habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62187e60d4dd0400f8ee5a5ad8449f497d172854
authentik/website/integrations/services/firezone/index.md
4d62 62187e60d4 website: integrations-all: update doc titles to start with "integrate with" (#12775) 
* website: integrations-all: update doc titles to start with "integrate with"

* website/integrations-all: cleanup script

* start ??? will do the rest in a sec

* website/integrations-all: fix broken script

website/integrations-all: fix

website/integrations-all: fix

website/integrations-all: fix

website/integrations-all: fix
2025-01-24 15:04:27 -06:00

2.3 KiB
Raw Blame History

title, sidebar_label
title sidebar_label
Integrate with Firezone Firezone

Integrate with Firezone

Support level: Community

What is Firezone

Firezone is an open-source remote access platform built on WireGuard®, a modern VPN protocol that's 4-6x faster than OpenVPN.

-- https://www.firezone.dev

Preparation

The following placeholders are used in this guide:

  • firezone.company is the FQDN of the Firezone installation.
  • authentik is the unique ID used to generate logins for this provider.
  • authentik.company is the FQDN of the authentik installation.

Create an OAuth2/OpenID provider with the following parameters:

  • Client type: Confidential
  • Redirect URIs/Origins: Redirect URI from Firezone Config
  • Signing Key: <Select your certificate>
  • Click: Finish

Note the Client ID and Client Secret value. Create an application using the provider you've created above.

Firezone Config

  • Click Security under Settings
  • Under Single Sign-On, click on Add OpenID Connect Provider
  • Config ID: authentik
  • Label: Text to display on the Login button
  • Scope: (leave default of "openid email profile")
  • Response type: `(leave default of 'code')
  • Client ID: Taken from Authentik Provider Config
  • Client Secret: Taken from Authentik Provider Config
  • Discovery Document URI: OpenID Configuration URL from Authentik
  • Redirect URI: https://firezone.company/auth/oidc/<ConfigID>/callback/ :::note You should be able to leave the default Rediret URL :::
  • Auto-create Users: Enabled in order to automatically provision users when signing in the first time.
  • Click Save,

Although local authentication is quick and easy to get started with, you can limit attack surface by disabling local authentication altogether. For production deployments it's usually a good idea to disable local authentication and enforce MFA through authentik.

:::info In case something goes wrong with the configuration, you can temporarily re-enable local authentication via the REST API or by following instructions from https://www.firezone.dev/docs/administer/troubleshoot/#re-enable-local-authentication-via-cli. :::

Additional Resources