habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

website: format docs with prettier (#2833)

Browse Source 
* run prettier

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add scim to comparison

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L
2022-05-09 21:22:41 +02:00
committed by GitHub
parent 26d92d9259
commit f9469e3f99
148 changed files with 3447 additions and 3107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
website/docs/core/applications.md
View File

@ -9,42 +9,41 @@ Applications are used to configure and separate the authorization / access contr
## Authorization
Application access can be configured using (Policy) Bindings. Click on an application in the applications list, and select the *Policy / Group / User Bindings* tab. There you can bind users/groups/policies to grant them access. When nothing is bound, everyone has access. You can use this to grant access to one or multiple users/groups, or dynamically give access using policies.
Application access can be configured using (Policy) Bindings. Click on an application in the applications list, and select the _Policy / Group / User Bindings_ tab. There you can bind users/groups/policies to grant them access. When nothing is bound, everyone has access. You can use this to grant access to one or multiple users/groups, or dynamically give access using policies.
By default, all users can access applications when no policies are bound.
When multiple policies/groups/users are attached, you can configure the *Policy engine mode* to either
When multiple policies/groups/users are attached, you can configure the _Policy engine mode_ to either
- Require users to pass all bindings/be member of all groups (ALL), or
- Require users to pass either binding/be member of either group (ANY)
- Require users to pass all bindings/be member of all groups (ALL), or
- Require users to pass either binding/be member of either group (ANY)
## Appearance
The following aspects can be configured:
- *Name*: This is the name shown for the application card
- *Launch URL*: The URL that is opened when a user clicks on the application. When left empty, authentik tries to guess it based on the provider
- _Name_: This is the name shown for the application card
- _Launch URL_: The URL that is opened when a user clicks on the application. When left empty, authentik tries to guess it based on the provider
Starting with authentik 2022.2, you can use placeholders in the launch url to build them dynamically based on logged in user. For example, you can set the Launch URL to `https://goauthentik.io/%(username)s`, which will be replaced with the currently logged in user's username.
- *Icon (URL)*: Optionally configure an Icon for the application
- _Icon (URL)_: Optionally configure an Icon for the application
If the authentik server does not have a volume mounted under `/media`, you'll get a text input. This accepts absolute URLs. If you've mounted single files into the container, you can reference them using `https://authentik.company/media/my-file.png`.
If there is a mount under `/media`, you'll instead see a field to upload a file.
- *Publisher*: Text shown below the application
- *Description*: Subtext shown on the application card below the publisher
- _Publisher_: Text shown below the application
- _Description_: Subtext shown on the application card below the publisher
Applications are shown to users when
- The user has access defined via policies (or the application has no policies bound)
- A Valid Launch URL is configured/could be guessed, this consists of URLs starting with http:// and https://
- The user has access defined via policies (or the application has no policies bound)
- A Valid Launch URL is configured/could be guessed, this consists of URLs starting with http:// and https://
#### Hiding applications
To hide applications without modifying policy settings and without removing it, you can simply set the *Launch URL* to `blank://blank`, which will hide the application from users.
To hide applications without modifying policy settings and without removing it, you can simply set the _Launch URL_ to `blank://blank`, which will hide the application from users.
Keep in mind, the users still have access, so they can still authorize access when the login process is started from the application.