habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
47206d33284a6ffc848924b55223bc5d6661841c
authentik/website/docs/add-secure-apps/providers/rac/how-to-rac.md
Tana M Berry 6d5172d18a website: latest PR for new Docs structure (#11639) 
* first pass

* dependency shenanigans

* move blueprints

* few broken links

* change config the throw errors

* internal file edits

* fighting links

* remove sidebarDev

* fix subdomain

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix relative URL

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix mismatched package versions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix api reference build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test tweak

* links hell

* more links hell

* links hell2

* yep last of the links

* last broken link fixed

* re-add cves

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add devdocs redirects

* add dir

* tweak netlify.toml

* move latest 2 CVES into dir

* fix links to moved cves

* typoed title fix

* fix link

* remove banner

* remove committed api docs

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* integrations: remove version dropdown

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update Makefile

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* change doc links in web as well

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix some more docs paths

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix more docs paths

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* ci: require ci-web.build for merging

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Revert "ci: require ci-web.build for merging"

This reverts commit b99a4842a9.

* remove sluf for Application

* put slug back in

* minor fix to trigger deploy

* Spelled out Documentation in menu bar

* remove image redirects...

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove explicit index.md

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove mdx first

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* then remove .md

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add missing prefix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2024-10-09 09:33:40 -05:00

4.7 KiB
Raw Blame History

title
title
Create a Remote Access Control (RAC) provider

:::info This feature is in technical preview, so please report any bugs on GitHub. :::

The RAC provider is a highly flexible feature for accessing remote machines. This document provides instructions for the basic creation and configuration of a RAC provider within a defined scenario.

Fow more information about using a RAC provider, see the Overview documentation. You can also view our video on YouTube for setting up RAC.

Prereqisites

The RAC provider requires the deployment of the RAC Outpost.

Overview workflow to create a RAC provider

The typical workflow to create and configure a RAC provider is to 1. create app/provider, 2. create property mappings (that define the access credentials to each remote machine), 3. create an endpoint for each remote machine you want to connect to.

Depending on whether you are connecting using RDP, SSH, or VNC, the exact configuration choices might differ, but the overall workflow applies to all RAC connections.

Step 1. Create an application and RAC provider

The first step is to create the RAC app and provider.

  1. Log in as an admin to authentik, and go to the Admin interface.

  2. In the Admin interface, navigate to Applications -> Applications.

  3. Click Create with Wizard. Follow the instructions to create your RAC application and provider.

Step 2. Create RAC property mapping

Next, you need to add a property mapping for each of the remote machines you want to access. Property mappings allow you to pass information to external applications, and with RAC they are used to pass the host name, IP address, and access credentials for the remote machines.

  1. In the Admin interface, navigate to Customization -> Property Mappings.

  2. On the Property Mappings page, click Create.

  3. On the New property mapping modal, set the following:

    • Select Type: RAC Property Mappings
    • Create RAC Property Mapping:
      • Names: define a name for the property mapping, perhaps include the type of connection (RDP, SSH, VNC)
      • General settings:
        • Username: the username for the remote machine
        • Password: the password for the remote machine
      • RDP settings:
        • **Ignore server certificate: select **Enabled** (Depending on the setup of your RDP Server, it might be required to enable this setting.)
        • Enable wallpaper: optional
        • Enable font smoothing: optional
        • Enable full window dragging: optional
      • Advanced settings:
        • Expressions: optional, using Python you can define custom expressions.

  4. Click Finish to save your settings and close the modal.

Step 3. Create Endpoints for the Provider

Finally, you need to create an endpoint for each remote machine. Endpoints are defined within providers; connections between the remote machine and authentik are enabled through communication between the provider's endpoint and the remote machine.

  1. In the Admin interface navigate to Applications -> Providers.

  2. Select the RAC provider you created in Step 1 above.

  3. On the Provider page, under Endpoints, click Create.

  4. On the Create Endpoint modal, provide the following settings:

    • Name: define a name for the endpoint, perhaps include the type of connection (RDP, SSH, VNC)
    • Protocol: select the appropriate protocol
    • Host: the host name or IP address of the system you are connecting to.
    • Maximum concurrent connections: select a value or use -1 to disable the limitation.
    • Property mapping: select either the property mapping that you created in Step 2, or use one of the default settings.
    • Advance settings: optional

  5. Click Create to save your settings and close the modal.

Access the remote machine

To verify your configuration and access the remote machine, go to the User interface of your authentik instance. On the My applications page click the Remote Access application. authentik connects you to a secure shell on the remote machine, in your web browser.

If you defined multiple endpoints, they are each displayed; click the endpoint for the remote machine that you want to access.