habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed wording and updated property mappings

Browse Source
This commit is contained in:
Dewi Roberts
2025-05-09 16:10:11 +01:00
parent 34aa2b7829
commit e20fddaf79
1 changed files with 27 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
website/integrations/services/ironclad/index.mdx
View File

@ -24,31 +24,39 @@ This documentation lists only the settings that you need to change from their de
To support the integration of Ironclad with authentik, you need to create a property mapping, and an application/provider pair in authentik. To support the integration of Ironclad with authentik, you need to create a property mapping, and an application/provider pair in authentik.
### Create a property mapping ### Create property mappings
Ironclad requires a first and last name for each user. By default authentik only provides a full name, as a single string value. Therefore you need to create a property mapping to provide first and last names to Ironclad. Ironclad requires a first and last name for each user. By default authentik only provides a full name, as a single string value. Therefore you need to create property mappings to provide first and last names to Ironclad.
1. Log in to authentik as an admin, and open the authentik Admin interface. 1. Log in to authentik as an admin, and open the authentik Admin interface.
2. Navigate to **Customization** > **Property Mappings** and click **Create**. 2. Navigate to **Customization** > **Property Mappings** and click **Create**.
- **Select type**: select **Scope Mapping** as the property mapping type. - **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
- **Configure the Scope Mapping**: Provide a descriptive name (e.g. `Ironclad Profile Scope`), and an optional description. - **Configure the SAML Provider Property Mapping**:
- **Scope name**: `profile` - **Name**: `givenname`
- **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`
- **Expression**: - **Expression**:
```python showLineNumbers ```python
return { return request.user.name.rsplit(" ", 1)[0]
"name": request.user.name, ```
"preferred_username": request.user.username,
"nickname": request.user.username,
"groups": [group.name for group in request.user.ak_groups.all()],
"last_name": request.user.name.rsplit(" ", 1)[-1],
"first_name": request.user.name.rsplit(" ", 1)[0],
}
```
3. Click **Finish** to save the property mapping. 3. Click **Finish** to save the property mapping.
4. Click **Create**.
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
- **Configure the SAML Provider Property Mapping**:
- **Name**: `familyname`
- **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`
- **Expression**:
```python
return request.user.name.rsplit(" ", 1)[-1]
```
5. Click **Finish** to save the property mapping.
### Create an application and provider in authentik ### Create an application and provider in authentik
@ -60,18 +68,17 @@ Ironclad requires a first and last name for each user. By default authentik only
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Temporarily set the **ACS URL** to `https://temp.temp` - Temporarily set the **ACS URL** to `https://temp.temp`
- Set the **Audience** to `https://ironcladapp.com` - Set the **Audience** to `ironcladapp.com`
- Under **Advanced protocol settings**: - Under **Advanced protocol settings**:
- Set an available signing certificate. - Set an available signing certificate.
- **Scopes**: - **Property mappings**:
- Remove `authentik default OAuth Mapping: OpenID 'profile'` from **Selected Scopes**. - Add the `givenname` and `familyname` property mappings that you created in the previous section to **Selected User Property Mappings**.
- Add the scope that you created in the previous section (e.g. `Ironclad Profile Scope`) to **Selected Scopes**.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
3. Click **Submit** to save the new application and provider. 3. Click **Submit** to save the new application and provider.
### Download the signing certificate TEMP?? and metadata file ### Download the signing certificate and metadata file
1. Log into authentik as an admin, and open the authentik Admin interface. 1. Log into authentik as an admin, and open the authentik Admin interface.
2. Navigate to **Applications** > **Providers** and click on the name of the newly created Ironclad provider. 2. Navigate to **Applications** > **Providers** and click on the name of the newly created Ironclad provider.