | 0 .../security/{ => cves}/CVE-2024-38371.md | 0 .../security/{ => cves}/CVE-2024-42490.md | 0 .../security/{ => cves}/CVE-2024-47070.md | 0 .../security/{ => cves}/CVE-2024-47077.md | 0 .../{ => cves}/GHSA-rjvp-29xq-f62w.md | 0 website/docs/security/security-hardening.md | 2 +- .../active-directory/03_additional_perms.png | Bin 55911 -> 0 bytes .../docs/{core => sys-mgmt}/certificates.md | 0 .../{ => sys-mgmt}/events/event_matcher.png | Bin website/docs/{ => sys-mgmt}/events/index.md | 0 .../{ => sys-mgmt}/events/notifications.md | 2 +- .../docs/{ => sys-mgmt}/events/transports.md | 2 +- .../ops}/monitoring.md | 2 +- website/docs/{core => sys-mgmt}/settings.md | 4 +- .../docs/{advanced => sys-mgmt}/tenancy.md | 10 +- .../access-control/flow-page.png | Bin .../access-control/index.mdx | 2 +- .../access-control/manage_permissions.md | 2 +- .../access-control/permissions.md | 10 +- .../access-control/user-page.png | Bin .../groups/group_ref.md | 0 .../groups/index.mdx | 0 .../groups/manage_groups.md | 2 +- .../roles/index.md} | 4 +- .../roles/manage_roles.md | 0 .../active-directory/01_user_create.png | Bin .../active-directory/02_delegate.png | Bin .../active-directory/03_additional_perms.png} | Bin .../active-directory/11_ak_stage.png | Bin .../directory-sync}/active-directory/index.md | 2 +- .../directory-sync/freeipa/01_user_create.pn} | Bin .../directory-sync}/freeipa/02_user_roles.png | Bin .../freeipa/03_add_user_role.png | Bin .../freeipa/04_source_settings_1.png | Bin .../freeipa/05_source_settings_2.png | Bin .../freeipa/06_sync_source.png | Bin .../freeipa/07_password_stage.png | Bin .../sources/directory-sync}/freeipa/index.md | 2 +- .../docs/{ => users-sources}/sources/index.md | 3 +- .../sources/property-mappings/expressions.md | 4 +- .../sources/property-mappings/index.md | 10 +- .../sources/protocols}/ldap/index.md | 8 +- .../sources/protocols}/oauth/index.md | 4 +- .../sources/protocols}/saml/index.md | 2 +- .../sources/protocols}/scim/index.md | 2 +- .../sources/social-logins}/apple/app_id.png | Bin .../apple/app_service_config.png | Bin .../sources/social-logins}/apple/index.md | 10 +- .../sources/social-logins}/apple/key.png | Bin .../social-logins}/apple/service_id.png | Bin .../social-logins}/azure-ad/aad_01.png | Bin .../social-logins}/azure-ad/authentik_01.png | Bin .../sources/social-logins}/azure-ad/index.md | 6 +- .../social-logins}/discord/discord1.png | Bin .../social-logins}/discord/discord2.png | Bin .../social-logins}/discord/discord3.png | Bin .../social-logins}/discord/discord4.png | Bin .../sources/social-logins}/discord/index.md | 10 +- .../sources/social-logins}/facebook/index.md | 2 +- .../github/github_org_membership.png | Bin .../github/githubdeveloper1.png | Bin .../github/githubdeveloperexample.png | Bin .../social-logins}/github/githubexample2.png | Bin .../sources/social-logins}/github/index.md | 8 +- .../social-logins}/google/authentiksource.png | Bin .../google/googledeveloper1.png | Bin .../google/googledeveloper2.png | Bin .../google/googledeveloper3.png | Bin .../google/googledeveloper4.png | Bin .../google/googledeveloper5.png | Bin .../google/googledeveloper6.png | Bin .../sources/social-logins}/google/index.md | 18 +- .../sources/social-logins}/mailcow/index.md | 12 +- .../social-logins}/mailcow/mailcow1.png | Bin .../social-logins}/mailcow/mailcow2.png | Bin .../social-logins}/mailcow/mailcow3.png | Bin .../social-logins}/mailcow/mailcow4.png | Bin .../social-logins}/mailcow/mailcow5.png | Bin .../sources/social-logins}/plex/index.md | 4 +- .../sources/social-logins}/twitch/index.md | 12 +- .../sources/social-logins}/twitch/twitch1.png | Bin .../sources/social-logins}/twitch/twitch2.png | Bin .../sources/social-logins}/twitch/twitch3.png | Bin .../sources/social-logins}/twitch/twitch4.png | Bin .../sources/social-logins}/twitch/twitch5.png | Bin .../sources/social-logins}/twitter/index.md | 2 +- .../social-logins}/twitter/twitter1.png | Bin .../social-logins}/twitter/twitter2.png | Bin .../user/create_invite.png | Bin .../user/index.mdx | 0 .../user/invitations.md | 2 +- .../user/user_basic_operations.md | 14 +- .../user/user_ref.md | 2 +- website/docusaurus.config.ts | 30 +- website/integrations/index.mdx | 3 +- .../services/home-assistant/index.md | 2 +- website/integrations/services/minio/index.md | 2 +- .../integrations/services/nextcloud/index.md | 4 +- .../integrations/services/organizr/index.md | 4 +- .../integrations/services/proftpd/index.md | 4 +- .../integrations/services/qnap-nas/index.md | 4 +- website/integrations/services/sonarr/index.md | 2 +- website/integrations/services/sssd/index.md | 4 +- website/migratefile | 237 +++ website/netlify.toml | 1499 ++++++++++++++++- website/sidebars.js | 860 ++++++---- website/sidebarsDev.js | 106 -- website/sidebarsIntegrations.js | 8 - 336 files changed, 2624 insertions(+), 871 deletions(-) rename website/docs/{ => add-secure-apps}/applications/index.md (93%) rename website/docs/{ => add-secure-apps}/applications/manage_apps.md (100%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/context/index.md (77%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/create-flow.png (100%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/examples/flows.md (100%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/examples/snippets.md (100%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/executors/headless.md (51%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/executors/if-flow.md (55%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/executors/sfe.md (79%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/executors/user-settings.md (93%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/flow-inspector.png (100%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/index.md (75%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/inspector.md (92%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/layouts.md (100%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/layouts/content_left.png (100%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/layouts/content_right.png (100%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/layouts/sidebar_left.png (100%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/layouts/sidebar_right.png (100%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/layouts/stacked.png (100%) rename website/docs/{ => add-secure-apps/flows-stages}/flow/simple_stages.png (100%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/authenticator_duo/index.md (100%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/authenticator_sms/index.md (99%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/authenticator_static/index.md (100%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/authenticator_totp/index.md (100%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/authenticator_validate/index.md (91%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/authenticator_webauthn/index.md (100%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/captcha/captcha-admin.png (100%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/captcha/index.md (98%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/deny.md (100%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/email/custom_template.png (100%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/email/email_recovery.png (100%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/email/index.mdx (99%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/identification/index.md (83%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/index.md (91%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/invitation/index.md (88%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/password/index.md (100%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/prompt/index.md (97%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/source/index.md (65%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/user_delete.md (100%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/user_login/index.md (94%) rename website/docs/{flow => add-secure-apps/flows-stages}/stages/user_login/stay_signed_in.png (100%) create mode 100644 website/docs/add-secure-apps/flows-stages/stages/user_logout.md rename website/docs/{flow => add-secure-apps/flows-stages}/stages/user_write.md (100%) rename website/docs/{ => add-secure-apps}/outposts/_config.md (100%) rename website/docs/{ => add-secure-apps}/outposts/embedded/embedded.mdx (100%) rename website/docs/{ => add-secure-apps}/outposts/index.mdx (99%) rename website/docs/{ => add-secure-apps}/outposts/integrations/docker.md (97%) rename website/docs/{ => add-secure-apps}/outposts/integrations/kubernetes.md (95%) rename website/docs/{ => add-secure-apps}/outposts/manual-deploy-docker-compose.md (100%) rename website/docs/{ => add-secure-apps}/outposts/manual-deploy-kubernetes.md (100%) rename website/docs/{ => add-secure-apps}/outposts/outpost-create.png (100%) rename website/docs/{ => add-secure-apps}/outposts/upgrading.md (100%) rename website/docs/{ => add-secure-apps}/outposts/upgrading_outdated.png (100%) rename website/docs/{ => add-secure-apps}/providers/entra/add-entra-provider.md (100%) rename website/docs/{ => add-secure-apps}/providers/entra/index.md (95%) rename website/docs/{ => add-secure-apps}/providers/entra/setup-entra.md (94%) rename website/docs/{ => add-secure-apps}/providers/gws/add-gws-provider.md (89%) rename website/docs/{ => add-secure-apps}/providers/gws/index.md (97%) rename website/docs/{ => add-secure-apps}/providers/gws/setup-gws.md (100%) rename website/docs/{ => add-secure-apps}/providers/index.mdx (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup1.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup10.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup11.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup12.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup13.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup14.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup15.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup16.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup2.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup3.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup4.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup5.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup6.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup7.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup8.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/general_setup9.png (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/generic_setup.md (100%) rename website/docs/{ => add-secure-apps}/providers/ldap/index.md (88%) rename website/docs/{ => add-secure-apps}/providers/oauth2/client_credentials.md (98%) rename website/docs/{ => add-secure-apps}/providers/oauth2/device_code.md (100%) rename website/docs/{ => add-secure-apps}/providers/oauth2/index.md (98%) rename website/docs/{ => add-secure-apps}/providers/property-mappings/expression.mdx (79%) rename website/docs/{ => add-secure-apps}/providers/property-mappings/index.md (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/__placeholders.md (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/_caddy_standalone.md (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/_envoy_istio.md (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/_nginx_ingress.md (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/_nginx_proxy_manager.md (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/_nginx_standalone.md (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/_traefik_compose.md (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/_traefik_ingress.md (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/_traefik_standalone.md (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/custom_headers.md (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/forward_auth.mdx (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/header_authentication.md (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/index.md (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/server_caddy.mdx (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/server_envoy.mdx (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/server_nginx.mdx (100%) rename website/docs/{ => add-secure-apps}/providers/proxy/server_traefik.mdx (100%) rename website/docs/{ => add-secure-apps}/providers/rac/how-to-rac.md (99%) rename website/docs/{ => add-secure-apps}/providers/rac/index.md (91%) rename website/docs/{ => add-secure-apps}/providers/rac/rac-v3.png (100%) rename website/docs/{ => add-secure-apps}/providers/radius/index.mdx (89%) rename website/docs/{ => add-secure-apps}/providers/saml/index.md (93%) rename website/docs/{ => add-secure-apps}/providers/scim/index.md (100%) rename website/{developer-docs => docs/customize}/blueprints/export.md (100%) rename website/{developer-docs => docs/customize}/blueprints/index.md (100%) rename website/{developer-docs => docs/customize}/blueprints/v1/example.md (100%) rename website/{developer-docs => docs/customize}/blueprints/v1/meta.md (100%) rename website/{developer-docs => docs/customize}/blueprints/v1/models.md (100%) rename website/{developer-docs => docs/customize}/blueprints/v1/structure.md (100%) rename website/{developer-docs => docs/customize}/blueprints/v1/tags.md (100%) rename website/docs/{core => customize}/brands.md (100%) rename website/docs/{ => customize}/interfaces/_global/customcss.mdx (100%) rename website/docs/{ => customize}/interfaces/_global/global.mdx (100%) rename website/docs/{ => customize}/interfaces/admin/customization.mdx (100%) rename website/docs/{ => customize}/interfaces/flow/customization.mdx (100%) rename website/docs/{ => customize}/interfaces/user/customization.mdx (100%) rename website/docs/{ => customize}/policies/expression.mdx (94%) rename website/docs/{ => customize}/policies/index.md (94%) rename website/docs/{ => customize}/policies/working_with_policies/unique_email.md (76%) rename website/docs/{ => customize}/policies/working_with_policies/whitelist_email.md (100%) rename website/docs/{ => customize}/policies/working_with_policies/working_with_policies.md (92%) rename website/{ => docs}/developer-docs/api/api.md (100%) rename website/{ => docs}/developer-docs/api/clients.md (100%) rename website/{ => docs}/developer-docs/api/flow-executor.md (96%) rename website/{ => docs}/developer-docs/api/making-schema-changes.md (100%) rename website/{ => docs}/developer-docs/api/websocket.md (100%) rename website/{ => docs}/developer-docs/docs/style-guide.mdx (100%) rename website/{ => docs}/developer-docs/docs/templates/combo.md (100%) rename website/{ => docs}/developer-docs/docs/templates/combo.tmpl.md (100%) rename website/{ => docs}/developer-docs/docs/templates/conceptual.md (100%) rename website/{ => docs}/developer-docs/docs/templates/conceptual.tmpl.md (100%) rename website/{ => docs}/developer-docs/docs/templates/index.md (100%) rename website/{ => docs}/developer-docs/docs/templates/procedural.md (100%) rename website/{ => docs}/developer-docs/docs/templates/procedural.tmpl.md (100%) rename website/{ => docs}/developer-docs/docs/templates/reference.md (100%) rename website/{ => docs}/developer-docs/docs/templates/reference.tmpl.md (100%) rename website/{ => docs}/developer-docs/docs/writing-documentation.md (100%) rename website/{ => docs}/developer-docs/hackathon/horizontal-brandon-frie-rdHeGGn7rwQ-unsplash.jpg (100%) rename website/{ => docs}/developer-docs/hackathon/index.md (98%) rename website/{ => docs}/developer-docs/index.md (99%) rename website/{ => docs}/developer-docs/releases/index.md (100%) rename website/{ => docs}/developer-docs/setup/frontend-dev-environment.md (92%) rename website/{ => docs}/developer-docs/setup/full-dev-environment.md (100%) rename website/{ => docs}/developer-docs/setup/website-dev-environment.md (100%) rename website/{ => docs}/developer-docs/translation.md (100%) delete mode 100644 website/docs/flow/stages/user_logout.md rename website/docs/{installation => install-config}/air-gapped.mdx (93%) rename website/docs/{installation => install-config}/automated-install.md (100%) rename website/docs/{installation => install-config}/beta.mdx (100%) rename website/docs/{installation => install-config/configuration}/configuration.mdx (100%) rename website/docs/{installation => install-config}/dashboard.png (100%) rename website/docs/{core => install-config}/geoip.mdx (96%) rename website/docs/{installation => install-config}/index.mdx (87%) rename website/docs/{installation => install-config/install}/docker-compose.mdx (90%) rename website/docs/{installation => install-config/install}/kubernetes.md (96%) rename website/docs/{installation => install-config}/reverse-proxy.md (100%) rename website/docs/{installation => install-config}/storage-s3.md (98%) rename website/docs/{installation => install-config}/upgrade.mdx (100%) rename website/docs/{installation => install-config}/version1.png (100%) rename website/docs/security/{ => audits-and-certs}/2023-06-cure53.md (97%) rename website/docs/security/{ => cves}/CVE-2022-23555.md (100%) rename website/docs/security/{ => cves}/CVE-2022-46145.md (100%) rename website/docs/security/{ => cves}/CVE-2022-46172.md (100%) rename website/docs/security/{ => cves}/CVE-2023-26481.md (100%) rename website/docs/security/{ => cves}/CVE-2023-36456.md (100%) rename website/docs/security/{ => cves}/CVE-2023-39522.md (100%) rename website/docs/security/{ => cves}/CVE-2023-48228.md (100%) rename website/docs/security/{ => cves}/CVE-2024-21637.md (100%) rename website/docs/security/{ => cves}/CVE-2024-23647.md (100%) rename website/docs/security/{ => cves}/CVE-2024-37905.md (100%) rename website/docs/security/{ => cves}/CVE-2024-38371.md (100%) rename website/docs/security/{ => cves}/CVE-2024-42490.md (100%) rename website/docs/security/{ => cves}/CVE-2024-47070.md (100%) rename website/docs/security/{ => cves}/CVE-2024-47077.md (100%) rename website/docs/security/{ => cves}/GHSA-rjvp-29xq-f62w.md (100%) delete mode 100644 website/docs/sources/active-directory/03_additional_perms.png rename website/docs/{core => sys-mgmt}/certificates.md (100%) rename website/docs/{ => sys-mgmt}/events/event_matcher.png (100%) rename website/docs/{ => sys-mgmt}/events/index.md (100%) rename website/docs/{ => sys-mgmt}/events/notifications.md (94%) rename website/docs/{ => sys-mgmt}/events/transports.md (88%) rename website/docs/{installation => sys-mgmt/ops}/monitoring.md (97%) rename website/docs/{core => sys-mgmt}/settings.md (85%) rename website/docs/{advanced => sys-mgmt}/tenancy.md (88%) rename website/docs/{user-group-role => users-sources}/access-control/flow-page.png (100%) rename website/docs/{user-group-role => users-sources}/access-control/index.mdx (91%) rename website/docs/{user-group-role => users-sources}/access-control/manage_permissions.md (98%) rename website/docs/{user-group-role => users-sources}/access-control/permissions.md (77%) rename website/docs/{user-group-role => users-sources}/access-control/user-page.png (100%) rename website/docs/{user-group-role => users-sources}/groups/group_ref.md (100%) rename website/docs/{user-group-role => users-sources}/groups/index.mdx (100%) rename website/docs/{user-group-role => users-sources}/groups/manage_groups.md (96%) rename website/docs/{user-group-role/roles/index.mdx => users-sources/roles/index.md} (85%) rename website/docs/{user-group-role => users-sources}/roles/manage_roles.md (100%) rename website/docs/{sources => users-sources/sources/directory-sync}/active-directory/01_user_create.png (100%) rename website/docs/{sources => users-sources/sources/directory-sync}/active-directory/02_delegate.png (100%) rename website/docs/{sources/active-directory/10_ak_status.png => users-sources/sources/directory-sync/active-directory/03_additional_perms.png} (100%) rename website/docs/{sources => users-sources/sources/directory-sync}/active-directory/11_ak_stage.png (100%) rename website/docs/{sources => users-sources/sources/directory-sync}/active-directory/index.md (98%) rename website/docs/{sources/freeipa/01_user_create.png => users-sources/sources/directory-sync/freeipa/01_user_create.pn} (100%) rename website/docs/{sources => users-sources/sources/directory-sync}/freeipa/02_user_roles.png (100%) rename website/docs/{sources => users-sources/sources/directory-sync}/freeipa/03_add_user_role.png (100%) rename website/docs/{sources => users-sources/sources/directory-sync}/freeipa/04_source_settings_1.png (100%) rename website/docs/{sources => users-sources/sources/directory-sync}/freeipa/05_source_settings_2.png (100%) rename website/docs/{sources => users-sources/sources/directory-sync}/freeipa/06_sync_source.png (100%) rename website/docs/{sources => users-sources/sources/directory-sync}/freeipa/07_password_stage.png (100%) rename website/docs/{sources => users-sources/sources/directory-sync}/freeipa/index.md (99%) rename website/docs/{ => users-sources}/sources/index.md (87%) rename website/docs/{ => users-sources}/sources/property-mappings/expressions.md (86%) rename website/docs/{ => users-sources}/sources/property-mappings/index.md (87%) rename website/docs/{sources => users-sources/sources/protocols}/ldap/index.md (95%) rename website/docs/{sources => users-sources/sources/protocols}/oauth/index.md (93%) rename website/docs/{sources => users-sources/sources/protocols}/saml/index.md (98%) rename website/docs/{sources => users-sources/sources/protocols}/scim/index.md (96%) rename website/docs/{sources => users-sources/sources/social-logins}/apple/app_id.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/apple/app_service_config.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/apple/index.md (94%) rename website/docs/{sources => users-sources/sources/social-logins}/apple/key.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/apple/service_id.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/azure-ad/aad_01.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/azure-ad/authentik_01.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/azure-ad/index.md (94%) rename website/docs/{sources => users-sources/sources/social-logins}/discord/discord1.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/discord/discord2.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/discord/discord3.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/discord/discord4.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/discord/index.md (98%) rename website/docs/{sources => users-sources/sources/social-logins}/facebook/index.md (97%) rename website/docs/{sources => users-sources/sources/social-logins}/github/github_org_membership.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/github/githubdeveloper1.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/github/githubdeveloperexample.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/github/githubexample2.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/github/index.md (94%) rename website/docs/{sources => users-sources/sources/social-logins}/google/authentiksource.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/google/googledeveloper1.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/google/googledeveloper2.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/google/googledeveloper3.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/google/googledeveloper4.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/google/googledeveloper5.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/google/googledeveloper6.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/google/index.md (91%) rename website/docs/{sources => users-sources/sources/social-logins}/mailcow/index.md (85%) rename website/docs/{sources => users-sources/sources/social-logins}/mailcow/mailcow1.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/mailcow/mailcow2.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/mailcow/mailcow3.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/mailcow/mailcow4.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/mailcow/mailcow5.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/plex/index.md (84%) rename website/docs/{sources => users-sources/sources/social-logins}/twitch/index.md (84%) rename website/docs/{sources => users-sources/sources/social-logins}/twitch/twitch1.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/twitch/twitch2.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/twitch/twitch3.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/twitch/twitch4.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/twitch/twitch5.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/twitter/index.md (95%) rename website/docs/{sources => users-sources/sources/social-logins}/twitter/twitter1.png (100%) rename website/docs/{sources => users-sources/sources/social-logins}/twitter/twitter2.png (100%) rename website/docs/{user-group-role => users-sources}/user/create_invite.png (100%) rename website/docs/{user-group-role => users-sources}/user/index.mdx (100%) rename website/docs/{user-group-role => users-sources}/user/invitations.md (94%) rename website/docs/{user-group-role => users-sources}/user/user_basic_operations.md (84%) rename website/docs/{user-group-role => users-sources}/user/user_ref.md (97%) create mode 100644 website/migratefile delete mode 100644 website/sidebarsDev.js diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 54e9b8b5b0..bfce33eea8 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,7 +1,7 @@ ## Details diff --git a/Makefile b/Makefile index c430305513..277139e321 100644 --- a/Makefile +++ b/Makefile @@ -19,14 +19,13 @@ pg_name := $(shell python -m authentik.lib.config postgresql.name 2>/dev/null) CODESPELL_ARGS = -D - -D .github/codespell-dictionary.txt \ -I .github/codespell-words.txt \ -S 'web/src/locales/**' \ - -S 'website/developer-docs/api/reference/**' \ + -S 'website/docs/developer-docs/api/reference/**' \ authentik \ internal \ cmd \ web/src \ website/src \ website/blog \ - website/developer-docs \ website/docs \ website/integrations \ website/src diff --git a/README.md b/README.md index 613b41e249..3ae306574d 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ For bigger setups, there is a Helm Chart [here](https://github.com/goauthentik/h ## Development -See [Developer Documentation](https://goauthentik.io/developer-docs/?utm_source=github) +See [Developer Documentation](https://docs.goauthentik.io/docs/developer-docs/?utm_source=github) ## Security diff --git a/authentik/blueprints/v1/importer.py b/authentik/blueprints/v1/importer.py index 08d7976932..4f3d4f762b 100644 --- a/authentik/blueprints/v1/importer.py +++ b/authentik/blueprints/v1/importer.py @@ -69,7 +69,7 @@ from authentik.stages.authenticator_webauthn.models import WebAuthnDeviceType from authentik.tenants.models import Tenant # Context set when the serializer is created in a blueprint context -# Update website/developer-docs/blueprints/v1/models.md when used +# Update website/docs/customize/blueprints/v1/models.md when used SERIALIZER_CONTEXT_BLUEPRINT = "blueprint_entry" diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index cf6ca74f2c..7a6bff04a5 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -1,4 +1,4 @@ -# update website/docs/installation/configuration.mdx +# update website/docs/install-config/configuration/configuration.mdx # This is the default configuration file postgresql: host: localhost diff --git a/authentik/outposts/models.py b/authentik/outposts/models.py index 2a6f45789f..4032892fe8 100644 --- a/authentik/outposts/models.py +++ b/authentik/outposts/models.py @@ -53,7 +53,7 @@ class ServiceConnectionInvalid(SentryIgnoredException): class OutpostConfig: """Configuration an outpost uses to configure it self""" - # update website/docs/outposts/_config.md + # update website/docs/add-secure-apps/outposts/_config.md authentik_host: str = "" authentik_host_insecure: bool = False diff --git a/authentik/stages/prompt/models.py b/authentik/stages/prompt/models.py index a05853e363..7ee995c747 100644 --- a/authentik/stages/prompt/models.py +++ b/authentik/stages/prompt/models.py @@ -38,7 +38,7 @@ LOGGER = get_logger() class FieldTypes(models.TextChoices): """Field types an Prompt can be""" - # update website/docs/flow/stages/prompt/index.md + # update website/docs/add-secure-apps/flows-stages/stages/prompt/index.md # Simple text field TEXT = "text", _("Text: Simple Text input") diff --git a/scripts/api-ts-templates/README.mustache b/scripts/api-ts-templates/README.mustache index 1067c9e88d..a606e48553 100644 --- a/scripts/api-ts-templates/README.mustache +++ b/scripts/api-ts-templates/README.mustache @@ -4,7 +4,7 @@ This package provides a generated API Client for [authentik](https://goauthentik ### Building -See https://goauthentik.io/developer-docs/making-schema-changes +See https://docs.goauthentik.io/docs/developer-docs/making-schema-changes ### Consuming diff --git a/web/src/admin/applications/ApplicationListPage.ts b/web/src/admin/applications/ApplicationListPage.ts index 628f387e0a..50b4ee908c 100644 --- a/web/src/admin/applications/ApplicationListPage.ts +++ b/web/src/admin/applications/ApplicationListPage.ts @@ -2,7 +2,7 @@ import "@goauthentik/admin/applications/ApplicationForm"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { PFSize } from "@goauthentik/common/enums.js"; import "@goauthentik/components/ak-app-icon"; -import MDApplication from "@goauthentik/docs/applications/index.md"; +import MDApplication from "@goauthentik/docs/add-secure-apps/applications/index.md"; import "@goauthentik/elements/Markdown"; import "@goauthentik/elements/buttons/SpinnerButton"; import "@goauthentik/elements/forms/DeleteBulkForm"; diff --git a/web/src/admin/blueprints/BlueprintForm.ts b/web/src/admin/blueprints/BlueprintForm.ts index dd08b6b872..ad2ef15523 100644 --- a/web/src/admin/blueprints/BlueprintForm.ts +++ b/web/src/admin/blueprints/BlueprintForm.ts @@ -159,7 +159,7 @@ export class BlueprintForm extends ModelForm { target="_blank" rel="noopener noreferrer" href="${docLink( - "/developer-docs/blueprints/?utm_source=authentik#storage---oci", + "/docs/customize/blueprints/?utm_source=authentik#storage---oci", )}" >${msg("Documentation")} diff --git a/web/src/admin/outposts/OutpostDeploymentModal.ts b/web/src/admin/outposts/OutpostDeploymentModal.ts index 55e8289c39..fcbd4bb36e 100644 --- a/web/src/admin/outposts/OutpostDeploymentModal.ts +++ b/web/src/admin/outposts/OutpostDeploymentModal.ts @@ -22,7 +22,9 @@ export class OutpostDeploymentModal extends ModalButton {

${msg("View deployment documentation")} diff --git a/web/src/admin/outposts/OutpostForm.ts b/web/src/admin/outposts/OutpostForm.ts index f11d9d2a78..3c276caaf7 100644 --- a/web/src/admin/outposts/OutpostForm.ts +++ b/web/src/admin/outposts/OutpostForm.ts @@ -215,7 +215,7 @@ export class OutpostForm extends ModelForm { ${msg("See documentation")}.

@@ -251,7 +251,7 @@ export class OutpostForm extends ModelForm { target="_blank" rel="noopener noreferrer" href="${docLink( - "/docs/outposts?utm_source=authentik#configuration", + "/docs/add-secure-apps/outposts?utm_source=authentik#configuration", )}" >${msg("Documentation")} diff --git a/web/src/admin/policies/expression/ExpressionPolicyForm.ts b/web/src/admin/policies/expression/ExpressionPolicyForm.ts index e207d42a9e..f2526141ac 100644 --- a/web/src/admin/policies/expression/ExpressionPolicyForm.ts +++ b/web/src/admin/policies/expression/ExpressionPolicyForm.ts @@ -87,7 +87,9 @@ export class ExpressionPolicyForm extends BasePolicyForm { ${msg("See documentation for a list of all variables.")} diff --git a/web/src/admin/property-mappings/BasePropertyMappingForm.ts b/web/src/admin/property-mappings/BasePropertyMappingForm.ts index f6dae4334b..899f116cc7 100644 --- a/web/src/admin/property-mappings/BasePropertyMappingForm.ts +++ b/web/src/admin/property-mappings/BasePropertyMappingForm.ts @@ -16,7 +16,7 @@ export abstract class BasePropertyMappingForm extends string > { docLink(): string { - return "/docs/providers/property-mappings/expression?utm_source=authentik"; + return "/docs/add-secure-apps/providers/property-mappings/expression?utm_source=authentik"; } getSuccessMessage(): string { diff --git a/web/src/admin/property-mappings/PropertyMappingProviderRACForm.ts b/web/src/admin/property-mappings/PropertyMappingProviderRACForm.ts index d30d9202f5..b41b8d7e9a 100644 --- a/web/src/admin/property-mappings/PropertyMappingProviderRACForm.ts +++ b/web/src/admin/property-mappings/PropertyMappingProviderRACForm.ts @@ -154,7 +154,7 @@ export class PropertyMappingProviderRACForm extends BasePropertyMappingForm ${msg("See documentation for a list of all variables.")} diff --git a/web/src/admin/property-mappings/PropertyMappingSourceLDAPForm.ts b/web/src/admin/property-mappings/PropertyMappingSourceLDAPForm.ts index 8ca03e9761..da7d7097e8 100644 --- a/web/src/admin/property-mappings/PropertyMappingSourceLDAPForm.ts +++ b/web/src/admin/property-mappings/PropertyMappingSourceLDAPForm.ts @@ -10,7 +10,7 @@ import { LDAPSourcePropertyMapping, PropertymappingsApi } from "@goauthentik/api @customElement("ak-property-mapping-source-ldap-form") export class PropertyMappingSourceLDAPForm extends BasePropertyMappingForm { docLink(): string { - return "/docs/sources/property-mappings/expressions?utm_source=authentik"; + return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik"; } loadInstance(pk: string): Promise { diff --git a/web/src/admin/property-mappings/PropertyMappingSourceOAuthForm.ts b/web/src/admin/property-mappings/PropertyMappingSourceOAuthForm.ts index f1563e2bc1..e18deb6c56 100644 --- a/web/src/admin/property-mappings/PropertyMappingSourceOAuthForm.ts +++ b/web/src/admin/property-mappings/PropertyMappingSourceOAuthForm.ts @@ -10,7 +10,7 @@ import { OAuthSourcePropertyMapping, PropertymappingsApi } from "@goauthentik/ap @customElement("ak-property-mapping-source-oauth-form") export class PropertyMappingSourceOAuthForm extends BasePropertyMappingForm { docLink(): string { - return "/docs/sources/property-mappings/expressions?utm_source=authentik"; + return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik"; } loadInstance(pk: string): Promise { diff --git a/web/src/admin/property-mappings/PropertyMappingSourcePlexForm.ts b/web/src/admin/property-mappings/PropertyMappingSourcePlexForm.ts index 663805694c..aa69294d83 100644 --- a/web/src/admin/property-mappings/PropertyMappingSourcePlexForm.ts +++ b/web/src/admin/property-mappings/PropertyMappingSourcePlexForm.ts @@ -10,7 +10,7 @@ import { PlexSourcePropertyMapping, PropertymappingsApi } from "@goauthentik/api @customElement("ak-property-mapping-source-plex-form") export class PropertyMappingSourcePlexForm extends BasePropertyMappingForm { docLink(): string { - return "/docs/sources/property-mappings/expressions?utm_source=authentik"; + return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik"; } loadInstance(pk: string): Promise { diff --git a/web/src/admin/property-mappings/PropertyMappingSourceSAMLForm.ts b/web/src/admin/property-mappings/PropertyMappingSourceSAMLForm.ts index f1f703581a..1aa908cac5 100644 --- a/web/src/admin/property-mappings/PropertyMappingSourceSAMLForm.ts +++ b/web/src/admin/property-mappings/PropertyMappingSourceSAMLForm.ts @@ -10,7 +10,7 @@ import { PropertymappingsApi, SAMLSourcePropertyMapping } from "@goauthentik/api @customElement("ak-property-mapping-source-saml-form") export class PropertyMappingSourceSAMLForm extends BasePropertyMappingForm { docLink(): string { - return "/docs/sources/property-mappings/expressions?utm_source=authentik"; + return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik"; } loadInstance(pk: string): Promise { diff --git a/web/src/admin/property-mappings/PropertyMappingSourceSCIMForm.ts b/web/src/admin/property-mappings/PropertyMappingSourceSCIMForm.ts index 7ff39cadfc..f840002fff 100644 --- a/web/src/admin/property-mappings/PropertyMappingSourceSCIMForm.ts +++ b/web/src/admin/property-mappings/PropertyMappingSourceSCIMForm.ts @@ -10,7 +10,7 @@ import { PropertymappingsApi, SCIMSourcePropertyMapping } from "@goauthentik/api @customElement("ak-property-mapping-source-scim-form") export class PropertyMappingSourceSCIMForm extends BasePropertyMappingForm { docLink(): string { - return "/docs/sources/property-mappings/expressions?utm_source=authentik"; + return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik"; } loadInstance(pk: string): Promise { diff --git a/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts b/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts index 00f59f5931..6bba6b3bcc 100644 --- a/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts +++ b/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts @@ -4,7 +4,7 @@ import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { EVENT_REFRESH } from "@goauthentik/common/constants"; import renderDescriptionList from "@goauthentik/components/DescriptionList"; import "@goauthentik/components/events/ObjectChangelog"; -import MDProviderOAuth2 from "@goauthentik/docs/providers/oauth2/index.md"; +import MDProviderOAuth2 from "@goauthentik/docs/add-secure-apps/providers/oauth2/index.md"; import { AKElement } from "@goauthentik/elements/Base"; import "@goauthentik/elements/CodeMirror"; import "@goauthentik/elements/EmptyState"; diff --git a/web/src/admin/providers/proxy/ProxyProviderViewPage.ts b/web/src/admin/providers/proxy/ProxyProviderViewPage.ts index a4336c1d36..bf68b9ba1b 100644 --- a/web/src/admin/providers/proxy/ProxyProviderViewPage.ts +++ b/web/src/admin/providers/proxy/ProxyProviderViewPage.ts @@ -6,14 +6,14 @@ import { EVENT_REFRESH } from "@goauthentik/common/constants"; import { convertToSlug } from "@goauthentik/common/utils"; import "@goauthentik/components/ak-status-label"; import "@goauthentik/components/events/ObjectChangelog"; -import MDCaddyStandalone from "@goauthentik/docs/providers/proxy/_caddy_standalone.md"; -import MDNginxIngress from "@goauthentik/docs/providers/proxy/_nginx_ingress.md"; -import MDNginxPM from "@goauthentik/docs/providers/proxy/_nginx_proxy_manager.md"; -import MDNginxStandalone from "@goauthentik/docs/providers/proxy/_nginx_standalone.md"; -import MDTraefikCompose from "@goauthentik/docs/providers/proxy/_traefik_compose.md"; -import MDTraefikIngress from "@goauthentik/docs/providers/proxy/_traefik_ingress.md"; -import MDTraefikStandalone from "@goauthentik/docs/providers/proxy/_traefik_standalone.md"; -import MDHeaderAuthentication from "@goauthentik/docs/providers/proxy/header_authentication.md"; +import MDCaddyStandalone from "@goauthentik/docs/add-secure-apps/providers/proxy/_caddy_standalone.md"; +import MDNginxIngress from "@goauthentik/docs/add-secure-apps/providers/proxy/_nginx_ingress.md"; +import MDNginxPM from "@goauthentik/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md"; +import MDNginxStandalone from "@goauthentik/docs/add-secure-apps/providers/proxy/_nginx_standalone.md"; +import MDTraefikCompose from "@goauthentik/docs/add-secure-apps/providers/proxy/_traefik_compose.md"; +import MDTraefikIngress from "@goauthentik/docs/add-secure-apps/providers/proxy/_traefik_ingress.md"; +import MDTraefikStandalone from "@goauthentik/docs/add-secure-apps/providers/proxy/_traefik_standalone.md"; +import MDHeaderAuthentication from "@goauthentik/docs/add-secure-apps/providers/proxy/header_authentication.md"; import { AKElement } from "@goauthentik/elements/Base"; import "@goauthentik/elements/CodeMirror"; import "@goauthentik/elements/Markdown"; @@ -166,7 +166,7 @@ export class ProxyProviderViewPage extends AKElement { return input; } const extHost = new URL(this.provider.externalHost); - // See website/docs/providers/proxy/forward_auth.mdx + // See website/docs/add-secure-apps/providers/proxy/forward_auth.mdx if (this.provider?.mode === ProxyMode.ForwardSingle) { return input .replaceAll("authentik.company", window.location.hostname) diff --git a/web/src/admin/providers/scim/SCIMProviderViewPage.ts b/web/src/admin/providers/scim/SCIMProviderViewPage.ts index 4d80a2fa99..0af3a4807c 100644 --- a/web/src/admin/providers/scim/SCIMProviderViewPage.ts +++ b/web/src/admin/providers/scim/SCIMProviderViewPage.ts @@ -5,7 +5,7 @@ import "@goauthentik/admin/rbac/ObjectPermissionsPage"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { EVENT_REFRESH } from "@goauthentik/common/constants"; import "@goauthentik/components/events/ObjectChangelog"; -import MDSCIMProvider from "@goauthentik/docs/providers/scim/index.md"; +import MDSCIMProvider from "@goauthentik/docs/add-secure-apps/providers/scim/index.md"; import { AKElement } from "@goauthentik/elements/Base"; import "@goauthentik/elements/Markdown"; import "@goauthentik/elements/SyncStatusCard"; diff --git a/website/.gitignore b/website/.gitignore index 9fc88bc19b..df1c20be44 100644 --- a/website/.gitignore +++ b/website/.gitignore @@ -25,4 +25,4 @@ yarn-error.log* static/docker-compose.yml static/schema.yaml -developer-docs/api/reference/** +docs/developer-docs/api/reference/** diff --git a/website/docs/applications/index.md b/website/docs/add-secure-apps/applications/index.md similarity index 93% rename from website/docs/applications/index.md rename to website/docs/add-secure-apps/applications/index.md index 5cf9e9404d..d67cf8206c 100644 --- a/website/docs/applications/index.md +++ b/website/docs/add-secure-apps/applications/index.md @@ -22,7 +22,7 @@ Applications are displayed to users when: - The user has access defined via policies (or the application has no policies bound) - A valid Launch URL is configured/could be guessed, this consists of URLs starting with http:// and https:// -The following aspects can be configured: +The following options can be configured: - _Name_: This is the name shown for the application card - _Launch URL_: The URL that is opened when a user clicks on the application. When left empty, authentik tries to guess it based on the provider @@ -35,7 +35,7 @@ The following aspects can be configured: If the authentik server does not have a volume mounted under `/media`, you'll get a text input. This accepts absolute URLs. If you've mounted single files into the container, you can reference them using `https://authentik.company/media/my-file.png`. - If there is a mount under `/media` or if [S3 storage](../installation/storage-s3.md) is configured, you'll instead see a field to upload a file. + If there is a mount under `/media` or if [S3 storage](../../install-config/storage-s3.md) is configured, you'll instead see a field to upload a file. - _Publisher_: Text shown below the application - _Description_: Subtext shown on the application card below the publisher diff --git a/website/docs/applications/manage_apps.md b/website/docs/add-secure-apps/applications/manage_apps.md similarity index 100% rename from website/docs/applications/manage_apps.md rename to website/docs/add-secure-apps/applications/manage_apps.md diff --git a/website/docs/flow/context/index.md b/website/docs/add-secure-apps/flows-stages/flow/context/index.md similarity index 77% rename from website/docs/flow/context/index.md rename to website/docs/add-secure-apps/flows-stages/flow/context/index.md index b6c79415fb..55fd7c186f 100644 --- a/website/docs/flow/context/index.md +++ b/website/docs/add-secure-apps/flows-stages/flow/context/index.md @@ -22,15 +22,15 @@ Keys prefixed with `goauthentik.io` are used internally by authentik and are sub ### Common keys -#### `pending_user` ([User object](../../user-group-role/user/user_ref.md#object-properties)) +#### `pending_user` ([User object](../../../../users-sources/user/user_ref.md#object-properties)) -`pending_user` is used by multiple stages. In the context of most flow executions, it represents the data of the user that is executing the flow. This value is not set automatically, it is set via the [Identification stage](../stages/identification/). +`pending_user` is used by multiple stages. In the context of most flow executions, it represents the data of the user that is executing the flow. This value is not set automatically, it is set via the [Identification stage](../../stages/identification/index.md). -Stages that require a user, such as the [Password stage](../stages/password/), the [Authenticator validation stage](../stages/authenticator_validate/) and others will use this value if it is set, and fallback to the request's users when possible. +Stages that require a user, such as the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.md) and others will use this value if it is set, and fallback to the request's users when possible. #### `prompt_data` (Dictionary) -`prompt_data` is primarily used by the [Prompt stage](../stages/prompt/). The value of any field within a prompt stage is written to the `prompt_data` dictionary. For example, given a field with the _Field key_ `email` that was submitted with the value `foo@bar.baz` will result in the following context: +`prompt_data` is primarily used by the [Prompt stage](../../stages/prompt/index.md). The value of any field within a prompt stage is written to the `prompt_data` dictionary. For example, given a field with the _Field key_ `email` that was submitted with the value `foo@bar.baz` will result in the following context: ```json { @@ -40,7 +40,7 @@ Stages that require a user, such as the [Password stage](../stages/password/), t } ``` -This data can be modified with policies. The data is also used by stages like [User write](../stages/user_write.md), which takes data in `prompt_data` and writes it to `pending_user`. +This data can be modified with policies. The data is also used by stages like [User write](../../stages/user_write.md), which takes data in `prompt_data` and writes it to `pending_user`. #### `redirect` (string) @@ -62,7 +62,7 @@ When a user authenticates/enrolls via an external source, this will be set to th #### `outpost` (dictionary) authentik 2024.10+ -When a flow is executed by an Outpost (for example the [LDAP](../../providers/ldap/index.md) or [RADIUS](../../providers/radius/index.mdx)), this will be set to a dictionary containing the Outpost instance under the key `"instance"`. +When a flow is executed by an Outpost (for example the [LDAP](../../../providers/ldap/index.md) or [RADIUS](../../../providers/radius/index.mdx)), this will be set to a dictionary containing the Outpost instance under the key `"instance"`. ### Scenario-specific keys @@ -72,7 +72,7 @@ Set to `True` when the flow is executed from an "SSO" context. For example, this #### `is_restored` (Token object) -Set when a flow execution is continued from a token. This happens for example when an [Email stage](../stages/email/index.mdx) is used and the user clicks on the link within the email. The token object contains the key that was used to restore the flow execution. +Set when a flow execution is continued from a token. This happens for example when an [Email stage](../../stages/email/index.mdx) is used and the user clicks on the link within the email. The token object contains the key that was used to restore the flow execution. ### Stage-specific keys @@ -118,9 +118,9 @@ Optionally overwrite the deny message shown, has a higher priority than the mess #### User write stage -##### `groups` (List of [Group objects](../../user-group-role/groups/index.mdx)) +##### `groups` (List of [Group objects](../../../../users-sources/groups/index.mdx)) -See [Group](../../user-group-role/groups/index.mdx). If set in the flow context, the `pending_user` will be added to all the groups in this list. +See [Group](../../../../users-sources/groups/index.mdx). If set in the flow context, the `pending_user` will be added to all the groups in this list. If set, this must be a list of group objects and not group names. @@ -136,11 +136,11 @@ Type the `pending_user` will be created as. Must be one of `internal`, `external ##### `user_backend` (string) -Set by the [Password stage](../stages/password/index.md) after successfully authenticating in the user. Contains a dot-notation to the authentication backend that was used to successfully authenticate the user. +Set by the [Password stage](../../stages/password/index.md) after successfully authenticating in the user. Contains a dot-notation to the authentication backend that was used to successfully authenticate the user. ##### `auth_method` (string) -Set by the [Password stage](../stages/password/index.md), the [Authenticator validation stage](../stages/authenticator_validate/index.md), the [OAuth2 Provider](../../providers/oauth2/index.md), and the API authentication depending on which method was used to authenticate. +Set by the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.md), the [OAuth2 Provider](../../../providers/oauth2/index.md), and the API authentication depending on which method was used to authenticate. Possible options: @@ -149,7 +149,7 @@ Possible options: - `ldap` (Authenticated via LDAP bind from an LDAP source) - `auth_mfa` (Authentication via MFA device without password) - `auth_webauthn_pwl` (Passwordless authentication via WebAuthn) -- `jwt` ([M2M](../../providers/oauth2/client_credentials.md) authentication via an existing JWT) +- `jwt` ([M2M](../../../providers/oauth2/client_credentials.md) authentication via an existing JWT) ##### `auth_method_args` (dictionary) diff --git a/website/docs/flow/create-flow.png b/website/docs/add-secure-apps/flows-stages/flow/create-flow.png similarity index 100% rename from website/docs/flow/create-flow.png rename to website/docs/add-secure-apps/flows-stages/flow/create-flow.png diff --git a/website/docs/flow/examples/flows.md b/website/docs/add-secure-apps/flows-stages/flow/examples/flows.md similarity index 100% rename from website/docs/flow/examples/flows.md rename to website/docs/add-secure-apps/flows-stages/flow/examples/flows.md diff --git a/website/docs/flow/examples/snippets.md b/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.md similarity index 100% rename from website/docs/flow/examples/snippets.md rename to website/docs/add-secure-apps/flows-stages/flow/examples/snippets.md diff --git a/website/docs/flow/executors/headless.md b/website/docs/add-secure-apps/flows-stages/flow/executors/headless.md similarity index 51% rename from website/docs/flow/executors/headless.md rename to website/docs/add-secure-apps/flows-stages/flow/executors/headless.md index b0bb7051d1..abbf6f19dd 100644 --- a/website/docs/flow/executors/headless.md +++ b/website/docs/add-secure-apps/flows-stages/flow/executors/headless.md @@ -6,6 +6,6 @@ The headless flow executor is used by clients that don't have access to the web The following stages are supported: -- [**Identification stage**](../stages/identification/) -- [**Password stage**](../stages/password/) -- [**Authenticator Validation Stage**](../stages/authenticator_validate/) +- [**Identification stage**](../../stages/identification/index.md) +- [**Password stage**](../../stages/password/index.md) +- [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.md) diff --git a/website/docs/flow/executors/if-flow.md b/website/docs/add-secure-apps/flows-stages/flow/executors/if-flow.md similarity index 55% rename from website/docs/flow/executors/if-flow.md rename to website/docs/add-secure-apps/flows-stages/flow/executors/if-flow.md index 442bd80646..20419a1a67 100644 --- a/website/docs/flow/executors/if-flow.md +++ b/website/docs/add-secure-apps/flows-stages/flow/executors/if-flow.md @@ -5,5 +5,5 @@ title: Default This is the default, web-based environment that flows are executed in. All stages are compatible with this environment and no limitations are imposed. :::info -All flow executors use the same [API](../../../developer-docs/api/flow-executor), which allows for the implementation of custom flow executors. +All flow executors use the same [API](../../../../developer-docs/api/flow-executor.md), which allows for the implementation of custom flow executors. ::: diff --git a/website/docs/flow/executors/sfe.md b/website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md similarity index 79% rename from website/docs/flow/executors/sfe.md rename to website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md index c68ec6eac9..fa1b7d9760 100644 --- a/website/docs/flow/executors/sfe.md +++ b/website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md @@ -13,14 +13,14 @@ Currently this flow executor is automatically used for the following browsers: The following stages are supported: -- [**Identification stage**](../stages/identification/) +- [**Identification stage**](../../stages/identification/index.md) :::info Only user identifier and user identifier + password stage configurations are supported; sources and passwordless configurations are not supported. ::: -- [**Password stage**](../stages/password/) -- [**Authenticator Validation Stage**](../stages/authenticator_validate/) +- [**Password stage**](../../stages/password/index.md) +- [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.md) Compared to the [default flow executor](./if-flow.md), this flow executor does _not_ support the following features: diff --git a/website/docs/flow/executors/user-settings.md b/website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md similarity index 93% rename from website/docs/flow/executors/user-settings.md rename to website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md index 4771401dcd..a3efe8b0a1 100644 --- a/website/docs/flow/executors/user-settings.md +++ b/website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md @@ -10,4 +10,4 @@ The user interface (/if/user/) uses a specialized flow executor to allow individ Because the stages in a flow can change during its execution, be awre that configuring this executor to use any stage type other than Prompt or User Write will automatically trigger a redirect to the standard executor. -An admin can customize which fields can be changed by the user by updating the default-user-settings-flow, or copying it to create a new flow with a Prompt Stage and a User Write Stage. Different variants of your flow can be applied to different [Brands](../../core/brands.md) on the same authentik instance. +An admin can customize which fields can be changed by the user by updating the default-user-settings-flow, or copying it to create a new flow with a Prompt Stage and a User Write Stage. Different variants of your flow can be applied to different [Brands](../../../../customize/brands.md) on the same authentik instance. diff --git a/website/docs/flow/flow-inspector.png b/website/docs/add-secure-apps/flows-stages/flow/flow-inspector.png similarity index 100% rename from website/docs/flow/flow-inspector.png rename to website/docs/add-secure-apps/flows-stages/flow/flow-inspector.png diff --git a/website/docs/flow/index.md b/website/docs/add-secure-apps/flows-stages/flow/index.md similarity index 75% rename from website/docs/flow/index.md rename to website/docs/add-secure-apps/flows-stages/flow/index.md index d36a87dbb8..6bfc125f14 100644 --- a/website/docs/flow/index.md +++ b/website/docs/add-secure-apps/flows-stages/flow/index.md @@ -2,7 +2,7 @@ title: Flows --- -Flows are a major component in authentik. In conjunction with stages and [policies](../policies/index.md), flows are at the heart of our system of building blocks, used to define and execute the workflows of authentication, authorization, enrollment, and user settings. +Flows are a major component in authentik. In conjunction with stages and [policies](../../../customize/policies/index.md), flows are at the heart of our system of building blocks, used to define and execute the workflows of authentication, authorization, enrollment, and user settings. There are over a dozen default, out-of-the box flows available in authentik. Users can decide if they already have everything they need with the default flows or if they want to [create](#create-a-custom-flow) their own custom flow, using the Admin interface. @@ -20,13 +20,13 @@ When these stages are successfully completed, authentik logs in the user. By default, policies are evaluated dynamically, right before the stage (to which a policy is bound) is presented to the user. This flexibility allows the login process to continue, change, or stop, based on the success or failure of each policy. -This default behaviour can be altered by enabling the **Evaluate when flow is planned** option on the stage binding. With this setting a _flow plan_ containing all stages is generated upon flow execution. This means that all attached policies are evaluated upon execution. For more information about flow plans, read our [flow context documentation](../flow/context/index.md). +This default behaviour can be altered by enabling the **Evaluate when flow is planned** option on the stage binding. With this setting a _flow plan_ containing all stages is generated upon flow execution. This means that all attached policies are evaluated upon execution. For more information about flow plans, read our [flow context documentation](./context/index.md). -To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../core/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used. +To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../../../customize/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used. ## Permissions -Flows can have [policies](../flow/stages/index.md) assigned to them. These policies determine if the current user is allowed to see and use this flow. +Flows can have [policies](../stages/index.md) assigned to them. These policies determine if the current user is allowed to see and use this flow. Keep in mind that in certain circumstances, policies cannot match against users and groups as there is no authenticated user yet. @@ -46,9 +46,9 @@ To create a flow, follow these steps: 2. In the Admin interface, navigate to **Flows and Stages -> Flows**. 3. Click **Create**, define the flow using the [configuration settings](#flow-configuration-options) described below, and then click **Finish**. -After creating the flow, you can then [bind specific stages](../flow/stages/index.md#bind-a-stage-to-a-flow) to the flow and [bind policies](../policies/working_with_policies/working_with_policies.md) to the flow to further customize the user's log in and authentication process. +After creating the flow, you can then [bind specific stages](../stages/index.md#bind-a-stage-to-a-flow) to the flow and [bind policies](../../../customize/policies/working_with_policies/working_with_policies.md) to the flow to further customize the user's log in and authentication process. -To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../core/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used. +To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../../../customize/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used. ## Flow configuration options @@ -64,17 +64,17 @@ When creating or editing a flow in the UI of the Admin interface, you can set th **Designation**: Flows are designated for a single purpose. This designation changes when a flow is used. The following designations are available: -- **Authentication**: this option designates a flow to be used for authentication. The authentication flow should always contain a [**User Login**](stages/user_login/index.md) stage, which attaches the staged user to the current session. +- **Authentication**: this option designates a flow to be used for authentication. The authentication flow should always contain a [**User Login**](../stages/user_login/index.md) stage, which attaches the staged user to the current session. - **Authorization**: designates a flow to be used for authorization. The authorization flow `default-provider-authorization-explicit-consent` should always contain a consent stage. -- **Invalidation**: designates a flow to be used to invalidate a session. This flow should always contain a [**User Logout**](stages/user_logout.md) stage, which resets the current session. +- **Invalidation**: designates a flow to be used to invalidate a session. This flow should always contain a [**User Logout**](../stages/user_logout.md) stage, which resets the current session. -- **Enrollment**: designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). At the end, to create the user, you can use the [**user_write**](stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one. +- **Enrollment**: designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**email**](../stages/email/index.mdx) or [**captcha**](../stages/captcha/index.md). At the end, to create the user, you can use the [**user_write**](../stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one. -- **Unenrollment**: designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). As a final stage, to delete the account, use the [**user_delete**](stages/user_delete.md) stage. +- **Unenrollment**: designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](../stages/email/index.mdx) or [**captcha**](../stages/captcha/index.md). As a final stage, to delete the account, use the [**user_delete**](../stages/user_delete.md) stage. -- **Recovery**: designates a flow for recovery. This flow normally contains an [**identification**](stages/identification/) stage to find the user. It can also contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). Afterwards, use the [**prompt**](stages/prompt/) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password. +- **Recovery**: designates a flow for recovery. This flow normally contains an [**identification**](../stages/identification/index.md) stage to find the user. It can also contain any amount of verification stages, such as [**email**](../stages/email/index.mdx) or [**captcha**](../stages/captcha/index.md). Afterwards, use the [**prompt**](../stages/prompt/index.md) stage to ask the user for a new password and the [**user_write**](../stages/user_write.md) stage to update the password. - **Stage configuration**: designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure Factors, like change a password and setup TOTP. diff --git a/website/docs/flow/inspector.md b/website/docs/add-secure-apps/flows-stages/flow/inspector.md similarity index 92% rename from website/docs/flow/inspector.md rename to website/docs/add-secure-apps/flows-stages/flow/inspector.md index fc848017c7..7b78831536 100644 --- a/website/docs/flow/inspector.md +++ b/website/docs/add-secure-apps/flows-stages/flow/inspector.md @@ -2,7 +2,7 @@ title: Flow Inspector --- -The flow inspector, introduced in 2021.10, allows administrators to visually determine how custom flows work, inspect the current [flow context](../flow/context/index.md), and investigate issues. +The flow inspector, introduced in 2021.10, allows administrators to visually determine how custom flows work, inspect the current [flow context](./context/index.md), and investigate issues. As shown in the screenshot below, the flow inspector displays next to the selected flow (in this case, "Change Password"), with [information](#flow-inspector-details) about that specific flow and flow context. @@ -11,12 +11,12 @@ As shown in the screenshot below, the flow inspector displays next to the select ## Access the Flow Inspector :::info -Be aware that when running a flow with the inspector enabled, the flow is still executed normally. This means that for example, a [User write](../flow/stages/user_write.md) stage _will_ write user data. +Be aware that when running a flow with the inspector enabled, the flow is still executed normally. This means that for example, a [User write](../stages/user_write.md) stage _will_ write user data. ::: ### Permissions and debug mode -By default, the inspector is only enabled when the currently authenticated user is a superuser, OR if a user has been granted the [permission](../user-group-role/access-control/permissions.md) **Can inspect a Flow's execution** (or is a user assigned to role with the permission). +By default, the inspector is only enabled when the currently authenticated user is a superuser, OR if a user has been granted the [permission](../../../users-sources/access-control/permissions.md) **Can inspect a Flow's execution** (or is a user assigned to role with the permission). When developing authentik with the debug mode enabled, the inspector is enabled by default and can be accessed by both unauthenticated users and standard users. However the debug mode should only be used for the development of authentik. So unless you are a developer and need the more verbose error information, the best practice for using the flow inspector is to assign the permission, not use debug mode. diff --git a/website/docs/flow/layouts.md b/website/docs/add-secure-apps/flows-stages/flow/layouts.md similarity index 100% rename from website/docs/flow/layouts.md rename to website/docs/add-secure-apps/flows-stages/flow/layouts.md diff --git a/website/docs/flow/layouts/content_left.png b/website/docs/add-secure-apps/flows-stages/flow/layouts/content_left.png similarity index 100% rename from website/docs/flow/layouts/content_left.png rename to website/docs/add-secure-apps/flows-stages/flow/layouts/content_left.png diff --git a/website/docs/flow/layouts/content_right.png b/website/docs/add-secure-apps/flows-stages/flow/layouts/content_right.png similarity index 100% rename from website/docs/flow/layouts/content_right.png rename to website/docs/add-secure-apps/flows-stages/flow/layouts/content_right.png diff --git a/website/docs/flow/layouts/sidebar_left.png b/website/docs/add-secure-apps/flows-stages/flow/layouts/sidebar_left.png similarity index 100% rename from website/docs/flow/layouts/sidebar_left.png rename to website/docs/add-secure-apps/flows-stages/flow/layouts/sidebar_left.png diff --git a/website/docs/flow/layouts/sidebar_right.png b/website/docs/add-secure-apps/flows-stages/flow/layouts/sidebar_right.png similarity index 100% rename from website/docs/flow/layouts/sidebar_right.png rename to website/docs/add-secure-apps/flows-stages/flow/layouts/sidebar_right.png diff --git a/website/docs/flow/layouts/stacked.png b/website/docs/add-secure-apps/flows-stages/flow/layouts/stacked.png similarity index 100% rename from website/docs/flow/layouts/stacked.png rename to website/docs/add-secure-apps/flows-stages/flow/layouts/stacked.png diff --git a/website/docs/flow/simple_stages.png b/website/docs/add-secure-apps/flows-stages/flow/simple_stages.png similarity index 100% rename from website/docs/flow/simple_stages.png rename to website/docs/add-secure-apps/flows-stages/flow/simple_stages.png diff --git a/website/docs/flow/stages/authenticator_duo/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.md similarity index 100% rename from website/docs/flow/stages/authenticator_duo/index.md rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.md diff --git a/website/docs/flow/stages/authenticator_sms/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.md similarity index 99% rename from website/docs/flow/stages/authenticator_sms/index.md rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.md index b9d7857695..e78d02481d 100644 --- a/website/docs/flow/stages/authenticator_sms/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.md @@ -48,7 +48,7 @@ return { ## Verify only authentik 2022.6+ -To only verify the validity of a users' phone number, without saving it in an easily accessible way, you can enable this option. Phone numbers from devices enrolled through this stage will only have their hashed phone number saved. These devices can also not be used with the [Authenticator validation](../authenticator_validate/) stage. +To only verify the validity of a users' phone number, without saving it in an easily accessible way, you can enable this option. Phone numbers from devices enrolled through this stage will only have their hashed phone number saved. These devices can also not be used with the [Authenticator validation](../authenticator_validate/index.md) stage. ## Limiting phone numbers diff --git a/website/docs/flow/stages/authenticator_static/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_static/index.md similarity index 100% rename from website/docs/flow/stages/authenticator_static/index.md rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_static/index.md diff --git a/website/docs/flow/stages/authenticator_totp/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_totp/index.md similarity index 100% rename from website/docs/flow/stages/authenticator_totp/index.md rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_totp/index.md diff --git a/website/docs/flow/stages/authenticator_validate/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md similarity index 91% rename from website/docs/flow/stages/authenticator_validate/index.md rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md index bc5e1aa45a..907a967e19 100644 --- a/website/docs/flow/stages/authenticator_validate/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md @@ -4,11 +4,11 @@ title: Authenticator validation stage This stage validates an already configured Authenticator Device. This device has to be configured using any of the other authenticator stages: -- [Duo authenticator stage](../authenticator_duo/) -- [SMS authenticator stage](../authenticator_sms/). -- [Static authenticator stage](../authenticator_static/). -- [TOTP authenticator stage](../authenticator_totp/) -- [WebAuth authenticator stage](../authenticator_webauthn/). +- [Duo authenticator stage](../authenticator_duo/index.md) +- [SMS authenticator stage](../authenticator_sms/index.md). +- [Static authenticator stage](../authenticator_static/index.md). +- [TOTP authenticator stage](../authenticator_totp/index.md) +- [WebAuth authenticator stage](../authenticator_webauthn/index.md). You can select which type of device classes are allowed. diff --git a/website/docs/flow/stages/authenticator_webauthn/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md similarity index 100% rename from website/docs/flow/stages/authenticator_webauthn/index.md rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md diff --git a/website/docs/flow/stages/captcha/captcha-admin.png b/website/docs/add-secure-apps/flows-stages/stages/captcha/captcha-admin.png similarity index 100% rename from website/docs/flow/stages/captcha/captcha-admin.png rename to website/docs/add-secure-apps/flows-stages/stages/captcha/captcha-admin.png diff --git a/website/docs/flow/stages/captcha/index.md b/website/docs/add-secure-apps/flows-stages/stages/captcha/index.md similarity index 98% rename from website/docs/flow/stages/captcha/index.md rename to website/docs/add-secure-apps/flows-stages/stages/captcha/index.md index 6dcfb6c91d..ed75f91198 100644 --- a/website/docs/flow/stages/captcha/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/captcha/index.md @@ -14,7 +14,7 @@ This stage adds a form of verification using [Google's ReCaptcha](https://www.go This stage has two required fields: Public key and private key. These can both be acquired at https://www.google.com/recaptcha/admin. -![](captcha-admin.png) +![](./captcha-admin.png) #### Configuration options diff --git a/website/docs/flow/stages/deny.md b/website/docs/add-secure-apps/flows-stages/stages/deny.md similarity index 100% rename from website/docs/flow/stages/deny.md rename to website/docs/add-secure-apps/flows-stages/stages/deny.md diff --git a/website/docs/flow/stages/email/custom_template.png b/website/docs/add-secure-apps/flows-stages/stages/email/custom_template.png similarity index 100% rename from website/docs/flow/stages/email/custom_template.png rename to website/docs/add-secure-apps/flows-stages/stages/email/custom_template.png diff --git a/website/docs/flow/stages/email/email_recovery.png b/website/docs/add-secure-apps/flows-stages/stages/email/email_recovery.png similarity index 100% rename from website/docs/flow/stages/email/email_recovery.png rename to website/docs/add-secure-apps/flows-stages/stages/email/email_recovery.png diff --git a/website/docs/flow/stages/email/index.mdx b/website/docs/add-secure-apps/flows-stages/stages/email/index.mdx similarity index 99% rename from website/docs/flow/stages/email/index.mdx rename to website/docs/add-secure-apps/flows-stages/stages/email/index.mdx index c76bb6731e..63f84fdade 100644 --- a/website/docs/flow/stages/email/index.mdx +++ b/website/docs/add-secure-apps/flows-stages/stages/email/index.mdx @@ -4,7 +4,7 @@ title: Email stage This stage can be used for email verification. authentik's background worker will send an email using the specified connection details. When an email can't be delivered, delivery is automatically retried periodically. -![](email_recovery.png) +![](./email_recovery.png) ## Behaviour @@ -75,7 +75,7 @@ volumeMounts: If you've add the line and created a file, and can't see if, check the worker logs using `docker compose logs -f worker` or `kubectl logs -f deployment/authentik-worker`. ::: -![](custom_template.png) +![](./custom_template.png) ### Example template diff --git a/website/docs/flow/stages/identification/index.md b/website/docs/add-secure-apps/flows-stages/stages/identification/index.md similarity index 83% rename from website/docs/flow/stages/identification/index.md rename to website/docs/add-secure-apps/flows-stages/stages/identification/index.md index fa592812a4..5bbe682782 100644 --- a/website/docs/flow/stages/identification/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/identification/index.md @@ -12,7 +12,7 @@ Select which fields the user can use to identify themselves. Multiple fields can - Email - UPN - UPN will attempt to identify the user based on the `upn` attribute, which can be imported with an [LDAP Source](/docs/sources/ldap/) + UPN will attempt to identify the user based on the `upn` attribute, which can be imported with an [LDAP Source](../../../../users-sources/sources/protocols/ldap) ## Password stage @@ -28,7 +28,7 @@ When enabled, any user identifier will be accepted as valid (as long as they mat ## Source settings -Some sources (like the [OAuth Source](../../../../docs/sources/oauth/) and [SAML Source](../../../../docs/sources/saml/)) require user interaction. To make these sources available to users, they can be selected in the Identification stage settings, which will show them below the selected [user field](#user-fields). +Some sources (like the [OAuth Source](../../../../users-sources/sources/protocols/oauth/index.md) and [SAML Source](../../../../users-sources/sources/protocols/saml/index.md)) require user interaction. To make these sources available to users, they can be selected in the Identification stage settings, which will show them below the selected [user field](#user-fields). By default, sources are only shown with their icon, which can be changed with the _Show sources' labels_ option. diff --git a/website/docs/flow/stages/index.md b/website/docs/add-secure-apps/flows-stages/stages/index.md similarity index 91% rename from website/docs/flow/stages/index.md rename to website/docs/add-secure-apps/flows-stages/stages/index.md index 474a4eab76..e3ff640bb8 100644 --- a/website/docs/flow/stages/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/index.md @@ -2,7 +2,7 @@ title: Stages --- -Stages are one of the fundamental building blocks in authentik, along with [flows](../index.md) and [policies](docs/policies/index.md). +Stages are one of the fundamental building blocks in authentik, along with [flows](../flow/index.md) and [policies](../../../customize/policies/index.md). A stage represents a single verification or logic step within a flow. You can bind one or more stages to a flow to create a customized, flexible login and authentication process. @@ -43,7 +43,7 @@ To create a stage, follow these steps: 2. In the Admin interface, navigate to **Flows and Stages -> Stages**. 3. Click **Create**, define the flow using the configuration settings, and then click **Finish**. -After creating the stage, you can then [bind the stage to a flow](#bind-a-stage-to-a-flow) or [bind a policy to the stage](../../policies/working_with_policies/working_with_policies.md) (the policy determines whether or not the stage will be implemented in the flow). +After creating the stage, you can then [bind the stage to a flow](#bind-a-stage-to-a-flow) or [bind a policy to the stage](../../../customize/policies/working_with_policies/working_with_policies.md) (the policy determines whether or not the stage will be implemented in the flow). ## Bind a stage to a flow diff --git a/website/docs/flow/stages/invitation/index.md b/website/docs/add-secure-apps/flows-stages/stages/invitation/index.md similarity index 88% rename from website/docs/flow/stages/invitation/index.md rename to website/docs/add-secure-apps/flows-stages/stages/invitation/index.md index c557a3b400..4b0f46019b 100644 --- a/website/docs/flow/stages/invitation/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/invitation/index.md @@ -10,4 +10,4 @@ To check if a user has used an invitation within a policy, you can check `reques To use an invitation, use the URL `https://authentik.tld/if/flow/your-enrollment-flow/?itoken=invitation-token`. -You can also prompt the user for an invite by using the [_Prompt stage_](../prompt/) by using a field with a field key of `token`. +You can also prompt the user for an invite by using the [_Prompt stage_](../prompt/index.md) by using a field with a field key of `token`. diff --git a/website/docs/flow/stages/password/index.md b/website/docs/add-secure-apps/flows-stages/stages/password/index.md similarity index 100% rename from website/docs/flow/stages/password/index.md rename to website/docs/add-secure-apps/flows-stages/stages/password/index.md diff --git a/website/docs/flow/stages/prompt/index.md b/website/docs/add-secure-apps/flows-stages/stages/prompt/index.md similarity index 97% rename from website/docs/flow/stages/prompt/index.md rename to website/docs/add-secure-apps/flows-stages/stages/prompt/index.md index 5c9a115f1d..2090e80d42 100644 --- a/website/docs/flow/stages/prompt/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/prompt/index.md @@ -63,7 +63,7 @@ A flag which decides whether or not this field is required. A field placeholder, shown within the input field. By default, the placeholder is interpreted as-is. If you enable _Interpret placeholder as expression_, the placeholder -will be evaluated as a Python expression. This happens in the same environment as [_Policies_](../../../policies/expression). +will be evaluated as a Python expression. This happens in the same environment as [_Policies_](../../../../customize/policies/expression.mdx). In the case of `Radio Button Group` and `Dropdown` prompts, this field defines all possible values (choices). When interpreted as-is, only one value will be allowed (the placeholder string). When interpreted as expression, a list of values can be returned to define multiple choices. For example, `return ["first option", 42, "another option"]` defines 3 possible values. @@ -78,7 +78,7 @@ The prompt's initial value. It can also be left empty, in which case the field w With the `hidden` prompt, the initial value will also be the actual value, because the field is hidden to the user. By default, the initial value is interpreted as-is. If you enable _Interpret initial value as expression_, the initial value -will be evaluated as a Python expression. This happens in the same environment as [_Policies_](../../../policies/expression). +will be evaluated as a Python expression. This happens in the same environment as [_Policies_](../../../../customize/policies/expression.mdx). In the case of `Radio Button Group` and `Dropdown` prompts, this field defines the default choice. When interpreted as-is, the default choice will be the initial value string. When interpreted as expression, the default choice will be the returned value. For example, `return 42` defines `42` as the default choice. diff --git a/website/docs/flow/stages/source/index.md b/website/docs/add-secure-apps/flows-stages/stages/source/index.md similarity index 65% rename from website/docs/flow/stages/source/index.md rename to website/docs/add-secure-apps/flows-stages/stages/source/index.md index e69dbd4101..cc5bc7330d 100644 --- a/website/docs/flow/stages/source/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/source/index.md @@ -7,7 +7,7 @@ title: Source stage --- -The source stage injects an [OAuth](../../../../docs/sources/oauth/) or [SAML](../../../../docs/sources/saml/) Source into the flow execution. This allows for additional user verification, or to dynamically access different sources for different user identifiers (username, email address, etc). +The source stage injects an [OAuth](../../../../users-sources/sources/protocols/oauth/index.md) or [SAML](../../../../users-sources/sources/protocols/saml/index.md) Source into the flow execution. This allows for additional user verification, or to dynamically access different sources for different user identifiers (username, email address, etc). ```mermaid sequenceDiagram @@ -36,7 +36,7 @@ sequenceDiagram It is very important that the configured source's authentication and enrollment flows (when set; they can be left unselected to prevent authentication or enrollment with the source) do **not** have a [User login stage](../user_login/index.md) bound to them. -This is because the Source stage works by appending a [dynamic in-memory](../../../core/terminology.md#dynamic-in-memory-stage) stage to the source's flow, so having a [User login stage](../user_login/index.md) bound will cause the source's flow to not resume the original flow it was started from, and instead directly authenticating the pending user. +This is because the Source stage works by appending a [dynamic in-memory](../../../../core/terminology.md#dynamic-in-memory-stage) stage to the source's flow, so having a [User login stage](../user_login/index.md) bound will cause the source's flow to not resume the original flow it was started from, and instead directly authenticating the pending user. ### Example use case @@ -44,13 +44,13 @@ This stage can be used to leverage an external OAuth/SAML identity provider. For example, you can authenticate users by routing them through a custom device-health solution. -Another use case is to route users to authenticate with your legacy (Okta, etc) IdP and then use the returned identity and attributes within authentik as part of an authorization flow, for example as part of an IdP migration. For authentication/enrollment this is also possible with an [OAuth](../../../../docs/sources/oauth/)/[SAML](../../../../docs/sources/saml/) source by itself. +Another use case is to route users to authenticate with your legacy (Okta, etc) IdP and then use the returned identity and attributes within authentik as part of an authorization flow, for example as part of an IdP migration. For authentication/enrollment this is also possible with an [OAuth](../../../../users-sources/sources/protocols/oauth/index.md)/[SAML](../../../../users-sources/sources/protocols/saml/index.md) source by itself. ### Options #### Source -The source the user is redirected to. Must be a web-based source, such as [OAuth](../../../../docs/sources/oauth/) or [SAML](../../../../docs/sources/saml/). Sources like [LDAP](../../../../docs/sources/ldap/) are _not_ compatible. +The source the user is redirected to. Must be a web-based source, such as [OAuth](../../../../users-sources/sources/protocols/oauth/index.md) or [SAML](../../../../users-sources/sources/protocols/saml/index.md). Sources like [LDAP](../../../../users-sources/sources/protocols/ldap/index.md) are _not_ compatible. #### Resume timeout diff --git a/website/docs/flow/stages/user_delete.md b/website/docs/add-secure-apps/flows-stages/stages/user_delete.md similarity index 100% rename from website/docs/flow/stages/user_delete.md rename to website/docs/add-secure-apps/flows-stages/stages/user_delete.md diff --git a/website/docs/flow/stages/user_login/index.md b/website/docs/add-secure-apps/flows-stages/stages/user_login/index.md similarity index 94% rename from website/docs/flow/stages/user_login/index.md rename to website/docs/add-secure-apps/flows-stages/stages/user_login/index.md index a4a73bfc2a..daab7d3996 100644 --- a/website/docs/flow/stages/user_login/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/user_login/index.md @@ -40,7 +40,7 @@ When creating or editing this stage in the UI of the Admin interface, you can se When configured, all sessions authenticated by this stage will be bound to the selected network and/or GeoIP criteria. - Sessions that break this binding will be terminated on use. The created [`logout`](../../../events/index.md#logout) event will contain additional data related to what caused the binding to be broken: + Sessions that break this binding will be terminated on use. The created [`logout`](../../../../sys-mgmt/events/index.md#logout) event will contain additional data related to what caused the binding to be broken: ```json { diff --git a/website/docs/flow/stages/user_login/stay_signed_in.png b/website/docs/add-secure-apps/flows-stages/stages/user_login/stay_signed_in.png similarity index 100% rename from website/docs/flow/stages/user_login/stay_signed_in.png rename to website/docs/add-secure-apps/flows-stages/stages/user_login/stay_signed_in.png diff --git a/website/docs/add-secure-apps/flows-stages/stages/user_logout.md b/website/docs/add-secure-apps/flows-stages/stages/user_logout.md new file mode 100644 index 0000000000..8bc469acf5 --- /dev/null +++ b/website/docs/add-secure-apps/flows-stages/stages/user_logout.md @@ -0,0 +1,5 @@ +--- +title: User logout stage +--- + +Opposite stage of [User Login Stages](./user_login/index.md). It removes the user from the current session. diff --git a/website/docs/flow/stages/user_write.md b/website/docs/add-secure-apps/flows-stages/stages/user_write.md similarity index 100% rename from website/docs/flow/stages/user_write.md rename to website/docs/add-secure-apps/flows-stages/stages/user_write.md diff --git a/website/docs/outposts/_config.md b/website/docs/add-secure-apps/outposts/_config.md similarity index 100% rename from website/docs/outposts/_config.md rename to website/docs/add-secure-apps/outposts/_config.md diff --git a/website/docs/outposts/embedded/embedded.mdx b/website/docs/add-secure-apps/outposts/embedded/embedded.mdx similarity index 100% rename from website/docs/outposts/embedded/embedded.mdx rename to website/docs/add-secure-apps/outposts/embedded/embedded.mdx diff --git a/website/docs/outposts/index.mdx b/website/docs/add-secure-apps/outposts/index.mdx similarity index 99% rename from website/docs/outposts/index.mdx rename to website/docs/add-secure-apps/outposts/index.mdx index 2f9dec851e..4498a01859 100644 --- a/website/docs/outposts/index.mdx +++ b/website/docs/add-secure-apps/outposts/index.mdx @@ -25,7 +25,7 @@ Any change made to the outpost's associated app or provider immediately triggers 2. Navigate to **Applications --> Outposts** and then click **Create**. -![](outpost-create.png) +![](./outpost-create.png) 3. Define the following values: diff --git a/website/docs/outposts/integrations/docker.md b/website/docs/add-secure-apps/outposts/integrations/docker.md similarity index 97% rename from website/docs/outposts/integrations/docker.md rename to website/docs/add-secure-apps/outposts/integrations/docker.md index 8c779b9355..26cc41202e 100644 --- a/website/docs/outposts/integrations/docker.md +++ b/website/docs/add-secure-apps/outposts/integrations/docker.md @@ -9,7 +9,7 @@ This integration has the advantage over manual deployments of automatic updates The following outpost settings are used: - `object_naming_template`: Configures how the container is called -- `container_image`: Optionally overwrites the standard container image (see [Configuration](../../installation/configuration.mdx#authentik_outposts) to configure the global default) +- `container_image`: Optionally overwrites the standard container image (see [Configuration](../../../install-config/configuration/configuration.mdx#authentik_outposts) to configure the global default) - `docker_network`: The Docker network the container should be added to. This needs to be modified if you plan to connect to authentik using the internal hostname. - `docker_map_ports`: Enable/disable the mapping of ports. When using a proxy outpost with Traefik for example, you might not want to bind ports as they are routed through Traefik. - `docker_labels`: Optional additional labels that can be applied to the container. diff --git a/website/docs/outposts/integrations/kubernetes.md b/website/docs/add-secure-apps/outposts/integrations/kubernetes.md similarity index 95% rename from website/docs/outposts/integrations/kubernetes.md rename to website/docs/add-secure-apps/outposts/integrations/kubernetes.md index bad36b3ada..1c1cce95c5 100644 --- a/website/docs/outposts/integrations/kubernetes.md +++ b/website/docs/add-secure-apps/outposts/integrations/kubernetes.md @@ -18,7 +18,7 @@ This integration creates the following objects: The following outpost settings are used: - `object_naming_template`: Configures how the container is called -- `container_image`: Optionally overwrites the standard container image (see [Configuration](../../installation/configuration.mdx) to configure the global default) +- `container_image`: Optionally overwrites the standard container image (see [Configuration](../../../install-config/configuration/configuration.mdx) to configure the global default) - `kubernetes_replicas`: Replica count for the deployment of the outpost - `kubernetes_namespace`: Namespace to deploy in, defaults to the same namespace authentik is deployed in (if available) - `kubernetes_ingress_annotations`: Any additional annotations to add to the ingress object, for example cert-manager diff --git a/website/docs/outposts/manual-deploy-docker-compose.md b/website/docs/add-secure-apps/outposts/manual-deploy-docker-compose.md similarity index 100% rename from website/docs/outposts/manual-deploy-docker-compose.md rename to website/docs/add-secure-apps/outposts/manual-deploy-docker-compose.md diff --git a/website/docs/outposts/manual-deploy-kubernetes.md b/website/docs/add-secure-apps/outposts/manual-deploy-kubernetes.md similarity index 100% rename from website/docs/outposts/manual-deploy-kubernetes.md rename to website/docs/add-secure-apps/outposts/manual-deploy-kubernetes.md diff --git a/website/docs/outposts/outpost-create.png b/website/docs/add-secure-apps/outposts/outpost-create.png similarity index 100% rename from website/docs/outposts/outpost-create.png rename to website/docs/add-secure-apps/outposts/outpost-create.png diff --git a/website/docs/outposts/upgrading.md b/website/docs/add-secure-apps/outposts/upgrading.md similarity index 100% rename from website/docs/outposts/upgrading.md rename to website/docs/add-secure-apps/outposts/upgrading.md diff --git a/website/docs/outposts/upgrading_outdated.png b/website/docs/add-secure-apps/outposts/upgrading_outdated.png similarity index 100% rename from website/docs/outposts/upgrading_outdated.png rename to website/docs/add-secure-apps/outposts/upgrading_outdated.png diff --git a/website/docs/providers/entra/add-entra-provider.md b/website/docs/add-secure-apps/providers/entra/add-entra-provider.md similarity index 100% rename from website/docs/providers/entra/add-entra-provider.md rename to website/docs/add-secure-apps/providers/entra/add-entra-provider.md diff --git a/website/docs/providers/entra/index.md b/website/docs/add-secure-apps/providers/entra/index.md similarity index 95% rename from website/docs/providers/entra/index.md rename to website/docs/add-secure-apps/providers/entra/index.md index 6703fa91d7..67702bab1c 100644 --- a/website/docs/providers/entra/index.md +++ b/website/docs/add-secure-apps/providers/entra/index.md @@ -12,8 +12,8 @@ This feature is in technical preview, so please report any bugs on [GitHub](http With the Microsoft Entra ID provider, authentik serves as the single source of truth for all users and groups. Configuring Entra ID as a provider allows for auto-discovery of user and group accounts, on-going synchronization of user data such as email address, name, and status, and integrated data mapping of field names and values. -- For instructions to configure your Entra ID tenant to integrate with authentik, refer to [Configure Entra ID](./setup-entra). -- For instructions to add Entra ID as a provider in authentik, refer to [Create a Entra ID provider](./add-entra-provider). +- For instructions to configure your Entra ID tenant to integrate with authentik, refer to [Configure Entra ID](./setup-entra.md). +- For instructions to add Entra ID as a provider in authentik, refer to [Create a Entra ID provider](./add-entra-provider.md). ## About using Entra ID with authentik diff --git a/website/docs/providers/entra/setup-entra.md b/website/docs/add-secure-apps/providers/entra/setup-entra.md similarity index 94% rename from website/docs/providers/entra/setup-entra.md rename to website/docs/add-secure-apps/providers/entra/setup-entra.md index 70b4a588b0..868b813a07 100644 --- a/website/docs/providers/entra/setup-entra.md +++ b/website/docs/add-secure-apps/providers/entra/setup-entra.md @@ -17,9 +17,9 @@ For detailed instructions, refer to Microsoft Entra ID documentation. 3. On the **Register an application** page, define the **Name** of the app, and under **Supported account types** select **Accounts in this organizational directory only**. Leave **Redirect URI** empty. 4. Click **Register**. The app's detail page displays. -5. On the app detail page, copy both the **Application (client) ID** and the **Directory (tenant) ID** values and store in a temporary place. These values will be needed when you [create the Entra ID provider](./add-entra-provider) in authentik. +5. On the app detail page, copy both the **Application (client) ID** and the **Directory (tenant) ID** values and store in a temporary place. These values will be needed when you [create the Entra ID provider](./add-entra-provider.md) in authentik. 6. Next, click on **Certificates and Secrets** in the near-left navigation pane and create a new secret. -7. On the **Certificates and Secrets** page, on the **Client secrets** tab, copy the **Value** of the secret and store it in a temporary place. Like with the client ID and the tenant ID, this secret will be needed when you [create the Entra ID provider](./add-entra-provider) in authentik. +7. On the **Certificates and Secrets** page, on the **Client secrets** tab, copy the **Value** of the secret and store it in a temporary place. Like with the client ID and the tenant ID, this secret will be needed when you [create the Entra ID provider](./add-entra-provider.md) in authentik. 8. Next, click on **API permissions** in the near-left navigation pane. 9. Click on **Add a permission** and add the following permissions by selecting **Microsoft Graph** and then **Application Permissions**: - `Group.Create` diff --git a/website/docs/providers/gws/add-gws-provider.md b/website/docs/add-secure-apps/providers/gws/add-gws-provider.md similarity index 89% rename from website/docs/providers/gws/add-gws-provider.md rename to website/docs/add-secure-apps/providers/gws/add-gws-provider.md index 88821617d5..4e95024b90 100644 --- a/website/docs/providers/gws/add-gws-provider.md +++ b/website/docs/add-secure-apps/providers/gws/add-gws-provider.md @@ -17,7 +17,7 @@ For more information about using a Google Workspace provider, see the [Overview] To create a Google Workspace provider in authentik, you must have already [configured Google Workspace](./setup-gws.md) to integrate with authentik. :::info -When adding the Google Workspace provider in authentik, you must define the **Backchannel provider** using the name of the Google Workspace provider that you created in authentik. If you have also configured Google Workspace to log in using authentik following [these](../../../integrations/services/google/), then this configuration can be done on the same app. +When adding the Google Workspace provider in authentik, you must define the **Backchannel provider** using the name of the Google Workspace provider that you created in authentik. If you have also configured Google Workspace to log in using authentik following [these](../../../../integrations/services/google/), then this configuration can be done on the same app. ::: ### Create the Google Workspace provider in authentik @@ -55,7 +55,7 @@ When adding the Google Workspace provider in authentik, you must define the **Ba 1. Log in as an admin to authentik, and go to the Admin interface. 2. In the Admin interface, navigate to **Applications -> Applications**. :::info - If you have also configured Google Workspace to log in using authentik following [these](../../../integrations/services/google/), then this configuration can be done on the same app by adding this new provider as a backchannel provider on the existing app instead of creating a new app. + If you have also configured Google Workspace to log in using authentik following [these](https://docs.goauthentik.io/integrations/services/google/index), then this configuration can be done on the same app by adding this new provider as a backchannel provider on the existing app instead of creating a new app. ::: 3. Click **Create**, and in the **New provider** modal box, and define the following fields: diff --git a/website/docs/providers/gws/index.md b/website/docs/add-secure-apps/providers/gws/index.md similarity index 97% rename from website/docs/providers/gws/index.md rename to website/docs/add-secure-apps/providers/gws/index.md index c774cc89bb..a1b31e1e00 100644 --- a/website/docs/providers/gws/index.md +++ b/website/docs/add-secure-apps/providers/gws/index.md @@ -12,8 +12,8 @@ This feature is in technical preview, so please report any bugs on [GitHub](http With the Google Workspace provider, authentik serves as the single source of truth for all users and groups, when using Google products like Gmail. -- For instructions to configure your Google Workspace to integrate with authentik, refer to [Configure Google Workspace](./setup-gws). -- For instructions to add Google Workspace as a provider, refer to [Create a Google Workspace provider](./add-gws-provider). +- For instructions to configure your Google Workspace to integrate with authentik, refer to [Configure Google Workspace](./setup-gws.md). +- For instructions to add Google Workspace as a provider, refer to [Create a Google Workspace provider](./add-gws-provider.md). ## About using Google Workspace with authentik diff --git a/website/docs/providers/gws/setup-gws.md b/website/docs/add-secure-apps/providers/gws/setup-gws.md similarity index 100% rename from website/docs/providers/gws/setup-gws.md rename to website/docs/add-secure-apps/providers/gws/setup-gws.md diff --git a/website/docs/providers/index.mdx b/website/docs/add-secure-apps/providers/index.mdx similarity index 100% rename from website/docs/providers/index.mdx rename to website/docs/add-secure-apps/providers/index.mdx diff --git a/website/docs/providers/ldap/general_setup1.png b/website/docs/add-secure-apps/providers/ldap/general_setup1.png similarity index 100% rename from website/docs/providers/ldap/general_setup1.png rename to website/docs/add-secure-apps/providers/ldap/general_setup1.png diff --git a/website/docs/providers/ldap/general_setup10.png b/website/docs/add-secure-apps/providers/ldap/general_setup10.png similarity index 100% rename from website/docs/providers/ldap/general_setup10.png rename to website/docs/add-secure-apps/providers/ldap/general_setup10.png diff --git a/website/docs/providers/ldap/general_setup11.png b/website/docs/add-secure-apps/providers/ldap/general_setup11.png similarity index 100% rename from website/docs/providers/ldap/general_setup11.png rename to website/docs/add-secure-apps/providers/ldap/general_setup11.png diff --git a/website/docs/providers/ldap/general_setup12.png b/website/docs/add-secure-apps/providers/ldap/general_setup12.png similarity index 100% rename from website/docs/providers/ldap/general_setup12.png rename to website/docs/add-secure-apps/providers/ldap/general_setup12.png diff --git a/website/docs/providers/ldap/general_setup13.png b/website/docs/add-secure-apps/providers/ldap/general_setup13.png similarity index 100% rename from website/docs/providers/ldap/general_setup13.png rename to website/docs/add-secure-apps/providers/ldap/general_setup13.png diff --git a/website/docs/providers/ldap/general_setup14.png b/website/docs/add-secure-apps/providers/ldap/general_setup14.png similarity index 100% rename from website/docs/providers/ldap/general_setup14.png rename to website/docs/add-secure-apps/providers/ldap/general_setup14.png diff --git a/website/docs/providers/ldap/general_setup15.png b/website/docs/add-secure-apps/providers/ldap/general_setup15.png similarity index 100% rename from website/docs/providers/ldap/general_setup15.png rename to website/docs/add-secure-apps/providers/ldap/general_setup15.png diff --git a/website/docs/providers/ldap/general_setup16.png b/website/docs/add-secure-apps/providers/ldap/general_setup16.png similarity index 100% rename from website/docs/providers/ldap/general_setup16.png rename to website/docs/add-secure-apps/providers/ldap/general_setup16.png diff --git a/website/docs/providers/ldap/general_setup2.png b/website/docs/add-secure-apps/providers/ldap/general_setup2.png similarity index 100% rename from website/docs/providers/ldap/general_setup2.png rename to website/docs/add-secure-apps/providers/ldap/general_setup2.png diff --git a/website/docs/providers/ldap/general_setup3.png b/website/docs/add-secure-apps/providers/ldap/general_setup3.png similarity index 100% rename from website/docs/providers/ldap/general_setup3.png rename to website/docs/add-secure-apps/providers/ldap/general_setup3.png diff --git a/website/docs/providers/ldap/general_setup4.png b/website/docs/add-secure-apps/providers/ldap/general_setup4.png similarity index 100% rename from website/docs/providers/ldap/general_setup4.png rename to website/docs/add-secure-apps/providers/ldap/general_setup4.png diff --git a/website/docs/providers/ldap/general_setup5.png b/website/docs/add-secure-apps/providers/ldap/general_setup5.png similarity index 100% rename from website/docs/providers/ldap/general_setup5.png rename to website/docs/add-secure-apps/providers/ldap/general_setup5.png diff --git a/website/docs/providers/ldap/general_setup6.png b/website/docs/add-secure-apps/providers/ldap/general_setup6.png similarity index 100% rename from website/docs/providers/ldap/general_setup6.png rename to website/docs/add-secure-apps/providers/ldap/general_setup6.png diff --git a/website/docs/providers/ldap/general_setup7.png b/website/docs/add-secure-apps/providers/ldap/general_setup7.png similarity index 100% rename from website/docs/providers/ldap/general_setup7.png rename to website/docs/add-secure-apps/providers/ldap/general_setup7.png diff --git a/website/docs/providers/ldap/general_setup8.png b/website/docs/add-secure-apps/providers/ldap/general_setup8.png similarity index 100% rename from website/docs/providers/ldap/general_setup8.png rename to website/docs/add-secure-apps/providers/ldap/general_setup8.png diff --git a/website/docs/providers/ldap/general_setup9.png b/website/docs/add-secure-apps/providers/ldap/general_setup9.png similarity index 100% rename from website/docs/providers/ldap/general_setup9.png rename to website/docs/add-secure-apps/providers/ldap/general_setup9.png diff --git a/website/docs/providers/ldap/generic_setup.md b/website/docs/add-secure-apps/providers/ldap/generic_setup.md similarity index 100% rename from website/docs/providers/ldap/generic_setup.md rename to website/docs/add-secure-apps/providers/ldap/generic_setup.md diff --git a/website/docs/providers/ldap/index.md b/website/docs/add-secure-apps/providers/ldap/index.md similarity index 88% rename from website/docs/providers/ldap/index.md rename to website/docs/add-secure-apps/providers/ldap/index.md index 2aa0feadf4..d7feeb00e7 100644 --- a/website/docs/providers/ldap/index.md +++ b/website/docs/add-secure-apps/providers/ldap/index.md @@ -5,7 +5,7 @@ title: LDAP Provider You can configure an LDAP Provider for applications that don't support any newer protocols or require LDAP. :::info -Note: This provider requires the deployment of the [LDAP Outpost](../../outposts/) +Note: This provider requires the deployment of the [LDAP Outpost](../../outposts/index.mdx) ::: All users and groups in authentik's database are searchable. Currently, there is limited support for filters (you can only search for objectClass), but this will be expanded in further releases. @@ -70,7 +70,7 @@ This enables you to bind on port 636 using LDAPS. ## Integrations -See the integration guide for [sssd](../../../integrations/services/sssd/) for an example guide. +See the integration guide for [sssd](/integrations/services/sssd) for an example guide. ## Binding & Bind Modes @@ -78,9 +78,9 @@ All bind modes rely on flows. The following stages are supported: -- [Identification](../../flow/stages/identification/index.md) -- [Password](../../flow/stages/password/index.md) -- [Authenticator validation](../../flow/stages/authenticator_validate/index.md) +- [Identification](../../flows-stages/stages/identification/index.md) +- [Password](../../flows-stages/stages/password/index.md) +- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.md) Note: Authenticator validation currently only supports DUO, TOTP and static authenticators. @@ -90,9 +90,9 @@ The following stages are supported: SMS-based authenticators are not supported as they require a code to be sent from authentik, which is not possible during the bind. -- [User Logout](../../flow/stages/user_logout.md) -- [User Login](../../flow/stages/user_login/index.md) -- [Deny](../../flow/stages/deny.md) +- [User Logout](../../flows-stages/stages/user_logout.md) +- [User Login](../../flows-stages/stages/user_login/index.md) +- [Deny](../../flows-stages/stages/deny.md) #### Direct bind @@ -106,7 +106,7 @@ This mode uses the same logic as direct bind, however the result is cached for t Any user that is authorized to access the LDAP provider's application can execute search the LDAP directory. Without explicit permissions to do broader searches, a user's search request will return information about themselves, including user info, group info, and group membership. -[Users](../../user-group-role/user/index.mdx) and [roles](../../user-group-role/roles/index.mdx) can be assigned the permission "Search full LDAP directory" to allow them to search the full LDAP directory and retrieve information about all users in the authentik instance. +[Users](../../../users-sources/user/index.mdx) and [roles](../../../users-sources/roles/index.md) can be assigned the permission "Search full LDAP directory" to allow them to search the full LDAP directory and retrieve information about all users in the authentik instance. :::info Up to authentik version 2024.8 this was managed using the "Search group" attribute in the LDAP Provider, where users could be added to a group to grant them this permission. With authentik 2024.8 this is automatically migrated to the "Search full LDAP directory" permission, which can be assigned more flexibly. diff --git a/website/docs/providers/oauth2/client_credentials.md b/website/docs/add-secure-apps/providers/oauth2/client_credentials.md similarity index 98% rename from website/docs/providers/oauth2/client_credentials.md rename to website/docs/add-secure-apps/providers/oauth2/client_credentials.md index 1169ea38d1..5fd11ad2ee 100644 --- a/website/docs/providers/oauth2/client_credentials.md +++ b/website/docs/add-secure-apps/providers/oauth2/client_credentials.md @@ -57,7 +57,7 @@ Alternatively, you can set the `client_secret` parameter to the `$inputJWT`, for Input JWTs are checked to be signed by any of the selected _Verification certificates_, and their `exp` attribute must not be now or in the past. -To do additional checks, you can use _[Expression policies](../../policies/expression)_: +To do additional checks, you can use _[Expression policies](../../../customize/policies/expression.mdx)_: ```python return request.context["oauth_jwt"]["iss"] == "https://my.issuer" diff --git a/website/docs/providers/oauth2/device_code.md b/website/docs/add-secure-apps/providers/oauth2/device_code.md similarity index 100% rename from website/docs/providers/oauth2/device_code.md rename to website/docs/add-secure-apps/providers/oauth2/device_code.md diff --git a/website/docs/providers/oauth2/index.md b/website/docs/add-secure-apps/providers/oauth2/index.md similarity index 98% rename from website/docs/providers/oauth2/index.md rename to website/docs/add-secure-apps/providers/oauth2/index.md index cf4ae28a0c..ace22e3a54 100644 --- a/website/docs/providers/oauth2/index.md +++ b/website/docs/add-secure-apps/providers/oauth2/index.md @@ -51,7 +51,7 @@ Starting with authentik 2024.2, this grant requires the `offline_access` scope. ### `client_credentials`: -See [Machine-to-machine authentication](./client_credentials) +See [Machine-to-machine authentication](./client_credentials.md) ## Scope authorization diff --git a/website/docs/providers/property-mappings/expression.mdx b/website/docs/add-secure-apps/providers/property-mappings/expression.mdx similarity index 79% rename from website/docs/providers/property-mappings/expression.mdx rename to website/docs/add-secure-apps/providers/property-mappings/expression.mdx index f5ec3e3ddd..52002a50bc 100644 --- a/website/docs/providers/property-mappings/expression.mdx +++ b/website/docs/add-secure-apps/providers/property-mappings/expression.mdx @@ -6,17 +6,17 @@ The property mapping should return a value that is expected by the provider. Sup ## Available Functions -import Functions from "../../expressions/_functions.md"; +import Functions from "../../../expressions/_functions.md"; ## Variables -import Objects from "../../expressions/_objects.md"; +import Objects from "../../../expressions/_objects.md"; -import User from "../../expressions/_user.md"; +import User from "../../../expressions/_user.md"; diff --git a/website/docs/providers/property-mappings/index.md b/website/docs/add-secure-apps/providers/property-mappings/index.md similarity index 100% rename from website/docs/providers/property-mappings/index.md rename to website/docs/add-secure-apps/providers/property-mappings/index.md diff --git a/website/docs/providers/proxy/__placeholders.md b/website/docs/add-secure-apps/providers/proxy/__placeholders.md similarity index 100% rename from website/docs/providers/proxy/__placeholders.md rename to website/docs/add-secure-apps/providers/proxy/__placeholders.md diff --git a/website/docs/providers/proxy/_caddy_standalone.md b/website/docs/add-secure-apps/providers/proxy/_caddy_standalone.md similarity index 100% rename from website/docs/providers/proxy/_caddy_standalone.md rename to website/docs/add-secure-apps/providers/proxy/_caddy_standalone.md diff --git a/website/docs/providers/proxy/_envoy_istio.md b/website/docs/add-secure-apps/providers/proxy/_envoy_istio.md similarity index 100% rename from website/docs/providers/proxy/_envoy_istio.md rename to website/docs/add-secure-apps/providers/proxy/_envoy_istio.md diff --git a/website/docs/providers/proxy/_nginx_ingress.md b/website/docs/add-secure-apps/providers/proxy/_nginx_ingress.md similarity index 100% rename from website/docs/providers/proxy/_nginx_ingress.md rename to website/docs/add-secure-apps/providers/proxy/_nginx_ingress.md diff --git a/website/docs/providers/proxy/_nginx_proxy_manager.md b/website/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md similarity index 100% rename from website/docs/providers/proxy/_nginx_proxy_manager.md rename to website/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md diff --git a/website/docs/providers/proxy/_nginx_standalone.md b/website/docs/add-secure-apps/providers/proxy/_nginx_standalone.md similarity index 100% rename from website/docs/providers/proxy/_nginx_standalone.md rename to website/docs/add-secure-apps/providers/proxy/_nginx_standalone.md diff --git a/website/docs/providers/proxy/_traefik_compose.md b/website/docs/add-secure-apps/providers/proxy/_traefik_compose.md similarity index 100% rename from website/docs/providers/proxy/_traefik_compose.md rename to website/docs/add-secure-apps/providers/proxy/_traefik_compose.md diff --git a/website/docs/providers/proxy/_traefik_ingress.md b/website/docs/add-secure-apps/providers/proxy/_traefik_ingress.md similarity index 100% rename from website/docs/providers/proxy/_traefik_ingress.md rename to website/docs/add-secure-apps/providers/proxy/_traefik_ingress.md diff --git a/website/docs/providers/proxy/_traefik_standalone.md b/website/docs/add-secure-apps/providers/proxy/_traefik_standalone.md similarity index 100% rename from website/docs/providers/proxy/_traefik_standalone.md rename to website/docs/add-secure-apps/providers/proxy/_traefik_standalone.md diff --git a/website/docs/providers/proxy/custom_headers.md b/website/docs/add-secure-apps/providers/proxy/custom_headers.md similarity index 100% rename from website/docs/providers/proxy/custom_headers.md rename to website/docs/add-secure-apps/providers/proxy/custom_headers.md diff --git a/website/docs/providers/proxy/forward_auth.mdx b/website/docs/add-secure-apps/providers/proxy/forward_auth.mdx similarity index 100% rename from website/docs/providers/proxy/forward_auth.mdx rename to website/docs/add-secure-apps/providers/proxy/forward_auth.mdx diff --git a/website/docs/providers/proxy/header_authentication.md b/website/docs/add-secure-apps/providers/proxy/header_authentication.md similarity index 100% rename from website/docs/providers/proxy/header_authentication.md rename to website/docs/add-secure-apps/providers/proxy/header_authentication.md diff --git a/website/docs/providers/proxy/index.md b/website/docs/add-secure-apps/providers/proxy/index.md similarity index 100% rename from website/docs/providers/proxy/index.md rename to website/docs/add-secure-apps/providers/proxy/index.md diff --git a/website/docs/providers/proxy/server_caddy.mdx b/website/docs/add-secure-apps/providers/proxy/server_caddy.mdx similarity index 100% rename from website/docs/providers/proxy/server_caddy.mdx rename to website/docs/add-secure-apps/providers/proxy/server_caddy.mdx diff --git a/website/docs/providers/proxy/server_envoy.mdx b/website/docs/add-secure-apps/providers/proxy/server_envoy.mdx similarity index 100% rename from website/docs/providers/proxy/server_envoy.mdx rename to website/docs/add-secure-apps/providers/proxy/server_envoy.mdx diff --git a/website/docs/providers/proxy/server_nginx.mdx b/website/docs/add-secure-apps/providers/proxy/server_nginx.mdx similarity index 100% rename from website/docs/providers/proxy/server_nginx.mdx rename to website/docs/add-secure-apps/providers/proxy/server_nginx.mdx diff --git a/website/docs/providers/proxy/server_traefik.mdx b/website/docs/add-secure-apps/providers/proxy/server_traefik.mdx similarity index 100% rename from website/docs/providers/proxy/server_traefik.mdx rename to website/docs/add-secure-apps/providers/proxy/server_traefik.mdx diff --git a/website/docs/providers/rac/how-to-rac.md b/website/docs/add-secure-apps/providers/rac/how-to-rac.md similarity index 99% rename from website/docs/providers/rac/how-to-rac.md rename to website/docs/add-secure-apps/providers/rac/how-to-rac.md index e009abcf61..fedcc95715 100644 --- a/website/docs/providers/rac/how-to-rac.md +++ b/website/docs/add-secure-apps/providers/rac/how-to-rac.md @@ -14,7 +14,7 @@ Fow more information about using a RAC provider, see the [Overview](./index.md) ## Prereqisites -The RAC provider requires the deployment of the [RAC Outpost](../../outposts/). +The RAC provider requires the deployment of the [RAC Outpost](../../outposts/index.mdx). ## Overview workflow to create a RAC provider diff --git a/website/docs/providers/rac/index.md b/website/docs/add-secure-apps/providers/rac/index.md similarity index 91% rename from website/docs/providers/rac/index.md rename to website/docs/add-secure-apps/providers/rac/index.md index 3b94a40414..5a88a658d2 100644 --- a/website/docs/providers/rac/index.md +++ b/website/docs/add-secure-apps/providers/rac/index.md @@ -11,7 +11,7 @@ This feature is in technical preview, so please report any bugs on [GitHub](http ::: :::info -This provider requires the deployment of the [RAC Outpost](../../outposts/). +This provider requires the deployment of the [RAC Outpost](../../outposts/index.mdx). ::: ## About the Remote Access Control (RAC) Provider @@ -54,7 +54,7 @@ Each connection is authorized through authentik Policy objects that are bound to Additionally it is possible to modify the connection settings through the authorization flow. Configuration set in `connection_settings` in the flow plan context will be merged with other settings as shown above. -A new connection is created every time an endpoint is selected in the [User Interface](../../interfaces/user/customization.mdx). Once the user's authentik session expires, the connection is terminated. Additionally, the connection timeout can be specified in the provider, which applies even if the user is still authenticated. The connection can also be terminated manually. +A new connection is created every time an endpoint is selected in the [User Interface](../../../customize/interfaces/user/customization.mdx). Once the user's authentik session expires, the connection is terminated. Additionally, the connection timeout can be specified in the provider, which applies even if the user is still authenticated. The connection can also be terminated manually. ## Capabilities diff --git a/website/docs/providers/rac/rac-v3.png b/website/docs/add-secure-apps/providers/rac/rac-v3.png similarity index 100% rename from website/docs/providers/rac/rac-v3.png rename to website/docs/add-secure-apps/providers/rac/rac-v3.png diff --git a/website/docs/providers/radius/index.mdx b/website/docs/add-secure-apps/providers/radius/index.mdx similarity index 89% rename from website/docs/providers/radius/index.mdx rename to website/docs/add-secure-apps/providers/radius/index.mdx index a8601371e8..1eb1ac70e1 100644 --- a/website/docs/providers/radius/index.mdx +++ b/website/docs/add-secure-apps/providers/radius/index.mdx @@ -7,7 +7,7 @@ import { Check, X, AlertTriangle } from "react-feather"; You can configure a Radius provider for applications that don't support any other protocols or that require Radius. :::info -This provider requires the deployment of the [RADIUS outpost](../../outposts/) +This provider requires the deployment of the [RADIUS outpost](../../outposts/index.mdx) ::: Currently, only authentication requests are supported. @@ -18,9 +18,9 @@ Authentication requests against the Radius Server use a flow in the background. The following stages are supported: -- [Identification](../../flow/stages/identification/index.md) -- [Password](../../flow/stages/password/index.md) -- [Authenticator validation](../../flow/stages/authenticator_validate/index.md) +- [Identification](../../flows-stages/stages/identification/index.md) +- [Password](../../flows-stages/stages/password/index.md) +- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.md) Note: Authenticator validation currently only supports DUO, TOTP, and static authenticators. @@ -28,9 +28,9 @@ The following stages are supported: SMS-based authenticators are not supported because they require a code to be sent from authentik, which is not possible during the bind. -- [User Logout](../../flow/stages/user_logout.md) -- [User Login](../../flow/stages/user_login/index.md) -- [Deny](../../flow/stages/deny.md) +- [User Logout](../../flows-stages/stages/user_logout.md) +- [User Login](../../flows-stages/stages/user_login/index.md) +- [Deny](../../flows-stages/stages/deny.md) ### RADIUS attributes diff --git a/website/docs/providers/saml/index.md b/website/docs/add-secure-apps/providers/saml/index.md similarity index 93% rename from website/docs/providers/saml/index.md rename to website/docs/add-secure-apps/providers/saml/index.md index 67eb1d2abd..08352df5aa 100644 --- a/website/docs/providers/saml/index.md +++ b/website/docs/add-secure-apps/providers/saml/index.md @@ -2,7 +2,7 @@ title: SAML Provider --- -This provider allows you to integrate enterprise software using the SAML2 protocol. It supports signed requests and uses [property mappings](../property-mappings/#saml-property-mappings) to determine which fields are exposed and what values they return. This makes it possible to expose vendor-specific fields. +This provider allows you to integrate enterprise software using the SAML2 protocol. It supports signed requests and uses [property mappings](../property-mappings/index.md#saml-property-mappings) to determine which fields are exposed and what values they return. This makes it possible to expose vendor-specific fields. Default fields are exposed through auto-generated Property Mappings, which are prefixed with "authentik default". | Endpoint | URL | diff --git a/website/docs/providers/scim/index.md b/website/docs/add-secure-apps/providers/scim/index.md similarity index 100% rename from website/docs/providers/scim/index.md rename to website/docs/add-secure-apps/providers/scim/index.md diff --git a/website/docs/core/architecture.md b/website/docs/core/architecture.md index 078279afec..f663db2389 100644 --- a/website/docs/core/architecture.md +++ b/website/docs/core/architecture.md @@ -25,7 +25,7 @@ The core sub-component handles most of authentik's logic, such as API requests, #### Embedded outpost -Similar to [other outposts](../outposts/index.mdx), this outpost allows using [Proxy providers](../providers/proxy/index.md) without deploying a separate outpost. +Similar to [other outposts](../add-secure-apps/outposts/index.mdx), this outpost allows using [Proxy providers](../add-secure-apps/providers/proxy/index.md) without deploying a separate outpost. #### Persistence @@ -37,8 +37,8 @@ This container executes background tasks, such as sending emails, the event noti #### Persistence -- `/certs` is used for authentik to import external certs, which in most cases shouldn't be used for SAML, but rather if you use authentik without a reverse proxy, this can be used for example for the [Let's Encrypt integration](../core/certificates.md#lets-encrypt) -- `/templates` is used for [custom email templates](../flow/stages/email/index.mdx#custom-templates), and as with the other ones fully optional +- `/certs` is used for authentik to import external certs, which in most cases shouldn't be used for SAML, but rather if you use authentik without a reverse proxy, this can be used for example for the [Let's Encrypt integration](../sys-mgmt/certificates.md#lets-encrypt) +- `/templates` is used for [custom email templates](../add-secure-apps/flows-stages/stages/email/index.mdx#custom-templates), and as with the other ones fully optional ### PostgreSQL diff --git a/website/docs/core/terminology.md b/website/docs/core/terminology.md index 61ba65619a..6ffe3b79c1 100644 --- a/website/docs/core/terminology.md +++ b/website/docs/core/terminology.md @@ -45,7 +45,7 @@ A Provider is a way for other applications to authenticate against authentik. Co At a base level a policy is a yes/no gate. It will either evaluate to True or False depending on the Policy Kind and settings. For example, a "Group Membership Policy" evaluates to True if the user is member of the specified Group and False if not. This can be used to conditionally apply Stages, grant/deny access to various objects, and for other custom logic. -See [Policies](../policies/index.md) +See [Policies](../customize/policies/index.md) ### Flows & Stages @@ -57,19 +57,19 @@ A stage represents a single verification or logic step. They are used to authent Certain use cases within authentik add steps that are run as part of a flow. These steps are a special type of stage called the "Dynamic in-memory" stage, as they are added to flows dynamically when required, only exist in memory, and are thus not configurable by administrators. -See [Flows](../flow/index.md) +See [Flows](../add-secure-apps/flows-stages/flow/index.md) ### Property Mappings Property Mappings allow you to make information available for external applications, and to modify how information from sources are stored in authentik. For example, if you want to log in to AWS with authentik, you'd use property mappings to set the user's roles in AWS based on their group memberships in authentik. -See [Providers Property Mappings](../providers/property-mappings/index.md) and [Source Property Mappings](../sources/property-mappings/index.md). +See [Providers Property Mappings](../add-secure-apps/providers/property-mappings/index.md) and [Source Property Mappings](../users-sources/sources/property-mappings/index.md). ### Outpost An outpost is a separate component of authentik, which can be deployed anywhere, regardless of the authentik deployment. The outpost offers services that aren't implemented directly into the authentik core, e.g. Reverse Proxying. -See [Outposts](../outposts/index.mdx) +See [Outposts](../add-secure-apps/outposts/index.mdx) ### System tasks diff --git a/website/developer-docs/blueprints/export.md b/website/docs/customize/blueprints/export.md similarity index 100% rename from website/developer-docs/blueprints/export.md rename to website/docs/customize/blueprints/export.md diff --git a/website/developer-docs/blueprints/index.md b/website/docs/customize/blueprints/index.md similarity index 100% rename from website/developer-docs/blueprints/index.md rename to website/docs/customize/blueprints/index.md diff --git a/website/developer-docs/blueprints/v1/example.md b/website/docs/customize/blueprints/v1/example.md similarity index 100% rename from website/developer-docs/blueprints/v1/example.md rename to website/docs/customize/blueprints/v1/example.md diff --git a/website/developer-docs/blueprints/v1/meta.md b/website/docs/customize/blueprints/v1/meta.md similarity index 100% rename from website/developer-docs/blueprints/v1/meta.md rename to website/docs/customize/blueprints/v1/meta.md diff --git a/website/developer-docs/blueprints/v1/models.md b/website/docs/customize/blueprints/v1/models.md similarity index 100% rename from website/developer-docs/blueprints/v1/models.md rename to website/docs/customize/blueprints/v1/models.md diff --git a/website/developer-docs/blueprints/v1/structure.md b/website/docs/customize/blueprints/v1/structure.md similarity index 100% rename from website/developer-docs/blueprints/v1/structure.md rename to website/docs/customize/blueprints/v1/structure.md diff --git a/website/developer-docs/blueprints/v1/tags.md b/website/docs/customize/blueprints/v1/tags.md similarity index 100% rename from website/developer-docs/blueprints/v1/tags.md rename to website/docs/customize/blueprints/v1/tags.md diff --git a/website/docs/core/brands.md b/website/docs/customize/brands.md similarity index 100% rename from website/docs/core/brands.md rename to website/docs/customize/brands.md diff --git a/website/docs/interfaces/_global/customcss.mdx b/website/docs/customize/interfaces/_global/customcss.mdx similarity index 100% rename from website/docs/interfaces/_global/customcss.mdx rename to website/docs/customize/interfaces/_global/customcss.mdx diff --git a/website/docs/interfaces/_global/global.mdx b/website/docs/customize/interfaces/_global/global.mdx similarity index 100% rename from website/docs/interfaces/_global/global.mdx rename to website/docs/customize/interfaces/_global/global.mdx diff --git a/website/docs/interfaces/admin/customization.mdx b/website/docs/customize/interfaces/admin/customization.mdx similarity index 100% rename from website/docs/interfaces/admin/customization.mdx rename to website/docs/customize/interfaces/admin/customization.mdx diff --git a/website/docs/interfaces/flow/customization.mdx b/website/docs/customize/interfaces/flow/customization.mdx similarity index 100% rename from website/docs/interfaces/flow/customization.mdx rename to website/docs/customize/interfaces/flow/customization.mdx diff --git a/website/docs/interfaces/user/customization.mdx b/website/docs/customize/interfaces/user/customization.mdx similarity index 100% rename from website/docs/interfaces/user/customization.mdx rename to website/docs/customize/interfaces/user/customization.mdx diff --git a/website/docs/policies/expression.mdx b/website/docs/customize/policies/expression.mdx similarity index 94% rename from website/docs/policies/expression.mdx rename to website/docs/customize/policies/expression.mdx index db2f2775d9..0d2146a52a 100644 --- a/website/docs/policies/expression.mdx +++ b/website/docs/customize/policies/expression.mdx @@ -42,19 +42,19 @@ ak_message("Access denied") return False ``` -import Functions from "../expressions/_functions.md"; +import Functions from "../../expressions/_functions.md"; ## Variables -import Objects from "../expressions/_objects.md"; +import Objects from "../../expressions/_objects.md"; - `request`: A PolicyRequest object, which has the following properties: - - `request.user`: The current user, against which the policy is applied. See [User](../user-group-role/user/user_ref.md#object-properties) + - `request.user`: The current user, against which the policy is applied. See [User](../../users-sources/user/index.mdx) :::caution When a policy is executed in the context of a flow, this will be set to the user initiaing request, and will only be changed by a `user_login` stage. For that reason, using this value in authentication flow policies may not return the expected user. Use `context['pending_user']` instead; User Identification and other stages update this value during flow execution. @@ -69,7 +69,7 @@ import Objects from "../expressions/_objects.md"; - `geoip`: GeoIP dictionary. The following fields are available: :::info - For basic country matching, consider using a [GeoIP policy](index.md#geoip-policy). + For basic country matching, consider using a [GeoIP policy](./index.md#geoip-policy). ::: - `continent`: a two character continent code like `NA` (North America) or `OC` (Oceania). @@ -85,7 +85,7 @@ import Objects from "../expressions/_objects.md"; - `asn`: ASN dictionary. The following fields are available: :::info - For basic ASN matching, consider using a [GeoIP policy](index.md#geoip-policy). + For basic ASN matching, consider using a [GeoIP policy](./index.md#geoip-policy). ::: - `asn`: the autonomous system number associated with the IP address. @@ -119,7 +119,7 @@ This includes the following: - `context['prompt_data']`: Data which has been saved from a prompt stage or an external source. (Optional) - `context['application']`: The application the user is in the process of authorizing. (Optional) - `context['source']`: The source the user is authenticating/enrolling with. (Optional) -- `context['pending_user']`: The currently pending user, see [User](../user-group-role/user/user_ref.md#object-properties) +- `context['pending_user']`: The currently pending user, see [User](../../users-sources/user/user_ref.md) - `context['is_restored']`: Contains the flow token when the flow plan was restored from a link, for example the user clicked a link to a flow which was sent by an email stage. (Optional) - `context['auth_method']`: Authentication method (this value is set by password stages) (Optional) diff --git a/website/docs/policies/index.md b/website/docs/customize/policies/index.md similarity index 94% rename from website/docs/policies/index.md rename to website/docs/customize/policies/index.md index de22d08747..95ecff8ef3 100644 --- a/website/docs/policies/index.md +++ b/website/docs/customize/policies/index.md @@ -8,7 +8,7 @@ In effect, policies determine whether or not a specific stage is applied to a fl For example, you can create a policy that, for certain users, skips over a stage that prompts for MFA input. Or, you can define a policy that allows users to access a login flow only if the policy criteria are met. See below for other policies, including the reputation policy and an events-driven policy to manage notifications. -For instructions about creating and binding policies to flows and stages, refer to ["Working with policies](docs/policies/working_with_policies/working_with_policies.md)". +For instructions about creating and binding policies to flows and stages, refer to ["Working with policies](./working_with_policies/working_with_policies.md)". ## Standard policies @@ -20,11 +20,11 @@ This policy is used by the events subsystem. You can use this policy to match ev ### Expression Policy -See [Expression Policy](expression.mdx). +See [Expression Policy](./expression.mdx). ### GeoIP policy -Use this policy for simple GeoIP lookups, such as country or ASN matching. (For a more advanced GeoIP lookup, use an [Expression policy](expression.mdx).) +Use this policy for simple GeoIP lookups, such as country or ASN matching. (For a more advanced GeoIP lookup, use an [Expression policy](./expression.mdx).) ### Password-Expiry Policy diff --git a/website/docs/policies/working_with_policies/unique_email.md b/website/docs/customize/policies/working_with_policies/unique_email.md similarity index 76% rename from website/docs/policies/working_with_policies/unique_email.md rename to website/docs/customize/policies/working_with_policies/unique_email.md index 068d7d5268..9da2e36c68 100644 --- a/website/docs/policies/working_with_policies/unique_email.md +++ b/website/docs/customize/policies/working_with_policies/unique_email.md @@ -4,7 +4,7 @@ title: Ensure unique email addresses Due to the database design of authentik, email addresses are by default not required to be unique. This behavior can however be changed by policies. -The snippet below can be used as the expression in policies both with enrollment flows, where the policy should be bound to any stage before the [User write](../../flow/stages/user_write.md) stage, or with the [Prompt stage](../../flow/stages/prompt/index.md). +The snippet below can be used as the expression in policies both with enrollment flows, where the policy should be bound to any stage before the [User write](../../../add-secure-apps/flows-stages/stages/user_write.md) stage, or with the [Prompt stage](../../../add-secure-apps/flows-stages/stages/prompt/index.md). ```python from authentik.core.models import User diff --git a/website/docs/policies/working_with_policies/whitelist_email.md b/website/docs/customize/policies/working_with_policies/whitelist_email.md similarity index 100% rename from website/docs/policies/working_with_policies/whitelist_email.md rename to website/docs/customize/policies/working_with_policies/whitelist_email.md diff --git a/website/docs/policies/working_with_policies/working_with_policies.md b/website/docs/customize/policies/working_with_policies/working_with_policies.md similarity index 92% rename from website/docs/policies/working_with_policies/working_with_policies.md rename to website/docs/customize/policies/working_with_policies/working_with_policies.md index 1d33f4bf26..8df05b0f6e 100644 --- a/website/docs/policies/working_with_policies/working_with_policies.md +++ b/website/docs/customize/policies/working_with_policies/working_with_policies.md @@ -6,7 +6,7 @@ For an overview of policies, refer to our documentation on [Policies](../index.m authentik provides several [standard policy types](../index.md#standard-policies), which can be configured for your specific needs. -We also document how to use a policy to [whitelist email domains](../working_with_policies/whitelist_email.md) and to [ensure unique email addresses](../working_with_policies/unique_email.md). +We also document how to use a policy to [whitelist email domains](./whitelist_email.md) and to [ensure unique email addresses](./unique_email.md). ## Create a policy @@ -19,7 +19,7 @@ To create a new policy, follow these steps: ## Bind a policy to a flow or stage -After creating the policy, you can bind it to either a [flow](../../flow/index.md) or to a [stage](../../flow/stages/index.md). +After creating the policy, you can bind it to either a [flow](../../../add-secure-apps/flows-stages/flow/index.md) or to a [stage](../../../add-secure-apps/flows-stages/stages/index.md). :::info Bindings are instantiated objects themselves, and conceptually can be considered as the "connector" between the policy and the stage or flow. This is why you might read about "binding a binding", because technically, a binding is "spliced" into another binding, in order to intercept and enforce the criteria defined in the policy. You can edit bindings on a flow's **Stage Bindings** tab. diff --git a/website/developer-docs/api/api.md b/website/docs/developer-docs/api/api.md similarity index 100% rename from website/developer-docs/api/api.md rename to website/docs/developer-docs/api/api.md diff --git a/website/developer-docs/api/clients.md b/website/docs/developer-docs/api/clients.md similarity index 100% rename from website/developer-docs/api/clients.md rename to website/docs/developer-docs/api/clients.md diff --git a/website/developer-docs/api/flow-executor.md b/website/docs/developer-docs/api/flow-executor.md similarity index 96% rename from website/developer-docs/api/flow-executor.md rename to website/docs/developer-docs/api/flow-executor.md index afc65dc8e3..bd39b28873 100644 --- a/website/developer-docs/api/flow-executor.md +++ b/website/docs/developer-docs/api/flow-executor.md @@ -2,7 +2,7 @@ title: Flow executor (backend) --- -A big focus of authentik is the flows system, which allows you to combine and build complex conditional processes using stages and policies. Normally, these flows are automatically executed in the browser using authentik's [standard browser-based flow executor (/if/flows)](/docs/flow/executors/if-flow). +A big focus of authentik is the flows system, which allows you to combine and build complex conditional processes using stages and policies. Normally, these flows are automatically executed in the browser using authentik's [standard browser-based flow executor (/if/flows)](../../add-secure-apps/flows-stages/flow/executors/if-flow.md). However, any flow can be executed via an API from anywhere, in fact that is what every flow executor does. With a few requests you can execute flows from anywhere, and integrate authentik even better. diff --git a/website/developer-docs/api/making-schema-changes.md b/website/docs/developer-docs/api/making-schema-changes.md similarity index 100% rename from website/developer-docs/api/making-schema-changes.md rename to website/docs/developer-docs/api/making-schema-changes.md diff --git a/website/developer-docs/api/websocket.md b/website/docs/developer-docs/api/websocket.md similarity index 100% rename from website/developer-docs/api/websocket.md rename to website/docs/developer-docs/api/websocket.md diff --git a/website/developer-docs/docs/style-guide.mdx b/website/docs/developer-docs/docs/style-guide.mdx similarity index 100% rename from website/developer-docs/docs/style-guide.mdx rename to website/docs/developer-docs/docs/style-guide.mdx diff --git a/website/developer-docs/docs/templates/combo.md b/website/docs/developer-docs/docs/templates/combo.md similarity index 100% rename from website/developer-docs/docs/templates/combo.md rename to website/docs/developer-docs/docs/templates/combo.md diff --git a/website/developer-docs/docs/templates/combo.tmpl.md b/website/docs/developer-docs/docs/templates/combo.tmpl.md similarity index 100% rename from website/developer-docs/docs/templates/combo.tmpl.md rename to website/docs/developer-docs/docs/templates/combo.tmpl.md diff --git a/website/developer-docs/docs/templates/conceptual.md b/website/docs/developer-docs/docs/templates/conceptual.md similarity index 100% rename from website/developer-docs/docs/templates/conceptual.md rename to website/docs/developer-docs/docs/templates/conceptual.md diff --git a/website/developer-docs/docs/templates/conceptual.tmpl.md b/website/docs/developer-docs/docs/templates/conceptual.tmpl.md similarity index 100% rename from website/developer-docs/docs/templates/conceptual.tmpl.md rename to website/docs/developer-docs/docs/templates/conceptual.tmpl.md diff --git a/website/developer-docs/docs/templates/index.md b/website/docs/developer-docs/docs/templates/index.md similarity index 100% rename from website/developer-docs/docs/templates/index.md rename to website/docs/developer-docs/docs/templates/index.md diff --git a/website/developer-docs/docs/templates/procedural.md b/website/docs/developer-docs/docs/templates/procedural.md similarity index 100% rename from website/developer-docs/docs/templates/procedural.md rename to website/docs/developer-docs/docs/templates/procedural.md diff --git a/website/developer-docs/docs/templates/procedural.tmpl.md b/website/docs/developer-docs/docs/templates/procedural.tmpl.md similarity index 100% rename from website/developer-docs/docs/templates/procedural.tmpl.md rename to website/docs/developer-docs/docs/templates/procedural.tmpl.md diff --git a/website/developer-docs/docs/templates/reference.md b/website/docs/developer-docs/docs/templates/reference.md similarity index 100% rename from website/developer-docs/docs/templates/reference.md rename to website/docs/developer-docs/docs/templates/reference.md diff --git a/website/developer-docs/docs/templates/reference.tmpl.md b/website/docs/developer-docs/docs/templates/reference.tmpl.md similarity index 100% rename from website/developer-docs/docs/templates/reference.tmpl.md rename to website/docs/developer-docs/docs/templates/reference.tmpl.md diff --git a/website/developer-docs/docs/writing-documentation.md b/website/docs/developer-docs/docs/writing-documentation.md similarity index 100% rename from website/developer-docs/docs/writing-documentation.md rename to website/docs/developer-docs/docs/writing-documentation.md diff --git a/website/developer-docs/hackathon/horizontal-brandon-frie-rdHeGGn7rwQ-unsplash.jpg b/website/docs/developer-docs/hackathon/horizontal-brandon-frie-rdHeGGn7rwQ-unsplash.jpg similarity index 100% rename from website/developer-docs/hackathon/horizontal-brandon-frie-rdHeGGn7rwQ-unsplash.jpg rename to website/docs/developer-docs/hackathon/horizontal-brandon-frie-rdHeGGn7rwQ-unsplash.jpg diff --git a/website/developer-docs/hackathon/index.md b/website/docs/developer-docs/hackathon/index.md similarity index 98% rename from website/developer-docs/hackathon/index.md rename to website/docs/developer-docs/hackathon/index.md index 70788205e5..404be80ed1 100644 --- a/website/developer-docs/hackathon/index.md +++ b/website/docs/developer-docs/hackathon/index.md @@ -4,7 +4,7 @@ title: Hackathon 2023 ![hackathon-image](./horizontal-brandon-frie-rdHeGGn7rwQ-unsplash.jpg) -**REGISTRATION NOW CLOSED! PLEASE JOIN US FOR A FUTURE AUTHENTIK HACKATHON.** +**REGISTRATION NOW CLOSED. PLEASE JOIN US FOR A FUTURE AUTHENTIK HACKATHON.** ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ diff --git a/website/developer-docs/index.md b/website/docs/developer-docs/index.md similarity index 99% rename from website/developer-docs/index.md rename to website/docs/developer-docs/index.md index 461aef8755..96316d4c4d 100644 --- a/website/developer-docs/index.md +++ b/website/docs/developer-docs/index.md @@ -1,6 +1,5 @@ --- title: Contributing to authentik -slug: / --- :+1::tada: Thanks for taking the time to contribute! :tada::+1: @@ -117,7 +116,7 @@ When you are creating an enhancement suggestion, please fill in [the template](h authentik can be run locally, all though depending on which part you want to work on, different pre-requisites are required. -This is documented in the [developer docs](./setup/frontend-dev-environment.md) +This is documented in the [developer docs](./setup/frontend-dev-environment.md). ### Help with the Docs @@ -136,13 +135,13 @@ The process described here has several goals: Please follow these steps to have your contribution considered by the maintainers: -1. Follow the [styleguides](#styleguides) +1. Follow the [styleguides](#style-guides) 2. After you submit your pull request, verify that all [status checks](https://help.github.com/articles/about-status-checks/) are passing
What if the status checks are failing?If a status check is failing, and you believe that the failure is unrelated to your change, please leave a comment on the pull request explaining why you believe the failure is unrelated. A maintainer will re-run the status check for you. If we conclude that the failure was a false positive, then we will open an issue to track that problem with our status check suite.
3. Ensure your Code has tests. While it is not always possible to test every single case, the majority of the code should be tested. While the prerequisites above must be satisfied prior to having your pull request reviewed, the reviewer(s) may ask you to complete additional design work, tests, or other changes before your pull request can be ultimately accepted. -## Styleguides +## Style guides ### PR naming diff --git a/website/developer-docs/releases/index.md b/website/docs/developer-docs/releases/index.md similarity index 100% rename from website/developer-docs/releases/index.md rename to website/docs/developer-docs/releases/index.md diff --git a/website/developer-docs/setup/frontend-dev-environment.md b/website/docs/developer-docs/setup/frontend-dev-environment.md similarity index 92% rename from website/developer-docs/setup/frontend-dev-environment.md rename to website/docs/developer-docs/setup/frontend-dev-environment.md index c14c10db98..770680c9a6 100644 --- a/website/developer-docs/setup/frontend-dev-environment.md +++ b/website/docs/developer-docs/setup/frontend-dev-environment.md @@ -16,8 +16,8 @@ Depending on platform, some native dependencies might be required. On macOS, run ### Instructions -1. Clone the git repo from https://github.com/goauthentik/authentik -2. In the cloned repository, follow the docker-compose installation instructions [here](/docs/installation/docker-compose) +1. Clone the git repo from https://github.com/goauthentik/authentik. +2. In the cloned repository, follow the docker-compose installation instructions [here](../../install-config/install/docker-compose). 3. Add the following entry to your `.env` file: ``` @@ -29,7 +29,7 @@ Depending on platform, some native dependencies might be required. On macOS, run This will cause authentik to use the beta images. -4. Add this volume mapping to your compose file +4. Add this volume mapping to your compose file. ```yaml services: diff --git a/website/developer-docs/setup/full-dev-environment.md b/website/docs/developer-docs/setup/full-dev-environment.md similarity index 100% rename from website/developer-docs/setup/full-dev-environment.md rename to website/docs/developer-docs/setup/full-dev-environment.md diff --git a/website/developer-docs/setup/website-dev-environment.md b/website/docs/developer-docs/setup/website-dev-environment.md similarity index 100% rename from website/developer-docs/setup/website-dev-environment.md rename to website/docs/developer-docs/setup/website-dev-environment.md diff --git a/website/developer-docs/translation.md b/website/docs/developer-docs/translation.md similarity index 100% rename from website/developer-docs/translation.md rename to website/docs/developer-docs/translation.md diff --git a/website/docs/enterprise/get-started.md b/website/docs/enterprise/get-started.md index b3c6470d80..c4b4d2a3d6 100644 --- a/website/docs/enterprise/get-started.md +++ b/website/docs/enterprise/get-started.md @@ -6,12 +6,12 @@ Installing authentik is exactly the same process for both Enterprise version and ## Install Enterprise -To get started working with Enterprise authentik, [upgrade](../installation/upgrade.mdx) to the [2023.8.x](../releases) version or later. +To get started working with Enterprise authentik, [upgrade](../install-config/upgrade.mdx) to the [2023.8.x](../releases) version or later. -If this is a fresh install, refer to our [technical documentation](../installation/index.mdx) for instructions to install and configure authentik. +If this is a fresh install, refer to our [technical documentation](../install-config/index.mdx) for instructions to install and configure authentik. -- [Docker Compose installation](../installation/docker-compose.mdx) -- [Kubernetes installation](../installation/kubernetes.md) +- [Docker Compose installation](../install-config/install/docker-compose.mdx) +- [Kubernetes installation](../install-config/install/kubernetes.md) ## Access Enterprise diff --git a/website/docs/enterprise/manage-enterprise.md b/website/docs/enterprise/manage-enterprise.md index 97ad247b1d..38729c7783 100644 --- a/website/docs/enterprise/manage-enterprise.md +++ b/website/docs/enterprise/manage-enterprise.md @@ -8,7 +8,7 @@ Your organization defines the members, their roles, the licenses associated with ### Create an Organization -1. To create a new organization, log in to the [Customer portal](./get-started#access-enterprise). +1. To create a new organization, log in to the [Customer portal](./get-started.md#access-enterprise). 2. On the **My organizations** page, click **Create an organization**. @@ -27,7 +27,7 @@ In the Customer portal you can remove members and invite new members to the orga - **Member**: can view licenses, including the license key. - **Owner**: can do everything the Member role can do, plus: add and remove members, order and renew licenses, and edit the organization. -1. To manage membership in an organization, log in to the [Customer portal](./get-started#access-enterprise). +1. To manage membership in an organization, log in to the [Customer portal](./get-started.md#access-enterprise). 2. On the **My organizations** page, click the name of the organization you want to edit membership in. @@ -107,7 +107,7 @@ The following events occur when a license expires or the internal/external user License usage is calculated based on total user counts that authentik regularly captures. This data is checked against all valid licenses, and the sum total of all users. Internal and external users are counted based on the number of active users of the respective type saved in authentik. Service account users are not counted towards the license. -An **internal** user is typically a team member, such as a company employee, who has access to the full Enterprise feature set. An **external** user might be an external consultant, a volunteer in a charitable site, or a B2C customer who logged onto your website to shop. External users don't get access to Enterprise features, nor to the **My applications** page in authentik. Instead, external users are authenticated and then redirected to log directly into their [default application](../core/brands.md#external-user-settings). +An **internal** user is typically a team member, such as a company employee, who has access to the full Enterprise feature set. An **external** user might be an external consultant, a volunteer in a charitable site, or a B2C customer who logged onto your website to shop. External users don't get access to Enterprise features, nor to the **My applications** page in authentik. Instead, external users are authenticated and then redirected to log directly into their [default application](../customize/brands.md#external-user-settings). ### Upgrade the number of users in a license diff --git a/website/docs/expressions/_functions.md b/website/docs/expressions/_functions.md index dc934a101f..d065cc2a1e 100644 --- a/website/docs/expressions/_functions.md +++ b/website/docs/expressions/_functions.md @@ -62,7 +62,7 @@ return ak_is_group_member(request.user, name="test_group") Fetch a user matching `**filters`. -Returns "None" if no user was found, otherwise returns the [User](/docs/user-group-role/user) object. +Returns "None" if no user was found, otherwise returns the [User](/docs/users-sources/user) object. Example: diff --git a/website/docs/expressions/_user.md b/website/docs/expressions/_user.md index f38484bae2..691cf712aa 100644 --- a/website/docs/expressions/_user.md +++ b/website/docs/expressions/_user.md @@ -1,4 +1,4 @@ -- `user`: The current user. This may be `None` if there is no contextual user. See [User](../user-group-role/user/user_ref.md#object-properties). +- `user`: The current user. This may be `None` if there is no contextual user. See [User](../users-sources/user/user_ref.md#object-properties). Example: diff --git a/website/docs/flow/stages/user_logout.md b/website/docs/flow/stages/user_logout.md deleted file mode 100644 index 56dc227e48..0000000000 --- a/website/docs/flow/stages/user_logout.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: User logout stage ---- - -Opposite stage of [User Login Stages](user_login/index.md). It removes the user from the current session. diff --git a/website/docs/index.mdx b/website/docs/index.mdx index b2cb8f1624..cab65a7c8f 100755 --- a/website/docs/index.mdx +++ b/website/docs/index.mdx @@ -1,6 +1,5 @@ --- title: Welcome to authentik -slug: / --- ## What is authentik? @@ -21,7 +20,7 @@ The authentik product provides the following consoles: - **User interface**: this console view in authentik displays all of the applications and integrations in which you have implemented authentik. Click on the app that you want to access to open it, or drill down to edit its configuration in the admin interface. -- **Flows**: [_Flows_](./flow) are the steps by which the various _Stages_ of a login and authentication process occurs. A stage represents a single verification or logic step in the sign-on process. authentik allows for the customization and exact definition of these flows. +- **Flows**: [_Flows_](./add-secure-apps/flows-stages/flow/index.md) are the steps by which the various _Stages_ of a login and authentication process occurs. A stage represents a single verification or logic step in the sign-on process. authentik allows for the customization and exact definition of these flows. In authentik, you can use Light or Dark mode for the Admin interface, User interface, and the Flow interface. @@ -68,10 +67,10 @@ Our tech docs cover the typical topics, from installation to configuration, addi - For information about integrating a specific application or software into authentik, refer to our **Integrations** section, accessible from the top menu bar. -- For developer-focused documentation, such as using our APIs and blueprints, setting up your development environment, translations, or how to contribute, refer to the [**Developer**](../developer-docs) area, accessible from the top menu bar. +- For developer-focused documentation, such as using our APIs and blueprints, setting up your development environment, translations, or how to contribute, refer to the [**Developer**](./developer-docs/index.md) area, accessible from the top menu bar. ## Installation -Refer to the installation steps in either [Docker-compose](installation/docker-compose) or [Kubernetes](installation/kubernetes). +Refer to the installation steps in either [Docker-compose](./install-config/install/docker-compose.mdx) or [Kubernetes](./install-config/install/kubernetes.md). -For more information about configuration, beta versions, and additional installation options, see our main [Installation](installation) section. +For more information about configuration, beta versions, and additional installation options, see our main [Installation](./install-config/index.mdx) section. diff --git a/website/docs/installation/air-gapped.mdx b/website/docs/install-config/air-gapped.mdx similarity index 93% rename from website/docs/installation/air-gapped.mdx rename to website/docs/install-config/air-gapped.mdx index ad886337a3..784ba884ed 100644 --- a/website/docs/installation/air-gapped.mdx +++ b/website/docs/install-config/air-gapped.mdx @@ -15,7 +15,7 @@ To disable these outbound connections, adjust the settings as follows: ## Configuration options -To view a list of all configuration options, refer to the [Configuration](./configuration.mdx) documentation. +To view a list of all configuration options, refer to the [Configuration](./configuration/configuration.mdx) documentation. import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; @@ -56,7 +56,7 @@ Afterwards, run the upgrade commands from the latest release notes. ## Settings -In addition to the configuration options above, the following [System settings](../core/settings.md) need to also be adjusted: +In addition to the configuration options above, the following [System settings](../sys-mgmt/settings.md) need to also be adjusted: - **Avatars**: By default this setting uses [Gravatar](https://secure.gravatar.com/). The option can be set to a combination of any of the other options, for example `initials` diff --git a/website/docs/installation/automated-install.md b/website/docs/install-config/automated-install.md similarity index 100% rename from website/docs/installation/automated-install.md rename to website/docs/install-config/automated-install.md diff --git a/website/docs/installation/beta.mdx b/website/docs/install-config/beta.mdx similarity index 100% rename from website/docs/installation/beta.mdx rename to website/docs/install-config/beta.mdx diff --git a/website/docs/installation/configuration.mdx b/website/docs/install-config/configuration/configuration.mdx similarity index 100% rename from website/docs/installation/configuration.mdx rename to website/docs/install-config/configuration/configuration.mdx diff --git a/website/docs/installation/dashboard.png b/website/docs/install-config/dashboard.png similarity index 100% rename from website/docs/installation/dashboard.png rename to website/docs/install-config/dashboard.png diff --git a/website/docs/core/geoip.mdx b/website/docs/install-config/geoip.mdx similarity index 96% rename from website/docs/core/geoip.mdx rename to website/docs/install-config/geoip.mdx index 62156dc906..79ad9b9a5f 100644 --- a/website/docs/core/geoip.mdx +++ b/website/docs/install-config/geoip.mdx @@ -1,6 +1,6 @@ # GeoIP -authentik supports GeoIP to add additional information to login/authorization/enrollment requests. Additionally, a [GeoIP policy](../policies/#geoip-policy) can be used to make policy decisions based on the lookup result. +authentik supports GeoIP to add additional information to login/authorization/enrollment requests. Additionally, a [GeoIP policy](../customize/policies/index.md#geoip-policy) can be used to make policy decisions based on the lookup result. ### Configuration diff --git a/website/docs/installation/index.mdx b/website/docs/install-config/index.mdx similarity index 87% rename from website/docs/installation/index.mdx rename to website/docs/install-config/index.mdx index 641337512d..d413f9f095 100644 --- a/website/docs/installation/index.mdx +++ b/website/docs/install-config/index.mdx @@ -4,7 +4,7 @@ title: Installation Everything you need to get authentik up and running! -For information about upgrading to a new version, refer to the Upgrade section in the relevant [Release Notes](../releases) and to our [Upgrade authentik](../installation/upgrade.mdx) documentation. +For information about upgrading to a new version, refer to the Upgrade section in the relevant [Release Notes](../releases) and to our [Upgrade authentik](./upgrade.mdx) documentation. The installation process for our free open source version and our [Enterprise](../enterprise/index.md) version are exactly the same. For information about obtaining an Enterprise license, refer to [License management](../enterprise/manage-enterprise.md#license-management) documentation. diff --git a/website/docs/installation/docker-compose.mdx b/website/docs/install-config/install/docker-compose.mdx similarity index 90% rename from website/docs/installation/docker-compose.mdx rename to website/docs/install-config/install/docker-compose.mdx index 9b3ed7cf8c..4bfa63b2a6 100644 --- a/website/docs/installation/docker-compose.mdx +++ b/website/docs/install-config/install/docker-compose.mdx @@ -66,7 +66,7 @@ echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env ## Email configuration (optional but recommended) -It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts and configuration issues. They can also be used by [Email stages](../flow/stages/email/) to send verification/recovery emails. +It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts and configuration issues. They can also be used by [Email stages](../../add-secure-apps/flows-stages/stages/email/index.mdx) to send verification/recovery emails. To configure email credentials, append this block to your `.env` file @@ -95,7 +95,7 @@ COMPOSE_PORT_HTTP=80 COMPOSE_PORT_HTTPS=443 ``` -See [Configuration](../installation/configuration) to change the internal ports. Be sure to run `docker compose up -d` to rebuild with the new port numbers. +See [Configuration](../configuration/configuration.mdx) to change the internal ports. Be sure to run `docker compose up -d` to rebuild with the new port numbers. ## Startup @@ -113,10 +113,10 @@ docker compose pull docker compose up -d ``` -The `docker-compose.yml` file statically references the latest version available at the time of downloading the compose file. Each time you upgrade to a newer version of authentik, you download a new `docker-compose.yml` file, which points to the latest available version. For more information, refer to the **Upgrading** section in the [Release Notes](../releases). +The `docker-compose.yml` file statically references the latest version available at the time of downloading the compose file. Each time you upgrade to a newer version of authentik, you download a new `docker-compose.yml` file, which points to the latest available version. For more information, refer to the **Upgrading** section in the [Release Notes](../../releases/). To start the initial setup, navigate to `http://:9000/if/flow/initial-setup/`. There you are prompted to set a password for the `akadmin` user (the default user). -For an explanation about what each service in the docker compose file does, see [Architecture](../core/architecture.md). +For an explanation about what each service in the docker compose file does, see [Architecture](../../core/architecture.md). diff --git a/website/docs/installation/kubernetes.md b/website/docs/install-config/install/kubernetes.md similarity index 96% rename from website/docs/installation/kubernetes.md rename to website/docs/install-config/install/kubernetes.md index fd76755961..03a4c59e68 100644 --- a/website/docs/installation/kubernetes.md +++ b/website/docs/install-config/install/kubernetes.md @@ -76,7 +76,7 @@ After the installation is complete, access authentik at `https://Preview Provision users and groups in authentik using an SCIM API. - For details refer to [SCIM Source](../../../docs/sources/scim/) + For details refer to [SCIM Source](../../users-sources/sources/protocols/scim/index.md) - **Configurable WebAuthn device restrictions** Configure which types of WebAuthn devices can be used to enroll and validate for different authorization levels. - For details refer to [WebAuthn authenticator setup stage](../../flow/stages/authenticator_webauthn/index.md) + For details refer to [WebAuthn authenticator setup stage](../../add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md) - **Revamped UI for log messages** @@ -57,7 +57,7 @@ slug: /releases/2024.4 When authentik is configured to federate with an LDAP source, upon authentication, authentik hashed the password and stored it in its own database. This allows authentication to function when LDAP is unreachable. Admins can now configure this behavior for when this is not desirable. - For details refer to [LDAP Source](../../../docs/sources/ldap/) + For details refer to [LDAP Source](../../users-sources/sources/protocols/ldap/index.md) - **Configurable app password token expiring** @@ -238,14 +238,14 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.4 ## Fixed in 2024.4.3 - core: fix source flow_manager not always appending save stage (cherry-pick #9659) (#9662) -- security: fix [CVE-2024-37905](../../security/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10236) -- security: fix [CVE-2024-38371](../../security/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10233) +- security: fix [CVE-2024-37905](../../security/cves/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10236) +- security: fix [CVE-2024-38371](../../security/cves/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10233) - sources/saml: fix FlowPlanner error due to pickle (cherry-pick #9708) (#9709) - web: fix value handling inside controlled components (cherry-pick #9648) (#9685) ## Fixed in 2024.4.4 -- security: fix [CVE-2024-42490](../../security/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11024 +- security: fix [CVE-2024-42490](../../security/cves/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11024 ## API Changes diff --git a/website/docs/releases/2024/v2024.6.md b/website/docs/releases/2024/v2024.6.md index 7ea2927667..a588f2ba45 100644 --- a/website/docs/releases/2024/v2024.6.md +++ b/website/docs/releases/2024/v2024.6.md @@ -25,7 +25,7 @@ With this release, authentik now enforces unique group names. Existing groups wi ### GeoIP and ASN context object -The `context["geoip"]` and `context["asn"]` objects available in expression policies are now dictionaries. Attributes must now be accessed via dictionary accessors. See [our policy examples](../../policies/expression.mdx) for the updated syntax. +The `context["geoip"]` and `context["asn"]` objects available in expression policies are now dictionaries. Attributes must now be accessed via dictionary accessors. See [our policy examples](../../customize/policies/expression.mdx) for the updated syntax. ## New features @@ -33,25 +33,25 @@ The `context["geoip"]` and `context["asn"]` objects available in expression poli With the Google Workspace provider, authentik serves as the single source of truth for all users and groups, when using Google products like Gmail. - For details refer to the [Google Workspace Provider documentation](../../providers/gws/index.md) + For details refer to the [Google Workspace Provider documentation](../../add-secure-apps/providers/gws/index.md) - **Microsoft Entra ID Provider** Enterprise Preview With the Microsoft Entra ID provider, authentik serves as the single source of truth for all users and groups. Configuring Entra ID as a provider allows for auto-discovery of user and group accounts, on-going synchronization of user data such as email address, name, and status, and integrated data mapping of field names and values. - For details refer to the [Microsoft Entra ID documentation](../../providers/entra/index.md) + For details refer to the [Microsoft Entra ID documentation](../../add-secure-apps/providers/entra/index.md) - **Read-replica DB support** Multiple read-only databases can be configured to route read-only requests to the non-primary database instance so that the main database can be reserved to write requests. - For details refer to the [PostgreSQL configuration](../../installation/configuration.mdx#postgresql-settings) + For details refer to the [PostgreSQL configuration](../../install-config/configuration/configuration.mdx#postgresql-settings) - **Improved CAPTCHA stage** Thresholds can now be configured on the CAPTCHA stage to customize its result. Additionally, the stage can be configured to continue the flow if the CAPTCHA score is outside of those thresholds for further decision making via expression policies. - For details refer to the [CAPTCHA stage](../../flow/stages/captcha/index.md) + For details refer to the [CAPTCHA stage](../../add-secure-apps/flows-stages/stages/captcha/index.md) - **Optimize sync and property mapping execution** @@ -65,7 +65,7 @@ The `context["geoip"]` and `context["asn"]` objects available in expression poli - **Reworked proxy provider redirect** - Following-up on a [highly requested issue](https://github.com/goauthentik/authentik/issues/6886), we've reworked our [Proxy provider](../../providers/proxy/index.md) to avoid invalid user-facing redirects. + Following-up on a [highly requested issue](https://github.com/goauthentik/authentik/issues/6886), we've reworked our [Proxy provider](../../add-secure-apps/providers/proxy/index.md) to avoid invalid user-facing redirects. ## Upgrading @@ -151,8 +151,8 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.6 - root: handle asgi exception (#10085) - root: include task_id in events and logs (#9749) - root: use custom model serializer that saves m2m without bulk (cherry-pick #10139) (#10151) -- security: fix [CVE-2024-37905](../../security/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10237) -- security: fix [CVE-2024-38371](../../security/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10234) +- security: fix [CVE-2024-37905](../../security/cves/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10237) +- security: fix [CVE-2024-38371](../../security/cves/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10234) - sources/oauth: ensure all UI sources return a valid source (#9401) - sources/oauth: fix OAuth Client sending token request incorrectly (#9474) - sources/oauth: modernizes discord icon (#9817) @@ -233,12 +233,12 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.6 ## Fixed in 2024.6.4 -- security: fix [CVE-2024-42490](../../security/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11025 +- security: fix [CVE-2024-42490](../../security/cves/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11025 ## Fixed in 2024.6.5 -- security: fix [CVE-2024-47070](../../security/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11540) -- security: fix [CVE-2024-47077](../../security/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11538) +- security: fix [CVE-2024-47070](../../security/cves/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11540) +- security: fix [CVE-2024-47077](../../security/cves/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11538) ## API Changes diff --git a/website/docs/releases/2024/v2024.8.md b/website/docs/releases/2024/v2024.8.md index 28e15ba203..ab05a126a6 100644 --- a/website/docs/releases/2024/v2024.8.md +++ b/website/docs/releases/2024/v2024.8.md @@ -81,19 +81,19 @@ slug: "/releases/2024.8" - **Source property mappings for SCIM, OAuth, SAML and Plex sources** - All source types now support property mappings to customize how authentik should interpret the data the source provides. In addition to that, it is also now possible to sync groups and group membership from sources that provide group information. See [Property Mappings](../../sources/property-mappings/index.md). + All source types now support property mappings to customize how authentik should interpret the data the source provides. In addition to that, it is also now possible to sync groups and group membership from sources that provide group information. See [Property Mappings](../../users-sources/sources/property-mappings/index.md). - **RADIUS provider custom attribute support** - With 2024.8 it is possible to define custom attributes for the RADIUS provider, for example vendor-specific attributes like Cisco's `AV-Pair` attribute. These attributes are defined in property mappings which means they can be dynamically defined based on the user authenticating. See [RADIUS Provider](../../providers/radius/index.mdx#radius-attributes) + With 2024.8 it is possible to define custom attributes for the RADIUS provider, for example vendor-specific attributes like Cisco's `AV-Pair` attribute. These attributes are defined in property mappings which means they can be dynamically defined based on the user authenticating. See [RADIUS Provider](../../add-secure-apps/providers/radius/index.mdx#radius-attributes) - **SAML encryption support** - It is now possible to configure SAML sources and providers to decrypt and validate encrypted assertions. This can be configured by creating a [Certificate-keypair](../../core/certificates.md) and selecting it in the SAML source or provider. + It is now possible to configure SAML sources and providers to decrypt and validate encrypted assertions. This can be configured by creating a [Certificate-keypair](../../sys-mgmt/certificates.md) and selecting it in the SAML source or provider. - **GeoIP Policy** - With the new [GeoIP Policy](../../policies/index.md#geoip-policy) it is possible to grant/deny access based on Country and ASN, without having to write an expression policy. + With the new [GeoIP Policy](../../customize/policies/index.md#geoip-policy) it is possible to grant/deny access based on Country and ASN, without having to write an expression policy. - **Simplification of LDAP Provider permissions** @@ -109,11 +109,11 @@ slug: "/releases/2024.8" - **WebFinger support** - With the addition of the [default application](../../core/brands.md#external-user-settings) setting, when the default application uses an OIDC provider, a WebFinger endpoint is available now. + With the addition of the [default application](../../customize/brands.md#external-user-settings) setting, when the default application uses an OIDC provider, a WebFinger endpoint is available now. ## Upgrading -This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../../installation/upgrade.mdx). +This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../../install-config/upgrade.mdx). :::warning When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance. @@ -279,8 +279,8 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8 - events: always use expiry from current tenant for events, not only when creating from HTTP request (cherry-pick #11415) (#11416) - providers/proxy: fix traefik label generation (cherry-pick #11460) (#11480) -- security: [CVE-2024-47070](../../security/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11539) -- security: [CVE-2024-47077](../../security/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11537) +- security: [CVE-2024-47070](../../security/cves/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11539) +- security: [CVE-2024-47077](../../security/cves/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11537) - sources/ldap: fix mapping check, fix debug endpoint (cherry-pick #11442) (#11498) - sources/ldap: fix ms_ad userAccountControl not checking for lockout (cherry-pick #11532) (#11534) - web: Fix missing integrity fields in package-lock.json (#11509) diff --git a/website/docs/releases/_template.md b/website/docs/releases/_template.md index b02b61b463..ec3778becb 100644 --- a/website/docs/releases/_template.md +++ b/website/docs/releases/_template.md @@ -15,7 +15,7 @@ To try out the release candidate, replace your Docker image tag with the latest ## Upgrading -This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../installation/upgrade.mdx). +This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../install-config/upgrade.mdx). :::warning When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance. diff --git a/website/docs/releases/old/v0.10.md b/website/docs/releases/old/v0.10.md index e101731ceb..ae0c002b2a 100644 --- a/website/docs/releases/old/v0.10.md +++ b/website/docs/releases/old/v0.10.md @@ -13,13 +13,13 @@ This update brings a lot of big features, such as: Due to this new OAuth2 Provider, the Application Gateway Provider, now simply called "Proxy Provider" has been revamped as well. The new authentik Proxy integrates more tightly with authentik via the new Outposts system. The new proxy also supports multiple applications per proxy instance, can configure TLS based on authentik Keypairs, and more. - See [Proxy](../../providers/proxy/index.md) + See [Proxy](../../add-secure-apps/providers/proxy/index.md) - Outpost System This is a new Object type, currently used only by the Proxy Provider. It manages the creation and permissions of service accounts, which are used by the outposts to communicate with authentik. - See [Outposts](../../outposts/index.mdx) + See [Outposts](../../add-secure-apps/outposts/index.mdx) - Flow Import/Export @@ -73,4 +73,4 @@ This upgrade only applies if you are upgrading from a running 0.9 instance. auth Because this upgrade brings the new OAuth2 Provider, the old providers will be lost in the process. Make sure to take note of the providers you want to bring over. -Another side-effect of this upgrade is the change of OAuth2 URLs, see [here](../providers/oauth2). +Another side-effect of this upgrade is the change of OAuth2 URLs, see [here](../../add-secure-apps/providers/oauth2/index.md). diff --git a/website/docs/security/2023-06-cure53.md b/website/docs/security/audits-and-certs/2023-06-cure53.md similarity index 97% rename from website/docs/security/2023-06-cure53.md rename to website/docs/security/audits-and-certs/2023-06-cure53.md index b9d312743a..7407cdd814 100644 --- a/website/docs/security/2023-06-cure53.md +++ b/website/docs/security/audits-and-certs/2023-06-cure53.md @@ -44,7 +44,7 @@ Related to ATH-01-003, it was possible to insert unintended diagrams into genera ## Additional info -In addition to the points above, several of the findings are classified as intended features (such as the expression policies). However, we have published additional [hardening documentation](./security-hardening.md) to provide guidance for further measures that can be taken to limit any possible risks associated with these features. +In addition to the points above, several of the findings are classified as intended features (such as the expression policies). However, we have published additional [hardening documentation](../security-hardening.md) to provide guidance for further measures that can be taken to limit any possible risks associated with these features. ### ATH-01-002: Stored XSS in help text of prompt module (Medium) diff --git a/website/docs/security/CVE-2022-23555.md b/website/docs/security/cves/CVE-2022-23555.md similarity index 100% rename from website/docs/security/CVE-2022-23555.md rename to website/docs/security/cves/CVE-2022-23555.md diff --git a/website/docs/security/CVE-2022-46145.md b/website/docs/security/cves/CVE-2022-46145.md similarity index 100% rename from website/docs/security/CVE-2022-46145.md rename to website/docs/security/cves/CVE-2022-46145.md diff --git a/website/docs/security/CVE-2022-46172.md b/website/docs/security/cves/CVE-2022-46172.md similarity index 100% rename from website/docs/security/CVE-2022-46172.md rename to website/docs/security/cves/CVE-2022-46172.md diff --git a/website/docs/security/CVE-2023-26481.md b/website/docs/security/cves/CVE-2023-26481.md similarity index 100% rename from website/docs/security/CVE-2023-26481.md rename to website/docs/security/cves/CVE-2023-26481.md diff --git a/website/docs/security/CVE-2023-36456.md b/website/docs/security/cves/CVE-2023-36456.md similarity index 100% rename from website/docs/security/CVE-2023-36456.md rename to website/docs/security/cves/CVE-2023-36456.md diff --git a/website/docs/security/CVE-2023-39522.md b/website/docs/security/cves/CVE-2023-39522.md similarity index 100% rename from website/docs/security/CVE-2023-39522.md rename to website/docs/security/cves/CVE-2023-39522.md diff --git a/website/docs/security/CVE-2023-48228.md b/website/docs/security/cves/CVE-2023-48228.md similarity index 100% rename from website/docs/security/CVE-2023-48228.md rename to website/docs/security/cves/CVE-2023-48228.md diff --git a/website/docs/security/CVE-2024-21637.md b/website/docs/security/cves/CVE-2024-21637.md similarity index 100% rename from website/docs/security/CVE-2024-21637.md rename to website/docs/security/cves/CVE-2024-21637.md diff --git a/website/docs/security/CVE-2024-23647.md b/website/docs/security/cves/CVE-2024-23647.md similarity index 100% rename from website/docs/security/CVE-2024-23647.md rename to website/docs/security/cves/CVE-2024-23647.md diff --git a/website/docs/security/CVE-2024-37905.md b/website/docs/security/cves/CVE-2024-37905.md similarity index 100% rename from website/docs/security/CVE-2024-37905.md rename to website/docs/security/cves/CVE-2024-37905.md diff --git a/website/docs/security/CVE-2024-38371.md b/website/docs/security/cves/CVE-2024-38371.md similarity index 100% rename from website/docs/security/CVE-2024-38371.md rename to website/docs/security/cves/CVE-2024-38371.md diff --git a/website/docs/security/CVE-2024-42490.md b/website/docs/security/cves/CVE-2024-42490.md similarity index 100% rename from website/docs/security/CVE-2024-42490.md rename to website/docs/security/cves/CVE-2024-42490.md diff --git a/website/docs/security/CVE-2024-47070.md b/website/docs/security/cves/CVE-2024-47070.md similarity index 100% rename from website/docs/security/CVE-2024-47070.md rename to website/docs/security/cves/CVE-2024-47070.md diff --git a/website/docs/security/CVE-2024-47077.md b/website/docs/security/cves/CVE-2024-47077.md similarity index 100% rename from website/docs/security/CVE-2024-47077.md rename to website/docs/security/cves/CVE-2024-47077.md diff --git a/website/docs/security/GHSA-rjvp-29xq-f62w.md b/website/docs/security/cves/GHSA-rjvp-29xq-f62w.md similarity index 100% rename from website/docs/security/GHSA-rjvp-29xq-f62w.md rename to website/docs/security/cves/GHSA-rjvp-29xq-f62w.md diff --git a/website/docs/security/security-hardening.md b/website/docs/security/security-hardening.md index fb3041d226..4592c307cc 100644 --- a/website/docs/security/security-hardening.md +++ b/website/docs/security/security-hardening.md @@ -6,7 +6,7 @@ While authentik is secure out of the box, you can take steps to further increase ### Expressions -[Expressions](../policies/expression.mdx) allow super-users and other highly privileged users to create custom logic within authentik to modify its behaviour. Editing/creating these expressions is, by default, limited to super-users and any related events are fully logged. +[Expressions](../customize/policies/expression.mdx) allow super-users and other highly privileged users to create custom logic within authentik to modify its behaviour. Editing/creating these expressions is, by default, limited to super-users and any related events are fully logged. However, for further hardening, it is possible to prevent any user (even super-users) from using expressions to create or edit any objects. To do so, configure your deployment to block API requests to these endpoints: diff --git a/website/docs/sources/active-directory/03_additional_perms.png b/website/docs/sources/active-directory/03_additional_perms.png deleted file mode 100644 index e08094b01eb0b6fff25435734ae3cb5d29d079fc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 55911 zcmbrlWmp_d)GZo9fB=Kr;32pV?hqijyUPH<9fC`O3=Sa#cXxLW43Z#&y9EgD?rfI~3kK&qMi-(ygy7)Rokf$kMMYFPjBx_tHH9Yid zV{^U%TxO5jci{}$y68-iH6Hk+g!nZ#Ri-E(KZ+ytNLTloeZA?fZ)bSNkXN!RBDzK` zB;;mgX?5N8km+k#q?&7nEKI6JRQ8gg8E4hJqFx=hFWl}{6QX)1GpfNn+-A4awW2Pt z8-Gw%&SN>77@K+Py_Wu7f6w1fa^j*+ zpOm}<9>O(CLUMmhqkjQsC8~f}&eAAutoA!-0JH!TuQbhGm3<^ecALqK1s0P>q@J1( zVF(t&*;2=A&0dho(o4axm=cv@)>Hvj&z=Aj)Xc=#J+5Aj4Nwpse4R#w0Nr2*M>bhg zfNvcJ=5Qg^Y=G=Rx!cY+IX^=7><$1?-4>w7YnPu1Hj_liP%D>+K08!sMp6QKjpi&z zNFI_+`o&vl@rovYf25$NHqEWO!@3`+ zX=%X>;M?g~4)Py7Zg&FH{(=nKjWyd#h7wIVKS5%D?h6h^Mw|So!3^-6w;iUs!r4=m ztxEaZ?&)pcRZ#nizpgj8+SglCnCc!9d|98WxJV4iRZNhV1Ik<7YL>~ZR>@R795&^a z^h~W7H2zyBH|7+|ne_2?M}r>E9&DFcG}Pq(B_@@7edmIoMB@w~0P_<{ZK#6We@P_1 zH{dq7y1VlFk*)R{=*Rbe3H0Ot&khqm$Zu99FaE!4_#iNyQ=efNNPc{?C@V+xd6?Hs zp(Ep|XkaN>ms-P2j5+g37!i_ixF>nYC#C@G>Hx7w9(rzDa|h7OjfPzxu+kh|f8rkP zlRLeOS{_57L6M4=_A#U_^kv=X@L5{5b?c=QFb3rR3CB9XX|`^F1{NovJ( zs8_vMY+TN0ut=X=9Zzy_zNLLU{1%^={jg4jU9=+i&ZDK3@EmSA%m5P-M$o0iR3)8@ zNz_~!^>TYn+AUgO=NE@P@yQ8l>*yufTRFKci8C=Rs-tN7-Tilr1w;3BOp7RZZYmhgk57qXTv-xO}Zvkz^8DwDNp9K zX=2v?j!zK}xkQX}?g>-4`EnFFe^-Wa<}A0K`b_m*g?}TueOW(Ju$E?<8udECwApWJ zyAi`fsXd##B<%C`9mi*5ElSU!dOOCunpBviWk-fJ>UPl^~jQx;U`s#?*Kh2&0 z_iqI2w3j@UR7`4tv-fG;!%+#e!yYqD^sJ&=&rQX;kELNrIKRPN*0FEmlU%?3fcF(T zcD$uH&F)-PhLZAmlxeV;@CT-5(4kD-3o-X#kZkAYlpnS{;an+0ojJQG2hEPkhBluB zB)`M5K5&_nm*&Q|@fnTC-ZpkPifGZh%&{AGPun>1Im-I2XVH+m$+$^3P?l3^c)_S^ zi%{jlF!SY95}rTxtW4bpM-VkHHRC&Q)7Ui9m;P=mZ6+edeMvuLC^UA#CS+9^;wP}- z;Gnr7(F8Raw1^{x=gH7`qFLYr8m%NvHtdkXSl(e4^i^z7? zdOKr zi_ApY5G+QI+k5YR5LCxpyn^P^4ASHhYp9`AEpF(552e%>Bj%*=fpp)RdQ~6I@Q;Wn z6whP$x$yvfL^2~nNBpG`;swH(kkrWnGyqiAK=8lXC!WLsL|Gvb-TOr$SSryTM8kK4RXIYEEG=%4Kkr&_~gspU+O@DMR% zbRZhGW5c`JUZ(|q=rOVBd`tmiSRYmbW*-sJ$&>kDW-3&!L3b#VXG*rh>79^V=^VX? zeiyRMT(2C3t+8{{gFsJ>^po<#9+4*05mqRyrm|_MzTQv!s#9ikdY{ouTJpnxM5t>eSH>*}SN!V=|=%VQWeZ-#z;ZcTFPd7VMWSejfLNPJUz~X1 zY6gB#MWIQNF6~BA*zROO@CBMALVfj%6kY}Zm`+eb8O8UQ7dBr7&EZu8GD?)1Pqxdb%+0Ve`y7KOu`{0W*n zv{(C61)kgm3(XV7a!9WG3*1xq!l=Roi^LO_Z+~W)Rz8(GLXo5=ry#XNRAQ-YCl!*I=0a^ z>gr&sfK*YA!NfS5ZbezX)91CZd>VI%rj8qKzzdHPXu3%5Np3|jzHg}8D$o&NGMb5G z-ug*Z+#^Z7`Z@(1AttN6(D4X6MKaW<0;iAzNOj&h9^&{PG|NRTm$(I|qFJklnqN-D z5m|=jIzw*W%wxVeu>5SyUU<14RRq(4*J*ZbXT45b_~RLX_dMdwFnrQ= zv_O_bB?Kj98})VWqc;uat{NZmRT7kqhsnDcp58b)zAOp)?l90^MHb3UInu@p2mV&* z%w*rldzgC*LDE?4OQRu6|mI(0ax!-XuAk*6`2 zE*@a;#9YpiFqwAb7f1$Aa6d6pI`z+f|2s8Nu%htd9{2tHAp7nw8ZDr(px_^7gKz$C zJH}!_+i-NTL8@j%Lq#}t_`gF4pHZ+^vcbexGQFKI!NG{knS8FCfR)Z&iMWl!97U5J z{W(0tP2Px!orUJ!P;y`1I?G_8s8rwlUKA z@&CP+&-+kfZa)~PgZ>rJ?|WvtO8ha(32i^NyL~2`l8@2Xb-AYYOqvV4T}LYj_`Z(u zEF{Z$wn*-O*B#m$0M8lNi(G$fTd`CPq46(J!q21rM4bjT-fE%KC-_!qy%sc$!0|PO zJc{Ojsv8X%K%P|DbM-|`e`F<=eq-6gU(lWQfH!NpwObvG zuj)UnSN5eq?&1uS`@i=7pBDdTDE~G6|K2&zktcY&(&3$ular&PyuQAEe)|tp0_Ekl zC?Ke)s2%b+L`3v(+yd6cHuXA~t<*W6YtihPE`KZOZJ2GSQ*E3G`VR7Y1_4k}8OKpr z`1w=*{$0lxwn&uPv@F&r0f~HAI5XbkeZqq$tblP0Oa=5 zhyPa&j`sbq75{EYE-}SKz0E!m=dFf(H*qTNC z?CmdPuKeel38b2)P4H=X>fk|M zsYW0J+_j5Nrk|g8@H6pN0p2uSt|0t(03%D;BWXJOt0^UgXf&&_zv6y8es(=U;L0J* z3Spd^5-;*wKP%OTgd6XAGx4wM@1~ERLl~=X1jic_BQdOk!o3OMSFt}0quM0&!YzAs zT8D>d#|yPS4uC!UeFgp52so+k1>Xp~&$6HlHUd%RnH>*swfTFSSpk3d>=_aB*nZnvG+&M{w8P$;-?HmsXDJ#ZZn`den1UxA3{ZddZj3XC<*;^gs^SEhe zP-*M&E(YIe%#37J4lFJPX*=kv=c;p{`I|(@BNLSBDzX?<5F6cJ?R1}6Mz8#>HrgsY zVzRf4>7jk+1g|*r)-Pal{nYuqMV#pEZ4T{)G9ZUHa}Rh>&!O0?WyUgyi;c(wcc+yJ z5~~Wnp#eponneXi2ISAW-N~7@NJx!=%Tc|i{q{hIxn?u^1V(M;&ici9ZZBJg|BQ`g z7Zm*#Lwu%$qbY#>{);d=uq0_@T%qZ8Ajoa8nd0dKO_L6uPNG%R^{!OscQgF%XDH#e8P_6ut@3mv$F29S2)n-1w z1sB4VpH)ZW-W2t`epza}CFRmKkkjWB=;4FL8L7O~dh&MQiZ~?K1`|ZKoQxo1&;QwH z2Wm4ppTNRFG5o96@zyP(l8Lk^&SlFiD`WlhvW_69QyKwpIib0b)+-PnXr!FWj{>CV z37L2%`}bA&X_*3XNyMKln*@qKI!WQ}iKbN%^jB{;uWkkVNT%-LDfDqDlxZIPo_Fky zg6%7<26WQ}^F`bxY($9hWKjf0-mQ5>HJ4+VmZ`iy%hG=B-nlnZj_cHA^UG()SaZC{ z{CV)@Stml2Z44PgVRx_YfA8{s)3J7;givEHwm34SDs+82clzm8WOcIYhOdpSQ#@pj zg@pTXaQ;~9_BOb=|I%cyga1dmypL--qf(^bFQLV|;fs^UcU6p_R@1SP?d-F&cC-7F zEe6enjF@Cc>_9MEz5(I-)J@-|$r6{n4rp$J;1$fuKE3+x@JZtF@nEdO#GA&>Z4YoX zLZa$XLyq#~XuY#kT?Q$I2KZHr5d$7(vU{RgdkHKv*p}CG^rdyn2ghs2umvAAk~jLr z3RP33Q%(eW5~E=tYw~NvA&qmcS|_pT;wg2k4r=^UZ;+EShJ0X^pEPZ$kRR^0h~3#B z(Z=UJOx;h2ee{)dG3N$SH(N19@e%TF9zAd+z0GCQkuE$mK_BVPYq)W1DlZJ6vM7Je=I5;K5?P2F*(yBKjV7HN~6Sn&ADcNR$m0g(U5 zU*CqJG(@;)l*A~qBc_<&JN4%<^-Dsi7lIjiaKSTi%% z%qa5(@7osI%o*|V3%#GG1(ExWS}ihyTqUdcvE&+R`LX+8E3Z|^{goD(a9N%s4q}@S z**g|CoY7ev?kcf({|z^}U;N$KDp3z-4^IN`AA-DB{o;hk>ts-pmrk- z&Gx6(Dx^Qci)bkhozB3eSTT_ESFW!(E*Wbgv7D>}JFlPsb4X}F-b@3RA%APgO8{kG zMsUFL_@SiMD1O+}PXC(9TgfxKfI{cg)XX)oB@c&H*K6qF=pJY>K7lI!4L?@y@pvhJ z`{)GJSqPI3QbOkG%&X2q^f&tV2LkkFC-dJW0|0X2MC#SoZ+Zq();dVHq4yJQI~sye z#r3F!35!EIMbi>>SuQK5Z3&Wf>>XWE1E8xnSCX6Mc}F7D zg)sHAXxI1DsW*VRmQM$O;9lh#j}EFM5=`@{EG4YTf`t3=nk<|sl{dKCd%Xo5BD;ca zHoPEBj-RsqK@Ttx*~t;Q8U}Zd9)f8BmJpd1Fs)*9(tHrmU966$kVIKCxUsfBBK%jy zqJ;j!l4K8@!lOhY^=0t=K+{V?DGD2|{~b_)uA%6@B{4(SQ4yN`0^WN@hXXSpA;>BP z*#8+JLJ;E(3uf$gv!coOX0Mn0vS?4-Z>4;QPM@9&`16!YK&qzhe!_tkX)hS7J`e0H znOd4vq6F-$uM%X>>+)_)2re()dfrx;0{y?+d`8*mSi}xSu#4aqNL<_l35z9wugcC> z4V?C74Zz&K_&{Dwmp}UW5&F9elP&S`D3aX*DZHgHnUjwE^cPROrbC?x*$*x{rogks zjkh9zn-XjNytgNoi#H}fTRUlTju*o2@;(u{H0}@lP!kj|{i|&=EhN0K;M>-c63hLc z&lh}I{7Uy;Rw-0UBrT9!e=Qb0HbG@1$Z+2a#*iBSR99kN!tYo5k(e$$+U&jA;56>@ zFFZyvSkV2PsxRAJT!!7*th_5yOL+77f8{8X>3ArIQ=Vs|xt3ry;?Uh!L`7*a!{h)| z)8R?SN1O2k>(i&9sxaav!QDO zDCk7j276RndMmjE)tIJSm=#-*p?ai0(5)B@*8|Q(PAnVbvkCqCQo!!7jt{il_uCbd zIb&M;&M=q+J=E3@%QmuC6@NP-!<4}q5y3lop)C;X9lL;IMnBrMIdSb z49w~eXp+s(y+=R>K+I3)Y38YejUkfU$>&YoZ!Fi<04#Z@df0-YjExfyB>WZ1)Tg}a-?Idub`gX5zsQBXkLW5~Kg_Wz(fG_F?mYq{Vhfl!m=YJRE>rX>32-+ANca|L z*$F#6!n!SS6dQyJ{epuf+O{#NDm+7}LxY=WCHRt>GXatO7r@^};YFlsNbn zh$iFJlSSAsI#u|Qi(vfF!hQIpjy1>TWpl2Befy<#WlXbz=lpDrxG0Wzb-J@#MJq80 zFWH5YfiAF$t70W1@{{P+RPRP7=L?73n815Zg7Fq}u^fFiH0y0QerF;!!p725DRKy# zz@@6zrUDjpI6Y;$6SqH&r1sS7xJqyY6LQR)luII#c$7=Ll7~`m?>o`r%2Ael8%pO- zzh2WMR;lo;xQPiRPGvJ}fbwCuBQBUi)5R5GsS`f)>-_&r%$_MfYA4_bDd&8QX&&@s`xz#8zCXu-)=IasoiN~|+c z^BCt;7U?ArbpujlN)9v8GR%xZGP`ijrC0uO6L2a653n=IrobdQ5qHw@&j-zh(>eb* z^vqm13lIWd{o8;sL5hlsKUAiZzN@qaVuF4QYVCj0Qdj>T0{<4q$5kzUeWQ{bI3Uug zGW^dyq>_XHP@y^ih`?a}@dtRs1^%D-e{RV6FYo_&ssCROvZDf;j~1l^tk=-IGjjpN z@Jsy?0(c5l({=+BwL-Z)sl?oe#a=SjJD1M9ggguDo{RoCb>2|LNV9B53J?Cf@n+&z z@MMhad6b%-*6Cyc<5^z|$z;x%^Y!kYr%FQjPR3V1%MOFAPye3sEb^ynEV1bO?|J!Z zd^WJ}*xnMq;jak^S+_%j?(Wj0ahpgqu_!80^>||P*j^VHRFn9fs)_O5jTZPOO5po! zvaXi%g=gA$%C(jhd1T(bVID46*;M|Lmc}z<*k%#;Roux(M`N=3WixQ*p@y~n>dk1r z$ta)qW}sP@ZRfn#4%W!95`-RvOI9KF#7yH2jK*sng;z5dk|w zxiE=q^SfR^c?5G{&D6~L-LxV&5RuVvuk#uj3>U!qZ#N{jsCpbgOP-;p_$|lF>1zsp zG>i8!+C}ZC9gK7vF#O>73g>Rc=*NKJZ&dm3pyS><#$+qJR%yUM<_L`)_O3@zN2cub z{fj#me!u~uD8aY0t1PJ_EYccl6YOTEJ5Vt!46sP5xR`0-cVv6%M^eAKb z9;`gi&-YCl$KN9|1$xJ`LzU1ja=$u<@*bRZdZqh{D_B4G4|Y_t119%W=&G~Cg9mJt z!{}Z4%$M}7O1As1yjCv93EZvoXM0Zf<)xb)Mv6~5i|vYg`8}9HnmIuH(WCO$ke3nx zcY(;Ixl536Ns&gYnVd+i^8e8S_@&r9b(=TYu6MET*dSJrk9?GXTgfIt z&^rFrdswKnjY)`<6nb(CdNN{Gir&(8TYOCoXhbHR%WK|rWFTd|?sw=>6p=_b2lO>6 z6#wa9g&*MbQ|9E#;>yN=Bw&Jar^bu3mhPimf+#A0kF!n@-9E_&JKdeWp39E~5Tm<6 z3}*)^pRe-yRqR!MSGSo`|JTD9(*pI&lK&hNDH=+=eu&NP-OAx>D(4kZqn>jzv>N{= z9!<&@3uoab3Jr)L%?GD`WpXDgbY~+Z&k8CDMNriox+U(tZw|}KtBTp4C?GN2-;h;W zQ{QZ>1iDd7$f4Qk;8W^m!ia--H}eBzyk?cmKdnKu$!cSKxxM$hWsI7yFZy_(_)98% zgvNOR@l=5d01BQz#G=+7mOu}%=DawAsixDhhQ)6YO1xLEE09~_^3SIPGtTKb-BRwa zbS?ilR)zPx)o6g?1=azFIH9ST3m~U*|H3y_&8CYB0QBi zR<9ijo5j~@ho&VdlKpp`jEfZ#%~>M-ZQHx(){x0vsHeBW;h@QsGF~}r&O)%uRPO@* zxUgOtxAm6wVn8W#PN{0{>l0GN-$(%J{xzAD>ANsE@Tk~@`vH^@*8yCg`*jG%|8?J5 zLAgVYqHamm=6|f2WA9fiN)Nu$JJOItii(Q7yu7SG5A|1?u6&i|@9~94>HZsQHXFa@ zZjE>=rgY+??2x}1T!m>+k1fG{p`rij%(+6rYw??n?}YcW`E+iF_$B|1E8ouUdu!6~ zq%n;Z%|<5Q%=&Iu#_RMF|5qe>jtFv69g#Pww!4WT6r7C-nf%`;;FdR_z^?x5SU9vI zPW9@iov`J9BOj-+2~b(YFSBI~io>i-*f1{AP0tVRNPOy}*+5Lf|mQpKW;T-@B;9o3I* zd^V1zUOO=ISw~%k9av`RT1%I9Ogf)gE>yyM`@g3ar9jGG-c1Zz_ZmdRCpI0NBi#Ub z2qqRw|L{#nOGz2;@V_+&nI>9N# z5aVR?U5nQ5ywaNjpP%o!>~5tB<($^KM)N|^fkGYVvztCsrIK6#0HC2vtsZ&Xd~}QN z1KbQbX#iYMP&Y|{8c0z=fmV8) zl_q|y4hwhfrZ3027rHf=zSH6v=POPX67moDh#~--q)>s!ZhuBr`&*ncdRF_Xb;TOd z>qnmZS2lsnv1>WQoGNW-F^jGUqbv5L?;VP%LeYp#DO0X-0~M~h%BEE_q)?LF0~Zmb zlZgk~zJMG*HUHA0Z)4!w!;IdzMqjzc8>utuUA>^9SzC^F$#lincI+fyKcN7llXR~U#8&A(-xosvaJQ0hl1&BC!u4kusvpLBqko#!i;Cw#isfxl2 zDk(xRA!3RVZ{60d7EFHXqQ7;bnAB<9IWPySXvvQ7Vfagw5sM4!3etysC&3Al1 z!nv<8cde@6$VAeghof!OlrGQw+N=RM7lA{b1Yw*SLX&vEL;W?Z1G=A7Zfp1789If> zJ$&bzGI(Js@*kPodf?jn2zio6r5>LlnPOs!-A?g|q;X#YNI!DKLsN@n-2CShA<3kJ zxeu8$N)k!#IYIM~8_}oOzyT)DTlx1Jb%^9APD|~6#tp0ru(iJ>p9)z9ZxBUaU?C1J zY8CsIKbJzEd;dK3a`UZFgHtF$05pvEV)%ZSzoOhA@mLwT5Bkj4tiX|Nz0OqAX^452 z6@!R}*eH?Lr2R8-0CpgjQ6SZlN7EJG&zf#38_${S6q`uEZ;{vP+%-OXPzF%Cm-6jeekVn zUzSMZ)$VHjsjWL}xGc;^uM zu^*-0DTq8FCgU{b1`L(p*|a3X_XUm#%=MSBRtS76Wtacybiv*BoKsQG5;F--@%rk( z#j-ayi*S--N0!cmF*S=fPyTnTO3PL{dW|;L{C)Cum9&F!Qsz1ufQX|DDh#u*7hT3{ z7NEAaZi=ZX0Cf-wfSL-)i@yiCm~f^#UTr(8^D9!y2u0hG)-TK@XS&6d^4R0?B~S}= zPvTr4a|yt?an6wgr5)WOO5ih@F?V$LeY>+H9<=a^8B{Kc+`UB})FE%6qQBQp-)SlrOYjLCDlpJCeKgUyZ z3rG9;ZqytlGE%K}rY0@8)Us^To;x)&qHbg(uYGR4tExeO;7-^#ljxx`36%%%-vWaG zA`@Mny%iynYXQ9)r^Ij0p$1krmaU(N1U(Nb{E^qcDzptwuC^wZA(<_lVPz-TlzuHK zC#_R@+WUe_aMF^spHA_uPfnb!o?WKyEiIxbM2SMo0o+O%;aC$kjRd^X1d?mFFMNf{6^J z%^bvHj&4qn196fkrYPar>s=m4;N+y8;bIq{_!Bz6$IF6V@`9+tHKJ9?&vE0J#1*x? z{^1-E-jP&}jL?HwP8E^(g|N?T9M6Y789FeFnX0Ff9Tm%QTay(=PixVAnV&w3YdG?TCeZ?T215m!k$}EC+Rkz(CF${tZ6vL#{R15I-R5HNciw}o7y=j!Z;UQ} z60f%PNEM6!c=jaF;evV4$Jz}}H#l|&$y|L&n}5rj+R)4KE{QZ9`C{}}ry$K>*t*~) zGlcS&36PGS-mV(WYXYQ*)+ryr!BlQ62V8AWcu$r~yEF~a$F9nrOkIF3Vf$T~ZBGf( zCdxBm>9d{>MM|h6&S+BBDD6qV!7tCpRGeys<{Vur1tx)WZ7&xIe;Og^26=*VU_u>t z5H^un^C=|tH};A2D_B)G6i(fYMLK&BHwj$NOO^JUh`Ah*&?^3MxDhxx@hGKTS`~p= zMeqJNOu(|;jW>TE4wz`%l5gEXn3kb+ug`Em%TAI}O~EOX^_V6^0Ve6%cHR6b2Si-G zr=ZOjyO{OJ;1FY78hfSCfqvWo~p#Vr4hw zPVmckWa?B5D)Exe4S0>vTxW!1n|v=00Y@nVe=thKzYk@Ya>HzYqzvtkhJAwzbk@-v zSZ7M+yii|ByGj~*s2A+=?_hD0)FR9Y?unGmTSr?uwoR!l|FzbqjgHk8I@Ujz){awvDyUm&b=1>EKf-y`d!5z8!)zv#P(c zT!NA=yeOGQeb!URDUKNL=T``>KHxPmz{VXI&7-Z{IPuUW1zKI1G6}3wSWI`h34>LJ z)VlnrMDJ>uf(`3U)!c&X4=V3u4glFAfRjE$aP{cgBlolEc0U1-A|-sC@IoH>i2)0TMxUzN1oEuiGU zUv_PDN46_{C{Zfr*5VsFN5F+EWS!`0w^rLdk8vY2nEJMT;xHrIJ)0DmWUJUrd%WE8 z86`Hh&}}%COdxNY5(yHv3|y(@;lebcldlb*n;q{obZdjHsL1-Ek)?ke^O%Br(ou<> zfmXjJW8U-^I{SB05yTL!<9KCZ__yb;Zb4%tHA?lK?eyo#=>Bw|Bl?yuG$|>alsW8j z`!f^eC9F>aAnvI{+X=aE97yC%uIQ9Q=nmY9=ojptD7U)US#s{U5c_#i=(kpgl|9k^ z_12nQ+S(hd~MnZ~1a$)3- zCXRVVI#bVhdVi_uM9?6;#Mcx}!Cc~e0-YWJNas@S^$^JN)*CgFZ%KXJd~5` z9G2gB#J6uba>zw2;1xt5y>)w8OafS7z;v&J5qogDZ|bVzKQ9%5=SwkX>8AvCNAGdE z&t3M!_L`~8IiD7K$5)ClKl^y(NQS}#Za!A?6<282D6}}3`Y2zV+hLE)4JN%bzx%H_Ah#}&mVcaVMgfCx>J(EX*g)t1~18eo{a z|4$s&ZO)*fU)3H*&d-{Jw5MmBw#&W7&zFaJmM6wMM(vR=PrY&z+ENw8DttWcuoa8$ zMg+_96+Mn3G0a&!Ymr_gCweY~`e3gt|-E;Dz4PkzUMc7S?SW?zGRvTpH|tb6$$mKs!zvvx=u;^-2i)i26KqseZ?(lhGz4~AIyXZ)U_{a%y`#le&7_G5dZtj z)@&w!d~Eo{1a%6J%V_|u4KFSK zvPMp^QhZUEs8-ul*8YqMFA!3f=g&M%Uxk?DmI*ekc)P-FUA5{bLj8KM`H zM*-2(D8%t)v7!IKZ@v`D^3G4ts-#6i;mUBmYz3;|24@K~mJfk}sF zEOn13w7$_9FaMTrWW-Byf(49>ryKqRMdU!EQkL^+HH_jm$|%Br6F%u~5MV7&KM`l8 zLVBsPETY=tVC15NkVr}4VYbhn_p6>^V;&vAOY6QksN*e~bc8Dl0#1jw7 zU+E~$Ec29_eEv89m;%o?JFO{B!2=EN0C*bT8!>BE9y#1oMUhW_y_L4FA;Q+Q`NS}7 zzNN|bQDj3;%jTw~qDnlbH8tC_S|QP~zw4ext(x+my{(h|mqLdzcOi32=OC?1jFU4li>N@d@()^7+k#P_LGGyoyakTwKWM=r%dJ z;X+~#OG9IHYcqkyY2?N$2?{f?wiN@chZs*f%8h4*SRb_N#c$_v)ZarXlr z%n@5tf#AmDlTNJa!_lA@S)h)>lZOYkPh0 z*aEq3U7KW-Hg{Qm`&6v>SgBVC`YU6jJ1?Lu#(Lo6@<^lu%8dIEA*2__k|~FyzyGEP zM(di1@x;X8ex~;N2j=}>Zrd0=SnjKJSqda*^h`k>vyjbPc6Y;O=+I|KOzJKZEW0C` zIMQ*>t(K!PkRh*gpvHJii)?HItuxspKVV_R#(7I0T3kgJBRCdcxzy(};&*-uO~R7i^d#@;CaD4#quL)r(-o5hEXa$S*Za|GKCyDr)Ry6mH)q*1RP&8lm&tDKWf76`;Ysh zQbyk=?I=caF);Zq-rbnbW%KoA_v^ zsokj#n%>?%S^2ct3cWP8k-H!cF0JM)xNGPULq0Y0nd;cap>?gLXdHNI-6}fWk z;zD=$HELH(E1wTRAqZS#s9hu(?DUX-YG!dY@h`c4w*4BtAXe6x-Ff~rjJoNsHJg7P zK2%JvhAW#p{6E@jlh42+T%b>AT4pq;sV;9c2S?NX(=YbX&-eMC1A~Ht|KE&8KqeO% zvJ4F0xQ#yzXugB}DF!M;uu}v;C(Iiz@rCQ4|3zpQK^?v)6b5nG17IjJnKtS>wx&Vb zB7*HC^O6VJ3k+JhR~-ImG3%rWep?kr}SeVb|<9b(bwtpo_-Dj1HKLt zauftn9aMJZrNdbhb{pC|K<_e`d6#%TH-KkZ*EeQb~1A z$v3kLcZZ}B3=^CfjXXNN_x&%X&jgrKKf%HEBAih?E7#+fC@&>UiKU1*g2cpiZPN)v z6kK(ddcAZd5^yYkQ>=@Nl-JVCP{s|kqv8)8nz@X-oW;7vO-8Qsq{B{E6rCIVrn};bq}^P?28+ zZP^zSOJ-eY`Sbp|Qk`KL>%59DRZ;7cB8E|Nzs~QnBv-b5k)yThUv%-$&WKmr`LUw3 zP1JAwC$6iHfOXX0%0z z+Am4#%v%(Np+l3dLq4#zaB;kvAB;xwr=x>Iol*wlR!{-9ehYzXl*&@8rf`QKE|mb6*RrJz+{y5VM( zDo$NGja4OE_mSo$k1T8ycqtTu{xN3(s;5(St2VX2`3xx$@L~jv67UgXRewxseQ@}5-(RQwLn9IVVQL)B~HcU?|H zr+ZA&airom+DfHY4|8S6J5s)Otva$HfS`0NyX0F+EG`V4` z_m3mq(NgUWY?FW|T7oFPqP3p{hXP&Sx26Qg%c_ZE(wp*pu1*-$8##`o4aVD~r2=fZ zGid39Tf7%j&yJ#^9PWbZ0x`g6+aI{siv?P8L>d($9PT${_H|kQ-b#YFiv#jKrptA{ zOJpY(wJjJ5|G0TS<~mZ#g%N;19H9N(_323Wz%6!Vcu=)j+?RxhNhxdo<$@ed0(K zSQku6`}|V)X*li2lR35m?{#tFc}f+QSb^%+{g0FFFWHk+556_-AEoGy<3WBHaN>2| zn@{>#TQ+cNMXXks&QdPoXJC{-x1G?}F~-79HHVH}MRJbE64^pP32qz}2$(5L$`}`c&;^!7{w~K3Yc84DlmDrdTo!wQ^@IAASlt zb(ZP{&glEkbS|eQk!=Ena#&TLbQ1&>g`GoBLo$}vF}KsW|3s;*&WIWX+*$@!4L)#I zOS);cvpFjv{Do`kobt^sJP25ar$7Cz7!838)>-wQaHlt<)#ujUvL5xZ2T!-0q?W2A zP<&YF6b>HIcBaxr_#>(r*kEypW~G_=BEIFCF^u+#U0|}jJd$US4JUKrYsJ1~vW+s? zb==T8x-&3+V4KBRh&A9>1)&%P1T@-Duml!StDJ`ld|KvG{hEV@vc*V)@of3$SAPZu z=Ah9^ESq`d!ag4Cla59jpxNTiM+iPIm04ks+kE~VL0HF|SHW@hHJ?03v}`q@F{-0W zKTDk_t`lRTDRa$W_X*1*N>eSuf|F&A;uhJ0SzU zto4wzJpGO=9=CzKw7M^dbNzL5*JgZj{RO`x!ww_=j~0N54zMe65sNqf2agFRNwggc z0(W?gaTas$-QMx*ri09u6+McIbD#RUgyzjVVMv4V)OS1GTJ~5o&fr1U5hcac4(b%r zJ&^rM)b)#gZT}8``QTNNQCNiiwLp))F9DRURF7vYDMEydA1C1ZRf6ko7)R9mX#B^KYO2|?Vd=rAJ}ptFg8Z$2pq0J(HLjF4*KajoLc(t zz`(ZX*)`su_trpE&kIsWz}F02JNYd};*%wc!9*?v5Yt?6V6c=5ESZ^3 z5lU9`#mxDA{)m#vrAYUCNuIwe5-ZDAb%E&yG?GGh)mS9WN-zTPfTLAV&)+k)=wkwE%dz@I$7OOy zvJGhf_*X^zv;$ktE~)(g;_Ix!+UmP)Uj+&QS~PfZhd^*GrD(C@4#C~sH57OE;_mLG zKyi0#iWPUallT43-e*7i;;b8T!Qxr}uw;%gesivJ7cV>V=SH=f$(@fbI?Fjrf5fVz zeMS_Vunzf37wl;0&KGj+f(03Hc3?8r$sfjM1N~BH{UI;p#5w7-G@5(ibInKSJ!h}R;+)_n$CN0&hck!sLhMnM2RlkuGlV}xqv zWEAcZkP~%-MM>R#Au!c&qBWTy&nbF&y=I zw{Jv+7UhCBc-RX!aG>QwaXI4yzy__))EfT7GgBvxqc^?ctMUczfJLmVskHIZvHWd; zG#XOqcz*IJAq&0DNj}=S1h-+*u=&b%bYbYM!)gk|MjuGxckh9ldB?KxV~$$)&kYhT zNn5duTzk5?GFySUs zckC{s#4Z@WDPjuI)7MGYcbv3bKW2x(aOs#fT{uMA`VCG-F`cRf&OYlG3mp3Rc1!KC zDoooQ2|z1_yQSC7Mw*BVI$uCqEk;uNf?f}h20-G>)=wgZQxE>6a+{`50`6-yKe0}` zWmm<~cw+&t2JEjPg`Br(Pf;(mqX$RdwZ%^whtzsazadN{?fzW#dnA|xKas;63BfF@ z&lGT$RusxwBRX zwoyc}BWP_lwfmiQ5D2#XD^Vq+>#Sjl{oDu+!XCmZ00?Ipa=6($xz%A-nJ+m^G?DL& z=G|IP=q+KrRX@(ADu@M5N11xX>KAYM2FH>!--qaQQ4kj(G2Id=ctmi`uZRGa{BmhF zsVZLu_!4T?tyqBMg#ImGZ&6?g={K$F)48Rnu8&0Ya33r7d)Z_f!QyT^K5Is~Kaz!g z8wlQ_BMwZHqCafGdQgH}CV!OMTHy!Ja0gbbjpx7KskfVv_M7-*|NV2r&N%jq@1sai z@6>}l$Iz^4z^$I~OPCSt>$sL}xR1wx36@Uym#Te=z2>90MLP4VQCqUVo9m^%7)pOhYu(bKWrD zCeKAOC{C`RSH&yWw1-mxWvNgD z0lO6!?U;m-T)as@E_9fM=E9P(aoLPqYYb{yOyjMbR!lH2S~O>dEmX8>gcrS{oG ztqXr_HjYk{F7+x=)UwP>}{{vvM=tl_R9 zI-|m>x(M77l1;-9m6h4%D6tzgoe4aGA<)xKbs&cCzO|4fxBfFTEr$saWtVMl`2~mh zUxy{%s;&r`zuCsgm*XOWzfx+Ms|nU4tGb?)?{$M~+TKOA#Df92$N1QP{birCOZY|w zr_<@-_zOixpU0hjw0R9B<_)&~R*uFC5kgsO{b+8-NRXOs`t_G&EY!z;G;JWIvD&%) zMnyb{aD3-8xRXinqY%CC4h~pFMFMm=CB^w)8$dYv^_4$~Y#-!hsy*B#o%Px_G9mkX4Y4R`k-b6lGL(Y$cY`eZS>5Q1vPFwxtq za*X<#_rPqtc^g(;e3t=avE&@~KV;mU&#g{*guetk)*;iVp2-6C(eTz?V zh$|lWc>#)~$Z2T3)RF>E&CoFQ0%`emN95Q_Al}zTn`ByhSq*!Dm7#Ug+~V z@-=bod8>+(7rNzHX}RL;;_9-PndzB*eZTFEQARs~)2(11IIwug9khqkM?3L-F@HP@ zypsPKrp{FA6)~uYyORKDjvxMeXAHg#8K-AiRn@<-T{~_`f$^$A(y74k{()t%T0sE~f0UR+lV?bIHzTZKpX)#>HqR1af3bBM3ZPzO6sW%jUFD^25G+ zYn7OrO32=RgwW|R=yNztv0%srk15b6jx8lp@J&2K4zGJ;<*FaCnocb=&IG*l_3?Sm z_Y91_scR5~w`Fh5SMtE#%8+i!JgnPg!QU`CziN&2Cy7I2E0iAxch2?oE0>FgT zkbV$G4E@PzVe&IPY;hzYA)wd4X>!fkm3j0{&eM(^#2%V@RaPx{J)V6(kVMsv%(az{ zRaM0mi12bZgwVW6XMuv2Q~N* zuKvY#3O`SVFJo)BMO(D{gjLE*{*{nnh*hLcXD%aTbeDpIItbN}A%rN`=_;>GW^3 zVG1wdEp_x?$~nks7GydTl5q=viY=7B_Khay52&eOtI%pHluhRXkP4`O`X(tU*{#rh z(iZ?<<>%&&sgC(bhTSeG6ME7>)o+Vx**@Chy^jYjj5KyzAG_FF(M12*XuZsCImdJw z`5p@k3xosmvPU41E<$XOjqmDwS)=5RyrfMT_1{~Fqs|jW+|z;C1aHO(#%fDC{?3-L z$)?SiTr^MiJyN?)uY#D^D%M_X{PJA6Uw5o8%GQ*-E=_bR`?Y?GrX!$Yr1KcQJf=CC zL%BJHXA6+8DRWJD(NWboZd@Yeo3f zT{L7_rWh=2CGdTy{lY2x;tz|L4%IDk=FfI_EU=(U%=J$$pMd5He@Qf|_5;t;?11YI zMP~r*ef4g+S2Cmdml3uAvBXRrejC(4A1sez%ejYd0YvxX>(2-*B>ef)?W`a04nqqA|Z)FSr z;tNsrsuGyL&sJRh89M=fEAhyr_-f!pGd?|mii zbPu8JAHx1>wk%C?`@nf5bi{=NbctK=`9tv*yI2m=e%u$^*#_fbB~A~9JmjYJAZ=DQeKSz7S9^+F!aUs_Ix59iBuHt~ zJDtdb1=Wc-UhcpK$NtmwM=qNz!4Zt{r-cJLBp5T+>fMdw-nX@x~caS z-j_${EQiTvbG`90FGXL9>X-s?1&}Pmw}Z#*uK6ThWk4N3&dG#O_|bNG$|TzOx5!k! zYF>I|#VlE%5WT5709qYfvK~$Tk#j#5<6@i%FuOkoc2D@Cf57&{>+6=q>{wxp+z{50 z{QRddivVa+tKkylBAR6X+kp)@6mnXjODe;C1<@mbe2>V@?-o;c)%#R?rXz$m>~-(& zq|uzXk&X|l@pPoYi>qb=)l<^hqfh003(A~yM|TfdIN**&l6&U?DSm@PyxbY_4myn@ z6)Dcnz&w75MH>~wUZD5e+x3R2TY(3$vPV$6)K9`&HN{K|8N#J3L5Sl*<5XOtrfIYF zrND#Hdk>BJUPE<~&w`hc_(`us6Oo=!fe~_@Ry63CvF!1XkW67ug zG@}0N1bW6-fVq48XeZs)!#rz{#z`>pV!E~cw7(2E!`}Pr1bxj-CG`7V;Bz123Lji{ zA5ZkJtzvZ3nh$#5`oSVSzi6U7zYxoF>w{OtJSwfw>{GGvMCB<tGwXHDz~|>5T#~mWNLo6NalDZ_C(Fq4m$?mri-sdr;EY$WSqI zhna70AksbR+0Lh!s=H{@m7hHiPYvYgG)%^Aii|?PBX!QJO7fqy%D&kiXf_s_W#%>o z6%@S9Yile#x|aTU>{~3z9<&fIW<~B;L5)|w6rzi_ZEcvSgYBbu7p3|{V%Q}awR5Qd zG(r#9pNZP$e6EO!ytDR0Q^g)NyKTWjT1l#Lq~0E>$@d<(dbnG^x*#Yc|COYD0Cm%4_2*}P5kV~5y^GPcV>FX#bLD&TB%c3{5r79 zR(~{%c_+McJ3d{bdLoM42iYk6CLtr&1bu*OeBg(%7$5{-G!?Ka)^u77D(6PJHm>`- zs_YWn8a*yNO6rU3!I2{S*?dgl=^H)?GsNhJwbbp4RRPbSH{(9ntMEX5xBFMA%Nb^q z)vQXM4-{SFwr6Wy{A>dHU@p$B@vTwJ+aKY8pZv+Z$!1@p^|qXC+rI`kVxOq!P`fsv zUG7~M6;0X#+n=~>iLQQJ`)=L0U*T;nM;LFcda)ci7ua;X1YTAJ_mmwg=ps&c7zJ*i zr|Ux5QbeMfX-3CgwTC~!(K!^%m_tT%E&lN~1a34J#@mm`2g-wo<6bzUKITOdq*crL zZ+2N2wj;brmc`fNn1wz%u2ICX#d?1MVD*LKms7c3HtR~-8x(0AaXfAcKcrgjc#w-6 zz}_E5*U2Ir&p2&<-76HTePu|i*tXhxrRh6?Qq+x8Np?AtBsI@|2L=bo>HY41N4?+x zd`Wv|B# zWCxpQCwMWNWS7^I#N53Wd1dQou~3~l<+B|@IS&jJN`5);r_ra&%k67#Lj(01{Qj4B z3OE5XHa1>@{4Ekir1>b1X=wg|<)%&bkBVT*rw>9hmh<7KmEVZJi5X7UaBpmjJE%9r z?&4v6rNqFsUh;IozKZ93pP~2ymgT)GuoON@YdllHJYb)X9v+Cff~;2p8Zk^yr;o3o ztrL0TjBQ%Y>`_(adBbG-q@ctHaH9T9?b)5z!&G10tKsulhn4{k{vsfOZc;r-j1^rX zc}5yIn;#ogs278ti@8xKs~>h8W&qNbA31ZEygI}D*hir&-LDsy!Y2B;mcvkgXZI)B z+Nk)v`v~#jc+c>?y0!J_uMdop%&HWZ3FRprw;6a)K0_!{V)0rpY4!|qB!Q0@C8fM# zhZv43tmD>@;rxC`67k6RrpHk!V=*GTos zfY-b&&9cg3{$B4%+=EY>6@me2u=)fWC%%)1x-!ryew_^eaBu0U})Bzt7+G1Xr3^J$oyW5YjHx88!K z#Fx(Mb;rY-~QS5UH&UWN2T;Tt6JEzp(;7rS5zsvz+EOX&wzb9zc#stCxi45(wSP;}Y>l3^bb1 z5(^sedfsk(o2sJ%Z2u-mhG4{yqCsyxwaqxK-!+OxoJ1{(^k1?^5DXztvqis!C5{k* z-YnY-XVYflE#0=~!1qo7!3;I(#;HsiAS1XgN-n$q)LjrF9 zytG6u8GjJ^Ezy1i#2@;}*0PmV&Ig1TXkuCh2>gKeVH3w6?#$j8@(~?uYVH3xEZj2& zawj7sk(}CyAkdXDZR>gqtuq{)<2ETqhFZ9$R62+F5uj}ef% z4c;OEPLe8(_wP4pU+}I=#!%WM<>;NKdf7`J#Hx5P2ApYm%1q!+J{B92>Zk0x7D^V4 zb?z7JyD)va=QUS?dp#j;;;}fARBhjdH-v{)Q}!$(2V;ZOQ)e%Yr$Tz|_!^^@C6($X zLXN~6jUAy0TrZujY$ za4D1m_Rs%Ds1iH__80F0kC0Q3yge_(3nG(*RHXAp&VmwrHx4idmRreLJUP~99~?_= zSkgZ`&VRWTWaUfe5I)9%M-`0IbO`&K&@6`|KDdWQa8^3eDbg_8h3s0mnswZ=b}Q)6 ztOhtvkJl*d<+mCu>Hvj`Wf=5tHX%Txrwz1kG#&Q)X@owG0iK3Uin^*7CQw^jrjAw! zJui3+EDkk50UO=Wzo^$rWm=c;q-Pzo#1u3dnRo%~=?4Em+jZ{+(%jl1mmO_8mumv$epG z%H^B1sp0%mpe@Z)N$Mx13QbN1f+%J%VD{6D;P^xisxM$N%T(Rym8=BK?I6oHL4R>f zfVXNj#9m(0=ZQ$%u%enSDEE&+oVpf|e<8IA8n)3uvF)o-dx}-0z0^;R>jb)MZLzmH z&-q~wn!@HEkFyc}S3-)cW)hp|YoYSl5Bo9J9{O&P7eL>9wxsKE))_ULQCUcttWqau zad)(AKenzL%$ePIp0A)O_dzfrc{`JU-PRh;0~Z|!Grfcn868J|-s6@$Lb2&T(w`7<#Q&HVawWG!2XGAiTBhnu4f0J=um2nNT<*F5+PC-Si6%& z|K<~L?bn)o!VKp0tj0Je;CQ8@uW?4@%-~oEs!^vy_o@Kx!Av&!uu91 z7pA|`E6YyBJ(&DK{m$Yy5A(;ZwN zE{!)T7Kn-6zYuGk!8ib4pUd1_F=NI3b`&#g8J5uv9MKL$gY)PjR>$fe zj(5DcA6`}}{3VNNd>y%NG8W3c5ge2|RmJP>duGUbdwa`@2gqL9p`*z7*Rj%g2Sf#; zB1SI$`}4m)bxweA;GLfl+bbw5CqS&ZDh9Fn!M|dPemG+M*T1@%f}QLJ-xC_t!kgRA z1w=j1lHMs-Dw8c&m`Z0^RY@MdyOvktPucq0m&A1^H)=m2XC~R>gJaZz+7?nqm3<> ztHlg>#e0Rt&4-gle(26IUC7Vua;FBU>1p9HE$0e_-W|NOrQw>UQB^LJAj@`hrX_4h zkbz}2+&2H(r%%(g7qWgkN7A{2eR!y1;cDzNqRV2RRe$rwrKp$=%e1)OkZ2`g9JT41 z`kC2m?y>x@5!1PZOQFs2qSc%$u_E6D(`2Elz$tB4|7n6`(ugbTV!hVCrracA%zCf4 z$_L4Y=jf%Qfh?~n??Qa$#Lj$alRvq~YBOX#gmi%q%D%StS0!&75B&w%7)f&mqS`k1+ zsXsew)@)IY!^*n^MNSE{)m(Gf26#C%mP?GdNi&fRxP8IFi=D>)@RzK2++fH-hBcx_ zcjH33w-JwURv+$R#6f!S2rj_8vJp&f%qV$Vf@|)>6Uo(M0;gfGKQv2V;dsrw11HY= z{`&RzAvz?{0`A>2!6n^-kVUpKqC!~zM%(_o*Qbi?j4RY8&DM-c{SXsv(2=O- zw0mtxA@}Y^uYxUqqlAJDyH=p7;fGjCGwOeAPqhrV656$j)JzGp{lU?5mj8?O_!}4E z;k1LYNjVTchj(*m^Z{kvc23_F?{m~UnEGUxuLGt@=%xa zg(C%%8COqgOoDfL_DseRHh#4R_tsM^q#0>_7f)OWX4-DytxkR>4AIM05~dVt_@Ddl{+;qF$-M8|(+Z+o zB*|Y&)?H@UJu7GC{@5>Ww9yX@ZhP28`{$|=q5))^G~2!@tV+SEyr5PYHMLvyJso-` z&_CJv)N8X2x9NXH$OZh_Ez;nAIjeR9;|0z`(A~~CMel+OV|{l>tq4WxT=jNToI}g; z#6^-@(kh*y(gtGZg(~zVcf_=KoXtx53Hqfj z{;~xSJQAMXh8!1*dh>e_)124F?efQDGj=gn-G^Rbb2$hUErd&FNM+Iwf0ysdk*ahf z98;)+eh(e}yLL_l2;r&Y zI_+og>^(j6iV&+$)&a)jV$3&G0I$r6k;L{=aJ&zMHn&deES&H6wc4Fq75s1Tm-fu^ zdh#y46ZhdPKpI!7O9SAxAo+EV1Zy!P{&0llX#rR5?v4#sSzP^?!fL)J;p=7R{P0|? zzxVXQPEO>%V}$UIXnEY|qZnQ6KK{fWRMcYVh#SH?UYn^f`BWgCSZreUrAZ1)NT{*i zVm0_Kvhz=#aN2}tKhqs2`(|1HhDN*Sa=KGS94UKXRz<79N`33Y1DQfYX8~WoRHl<{ zX?dAsB4J+4oTZlYF*vnrzX3^^Opv5c(jpLBA>MsOcknXxAk>Ucm~okr%4^GvrcNG!M1UU zrhK<_S=JL=%SX5Ct+yS7drMHz_(5D0A?IhEZVu+AOJC1kKG%jB>vSpBjsrd=_;!wH#m1JCASB&-em$U+&%z+oY2W*sYo%gkqv#U6Qe4wmu zN||gtcY1}HoqXLESzezR6gjLqmaGqXUzR)$aZfAcE=e{TJQ!tAgdNnd?T6a#@m6N6 zg~6E6&;cX^Q$@o71LctKDTZ>#a?^{&d?QE%0UHQa$m$1gKdm=28|(FM*#i~cgT=?%Gtt;iy(KLC`{ zcn7 zfA!Sh)th<^8$Q6SEs#*jeB9e;y--x-Z>K6837bujK^w}qFr{O&7YCSD4S}>vzwlZo zR3Yl+I7VJhX|RhMb0*MN3JQ78Zy*TbOwfT``|}_jl1mH=A^d!p?;GeLAJ-hmUT3PT z#VAd7rP=1Hda+D=-f zpAEL@USD@=aM-zm3`2cRS=nH4P^o7`!T&{zs&$pOmS zyz!wag!!%?aEXYBL&{c+U5le^7>q|I#At`BWk44&+ije}ic`)_9g;Tw^!JRQITh+F!=KYVUvL)}h1J~)?izLZ8S`&t zwk}vr)gc?C%>1}m%)h3c_!+0+#kG4Ic!Oy+jwv>j|MqA?$0fwaY9Y^;YZr&nvo~5# zf9D5sf)p95sA(Y}F*7MGct4fHOZwkK*P)U%lv{ahNLCU(jT`yPZ?gHwZoZ^R+>aMQ z@PrFwFjl1PZ^)1_I^vA7)eYrvz#5`bWHUjOB;!H%rAnE`YCwdKU8||3*eWR=x8t}4 z$hK*=tvLsT%jDQ^ogB8YzrYuG18q`ZCKZWq;=neum@VxqgE|hQzyk8`i7WrgkugiQ zuG3GR4r972t@(^*ak5$Q?1%D*&Xy8flsx3p%(#B0EBPNns1tlnO>SR63fz7#r0a4c za#~!OtVpxUPd4nKa@(E5*MG#8kH7Y@O_bHqqhSi#<3dIocw+b8BFOP4ubh}B@yOF~ z-x#?3j8@0Gf`F&789ZYjQfpYpdME&+z&2X~_49|K?Y-kDNS0D*qfD6>L8!>OaiP50 zTqy!bae^d1xvV2aB?`IHyUVFJ#Gc~^vYhVsiJcWe5biwMKLC{h7sMY4+B(mahCy63yCk(t>*J{qi5l^7d30(@{wIOZyHGnla>Vve^7mglhEAWZ*E>5&?oKYpI@r}+bT#=xtreNZ zf#rE@+Iy;81$Z61(EP3Umm~!rXL`E4)kbLZuk77^U}$dZXls}CSWHfb5gqMH**UoDTD@eRhl%a%~}hht;Lcl=J$j*1;| zraV#xgG(H@&-bS!9IvDMw0P{FU#1;_&$;769eO*+<_;TZSJXK3_XB`ec=aayWYJ~z zltRpB9t`JgC1kNnpTDe4el)o(?&)f1^3^CK8T%m3*oa2Fm@26_HTfe}4nO{cbQ#Ku z&@{*QCAi~$m845!Q$FZ7((cw|K9UVRh?3{|0I|>q>;phNP(a;alrU5zuUDGO)|YCP zN((o-D3E0NE#NIc?+vgM0PmFMZ$!sb1t-r=BR|80El zgtC@Nbyr|C?CcGPDe7Tg*}8t=_~fpvCLXYmd7wP=9n1<F9Ekr#IMz&Ej_DIkz&OQB0I}*aayv(fIKiqge*@6dH@z_kxfjYIS>E`Y z>JOn9V=k>(fNct}} zlW*>?cGtgS3jGaCe|T-6T{V9Do8Tu7>kl^9ff z3wG)@^B~}a$IE-Nc{pL0s`<+MtR0(kT9B9*g*E(LJCq4G|N31hfjT zDc|+F3Pk*;`!2{}m5LM>3bq15I6i36tLm^Y&)ilt15$z-hQ*Z&ctyEGQ^C~R%*#p^ zwH;H%%k%5$oCDJS9Dg*#5BJs+uB^)^s$S|XR_NX zX=PhTw0tQG8rof4e@=3+T6D}`Za;Co;pJyUaMYwJdDh^>^>$%0&zM^#-4f=#AJMzw zOdi-3d#rY9nl_Z}tPmqOs^wJVK5Q~$!GU)i1L1g9?d*8idElB0{vrqxi1!VvccwJI z?C|Qk7TU5jl=!TyK_$U6k#EkrRB!va!J-4i{rt^m%|W?zDLQp&j1pgkUqeV^Iv8;i z?LKLN!qLc%v={*Lc<9$Eij3kcJHL*^E^g$}BHA16x0kFJOvI|LA?!YZcjRIuAGO@k>H-MZKT)tN z8hon2ka5(Mp9>!4;mY`4#Z_Yv1PA7))Ke5R9dPCmPz1-?QRtzGuKKOpnwyl3f@k^mKB0=C%jhP5q(;d3-tGQ~<02asV97ZYKiROyLSRVqpWuVTJ`6{gk0%=cvt zU7%bdhD|dPEND^Ci2sOY0pwBN&6Z2IP}tqY);MkjMzvR5(o08AfrBuf1NWfo(;lVB zHEm<@dLzK3pxh{M!b_gcP~J*o=J;(IY-5`tH(KLYvTVT8a{wm(*Jj_LF%WCyq06>R z*0#iEmH~*VKHweG)F@cFO;mo7#N&g@0r{BS0uIy8VAQmz7E2-tM5Hh`PMr;AP2`?z z1oV(xXzh1=s>J}X9ve>gew(S(R5>T`QH&Ns$OA=2;(EgnHH^|a02u)ynu<`wVl2e{ zTCN~e_9Apr36&i^y2iag84D_cWwHU=+9$BWj0JMpWEOgP2*w8~gp!L=^*TX#Bn>jx zB|BMb5M6)fuA@msq zAW>sBz!o-Qs!WlAgwtKEzbg0n&{OeoU9iUY-%w~K)J_o*2idJtc#Nul_f?z=gwVaV z>;LjD+m66b4DrgC1r4Q`_W2l1;4W30HUU<+C|BK)eLo<&JPv-)dr+)%F!661RBLS% znS6lJa4L&Q49=j2UDoI~M$W2UdgjVv3(m`!~m=%Nc< zUhlzpqejE@=;-4l+Tvu$uG<5~rP#;Lrtw+A^>5QL{*$!O#BKDM#_RIPeAmGAq5n5& z(Pg^4rm{+YTFh5sror~Qpzur*%#pcM0JgG~tfMv-YXFBYzF`k<1L&=}cHOAD5XJoP zE78j2T$#Ora=C_7Y>z^-)cW^Ocj8FBU&ZUt_ZiNC2an$*ACYopC~yt`SvC?tFU)TJ z)yKUIQ?nDs)np4qB*5<9pSBQ>-%^qFDGwQ1s*rS5GGc1$+E3{a)mmTTPrj$Gx7_=V z1FxJnVOX{U+pG~>x88)vW>#FGrk_dJN}fvi4zBONF)pZhy^;-G%r_Wq$%4y2elq+#H8vF{f*sB;TETyjvcl=G-{n$x=YMvFyb~yUXl3DFi z4axkoPM?+HOBnuZD8lb-OwtW3VPO7>c;=6boN|Va0*;6j zIc2l1%Z;t{LSsnI@WuS$cGg}>r|6r%K*aPl4(E?^RxO_Rp#Gmxeko3sTQ)I0oTLN2 zs#f$&N8sUqfP zR2w1mLE+%9>?o@Psrm)^s%FPAO_bjus$(M&0{y{3Z<*em7_XihAYyE`qK^%KAg#?I zTdj{$*+DEtSf$JU+pKh!^Wu2u<|5qTE$VxD@Vwp=4;uc2e}k0Tc0V);$#-?eW+wz9 z-67oy8Zxr7vnPx z2Jfs@CY>oU3|RiX^st}!4D0?ak0egq*KxGpeiil-$+tPC@KBboJ-7Wx@2qwG9-iP5 zs8!m>VacBIve4OmBT|j6*f=N_PSk!{inTR^{2Z>JVisd3@ zw`D&bS$6-omK1I3m5Z9ud zW-q1wUEXgT!NGn6>aGMw*Wm{8Ipye7u+9ofTVAB}C6wSfDO^)q_v=edCp!gt(moZJ zm*2GL(1%(rM?Mh)7)z8StA z0&lf0>L)10W;B^=9drQc@=}k9XMvXhF>d58%vO?G_NJ$@c zKH9@#INy@sF_l21h}BMX5d7fuKS)Q}gm|p=nSV&fEv(Ap1U*-#xy;`qoCOlDtgVu# z#b?Sl*H46XTSPq0TX;oH@*B%hjvSzePR{9h5_ma7%u8X!Xs;#F%~B58)$}Zse*y zQLJ^G0+IEIsy3>K+&C>)GB?bCN(JF{Pt3=ebfNdSyEZ=TZ+w(O z>(}R-N?!ny(QszLnd>U(kuTSHs8-pB3va~GVyO3l5Xs#35BqR%7%>L z(Wv71=N|n2fnj9Xk5Lx@oYISfG>71dT7DZvu!+-n@0<9eiTZpj5wG)z0?$O+F@%Fh zRz){~hW)&Z*k)lp6WYD3d*8D_>qUP7<3%5Yy#evouf8uKVv@H*%RLVoSe3z`gxe;^ z*aM7YvlU3mm_jcE62LWN&iz%V;0H+g3_$Cg?-2XAp+x9R`U^$t9Z_<{-e#Bz8ddp@ z&E$i6OM7;XSQ-LS>RUszgU18Eb|KiB%cb$E=-?-OJHdCr_gWlXmO17#)=K#cCrl|GAcH0?r8;l zDCBGlc(?$0l8T#?W(T~UVUx=PtnW-m38o%pcM~w*zX6buK>y63jy9pI{Gg@u<=U~>`6(mM`XE;xTDFYel5$gzv5rWY6BdE|UEnNPbp<0u}+ z6YGe`CiWCdvIUu!h0%doll9y@b%F2ONWCu2S&2#a0L}w|It_joI>lcY?8?T(;FUH% zn`!(yhwD^CY{HF*I055WhTI^udn_d?i5!K^1S0P6RWeq8*!>P{`JE4Dv3|q zE$A-_S)m6FzE>b;fnq$Vdb0pJ5NiJHn>B4u8euaZlpO>{bV#M@-zdYp5qiWq^@16x z#RB`#c{sln1B&~%F7Y^KR{hW9FjTI4cAih2m8~?aU zMY=$TTJJ#1$GuC2Q2%FB1!_Ow8TFr?U5Sn8j8=I>f7uz{g1-fL|4$7DLDls}27B93 zg}Ay+`Yt$a7ei3)y^z_xPpulWSWwO{3wD?=@vIXc^=lUMcc%ZO%vJs;G5KQOeq%M& zF8T)jP&|?X0lB(1s~=*_A3dRgl#``s*+$*oGbZwt*rY1sLopfR5l(_4O#|%5fDBh= z+kY5Gnn7Vw;+n(hx3&dxcYf@9nB%VvW<7)1h-$+OhORv8q3Kzot%F_+*oX~ zwoY0@AIf!~U#eIxydO7~J3Q~n|3RMF#<@9+kQk+5y?gkhhFu6RF^$>34L*F{qgqvaPH5V)p8Ko%8YT|T`VLlp z%MZ#~qTK_nll8x;F1mS>hE*pu%x+@V%^isUp~R;XqWpe)*&48RicHTDhRHu({RS|OEo{pdw^`*9BsKBvn)1RAn`;HeM(m6BwC2p#4_U0Gg0myJ1wqx%{WZ3^<>??rU>bhvZ z3Z>AL3Q!1IDDEV<7AX`6Qrrp+5L}CU1w!#sGmdJHZ`_yBCLd>G%KhWZs*3 zFvCE&Ik|GqK5MVF_Bq3Z=FK;`AmmrS->^|Mqo+acDf^386Zw! zF9GffumZXG2aM>NzlHz$$4$es`-_S&=E*E6y7;S}drle~_r)TsM}YvnD(j6c&ER&u z371pGU{Pf=$)$x35mI-$SM7<-QI{Hfesn;Ok#+88qvcbazsYG7D{Tgctf8Flw} zC?_iKhLew1AF}~@koPgC$ye^nzUqsAXMK}vY*zq{8o$wzR&W(l z-Cv^A!BG7v9X)w=PGOALzmk&VjaWQ_Oc{wo-t#v7cc-dmlPKkZ zBTib7a#jheJ<}{Po|(^QS8>~(_Q$s{W>1mJ;+A4L^0QZg(@MZe(%iyeV@2T&0*AKJ z8)#_UT%+O7T?sBwMFyf)a1&c7oGbKGH{6HEYU}m45A$WXn2E9!rTsGCHuVSJ$D~{D z9~t#F2MVwqygTz-+9cufq9Zjm%YUu7+g#rHTJkQigfl6b=4G@*yr1EJKP^3B_b47C zJzCMskr2F8j2EwJab`O5qr9!S^ad)Elhl0_Xj?yE{Bm*c6{Bb&mH7 zWy_S}xtuayTdQR;2y^oHQ=@9HO zih94l(#;+Zz4_y>hpjH5e}Z1%`aTqb5)O-~F{SYJ8N2Iw>M?OoVVys|cUfv4mZ$dd zSN>DMBnQ9O`4j3~Z(BMR0(SXWfJLa2Op*j-4u`~<%_x52X|Tokk{PA{!?i(&a)`OO z3gE@NePa!|aD<-!GoWe+(-Id908~-B!?a&2%n?diJ+VT#Cqd$amO1ns95EouMwl9e zohg!_vbm?{n}o3!@2)4RD}yoI(Jd7BS*R}b{SsXDQ}+qFeKCI2edqH;h@QDzx@p;K z5qgY$J^jOkZo0klXUHS=z#!FBbJ?`go+%fSOYmlQ=X254ZxhZoWACjAV=6X` zY8US2#o-Mx?TZxcu9N$6u}k~}LMpGF3Vp-nVDi>~Z~RjWYZ?mUSYcy}p_p500HzT# z%@KO}DVtdXdD_lZo;n}<;{J$tH*+TJERL(Ymli52gPhxeO=Y|s(7cy%8`E)d)%)^x zOWb_AASN4-hiT9x50J9P-VUXF#zsFsHaV|3bUBppr4{V;pChpBti{|GYNar;#&6&( z&YigVOFSOTt{k3`QIaxvK1#hDrb`A=V2)&&?CXS?4MxQeUDQ|B=*P3)+4o~Xc2vw5 z{S3ML2JrtA-H>AtdR0cY9){B2AGW&(v}0K5RWsFvDnz3nf^xJoX?Z8h2f7&)XC+f@ zWb@iLSk(((_EZ*B^x9LuNmh!ha(J%WK(!@Ga-a!a+BhFy-RK^B_D8zjo=c=-ez8KE z&#GsWl7*nqaTxkBi-&ZgYt)&szpm%pQY&Y=!Q*!bPQ^??@K*09=j`^WO?HNUAn*X8 zCg_z@>XU5E|Na5UOMm&jpDJuOr1MR5ybaXJ0|n*4_f27W@J(pE8TAUdm^t2GM$8Cz zBGRDawfVpQxQU(p#`6ER@wbNkKWyQD+r1I|$3Mf39j#=BDVoc8 z>TBMA;xRylhT9m@CI0VGxL@I+6mTzZh(?cRaJS3FT-BWeIuh>xdI{`r#1wF^$vNSb zG0uPL^vOwujtb;^BqT)O#{d1Si=Vr-6UsBhezWm+TYk@j9)vI;Zr|WT5LC*UYiA8@cTL_$Q`t(OG&b;9Mb&**yySC97SK!yj zr&uq_an8#V*}J zQN!x>^ujiGppdhOis-sAWLd2-xj915^>jA!70q%={1dO`r~Ju6|J+%fl%nOhq^L?J z0`>WEO=;5_^;zsA?#H8Ef7fG#pS|XS85txrjCtC;Sg5((YR|yK+eXjkpV;OtYL;FC z<}6{`=hDJ?pRBW#Vg1YMwPTHP9I$*7l2ZsoNI&7M8+2yw#+Z^{>*Zj*kGJJ*VEr68 zUU?jMRjLn&eNlFLhULI2C))v+IEDc z#_6eC`G;aSLEH}Fz1Joi+50(|MuSsv_vsW+Vr*}cu~09UF^v>?U2A?(d-!R(_^(s` zACVrQQxGRtn|*$>YW zkqugYr4z0OMfVx^w+6>n%3hB9?czV8dba`w?B00;8>a>w@0A_TKM_Z5U;Bjf4^N)> z7aE`v1?xT;yruiC;l8hYALr8*sWbJ*2sjQ)1N&@It4R~T!r?mar!~Oi+Y+$T9)5`; z*bZo~rkfSFB6g99K3#o#+8|zGtUttEsv!Z|=Et{6XHY-SNc6gj+RGL3Bi+Lo;`=anB`BRc!Fhp<+ohEEjj-bqXK11GmzQKZpF4?{Yz&nUP#4{+QDk?%y{4wBl~?sh&y)S5!B{<3hkb zxPhX$PpK5Vv)Gq=(U>bZfoi^pq+?HcRm7mQxkwSfcM8dkc!8I=@_I^@fiI5T(3jvH zlP{Db5#Ok}v8_bz-a?D$pTjf7D`7*=;P>oprP7%c*ZLOPcK;AuS`iZvhHCqwqTEB7 z#AS@}wigX)yEjF*6%nnl-ycSd;P-r&5IfEv(9MDfyKU( zH?ZqH-F2_%7|*xm&}E0YP9Yg}3Ypc@{He~vG>sOT?_!>>?&Lo0-MuTeC2qR9PPsT; zjggxr@ZxJq>5lSux~gL)P$2w~=)3Z3XPjBwgXM8Z?5gT*OC{R-ztN!4MJosPv0q?S0qHw(w}y_LPGvkWL-(@DT+qLzuKKaoe6%r}w|B zD5N&WjffT(<3ATYC+kQS<*IOep_>J_9paf#P7F1yE~N{X-|MmMnE4a%v9066SLx5l z2OTFVAk2%WN5Il>hMf3PkHE+_d;X{@I8&`8bK=6fgfuag^HmEgppQH0vCbY-U8`9n zq3a6nJ)|R;txE?BM^VC!ahfg2o>SMk1beR6|BPH#T%tVgeDbW~Yf>^$RIyUXaJ0+5 zJ>v}|Jud!RdJ3Dp^+9CrjNWTwnzYPvY2KcJ&ELDCUe4z(!M2AIk7vEq4h$|J(W|ol zXj|0bq5Qo+F<$~BRu3EzGwl0USM35?ip{)oY)#bDFuv7awSb z(Q1<*_Yvkf&0kBbc$WY-8(m=pDUantTmqZswmiJZm>pVkec3D_H|{BH>>`&QG9c0Y z&($I}alTCoZwlUK_v%mED3ccYi4x7(3M|90@#WZ;{g5x6E2<|dGvt&<-98hyk;;@v zoW>9*CuQcy7)qo+p}G2#*HWNU@jHYg)8{Goobryksk5RKLUq*UKwThA!o;=g0&f=H zPJ`e-*SLZh2xj+sQut9ZQ!m3mWbXc7i0?Y+%0Z@W=gb*@1)(<{66;Nfs4+s z!V-lyCC0K(YH8oeK7L$c99Um>y*&*laD2|fG*{OL?cAd5a-cYel$Fg|qj!!gNQGIy zxD`;He@DT;L7Ys^w(tK|Y*haa6nj1cySzeG1)?f5*Vaptixrqp(K`s$q^s_@b@>FA zX>iry%il8b2fC;sX=GxX?*|46#&|2$L-F3w2h0(0PJJ_LDULIDUV3c7hUvhhaf$;* zk+$+QwcJ+P@Hnc2Ya0vy!?7X1bcN4B039ox4d6Js$MxQnQD&>--3q8;_BeG<{W1-g zJW}`y#rJroR<4fam%fXF&iJ@C4I#Jz36W-vq%tx3aqQ4PgOi28n#I5+QRQ?&+%MGS z^Qco)s}QV#=YhB)UPOViC@hl|!<)QAwayGvL{79ED+GS6VJj}s(@m!F=F@_^*92E4 z0!xP&^Djy0ds5_zhMwk!!o3&YdyuSkl3r_b8d(+L~>f<0~5Cl4cSv5TDV3a9<|Cu4@q0ySZPyDe2qvqQYtuRpqSD*R_x*{( z-SFGYDTO$?8WwNDe<^BfaGaL8O*xYf33b|(jDSycs&w5R=9h|#Mcs>EX$Mh@{*J2U z6*3N#T=9`7P91q^tg!Z7XBfu)fSw_F&fwcao`w7M&fx)P_s9-V@aDr_^^PMxyS(!= z<3+LGcA{K{48ya0HmMFYyHn2F8|3EQv2w=CN10cQ$b0dIzL(LiP8bca0gaJ_BmSbd z>}7HgHr3(5k@Fh_X+ub(-tt0M;*oTt2h=6COoL*hV z1FIW-GBxEW_;RoTL*47`9w$DMcD11JoEBEq_ia$A?JdT?<4y2h$*$F#DNG3ZkS7q4 z!`llgHxCRnrK&fd{^S;^_xb&0I$v zxeNKOQ)U`O?YoA}jAg*+RoTLAYznRoP2#{1DVt>Ys`iyU4;_?syfhYLi*XeB_@(1) z?HS{aI8Qe_?2&X|=KQGpAt4KB){vX55C8X6kLTLi%f~DHF@O9U7p1lYNth*h5nvj$ z!fK%+(-@p|mhR@PISr9`w6HIWeoT<=*AN)#yvfwz>aVw9MU~tkb{+;`GFh>t>f^cb z40A}++Q&18BNqIC-*$U*uMpa@aIH<=L%WVu_U`;^91U4(1{NniMRKOQ$qh}8`P?JH zE}E^}O1TV8y-|fbA;E?`B!>ryf4Ca-A0QuX$YL~s2LZ=U{csF;NY2-vtHvlIA|j2< zWs_1=&7$>+e+&%;3HxeAP>He~f?H}&eOg+DM^3_o``$DfT%`5!h%sE-NsaaLrakIy z5(*DH3uXDb6T8iZj|#n9fULdckUbf^9%UnHPku4osX~6&Yv&KX^=zf_R#z`5CDAEG z7lqCR@fs};WHdB|<+vFLh{K%0t@ESf&syyG2da|mto%)ov>20D)jpRVWPH}`bjNbm z(+wIXaX}C-RlfEKnK zHcf#+kG&@v$Zc(J9lx01L)XU#+Q@rPYBV`t9^i0;8KFb>&XeO_PCm^$oNbpMQLTi9 zxiw?d@P(4j?)8He!q?kasl|Rr{OIO-&raEC%9y}6#NTCDZr~6l{78M+W>Y%Tb%r+K z>QT_|a(%MaX8fJV1I431DYg{-$oH10c^ZF9jV)5+xADhAZDt+&xG}+;4jNG9AvTYp ziw}ttDzme`S}6hK!oAb4MY=~5LF0KTE{!IG+Ll%*cxoEe%T0@cED>s-q1(#W+)h>( zg49du$9m(TM+%*p$P~rCGVjC`BaG$-R4Ra$UB?UA3<;@*`FVV(ID!9jE91ZssZ$mK>{~J- zBli1O{Q?uB^EVo`KOjZ5$~euMsCqqG5C8lW4!a-y&7?xF<+EBRA+X$u6ft_MIen_W zXgMfiWA#KyhrxgPce2I0s|T3|3$vd;v${_yEU&ZJa(lmg4}W=L8h8B(n!F-EWaVdO zI;`lDnbOPUsjuv?;Sk08h~`)VEx47dNX|RTACs#&$%MHWc1UVS>f)!>HXkRYpCgJr zysauI&kJs000_}o}UGnK*1w%>1e$2<}hHk%71sh6$A@_Z5{!7+BP)nYR#YEqYxxD4|{ z6T~StPXeJWj#jIKI`BOse-7SwZ1pwmk@G3;C($*#g{DsrKeADpe;kYp+!XS}m|!nm zVjivq?jMtd?I-E$w2hZg%4zY-_v{w(Zl#=8d zeJ-otFLfF}IXge!c(qzsz40oC1_JX2PfSe2i`rU!@=`>s%6t~rzYqJK7Q!qw*saoa zH~f@47bdtlB0e`$f*19ANdMrTPFYN|camhsH~c5zUFmsr!;|y#%I&*;k|+p%+fKZo zE2$vyIX=RjRgVwT5FE}RfCtvh&wHF`zpc`9&q_;6!2Ts#=Ar*3$u)QT4$8!w1FAko z(bkINkh?tMM@#l0#XU2Nl2s_b8Knqwtt3<5aF0)w4yMChl zjW#(&myPp5FE?VX{vB)E#dJ=;FF`{1Tga1{L5Nf&WbKEBz&PtYaI#+L@3A;L#}z)2 z70F6BbI4{|vH76f)c}>R59MVoGn;m5e|>G!#SvqF;;}Z;k=SE|vzIZj;rOE5J|PsF z%`KD^PwYa8w0p@jO3&>@580f`gq{;@rrS(b9&Sy>R#ywu-zVp_^gCbleZ_QhM;k_B zHRGb;0G_1`U*Z=Zlrdyf{0M@opoorQ*Zz>{&1{#;N27%^%O*=01{lGe8Jr9lXD5#; z3c^^*H_+Aq40#qgA@htxjyDzp5Y{s8WZ{Pf6;n5;VyVz`i>%gXU5r!E@z`ho>(pg8H-elzC6!1d(NY0 zTNOeUc`N_wJv}|kXm7xdng-IMV!ZgYo9;Tt2RM_X5exJ?03Xw%K^! z3C#sns9Ffdhw8RpL94p2%%8qBi_5$}j70tD?azRbl}u2!8G;`2_~R4PRu#HJAnMSj zgDX(^Nm6*3$oNab?hpgw9-jX0tfIo_DS6?2c7hb*7OC!;5E$MKdTZxWdI+=T%}XbuEW#S<__ErUgYJ_t*D0VtjQjv$5Gnbx9PpG);0l zkf;hdgpFzhyygZzHf?-t2cYN;j3fe+nUFqtBB3j7^3&xnw7mJx4IceJ@uFYUi|Guk zV*Hhfn-f2|2qlwYG0j3%FaT2B1R+ryphy{DH>>X5Qv_4w_8>dh1$!CcKBhO6*744c z;O$_T%B>Lc?{o8LE|V`!i?4p^6Bh;Ez)p-4qZG=CGjdxkqS!y(p(0cD{WjDW|tb7>WRipqHtVrw81fn$e2E zY2rkJUm&9BB2K*;+hPE}yDvNv zmge426Eg5jmEa-mPYhY`z$8S;6u58%_Oc9C(^wrnp!RIO3?Y8Y7;u;GEvxvo?;_g& z{hVr;$5(c-bcF-RDql=D>R^6%0 z_@7@Pa~W=)2*k_zA&;zUiLIuqJdxGQT86j7Aa2?cP$YXKLDnC}(;TRW9?~K;Lhcy2 zxjz`D4X1)8qh6iZiYD2c)4tn$9)%7oUt@v5dLX&58WM0rnk_bc6H8!PvvX1r5c|eF z3o>L&ZFJuGQN8n<{vAaj_DJAqqnuLkBeyG_uKj}`Ye0`)i3;F^AXFO9R@v?ag49lL zPMZYWnMrKH@o%R|amLnb(o%ka*f2A23>j*2S853EFIzRgjDY8La?$@yY%n~p7^WKq zAZrHy_Gns+x+KH2xHx1@%(zo!gdw^@?iF%P<|Z>L!u?Nr1&jgnuW;S1ldIg<|LdTj zp+7l0Q*HF|j$zl6nXYlxY48$sULS(D1Q8DvzD>}`*L;(&$*x&spcqQVt6l5DKAfjv z3>>FkpsUdc(_89{Uh@Apv2&{*V9?2MaSZ&=aGTFGLt+(KrZfJYLEWFac4s7*8w!l8 zS3vI-;|1tmdUhw^y^GXBi<*mlN84|y?`~G;oJ3t+0 z^2YETHhV356jA%q^~F=1GLv^N_AUCD?F>3yz*0XW4kN*xua0kW7~Pxh-<5H$MK48y zbBu#~^)`8HpMc?!R-C{axE})s4|(0zH=alR~GQ8F+vLGD(2mgF*w>brJ#r{47PfNU#&u+p>Lk&%3pI7tytw7fmZ0>tqh+SzOb59wwldl|^eu$);Y2$R%@TUGlIW!sq zsxVA@{i*)mK#scDk>FCMbw2l9{Ti7sed8`q7uhXXiu}fxkGs&2xRk)dG0tYo*UGL$JJh z1I{O1qGl&`k=yjpo1UL?^xxPcye8IzScOsZLd7j=Qrrq)mMoa7!_BIwg+QvZ6nDau zw@6*79)@GN>dMWYuQZ?SS9!wwo$P!6Mo}R3m-@G_h__{&^TeVXVCx?o1Gc~SuV(;s z-(7HC_=Iq+@TJX`PTsIwBugY!oU-BhbuzS$tS;{3=gEH4K=j9D2U7u4dOa^BSGDtl zWeaC)tUd#;YwxZOExI3;Sfr#r=jkAJDT*=MEb`#%$yY>QnRsW$PSuy9& z(oVV48)y@2n+{(d3gF7_f-QCCgM2;~N(e(y^BT1L?)?oW zVi-^Qokv4dx(6y<9&BI6kI-{`(`$VsR6k} z@QcW8f08axiU#uAUr2z`zM0offye;H)k!!U{;tUKm(Tgy@imwD-#~_EpzV!m-}E_NKssJFM119yG)E&hS6|jaa~l zZFQ9(gVppgK}2dnvgH26p53tg*FlU~nujjxyAvLr#fR~`x}99Pf5-OxgO2_*gID+) z_ey!XNwQNOq6QiLgBD7m2c2AliZy-RH;hILaZ&x>IgG2vWNe1<*>BAFj~qtd(5byM z1ab|It&aiA^ki5KySlHiA2o=xp?ud^T+4B4t(@LD)k3`D6!gArxyJX1w=FSh3Ir!l zel0qvv(ZlV+*SI+depum5Kg%A@N{tGqyMUq%Rfu`lM54BBJScIvf_=!zlPMB&8^;~ zjJKv{owg?p77Mu6cO(P~328;6Ur6a`%q1w#XjEOp-X6b@rWlYB5HuPurA_fM?a)qn zb7*-)nX*Q*RT!$bi^q|2lxaN40kVD*xYOuncsWI#vsRgs4!<@<>M^Qwv&j_r+T?LN z*)Wm(3D2HPF$9xrbHIkt4b_!}&C1ldRSzb)hxLAO(?CV4kR3_E-#Dv041Wb3PM61) zt&IMjs=yUZ&|Eman1EQ%s-bs0T#|@8OzwfjY=D^`h`5rFA^r9wfhMn{{-twb@}046 zM$Dnun%EWTpygt#?V8wS#(9oT#YwXdo|%+L?xn>mUCybL?)%w2hgXGAgC`_Ez@o7- zvra}cF(pHt*;l^5DXxo&S0vwR*TF&0PV)zi&RmS_a_puk?-b_=$A8$Bx|mLTOu%9F zWu#TpT#eNyCwy`dJ;b8&fc0_+pO=4XO|lkgYdx0Q|6A+9J!NfWeXqM>l`X3xn1IN= zD!~n_wv=hn@n>A0!&)}5UWb-p7RxgmNbiFu-}Q6f9Y~{idW#+)JYhyQWB!bgrf30Y zRj4F2&iQqe+~?hGwP-3rk#W~;>fWL)*&YMqU0o>oif)hjlpRg&g6&VBLzO$j8?GHp zJ0eNu%apWZ117RJ9O7XRa6BSZK$e|$({-&Jvf`A%2Cordh-9lYMt z<8+nq7K&-%=;c5e0ruv+63LezBqJFn*f0u#xMyNI47>yGeWZ2#&z$rnFZ<@fu8QQ*m6q9Vs6tJ{U&8k>BQlcujJXC@CWGB&Sl# zQ-_$6XcYmN8>FRGqz~g)@`#vkZp2A8ntLr~m#z66ptuWR2u= z3jzfy*1*n)z%u5M+n&`6z5??-g&oDz7_$I--JPaDb?Ze-F(|AM#scXkf(%{9h%Eqc zAKkv|ZxW{|90Q-hG>n8A5qIKa>=N1`i%#d^cZ&1*`e6P$|dQstD8p4#6{{r$yXGbxgw2RD;8 z4Is$`;(!K&Pr}hHThjoW-42aabMU#!!M~GLgKf3G6UrOJw>A?;69j?=fYkntdN4KY zO2)aFR2QhWm~K5$Ka%lZ?mS}Nib-nAYd&^I&AQ)IN|Wh6_%*VWZ>>u&;XmyDW9h#X z`@f_+kX-#AfBp^VfG)t9k)U29XNUqB51O~#aPrBr$oENbEPw_rn50ss`_6MmzX z2S~DOyD?C9aaAx*i_2x;BFY-&M%vCtG*f@{Bpq@UxOy7m`{;z-B2TY2+OGF7rD2aJ z)k4cHaeBM-F-=^4i#-l4>I#3Bq~p%Uuq5TJhWZRG$l0x5^ZZG=RLgB83+r@w@4#w% zhbZe5nYZI}BNaqJEMy|#mP$4Jj8cRCH7~MN(1}e0ddJCPb;kh0mhD3~_&05rjb7E7 zS49-uiSKVIq+e>?UMd$P&r(OWW{&Yu38s`vGI~7 z7A>z6JX4u28n-J->FzS0yuZ^-_acM`a5oEfMMiEHz4w>}Q8X65+?hE#JYG6m$JON! zl5{GTy!2}@8 zYaRPJ^iCE+(e>G(R^PJRP2HZ&64yOZGjd*f-ADh!tbSEKL(uQk0Nz<*%I-hcCdg3@um_gb?p8eKmkv@CnxSMN zD4xcH)QmD7R=}lHqqXT&hmLIsbFre{-+i+W37P8u_#VONaF`?Mk6&3{!QP^0SJ5JD zLQBa~FXeI>b^eU)htJ(`OX_b5zMgdFPoHfR{+U^@I4;C3+z&VH$O%2nK?UfKSFG%j z_bhW7=^rV#UsigYSJB*Uj(=j*EfRmIqcrrxxZ7^xANt*Lv^rVYhg+fh`)_*Lh}d)CM<{qWu$R%UwnB^ZUp4XXC{4`HzNoGGFr|@A}(| z+0u&&v7FqKd9QY!=$OB1Q8ZVO;xwDYP-Azhsh3)-LVsp6E=w^%#As&utSenC`;)qP z)z@i8+YEgqx{Orw$Wv_iI`KfQW)lDQkT9n$l|-3pO77&9Y_93x@SP)kLNK!AUC4_O zsT;sObVHDtdVy!cUJRKLh00f#Vyd~t-t!-vU*wtw0O?0IADf^tQ>YAeqQ6u`44as- z64J4lv!7zvA8d^E_KT-s0NkXmPIghv6XH!@_f98Cm%(CgQEs;Lkt?8U%bx0V*B>O@ z(LsV;Tn6HOT%RnWXEW<(X>4bFa~S+IPE#W}W5eCzOptH7zrP`-Kf&iey3GUoE?~dL zGzcX9pY*OjhDxk$a3U4we%iI22l(9a?TaE)TJ)M|@fbHS>N zV7A=%83CvTSaVHjhZ$GkD7?m9kvi{~Ecp0p*o}{>ou{ZiQM57asv^-|uRLLFr31ui zYvg9=kMaq2sB)G-k-Z#hVGk+Y>`{sRC14Ioth^uoF$@&{yN6~k_1|&K1%cUOy&)*{ z_MxFK>!NdhEx78F zgk~9O_4_7nq==M1sn|4Pqvgq zF&r90cl1?JXa~PYpL4P^7ftOt!TZ!J@kE2f8Ag2r-zOY2y~9PNP=`%2rbm@&bJ;0m z2Kg5;pyLNW?WCddYeV0QgCB_LrB^>IA?DB5Ty5x5n317$n0>FiNq^HhlWkQU5vu%T zS8I~bQ7TBXEPyVH25s#M`La7i0^ve;$V&z+11#k?utJFBZz)dIk%~GkRIhq%3}$fd zNbd z!|5^4xd^p7D!OKm*k;A$j7R#T@1Dd4Rl*=x3a!H>rrlV6ZFQ1Atbfl~PoxtgJK*pXB4?GsR(u z)fDj$fvnBExS(odj8eJ2@Amn-jsmvOTen^1d`%fM?{FuS9JgrpO;wSZ%+ayiu_Eg; zgX-StoQF;Yf8h9J=6~Lw{_(gfyk`C}Yuow#OE40|f|j1Brjl3T(NdgE!He9kV&!4^ z8k@LIE%u6>0ZA7B62?~<0U#L0#ma-&AG5we#aIFpJ-7${G_{+K}U z3_UjfR0y^4}bjMy*Tb+4{5p)mHG|EVGGK zqDBsZ^=^%xpH@iJ+>laR!lX_-ckE2Mup=k6(4KmG-0{m_hs8?l{OJQuWuya*7^sp78CtdW zGaDj$`e|oJ^_FtBnmW$EU#HL01O*91Sa4KQT^#3OtO1) z5d9kCcCrf~=ID;yUy6mBl)tE3OADXbEuVe098@+-6%Wo*t0Oo zmiU>CP>1;1{Hgv#uOAw}Gwri}4_ndR5$1bbZvUt=VTZvz?*-D0WoChgx_$my7g4-m z+p)TjfOZzh^Cgot2B43AfIbuF4ado;dx+XgE1@Ob{a;jV?{SH?bD4_ukg-^Y*GUFF zQxqzT8|eY0!P=jc5%XQK^U-f%j%uV($46R)o2JX8{sV)qj`Ti{%34`M;%kCgi{z2s z#HKx}tLgH4|6*+-uso2Nc&$OA{&FBhU@;BkBU?wHt~SQklt!U)b20Dthigpjln5k3 zHFE-6^OpJj;(D{t0)|?&x~l}wH-cV4v(%JT>bzrKL|`pUX*A4*zI=a!yzUJaIgEE6 zu2RgLYwIahUnH%^knHsnBdhzY`dKZ+E`mM(kD%{>X$$u@((@_-Y+Ig<6<)tQ`)2E) zduFh*EC+>z#LI=|xs;DA%_UV0wOzqG>J+pdqI8C=0b9aX{qf^7jc#}) zt6Ra|<+)Q|U~4BCS-Ir4b4fu&&Xe>ctm0(x4rQq6_Vewr%{IU_^=X-?{XFbUKM4C% z@I#z}t6*6Uj(=l!?yP1}-?Ow&E5NxV>wF4c;`h2JJge|6#GGKBG`D#e50*kd>uE05 z_RXk??=V`13pe8(nR|~^-SJ)aHJtwQqN1j7c?>lf=<8z^3vI0gw!BZ>-U(Q*-XvI% zoWidecTUem5I3CFFn`txuos)(1H^9i-{fN0Mj!ti5vC7!CX!Z0xPCak*?h|^%Ygr_VFPain@&hDB`2Y#O+DY6AMxk_vJT&hmb zjy9@!Zt6$9As9N5ue~I1acVi)vN~EQvYgAofB!uO9HvSt-XLD-ykYd_g525Ha9=^~ zQC)bx;o`c_h*F;Hp51WYspO^Z`uVu2>hmYKBm<3bv7?fd1LM!&)#!(ll#lIeFL1h;9r3 z*rX%U?!bTwSJOcFXEQ$aT=g2yqn(+#{^tFvFBDyy>L*!?y(hye z!iU1cYt_~j$u*PhvrYK)7-Y>Wz1o>y$v&$c7V#kZs9H+bnHwO24IcOm$s|^qdDND^ zsW%1_X|2ay7X|zmU(-R6ny^%u4iteM9L!Obqv26UmkNTHD~-EntftiYWqR^@vi~Ru z0Ck>a?3QVpwLe48*B8=ORH`bQX6o^u8ETp?PEG3zi$x+0wcv{*+J!RRnR`_l;1a?3 zlP~T(xkbgs0g_VnpxD9M*ILi0!y=RIQKX=Su z+sc`%;Jv>irm@ETE7E)AYTm0Dm$x7w7b4Q}$3n5#C8_z|FmmM**Jxle6sOiWML^#6 zojIp}%pA)Q}X+jGM8HK<9IjD!}3y5At;SnRfcxtD^BGttQmt*hHp@|!8xzX18TD7ufzhi_^!mrF zQjcqZW2mMUjYT>WxwIH8B%e7fc;HJ6>`eu`t0FBc2Svo)og1+~oe63mynJmfn2~&x!>PesM* zUVKe{wBgBy$JgFxjXHz~Pub*tKaUX?7KHjrRiCv5v9yF~oI(b!8nRqA2+DU3h`?c5 zq=JZSv=dol_zyy2Bp~nQT%I86f1U}A&L2#% z$5A{r7MKG#`?Om}CoJK_k$|DvEM{H@@RyP|W8sR-yY7xM@utW=HcUON)ZBmLF*Pm6 z)CE5jri4s1dwXrm^Z?j+?60M$`j zawPl{Vfa&?d_bQsP}oSmW51qb`lT>m@RaQ#577S0g{}L4g*X%Tb%tngRuCw_NY7P7 zVL7xdvz}h<5rPVwJXLi^x$7y9`6TLI)0 z-}Qt{ney`u3_l=iHV9YrzBODNQfB|?}m6L%u*9Lv>fk+26OX_ zSQl1lOGR^MrMrMAN-i=A?yH}TONe$w3u}=dEuI{~+2i zzR%;bLrM|(87ySW*mlT~DB<0OmNP?k#K;w_PP;QD03IY&1a^zie01a&3{@_C=d9c8 zdbsPZJ4hDAbqgUad*Z*A8A}5yS#0_G9fpoIPt8C zr(geTfA1@Z_q$XE?C${e7oj&Q8;y>ClB_3{V)?40z?M@x^LfpB{nZu&z`ES3NSNnw zs7FW07}6&p2UCFe+{PKYb{72>0lbF+a2$2k-Kyy3>kqM0OYR%KTp3)FGMnE`>E7KZ z;M8ZmZX#JXZpfVsZajL()3!@F(46tnl-_e8yv$SA(bDUPT=R1)mv0tvMFWS7qpaB( z9V_NJhv9VJh1k&vUsvQqo-3H`3CZcuR!XcL#;qRj#W;_}(?Ws=_Z5KqI2_S-iCP^> zoVar#m@$=xAc$cXqPpeDcQdS)Wp2cs{&w@h(liM>^|FTq^i?EZc!0m8R5EI)SiBOerlPJtX!Nn1D)AiwWd-pYvGr_wQgg-N3Czsik zpmfPQI^1{YEakjD1~h`x9x*yV`Y zat^fpSr{(5eM%9_Fk{#4Kv3{L%jlJvCi{lco(S>UYI@N2A$L<&WrkNK+FG#gn;8B6 zJAPHdcSMX@%GpZ+2z!G@sue6E^mfSNqKuh*3>ECl1Rvc*U}U8`U5J zz3bs%IW01AbyR=`uLP&$u9o`!>?&HZil~8zD88Pfu*Of|5w1UAKD82DSXhAdco;uK zycvX896tHO;h3enHE%uENU@SvVLzFU2yDaC8weE=zcL?F{`2Sr7KvtP$$K$Y5Njd; zw@PF-oIzDsB{6Fa3>S;i41M1{iMPE-%sFKt7kvLL`bvXnS;zASWbsa4W&CmGp*i@7+VG1in1>1f zgWA}ESUFxn8S3e-eX15F%^H@9*1Y|}E_2~vfo^Pa!MENU(^4V24=Bln zdTC)1*wy=df?fZkvMUc~Gi&?pRGAXAl#0DtYHMl45InQZcA~3u>uQ-;L~g||;`=PZBoE-<_79CGfDLcL_!ue+iwZT!jKYhOe6ex~vI=YJ!&a}`Svr|rt- z-CeQ)#UUKQE0Y!jimHZpGN-$=C>tt{Y5KZFa^s6=eS2nR&lG7|5JI;sFrH~kH}iC* zOu-`0UPi_U+{Fs5`swCuGTCkbo-qJ0{ja|;3jFxl9+s1pv@22Y1$d-pqy;?y80($MH!9yzRU{=k_ovdP$HB$ zN{Lb;(Y~%+9#!*ccn>l4OC4O?Z>Vl;A?B`?Y8hF5D*i_VO>sE6_xg}B$e`-&-Ovcy z=*g(~EVQI^1BF^K6ax>63Ld3t;{~lbC|yoInRL1VW3Em<@1i!pk--EGWs{s%tZ1be zNz)=F^$0kb6H?hiQ*kNn|AN;cKHDw<6>^2mF_Yl4c@b^|-5oDq$2(vjm9m=+105-5 zk{Hy03`H_J7QZgW_DH}qjvcZ|Kgran}MVW$7VP+*8 zYkPSwNO_!V-b+Q-zO!a!G=!ebw+U3+vYa}xDuUA+;}Qqa0=2B`tds2OuIUdfv0wN+ zCeDsZbgNSP{^uk&Dn97W>Pjs!eLfwB=X)RW6OvSXry-CmijYe9i#lQWc4oLmt@xt@ z!2z~tkk3Q9>KVudF&Xq-OO|flK&EEjsI>VmwWwr@@!$VFuoNULAja*C?Gx7$*!LX2 z8PXi`)kNC#G?=xe^i@s;u0oq1OQiAuX6_*|$qW`<9dJzZ3@!dcY^MG4cVMCHFrS|$ zEt2x~E>bC%NPhyzPlON0uHMUSGN>FTHG z7n)8U_yAm>(-^Wqyqz?WIy*y>9CU*Wpp#ZHXN;0~S|W6f)eLy6kbT(Rf@S=8o>ei_ zJtC}s?W{xaLN3eB)^k4;JJhRTomm_$juRv3c0&8h^0nSAI|;Z*&ve;Y6utNGM(1~c z6$o4C-tl;3isu9KFy;S+xfrBC=Hk+iuKOAkY&J47O^VJxPoxRn%x}fso6Gw%` z%C@P|+UxM?7akTNv-}@f0I!HVxwrkM;;#vyvSeJ zV7Mcnu0Jb1zL!f{>O}EL`gBqvk*~s54 zyrYV}tu6AXyMw(fD+}zl@Mo+A$1Sg-L$$x~!x+$jTgNLpAp5s?j3N8_@0wsO?E2&~ zKnt+&mLOd^E2|Ns$zVoOM~T#jf;k$wE+#EWLZiv>ITim_wu(%;OJJJx140xY=AL=O zs{&s3#@>vSHq-fO;!7C}OKcltqGC7zkwbvb!RmiIho2`E1`=)Ee;#{x9Zi)j+ng_& z(9`YB(2=s;xx~CIAJ!Xd5!YQ?sJU*(==^*xkknA0Y6l=p>V-_m4`fZZI&)R(8S zF1QzS^RV%BAWPGE_QV~ZwC}1Q@bzUw&e&1DLY=*gR=uRa(=FHh4X%k(=SQlJCY;f|?F z450fT7Z3wf{{O$lpyjkYkZC(jGTRgDH;% zOBV+MQ`H1w@{YcSB>4{%V}#`Nv1iVlVQ3XAT=SMDn{xTV%(QmhRi}_hOxrs)>iZ=( zqcxm%Bj)7$%@Ez&DIPX(->03iv11y0v+Iv107RaCAj>teaZ*22K&?^EZZy;4LP+Z~YvZs*lS2OBO zGEO9X3YaqaWfJ*qAI4@$IY@osXQr~KpjF2kdTi(VDR!v9JG2k`!LyQD->_EQdfs6J zr=ziY_kjyE#I)!~)tsUyS{SAPNEsnRyTe;5mKiVfE^^;%PDu!5k9>G?a%oN`-f$UF zhZrGKccZ5_RMo|m+$k@YQ2{euJW40sUj^K-!F%5Y>;N&80b_+ZfC5ZLEru>)hS8uC z{>)uVN!l13>#cZDt@}hv_{$Sq`mM7buXV6ooh13MCS`)?tfwWw*`vT4>=Ct)E*M}i zSpGwk0DTrp3jUS$nln(>+M(tFds)izg^OJQhfSxT#Y^44J=V$?LWCg_(hu~W^bU*& z3VydD%A=#Gj!v0*Tld6NOdQxOXDTs3g*{5WyRw#R6e!V7id8FKP6FQPS@4H{g<_JN}NFu^${E}uO-#Ac+B@B8Jb-`&WSWHANM-7hIY zTUMVuKQnI&nb$t?)N$?S?GPSVM_hq~P*ncteSS3=S?Pi}7KP_zs2sGS&7}yTF{QR_ z&bUm>^)z?ej|n){fU2;yXl)4SPWpz{$zUgUb|t6iw7b|G+2y6j)nl?s83CO$b%vJ- z4{CyYkckeQ?Rx=`4|crGM^>In>U=O^u{h^N!1TD8rMl3V6yffKx~*VXyeOg4LuvzI zfGr>CStrkA*vZioggSAldt5|5E!>oCBRUK-V!luDVKo>Ex|*k}D_d$lRndYg z8N=tL=C}MdzBtY4;iIn+K7(snK6botVGSK?h!g z$QVe*vcdgq&S#L!g=ayBzuVOrWp%pIQOmbUc0f4(5PK$RzKQ4Ce(?$6QxMsG7>teQ zw_kfRK8w_2$2)Yehta=_gH~5#N=p^g)0MJ=p4-V%LSyPYjJ+%U?iWFDX$08?7i3?= z+r@1{c(?oDaT-UY_v!%4T==wQ;OCcT>bHEIJ{&W}q?uqR!|!zqtq_UqiyiO~D&J?` zU`69~p^r(6$S8#iDsjf}l*!r8Po)nE{#33P7`#z0e|M}Y_@qN7|F1cHCR$D|3*FtP z#*57#%A=+@s(VmknFgG95MehR`Tl%DlaK5cj#_$fJ>ZHs^~1vubv4uD{1=P$`w3bJ z+0mf8&irc=eH^wY$*@xT3hV?Wbc5JZI_#W|MTGs({R0^cZRBB_fnuOWSsEP&Z zNEkJNCm0`B}obc1+amt1N8Lv-Lj0; zn4~1>UmViV14C_YN*2k#u>C|$A5QxeIi#2Nc_3wFtl{v&4f15dx@C%}*2*Eqr+BYv zc=Gvgo}663{sBzXjXBUQRA%1INB#bA zWrtFMEG}cGN?4N^pHmio9-{A`(7uAxt`?EGj|gRBxnMizdFPTUbUDhw-z(JIH8n`n z>r?;Lg>Lx~h^vgMVyy#ZF*mKrkiRMPRF^19@TRKXR{kepq?B3v#t0B&Gp7@n$`-WR z>?hWBt^1%}MV)+f#^e|^O)bKb6p;sT9RZ!r4?pbUaX%l0Fn8tjB=`$t5ctQODnZtE z)7hHfhqa?5ELeT%*W4U5w_Vr2TI%Rnhjq|b>SuzKdX1B_!zD627EufC<7p!WWL_-G z6ujZgL@4#REe{P>8D1co5APPWm;mZCq}hLu1sDQScJSE9Tj&H~4vUrtuMw{Bm27l^ zgj=@ddLjUW4Qu974!Np<!_=uJMFTMic zjsr4}znuo*o1B&{!ZzAbOdOI(min$24N_(}siz=udcC%buK=G%uiuHGcTM-*^qb$H z9}z+4>M`6teNX(Sp8)*L=_WY|#)a!P@luYdl)#U8D=7ATAhi#nEaD{qYfqr You need to add 5 new users, all new hires, to authentik, your identity management system. These users will be the first team members on the brand new Security team, so they will need some high-level permissions, with object permissions to create and remove other users, revoke permissions, and send recovery emails. They will also need [global permissions](../access-control/permissions#fundamentals-of-authentik-permissions) to control access to flows and stages. +> You need to add 5 new users, all new hires, to authentik, your identity management system. These users will be the first team members on the brand new Security team, so they will need some high-level permissions, with object permissions to create and remove other users, revoke permissions, and send recovery emails. They will also need [global permissions](../access-control/permissions.md#fundamentals-of-authentik-permissions) to control access to flows and stages. The easiest workflow for setting up these new users involves [creating a role](./manage_roles.md#create-a-role) specifically for their type of work, and then [assigning that role to a group](./manage_roles.md#assign-a-role-to-a-group) to which all of the users belong. diff --git a/website/docs/user-group-role/roles/manage_roles.md b/website/docs/users-sources/roles/manage_roles.md similarity index 100% rename from website/docs/user-group-role/roles/manage_roles.md rename to website/docs/users-sources/roles/manage_roles.md diff --git a/website/docs/sources/active-directory/01_user_create.png b/website/docs/users-sources/sources/directory-sync/active-directory/01_user_create.png similarity index 100% rename from website/docs/sources/active-directory/01_user_create.png rename to website/docs/users-sources/sources/directory-sync/active-directory/01_user_create.png diff --git a/website/docs/sources/active-directory/02_delegate.png b/website/docs/users-sources/sources/directory-sync/active-directory/02_delegate.png similarity index 100% rename from website/docs/sources/active-directory/02_delegate.png rename to website/docs/users-sources/sources/directory-sync/active-directory/02_delegate.png diff --git a/website/docs/sources/active-directory/10_ak_status.png b/website/docs/users-sources/sources/directory-sync/active-directory/03_additional_perms.png similarity index 100% rename from website/docs/sources/active-directory/10_ak_status.png rename to website/docs/users-sources/sources/directory-sync/active-directory/03_additional_perms.png diff --git a/website/docs/sources/active-directory/11_ak_stage.png b/website/docs/users-sources/sources/directory-sync/active-directory/11_ak_stage.png similarity index 100% rename from website/docs/sources/active-directory/11_ak_stage.png rename to website/docs/users-sources/sources/directory-sync/active-directory/11_ak_stage.png diff --git a/website/docs/sources/active-directory/index.md b/website/docs/users-sources/sources/directory-sync/active-directory/index.md similarity index 98% rename from website/docs/sources/active-directory/index.md rename to website/docs/users-sources/sources/directory-sync/active-directory/index.md index e5da36f0cb..79ef2b43b0 100644 --- a/website/docs/sources/active-directory/index.md +++ b/website/docs/users-sources/sources/directory-sync/active-directory/index.md @@ -66,7 +66,7 @@ Additional settings that might need to be adjusted based on the setup of your do After you save the source, a synchronization will start in the background. When its done, you can see the summary under Dashboards -> System Tasks. -![](./10_ak_status.png) +![](./03_additional_perms.png) To finalise the Active Directory setup, you need to enable the backend "authentik LDAP" in the Password Stage. diff --git a/website/docs/sources/freeipa/01_user_create.png b/website/docs/users-sources/sources/directory-sync/freeipa/01_user_create.pn similarity index 100% rename from website/docs/sources/freeipa/01_user_create.png rename to website/docs/users-sources/sources/directory-sync/freeipa/01_user_create.pn diff --git a/website/docs/sources/freeipa/02_user_roles.png b/website/docs/users-sources/sources/directory-sync/freeipa/02_user_roles.png similarity index 100% rename from website/docs/sources/freeipa/02_user_roles.png rename to website/docs/users-sources/sources/directory-sync/freeipa/02_user_roles.png diff --git a/website/docs/sources/freeipa/03_add_user_role.png b/website/docs/users-sources/sources/directory-sync/freeipa/03_add_user_role.png similarity index 100% rename from website/docs/sources/freeipa/03_add_user_role.png rename to website/docs/users-sources/sources/directory-sync/freeipa/03_add_user_role.png diff --git a/website/docs/sources/freeipa/04_source_settings_1.png b/website/docs/users-sources/sources/directory-sync/freeipa/04_source_settings_1.png similarity index 100% rename from website/docs/sources/freeipa/04_source_settings_1.png rename to website/docs/users-sources/sources/directory-sync/freeipa/04_source_settings_1.png diff --git a/website/docs/sources/freeipa/05_source_settings_2.png b/website/docs/users-sources/sources/directory-sync/freeipa/05_source_settings_2.png similarity index 100% rename from website/docs/sources/freeipa/05_source_settings_2.png rename to website/docs/users-sources/sources/directory-sync/freeipa/05_source_settings_2.png diff --git a/website/docs/sources/freeipa/06_sync_source.png b/website/docs/users-sources/sources/directory-sync/freeipa/06_sync_source.png similarity index 100% rename from website/docs/sources/freeipa/06_sync_source.png rename to website/docs/users-sources/sources/directory-sync/freeipa/06_sync_source.png diff --git a/website/docs/sources/freeipa/07_password_stage.png b/website/docs/users-sources/sources/directory-sync/freeipa/07_password_stage.png similarity index 100% rename from website/docs/sources/freeipa/07_password_stage.png rename to website/docs/users-sources/sources/directory-sync/freeipa/07_password_stage.png diff --git a/website/docs/sources/freeipa/index.md b/website/docs/users-sources/sources/directory-sync/freeipa/index.md similarity index 99% rename from website/docs/sources/freeipa/index.md rename to website/docs/users-sources/sources/directory-sync/freeipa/index.md index 0722506ffa..dfaa9d4c50 100644 --- a/website/docs/sources/freeipa/index.md +++ b/website/docs/users-sources/sources/directory-sync/freeipa/index.md @@ -18,7 +18,7 @@ The following placeholders will be used: 2. Create a user in FreeIPA, matching your naming scheme. Provide a strong password, example generation methods: `pwgen 64 1` or `openssl rand 36 | base64 -w 0`. After you are done click **Add and Edit**. - ![](./01_user_create.png) + ![](./01_user_create.pn) 3. In the user management screen, select the Roles tab. diff --git a/website/docs/sources/index.md b/website/docs/users-sources/sources/index.md similarity index 87% rename from website/docs/sources/index.md rename to website/docs/users-sources/sources/index.md index b557b2ea61..0550a099cc 100644 --- a/website/docs/sources/index.md +++ b/website/docs/users-sources/sources/index.md @@ -1,6 +1,5 @@ --- title: Sources -slug: /sources --- Sources allow you to connect authentik to an external user directory. Sources can also be used with social login providers such as Facebook, Twitter, or GitHub. @@ -9,7 +8,7 @@ Sources allow you to connect authentik to an external user directory. Sources ca Sources are in the following general categories: -- **Protocols** ([LDAP](./ldap/index.md), [OAuth](./oauth/index.md), [SAML](./saml/index.md), and [SCIM](./scim/index.md)) +- **Protocols** ([LDAP](./protocols/ldap/index.md), [OAuth](./protocols/oauth/index.md), [SAML](./protocols/saml/index.md), and [SCIM](./protocols/scim/index.md)) - [**Property mappings**](./property-mappings/index.md) or how to import data from a source - **Directory synchronization** (Active Directory, FreeIPA) - **Social logins** (Apple, Discord, Twitch, Twitter, and many others) diff --git a/website/docs/sources/property-mappings/expressions.md b/website/docs/users-sources/sources/property-mappings/expressions.md similarity index 86% rename from website/docs/sources/property-mappings/expressions.md rename to website/docs/users-sources/sources/property-mappings/expressions.md index aa01634761..922d1211c3 100644 --- a/website/docs/sources/property-mappings/expressions.md +++ b/website/docs/users-sources/sources/property-mappings/expressions.md @@ -10,12 +10,12 @@ The property mapping should return a value that is expected by the source. Retur - `properties`: A Python dictionary containing the result of the previously run property mappings, plus the initial data computed by the source. - `request`: The current request. This may be `None` if there is no contextual request. See ([Django documentation](https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects)) -import Objects from "../../expressions/\_objects.md"; +import Objects from "../../../expressions/\_objects.md"; ## Available Functions -import Functions from "../../expressions/\_functions.md"; +import Functions from "../../../expressions/\_functions.md"; diff --git a/website/docs/sources/property-mappings/index.md b/website/docs/users-sources/sources/property-mappings/index.md similarity index 87% rename from website/docs/sources/property-mappings/index.md rename to website/docs/users-sources/sources/property-mappings/index.md index ab8d8e295c..3517404007 100644 --- a/website/docs/sources/property-mappings/index.md +++ b/website/docs/users-sources/sources/property-mappings/index.md @@ -6,10 +6,10 @@ Source property mappings allow you to modify or gather extra information from so This page is an overview of how property mappings work. For information about specific protocol, please refer to each protocol page: -- [LDAP](../ldap/#ldap-source-property-mappings) -- [OAuth](../oauth/#oauth-source-property-mappings) -- [SAML](../saml/#saml-source-property-mappings) -- [SCIM](../scim/#scim-source-property-mappings) +- [LDAP](../protocols/ldap/index.md#ldap-source-property-mappings) +- [OAuth](../protocols/oauth/index.md#oauth-source-property-mappings) +- [SAML](../protocols/saml/index.md#saml-source-property-mappings) +- [SCIM](../protocols/scim/index.md#scim-source-property-mappings) ## Create a custom source property mapping @@ -35,7 +35,7 @@ return { } ``` -You can see that the expression returns a Python dictionary. The dictionary keys must match [User properties](../../user-group-role/user/user_ref.md#object-properties) or [Group properties](../../user-group-role/groups/group_ref.md#object-properties). Note that for users, `ak_groups` and `group_attributes` cannot be set. +You can see that the expression returns a Python dictionary. The dictionary keys must match [User properties](../../user/user_ref.md#object-properties) or [Group properties](../../groups/group_ref.md#object-properties). Note that for users, `ak_groups` and `group_attributes` cannot be set. See each source documentation for a reference of the available data. See the authentik [expressions documentation](./expressions.md) for available data and functions. diff --git a/website/docs/sources/ldap/index.md b/website/docs/users-sources/sources/protocols/ldap/index.md similarity index 95% rename from website/docs/sources/ldap/index.md rename to website/docs/users-sources/sources/protocols/ldap/index.md index 0fcc59253c..449b3b71b8 100644 --- a/website/docs/sources/ldap/index.md +++ b/website/docs/users-sources/sources/protocols/ldap/index.md @@ -5,9 +5,9 @@ title: LDAP Source Sources allow you to connect authentik to an existing user directory. This source allows you to import users and groups from an LDAP Server. :::info -For Active Directory, follow the [Active Directory Integration](../active-directory/) +For Active Directory, follow the [Active Directory Integration](../../directory-sync/active-directory/index.md) -For FreeIPA, follow the [FreeIPA Integration](../freeipa/) +For FreeIPA, follow the [FreeIPA Integration](../../directory-sync/freeipa/index.md) ::: ## Configuration options for LDAP sources @@ -71,7 +71,7 @@ To create or edit a source in authentik, open the Admin interface and navigate t ## LDAP source property mappings -See the [overview](../property-mappings/index.md) for information on how property mappings work. +See the [overview](../../property-mappings/index.md) for information on how property mappings work. By default, authentik ships with [pre-configured mappings](#built-in-property-mappings) for the most common LDAP setups. These mappings can be found on the LDAP Source Configuration page in the Admin interface. @@ -133,4 +133,4 @@ Be aware of the following security considerations when turning on this functiona ## Troubleshooting -To troubleshoot LDAP sources and their synchronization, see [LDAP Troubleshooting](../../../docs/troubleshooting/ldap_source). +To troubleshoot LDAP sources and their synchronization, see [LDAP Troubleshooting](../../../../troubleshooting/ldap_source.md). diff --git a/website/docs/sources/oauth/index.md b/website/docs/users-sources/sources/protocols/oauth/index.md similarity index 93% rename from website/docs/sources/oauth/index.md rename to website/docs/users-sources/sources/protocols/oauth/index.md index 2ab69973a8..ff575a51ad 100644 --- a/website/docs/sources/oauth/index.md +++ b/website/docs/users-sources/sources/protocols/oauth/index.md @@ -26,11 +26,11 @@ This URL is fetched upon saving the source, and all the URLs will be replaced by To simplify Machine-to-machine authentication, you can create an OAuth Source as "trusted" source of JWTs. Create a source and configure either the Well-known URL or the OIDC JWKS URL, or you can manually enter the JWKS data if you so desire. -Afterwards, this source can be selected in one or multiple OAuth2 providers, and any JWT issued by any of the configured sources' JWKS will be able to authenticate. To learn more about this, see [JWT-authentication](/docs/providers/oauth2/client_credentials#jwt-authentication). +Afterwards, this source can be selected in one or multiple OAuth2 providers, and any JWT issued by any of the configured sources' JWKS will be able to authenticate. To learn more about this, see [JWT-authentication](../../../../add-secure-apps/providers/oauth2/client_credentials#jwt-authentication). ## OAuth source property mappings -See the [overview](../property-mappings/index.md) for information on how property mappings work. +See the [overview](../../property-mappings/index.md) for information on how property mappings work. ### Expression data diff --git a/website/docs/sources/saml/index.md b/website/docs/users-sources/sources/protocols/saml/index.md similarity index 98% rename from website/docs/sources/saml/index.md rename to website/docs/users-sources/sources/protocols/saml/index.md index 90d988bd6e..d1b98585eb 100644 --- a/website/docs/sources/saml/index.md +++ b/website/docs/users-sources/sources/protocols/saml/index.md @@ -83,7 +83,7 @@ This will depend heavily on what software you are using for your IDP. On the Met ## SAML source property mappings -See the [overview](../property-mappings/index.md) for information on how property mappings work. +See the [overview](../../property-mappings/index.md) for information on how property mappings work. ### Expression data diff --git a/website/docs/sources/scim/index.md b/website/docs/users-sources/sources/protocols/scim/index.md similarity index 96% rename from website/docs/sources/scim/index.md rename to website/docs/users-sources/sources/protocols/scim/index.md index da61988ced..97738551c5 100644 --- a/website/docs/sources/scim/index.md +++ b/website/docs/users-sources/sources/protocols/scim/index.md @@ -30,7 +30,7 @@ There is also the `/v2/ServiceProviderConfig` and `/v2/ResourceTypes`, which is ## SCIM source property mappings -See the [overview](../property-mappings/index.md) for information on how property mappings work. +See the [overview](../../property-mappings/index.md) for information on how property mappings work. ### Expression data diff --git a/website/docs/sources/apple/app_id.png b/website/docs/users-sources/sources/social-logins/apple/app_id.png similarity index 100% rename from website/docs/sources/apple/app_id.png rename to website/docs/users-sources/sources/social-logins/apple/app_id.png diff --git a/website/docs/sources/apple/app_service_config.png b/website/docs/users-sources/sources/social-logins/apple/app_service_config.png similarity index 100% rename from website/docs/sources/apple/app_service_config.png rename to website/docs/users-sources/sources/social-logins/apple/app_service_config.png diff --git a/website/docs/sources/apple/index.md b/website/docs/users-sources/sources/social-logins/apple/index.md similarity index 94% rename from website/docs/sources/apple/index.md rename to website/docs/users-sources/sources/social-logins/apple/index.md index 29744e33f2..e7d70ba7ae 100644 --- a/website/docs/sources/apple/index.md +++ b/website/docs/users-sources/sources/social-logins/apple/index.md @@ -29,28 +29,28 @@ The following placeholders will be used: 5. Scroll down the list of capabilities, and check the box next to **Sign In with Apple**. 6. At the top, click **Continue** and **Register**. -![](app_id.png) +![](./app_id.png) 7. Register another new Identifier with the type of **Services IDs**. 8. Again, choose the same name as above for your **Description** field. 9. Use the same identifier as above, but add a suffix like `signin` or `oauth`, as identifiers are unique. 10. At the top, click **Continue** and **Register**. -![](service_id.png) +![](./service_id.png) 11. Once back at the overview list, click on the just-created Identifier. 12. Enable the checkbox next to **Sign In with Apple**, and click **Configure** 13. Under domains, enter `authentik.company`. 14. Under **Return URLs**, enter `https://authentik.company/source/oauth/callback/apple/`. -![](app_service_config.png) +![](./app_service_config.png) 15. Click on **Keys** in the sidebar. Register a new Key with any name, and select **Sign in with Apple**. 16. Click on **Configure**, and select the App ID you've created above. 17. At the top, click **Save**, **Continue** and **Register**. 18. Download the Key file and note the **Key ID**. -![](key.png) +![](./key.png) 19. Note the Team ID, visible at the top of the page. @@ -69,5 +69,5 @@ The following placeholders will be used: Save, and you now have Apple as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/sources/apple/key.png b/website/docs/users-sources/sources/social-logins/apple/key.png similarity index 100% rename from website/docs/sources/apple/key.png rename to website/docs/users-sources/sources/social-logins/apple/key.png diff --git a/website/docs/sources/apple/service_id.png b/website/docs/users-sources/sources/social-logins/apple/service_id.png similarity index 100% rename from website/docs/sources/apple/service_id.png rename to website/docs/users-sources/sources/social-logins/apple/service_id.png diff --git a/website/docs/sources/azure-ad/aad_01.png b/website/docs/users-sources/sources/social-logins/azure-ad/aad_01.png similarity index 100% rename from website/docs/sources/azure-ad/aad_01.png rename to website/docs/users-sources/sources/social-logins/azure-ad/aad_01.png diff --git a/website/docs/sources/azure-ad/authentik_01.png b/website/docs/users-sources/sources/social-logins/azure-ad/authentik_01.png similarity index 100% rename from website/docs/sources/azure-ad/authentik_01.png rename to website/docs/users-sources/sources/social-logins/azure-ad/authentik_01.png diff --git a/website/docs/sources/azure-ad/index.md b/website/docs/users-sources/sources/social-logins/azure-ad/index.md similarity index 94% rename from website/docs/sources/azure-ad/index.md rename to website/docs/users-sources/sources/social-logins/azure-ad/index.md index 5530d0c523..807b25ae7a 100644 --- a/website/docs/sources/azure-ad/index.md +++ b/website/docs/users-sources/sources/social-logins/azure-ad/index.md @@ -47,7 +47,7 @@ If you kept the default _Supported account types_ selection of _Single tenant_, Save, and you now have Azure AD as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). ::: ### Automatic user enrollment and attribute mapping @@ -55,7 +55,7 @@ For more details on how-to have the new source display on the Login Page see [he Using the following process you can auto-enroll your users without interaction, and directly control the mapping Azure attribute to authentik. attribute. -1. Create a new _Expression Policy_ (see [here](../../../docs/policies/) for details). +1. Create a new _Expression Policy_ (see [here](../../../../customize/policies/index.md) for details). 2. Use _azure-ad-mapping_ as the name. 3. Add the following code and adjust to your needs. @@ -99,7 +99,7 @@ context['prompt_data'] = current_prompt_data return True ``` -4. Create a new enrollment flow _azure-ad-enrollment_ (see [here](../../../docs/flow/) for details). +4. Create a new enrollment flow _azure-ad-enrollment_ (see [here](../../../../add-secure-apps/flows-stages/flow/index.md) for details). 5. Add the policy _default-source-enrollment-if-sso_ to the flow. To do so open the newly created flow. Click on the tab **Policy/Group/User Bindings**. Click on **Bind existing policy** and choose _default-source-enrollment-if-sso_ from the list. diff --git a/website/docs/sources/discord/discord1.png b/website/docs/users-sources/sources/social-logins/discord/discord1.png similarity index 100% rename from website/docs/sources/discord/discord1.png rename to website/docs/users-sources/sources/social-logins/discord/discord1.png diff --git a/website/docs/sources/discord/discord2.png b/website/docs/users-sources/sources/social-logins/discord/discord2.png similarity index 100% rename from website/docs/sources/discord/discord2.png rename to website/docs/users-sources/sources/social-logins/discord/discord2.png diff --git a/website/docs/sources/discord/discord3.png b/website/docs/users-sources/sources/social-logins/discord/discord3.png similarity index 100% rename from website/docs/sources/discord/discord3.png rename to website/docs/users-sources/sources/social-logins/discord/discord3.png diff --git a/website/docs/sources/discord/discord4.png b/website/docs/users-sources/sources/social-logins/discord/discord4.png similarity index 100% rename from website/docs/sources/discord/discord4.png rename to website/docs/users-sources/sources/social-logins/discord/discord4.png diff --git a/website/docs/sources/discord/index.md b/website/docs/users-sources/sources/social-logins/discord/index.md similarity index 98% rename from website/docs/sources/discord/index.md rename to website/docs/users-sources/sources/social-logins/discord/index.md index 42ccdc286a..26b6fc7a48 100644 --- a/website/docs/sources/discord/index.md +++ b/website/docs/users-sources/sources/social-logins/discord/index.md @@ -16,11 +16,11 @@ The following placeholders will be used: 1. Create an application in the Discord Developer Portal (This is Free) https://discord.com/developers/applications -![New Application Button](discord1.png) +![New Application Button](./discord1.png) 2. Name the Application -![Name App](discord2.png) +![Name App](./discord2.png) 3. Select **OAuth2** from the left Menu @@ -32,7 +32,7 @@ The following placeholders will be used: Here is an example of a completed OAuth2 screen for Discord. -![](discord3.png) +![](./discord3.png) ## authentik @@ -45,12 +45,12 @@ Here is an example of a completed OAuth2 screen for Discord. Here is an example of a complete authentik Discord OAuth Source -![](discord4.png) +![](./discord4.png) Save, and you now have Discord as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). ::: ### Checking for membership of a Discord Guild diff --git a/website/docs/sources/facebook/index.md b/website/docs/users-sources/sources/social-logins/facebook/index.md similarity index 97% rename from website/docs/sources/facebook/index.md rename to website/docs/users-sources/sources/social-logins/facebook/index.md index b00760efd6..6be043c120 100644 --- a/website/docs/sources/facebook/index.md +++ b/website/docs/users-sources/sources/social-logins/facebook/index.md @@ -70,5 +70,5 @@ Finally, you need to publish the Facebook app. You now have Facebook as a source. Verify by checking that appears on the **Directory -> Federation & Social login** page in authentik. :::note -For more details on how to display the new source on the authentik Login page refer to [Add Sources to default Login form](../index.md#add-sources-to-default-login-page). +For more details on how to display the new source on the authentik Login page refer to [Add Sources to default Login form](../../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/sources/github/github_org_membership.png b/website/docs/users-sources/sources/social-logins/github/github_org_membership.png similarity index 100% rename from website/docs/sources/github/github_org_membership.png rename to website/docs/users-sources/sources/social-logins/github/github_org_membership.png diff --git a/website/docs/sources/github/githubdeveloper1.png b/website/docs/users-sources/sources/social-logins/github/githubdeveloper1.png similarity index 100% rename from website/docs/sources/github/githubdeveloper1.png rename to website/docs/users-sources/sources/social-logins/github/githubdeveloper1.png diff --git a/website/docs/sources/github/githubdeveloperexample.png b/website/docs/users-sources/sources/social-logins/github/githubdeveloperexample.png similarity index 100% rename from website/docs/sources/github/githubdeveloperexample.png rename to website/docs/users-sources/sources/social-logins/github/githubdeveloperexample.png diff --git a/website/docs/sources/github/githubexample2.png b/website/docs/users-sources/sources/social-logins/github/githubexample2.png similarity index 100% rename from website/docs/sources/github/githubexample2.png rename to website/docs/users-sources/sources/social-logins/github/githubexample2.png diff --git a/website/docs/sources/github/index.md b/website/docs/users-sources/sources/social-logins/github/index.md similarity index 94% rename from website/docs/sources/github/index.md rename to website/docs/users-sources/sources/social-logins/github/index.md index 57fab9a850..c43419868b 100644 --- a/website/docs/sources/github/index.md +++ b/website/docs/users-sources/sources/social-logins/github/index.md @@ -17,7 +17,7 @@ The following placeholders will be used: 1. Create an OAuth app under Developer Settings https://github.com/settings/developers by clicking on the **Register a new application** -![Register OAuth App](githubdeveloper1.png) +![Register OAuth App](./githubdeveloper1.png) 2. **Application Name:** Choose a name users will recognize ie: authentik 3. **Homepage URL**:: www.my.company @@ -26,7 +26,7 @@ The following placeholders will be used: Example screenshot -![](githubdeveloperexample.png) +![](./githubdeveloperexample.png) 6. Copy the **Client ID** and _save it for later_ 7. Click **Generate a new client secret** and _save it for later_ You will not be able to see the secret again, so be sure to copy it now. @@ -42,12 +42,12 @@ Example screenshot Here is an example of a complete authentik Github OAuth Source -![](githubexample2.png) +![](./githubexample2.png) Save, and you now have Github as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). ::: ### Checking for membership of a GitHub Organisation authentik 2021.12.5.+ diff --git a/website/docs/sources/google/authentiksource.png b/website/docs/users-sources/sources/social-logins/google/authentiksource.png similarity index 100% rename from website/docs/sources/google/authentiksource.png rename to website/docs/users-sources/sources/social-logins/google/authentiksource.png diff --git a/website/docs/sources/google/googledeveloper1.png b/website/docs/users-sources/sources/social-logins/google/googledeveloper1.png similarity index 100% rename from website/docs/sources/google/googledeveloper1.png rename to website/docs/users-sources/sources/social-logins/google/googledeveloper1.png diff --git a/website/docs/sources/google/googledeveloper2.png b/website/docs/users-sources/sources/social-logins/google/googledeveloper2.png similarity index 100% rename from website/docs/sources/google/googledeveloper2.png rename to website/docs/users-sources/sources/social-logins/google/googledeveloper2.png diff --git a/website/docs/sources/google/googledeveloper3.png b/website/docs/users-sources/sources/social-logins/google/googledeveloper3.png similarity index 100% rename from website/docs/sources/google/googledeveloper3.png rename to website/docs/users-sources/sources/social-logins/google/googledeveloper3.png diff --git a/website/docs/sources/google/googledeveloper4.png b/website/docs/users-sources/sources/social-logins/google/googledeveloper4.png similarity index 100% rename from website/docs/sources/google/googledeveloper4.png rename to website/docs/users-sources/sources/social-logins/google/googledeveloper4.png diff --git a/website/docs/sources/google/googledeveloper5.png b/website/docs/users-sources/sources/social-logins/google/googledeveloper5.png similarity index 100% rename from website/docs/sources/google/googledeveloper5.png rename to website/docs/users-sources/sources/social-logins/google/googledeveloper5.png diff --git a/website/docs/sources/google/googledeveloper6.png b/website/docs/users-sources/sources/social-logins/google/googledeveloper6.png similarity index 100% rename from website/docs/sources/google/googledeveloper6.png rename to website/docs/users-sources/sources/social-logins/google/googledeveloper6.png diff --git a/website/docs/sources/google/index.md b/website/docs/users-sources/sources/social-logins/google/index.md similarity index 91% rename from website/docs/sources/google/index.md rename to website/docs/users-sources/sources/social-logins/google/index.md index 8fd9557b20..061049aa35 100644 --- a/website/docs/sources/google/index.md +++ b/website/docs/users-sources/sources/social-logins/google/index.md @@ -19,23 +19,23 @@ You will need to create a new project, and OAuth credentials in the Google Devel 1. Visit https://console.developers.google.com/ to create a new project 2. Create a New project. -![](googledeveloper1.png) +![](./googledeveloper1.png) 3. **Project Name**: Choose a name 4. **Organization**: Leave as default if unsure 5. **Location**: Leave as default if unsure -![](googledeveloper2.png) +![](./googledeveloper2.png) 6. Click **Create** 7. Choose your project from the drop down at the top 8. Click the **Credentials** menu item on the left. It looks like a key. -![](googledeveloper3.png) +![](./googledeveloper3.png) 9. Click on **Configure Consent Screen** -![](googledeveloper4.png) +![](./googledeveloper4.png) 10. **User Type:** If you do not have a Google Workspace (GSuite) account choose _External_. If you do have a Google Workspace (Gsuite) account and want to limit access to only users inside of your organization choose _Internal_ @@ -52,13 +52,13 @@ _I'm only going to list the mandatory/important fields to complete._ 19. Click **Create Credentials** on the top of the screen 20. Choose **OAuth Client ID** -![](googledeveloper5.png) +![](./googledeveloper5.png) 21. **Application Type:** Web Application 22. **Name:** Choose a name 23. **Authorized redirect URIs:** `https://authentik.company/source/oauth/callback/google/` -![](googledeveloper6.png) +![](./googledeveloper6.png) 24. Click **Create** 25. Copy and store _Your Client ID_ and _Your Client Secret_ for later @@ -74,12 +74,12 @@ _I'm only going to list the mandatory/important fields to complete._ Here is an example of a complete authentik Google OAuth Source -![](authentiksource.png) +![](./authentiksource.png) Save, and you now have Google as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). ::: ## Username mapping @@ -99,4 +99,4 @@ return False Afterwards, edit the source's enrollment flow (by default _default-source-enrollment_), expand the policies bound to the first stage (_default-source-enrollment-prompt_), and bind the policy created above. Make sure the newly created policy comes before _default-source-enrollment-if-username_. Afterwards, any new logins will automatically have their google email address used as their username. -This can be combined with disallowing users from changing their usernames, see [Configuration](../../../docs/core/settings#allow-users-to-change-username). +This can be combined with disallowing users from changing their usernames, see [Configuration](../../../../sys-mgmt/settings.md#allow-users-to-change-username). diff --git a/website/docs/sources/mailcow/index.md b/website/docs/users-sources/sources/social-logins/mailcow/index.md similarity index 85% rename from website/docs/sources/mailcow/index.md rename to website/docs/users-sources/sources/social-logins/mailcow/index.md index baffde79c8..40272294f3 100644 --- a/website/docs/sources/mailcow/index.md +++ b/website/docs/users-sources/sources/social-logins/mailcow/index.md @@ -17,23 +17,23 @@ The following placeholders will be used: 1. Log into mailcow as an admin and navigate to the OAuth2 Apps settings -![OAuth2 Apps menu](mailcow1.png) +![OAuth2 Apps menu](./mailcow1.png) 2. Click "Add OAuth2 Client" 3. Insert the redirect URL: `https://authentik.company/source/oauth/callback/mailcow/` -![Add OAuth2 CLient](mailcow2.png) +![Add OAuth2 CLient](./mailcow2.png) 4. Copy the **Client ID** and **Client secret** and _save it for later_ -![ClientID and Secret](mailcow3.png) +![ClientID and Secret](./mailcow3.png) ## authentik 5. Under _Directory -> Federation & Social login_ Click **Create > Mailcow OAuth Source** -![Mailcow OAuth Source](mailcow4.png) +![Mailcow OAuth Source](./mailcow4.png) 6. **Name:** Choose a name (For the example I used Mailcow) 7. **Slug:** mailcow (You can choose a different slug, if you do you will need to update the Mailcow redirect URL and point it to the correct slug.) @@ -45,10 +45,10 @@ The following placeholders will be used: Here is an example of a complete authentik Mailcow OAuth Source -![](mailcow5.png) +![](./mailcow5.png) Save, and you now have Mailcow as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/sources/mailcow/mailcow1.png b/website/docs/users-sources/sources/social-logins/mailcow/mailcow1.png similarity index 100% rename from website/docs/sources/mailcow/mailcow1.png rename to website/docs/users-sources/sources/social-logins/mailcow/mailcow1.png diff --git a/website/docs/sources/mailcow/mailcow2.png b/website/docs/users-sources/sources/social-logins/mailcow/mailcow2.png similarity index 100% rename from website/docs/sources/mailcow/mailcow2.png rename to website/docs/users-sources/sources/social-logins/mailcow/mailcow2.png diff --git a/website/docs/sources/mailcow/mailcow3.png b/website/docs/users-sources/sources/social-logins/mailcow/mailcow3.png similarity index 100% rename from website/docs/sources/mailcow/mailcow3.png rename to website/docs/users-sources/sources/social-logins/mailcow/mailcow3.png diff --git a/website/docs/sources/mailcow/mailcow4.png b/website/docs/users-sources/sources/social-logins/mailcow/mailcow4.png similarity index 100% rename from website/docs/sources/mailcow/mailcow4.png rename to website/docs/users-sources/sources/social-logins/mailcow/mailcow4.png diff --git a/website/docs/sources/mailcow/mailcow5.png b/website/docs/users-sources/sources/social-logins/mailcow/mailcow5.png similarity index 100% rename from website/docs/sources/mailcow/mailcow5.png rename to website/docs/users-sources/sources/social-logins/mailcow/mailcow5.png diff --git a/website/docs/sources/plex/index.md b/website/docs/users-sources/sources/social-logins/plex/index.md similarity index 84% rename from website/docs/sources/plex/index.md rename to website/docs/users-sources/sources/social-logins/plex/index.md index 572d2c33de..88447d73c1 100644 --- a/website/docs/sources/plex/index.md +++ b/website/docs/users-sources/sources/social-logins/plex/index.md @@ -23,12 +23,12 @@ Add _Plex_ as a _source_ Save, and you now have Plex as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). ::: ## Plex source property mappings -See the [overview](../property-mappings/index.md) for information on how property mappings work. +See the [overview](../../property-mappings/index.md) for information on how property mappings work. ### Expression data diff --git a/website/docs/sources/twitch/index.md b/website/docs/users-sources/sources/social-logins/twitch/index.md similarity index 84% rename from website/docs/sources/twitch/index.md rename to website/docs/users-sources/sources/social-logins/twitch/index.md index 577bc973c1..3b16554f73 100644 --- a/website/docs/sources/twitch/index.md +++ b/website/docs/users-sources/sources/social-logins/twitch/index.md @@ -16,7 +16,7 @@ The following placeholders will be used: 1. Click **Register Your Application** in the Twitch Developers Console https://dev.twitch.tv/console -![Register Your Application Button](twitch1.png) +![Register Your Application Button](./twitch1.png) 2. Name your Application @@ -26,11 +26,11 @@ The following placeholders will be used: 5. Click **Create** to finish the registration of your Application -![Create Application](twitch2.png) +![Create Application](./twitch2.png) 6. Click **Manage** on your newly created Application -![Manage Application](twitch3.png) +![Manage Application](./twitch3.png) 7. Copy your Client ID and save it for later @@ -38,7 +38,7 @@ The following placeholders will be used: 9. Copy the above Secret and also save it for later -![Copy Keys](twitch4.png) +![Copy Keys](./twitch4.png) ## authentik @@ -51,10 +51,10 @@ The following placeholders will be used: Here is an example of a complete authentik Twitch OAuth Source -![Authentik Source Example](twitch5.png) +![Authentik Source Example](./twitch5.png) Save, and you now have Twitch as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/sources/twitch/twitch1.png b/website/docs/users-sources/sources/social-logins/twitch/twitch1.png similarity index 100% rename from website/docs/sources/twitch/twitch1.png rename to website/docs/users-sources/sources/social-logins/twitch/twitch1.png diff --git a/website/docs/sources/twitch/twitch2.png b/website/docs/users-sources/sources/social-logins/twitch/twitch2.png similarity index 100% rename from website/docs/sources/twitch/twitch2.png rename to website/docs/users-sources/sources/social-logins/twitch/twitch2.png diff --git a/website/docs/sources/twitch/twitch3.png b/website/docs/users-sources/sources/social-logins/twitch/twitch3.png similarity index 100% rename from website/docs/sources/twitch/twitch3.png rename to website/docs/users-sources/sources/social-logins/twitch/twitch3.png diff --git a/website/docs/sources/twitch/twitch4.png b/website/docs/users-sources/sources/social-logins/twitch/twitch4.png similarity index 100% rename from website/docs/sources/twitch/twitch4.png rename to website/docs/users-sources/sources/social-logins/twitch/twitch4.png diff --git a/website/docs/sources/twitch/twitch5.png b/website/docs/users-sources/sources/social-logins/twitch/twitch5.png similarity index 100% rename from website/docs/sources/twitch/twitch5.png rename to website/docs/users-sources/sources/social-logins/twitch/twitch5.png diff --git a/website/docs/sources/twitter/index.md b/website/docs/users-sources/sources/social-logins/twitter/index.md similarity index 95% rename from website/docs/sources/twitter/index.md rename to website/docs/users-sources/sources/social-logins/twitter/index.md index e6b778836f..b79defa5f0 100644 --- a/website/docs/sources/twitter/index.md +++ b/website/docs/users-sources/sources/social-logins/twitter/index.md @@ -44,5 +44,5 @@ You will need to create a new project, and OAuth credentials in the Twitter Deve 5. **Consumer Secret:** Your Client Secret from step 25 :::note -For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/sources/twitter/twitter1.png b/website/docs/users-sources/sources/social-logins/twitter/twitter1.png similarity index 100% rename from website/docs/sources/twitter/twitter1.png rename to website/docs/users-sources/sources/social-logins/twitter/twitter1.png diff --git a/website/docs/sources/twitter/twitter2.png b/website/docs/users-sources/sources/social-logins/twitter/twitter2.png similarity index 100% rename from website/docs/sources/twitter/twitter2.png rename to website/docs/users-sources/sources/social-logins/twitter/twitter2.png diff --git a/website/docs/user-group-role/user/create_invite.png b/website/docs/users-sources/user/create_invite.png similarity index 100% rename from website/docs/user-group-role/user/create_invite.png rename to website/docs/users-sources/user/create_invite.png diff --git a/website/docs/user-group-role/user/index.mdx b/website/docs/users-sources/user/index.mdx similarity index 100% rename from website/docs/user-group-role/user/index.mdx rename to website/docs/users-sources/user/index.mdx diff --git a/website/docs/user-group-role/user/invitations.md b/website/docs/users-sources/user/invitations.md similarity index 94% rename from website/docs/user-group-role/user/invitations.md rename to website/docs/users-sources/user/invitations.md index bbb8736b26..b8de25ded5 100644 --- a/website/docs/user-group-role/user/invitations.md +++ b/website/docs/users-sources/user/invitations.md @@ -36,7 +36,7 @@ In the Admin UI, navigate to **Directory --> Invitations**, and then click **Cre - **Name**: provide a name for your invitation object. - **Expires**: select a date for when you want the invitation to expire. - **Flow**: in the drop-down menu, select the **default-enrollment-flow** Flow. -- **Custom attributes**: (_optional_) enter optional key/value pairs here, to pre-define any information about the user that you will invite to enroll. The data entered here is considered as a variable, specifically the `context['prompt_data']` variable. This data is read by the context flow's [prompt stage](../../flow/stages/prompt/index.md) in an expression policy. +- **Custom attributes**: (_optional_) enter optional key/value pairs here, to pre-define any information about the user that you will invite to enroll. The data entered here is considered as a variable, specifically the `context['prompt_data']` variable. This data is read by the context flow's [prompt stage](../../add-secure-apps/flows-stages/stages/prompt/index.md) in an expression policy. ![Create an invitation modal box](./create_invite.png) diff --git a/website/docs/user-group-role/user/user_basic_operations.md b/website/docs/users-sources/user/user_basic_operations.md similarity index 84% rename from website/docs/user-group-role/user/user_basic_operations.md rename to website/docs/users-sources/user/user_basic_operations.md index 0bbfb084f5..fc20a58a1f 100644 --- a/website/docs/user-group-role/user/user_basic_operations.md +++ b/website/docs/users-sources/user/user_basic_operations.md @@ -4,11 +4,11 @@ title: Manage users The following topics are for the basic management of users: how to create, modify, delete or deactivate users, and using a recovery email. -[Policies](../../policies/index.md) can be used to further manage how users are authenticated. For example, by default authentik does not require email addresses be unique, but you can use a policy to [enforce unique email addresses](../../policies/working_with_policies/unique_email.md). +[Policies](../../customize/policies/index.md) can be used to further manage how users are authenticated. For example, by default authentik does not require email addresses be unique, but you can use a policy to [enforce unique email addresses](../../customize/policies/working_with_policies/unique_email.md). ### Create a user -> If you want to automate user creation, you can do that either by [invitations](./invitations.md), [`user_write` stage](../../flow/stages/user_write), or [using the API](/developer-docs/api/reference/core-users-create). +> If you want to automate user creation, you can do that either by [invitations](./invitations.md), [`user_write` stage](../../add-secure-apps/flows-stages/stages/user_write.md), or [using the API](/docs/developer-docs/api/reference/core-users-create). 1. In the Admin interface of your authentik instance, select **Directory > Users** in the left side menu. 2. Select the folder where you want to create a user. @@ -21,7 +21,7 @@ The following topics are for the basic management of users: how to create, modif 5. Fill the **_optional_** fields if needed: - **Name**: The display name of the user. -- **Email**: The email address of the user. Email addresses are used in [email stages](../../flow/stages/email) and to receive [notifications](../../events/notifications), if configured. +- **Email**: The email address of the user. Email addresses are used in [email stages](../../add-secure-apps/flows-stages/stages/email/index.mdx) and to receive [notifications](../../sys-mgmt/events/notifications.md), if configured. - **Is active**: Define if the newly created user account is active. Selected by default. - **Attributes**: Custom attributes definition for the user, in YAML or JSON format. These attributes can be used to enforce additional prompts on authentication stages or define conditions to enforce specific policies if the current implementation does not fit your use case. The value is an empty dictionary by default. @@ -30,7 +30,7 @@ The following topics are for the basic management of users: how to create, modif You should see a confirmation pop-up on the top-right of the screen that the user has been created, and see the new user in the user list. You can directly click the username if you want to [modify your user](./user_basic_operations#modify-a-user). :::info -To create a super-user, you need to add the user to a group that has super-user permissions. For more information, refer to [Create a Group](../groups/manage_groups#create-a-group). +To create a super-user, you need to add the user to a group that has super-user permissions. For more information, refer to [Create a Group](../groups/manage_groups.md#create-a-group). ::: ### View user details @@ -48,7 +48,7 @@ To view details about a specific user: - **Session** shows the active sessions established by the user. If there is any need, you can clean up the connected devices for a user by selecting the device(s) and then clicking **Delete**. This forces the user to authenticate again on the deleted devices. - **Groups** allows you to manage the group membership of the user. You can find more details on [groups](../groups/index.mdx). - **User events** displays all the events generated by the user during a session, such as login, logout, application authorisation, password reset, user info update, etc. -- **Explicit consent** lists all the permissions the user has given explicitly to an application. Entries will only appear if the user is validating an [explicit consent flow in an OAuth2 provider](../../providers/oauth2/). If you want to delete the explicit consent (because the application is requiring new permissions, or the user has explicitly asked to reset his consent on third-party apps), select the applications and click **Delete**. The user will be asked to again give explicit consent to share information with the application. +- **Explicit consent** lists all the permissions the user has given explicitly to an application. Entries will only appear if the user is validating an [explicit consent flow in an OAuth2 provider](../../add-secure-apps/providers/oauth2/index.md). If you want to delete the explicit consent (because the application is requiring new permissions, or the user has explicitly asked to reset his consent on third-party apps), select the applications and click **Delete**. The user will be asked to again give explicit consent to share information with the application. - **OAuth Refresh Tokens** lists all the OAuth tokens currently distributed. You can remove the tokens by selecting the applications and then clicking **Delete**. - **MFA Authenticators** shows all the authentications that the user has registered to their user profile. You can remove the tokens if the user has lost their authenticator and want to enroll a new one. @@ -84,13 +84,13 @@ A pop-up will appear on your browser with the link for you to copy and to send t ### Automate email to a user -You can use our automated email to send a link with the URL for the user to reset their password. This option will only work if you have properly [configured a SMTP server during the installation](../../installation/docker-compose#email-configuration-optional-but-recommended) and set an email address for the user. +You can use our automated email to send a link with the URL for the user to reset their password. This option will only work if you have properly [configured a SMTP server during the installation](../../install-config/install/docker-compose.mdx#email-configuration-optional-but-recommended) and set an email address for the user. 1. In the Admin interface, navigate to **Directory > Users** to display all users. 2. Either click the name of the user to display the full User details page, or click the chevron beside their name to expand the toptions. 3. To send the automated email to the user, click **Email recovery link**. -If the user does not receive the email, check if the mail server parameters [are properly configured](../../troubleshooting/emails). +If the user does not receive the email, check if the mail server parameters [are properly configured](../../troubleshooting/emails.md). ### Reset the password for the user diff --git a/website/docs/user-group-role/user/user_ref.md b/website/docs/users-sources/user/user_ref.md similarity index 97% rename from website/docs/user-group-role/user/user_ref.md rename to website/docs/users-sources/user/user_ref.md index 93c83687f9..10f7d56cc2 100644 --- a/website/docs/user-group-role/user/user_ref.md +++ b/website/docs/users-sources/user/user_ref.md @@ -76,7 +76,7 @@ Format is string of format `days=10;hours=1;minute=3;seconds=5`. ### `goauthentik.io/user/debug`: -See [Troubleshooting access problems](../../troubleshooting/access), when set, the user gets a more detailed explanation of access decisions. +See [Troubleshooting access problems](../../troubleshooting/access.md), when set, the user gets a more detailed explanation of access decisions. ### `additionalHeaders`: diff --git a/website/docusaurus.config.ts b/website/docusaurus.config.ts index a37e0463d4..ce06d97ac3 100644 --- a/website/docusaurus.config.ts +++ b/website/docusaurus.config.ts @@ -17,14 +17,6 @@ module.exports = async function (): Promise { organizationName: "Authentik Security Inc.", projectName: "authentik", themeConfig: { - announcementBar: { - id: "new_docs_structure", - content: - 'Change is hard, especially when a familiar site gets re-arranged. But we think the new layout is easier to navigate. Take a preview peek at the upcoming new Docs structure!', - backgroundColor: "#cc0099", - textColor: "#ffffff", - isCloseable: false, - }, image: "img/social.png", navbar: { logo: { @@ -50,11 +42,6 @@ module.exports = async function (): Promise { label: "Integrations", position: "left", }, - { - to: "developer-docs/", - label: "Developer", - position: "left", - }, { to: "https://goauthentik.io/pricing/", label: "Pricing", @@ -105,6 +92,7 @@ module.exports = async function (): Promise { sidebarPath: "./sidebars.js", editUrl: "https://github.com/goauthentik/authentik/edit/main/website/", + docItemComponent: "@theme/ApiItem", remarkPlugins: [ [ remarkGithub, @@ -139,27 +127,15 @@ module.exports = async function (): Promise { "https://github.com/goauthentik/authentik/edit/main/website/", }, ], - [ - "@docusaurus/plugin-content-docs", - { - id: "docsDevelopers", - path: "developer-docs", - routeBasePath: "developer-docs", - sidebarPath: "./sidebarsDev.js", - docItemComponent: "@theme/ApiItem", - editUrl: - "https://github.com/goauthentik/authentik/edit/main/website/", - }, - ], [ "docusaurus-plugin-openapi-docs", { id: "api", - docsPluginId: "docsDevelopers", + docsPluginId: "docs", config: { authentik: { specPath: "static/schema.yaml", - outputDir: "developer-docs/api/reference/", + outputDir: "docs/developer-docs/api/reference/", hideSendButton: true, sidebarOptions: { groupPathsBy: "tag", diff --git a/website/integrations/index.mdx b/website/integrations/index.mdx index acb13d7d88..9029a94863 100644 --- a/website/integrations/index.mdx +++ b/website/integrations/index.mdx @@ -1,6 +1,5 @@ --- title: Integrations overview -slug: / --- There are two main types of integrations with authentik: **Applications** and **Sources**. @@ -15,6 +14,6 @@ authentik integrates with many applications. For a full list, and to learn more In addition to applications, authentik also integrates with external sources, including federated directories like Active Directory and through protocols such as LDAP, OAuth, SAML, and SCIM sources. Sources are a way for authentik to use external credentials for authentication and verification. Sources in authentik can also be used for social logins, using external providers such as Facebook, Twitter, etc. -To learn more, refer to the [Sources](../docs/sources) documentation. +To learn more, refer to the [Sources](https://docs.goauthentik.io/docs/users-sources/sources/index) documentation. ![](./sources-logo.png) diff --git a/website/integrations/services/home-assistant/index.md b/website/integrations/services/home-assistant/index.md index 70b91fa58f..797033acc0 100644 --- a/website/integrations/services/home-assistant/index.md +++ b/website/integrations/services/home-assistant/index.md @@ -43,7 +43,7 @@ The following placeholders will be used: - **Slug**: homeassistant - **Provider**: Home Assistant (the provider you created in step 1) -3. Create an outpost deployment for the provider you've created above, as described [here](../../../docs/outposts/). Deploy this Outpost either on the same host or a different host that can access Home Assistant. The outpost will connect to authentik and configure itself. +3. Create an outpost deployment for the provider you've created above, as described [here](https://docs.goauthentik.io/docs/add-secure-apps/outposts/index.md). Deploy this Outpost either on the same host or a different host that can access Home Assistant. The outpost will connect to authentik and configure itself. ## Home Assistant configuration diff --git a/website/integrations/services/minio/index.md b/website/integrations/services/minio/index.md index 326efa9f69..8749d36e9e 100644 --- a/website/integrations/services/minio/index.md +++ b/website/integrations/services/minio/index.md @@ -46,7 +46,7 @@ elif ak_is_group_member(request.user, name="Minio users"): return None ``` -Note that you can assign multiple policies to a user by returning a list, and returning `None` will map no policies to the user, resulting in no access to the MinIO instance. For more information on writing expressions, see [Expressions](../../../docs/providers/property-mappings/expression) and [User](../../../docs/user-group-role/user/user_ref#object-properties) docs. +Note that you can assign multiple policies to a user by returning a list, and returning `None` will map no policies to the user, resulting in no access to the MinIO instance. For more information on writing expressions, see [Expressions](/docs/add-secure-apps/providers/property-mappings/expression) and [User](/docs/users-sources/user/user_ref#object-properties) docs. ### Creating application and provider diff --git a/website/integrations/services/nextcloud/index.md b/website/integrations/services/nextcloud/index.md index 4a2c55eb82..4e333e2166 100644 --- a/website/integrations/services/nextcloud/index.md +++ b/website/integrations/services/nextcloud/index.md @@ -111,7 +111,7 @@ Create a provider for Nextcloud. In the Admin Interface, go to _Applications_ -> - `Nextcloud Profile` (or `authentik default Oauth Mapping profile` if you skipped the [custom profile scope](#custom-profile-scope) section) - Subject mode: Based on the User's UUID :::danger - Nextcloud will use the UUID as username. However, mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the subject mode to an username, [disable username changing](../../../docs/core/settings#allow-users-to-change-username) in authentik and set this to `Based on the User's username`. + Nextcloud will use the UUID as username. However, mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the subject mode to an username, [disable username changing](https://docs.goauthentik.io/sys-mgmt/settings.md#allow-users-to-change-username) in authentik and set this to `Based on the User's username`. ::: - Include claims in ID token: ✔️ @@ -249,7 +249,7 @@ Set the following values: - Attribute to map the UID to: `http://schemas.goauthentik.io/2021/02/saml/uid` :::danger - Nextcloud uses the UID attribute as username. However, mapping it to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the UID to an username, [disable username changing](../../../docs/core/settings#allow-users-to-change-username) in authentik and set the UID attribute to "http://schemas.goauthentik.io/2021/02/saml/username". + Nextcloud uses the UID attribute as username. However, mapping it to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the UID to an username, [disable username changing](https://docs.goauthentik.io/sys-mgmt/settings.md#allow-users-to-change-username) in authentik and set the UID attribute to "http://schemas.goauthentik.io/2021/02/saml/username". ::: - Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik` - Identifier of the IdP entity (must be a URI): `https://authentik.company` diff --git a/website/integrations/services/organizr/index.md b/website/integrations/services/organizr/index.md index 68638c51e6..a8c2362eb2 100644 --- a/website/integrations/services/organizr/index.md +++ b/website/integrations/services/organizr/index.md @@ -13,7 +13,7 @@ sidebar_label: organizr > > -- https://github.com/causefx/Organizr -This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](../../../docs/providers/ldap/generic_setup) for setting up the LDAP provider. +This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](https://docs.goauthentik.io/add-secure-apps/providers/ldap/generic_setup) for setting up the LDAP provider. ## Preparation @@ -77,5 +77,5 @@ LDAP Backend Type: `OpenLDAP` Access for authentik users is managed locally within organizr under _User Management_. By default, new users are assigned the `User` group. ::: :::tip -Consider front-ending your application with a [forward auth provider](../../../docs/providers/proxy/forward_auth) for an SSO experience. +Consider front-ending your application with a [forward auth provider](https://docs.goauthentik.io/docs/add-secure-apps/providers/proxy/forward_auth) for an SSO experience. ::: diff --git a/website/integrations/services/proftpd/index.md b/website/integrations/services/proftpd/index.md index d6aa5ebc4a..dc9586e32f 100644 --- a/website/integrations/services/proftpd/index.md +++ b/website/integrations/services/proftpd/index.md @@ -13,7 +13,7 @@ sidebar_label: ProFTPD > > -- From http://www.proftpd.org -This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](../../../docs/providers/ldap/generic_setup) for setting up the LDAP provider. +This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap/generic_setup) for setting up the LDAP provider. ## Preparation @@ -108,7 +108,7 @@ In this example, every user shares a single folder. If you want to have separate Additionally, note that each file will have Linux user and group ID `1000`. Beforehand, make sure that the respective Linux user exists (usually the first Linux user created receives ID `1000`). Check `/etc/passwd` and create a user if necessary. -If you do not set `LDAPForceDefaultUID`/`LDAPForceDefaultGID`, Authentik's `uidNumber` field will be used. If you do not set `LDAPGenerateHomedir`, Authentik's `homeDirectory` field will be used (`/home/$username`). For more information about default attributes provided by Authentik, refer to the [LDAP Provider documentation](../../../docs/providers/ldap). +If you do not set `LDAPForceDefaultUID`/`LDAPForceDefaultGID`, Authentik's `uidNumber` field will be used. If you do not set `LDAPGenerateHomedir`, Authentik's `homeDirectory` field will be used (`/home/$username`). For more information about default attributes provided by Authentik, refer to the [LDAP Provider documentation](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap). Make sure to read ProFTPD's [available LDAP options](http://www.proftpd.org/docs/contrib/mod_ldap.html). diff --git a/website/integrations/services/qnap-nas/index.md b/website/integrations/services/qnap-nas/index.md index 8e5d5d36c2..158c95510f 100644 --- a/website/integrations/services/qnap-nas/index.md +++ b/website/integrations/services/qnap-nas/index.md @@ -29,7 +29,7 @@ The following placeholders will be used: by authentik. Create an LDAP Provider if you don't already have one setup. -This guide assumes you will be running with TLS. See the [ldap provider docs](../../../docs/providers/ldap) for setting up SSL on the authentik side. +This guide assumes you will be running with TLS. See the [ldap provider docs](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap) for setting up SSL on the authentik side. Remember the `ldap.baseDN` you have configured for the provider as you'll need it in the sssd configuration. @@ -45,7 +45,7 @@ Max password length \<= 66 characters. ## Deployment -Create an outpost deployment for the provider you've created above, as described [here](../../../docs/outposts/). Deploy this Outpost either on the same host or a different host that your QNAP NAS can access. +Create an outpost deployment for the provider you've created above, as described [here](https://docs.goauthentik.io/docs/add-secure-apps/outposts/). Deploy this Outpost either on the same host or a different host that your QNAP NAS can access. The outpost will connect to authentik and configure itself. diff --git a/website/integrations/services/sonarr/index.md b/website/integrations/services/sonarr/index.md index d683747500..c8be7d30c2 100644 --- a/website/integrations/services/sonarr/index.md +++ b/website/integrations/services/sonarr/index.md @@ -40,7 +40,7 @@ Create an application in authentik and select the provider you've created above. ## Deployment -Create an outpost deployment for the provider you've created above, as described [here](../../../docs/outposts/). Deploy this Outpost either on the same host or a different host that can access Sonarr. +Create an outpost deployment for the provider you've created above, as described [here](https://docs.goauthentik.io/docs/add-secure-apps/outposts/). Deploy this Outpost either on the same host or a different host that can access Sonarr. The outpost will connect to authentik and configure itself. diff --git a/website/integrations/services/sssd/index.md b/website/integrations/services/sssd/index.md index 3de6428381..33de4d4a0b 100644 --- a/website/integrations/services/sssd/index.md +++ b/website/integrations/services/sssd/index.md @@ -37,7 +37,7 @@ The following placeholders will be used: Create an LDAP Provider if you don't already have one setup. This guide assumes you will be running with TLS and that you've correctly setup certificates both in authentik and on the host -running sssd. See the [ldap provider docs](../../../docs/providers/ldap) for setting up SSL on the authentik side. +running sssd. See the [ldap provider docs](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap) for setting up SSL on the authentik side. Remember the Base DN you have configured for the provider as you'll need it in the sssd configuration. @@ -48,7 +48,7 @@ to `ldap.searchGroup`. ## Deployment -Create an outpost deployment for the provider you've created above, as described [here](../../../docs/outposts/). Deploy this Outpost either on the same host or a different host that your +Create an outpost deployment for the provider you've created above, as described [here](https://docs.goauthentik.io/add-secure-apps/outposts). Deploy this Outpost either on the same host or a different host that your host(s) running sssd can access. The outpost will connect to authentik and configure itself. diff --git a/website/migratefile b/website/migratefile new file mode 100644 index 0000000000..4a0934ea05 --- /dev/null +++ b/website/migratefile @@ -0,0 +1,237 @@ +advanced/tenancy.md -> sys-mgmt/tenancy.md +applications/index.md -> add-secure-apps/applications/index.md +applications/manage_apps.md -> add-secure-apps/applications/manage_apps.md +core/architecture.md -> core/architecture.md +core/brands.md -> customize/brands.md +core/certificates.md -> sys-mgmt/certificates.md +core/geoip.mdx -> install-config/geoip.mdx +core/settings.md -> sys-mgmt/settings.md +core/terminology.md -> core/terminology.md +enterprise/entsupport.md -> enterprise/entsupport.md +enterprise/get-started.md -> enterprise/get-started.md +enterprise/index.md -> enterprise/index.md +enterprise/licenses-page-admin.png -> enterprise/licenses-page-admin.png +enterprise/manage-enterprise.md -> enterprise/manage-enterprise.md +events/event_matcher.png -> sys-mgmt/events/event_matcher.png +events/index.md -> sys-mgmt/events/index.md +events/notifications.md -> sys-mgmt/events/notifications.md +events/transports.md -> sys-mgmt/events/transports.md +flow/context/index.md -> add-secure-apps/flows-stages/flow/context/index.md +flow/create-flow.png -> add-secure-apps/flows-stages/flow/create-flow.png +flow/examples/flows.md -> add-secure-apps/flows-stages/flow/examples/flows.md +flow/examples/snippets.md -> add-secure-apps/flows-stages/flow/examples/snippets.md +flow/executors/headless.md -> add-secure-apps/flows-stages/flow/executors/headless.md +flow/executors/if-flow.md -> add-secure-apps/flows-stages/flow/executors/if-flow.md +flow/executors/sfe.md -> add-secure-apps/flows-stages/flow/executors/sfe.md +flow/executors/user-settings.md -> add-secure-apps/flows-stages/flow/executors/user-settings.md +flow/flow-inspector.png -> add-secure-apps/flows-stages/flow/flow-inspector.png +flow/index.md -> add-secure-apps/flows-stages/flow/index.md +flow/inspector.md -> add-secure-apps/flows-stages/flow/inspector.md +flow/layouts.md -> add-secure-apps/flows-stages/flow/layouts.md +flow/layouts/content_left.png -> add-secure-apps/flows-stages/flow/layouts/content_left.png +flow/layouts/content_right.png -> add-secure-apps/flows-stages/flow/layouts/content_right.png +flow/layouts/sidebar_left.png -> add-secure-apps/flows-stages/flow/layouts/sidebar_left.png +flow/layouts/sidebar_right.png -> add-secure-apps/flows-stages/flow/layouts/sidebar_right.png +flow/layouts/stacked.png -> add-secure-apps/flows-stages/flow/layouts/stacked.png +flow/simple_stages.png -> add-secure-apps/flows-stages/flow/simple_stages.png +flow/stages/authenticator_duo/index.md -> add-secure-apps/flows-stages/stages//authenticator_duo/index.md +flow/stages/authenticator_sms/index.md -> add-secure-apps/flows-stages/stages/authenticator_sms/index.md +flow/stages/authenticator_static/index.md -> add-secure-apps/flows-stages/stages/authenticator_static/index.md +flow/stages/authenticator_totp/index.md -> add-secure-apps/flows-stages/stages/authenticator_totp/index.md +flow/stages/authenticator_validate/index.md -> add-secure-apps/flows-stages/stages/authenticator_validate/index.md +flow/stages/authenticator_webauthn/index.md -> add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md +flow/stages/captcha/captcha-admin.png -> add-secure-apps/flows-stages/stages/captcha/captcha-admin.png +flow/stages/captcha/index.md -> add-secure-apps/flows-stages/stages/captcha/index.md +flow/stages/deny.md -> add-secure-apps/flows-stages/stages/deny.md +flow/stages/email/custom_template.png -> add-secure-apps/flows-stages/stages/email/custom_template.png +flow/stages/email/email_recovery.png -> add-secure-apps/flows-stages/stages/email/email_recovery.png +flow/stages/email/index.mdx -> add-secure-apps/flows-stages/stages/email/index.mdx +flow/stages/identification/index.md -> add-secure-apps/flows-stages/stages/identification/index.md +flow/stages/index.md -> add-secure-apps/flows-stages/stages/index.md +flow/stages/invitation/index.md -> add-secure-apps/flows-stages/stages/invitation/index.md +flow/stages/password/index.md -> add-secure-apps/flows-stages/stages/password/index.md +flow/stages/prompt/index.md -> add-secure-apps/flows-stages/stages/prompt/index.md +flow/stages/source/index.md -> add-secure-apps/flows-stages/stages/source/index.md +flow/stages/user_delete.md -> add-secure-apps/flows-stages/stages/user_delete.md +flow/stages/user_login/index.md -> add-secure-apps/flows-stages/stages/user_login/index.md +flow/stages/user_login/stay_signed_in.png -> add-secure-apps/flows-stages/stages/user_login/stay_signed_in.png +flow/stages/user_logout.md -> add-secure-apps/flows-stages/stages/user_logout.md +flow/stages/user_write.md -> add-secure-apps/flows-stages/stages/user_write.md +installation/air-gapped.mdx -> install-config/air-gapped.mdx +installation/automated-install.md -> install-config/automated-install.md +installation/beta.mdx -> install-config/beta.mdx +installation/configuration.mdx -> install-config/configuration/configuration.mdx +installation/dashboard.png -> install-config/dashboard.png +installation/docker-compose.mdx -> install-config/install/docker-compose.mdx +installation/index.mdx -> install-config/index.mdx +installation/kubernetes.md -> install-config/install/kubernetes.md +installation/monitoring.md -> sys-mgmt/ops/monitoring.md +installation/reverse-proxy.md -> install-config/reverse-proxy.md +installation/storage-s3.md -> install-config/storage-s3.md +installation/upgrade.mdx -> install-config/upgrade.mdx +installation/version1.png -> install-config/version1.png +interfaces/_global/customcss.mdx -> customize/interfaces/_global/customcss.mdx +interfaces/_global/global.mdx -> customize/interfaces/_global/global.mdx +interfaces/admin/customization.mdx -> customize/interfaces/admin/customization.mdx +interfaces/flow/customization.mdx -> customize/interfaces/flow/customization.mdx +interfaces/user/customization.mdx -> customize/interfaces/user/customization.mdx +outposts/_config.md -> add-secure-apps/outposts/_config.md +outposts/embedded/embedded.mdx -> add-secure-apps/outposts/embedded/embedded.mdx +outposts/index.mdx -> add-secure-apps/outposts/index.mdx +outposts/integrations/docker.md -> add-secure-apps/outposts/integrations/docker.md +outposts/integrations/kubernetes.md -> add-secure-apps/outposts/integrations/kubernetes.md +outposts/manual-deploy-docker-compose.md -> add-secure-apps/outposts/manual-deploy-docker-compose.md +outposts/manual-deploy-kubernetes.md -> add-secure-apps/outposts/manual-deploy-kubernetes.md +outposts/outpost-create.png -> add-secure-apps/outposts/outpost-create.png +outposts/upgrading.md -> add-secure-apps/outposts/upgrading.md +outposts/upgrading_outdated.png -> add-secure-apps/outposts/upgrading_outdated.png +policies/expression.mdx -> customize/policies/expression.mdx +policies/index.md -> customize/policies/index.md +policies/working_with_policies/unique_email.md -> customize/policies/working_with_policies/unique_email.md +policies/working_with_policies/whitelist_email.md -> customize/policies/working_with_policies/whitelist_email.md +policies/working_with_policies/working_with_policies.md -> customize/policies/working_with_policies/working_with_policies.md +providers/entra/add-entra-provider.md -> add-secure-apps/providers/entra/add-entra-provider.md +providers/entra/index.md -> add-secure-apps/providers/entra/index.md +providers/entra/setup-entra.md -> add-secure-apps/providers/entra/setup-entra.md +providers/gws/add-gws-provider.md -> add-secure-apps/providers/gws/add-gws-provider.md +providers/gws/index.md -> add-secure-apps/providers/gws/index.md +providers/gws/setup-gws.md -> add-secure-apps/providers/gws/setup-gws.md +providers/index.mdx -> add-secure-apps/providers/index.mdx +providers/ldap/general_setup1.png -> add-secure-apps/providers/ldap/general_setup1.png +providers/ldap/general_setup10.png -> add-secure-apps/providers/ldap/general_setup10.png +providers/ldap/general_setup11.png -> add-secure-apps/providers/ldap/general_setup11.png +providers/ldap/general_setup12.png -> add-secure-apps/providers/ldap/general_setup12.png +providers/ldap/general_setup13.png -> add-secure-apps/providers/ldap/general_setup13.png +providers/ldap/general_setup14.png -> add-secure-apps/providers/ldap/general_setup14.png +providers/ldap/general_setup15.png -> add-secure-apps/providers/ldap/general_setup15.png +providers/ldap/general_setup16.png -> add-secure-apps/providers/ldap/general_setup16.png +providers/ldap/general_setup2.png -> add-secure-apps/providers/ldap/general_setup2.png +providers/ldap/general_setup3.png -> add-secure-apps/providers/ldap/general_setup3.png +providers/ldap/general_setup4.png -> add-secure-apps/providers/ldap/general_setup4.png +providers/ldap/general_setup5.png -> add-secure-apps/providers/ldap/general_setup5.png +providers/ldap/general_setup6.png -> add-secure-apps/providers/ldap/general_setup6.png +providers/ldap/general_setup7.png -> add-secure-apps/providers/ldap/general_setup7.png +providers/ldap/general_setup8.png -> add-secure-apps/providers/ldap/general_setup8.png +providers/ldap/general_setup9.png -> add-secure-apps/providers/ldap/general_setup9.png +providers/ldap/generic_setup.md -> add-secure-apps/providers/ldap/generic_setup.md +providers/ldap/index.md -> add-secure-apps/providers/ldap/index.md +providers/oauth2/client_credentials.md -> add-secure-apps/providers/oauth2/client_credentials.md +providers/oauth2/device_code.md -> add-secure-apps/providers/oauth2/device_code.md +providers/oauth2/index.md -> add-secure-apps/providers/oauth2/index.md +providers/property-mappings/expression.mdx -> add-secure-apps/providers/property-mappings/expression.mdx +providers/property-mappings/index.md -> add-secure-apps/providers/property-mappings/index.md +providers/proxy/__placeholders.md -> add-secure-apps/providers/proxy/__placeholders.md +providers/proxy/_caddy_standalone.md -> add-secure-apps/providers/proxy/_caddy_standalone.md +providers/proxy/_envoy_istio.md -> add-secure-apps/providers/proxy/_envoy_istio.md +providers/proxy/_nginx_ingress.md -> add-secure-apps/providers/proxy/_nginx_ingress.md +providers/proxy/_nginx_proxy_manager.md -> add-secure-apps/providers/proxy/_nginx_proxy_manager.md +providers/proxy/_nginx_standalone.md -> add-secure-apps/providers/proxy/_nginx_standalone.md +providers/proxy/_traefik_compose.md -> add-secure-apps/providers/proxy/_traefik_compose.md +providers/proxy/_traefik_ingress.md -> add-secure-apps/providers/proxy/_traefik_ingress.md +providers/proxy/_traefik_standalone.md -> add-secure-apps/providers/proxy/_traefik_standalone.md +providers/proxy/custom_headers.md -> add-secure-apps/providers/proxy/custom_headers.md +providers/proxy/forward_auth.mdx -> add-secure-apps/providers/proxy/forward_auth.mdx +providers/proxy/header_authentication.md -> add-secure-apps/providers/proxy/header_authentication.md +providers/proxy/index.md -> add-secure-apps/providers/proxy/index.md +providers/proxy/server_caddy.mdx -> add-secure-apps/providers/proxy/server_caddy.mdx +providers/proxy/server_envoy.mdx -> add-secure-apps/providers/proxy/server_envoy.mdx +providers/proxy/server_nginx.mdx -> add-secure-apps/providers/proxy/server_nginx.mdx +providers/proxy/server_traefik.mdx -> add-secure-apps/providers/proxy/server_traefik.mdx +providers/rac/how-to-rac.md -> add-secure-apps/providers/rac/how-to-rac.md +providers/rac/index.md -> add-secure-apps/providers/rac/index.md +providers/rac/rac-v3.png -> add-secure-apps/providers/rac/rac-v3.png +providers/radius/index.mdx -> add-secure-apps/providers/radius/index.mdx +providers/saml/index.md -> add-secure-apps/providers/saml/index.md +providers/scim/index.md -> add-secure-apps/providers/scim/index.md +security/2023-06-cure53.md -> security/audits-and-certs/2023-06-cure53.md +security/CVE-2022-23555.md -> security/cves/CVE-2022-23555.md +security/CVE-2022-46145.md -> security/cves/CVE-2022-46145.md +security/CVE-2022-46172.md -> security/cves/CVE-2022-46172.md +security/CVE-2023-26481.md -> security/cves/CVE-2023-26481.md +security/CVE-2023-36456.md -> security/cves/CVE-2023-36456.md +security/CVE-2023-39522.md -> security/cves/CVE-2023-39522.md +security/CVE-2023-48228.md -> security/cves/CVE-2023-48228.md +security/CVE-2024-21637.md -> security/cves/CVE-2024-21637.md +security/CVE-2024-23647.md -> security/cves/CVE-2024-23647.md +security/CVE-2024-37905.md -> security/cves/CVE-2024-37905.md +security/CVE-2024-38371.md -> security/cves/CVE-2024-38371.md +security/GHSA-rjvp-29xq-f62w.md -> security/cves/GHSA-rjvp-29xq-f62w.md +sources/active-directory/01_user_create.png -> users-sources/sources/directory-sync/active-directory/01_user_create.png +sources/active-directory/02_delegate.png -> users-sources/sources/directory-sync/active-directory/02_delegate.png +sources/active-directory/03_additional_perms.png -> users-sources/sources/directory-sync/active-directory/03_additional_perms.png +sources/active-directory/10_ak_status.png -> users-sources/sources/directory-sync/active-directory/03_additional_perms.png +sources/active-directory/11_ak_stage.png -> users-sources/sources/directory-sync/active-directory/11_ak_stage.png +sources/active-directory/index.md -> users-sources/sources/directory-sync/active-directory/index.md +sources/apple/app_id.png -> users-sources/sources/social-logins/apple/app_id.png +sources/apple/app_service_config.png -> users-sources/sources/social-logins/apple/app_service_config.png +sources/apple/index.md -> users-sources/sources/social-logins/apple/index.md +sources/apple/key.png -> users-sources/sources/social-logins/apple/key.png +sources/apple/service_id.png -> users-sources/sources/social-logins/apple/service_id.png +sources/azure-ad/aad_01.png -> users-sources/sources/social-logins/azure-ad/aad_01.png +sources/azure-ad/authentik_01.png -> users-sources/sources/social-logins/azure-ad/authentik_01.png +sources/azure-ad/index.md -> users-sources/sources/social-logins/azure-ad/index.md +sources/discord/discord1.png -> users-sources/sources/social-logins/discord/discord1.png +sources/discord/discord2.png -> users-sources/sources/social-logins/discord/discord2.png +sources/discord/discord3.png -> users-sources/sources/social-logins/discord/discord3.png +sources/discord/discord4.png -> users-sources/sources/social-logins/discord/discord4.png +sources/discord/index.md -> users-sources/sources/social-logins/discord/index.md +sources/facebook/index.md -> users-sources/sources/social-logins/facebook/index.md +sources/freeipa/01_user_create.png -> users-sources/sources/directory-sync/freeipa/01_user_create.pn +sources/freeipa/02_user_roles.png -> users-sources/sources/directory-sync/freeipa/02_user_roles.png +sources/freeipa/03_add_user_role.png -> users-sources/sources/directory-sync/freeipa/03_add_user_role.png +sources/freeipa/04_source_settings_1.png -> users-sources/sources/directory-sync/freeipa/04_source_settings_1.png +sources/freeipa/05_source_settings_2.png -> users-sources/sources/directory-sync/freeipa/05_source_settings_2.png +sources/freeipa/06_sync_source.png -> users-sources/sources/directory-sync/freeipa/06_sync_source.png +sources/freeipa/07_password_stage.png -> users-sources/sources/directory-sync/freeipa/07_password_stage.png +sources/freeipa/index.md -> users-sources/sources/directory-sync/freeipa/index.md +sources/github/github_org_membership.png -> users-sources/sources/social-logins/github/github_org_membership.png +sources/github/githubdeveloper1.png -> users-sources/sources/social-logins/github/githubdeveloper1.png +sources/github/githubdeveloperexample.png -> users-sources/sources/social-logins/github/githubdeveloperexample.png +sources/github/githubexample2.png -> users-sources/sources/social-logins/github/githubexample2.png +sources/github/index.md -> users-sources/sources/social-logins/github/index.md +sources/google/authentiksource.png -> users-sources/sources/social-logins/google/authentiksource.png +sources/google/googledeveloper1.png -> users-sources/sources/social-logins/google/googledeveloper1.png +sources/google/googledeveloper2.png -> users-sources/sources/social-logins/google/googledeveloper2.png +sources/google/googledeveloper3.png -> users-sources/sources/social-logins/google/googledeveloper3.png +sources/google/googledeveloper4.png -> users-sources/sources/social-logins/google/googledeveloper4.png +sources/google/googledeveloper5.png -> users-sources/sources/social-logins/google/googledeveloper5.png +sources/google/googledeveloper6.png -> users-sources/sources/social-logins/google/googledeveloper6.png +sources/google/index.md -> users-sources/sources/social-logins/google/index.md +sources/index.md -> users-sources/sources/index.md +sources/ldap/index.md -> users-sources/sources/protocols/ldap/index.md +sources/mailcow/index.md -> users-sources/sources/social-logins/mailcow/index.md +sources/mailcow/mailcow1.png -> users-sources/sources/social-logins/mailcow/mailcow1.png +sources/mailcow/mailcow2.png -> users-sources/sources/social-logins/mailcow/mailcow2.png +sources/mailcow/mailcow3.png -> users-sources/sources/social-logins/mailcow/mailcow3.png +sources/mailcow/mailcow4.png -> users-sources/sources/social-logins/mailcow/mailcow4.png +sources/mailcow/mailcow5.png -> users-sources/sources/social-logins/mailcow/mailcow5.png +sources/oauth/index.md -> users-sources/sources/protocols/oauth/index.md +sources/plex/index.md -> users-sources/sources/social-logins/plex/index.md +sources/property-mappings/expressions.md -> users-sources/sources/property-mappings/expressions.md +sources/property-mappings/index.md -> users-sources/sources/property-mappings/index.md +sources/saml/index.md -> users-sources/sources/protocols/saml/index.md +sources/scim/index.md -> users-sources/sources/protocols/scim/index.md +sources/twitch/index.md -> users-sources/sources/social-logins/twitch/index.md +sources/twitch/twitch1.png -> users-sources/sources/social-logins/twitch/twitch1.png +sources/twitch/twitch2.png -> users-sources/sources/social-logins/twitch/twitch2.png +sources/twitch/twitch3.png -> users-sources/sources/social-logins/twitch/twitch3.png +sources/twitch/twitch4.png -> users-sources/sources/social-logins/twitch/twitch4.png +sources/twitch/twitch5.png -> users-sources/sources/social-logins/twitch/twitch5.png +sources/twitter/index.md -> users-sources/sources/social-logins/twitter/index.md +sources/twitter/twitter1.png -> users-sources/sources/social-logins/twitter/twitter1.png +sources/twitter/twitter2.png -> users-sources/sources/social-logins/twitter/twitter2.png +user-group-role/access-control/flow-page.png -> users-sources/access-control/flow-page.png +user-group-role/access-control/index.mdx -> users-sources/access-control/index.mdx +user-group-role/access-control/manage_permissions.md -> users-sources/access-control/manage_permissions.md +user-group-role/access-control/permissions.md -> users-sources/access-control/permissions.md +user-group-role/access-control/user-page.png -> users-sources/access-control/user-page.png +user-group-role/groups/group_ref.md -> users-sources/groups/group_ref.md +user-group-role/groups/index.mdx -> users-sources/groups/index.mdx +user-group-role/groups/manage_groups.md -> users-sources/groups/manage_groups.md +user-group-role/roles/index.mdx -> users-sources/roles/index.md +user-group-role/roles/manage_roles.md -> users-sources/roles/manage_roles.md +user-group-role/user/create_invite.png -> users-sources/user/create_invite.png +user-group-role/user/index.mdx -> users-sources/user/index.mdx +user-group-role/user/invitations.md -> users-sources/user/invitations.md +user-group-role/user/user_basic_operations.md -> users-sources/user/user_basic_operations.md +user-group-role/user/user_ref.md -> users-sources/user/user_ref.md diff --git a/website/netlify.toml b/website/netlify.toml index 00af61600f..8b3aa3d335 100644 --- a/website/netlify.toml +++ b/website/netlify.toml @@ -11,22 +11,22 @@ [[redirects]] from = "/docs/:firstPart/index" to = "/docs/:firstPart/" - status = 301 + status = 302 force = true [[redirects]] from = "/docs/:firstPart/:secondPart/index" to = "/docs/:firstPart/:secondPart/" - status = 301 + status = 302 force = true [[redirects]] from = "/integrations/:firstPart/index" to = "/integrations/:firstPart/" - status = 301 + status = 302 force = true [[redirects]] from = "/integrations/:firstPart/:secondPart/index" to = "/integrations/:firstPart/:secondPart/" - status = 301 + status = 302 force = true [[headers]] @@ -56,7 +56,1498 @@ from = "/docs/property-mappings/" to = "/docs/providers/property-mappings/" status = 302 + [[redirects]] from = "/docs/property-mappings/expression" to = "/docs/providers/property-mappings/expression" status = 302 + +# Migration to new structure with script Sept 2025 +[[redirects]] + from = "advanced/tenancy.md" + to = "sys-mgmt/tenancy.md" + status = 302 + force = true + +[[redirects]] + from = "applications/index.md" + to = "add-secure-apps/applications/index.md" + status = 302 + force = true + +[[redirects]] + from = "applications/manage_apps.md" + to = "add-secure-apps/applications/manage_apps.md" + status = 302 + force = true + +[[redirects]] + from = "core/brands.md" + to = "customize/brands.md" + status = 302 + force = true + +[[redirects]] + from = "core/certificates.md" + to = "sys-mgmt/certificates.md" + status = 302 + force = true + +[[redirects]] + from = "core/geoip.mdx" + to = "install-config/geoip.mdx" + status = 302 + force = true + +[[redirects]] + from = "core/settings.md" + to = "sys-mgmt/settings.md" + status = 302 + force = true + +[[redirects]] + from = "events/event_matcher.png" + to = "sys-mgmt/events/event_matcher.png" + status = 302 + force = true + +[[redirects]] + from = "events/index.md" + to = "sys-mgmt/events/index.md" + status = 302 + force = true + +[[redirects]] + from = "events/notifications.md" + to = "sys-mgmt/events/notifications.md" + status = 302 + force = true + +[[redirects]] + from = "events/transports.md" + to = "sys-mgmt/events/transports.md" + status = 302 + force = true + +[[redirects]] + from = "flow/context/index.md" + to = "add-secure-apps/flows-stages/flow/context/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/create-flow.png" + to = "add-secure-apps/flows-stages/flow/create-flow.png" + status = 302 + force = true + +[[redirects]] + from = "flow/examples/flows.md" + to = "add-secure-apps/flows-stages/flow/examples/flows.md" + status = 302 + force = true + +[[redirects]] + from = "flow/examples/snippets.md" + to = "add-secure-apps/flows-stages/flow/examples/snippets.md" + status = 302 + force = true + +[[redirects]] + from = "flow/executors/headless.md" + to = "add-secure-apps/flows-stages/flow/executors/headless.md" + status = 302 + force = true + +[[redirects]] + from = "flow/executors/if-flow.md" + to = "add-secure-apps/flows-stages/flow/executors/if-flow.md" + status = 302 + force = true + +[[redirects]] + from = "flow/executors/sfe.md" + to = "add-secure-apps/flows-stages/flow/executors/sfe.md" + status = 302 + force = true + +[[redirects]] + from = "flow/executors/user-settings.md" + to = "add-secure-apps/flows-stages/flow/executors/user-settings.md" + status = 302 + force = true + +[[redirects]] + from = "flow/flow-inspector.png" + to = "add-secure-apps/flows-stages/flow/flow-inspector.png" + status = 302 + force = true + +[[redirects]] + from = "flow/index.md" + to = "add-secure-apps/flows-stages/flow/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/inspector.md" + to = "add-secure-apps/flows-stages/flow/inspector.md" + status = 302 + force = true + +[[redirects]] + from = "flow/layouts.md" + to = "add-secure-apps/flows-stages/flow/layouts.md" + status = 302 + force = true + +[[redirects]] + from = "flow/layouts/content_left.png" + to = "add-secure-apps/flows-stages/flow/layouts/content_left.png" + status = 302 + force = true + +[[redirects]] + from = "flow/layouts/content_right.png" + to = "add-secure-apps/flows-stages/flow/layouts/content_right.png" + status = 302 + force = true + +[[redirects]] + from = "flow/layouts/sidebar_left.png" + to = "add-secure-apps/flows-stages/flow/layouts/sidebar_left.png" + status = 302 + force = true + +[[redirects]] + from = "flow/layouts/sidebar_right.png" + to = "add-secure-apps/flows-stages/flow/layouts/sidebar_right.png" + status = 302 + force = true + +[[redirects]] + from = "flow/layouts/stacked.png" + to = "add-secure-apps/flows-stages/flow/layouts/stacked.png" + status = 302 + force = true + +[[redirects]] + from = "flow/simple_stages.png" + to = "add-secure-apps/flows-stages/flow/simple_stages.png" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/authenticator_duo/index.md" + to = "add-secure-apps/flows-stages/stages//authenticator_duo/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/authenticator_sms/index.md" + to = "add-secure-apps/flows-stages/stages/authenticator_sms/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/authenticator_static/index.md" + to = "add-secure-apps/flows-stages/stages/authenticator_static/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/authenticator_totp/index.md" + to = "add-secure-apps/flows-stages/stages/authenticator_totp/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/authenticator_validate/index.md" + to = "add-secure-apps/flows-stages/stages/authenticator_validate/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/authenticator_webauthn/index.md" + to = "add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/captcha/captcha-admin.png" + to = "add-secure-apps/flows-stages/stages/captcha/captcha-admin.png" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/captcha/index.md" + to = "add-secure-apps/flows-stages/stages/captcha/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/deny.md" + to = "add-secure-apps/flows-stages/stages/deny.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/email/custom_template.png" + to = "add-secure-apps/flows-stages/stages/email/custom_template.png" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/email/email_recovery.png" + to = "add-secure-apps/flows-stages/stages/email/email_recovery.png" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/email/index.mdx" + to = "add-secure-apps/flows-stages/stages/email/index.mdx" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/identification/index.md" + to = "add-secure-apps/flows-stages/stages/identification/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/index.md" + to = "add-secure-apps/flows-stages/stages/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/invitation/index.md" + to = "add-secure-apps/flows-stages/stages/invitation/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/password/index.md" + to = "add-secure-apps/flows-stages/stages/password/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/prompt/index.md" + to = "add-secure-apps/flows-stages/stages/prompt/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/source/index.md" + to = "add-secure-apps/flows-stages/stages/source/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/user_delete.md" + to = "add-secure-apps/flows-stages/stages/user_delete.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/user_login/index.md" + to = "add-secure-apps/flows-stages/stages/user_login/index.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/user_login/stay_signed_in.png" + to = "add-secure-apps/flows-stages/stages/user_login/stay_signed_in.png" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/user_logout.md" + to = "add-secure-apps/flows-stages/stages/user_logout.md" + status = 302 + force = true + +[[redirects]] + from = "flow/stages/user_write.md" + to = "add-secure-apps/flows-stages/stages/user_write.md" + status = 302 + force = true + +[[redirects]] + from = "installation/air-gapped.mdx" + to = "install-config/air-gapped.mdx" + status = 302 + force = true + +[[redirects]] + from = "installation/automated-install.md" + to = "install-config/automated-install.md" + status = 302 + force = true + +[[redirects]] + from = "installation/beta.mdx" + to = "install-config/beta.mdx" + status = 302 + force = true + +[[redirects]] + from = "installation/configuration.mdx" + to = "install-config/configuration/configuration.mdx" + status = 302 + force = true + +[[redirects]] + from = "installation/dashboard.png" + to = "install-config/dashboard.png" + status = 302 + force = true + +[[redirects]] + from = "installation/docker-compose.mdx" + to = "install-config/install/docker-compose.mdx" + status = 302 + force = true + +[[redirects]] + from = "installation/index.mdx" + to = "install-config/index.mdx" + status = 302 + force = true + +[[redirects]] + from = "installation/kubernetes.md" + to = "install-config/install/kubernetes.md" + status = 302 + force = true + +[[redirects]] + from = "installation/monitoring.md" + to = "sys-mgmt/ops/monitoring.md" + status = 302 + force = true + +[[redirects]] + from = "installation/reverse-proxy.md" + to = "install-config/reverse-proxy.md" + status = 302 + force = true + +[[redirects]] + from = "installation/storage-s3.md" + to = "install-config/storage-s3.md" + status = 302 + force = true + +[[redirects]] + from = "installation/upgrade.mdx" + to = "install-config/upgrade.mdx" + status = 302 + force = true + +[[redirects]] + from = "installation/version1.png" + to = "install-config/version1.png" + status = 302 + force = true + +[[redirects]] + from = "interfaces/_global/customcss.mdx" + to = "customize/interfaces/_global/customcss.mdx" + status = 302 + force = true + +[[redirects]] + from = "interfaces/_global/global.mdx" + to = "customize/interfaces/_global/global.mdx" + status = 302 + force = true + +[[redirects]] + from = "interfaces/admin/customization.mdx" + to = "customize/interfaces/admin/customization.mdx" + status = 302 + force = true + +[[redirects]] + from = "interfaces/flow/customization.mdx" + to = "customize/interfaces/flow/customization.mdx" + status = 302 + force = true + +[[redirects]] + from = "interfaces/user/customization.mdx" + to = "customize/interfaces/user/customization.mdx" + status = 302 + force = true + +[[redirects]] + from = "outposts/_config.md" + to = "add-secure-apps/outposts/_config.md" + status = 302 + force = true + +[[redirects]] + from = "outposts/embedded/embedded.mdx" + to = "add-secure-apps/outposts/embedded/embedded.mdx" + status = 302 + force = true + +[[redirects]] + from = "outposts/index.mdx" + to = "add-secure-apps/outposts/index.mdx" + status = 302 + force = true + +[[redirects]] + from = "outposts/integrations/docker.md" + to = "add-secure-apps/outposts/integrations/docker.md" + status = 302 + force = true + +[[redirects]] + from = "outposts/integrations/kubernetes.md" + to = "add-secure-apps/outposts/integrations/kubernetes.md" + status = 302 + force = true + +[[redirects]] + from = "outposts/manual-deploy-docker-compose.md" + to = "add-secure-apps/outposts/manual-deploy-docker-compose.md" + status = 302 + force = true + +[[redirects]] + from = "outposts/manual-deploy-kubernetes.md" + to = "add-secure-apps/outposts/manual-deploy-kubernetes.md" + status = 302 + force = true + +[[redirects]] + from = "outposts/outpost-create.png" + to = "add-secure-apps/outposts/outpost-create.png" + status = 302 + force = true + +[[redirects]] + from = "outposts/upgrading.md" + to = "add-secure-apps/outposts/upgrading.md" + status = 302 + force = true + +[[redirects]] + from = "outposts/upgrading_outdated.png" + to = "add-secure-apps/outposts/upgrading_outdated.png" + status = 302 + force = true + +[[redirects]] + from = "policies/expression.mdx" + to = "customize/policies/expression.mdx" + status = 302 + force = true + +[[redirects]] + from = "policies/index.md" + to = "customize/policies/index.md" + status = 302 + force = true + +[[redirects]] + from = "policies/working_with_policies/unique_email.md" + to = "customize/policies/working_with_policies/unique_email.md" + status = 302 + force = true + +[[redirects]] + from = "policies/working_with_policies/whitelist_email.md" + to = "customize/policies/working_with_policies/whitelist_email.md" + status = 302 + force = true + +[[redirects]] + from = "policies/working_with_policies/working_with_policies.md" + to = "customize/policies/working_with_policies/working_with_policies.md" + status = 302 + force = true + +[[redirects]] + from = "providers/entra/add-entra-provider.md" + to = "add-secure-apps/providers/entra/add-entra-provider.md" + status = 302 + force = true + +[[redirects]] + from = "providers/entra/index.md" + to = "add-secure-apps/providers/entra/index.md" + status = 302 + force = true + +[[redirects]] + from = "providers/entra/setup-entra.md" + to = "add-secure-apps/providers/entra/setup-entra.md" + status = 302 + force = true + +[[redirects]] + from = "providers/gws/add-gws-provider.md" + to = "add-secure-apps/providers/gws/add-gws-provider.md" + status = 302 + force = true + +[[redirects]] + from = "providers/gws/index.md" + to = "add-secure-apps/providers/gws/index.md" + status = 302 + force = true + +[[redirects]] + from = "providers/gws/setup-gws.md" + to = "add-secure-apps/providers/gws/setup-gws.md" + status = 302 + force = true + +[[redirects]] + from = "providers/index.mdx" + to = "add-secure-apps/providers/index.mdx" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup1.png" + to = "add-secure-apps/providers/ldap/general_setup1.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup10.png" + to = "add-secure-apps/providers/ldap/general_setup10.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup11.png" + to = "add-secure-apps/providers/ldap/general_setup11.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup12.png" + to = "add-secure-apps/providers/ldap/general_setup12.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup13.png" + to = "add-secure-apps/providers/ldap/general_setup13.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup14.png" + to = "add-secure-apps/providers/ldap/general_setup14.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup15.png" + to = "add-secure-apps/providers/ldap/general_setup15.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup16.png" + to = "add-secure-apps/providers/ldap/general_setup16.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup2.png" + to = "add-secure-apps/providers/ldap/general_setup2.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup3.png" + to = "add-secure-apps/providers/ldap/general_setup3.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup4.png" + to = "add-secure-apps/providers/ldap/general_setup4.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup5.png" + to = "add-secure-apps/providers/ldap/general_setup5.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup6.png" + to = "add-secure-apps/providers/ldap/general_setup6.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup7.png" + to = "add-secure-apps/providers/ldap/general_setup7.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup8.png" + to = "add-secure-apps/providers/ldap/general_setup8.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/general_setup9.png" + to = "add-secure-apps/providers/ldap/general_setup9.png" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/generic_setup.md" + to = "add-secure-apps/providers/ldap/generic_setup.md" + status = 302 + force = true + +[[redirects]] + from = "providers/ldap/index.md" + to = "add-secure-apps/providers/ldap/index.md" + status = 302 + force = true + +[[redirects]] + from = "providers/oauth2/client_credentials.md" + to = "add-secure-apps/providers/oauth2/client_credentials.md" + status = 302 + force = true + +[[redirects]] + from = "providers/oauth2/device_code.md" + to = "add-secure-apps/providers/oauth2/device_code.md" + status = 302 + force = true + +[[redirects]] + from = "providers/oauth2/index.md" + to = "add-secure-apps/providers/oauth2/index.md" + status = 302 + force = true + +[[redirects]] + from = "providers/property-mappings/expression.mdx" + to = "add-secure-apps/providers/property-mappings/expression.mdx" + status = 302 + force = true + +[[redirects]] + from = "providers/property-mappings/index.md" + to = "add-secure-apps/providers/property-mappings/index.md" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/__placeholders.md" + to = "add-secure-apps/providers/proxy/__placeholders.md" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/_caddy_standalone.md" + to = "add-secure-apps/providers/proxy/_caddy_standalone.md" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/_envoy_istio.md" + to = "add-secure-apps/providers/proxy/_envoy_istio.md" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/_nginx_ingress.md" + to = "add-secure-apps/providers/proxy/_nginx_ingress.md" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/_nginx_proxy_manager.md" + to = "add-secure-apps/providers/proxy/_nginx_proxy_manager.md" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/_nginx_standalone.md" + to = "add-secure-apps/providers/proxy/_nginx_standalone.md" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/_traefik_compose.md" + to = "add-secure-apps/providers/proxy/_traefik_compose.md" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/_traefik_ingress.md" + to = "add-secure-apps/providers/proxy/_traefik_ingress.md" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/_traefik_standalone.md" + to = "add-secure-apps/providers/proxy/_traefik_standalone.md" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/custom_headers.md" + to = "add-secure-apps/providers/proxy/custom_headers.md" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/forward_auth.mdx" + to = "add-secure-apps/providers/proxy/forward_auth.mdx" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/header_authentication.md" + to = "add-secure-apps/providers/proxy/header_authentication.md" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/index.md" + to = "add-secure-apps/providers/proxy/index.md" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/server_caddy.mdx" + to = "add-secure-apps/providers/proxy/server_caddy.mdx" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/server_envoy.mdx" + to = "add-secure-apps/providers/proxy/server_envoy.mdx" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/server_nginx.mdx" + to = "add-secure-apps/providers/proxy/server_nginx.mdx" + status = 302 + force = true + +[[redirects]] + from = "providers/proxy/server_traefik.mdx" + to = "add-secure-apps/providers/proxy/server_traefik.mdx" + status = 302 + force = true + +[[redirects]] + from = "providers/rac/how-to-rac.md" + to = "add-secure-apps/providers/rac/how-to-rac.md" + status = 302 + force = true + +[[redirects]] + from = "providers/rac/index.md" + to = "add-secure-apps/providers/rac/index.md" + status = 302 + force = true + +[[redirects]] + from = "providers/rac/rac-v3.png" + to = "add-secure-apps/providers/rac/rac-v3.png" + status = 302 + force = true + +[[redirects]] + from = "providers/radius/index.mdx" + to = "add-secure-apps/providers/radius/index.mdx" + status = 302 + force = true + +[[redirects]] + from = "providers/saml/index.md" + to = "add-secure-apps/providers/saml/index.md" + status = 302 + force = true + +[[redirects]] + from = "providers/scim/index.md" + to = "add-secure-apps/providers/scim/index.md" + status = 302 + force = true + +[[redirects]] + from = "security/2023-06-cure53.md" + to = "security/audits-and-certs/2023-06-cure53.md" + status = 302 + force = true + +[[redirects]] + from = "security/CVE-2022-23555.md" + to = "security/cves/CVE-2022-23555.md" + status = 302 + force = true + +[[redirects]] + from = "security/CVE-2022-46145.md" + to = "security/cves/CVE-2022-46145.md" + status = 302 + force = true + +[[redirects]] + from = "security/CVE-2022-46172.md" + to = "security/cves/CVE-2022-46172.md" + status = 302 + force = true + +[[redirects]] + from = "security/CVE-2023-26481.md" + to = "security/cves/CVE-2023-26481.md" + status = 302 + force = true + +[[redirects]] + from = "security/CVE-2023-36456.md" + to = "security/cves/CVE-2023-36456.md" + status = 302 + force = true + +[[redirects]] + from = "security/CVE-2023-39522.md" + to = "security/cves/CVE-2023-39522.md" + status = 302 + force = true + +[[redirects]] + from = "security/CVE-2023-48228.md" + to = "security/cves/CVE-2023-48228.md" + status = 302 + force = true + +[[redirects]] + from = "security/CVE-2024-21637.md" + to = "security/cves/CVE-2024-21637.md" + status = 302 + force = true + +[[redirects]] + from = "security/CVE-2024-23647.md" + to = "security/cves/CVE-2024-23647.md" + status = 302 + force = true + +[[redirects]] + from = "security/CVE-2024-37905.md" + to = "security/cves/CVE-2024-37905.md" + status = 302 + force = true + +[[redirects]] + from = "security/CVE-2024-38371.md" + to = "security/cves/CVE-2024-38371.md" + status = 302 + force = true + +[[redirects]] + from = "security/GHSA-rjvp-29xq-f62w.md" + to = "security/cves/GHSA-rjvp-29xq-f62w.md" + status = 302 + force = true + +[[redirects]] + from = "sources/active-directory/01_user_create.png" + to = "users-sources/sources/directory-sync/active-directory/01_user_create.png" + status = 302 + force = true + +[[redirects]] + from = "sources/active-directory/02_delegate.png" + to = "users-sources/sources/directory-sync/active-directory/02_delegate.png" + status = 302 + force = true + +[[redirects]] + from = "sources/active-directory/03_additional_perms.png" + to = "users-sources/sources/directory-sync/active-directory/03_additional_perms.png" + status = 302 + force = true + +[[redirects]] + from = "sources/active-directory/10_ak_status.png" + to = "users-sources/sources/directory-sync/active-directory/03_additional_perms.png" + status = 302 + force = true + +[[redirects]] + from = "sources/active-directory/11_ak_stage.png" + to = "users-sources/sources/directory-sync/active-directory/11_ak_stage.png" + status = 302 + force = true + +[[redirects]] + from = "sources/active-directory/index.md" + to = "users-sources/sources/directory-sync/active-directory/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/apple/app_id.png" + to = "users-sources/sources/social-logins/apple/app_id.png" + status = 302 + force = true + +[[redirects]] + from = "sources/apple/app_service_config.png" + to = "users-sources/sources/social-logins/apple/app_service_config.png" + status = 302 + force = true + +[[redirects]] + from = "sources/apple/index.md" + to = "users-sources/sources/social-logins/apple/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/apple/key.png" + to = "users-sources/sources/social-logins/apple/key.png" + status = 302 + force = true + +[[redirects]] + from = "sources/apple/service_id.png" + to = "users-sources/sources/social-logins/apple/service_id.png" + status = 302 + force = true + +[[redirects]] + from = "sources/azure-ad/aad_01.png" + to = "users-sources/sources/social-logins/azure-ad/aad_01.png" + status = 302 + force = true + +[[redirects]] + from = "sources/azure-ad/authentik_01.png" + to = "users-sources/sources/social-logins/azure-ad/authentik_01.png" + status = 302 + force = true + +[[redirects]] + from = "sources/azure-ad/index.md" + to = "users-sources/sources/social-logins/azure-ad/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/discord/discord1.png" + to = "users-sources/sources/social-logins/discord/discord1.png" + status = 302 + force = true + +[[redirects]] + from = "sources/discord/discord2.png" + to = "users-sources/sources/social-logins/discord/discord2.png" + status = 302 + force = true + +[[redirects]] + from = "sources/discord/discord3.png" + to = "users-sources/sources/social-logins/discord/discord3.png" + status = 302 + force = true + +[[redirects]] + from = "sources/discord/discord4.png" + to = "users-sources/sources/social-logins/discord/discord4.png" + status = 302 + force = true + +[[redirects]] + from = "sources/discord/index.md" + to = "users-sources/sources/social-logins/discord/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/facebook/index.md" + to = "users-sources/sources/social-logins/facebook/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/freeipa/01_user_create.png" + to = "users-sources/sources/directory-sync/freeipa/01_user_create.pn" + status = 302 + force = true + +[[redirects]] + from = "sources/freeipa/02_user_roles.png" + to = "users-sources/sources/directory-sync/freeipa/02_user_roles.png" + status = 302 + force = true + +[[redirects]] + from = "sources/freeipa/03_add_user_role.png" + to = "users-sources/sources/directory-sync/freeipa/03_add_user_role.png" + status = 302 + force = true + +[[redirects]] + from = "sources/freeipa/04_source_settings_1.png" + to = "users-sources/sources/directory-sync/freeipa/04_source_settings_1.png" + status = 302 + force = true + +[[redirects]] + from = "sources/freeipa/05_source_settings_2.png" + to = "users-sources/sources/directory-sync/freeipa/05_source_settings_2.png" + status = 302 + force = true + +[[redirects]] + from = "sources/freeipa/06_sync_source.png" + to = "users-sources/sources/directory-sync/freeipa/06_sync_source.png" + status = 302 + force = true + +[[redirects]] + from = "sources/freeipa/07_password_stage.png" + to = "users-sources/sources/directory-sync/freeipa/07_password_stage.png" + status = 302 + force = true + +[[redirects]] + from = "sources/freeipa/index.md" + to = "users-sources/sources/directory-sync/freeipa/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/github/github_org_membership.png" + to = "users-sources/sources/social-logins/github/github_org_membership.png" + status = 302 + force = true + +[[redirects]] + from = "sources/github/githubdeveloper1.png" + to = "users-sources/sources/social-logins/github/githubdeveloper1.png" + status = 302 + force = true + +[[redirects]] + from = "sources/github/githubdeveloperexample.png" + to = "users-sources/sources/social-logins/github/githubdeveloperexample.png" + status = 302 + force = true + +[[redirects]] + from = "sources/github/githubexample2.png" + to = "users-sources/sources/social-logins/github/githubexample2.png" + status = 302 + force = true + +[[redirects]] + from = "sources/github/index.md" + to = "users-sources/sources/social-logins/github/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/google/authentiksource.png" + to = "users-sources/sources/social-logins/google/authentiksource.png" + status = 302 + force = true + +[[redirects]] + from = "sources/google/googledeveloper1.png" + to = "users-sources/sources/social-logins/google/googledeveloper1.png" + status = 302 + force = true + +[[redirects]] + from = "sources/google/googledeveloper2.png" + to = "users-sources/sources/social-logins/google/googledeveloper2.png" + status = 302 + force = true + +[[redirects]] + from = "sources/google/googledeveloper3.png" + to = "users-sources/sources/social-logins/google/googledeveloper3.png" + status = 302 + force = true + +[[redirects]] + from = "sources/google/googledeveloper4.png" + to = "users-sources/sources/social-logins/google/googledeveloper4.png" + status = 302 + force = true + +[[redirects]] + from = "sources/google/googledeveloper5.png" + to = "users-sources/sources/social-logins/google/googledeveloper5.png" + status = 302 + force = true + +[[redirects]] + from = "sources/google/googledeveloper6.png" + to = "users-sources/sources/social-logins/google/googledeveloper6.png" + status = 302 + force = true + +[[redirects]] + from = "sources/google/index.md" + to = "users-sources/sources/social-logins/google/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/index.md" + to = "users-sources/sources/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/ldap/index.md" + to = "users-sources/sources/protocols/ldap/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/mailcow/index.md" + to = "users-sources/sources/social-logins/mailcow/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/mailcow/mailcow1.png" + to = "users-sources/sources/social-logins/mailcow/mailcow1.png" + status = 302 + force = true + +[[redirects]] + from = "sources/mailcow/mailcow2.png" + to = "users-sources/sources/social-logins/mailcow/mailcow2.png" + status = 302 + force = true + +[[redirects]] + from = "sources/mailcow/mailcow3.png" + to = "users-sources/sources/social-logins/mailcow/mailcow3.png" + status = 302 + force = true + +[[redirects]] + from = "sources/mailcow/mailcow4.png" + to = "users-sources/sources/social-logins/mailcow/mailcow4.png" + status = 302 + force = true + +[[redirects]] + from = "sources/mailcow/mailcow5.png" + to = "users-sources/sources/social-logins/mailcow/mailcow5.png" + status = 302 + force = true + +[[redirects]] + from = "sources/oauth/index.md" + to = "users-sources/sources/protocols/oauth/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/plex/index.md" + to = "users-sources/sources/social-logins/plex/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/property-mappings/expressions.md" + to = "users-sources/sources/property-mappings/expressions.md" + status = 302 + force = true + +[[redirects]] + from = "sources/property-mappings/index.md" + to = "users-sources/sources/property-mappings/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/saml/index.md" + to = "users-sources/sources/protocols/saml/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/scim/index.md" + to = "users-sources/sources/protocols/scim/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/twitch/index.md" + to = "users-sources/sources/social-logins/twitch/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/twitch/twitch1.png" + to = "users-sources/sources/social-logins/twitch/twitch1.png" + status = 302 + force = true + +[[redirects]] + from = "sources/twitch/twitch2.png" + to = "users-sources/sources/social-logins/twitch/twitch2.png" + status = 302 + force = true + +[[redirects]] + from = "sources/twitch/twitch3.png" + to = "users-sources/sources/social-logins/twitch/twitch3.png" + status = 302 + force = true + +[[redirects]] + from = "sources/twitch/twitch4.png" + to = "users-sources/sources/social-logins/twitch/twitch4.png" + status = 302 + force = true + +[[redirects]] + from = "sources/twitch/twitch5.png" + to = "users-sources/sources/social-logins/twitch/twitch5.png" + status = 302 + force = true + +[[redirects]] + from = "sources/twitter/index.md" + to = "users-sources/sources/social-logins/twitter/index.md" + status = 302 + force = true + +[[redirects]] + from = "sources/twitter/twitter1.png" + to = "users-sources/sources/social-logins/twitter/twitter1.png" + status = 302 + force = true + +[[redirects]] + from = "sources/twitter/twitter2.png" + to = "users-sources/sources/social-logins/twitter/twitter2.png" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/access-control/flow-page.png" + to = "users-sources/access-control/flow-page.png" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/access-control/index.mdx" + to = "users-sources/access-control/index.mdx" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/access-control/manage_permissions.md" + to = "users-sources/access-control/manage_permissions.md" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/access-control/permissions.md" + to = "users-sources/access-control/permissions.md" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/access-control/user-page.png" + to = "users-sources/access-control/user-page.png" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/groups/group_ref.md" + to = "users-sources/groups/group_ref.md" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/groups/index.mdx" + to = "users-sources/groups/index.mdx" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/groups/manage_groups.md" + to = "users-sources/groups/manage_groups.md" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/roles/index.mdx" + to = "users-sources/roles/index.md" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/roles/manage_roles.md" + to = "users-sources/roles/manage_roles.md" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/user/create_invite.png" + to = "users-sources/user/create_invite.png" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/user/index.mdx" + to = "users-sources/user/index.mdx" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/user/invitations.md" + to = "users-sources/user/invitations.md" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/user/user_basic_operations.md" + to = "users-sources/user/user_basic_operations.md" + status = 302 + force = true + +[[redirects]] + from = "user-group-role/user/user_ref.md" + to = "users-sources/user/user_ref.md" + status = 302 + force = true + +# Manual redirects, moved Dev Docs into regular docs Sept 2024 +[[redirects]] + from = "/developer-docs/index.md" + to = "/docs/developer-docs/index.md" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/setup/full-dev-environment" + to = "/docs/developer-docs/setup/full-dev-environment" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/setup/frontend-dev-environment" + to = "/docs/developer-docs/setup/frontend-dev-environment" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/setup/website-dev-environment" + to = "/docs/developer-docs/setup/website-dev-environment" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/api/api" + to = "/docs/developer-docs/api/api" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/api/flow-executor" + to = "/docs/developer-docs/api/flow-executor" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/api/making-schema-changes" + to = "/docs/developer-docs/api/making-schema-changes" + status = 302 + force = true + +[[redirects]] + from = "/developer-docsapi/websocket" + to = "/docs/developer-docs/api/websocket" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/api/clients" + to = "/docs/developer-docs/api/clients" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/docs/writing-documentation" + to = "/docs/developer-docs/docs/writing-documentation" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/docs/style-guide" + to = "/docs/developer-docs/docs/style-guide" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/docs/templates/index" + to = "/docs/developer-docs/docs/templates/index" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/docs/templates/procedural" + to = "/docs/developer-docs/docs/templates/procedural" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/docs/templates/conceptual" + to = "/docs/developer-docs/docs/templates/conceptual" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/docs/templates/reference" + to = "/docs/developer-docs/docs/templates/reference" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/docs/templates/combo" + to = "/docs/developer-docs/docs/templates/combo" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/releases/index" + to = "/docs/developer-docs/releases/index" + status = 302 + force = true + +[[redirects]] + from = "/developer-docs/translation" + to = "/docs/developer-docs/translation" + status = 302 + force = true diff --git a/website/sidebars.js b/website/sidebars.js index aa5e755b6b..ac398d02ee 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -1,5 +1,6 @@ const generateVersionDropdown = require("./src/utils.js").generateVersionDropdown; +const apiReference = require("./docs/developer-docs/api/reference/sidebar"); const docsSidebar = { docs: [ @@ -12,37 +13,9 @@ const docsSidebar = { }, { type: "category", - label: "Installation", + label: "Core Concepts", collapsed: true, - link: { - type: "doc", - id: "installation/index", - }, - items: [ - "installation/docker-compose", - "installation/kubernetes", - "installation/upgrade", - "installation/beta", - "installation/configuration", - "installation/reverse-proxy", - "installation/automated-install", - "installation/air-gapped", - "installation/monitoring", - "installation/storage-s3", - ], - }, - { - type: "category", - label: "Core Concepts & Tasks", - collapsed: true, - items: [ - "core/terminology", - "core/brands", - "core/certificates", - "core/geoip", - "core/architecture", - "core/settings", - ], + items: ["core/terminology", "core/architecture"], }, { type: "category", @@ -60,321 +33,350 @@ const docsSidebar = { }, { type: "category", - label: "Applications", + label: "Installation and Configuration ", + collapsed: true, link: { type: "doc", - id: "applications/index", - }, - items: ["applications/manage_apps"], - }, - { - type: "category", - label: "Providers", - link: { - type: "doc", - id: "providers/index", + id: "install-config/index", }, items: [ { type: "category", - label: "OAuth2 Provider", - link: { - type: "doc", - id: "providers/oauth2/index", - }, + label: "Installation", + collapsed: true, items: [ - "providers/oauth2/client_credentials", - "providers/oauth2/device_code", - ], - }, - "providers/saml/index", - { - type: "category", - label: "Google Workspace Provider", - link: { - type: "doc", - id: "providers/gws/index", - }, - items: [ - "providers/gws/setup-gws", - "providers/gws/add-gws-provider", + "install-config/install/docker-compose", + "install-config/install/kubernetes", ], }, { type: "category", - label: "LDAP Provider", + label: "Configuration", link: { type: "doc", - id: "providers/ldap/index", + id: "install-config/configuration/configuration", }, - items: ["providers/ldap/generic_setup"], + items: [], + }, + "install-config/upgrade", + "install-config/beta", + "install-config/reverse-proxy", + "install-config/geoip", + "install-config/automated-install", + "install-config/air-gapped", + "install-config/storage-s3", + ], + }, + { + type: "category", + label: "Add and Secure Applications", + collapsed: true, + items: [ + { + type: "category", + label: "Applications", + link: { + type: "doc", + id: "add-secure-apps/applications/index", + }, + items: ["add-secure-apps/applications/manage_apps"], }, { type: "category", - label: "Microsoft Entra ID Provider", + label: "Providers", link: { type: "doc", - id: "providers/entra/index", + id: "add-secure-apps/providers/index", }, items: [ - "providers/entra/setup-entra", - "providers/entra/add-entra-provider", - ], - }, - "providers/radius/index", - { - type: "category", - label: "Proxy Provider", - link: { - type: "doc", - id: "providers/proxy/index", - }, - items: [ - "providers/proxy/custom_headers", - "providers/proxy/header_authentication", { type: "category", - label: "Forward authentication", + label: "Property Mappings", link: { type: "doc", - id: "providers/proxy/forward_auth", + id: "add-secure-apps/providers/property-mappings/index", }, items: [ - "providers/proxy/server_nginx", - "providers/proxy/server_traefik", - "providers/proxy/server_envoy", - "providers/proxy/server_caddy", + "add-secure-apps/providers/property-mappings/expression", + , + ], + }, + { + type: "category", + label: "Google Workspace Provider", + link: { + type: "doc", + id: "add-secure-apps/providers/gws/index", + }, + items: [ + "add-secure-apps/providers/gws/setup-gws", + "add-secure-apps/providers/gws/add-gws-provider", + ], + }, + { + type: "category", + label: "LDAP Provider", + link: { + type: "doc", + id: "add-secure-apps/providers/ldap/index", + }, + items: [ + "add-secure-apps/providers/ldap/generic_setup", + ], + }, + { + type: "category", + label: "Microsoft Entra ID Provider", + link: { + type: "doc", + id: "add-secure-apps/providers/entra/index", + }, + items: [ + "add-secure-apps/providers/entra/setup-entra", + "add-secure-apps/providers/entra/add-entra-provider", + ], + }, + { + type: "category", + label: "OAuth2 Provider", + link: { + type: "doc", + id: "add-secure-apps/providers/oauth2/index", + }, + items: [ + "add-secure-apps/providers/oauth2/client_credentials", + "add-secure-apps/providers/oauth2/device_code", + ], + }, + "add-secure-apps/providers/saml/index", + "add-secure-apps/providers/radius/index", + { + type: "category", + label: "Proxy Provider", + link: { + type: "doc", + id: "add-secure-apps/providers/proxy/index", + }, + items: [ + "add-secure-apps/providers/proxy/custom_headers", + "add-secure-apps/providers/proxy/header_authentication", + { + type: "category", + label: "Forward authentication", + link: { + type: "doc", + id: "add-secure-apps/providers/proxy/forward_auth", + }, + items: [ + "add-secure-apps/providers/proxy/server_nginx", + "add-secure-apps/providers/proxy/server_traefik", + "add-secure-apps/providers/proxy/server_envoy", + "add-secure-apps/providers/proxy/server_caddy", + ], + }, + ], + }, + "add-secure-apps/providers/scim/index", + { + type: "category", + label: "RAC (Remote Access Control) Provider", + link: { + type: "doc", + id: "add-secure-apps/providers/rac/index", + }, + items: ["add-secure-apps/providers/rac/how-to-rac"], + }, + ], + }, + { + type: "category", + label: "Flows and Stages", + collapsed: true, + items: [ + { + type: "category", + label: "Flows", + link: { + type: "doc", + id: "add-secure-apps/flows-stages/flow/index", + }, + items: [ + "add-secure-apps/flows-stages/flow/layouts", + "add-secure-apps/flows-stages/flow/inspector", + "add-secure-apps/flows-stages/flow/context/index", + { + type: "category", + label: "Examples", + items: [ + "add-secure-apps/flows-stages/flow/examples/flows", + "add-secure-apps/flows-stages/flow/examples/snippets", + ], + }, + { + type: "category", + label: "Executors", + items: [ + "add-secure-apps/flows-stages/flow/executors/if-flow", + "add-secure-apps/flows-stages/flow/executors/sfe", + "add-secure-apps/flows-stages/flow/executors/user-settings", + "add-secure-apps/flows-stages/flow/executors/headless", + ], + }, + ], + }, + { + type: "category", + label: "Stages", + link: { + type: "doc", + id: "add-secure-apps/flows-stages/stages/index", + }, + items: [ + "add-secure-apps/flows-stages/stages/authenticator_duo/index", + "add-secure-apps/flows-stages/stages/authenticator_sms/index", + "add-secure-apps/flows-stages/stages/authenticator_static/index", + "add-secure-apps/flows-stages/stages/authenticator_totp/index", + "add-secure-apps/flows-stages/stages/authenticator_validate/index", + "add-secure-apps/flows-stages/stages/authenticator_webauthn/index", + "add-secure-apps/flows-stages/stages/captcha/index", + "add-secure-apps/flows-stages/stages/deny", + "add-secure-apps/flows-stages/stages/email/index", + "add-secure-apps/flows-stages/stages/identification/index", + "add-secure-apps/flows-stages/stages/invitation/index", + "add-secure-apps/flows-stages/stages/password/index", + "add-secure-apps/flows-stages/stages/prompt/index", + "add-secure-apps/flows-stages/stages/source/index", + "add-secure-apps/flows-stages/stages/user_delete", + "add-secure-apps/flows-stages/stages/user_login/index", + "add-secure-apps/flows-stages/stages/user_logout", + "add-secure-apps/flows-stages/stages/user_write", ], }, ], }, - "providers/scim/index", { type: "category", - label: "RAC (Remote Access Control) Provider", + label: "Outposts", link: { type: "doc", - id: "providers/rac/index", + id: "add-secure-apps/outposts/index", }, - items: ["providers/rac/how-to-rac"], - }, - { - type: "category", - label: "Property Mappings", - link: { - type: "doc", - id: "providers/property-mappings/index", - }, - items: ["providers/property-mappings/expression"], + items: [ + "add-secure-apps/outposts/embedded/embedded", + { + type: "category", + label: "Integrations", + items: [ + "add-secure-apps/outposts/integrations/docker", + "add-secure-apps/outposts/integrations/kubernetes", + ], + }, + { + type: "category", + label: "Running and upgrading", + items: [ + "add-secure-apps/outposts/manual-deploy-docker-compose", + "add-secure-apps/outposts/manual-deploy-kubernetes", + "add-secure-apps/outposts/upgrading", + ], + }, + "add-secure-apps/outposts/manual-deploy-docker-compose", + "add-secure-apps/outposts/manual-deploy-kubernetes", + ], }, ], }, { type: "category", - label: "Sources", + label: "Customize your instance", collapsed: true, - link: { - type: "doc", - id: "sources/index", - }, items: [ { type: "category", - label: "Protocols", - items: [ - "sources/ldap/index", - "sources/oauth/index", - "sources/saml/index", - "sources/scim/index", - ], - }, - { - type: "category", - label: "Property Mappings", + label: "Policies", + collapsed: true, link: { type: "doc", - id: "sources/property-mappings/index", + id: "customize/policies/index", }, - items: ["sources/property-mappings/expressions"], - }, - { - type: "category", - label: "Directory synchronization", items: [ - "sources/active-directory/index", - "sources/freeipa/index", + { + type: "category", + label: "Working with Policies", + link: { + type: "doc", + id: "customize/policies/working_with_policies/working_with_policies", + }, + items: [ + "customize/policies/working_with_policies/unique_email", + "customize/policies/working_with_policies/whitelist_email", + ], + }, ], }, { type: "category", - label: "Social Logins", + label: "Interfaces", items: [ - "sources/apple/index", - "sources/azure-ad/index", - "sources/discord/index", - "sources/facebook/index", - "sources/github/index", - "sources/google/index", - "sources/mailcow/index", - "sources/twitch/index", - "sources/plex/index", - "sources/twitter/index", - ], - }, - ], - }, - { - type: "category", - label: "Outposts", - link: { - type: "doc", - id: "outposts/index", - }, - items: [ - "outposts/embedded/embedded", - { - type: "category", - label: "Integrations", - items: [ - "outposts/integrations/docker", - "outposts/integrations/kubernetes", + { + type: "category", + label: "Flow", + items: ["customize/interfaces/flow/customization"], + }, + { + type: "category", + label: "User", + items: ["customize/interfaces/user/customization"], + }, + { + type: "category", + label: "Admin", + items: ["customize/interfaces/admin/customization"], + }, ], }, { type: "category", - label: "Running and upgrading", - items: [ - "outposts/manual-deploy-docker-compose", - "outposts/manual-deploy-kubernetes", - "outposts/upgrading", - ], - }, - ], - }, - { - type: "category", - label: "Flows", - link: { - type: "doc", - id: "flow/index", - }, - items: [ - "flow/layouts", - "flow/inspector", - "flow/context/index", - { - type: "category", - label: "Examples", - items: ["flow/examples/flows", "flow/examples/snippets"], - }, - { - type: "category", - label: "Executors", - items: [ - "flow/executors/if-flow", - "flow/executors/sfe", - "flow/executors/user-settings", - "flow/executors/headless", - ], - }, - ], - }, - { - type: "category", - label: "Stages", - link: { - type: "doc", - id: "flow/stages/index", - }, - items: [ - "flow/stages/authenticator_duo/index", - "flow/stages/authenticator_sms/index", - "flow/stages/authenticator_static/index", - "flow/stages/authenticator_totp/index", - "flow/stages/authenticator_validate/index", - "flow/stages/authenticator_webauthn/index", - "flow/stages/captcha/index", - "flow/stages/deny", - "flow/stages/email/index", - "flow/stages/identification/index", - "flow/stages/invitation/index", - "flow/stages/password/index", - "flow/stages/prompt/index", - "flow/stages/source/index", - "flow/stages/user_delete", - "flow/stages/user_login/index", - "flow/stages/user_logout", - "flow/stages/user_write", - ], - }, - { - type: "category", - label: "Policies", - link: { - type: "doc", - id: "policies/index", - }, - items: [ - { - type: "category", - label: "Working with policies", + label: "Blueprints", link: { type: "doc", - id: "policies/working_with_policies/working_with_policies", + id: "customize/blueprints/index", }, items: [ - "policies/working_with_policies/whitelist_email", - "policies/working_with_policies/unique_email", + "customize/blueprints/export", + "customize/blueprints/v1/structure", + "customize/blueprints/v1/tags", + "customize/blueprints/v1/example", + { + type: "category", + label: "Models", + link: { + type: "doc", + id: "customize/blueprints/v1/models", + }, + items: ["customize/blueprints/v1/meta"], + }, ], }, - "policies/expression", + "customize/brands", ], }, { type: "category", - label: "Events", - link: { - type: "doc", - id: "events/index", - }, - items: ["events/notifications", "events/transports"], - }, - { - type: "category", - label: "Interfaces", - items: [ - { - type: "category", - label: "Flow", - items: ["interfaces/flow/customization"], - }, - { - type: "category", - label: "User", - items: ["interfaces/user/customization"], - }, - { - type: "category", - label: "Admin", - items: ["interfaces/admin/customization"], - }, - ], - }, - { - type: "category", - label: "Users, Groups, & Roles", + label: "Manage Users and Sources", + collapsed: true, items: [ { type: "category", label: "Users", link: { type: "doc", - id: "user-group-role/user/index", + id: "users-sources/user/index", }, items: [ - "user-group-role/user/user_basic_operations", - "user-group-role/user/user_ref", - "user-group-role/user/invitations", + "users-sources/user/user_basic_operations", + "users-sources/user/user_ref", + "users-sources/user/invitations", ], }, { @@ -382,11 +384,11 @@ const docsSidebar = { label: "Groups", link: { type: "doc", - id: "user-group-role/groups/index", + id: "users-sources/groups/index", }, items: [ - "user-group-role/groups/manage_groups", - "user-group-role/groups/group_ref", + "users-sources/groups/manage_groups", + "users-sources/groups/group_ref", ], }, { @@ -394,78 +396,213 @@ const docsSidebar = { label: "Roles", link: { type: "doc", - id: "user-group-role/roles/index", + id: "users-sources/roles/index", }, - items: ["user-group-role/roles/manage_roles"], + items: ["users-sources/roles/manage_roles"], }, { type: "category", - label: "Access control", + label: "Access Control", link: { type: "doc", - id: "user-group-role/access-control/index", + id: "users-sources/access-control/index", }, items: [ - "user-group-role/access-control/permissions", - "user-group-role/access-control/manage_permissions", + "users-sources/access-control/permissions", + "users-sources/access-control/manage_permissions", + ], + }, + { + type: "category", + label: "Federated and Social Sources", + collapsed: true, + link: { + type: "doc", + id: "users-sources/sources/index", + }, + items: [ + { + type: "category", + label: "Protocols", + collapsed: true, + items: [ + "users-sources/sources/protocols/ldap/index", + "users-sources/sources/protocols/oauth/index", + "users-sources/sources/protocols/saml/index", + "users-sources/sources/protocols/scim/index", + ], + }, + { + type: "category", + label: "Source Property Mappings", + link: { + type: "doc", + id: "users-sources/sources/property-mappings/index", + }, + items: [ + "users-sources/sources/property-mappings/expressions", + ], + }, + { + type: "category", + label: "Directory synchronization", + items: [ + "users-sources/sources/directory-sync/active-directory/index", + "users-sources/sources/directory-sync/freeipa/index", + ], + }, + { + type: "category", + label: "Social Logins", + items: [ + "users-sources/sources/social-logins/apple/index", + "users-sources/sources/social-logins/azure-ad/index", + "users-sources/sources/social-logins/discord/index", + "users-sources/sources/social-logins/facebook/index", + "users-sources/sources/social-logins/github/index", + "users-sources/sources/social-logins/google/index", + "users-sources/sources/social-logins/mailcow/index", + "users-sources/sources/social-logins/twitch/index", + "users-sources/sources/social-logins/plex/index", + "users-sources/sources/social-logins/twitter/index", + ], + }, ], }, ], }, { type: "category", - label: "Release Notes", - link: { - type: "generated-index", - title: "Releases", - slug: "releases", - description: "Release Notes for recent authentik versions", - }, + label: "System Management", + collapsed: true, items: [ - "releases/2024/v2024.8", - "releases/2024/v2024.6", - "releases/2024/v2024.4", { type: "category", - label: "Previous versions", + label: "Operations", + collapsed: true, + items: ["sys-mgmt/ops/monitoring"], + }, + { + type: "category", + label: "Events", + collapsed: true, + link: { + type: "doc", + id: "sys-mgmt/events/index", + }, items: [ - "releases/2024/v2024.2", - "releases/2023/v2023.10", - "releases/2023/v2023.8", - "releases/2023/v2023.6", - "releases/2023/v2023.5", - "releases/2023/v2023.4", - "releases/2023/v2023.3", - "releases/2023/v2023.2", - "releases/2023/v2023.1", - "releases/2022/v2022.12", - "releases/2022/v2022.11", - "releases/2022/v2022.10", - "releases/2022/v2022.9", - "releases/2022/v2022.8", - "releases/2022/v2022.7", - "releases/2022/v2022.6", - "releases/2022/v2022.5", - "releases/2022/v2022.4", - "releases/2022/v2022.2", - "releases/2022/v2022.1", - "releases/2021/v2021.12", - "releases/2021/v2021.10", - "releases/2021/v2021.9", - "releases/2021/v2021.8", - "releases/2021/v2021.7", - "releases/2021/v2021.6", - "releases/2021/v2021.5", - "releases/2021/v2021.4", - "releases/2021/v2021.3", - "releases/2021/v2021.2", - "releases/2021/v2021.1", - "releases/old/v0.14", - "releases/old/v0.13", - "releases/old/v0.12", - "releases/old/v0.11", - "releases/old/v0.10", - "releases/old/v0.9", + "sys-mgmt/events/notifications", + "sys-mgmt/events/transports", + ], + }, + "sys-mgmt/certificates", + "sys-mgmt/settings", + ], + }, + { + type: "category", + label: "Developer Documentation", + collapsed: true, + link: { + type: "doc", + id: "developer-docs/index", + }, + items: [ + { + type: "category", + label: "Setup", + items: [ + "developer-docs/setup/full-dev-environment", + "developer-docs/setup/frontend-dev-environment", + "developer-docs/setup/website-dev-environment", + ], + }, + { + type: "category", + label: "API", + link: { + type: "doc", + id: "developer-docs/api/api", + }, + items: [ + "developer-docs/api/flow-executor", + "developer-docs/api/making-schema-changes", + "developer-docs/api/websocket", + { + type: "category", + label: "Reference", + items: apiReference, + }, + "developer-docs/api/clients", + ], + }, + { + type: "category", + label: "Writing documentation", + link: { + type: "doc", + id: "developer-docs/docs/writing-documentation", + }, + items: [ + "developer-docs/docs/style-guide", + { + type: "category", + label: "Templates", + link: { + type: "doc", + id: "developer-docs/docs/templates/index", + }, + items: [ + "developer-docs/docs/templates/procedural", + "developer-docs/docs/templates/conceptual", + "developer-docs/docs/templates/reference", + "developer-docs/docs/templates/combo", + ], + }, + ], + }, + { + type: "doc", + id: "developer-docs/releases/index", + }, + "developer-docs/translation", + ], + }, + { + type: "category", + label: "Security", + collapsed: true, + link: { + type: "generated-index", + title: "Security", + slug: "security", + }, + items: [ + "security/policy", + "security/security-hardening", + { + type: "category", + label: "Audits and Certificates", + items: ["security/audits-and-certs/2023-06-cure53"], + }, + { + type: "category", + label: "CVEs", + items: [ + "security/cves/CVE-2024-47077", + "security/cves/CVE-2024-47070", + "security/cves/CVE-2024-38371", + "security/cves/CVE-2024-37905", + "security/cves/CVE-2024-23647", + "security/cves/CVE-2024-21637", + "security/cves/CVE-2023-48228", + "security/cves/GHSA-rjvp-29xq-f62w", + "security/cves/CVE-2023-39522", + "security/cves/CVE-2023-36456", + "security/cves/CVE-2023-26481", + "security/cves/CVE-2022-23555", + "security/cves/CVE-2022-46145", + "security/cves/CVE-2022-46172", ], }, ], @@ -512,35 +649,62 @@ const docsSidebar = { }, { type: "category", - label: "Security", + label: "Release Notes", link: { type: "generated-index", - title: "Security", - slug: "security", + title: "Releases", + slug: "releases", + description: "Release Notes for recent authentik versions", }, items: [ - "security/security-hardening", - "security/policy", - "security/CVE-2024-47077", - "security/CVE-2024-47070", - "security/CVE-2024-42490", - "security/CVE-2024-38371", - "security/CVE-2024-37905", - "security/CVE-2024-23647", - "security/CVE-2024-21637", - "security/CVE-2023-48228", - "security/GHSA-rjvp-29xq-f62w", - "security/CVE-2023-39522", - "security/CVE-2023-36456", - "security/2023-06-cure53", - "security/CVE-2023-26481", - "security/CVE-2022-23555", - "security/CVE-2022-46145", - "security/CVE-2022-46172", + "releases/2024/v2024.6", + "releases/2024/v2024.4", + "releases/2024/v2024.2", + { + type: "category", + label: "Previous versions", + items: [ + "releases/2023/v2023.10", + "releases/2023/v2023.8", + "releases/2023/v2023.6", + "releases/2023/v2023.5", + "releases/2023/v2023.4", + "releases/2023/v2023.3", + "releases/2023/v2023.2", + "releases/2023/v2023.1", + "releases/2022/v2022.12", + "releases/2022/v2022.11", + "releases/2022/v2022.10", + "releases/2022/v2022.9", + "releases/2022/v2022.8", + "releases/2022/v2022.7", + "releases/2022/v2022.6", + "releases/2022/v2022.5", + "releases/2022/v2022.4", + "releases/2022/v2022.2", + "releases/2022/v2022.1", + "releases/2021/v2021.12", + "releases/2021/v2021.10", + "releases/2021/v2021.9", + "releases/2021/v2021.8", + "releases/2021/v2021.7", + "releases/2021/v2021.6", + "releases/2021/v2021.5", + "releases/2021/v2021.4", + "releases/2021/v2021.3", + "releases/2021/v2021.2", + "releases/2021/v2021.1", + "releases/old/v0.14", + "releases/old/v0.13", + "releases/old/v0.12", + "releases/old/v0.11", + "releases/old/v0.10", + "releases/old/v0.9", + ], + }, ], }, ], }; - docsSidebar.docs[0].value = generateVersionDropdown(docsSidebar); module.exports = docsSidebar; diff --git a/website/sidebarsDev.js b/website/sidebarsDev.js deleted file mode 100644 index 8e1e8166d6..0000000000 --- a/website/sidebarsDev.js +++ /dev/null @@ -1,106 +0,0 @@ -const docsSidebar = require("./sidebars.js"); -const generateVersionDropdown = - require("./src/utils.js").generateVersionDropdown; -const apiReference = require("./developer-docs/api/reference/sidebar"); - -module.exports = { - docs: [ - { - type: "html", - value: generateVersionDropdown(docsSidebar), - }, - { - type: "doc", - id: "index", - }, - { - type: "category", - label: "Blueprints", - link: { - type: "doc", - id: "blueprints/index", - }, - items: [ - "blueprints/export", - "blueprints/v1/structure", - "blueprints/v1/tags", - "blueprints/v1/example", - { - type: "category", - label: "Models", - link: { - type: "doc", - id: "blueprints/v1/models", - }, - items: ["blueprints/v1/meta"], - }, - ], - }, - { - type: "category", - label: "API", - link: { - type: "doc", - id: "api/api", - }, - items: [ - "api/flow-executor", - "api/making-schema-changes", - "api/websocket", - { - type: "category", - label: "Reference", - items: apiReference, - }, - "api/clients", - ], - }, - { - type: "category", - label: "Setup", - items: [ - "setup/full-dev-environment", - "setup/frontend-dev-environment", - "setup/website-dev-environment", - ], - }, - { - type: "doc", - id: "translation", - }, - { - type: "category", - label: "Writing documentation", - link: { - type: "doc", - id: "docs/writing-documentation", - }, - items: [ - "docs/style-guide", - { - type: "category", - label: "Templates", - link: { - type: "doc", - id: "docs/templates/index", - }, - items: [ - "docs/templates/procedural", - "docs/templates/conceptual", - "docs/templates/reference", - "docs/templates/combo", - ], - }, - ], - }, - { - type: "doc", - id: "releases/index", - }, - { - type: "category", - label: "Community Events", - items: ["hackathon/index"], - }, - ], -}; diff --git a/website/sidebarsIntegrations.js b/website/sidebarsIntegrations.js index 7faee66f55..abef921ac2 100644 --- a/website/sidebarsIntegrations.js +++ b/website/sidebarsIntegrations.js @@ -1,13 +1,5 @@ -const docsSidebar = require("./sidebars.js"); -const generateVersionDropdown = - require("./src/utils.js").generateVersionDropdown; - module.exports = { integrations: [ - { - type: "html", - value: generateVersionDropdown(docsSidebar), - }, { type: "doc", id: "index",