habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed wording and updated property mappings

Browse Source
This commit is contained in:
Dewi Roberts
2025-05-09 16:10:11 +01:00
parent 34aa2b7829
commit e20fddaf79
1 changed files with 27 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
website/integrations/services/ironclad/index.mdx
View File

@ -24,31 +24,39 @@ This documentation lists only the settings that you need to change from their de
To support the integration of Ironclad with authentik, you need to create a property mapping, and an application/provider pair in authentik.
### Create a property mapping
### Create property mappings
Ironclad requires a first and last name for each user. By default authentik only provides a full name, as a single string value. Therefore you need to create a property mapping to provide first and last names to Ironclad.
Ironclad requires a first and last name for each user. By default authentik only provides a full name, as a single string value. Therefore you need to create property mappings to provide first and last names to Ironclad.
1. Log in to authentik as an admin, and open the authentik Admin interface.
2. Navigate to **Customization** > **Property Mappings** and click **Create**.
- **Select type**: select **Scope Mapping** as the property mapping type.
- **Configure the Scope Mapping**: Provide a descriptive name (e.g. `Ironclad Profile Scope`), and an optional description.
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
- **Configure the SAML Provider Property Mapping**:
- **Scope name**: `profile`
- **Name**: `givenname`
- **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`
- **Expression**:
```python showLineNumbers
return {
"name": request.user.name,
"preferred_username": request.user.username,
"nickname": request.user.username,
"groups": [group.name for group in request.user.ak_groups.all()],
"last_name": request.user.name.rsplit(" ", 1)[-1],
"first_name": request.user.name.rsplit(" ", 1)[0],
}
```
```python
return request.user.name.rsplit(" ", 1)[0]
```
3. Click **Finish** to save the property mapping.
4. Click **Create**.
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
- **Configure the SAML Provider Property Mapping**:
- **Name**: `familyname`
- **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`
- **Expression**:
```python
return request.user.name.rsplit(" ", 1)[-1]
```
5. Click **Finish** to save the property mapping.
### Create an application and provider in authentik
@ -60,18 +68,17 @@ Ironclad requires a first and last name for each user. By default authentik only
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Temporarily set the **ACS URL** to `https://temp.temp`
- Set the **Audience** to `https://ironcladapp.com`
- Set the **Audience** to `ironcladapp.com`
- Under **Advanced protocol settings**:
- Set an available signing certificate.
- **Scopes**:
- Remove `authentik default OAuth Mapping: OpenID 'profile'` from **Selected Scopes**.
- Add the scope that you created in the previous section (e.g. `Ironclad Profile Scope`) to **Selected Scopes**.
- **Property mappings**:
- Add the `givenname` and `familyname` property mappings that you created in the previous section to **Selected User Property Mappings**.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
3. Click **Submit** to save the new application and provider.
### Download the signing certificate TEMP?? and metadata file
### Download the signing certificate and metadata file
1. Log into authentik as an admin, and open the authentik Admin interface.
2. Navigate to **Applications** > **Providers** and click on the name of the newly created Ironclad provider.