habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
582812b3ec5df24a556f41e76b925647788038e2
authentik/docs/topics/add-secure-apps/providers/proxy/forward_auth.mdx
Teffen Ellis 582812b3ec website: Flesh out docs split. 
website: Copy files during build.

website: Allow for mixed env builds.

website: Reduce build size.

website: Expose build.

website: Add build memory debugging.

WIP: Disable broken links check to compare memory usage.

website: Update deps.

website: Clean up API paths.

website: Flesh out 3.8 fixes.

Format.

website: Update ignore paths.

Website: Clean up integrations build.

website: Fix paths.

website: Optimize remark.

website: Update deps.

website: Format.

website: Remove linking.

website: Fix paths.

wip: Attempt API only build.

Prep.

Migrate render to runtime. Tidy sidebar.

Clean up templates.

docs: Move directory. WIP

docs: Flesh out split.

website: Fix issue where routes have collisions.
2025-07-01 21:53:19 +02:00

41 lines
1.5 KiB
Plaintext
Raw Blame History

---
title: Forward auth
---
Using forward auth uses your existing reverse proxy to do the proxying, and only uses the authentik outpost to check authentication and authorization.
To use forward auth instead of proxying, you have to change a couple of settings.
In the Proxy Provider, make sure to use one of the Forward auth modes.
## Forward auth modes
The only configuration difference between single application mode and domain level mode is the host that you specify.
For single application, you'd use the domain that the application is running on, and only `/outpost.goauthentik.io` is redirected to the outpost.
For domain level, you'd use the same domain as authentik.
### Single application
Single application mode works for a single application hosted on its dedicated subdomain. This has the advantage that you can still do per-application access policies in authentik.
### Domain level
To use forward auth instead of proxying, you have to change a couple of settings.
In the Proxy Provider, make sure to use the _Forward auth (domain level)_ mode.
This mode differs from the _Forward auth (single application)_ mode in the following points:
- You don't have to configure an application in authentik for each domain
- Users don't have to authorize multiple times
There are, however, also some downsides, mainly the fact that you **can't** restrict individual applications to different users.
## Configuration templates
For configuration templates for each web server, refer to the following:
import DocCardList from "@theme/DocCardList";
<DocCardList />
Reference in New Issue View Git Blame Copy Permalink