habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3f788e7abef37f108e6fb2f76aee66bb9bca718f
authentik/website/integrations/services/firezone/index.md
dependabot[bot] 3996bdac33 website: Bump prettier from 3.3.3 to 3.4.1 in /website (#12205) 
* website: Bump prettier from 3.3.3 to 3.4.1 in /website

Bumps [prettier](https://github.com/prettier/prettier) from 3.3.3 to 3.4.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.3.3...3.4.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update formatting

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sigh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* disable flaky test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2024-11-27 15:14:19 +01:00

61 lines
2.3 KiB
Markdown
Raw Blame History

---
title: Integrate with Firezone
sidebar_label: Firezone
---
# Firezone
<span class="badge badge--secondary">Support level: Community</span>
## What is Firezone
> Firezone is an open-source remote access platform built on WireGuard®, a modern VPN protocol that's 4-6x faster than OpenVPN.
>
> -- https://www.firezone.dev
## Preparation
The following placeholders will be used:
- `firezone.company` is the FQDN of the Firezone install.
- `authentik` is the unique ID used to generate logins for this provider.
- `authentik.company` is the FQDN of the authentik install.
Create an OAuth2/OpenID provider with the following parameters:
- Client type: `Confidential`
- Redirect URIs/Origins: `Redirect URI from Firezone Config`
- Signing Key: `<Select your certificate>`
- Click: `Finish`
Note the Client ID and Client Secret value. Create an application using the provider you've created above.
## Firezone Config
- Click _Security_ under Settings
- Under _Single Sign-On_, click on _Add OpenID Connect Provider_
- Config ID: `authentik`
- Label: `Text to display on the Login button`
- Scope: `(leave default of "openid email profile")`
- Response type: `(leave default of 'code')
- Client ID: `Taken from Authentik Provider Config`
- Client Secret: `Taken from Authentik Provider Config`
- Discovery Document URI: `OpenID Configuration URL from Authentik`
- Redirect URI: `https://firezone.company/auth/oidc/<ConfigID>/callback/`
:::note
You should be able to leave the default Rediret URL
:::
- Auto-create Users: Enabled in order to automatically provision users when signing in the first time.
- Click _Save_,
Although local authentication is quick and easy to get started with, you can limit attack surface by disabling local authentication altogether. For production deployments it's usually a good idea to disable local authentication and enforce MFA through authentik.
:::info
In case something goes wrong with the configuration, you can temporarily re-enable local authentication via the REST API or by following instructions from https://www.firezone.dev/docs/administer/troubleshoot/#re-enable-local-authentication-via-cli.
:::
## Additional Resources
- https://www.firezone.dev/docs/authenticate/oidc/
- https://www.firezone.dev/docs/administer/troubleshoot/#re-enable-local-authentication-via-cli
Reference in New Issue View Git Blame Copy Permalink