habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
665de8ef2211524f3cc13dce9344bd59c61c3a5c
authentik/website/docs/users-sources/user/user_ref.md
Tana M Berry 6d5172d18a website: latest PR for new Docs structure (#11639) 
* first pass

* dependency shenanigans

* move blueprints

* few broken links

* change config the throw errors

* internal file edits

* fighting links

* remove sidebarDev

* fix subdomain

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix relative URL

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix mismatched package versions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix api reference build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test tweak

* links hell

* more links hell

* links hell2

* yep last of the links

* last broken link fixed

* re-add cves

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add devdocs redirects

* add dir

* tweak netlify.toml

* move latest 2 CVES into dir

* fix links to moved cves

* typoed title fix

* fix link

* remove banner

* remove committed api docs

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* integrations: remove version dropdown

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update Makefile

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* change doc links in web as well

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix some more docs paths

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix more docs paths

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* ci: require ci-web.build for merging

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Revert "ci: require ci-web.build for merging"

This reverts commit b99a4842a9.

* remove sluf for Application

* put slug back in

* minor fix to trigger deploy

* Spelled out Documentation in menu bar

* remove image redirects...

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove explicit index.md

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove mdx first

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* then remove .md

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add missing prefix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2024-10-09 09:33:40 -05:00

3.5 KiB
Raw Blame History

title
title
User properties and attributes

Object properties

The User object has the following properties:

  • username: User's username.

  • email User's email.

  • uid User's unique ID

  • name User's display name.

  • is_staff Boolean field if user is staff.

  • is_active Boolean field if user is active.

  • date_joined Date user joined/was created.

  • password_change_date Date password was last changed.

  • path User's path, see Path

  • attributes Dynamic attributes, see Attributes

  • group_attributes() Merged attributes of all groups the user is member of and the user's own attributes.

  • ak_groups This is a queryset of all the user's groups.

    You can do additional filtering like:

    user.ak_groups.filter(name__startswith='test')

    For Django field lookups, see here.

    To get the name of all groups, you can use this command:

    [group.name for group in user.ak_groups.all()]

Examples

List all the User's group names:

for group in user.ak_groups.all():
    yield group.name

Path authentik 2022.7+

Paths can be used to organize users into folders depending on which source created them or organizational structure. Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.

Attributes

goauthentik.io/user/can-change-username

Optional flag, when set to false prevents the user from changing their own username.

goauthentik.io/user/can-change-name

Optional flag, when set to false prevents the user from changing their own name.

goauthentik.io/user/can-change-email

Optional flag, when set to false prevents the user from changing their own email address.

goauthentik.io/user/token-expires:

Optional flag, when set to false, Tokens created by the user will not expire.

Only applies when the token creation is triggered by the user with this attribute set. Additionally, the flag does not apply to superusers.

goauthentik.io/user/token-maximum-lifetime:

Optional flag, when set, defines the maximum lifetime of user-created tokens. Defaults to the system setting if not set.

Only applies when goauthentik.io/user/token-expires set to true.

Format is string of format days=10;hours=1;minute=3;seconds=5.

goauthentik.io/user/debug:

See Troubleshooting access problems, when set, the user gets a more detailed explanation of access decisions.

additionalHeaders:

:::info This field is only used by the Proxy Provider. :::

Some applications can be configured to create new users using header information forwarded from authentik. You can forward additional header information by adding each header underneath additionalHeaders:

Example:

additionalHeaders:
    REMOTE-USER: joe.smith
    REMOTE-EMAIL: joe@jsmith.com
    REMOTE-NAME: Joseph

These headers will now be passed to the application when the user logs in. Most applications will need to be configured to accept these headers. Some examples of applications that can accept additional headers from an authentik Proxy Provider are Grafana and Tandoor Recipes.