habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c6fe0c1d85ed4b582e74f8ef901b1765e38f607f
authentik/website/integrations/services/organizr/index.md
Teffen Ellis a714c781a6 website: Use Docusaurus Frontmatter for badges (#12893) 
website/docs: Reduce redundant usage of badges. Move badge logic to components.

- Fix JSX class name warning.
- Remove duplicate titles.
- Flesh out `support_level` frontmatter.
2025-02-19 18:03:05 +00:00

83 lines
3.1 KiB
Markdown
Raw Blame History

---
title: Integrate with organizr
sidebar_label: organizr
support_level: community
---
## What is organizr
> Organizr allows you to setup "Tabs" that will be loaded all in one webpage.
>
> -- https://github.com/causefx/Organizr
This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](https://docs.goauthentik.io/add-secure-apps/providers/ldap/generic_setup) for setting up the LDAP provider.
## Preparation
The following placeholders are used in this guide:
- `organizr.company` is the FQDN of the Service installation.
- `authentik.company` is the FQDN of the authentik installation.
:::note
This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
:::
Create a new user account _(or reuse an existing)_ for organizr to use for LDAP bind under _Directory_ -> _Users_ -> _Create_, in this example called `ldapservice`.
Note the DN of this user will be `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io`
:::tip
_Optionally_, create a new group like `organizr users` to scope access to the organizr application.
:::
## authentik Configuration
1. Create a new Proxy Provider for `https://organizr.company`
![](./organizr1.png)
_Optionally_, add the regular expression to allow api calls in the advanced protocol settings.
![](./organizr2.png)
2. Create a new Application for the `https://organizr.company` Provider.
![](./organizr3.png)
:::tip
_Optionally_, bind the group to control access to the organizr to the application.
![](./organizr4.png)
:::
![](./organizr5.png)
::: 3. Add the Application to the authentik Embedded Outpost.
## organizr Configuration
:::caution
Ensure any local usernames/email addresses in organizr do not conflict with usernames/email addresses in authentik.
:::
1. Enable Auth Proxy in organizr _system settings_ -> _main_ -> _Auth Proxy_
Auth Proxy Header Name: `X-authentik-username`
Auth Proxy Whitelist: _your network subnet in CIDR notation IE_ `10.0.0.0/8`
Auth Proxy Header Name for Email: `X-authentik-email`
Logout URL: `/outpost.goauthentik.io/sign_out`
![](./organizr6.png)
2. Setup Authentication in organizr _system settings_ -> _main_ -> _Authentication_
Authentication Type: `Organizr DB + Backend`
Authentication Backend: `Ldap`
Host Address: `<LDAP Outpost IP address:port>`
Host Base DN: `dc=ldap,dc=goauthentik,dc=io`
Account Prefix: `cn=`
Account Suffix: `,ou=users,dc=ldap,dc=goauthentik,dc=io`
Bind Username: `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io`
Bind Password: `<LDAP bind account password>`
LDAP Backend Type: `OpenLDAP`
![](./organizr7.png)
:::info
Access for authentik users is managed locally within organizr under _User Management_. By default, new users are assigned the `User` group.
:::
:::tip
Consider front-ending your application with a [forward auth provider](https://docs.goauthentik.io/docs/add-secure-apps/providers/proxy/forward_auth) for an SSO experience.
:::
Reference in New Issue View Git Blame Copy Permalink