website/integrations: Add Synology DSM (#8081)

* Added Synology DSM integration * Update website/integrations/services/synology-dsm/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Bob van Mierlo <38190383+bobvmierlo@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Bob van Mierlo <38190383+bobvmierlo@users.noreply.github.com> * Fix unneeded files --------- Signed-off-by: Bob van Mierlo <38190383+bobvmierlo@users.noreply.github.com> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2024-01-26 22:14:51 +01:00
parent dc24db43ff
commit dfc104d8eb
2 changed files with 61 additions and 0 deletions
--- a/website/integrations/services/synology-dsm/index.md
+++ b/website/integrations/services/synology-dsm/index.md
@ -0,0 +1,60 @@
+---
+title: Synology DSM (DiskStation Manager)
+---
+
+<span class="badge badge--secondary">Support level: Community</span>
+
+## What is Synology DSM
+
+> Synology Inc. is a Taiwanese corporation that specializes in network-attached storage (NAS) appliances. Synology's line of NAS is known as the DiskStation for desktop models, FlashStation for all-flash models, and RackStation for rack-mount models. Synology's products are distributed worldwide and localized in several languages.
+>
+> -- https://www.synology.com/en-global/dsm
+
+:::caution
+This is tested with DSM 7.1 or newer.
+:::
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `synology.company` is the FQDN of the Synology DSM server.
+-   `authentik.company` is the FQDN of the authentik install.
+
+## authentik configuration
+
+### Step 1
+
+In the Admin interface of authentik, under _Providers_, create an OAuth2/OpenID provider with these settings:
+
+-   Name: synology
+-   Redirect URI: `https://synology.company/#/signin` (Note the absence of the trailing slash, and the inclusion of the webinterface port)
+-   Signing Key: Select any available key
+-   Subject mode: Based on the Users's Email (Matching on username could work, but not if you have duplicates due to e.g. a LDAP connection)
+-   Take note of the 'Client ID' and 'Client secret'
+
+### Step 2
+
+Create an application which uses this provider. Optionally apply access restrictions to the application.
+
+## Synology DSM configuration
+
+To configure Synology DSM to utilize authentik as an OpenID Connect 1.0 Provider:
+
+1. In the DSM Control Panel, navigate to **Domain/LDAP** -> **SSO Client**.
+2. Check the **Enable OpenID Connect SSO service** checkbox in the **OpenID Connect SSO Service** section.
+3. Configure the following values:
+
+-   Profile: OIDC
+-   Name: authentik
+-   Well Known URL: Copy this from the 'OpenID Configuration URL' in the authentik provider (URL ends with '/.well-known/openid-configuration')
+-   Application ID: The 'Client ID' from the authentik provider
+-   Application Key: The 'Client secret' from the authentik provider
+-   Redirect URL: https://synology.company/#/signin (This should match the 'Redirect URI' in authentik exactly)
+-   Authorization Scope: openid profile email
+-   Username Claim: preferred_username
+-   Save the settings.
+
+## See also:
+
+[Synology DSM SSO Client Documentation](https://kb.synology.com/en-af/DSM/help/DSM/AdminCenter/file_directory_service_sso?version=7)
--- a/website/sidebarsIntegrations.js
+++ b/website/sidebarsIntegrations.js
@ -86,6 +86,7 @@ module.exports = {
                        "services/powerdns-admin/index",
                        "services/proftpd/index",
                        "services/qnap-nas/index",
+                        "services/synology-dsm/index",
                        "services/skyhigh/index",
                        "services/snipe-it/index",
                        "services/sssd/index",