habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c6fe0c1d85ed4b582e74f8ef901b1765e38f607f
authentik/website/integrations/services/organizr/index.md
Teffen Ellis a714c781a6 website: Use Docusaurus Frontmatter for badges (#12893) 
website/docs: Reduce redundant usage of badges. Move badge logic to components.

- Fix JSX class name warning.
- Remove duplicate titles.
- Flesh out `support_level` frontmatter.
2025-02-19 18:03:05 +00:00

3.1 KiB
Raw Blame History

title, sidebar_label, support_level
title sidebar_label support_level
Integrate with organizr organizr community

What is organizr

Organizr allows you to setup "Tabs" that will be loaded all in one webpage.

-- https://github.com/causefx/Organizr

This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See ldap provider generic setup for setting up the LDAP provider.

Preparation

The following placeholders are used in this guide:

  • organizr.company is the FQDN of the Service installation.
  • authentik.company is the FQDN of the authentik installation.

:::note This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. :::

Create a new user account (or reuse an existing) for organizr to use for LDAP bind under Directory -> Users -> Create, in this example called ldapservice.

 Note the DN of this user will be `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io`

:::tip Optionally, create a new group like organizr users to scope access to the organizr application. :::

authentik Configuration

  1. Create a new Proxy Provider for https://organizr.company Optionally, add the regular expression to allow api calls in the advanced protocol settings.
  2. Create a new Application for the https://organizr.company Provider. :::tip Optionally, bind the group to control access to the organizr to the application. :::

::: 3. Add the Application to the authentik Embedded Outpost.

organizr Configuration

:::caution Ensure any local usernames/email addresses in organizr do not conflict with usernames/email addresses in authentik. :::

  1. Enable Auth Proxy in organizr system settings -> main -> Auth Proxy

Auth Proxy Header Name: X-authentik-username Auth Proxy Whitelist: your network subnet in CIDR notation IE 10.0.0.0/8 Auth Proxy Header Name for Email: X-authentik-email Logout URL: /outpost.goauthentik.io/sign_out

  1. Setup Authentication in organizr system settings -> main -> Authentication

Authentication Type: Organizr DB + Backend Authentication Backend: Ldap Host Address: <LDAP Outpost IP address:port> Host Base DN: dc=ldap,dc=goauthentik,dc=io Account Prefix: cn= Account Suffix: ,ou=users,dc=ldap,dc=goauthentik,dc=io Bind Username: cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io Bind Password: <LDAP bind account password> LDAP Backend Type: OpenLDAP

:::info Access for authentik users is managed locally within organizr under User Management. By default, new users are assigned the User group. ::: :::tip Consider front-ending your application with a forward auth provider for an SSO experience. :::