habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

website: post-split cleanup (#8729)

Browse Source 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
2024-02-28 15:05:17 +01:00
committed by GitHub
parent ed4154e62d
commit feef105acf
8 changed files with 42 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
website/blog/2024-02-20-release-2024-2-is-here/2024.2-release-blog.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.0 MiB

102
website/blog/2024-02-20-release-2024-2-is-here/item.md
View File

@ -1,102 +0,0 @@
---
title: "Remote Access, Audit Log, and a new App Wizard: release 2024.2 is here!"
description: "The latest release of authentik, by Authentik Security, Inc., includes major new features such as remote access and audit logging, plus many DX and UX enhancements."
slug: 2024-02-20-release-2024-2-is-here
authors:
- name: Jens Langhammer
title: CTO at Authentik Security Inc
url: https://github.com/BeryJu
image_url: https://github.com/BeryJu.png
tags:
- authentik
- open source
- new features
- remote access
- audit logs
- AAWS S3 storage
- system tasks
- GeoIP
- identity provider
- authentication
- Authentik Security
hide_table_of_contents: false
image: ./2024.2-release-blog.png
---
> **_authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a [public benefit company](https://github.com/OpenCoreVentures/ocv-public-benefit-company/blob/main/ocv-public-benefit-company-charter.md) building on top of the open source project._**
---
We are happy to announce that 2024 is starting off great, with our first release of the year chock full of new features. Take a look at the new features and functionality included in the release, check out the [Release Notes](https://goauthentik.io/docs/releases/2024.2) for more details and upgrade instructions, and enjoy the new features!
![graphic of release highlights](./2024.2-release-blog.png)
We confess we are possibly the most excited about this release than any in a while, with some new Admin-level capabilities, enhanced functionality for developers (our DX game is heating up!), and some great UX/usability and customization enhancements.
Lets start with some of the big features, the ones that kept us busy over the holidays and into the new year.
<!--truncate-->
### **Remote Access Control** (Enterprise)
The Remote Access Control provider allows you to remotely connect to other machines over RDP, SSH and VNC through authentik. With the RAC provider, we kept implementation consistent with our other providers; you use the same policy engine and customization options that are possible with other providers and use the same user and admin interface.
Typical use cases for remote access include being able to access a legacy application on a Windows VM, access an application that isnt web-based, or give people access to a machine that does not have direct network access.
### Create new apps (and providers!) with an easy Wizard (Preview)
We are very happy to announce our new App Wizard. It's still in Preview, so please send us your feedback!
Gone are the days when you started to create a new application, then realized you needed to first go create a provider (a means of authentication against a remote application), then back to the app to finish up… now the steps for creating both a new app and a new provider are managed by the wizard; easy-peasy. We know this was a too-many-hoops hurdle for some new users, so our new App wizard is a new feature that we are particularly pleased to release. Be sure to check out our [YouTube video](https://www.youtube.com/watch?v=broUAWrIWDI) covering the wizard!
### Audit logging now with field-level changes (Enterprise)
Audit all changes made to models, including which fields were changed with previous and new values of the fields. The values are censored if they are sensitive (for example a password hash), however a hash of the changed value will still be logged.
### Improve security through automated session binding
Sessions for any users can now be bound to a specific geolocation (Continent, Country, City) or network (Autonomous System, subnet, IP address). If the session is accessed from a location/network that is different than that from which it was initially created, the session will be terminated.
## Sure, there are some breaking changes
For the first release of the year, we purposefully included several changes that are required for future product growth, some of which might require manual changes to your system configurations. Be sure to refer to the [Release Notes](https://goauthentik.io/docs/releases/2024.2) for instructions about any actions you might need to take. In general, we strive to reduce the number of breaking changes, and to always be transparent about the actions needed and the reasons for the changes. Please be sure to reach out to us via email to hello@goauthentik.io, or in [GitHub](https://github.com/goauthentik/authentik) or [Discord](https://discord.com/channels/809154715984199690/809154716507963434) with any questions and feedback!
### Tenants renamed to brands
Perhaps the biggest change is that _tenants_ (which were previously used to change branding configuration, default flows, and several other settings) have been renamed to *brands*. The term "Brands" more accurately reflect their usage; to configure branding, logos, colors, and overall login flow behavior. For more information, refer to the [Release Notes](https://goauthentik.io/docs/releases/2024.2) and to our documentation for _brands_.
### Helm chart breaking changes
The Helm Chart used for running authentik in Kubernetes has a number of breaking changes. Find out more in the [chart release notes](https://github.com/goauthentik/helm/releases/tag/authentik-2024.2.0).
## More new functionality, DX, and UX enhancements
Release 2024.2 contains even more; the following additional enhancements will make running and operating authentik even more valuable, no matter your role.
- ### AWS S3 file storage
Media files can now be stored on AWS S3. To learn more and get started with using S3, follow the [setup guide](https://goauthentik.io/docs/installation/storage-s3).
- ### *Pretend user exists* option for Identification stage
Previously the Identification stage would only continue if a user matching the user identifier exists. While this was the intended functionality, this release adds an option to continue to the next stage even if no matching user was found. "Pretend" users can neither authenticate nor receive emails, and don't exist in the database.
- ### Flows can now be restricted to outposts
You can now configure a flow to restrict its use, using the flows **Require Outpost** setting. This capability is mainly used for LDAP flows.
- ### Admin can see all of a users apps
A new tab on the **User** details page now displays all applications to which the user has access. From the list of applications, the admin can drill down into a specific app and see details about the app, including a changelog of app modifications, any bindings, and the permissions on the app.
- ### View Event volume with a new graph
Another UX improvement that we are really pleased with is the new graph showing the volume of events over the past 7 days. With a quick glance at the **Event Log** page, admins can spot anomalies in event volume and then dig deeper.
- ### Keep a closer eye on your System Tasks
You can now search through system tasks, and view task start time and duration calculation as well as the status (Successful!).
## Happy upgrading and authenticating!
There are even more capabilities and enhancements beyond what we covered here in this post, so be sure to read the [Release Notes](https://goauthentik.io/docs/releases/2024.2) for version 2024.2, and as always, let us know your thoughts.

BIN
website/blog/2024-02-22-my-first-week-as-CEO-at-Authentik-Security/brand-top-bigger.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 40 KiB

58
website/blog/2024-02-22-my-first-week-as-CEO-at-Authentik-Security/item.md
View File

@ -1,58 +0,0 @@
---
title: "My first week as CEO at Authentik Security"
description: "Fletcher Heisler's first week as the CEO at Authentik Security, and his experience with getting authentik up and running using Docker Compose."
slug: 2024-02-22-my-first-week-as-ceo-at-authentik-security
authors:
- name: Fletcher Heisler
title: CEO at Authentik Security Inc
url: https://www.linkedin.com/in/fheisler/
image_url: http://tinyurl.com/3wbafajf
tags:
- authentik
- access management
- open source
- Python
- Django
- CEO
- identity provider
- authentication
- Authentik Security
hide_table_of_contents: false
image: ./brand-top-bigger.png
---
> **_authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a [public benefit company](https://github.com/OpenCoreVentures/ocv-public-benefit-company/blob/main/ocv-public-benefit-company-charter.md) building on top of the open source project._**
---
Hello world! I'm excited to be joining Authentik Security as CEO. I wanted to take this opportunity to share the experience of my first week with the community and a bit about my background.
At the start of my very first "official" day on the job, I got an overview of the various applications we use from Jens, our founder and CTO. If you have ever been through a company onboarding process, you know that it might take a few days up to a couple weeks to get access to everything, sometimes even longer. In a small and agile startup, that might be as little as a day if you're lucky.
<!--truncate-->
_While on our first call_, in the first few minutes, Jens provisioned me as a new user to our own internal authentik instance. I logged in, added MFA, and _within one minute_ I had access to all of the applications I needed to dive in. It's always good to [dogfood](https://en.wikipedia.org/wiki/Eating_your_own_dog_food) your own products, and even better when those products help you get your own work done faster! Onboarding new employees might seem like a specific edge case for an SSO, but it's a great example of how having a flexible identity platform in place can make a broad set of day-to-day chores so much easier.
My next step was to spin up my own local authentik instance. I don't plan on contributing code every day, but I did want to start learning my way around the internals of the application. Especially at a startup, this often this involves a lot of back-and-forth with a developer or two, a couple days of gathering up necessary keys, managing dependency conflicts, deciphering outdated documentation, etc...
I went to our [docs](https://goauthentik.io/docs/installation/docker-compose). I had [Docker Desktop](https://www.docker.com/products/docker-desktop/). I pulled our Docker Compose file. I added a password and secret key to a `.env`. I spun up the image. Ta da! A working instance ready to go, in about three minutes total.
Containerized apps are nothing new, but packaging alone can only take a project so far in helping new users to get started. Jens and the team have made careful decisions and thoughtful choices about our technology, along with how it's organized and documented, that manage to make a very complex product very straightforward in its use.
> The ease with which I was able to dive in is a direct reflection of our mission: **make authentication simple**.
The choice of Python and Django for building the backend of authentik was another sign to me that Jens and the team are focused on **making authentication simple** by building the best platform for the job. A long while back, I founded [Real Python](https://realpython.com/), a set of online resources and community for Python developers. And while I don't think there's only ever one tool for the job, I have a longstanding belief in Python's ability to be a good tool for most jobs! Python is by far the [most popular programming language in the world](https://www.tiobe.com/tiobe-index/). It allows us to move fast, and it helps make contributing to the platform as accessible as possible for the broadest set of developers.
I am also a big believer in the power of open source, so the fact of Authentik Security being formed as a [public benefit company](https://opencoreventures.com/blog/2022-11-introducing-authentik-security/) was a major positive to me. A company, culture, and technology that is open by default has so many inherent advantages. Most of our users get to benefit from a fully featured, completely free version of authentik. We in turn get the benefit of feedback, word of mouth, and code contributions from our amazing community.
The confidential source code for both of Okta's main products was stolen in [separate](https://www.bleepingcomputer.com/news/security/auth0-warns-that-some-source-code-repos-may-have-been-stolen/) [incidents](https://www.bleepingcomputer.com/news/security/oktas-source-code-stolen-after-github-repositories-hacked/), which now means that while their customers don't get to know the details of how these proprietary systems work, potential attackers can now review the code at length for flaws and vulnerabilities. Imagine relying on other security-critical applications in this context; would you use a cryptography library that could only be reviewed by adversaries?
By contrast, since all of our application code is open (even the paid Enterprise features are [source available](https://en.wikipedia.org/wiki/Source-available_software)), our users can freely inspect how we go about prioritizing their security in the platform. This means that we have the continuous benefit of review, suggestions, and direct contributions from experts across our community. It also means that our users can make their own modifications to the existing code to suit their custom needs.
I also believe in helping fix broken systems - and we all know that there is a lot to be fixed in the world of security! I previously created Hunter2 (now Veracode Security Labs), a security training platform where developers get hands-on practice hacking and patching real applications. This was a big step forward for the industry, when the most common alternative was to watch a series of boring videos about SQL injection once a year and consider "training" complete.
Right now, authentication as a whole is a series of broken and often frustrating systems, patched together with custom code that's impossible to maintain. Authentik Security has already been building the groundwork for the past few years to help replace these fragile, fragmented setups with a single, simple identity solution, and the community has shown that it's eager to join us as we scale up our efforts.
[![graph showing rising number of GitHub Stars given to authentik](./star-history-authentik.png)](https://star-history.com/#goauthentik/authentik&Date)
Authentik Security can help pave the way to make it simple for anyone to implement identity and access management, from an individual developer with a hobby project to a Fortune 100 company with a 100,000-employee rollout. I'm looking forward to being a part of this journey, and want to hear from you, the community, about how we can best support you: reach out through email to [hello@goauthentik.io](mailto:hello@goauthentik.io) or on [Discord](https://discord.com/channels/809154715984199690/809154716507963434) or [GitHub](https://github.com/goauthentik/authentik).

BIN
website/blog/2024-02-22-my-first-week-as-CEO-at-Authentik-Security/star-history-authentik.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 63 KiB

7
website/docusaurus.config.ts
View File

@ -20,6 +20,8 @@ module.exports = async function (): Promise<Config> {
logo: {
alt: "authentik logo",
src: "img/icon_left_brand.svg",
href: "https://goauthentik.io/",
target: "_self",
},
items: [
{
@ -110,11 +112,6 @@ module.exports = async function (): Promise<Config> {
theme: {
customCss: require.resolve("./src/css/custom.css"),
},
blog: {
showReadingTime: true,
blogSidebarTitle: "All our posts",
blogSidebarCount: "ALL",
},
} satisfies Preset.Options,
],
[

40
website/netlify.toml Normal file
View File

@ -0,0 +1,40 @@
[[redirects]]
from = "/blog/*"
to = "https://goauthentik.io/blog/:splat"
# Migration from docs to separate directory
[[redirects]]
from = "/docs/integrations/*"
to = "/integrations/:splat"
# Docusaurus update removes index
[[redirects]]
from = "/docs/:firstPart/index"
to = "/docs/:firstPart/"
status = 301
force = true
[[redirects]]
from = "/docs/:firstPart/:secondPart/index"
to = "/docs/:firstPart/:secondPart/"
status = 301
force = true
[[redirects]]
from = "/integrations/:firstPart/index"
to = "/integrations/:firstPart/"
status = 301
force = true
[[redirects]]
from = "/integrations/:firstPart/:secondPart/index"
to = "/integrations/:firstPart/:secondPart/"
status = 301
force = true
[[headers]]
for = "/*"
[headers.values]
X-Frame-Options = "DENY"
[dev]
command = "npm run watch"
targetPort = 3000
publish = "build"

18
website/src/css/custom.css
View File

@ -37,24 +37,6 @@
stroke: var(--white);
}
.hero--primary {
background: radial-gradient(
circle,
rgba(47, 6, 75, 1) 0%,
var(--ifm-color-primary) 50%
);
padding-bottom: 5.3rem !important;
/* fix aliasing at the edge */
-webkit-backface-visibility: hidden;
backface-visibility: hidden;
-webkit-clip-path: polygon(0 0, 100% 0, 100% 100%, 0 calc(100% - 3vw));
clip-path: polygon(0 0, 100% 0, 100% 100%, 0 calc(100% - 3vw));
}
.before-after-slider img {
max-width: none;
}
.header-github-link:hover {
opacity: 0.6;
}