diff --git a/web/build.mjs b/web/build.mjs index cd5a9ed564cd..b065a40507f5 100644 --- a/web/build.mjs +++ b/web/build.mjs @@ -88,7 +88,11 @@ const baseArgs = { treeShaking: true, external: ["*.woff", "*.woff2"], tsconfig: "./tsconfig.json", - loader: { ".css": "text", ".md": "text" }, + loader: { + ".css": "text", + ".md": "text", + ".mdx": "text", + }, define: definitions, format: "esm", }; diff --git a/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts b/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts index f2a866536a81..92f84afa28be 100644 --- a/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts +++ b/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts @@ -4,7 +4,7 @@ import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { EVENT_REFRESH } from "@goauthentik/common/constants"; import renderDescriptionList from "@goauthentik/components/DescriptionList"; import "@goauthentik/components/events/ObjectChangelog"; -import MDProviderOAuth2 from "@goauthentik/docs/add-secure-apps/providers/oauth2/index.md"; +import MDProviderOAuth2 from "@goauthentik/docs/add-secure-apps/providers/oauth2/index.mdx"; import { AKElement } from "@goauthentik/elements/Base"; import "@goauthentik/elements/CodeMirror"; import "@goauthentik/elements/EmptyState"; diff --git a/web/src/admin/providers/proxy/ProxyProviderViewPage.ts b/web/src/admin/providers/proxy/ProxyProviderViewPage.ts index 6c36efad0a59..7073c1715c1d 100644 --- a/web/src/admin/providers/proxy/ProxyProviderViewPage.ts +++ b/web/src/admin/providers/proxy/ProxyProviderViewPage.ts @@ -13,7 +13,7 @@ import MDNginxStandalone from "@goauthentik/docs/add-secure-apps/providers/proxy import MDTraefikCompose from "@goauthentik/docs/add-secure-apps/providers/proxy/_traefik_compose.md"; import MDTraefikIngress from "@goauthentik/docs/add-secure-apps/providers/proxy/_traefik_ingress.md"; import MDTraefikStandalone from "@goauthentik/docs/add-secure-apps/providers/proxy/_traefik_standalone.md"; -import MDHeaderAuthentication from "@goauthentik/docs/add-secure-apps/providers/proxy/header_authentication.md"; +import MDHeaderAuthentication from "@goauthentik/docs/add-secure-apps/providers/proxy/header_authentication.mdx"; import { AKElement } from "@goauthentik/elements/Base"; import "@goauthentik/elements/CodeMirror"; import "@goauthentik/elements/Markdown"; diff --git a/web/src/global.d.ts b/web/src/global.d.ts index 059e868156ea..b6774228fc15 100644 --- a/web/src/global.d.ts +++ b/web/src/global.d.ts @@ -6,6 +6,12 @@ declare module "*.md" { const filename: string; } +declare module "*.mdx" { + const html: string; + const metadata: { [key: string]: string }; + const filename: string; +} + declare namespace Intl { class ListFormat { constructor(locale: string, args: { [key: string]: string }); diff --git a/website/docs/add-secure-apps/applications/index.md b/website/docs/add-secure-apps/applications/index.md index f6f29c5ab502..4185423e3f47 100644 --- a/website/docs/add-secure-apps/applications/index.md +++ b/website/docs/add-secure-apps/applications/index.md @@ -6,12 +6,12 @@ Applications, as defined in authentik, are used to configure and separate the au When a user logs into authentik, they see a list of the applications for which authentik is configured to provide authentication and authorization (the applications that that they are authorized to use). -Applications are the "other half" of providers. They typically exist in a 1-to-1 relationship; each application needs a provider and every provider can be used with one application. Applications can, however, use specific, additional providers to augment the functionality of the main provider. For more information, see [Backchannel providers](./manage_apps.md#backchannel-providers). +Applications are the "other half" of providers. They typically exist in a 1-to-1 relationship; each application needs a provider and every provider can be used with one application. Applications can, however, use specific, additional providers to augment the functionality of the main provider. For more information, see [Backchannel providers](./manage_apps.mdx#backchannel-providers). Furthermore, the [RAC (Remote Access Control)](../providers/rac/index.md) feature uses a single application and a single provider, but multiple "endpoints". An endpoint defines each remote machine. :::info -For information about creating and managing applications, refer to [Manage applications](./manage_apps.md). +For information about creating and managing applications, refer to [Manage applications](./manage_apps.mdx). ::: ## Appearance diff --git a/website/docs/add-secure-apps/applications/manage_apps.md b/website/docs/add-secure-apps/applications/manage_apps.mdx similarity index 92% rename from website/docs/add-secure-apps/applications/manage_apps.md rename to website/docs/add-secure-apps/applications/manage_apps.mdx index b9aecf3d1e2f..8f3454aca5f5 100644 --- a/website/docs/add-secure-apps/applications/manage_apps.md +++ b/website/docs/add-secure-apps/applications/manage_apps.mdx @@ -2,6 +2,9 @@ title: Manage applications --- +import VersionBadge from "@site/src/components/VersionBadge"; +import PreviewBadge from "@site/src/components/PreviewBadge"; + Managing the applications that your team uses involves several tasks, from initially adding the application and provider, to controlling access and visibility of the application, to providing access URLs. ## Add new applications @@ -10,7 +13,15 @@ Learn how to add new applications from our video or follow the instructions belo ### Video - + ### Instructions @@ -45,8 +56,12 @@ When multiple policies/groups/users are attached, you can configure the _Policy ## Application Entitlements -Preview -authentik 2024.12+ +

+ + + + +

Application entitlements can be used through authentik to manage authorization within an application (what areas of the app users or groups can access). Entitlements are scoped to a single application and can be bound to multiple users and/or groups (binding policies is not currently supported), giving them access to the entitlement. An application can either check for the name of the entitlement (via the `entitlements` scope), or via attributes stored in entitlements. diff --git a/website/docs/add-secure-apps/flows-stages/bindings/index.md b/website/docs/add-secure-apps/flows-stages/bindings/index.md index 9e824ff000f0..238814bbf2d3 100644 --- a/website/docs/add-secure-apps/flows-stages/bindings/index.md +++ b/website/docs/add-secure-apps/flows-stages/bindings/index.md @@ -24,7 +24,7 @@ A _policy binding_ connects a specific policy to a flow or to a stage. With the You can also bind groups and users to another component (a policy, a stage, a flow, etc.). For example, you can create a binding for a specific group, and then [bind that to a stage binding](../stages/index.md#bind-users-and-groups-to-a-flows-stage-binding), with the result that everyone in that group now will see that stage (and any policies bound to that stage) as part of their flow. Or more specifically, and going one step deeper, you can also _bind a binding to a binding_. -Bindings are also used for [Application Entitlements](../../applications/manage_apps.md#application-entitlements), where you can bind specific users or groups to an application as a way to manage who has access to the application. +Bindings are also used for [Application Entitlements](../../applications/manage_apps.mdx#application-entitlements), where you can bind specific users or groups to an application as a way to manage who has access to the application. It's important to remember that bindings are instantiated objects themselves, and conceptually can be considered as a "connector" between two components. This is why you might read about "binding a binding", because technically, a binding is "spliced" into another binding, in order to intercept and enforce the criteria defined in the second binding. diff --git a/website/docs/add-secure-apps/flows-stages/bindings/work_with_bindings.md b/website/docs/add-secure-apps/flows-stages/bindings/work_with_bindings.md index f3e1f38a3fe0..81bfa9beb90e 100644 --- a/website/docs/add-secure-apps/flows-stages/bindings/work_with_bindings.md +++ b/website/docs/add-secure-apps/flows-stages/bindings/work_with_bindings.md @@ -8,6 +8,6 @@ For instructions to create a binding, refer to the documentation for the specifi - [Bind a stage to a flow](../stages/index.md#bind-a-stage-to-a-flow) - [Bind a policy to a flow or stage](../../../customize/policies/working_with_policies#bind-a-policy-to-a-flow-or-stage) -- [Bind users or groups to a specific application with an Application Entitlement](../../applications/manage_apps.md#application-entitlements) -- [Bind a policy to a specific application when you create a new app using the Wizard](../../applications/manage_apps.md#instructions) +- [Bind users or groups to a specific application with an Application Entitlement](../../applications/manage_apps.mdx#application-entitlements) +- [Bind a policy to a specific application when you create a new app using the Wizard](../../applications/manage_apps.mdx#instructions) - [Bind users and groups to a stage binding, to define whether or not that stage is shown](../stages/index.md#bind-users-and-groups-to-a-flows-stage-binding) diff --git a/website/docs/add-secure-apps/flows-stages/flow/context/index.md b/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx similarity index 90% rename from website/docs/add-secure-apps/flows-stages/flow/context/index.md rename to website/docs/add-secure-apps/flows-stages/flow/context/index.mdx index 62b9a2936f2f..030ab4ed84b0 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/context/index.md +++ b/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx @@ -2,6 +2,8 @@ title: Flow Context --- +import VersionBadge from "@site/src/components/VersionBadge"; + Each flow execution has an independent _context_. This context holds all of the arbitrary data about that specific flow, data which can then be used and transformed by stages and policies. ## Managing data in a flow context @@ -24,11 +26,11 @@ Keys prefixed with `goauthentik.io` are used internally by authentik and are sub ### Common keys -#### `pending_user` ([User object](../../../../users-sources/user/user_ref.md#object-properties)) +#### `pending_user` ([User object](../../../../users-sources/user/user_ref.mdx#object-properties)) -`pending_user` is used by multiple stages. In the context of most flow executions, it represents the data of the user that is executing the flow. This value is not set automatically, it is set via the [Identification stage](../../stages/identification/index.md). +`pending_user` is used by multiple stages. In the context of most flow executions, it represents the data of the user that is executing the flow. This value is not set automatically, it is set via the [Identification stage](../../stages/identification/index.mdx). -Stages that require a user, such as the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.md) and others will use this value if it is set, and fallback to the request's users when possible. +Stages that require a user, such as the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.mdx) and others will use this value if it is set, and fallback to the request's users when possible. #### `prompt_data` (Dictionary) @@ -62,7 +64,7 @@ When an unauthenticated user attempts to access a secured resource, they are red When a user authenticates/enrolls via an external source, this will be set to the source they are using. -#### `outpost` (dictionary) authentik 2024.10+ +#### `outpost` (dictionary)  When a flow is executed by an Outpost (for example the [LDAP](../../../providers/ldap/index.md) or [RADIUS](../../../providers/radius/index.mdx)), this will be set to a dictionary containing the Outpost instance under the key `"instance"`. @@ -76,7 +78,7 @@ This key is set to `True` when the flow is executed from an "SSO" context. For e This key is set when a flow execution is continued from a token. This happens for example when an [Email stage](../../stages/email/index.mdx) is used and the user clicks on the link within the email. The token object contains the key that was used to restore the flow execution. -#### `is_redirected` (Flow object) authentik 2024.12+ +#### `is_redirected` (Flow object)  This key is set when the current flow was reached through a [Redirect stage](../../stages/redirect/index.md) in Flow mode. @@ -98,7 +100,7 @@ URL that the form will be submitted to. Key-value pairs of the data that is included in the form and will be submitted to `url`. -#### Captcha stage authentik 2024.6+ +#### Captcha stage  ##### `captcha` (dictionary) @@ -118,7 +120,7 @@ An optional list of all permissions that will be given to the application by gra #### Deny stage -##### `deny_message` (string) authentik 2023.10+ +##### `deny_message` (string)  Optionally overwrite the deny message shown, has a higher priority than the message configured in the stage. @@ -134,7 +136,7 @@ If set, this must be a list of group objects and not group names. Path the `pending_user` will be written to. If not set in the flow, falls back to the value set in the user_write stage, and otherwise to the `users` path. -##### `user_type` (string) authentik 2023.10+ +##### `user_type` (string)  Type the `pending_user` will be created as. Must be one of `internal`, `external` or `service_account`. @@ -146,7 +148,7 @@ Set by the [Password stage](../../stages/password/index.md) after successfully a ##### `auth_method` (string) -Set by the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.md), the [OAuth2 Provider](../../../providers/oauth2/index.md), and the API authentication depending on which method was used to authenticate. +Set by the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.mdx), the [OAuth2 Provider](../../../providers/oauth2/index.mdx), and the API authentication depending on which method was used to authenticate. Possible options: @@ -155,7 +157,7 @@ Possible options: - `ldap` (Authenticated via LDAP bind from an LDAP source) - `auth_mfa` (Authentication via MFA device without password) - `auth_webauthn_pwl` (Passwordless authentication via WebAuthn) -- `jwt` ([M2M](../../../providers/oauth2/client_credentials.md) authentication via an existing JWT) +- `jwt` ([M2M](../../../providers/oauth2/client_credentials.mdx) authentication via an existing JWT) ##### `auth_method_args` (dictionary) @@ -198,7 +200,7 @@ If _Show matched user_ is disabled, this key will be set to the user identifier #### Redirect stage -##### `redirect_stage_target` (string) authentik 2024.12+ +##### `redirect_stage_target` (string)  [Set this key](../../../../customize/policies/expression/managing_flow_context_keys.md) in an Expression Policy to override [Redirect stage](../../stages/redirect/index.md) to force it to redirect to a certain URL or flow. This is useful when a flow requires that the redirection target be decided dynamically. diff --git a/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.md b/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.mdx similarity index 84% rename from website/docs/add-secure-apps/flows-stages/flow/examples/snippets.md rename to website/docs/add-secure-apps/flows-stages/flow/examples/snippets.mdx index a63729808fce..a2a4998c7c8d 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.md +++ b/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.mdx @@ -2,7 +2,9 @@ title: Example policy snippets for flows --- -### Redirect current flow to another URL authentik 2022.7+ +import VersionBadge from "@site/src/components/VersionBadge"; + +### Redirect current flow to another URL  ```python plan = request.context.get("flow_plan") diff --git a/website/docs/add-secure-apps/flows-stages/flow/executors/headless.md b/website/docs/add-secure-apps/flows-stages/flow/executors/headless.md index 7422831a19bd..c1b10437d6b9 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/executors/headless.md +++ b/website/docs/add-secure-apps/flows-stages/flow/executors/headless.md @@ -6,6 +6,6 @@ The headless flow executor is used by clients that don't have access to the web The following stages are supported: -- [**Identification stage**](../../stages/identification/index.md) +- [**Identification stage**](../../stages/identification/index.mdx) - [**Password stage**](../../stages/password/index.md) -- [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.md) +- [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.mdx) diff --git a/website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md b/website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md index ce8a5ced39b0..1edabe4d8983 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md +++ b/website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md @@ -1,9 +1,8 @@ --- title: Simplified flow executor +authentik_version: "2024.6.1" --- -authentik 2024.6.1+ - A simplified web-based flow executor that authentik automatically uses for older browsers that do not support modern web technologies. Currently this flow executor is automatically used for the following browsers: @@ -13,14 +12,14 @@ Currently this flow executor is automatically used for the following browsers: The following stages are supported: -- [**Identification stage**](../../stages/identification/index.md) +- [**Identification stage**](../../stages/identification/index.mdx) :::info Only user identifier and user identifier + password stage configurations are supported; sources and passwordless configurations are not supported. ::: - [**Password stage**](../../stages/password/index.md) -- [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.md) +- [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.mdx) Compared to the [default flow executor](./if-flow.md), this flow executor does _not_ support the following features: diff --git a/website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md b/website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md index 6f22d45cb26f..f2201f3bf79e 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md +++ b/website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md @@ -1,9 +1,6 @@ --- title: User settings ---- - -authentik 2023.3+ - +authentik_version: "2023.3" --- The user interface (/if/user/) uses a specialized flow executor to allow individual users to customize their profile. A user's profile consists of key/value fields, so this executor only supports Prompt or User Write stages. If the configured flow contains another stage, a button will be shown to open the default executor. diff --git a/website/docs/add-secure-apps/flows-stages/flow/flow_list/_defaultflowlist.mdx b/website/docs/add-secure-apps/flows-stages/flow/flow_list/_defaultflowlist.mdx index ac1344ed8194..8d4c54dc3ba6 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/flow_list/_defaultflowlist.mdx +++ b/website/docs/add-secure-apps/flows-stages/flow/flow_list/_defaultflowlist.mdx @@ -6,7 +6,7 @@ - **Invalidation**: designates a default flow to be used to invalidate a session. Use `default-invalidation-flow` for invalidation from authentik itself, or use `default-provider-invalidation-flow` to invalidate when the session of an application ends. When you use the `default-invalidation-flow` as a global invalidation flow, it should contain a [**User Logout**](../../stages/user_logout.md) stage. When you use the `default-provider-invalidation-flow` (supported with OIDC, SAML, Proxy, and RAC providers), you can configure this default flow to present users log-off options such as "log out of the app but remain logged in to authentik" or "return to the **My Applications** page", or "log out completely". (Alternatively, you can create a custom invalidation flow, with a branded background image.) -- **Recovery**: designates a flow for recovery. This flow normally contains an [**Identification**](../../stages/identification/index.md) stage to find the user. It can also contain any amount of verification stages, such as [**Email**](../../stages/email/index.mdx) or [**CAPTCHA**](../../stages/captcha/index.md). Afterwards, use the [**Prompt**](../../stages/prompt/index.md) stage to ask the user for a new password and the [**User Write**](../../stages/user_write.md) stage to update the password. +- **Recovery**: designates a flow for recovery. This flow normally contains an [**Identification**](../../stages/identification/index.mdx) stage to find the user. It can also contain any amount of verification stages, such as [**Email**](../../stages/email/index.mdx) or [**CAPTCHA**](../../stages/captcha/index.md). Afterwards, use the [**Prompt**](../../stages/prompt/index.md) stage to ask the user for a new password and the [**User Write**](../../stages/user_write.md) stage to update the password. - **Stage configuration**: designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure authenticators, like change a password and set up TOTP. diff --git a/website/docs/add-secure-apps/flows-stages/flow/index.md b/website/docs/add-secure-apps/flows-stages/flow/index.md index 3b8949a72d29..62689a856824 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/index.md +++ b/website/docs/add-secure-apps/flows-stages/flow/index.md @@ -20,7 +20,7 @@ When these stages are successfully completed, authentik logs in the user. By default, policies are evaluated dynamically, right before the stage (to which a policy is bound) is presented to the user. This flexibility allows the login process to continue, change, or stop, based on the success or failure of each policy. -This default behaviour can be altered by enabling the **Evaluate when flow is planned** option on the stage binding. With this setting a _flow plan_ containing all stages is generated upon flow execution. This means that all attached policies are evaluated upon execution. For more information about flow plans, read our [flow context documentation](./context/index.md). +This default behaviour can be altered by enabling the **Evaluate when flow is planned** option on the stage binding. With this setting a _flow plan_ containing all stages is generated upon flow execution. This means that all attached policies are evaluated upon execution. For more information about flow plans, read our [flow context documentation](./context/index.mdx). ## Permissions diff --git a/website/docs/add-secure-apps/flows-stages/flow/inspector.md b/website/docs/add-secure-apps/flows-stages/flow/inspector.md index 902d973eb268..c6a6ab6d6594 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/inspector.md +++ b/website/docs/add-secure-apps/flows-stages/flow/inspector.md @@ -2,7 +2,7 @@ title: Flow Inspector --- -The flow inspector, introduced in 2021.10, allows administrators to visually determine how custom flows work, inspect the current [flow context](./context/index.md), and investigate issues. +The flow inspector, introduced in 2021.10, allows administrators to visually determine how custom flows work, inspect the current [flow context](./context/index.mdx), and investigate issues. As shown in the screenshot below, the flow inspector displays next to the selected flow (in this case, "Change Password"), with [information](#flow-inspector-details) about that specific flow and flow context. diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.mdx similarity index 90% rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.md rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.mdx index 0b272803cfc8..e615261e8a84 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.mdx @@ -2,6 +2,8 @@ title: Duo authenticator setup stage --- +import VersionBadge from "@site/src/components/VersionBadge"; + This stage configures a Duo authenticator. To get the API Credentials for this stage, open your Duo Admin dashboard. Go to Applications, click on Protect an Application and search for "Auth API". Click on Protect. @@ -10,7 +12,7 @@ Copy all of the integration key, secret key and API hostname, and paste them in Devices created reference the stage they were created with, since the API credentials are needed to authenticate. This also means when the stage is deleted, all devices are removed. -## Importing users authentik 2022.9+ +## Importing users  :::info Due to the way the Duo API works, authentik can only automatically import existing Duo users when a Duo MFA or higher license is active. @@ -20,7 +22,7 @@ To import a device, open the Stages list in the authentik Admin interface. On th The Duo username can be found by navigating to your Duo Admin dashboard and selecting _Users_ in the sidebar. Optionally if you have multiple users with the same username, you can click on a User and copy their ID from the URL, and use that to import the device. -### Older versions authentik 2021.9.1+ +### Older versions  You can call the `/api/v3/stages/authenticator/duo/{stage_uuid}/import_devices/` endpoint ([see here](https://goauthentik.io/api/#post-/stages/authenticator/duo/-stage_uuid-/import_devices/)) using the following parameters: diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index.md index d75ff9b9c0d6..940c19060e6e 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index.md @@ -1,11 +1,8 @@ --- title: Endpoint Authenticator Google Device Trust Connector Stage ---- - -Enterprise -Preview -authentik 2024.10+ - +authentik_version: "2024.10" +authentik_preview: true +authentik_enterprise: true --- With this stage, authentik can validate users' Chrome browsers and ensure that users' devices are compliant and up-to-date. @@ -18,10 +15,11 @@ This stage only works with Google Chrome, as it relies on the [Chrome Verified A The main steps to set up your Google workspace are as follows: -1. [Create your Google Cloud Project](#create-a-google-cloud-project) -2. [Create a service account](#create-a-service-account) -3. [Set credentials for the service account](#set-credentials-for-the-service-account) -4. [Define access and scope in the Admin Console](#set-credentials-for-the-service-account) +- [Configuration](#configuration) + - [Create a Google cloud project](#create-a-google-cloud-project) + - [Create a service account](#create-a-service-account) + - [Set credentials for the service account](#set-credentials-for-the-service-account) + - [Create the stage](#create-the-stage) For detailed instructions, refer to Google documentation. @@ -76,4 +74,4 @@ For detailed instructions, refer to Google documentation. 4. Click **Finish**. -After creating the stage, it can be used in any flow. Compared to other Authenticator stages, this stage does not require enrollment. Instead of adding an [Authenticator Validation Stage](../authenticator_validate/index.md), this stage only verifies the users' browser. +After creating the stage, it can be used in any flow. Compared to other Authenticator stages, this stage does not require enrollment. Instead of adding an [Authenticator Validation Stage](../authenticator_validate/index.mdx), this stage only verifies the users' browser. diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.mdx similarity index 95% rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.md rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.mdx index c79c465effa1..a32d7505b948 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.mdx @@ -2,6 +2,8 @@ title: SMS authenticator setup stage --- +import VersionBadge from "@site/src/components/VersionBadge"; + This stage configures an SMS-based authenticator using either Twilio, or a generic HTTP endpoint. ## Providers @@ -46,9 +48,9 @@ return { } ``` -## Verify only authentik 2022.6+ +## Verify only  -To only verify the validity of a users' phone number, without saving it in an easily accessible way, you can enable this option. Phone numbers from devices enrolled through this stage will only have their hashed phone number saved. These devices can also not be used with the [Authenticator validation](../authenticator_validate/index.md) stage. +To only verify the validity of a users' phone number, without saving it in an easily accessible way, you can enable this option. Phone numbers from devices enrolled through this stage will only have their hashed phone number saved. These devices can also not be used with the [Authenticator validation](../authenticator_validate/index.mdx) stage. ## Limiting phone numbers diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx similarity index 89% rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx index 999819e05fa7..3504d8dbd716 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx @@ -2,13 +2,15 @@ title: Authenticator validation stage --- +import VersionBadge from "@site/src/components/VersionBadge"; + This stage validates an already configured Authenticator Device. This device has to be configured using any of the other authenticator stages: -- [Duo authenticator stage](../authenticator_duo/index.md) -- [SMS authenticator stage](../authenticator_sms/index.md) +- [Duo authenticator stage](../authenticator_duo/index.mdx) +- [SMS authenticator stage](../authenticator_sms/index.mdx) - [Static authenticator stage](../authenticator_static/index.md) - [TOTP authenticator stage](../authenticator_totp/index.md) -- [WebAuthn authenticator stage](../authenticator_webauthn/index.md) +- [WebAuthn authenticator stage](../authenticator_webauthn/index.mdx) You can select which type of device classes are allowed. @@ -23,11 +25,11 @@ Keep in mind that when using Code-based devices (TOTP, Static and SMS), values l ### Options -#### Less-frequent validation authentik 2022.5.1+ +#### Less-frequent validation  You can configure this stage to only ask for MFA validation if the user hasn't authenticated themselves within a defined time period. To configure this, set _Last validation threshold_ to any non-zero value. Any of the users devices within the selected classes are checked. -#### Passwordless authentication authentik 2021.12.4+ +#### Passwordless authentication  :::caution Firefox has some known issues regarding TouchID (see https://bugzilla.mozilla.org/show_bug.cgi?id=1536482) @@ -68,7 +70,7 @@ Logins which used Passwordless authentication have the _auth_method_ context var } ``` -#### WebAuthn Device type restrictions authentik 2024.4+ +#### WebAuthn Device type restrictions  Optionally restrict which WebAuthn device types can be used to authenticate. diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx similarity index 78% rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx index 94bef08f8100..c141bd4b1600 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx @@ -2,6 +2,8 @@ title: WebAuthn authenticator setup stage --- +import VersionBadge from "@site/src/components/VersionBadge"; + This stage configures a WebAuthn-based Authenticator. This can either be a browser, biometrics or a Security stick like a YubiKey. ### Options @@ -12,13 +14,13 @@ Configure if authentik should require, prefer or discourage user verification fo #### Resident key requirement -Configure if the created authenticator is stored in the encrypted memory on the device or in persistent memory. When configuring [passwordless login](../identification/index.md#passwordless-flow), this should be set to either _Preferred_ or _Required_, otherwise the authenticator cannot be used for passwordless authentication. +Configure if the created authenticator is stored in the encrypted memory on the device or in persistent memory. When configuring [passwordless login](../identification/index.mdx#passwordless-flow), this should be set to either _Preferred_ or _Required_, otherwise the authenticator cannot be used for passwordless authentication. #### Authenticator Attachment Configure if authentik will require either a removable device (like a YubiKey, Google Titan, etc) or a non-removable device (like Windows Hello, TouchID or password managers), or not send a requirement. -#### Device type restrictions authentik 2024.4+ +#### Device type restrictions  Optionally restrict the types of devices allowed to be enrolled. This option can be used to ensure users are only able to enroll FIPS-compliant devices for example. diff --git a/website/docs/add-secure-apps/flows-stages/stages/identification/index.md b/website/docs/add-secure-apps/flows-stages/stages/identification/index.mdx similarity index 85% rename from website/docs/add-secure-apps/flows-stages/stages/identification/index.md rename to website/docs/add-secure-apps/flows-stages/stages/identification/index.mdx index 86ce02bfe925..fb746c25610e 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/identification/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/identification/index.mdx @@ -2,6 +2,8 @@ title: Identification stage --- +import VersionBadge from "@site/src/components/VersionBadge"; + This stage provides a ready-to-go form for users to identify themselves. ## User Fields @@ -30,13 +32,13 @@ To run a CAPTCHA process in the background while the user is entering their iden These fields specify if and which flows are linked on the form. The enrollment flow is linked as `Need an account? Sign up.`, and the recovery flow is linked as `Forgot username or password?`. -## Pretend user exists authentik 2024.2+ +## Pretend user exists  When enabled, any user identifier will be accepted as valid (as long as they match the correct format, i.e. when [User fields](#user-fields) is set to only allow Emails, then the identifier still needs to be an Email). The stage will succeed and the flow will continue to the next stage. Stages like the [Password stage](../password/index.md) and [Email stage](../email/index.mdx) are aware of this "pretend" user and will behave the same as if the user would exist. ## Source settings -Some sources (like the [OAuth Source](../../../../users-sources/sources/protocols/oauth/index.md) and [SAML Source](../../../../users-sources/sources/protocols/saml/index.md)) require user interaction. To make these sources available to users, they can be selected in the Identification stage settings, which will show them below the selected [user field](#user-fields). +Some sources (like the [OAuth Source](../../../../users-sources/sources/protocols/oauth/index.mdx) and [SAML Source](../../../../users-sources/sources/protocols/saml/index.md)) require user interaction. To make these sources available to users, they can be selected in the Identification stage settings, which will show them below the selected [user field](#user-fields). By default, sources are only shown with their icon, which can be changed with the _Show sources' labels_ option. @@ -50,7 +52,7 @@ Starting with authentik 2023.5, when no user fields are selected and only one so ### Passwordless flow -See [Passwordless authentication](../authenticator_validate/index.md#passwordless-authentication-authentik-2021124). +See [Passwordless authentication](../authenticator_validate/index.mdx#passwordless-authentication). ### Enrollment flow diff --git a/website/docs/add-secure-apps/flows-stages/stages/password/index.md b/website/docs/add-secure-apps/flows-stages/stages/password/index.md index 08539322a773..583223088c66 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/password/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/password/index.md @@ -6,7 +6,7 @@ This is a generic password prompt which authenticates the current `pending_user` ## Passwordless login -There are two different ways to configure passwordless authentication; you can follow the instructions [here](../authenticator_validate/index.md#passwordless-authentication-authentik-2021124) to allow users to directly authenticate with their authenticator (only supported for WebAuthn devices), or dynamically skip the password stage depending on the users device, which is documented here. +There are two different ways to configure passwordless authentication; you can follow the instructions [here](../authenticator_validate/index.mdx#passwordless-authentication) to allow users to directly authenticate with their authenticator (only supported for WebAuthn devices), or dynamically skip the password stage depending on the users device, which is documented here. Depending on what kind of device you want to require the user to have: diff --git a/website/docs/add-secure-apps/flows-stages/stages/redirect/index.md b/website/docs/add-secure-apps/flows-stages/stages/redirect/index.md index 4cb64166c520..826ea3276b4d 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/redirect/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/redirect/index.md @@ -1,9 +1,6 @@ --- title: Redirect stage ---- - -authentik 2024.12+ - +authentik_version: "2024.12" --- This stage's main purpose is to redirect the user to a new Flow while keeping flow context. For convenience, it can also redirect the user to a static URL. @@ -16,6 +13,6 @@ When the user reaches this stage, they are redirected to a static URL. ### Flow mode -When the user reaches this stage, they are redirected to a specified flow, retaining all [flow context](../../flow/context). +When the user reaches this stage, they are redirected to a specified flow, retaining all [flow context](../../flow/context/index.mdx). -Optionally, untoggle the "Keep flow context" switch. If this is untoggled, all flow context is cleared with the exception of the [is_redirected](../../flow/context#is_redirected-flow-object-authentik-202412) key. +Optionally, untoggle the "Keep flow context" switch. If this is untoggled, all flow context is cleared with the exception of the [is_redirected](../../flow/context#is_redirected-flow-object) key. diff --git a/website/docs/add-secure-apps/flows-stages/stages/source/index.md b/website/docs/add-secure-apps/flows-stages/stages/source/index.md index 99e261f85a07..65c43ca9364d 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/source/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/source/index.md @@ -1,13 +1,10 @@ --- title: Source stage +authentik_version: "2024.4" +authentik_enterprise: true --- -Enterprise -authentik 2024.4+ - ---- - -The source stage injects an [OAuth](../../../../users-sources/sources/protocols/oauth/index.md) or [SAML](../../../../users-sources/sources/protocols/saml/index.md) Source into the flow execution. This allows for additional user verification, or to dynamically access different sources for different user identifiers (username, email address, etc). +The source stage injects an [OAuth](../../../../users-sources/sources/protocols/oauth/index.mdx) or [SAML](../../../../users-sources/sources/protocols/saml/index.md) Source into the flow execution. This allows for additional user verification, or to dynamically access different sources for different user identifiers (username, email address, etc). ```mermaid sequenceDiagram @@ -44,13 +41,13 @@ This stage can be used to leverage an external OAuth/SAML identity provider. For example, you can authenticate users by routing them through a custom device-health solution. -Another use case is to route users to authenticate with your legacy (Okta, etc) IdP and then use the returned identity and attributes within authentik as part of an authorization flow, for example as part of an IdP migration. For authentication/enrollment this is also possible with an [OAuth](../../../../users-sources/sources/protocols/oauth/index.md)/[SAML](../../../../users-sources/sources/protocols/saml/index.md) source by itself. +Another use case is to route users to authenticate with your legacy (Okta, etc) IdP and then use the returned identity and attributes within authentik as part of an authorization flow, for example as part of an IdP migration. For authentication/enrollment this is also possible with an [OAuth](../../../../users-sources/sources/protocols/oauth/index.mdx)/[SAML](../../../../users-sources/sources/protocols/saml/index.md) source by itself. ### Options #### Source -The source the user is redirected to. Must be a web-based source, such as [OAuth](../../../../users-sources/sources/protocols/oauth/index.md) or [SAML](../../../../users-sources/sources/protocols/saml/index.md). Sources like [LDAP](../../../../users-sources/sources/protocols/ldap/index.md) are _not_ compatible. +The source the user is redirected to. Must be a web-based source, such as [OAuth](../../../../users-sources/sources/protocols/oauth/index.mdx) or [SAML](../../../../users-sources/sources/protocols/saml/index.md). Sources like [LDAP](../../../../users-sources/sources/protocols/ldap/index.md) are _not_ compatible. #### Resume timeout diff --git a/website/docs/add-secure-apps/providers/entra/add-entra-provider.md b/website/docs/add-secure-apps/providers/entra/add-entra-provider.md index c1e47469b1e7..09da982580d6 100644 --- a/website/docs/add-secure-apps/providers/entra/add-entra-provider.md +++ b/website/docs/add-secure-apps/providers/entra/add-entra-provider.md @@ -1,10 +1,7 @@ --- title: Add an Entra ID provider ---- - -Enterprise -Preview - +authentik_enterprise: true +authentik_preview: true --- For more information about using an Entra ID provider, see the [Overview](./index.md) documentation. diff --git a/website/docs/add-secure-apps/providers/entra/index.md b/website/docs/add-secure-apps/providers/entra/index.md index f3e31e7e0f87..c78176bd1bb2 100644 --- a/website/docs/add-secure-apps/providers/entra/index.md +++ b/website/docs/add-secure-apps/providers/entra/index.md @@ -1,10 +1,7 @@ --- title: Microsoft Entra ID provider ---- - -Enterprise -Preview - +authentik_enterprise: true +authentik_preview: true --- With the Microsoft Entra ID provider, authentik serves as the single source of truth for all users and groups. Configuring Entra ID as a provider allows for auto-discovery of user and group accounts, on-going synchronization of user data such as email address, name, and status, and integrated data mapping of field names and values. diff --git a/website/docs/add-secure-apps/providers/entra/setup-entra.md b/website/docs/add-secure-apps/providers/entra/setup-entra.md index c656bd77a614..ed2cef812660 100644 --- a/website/docs/add-secure-apps/providers/entra/setup-entra.md +++ b/website/docs/add-secure-apps/providers/entra/setup-entra.md @@ -1,9 +1,6 @@ --- title: Configure Entra ID ---- - -Enterprise - +authentik_enterprise: true --- The configuration of your Microsoft Entra ID environment must be completed before you [add the new provider](./add-entra-provider.md) in authentik. diff --git a/website/docs/add-secure-apps/providers/gws/add-gws-provider.md b/website/docs/add-secure-apps/providers/gws/add-gws-provider.md index b74483f335df..e147049e6090 100644 --- a/website/docs/add-secure-apps/providers/gws/add-gws-provider.md +++ b/website/docs/add-secure-apps/providers/gws/add-gws-provider.md @@ -1,10 +1,7 @@ --- title: Create a Google Workspace provider ---- - -Enterprise -Preview - +authentik_enterprise: true +authentik_preview: true --- For more information about using a Google Workspace provider, see the [Overview](./index.md) documentation. diff --git a/website/docs/add-secure-apps/providers/gws/index.md b/website/docs/add-secure-apps/providers/gws/index.md index f0a968bff76e..e54be7f0f044 100644 --- a/website/docs/add-secure-apps/providers/gws/index.md +++ b/website/docs/add-secure-apps/providers/gws/index.md @@ -1,10 +1,7 @@ --- title: Google Workspace provider ---- - -Enterprise -Preview - +authentik_enterprise: true +authentik_preview: true --- With the Google Workspace provider, authentik serves as the single source of truth for all users and groups, when using Google products like Gmail. diff --git a/website/docs/add-secure-apps/providers/gws/setup-gws.md b/website/docs/add-secure-apps/providers/gws/setup-gws.md index e4881c8b1e3b..5d9053ddd399 100644 --- a/website/docs/add-secure-apps/providers/gws/setup-gws.md +++ b/website/docs/add-secure-apps/providers/gws/setup-gws.md @@ -1,9 +1,6 @@ --- title: Configure Google Workspace ---- - -Enterprise - +authentik_enterprise: true --- The configuration and set up of your Google Workspace must be completed before you [add the new provider](./add-gws-provider.md) in authentik. diff --git a/website/docs/add-secure-apps/providers/index.mdx b/website/docs/add-secure-apps/providers/index.mdx index b88c6aad5756..dd9c478516e5 100644 --- a/website/docs/add-secure-apps/providers/index.mdx +++ b/website/docs/add-secure-apps/providers/index.mdx @@ -9,9 +9,9 @@ A Provider is an authentication method, a service that is used by authentik to a Providers are the "other half" of [applications](../applications/index.md). They typically exist in a 1-to-1 relationship; each application needs a provider and every provider can be used with one application. -Applications can use additional providers to augment the functionality of the main provider. For more information, see [Backchannel providers](../applications/manage_apps.md#backchannel-providers). +Applications can use additional providers to augment the functionality of the main provider. For more information, see [Backchannel providers](../applications/manage_apps.mdx#backchannel-providers). -You can create a new provider in the Admin interface, or you can use the [Application wizard](../applications/manage_apps.md#instructions) to create a new application and its provider at the same time. +You can create a new provider in the Admin interface, or you can use the [Application wizard](../applications/manage_apps.mdx#instructions) to create a new application and its provider at the same time. When you create certain types of providers, you need to select specific [flows](../flows-stages/flow/index.md) to apply to users who access authentik via the provider. To learn more, refer to our [default flow documentation](../flows-stages/flow/examples/default_flows.md). diff --git a/website/docs/add-secure-apps/providers/ldap/index.md b/website/docs/add-secure-apps/providers/ldap/index.md index ae3232eeec84..a420a0fc6b58 100644 --- a/website/docs/add-secure-apps/providers/ldap/index.md +++ b/website/docs/add-secure-apps/providers/ldap/index.md @@ -78,9 +78,9 @@ All bind modes rely on flows. The following stages are supported: -- [Identification](../../flows-stages/stages/identification/index.md) +- [Identification](../../flows-stages/stages/identification/index.mdx) - [Password](../../flows-stages/stages/password/index.md) -- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.md) +- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.mdx) Note: Authenticator validation currently only supports DUO, TOTP and static authenticators. diff --git a/website/docs/add-secure-apps/providers/oauth2/client_credentials.md b/website/docs/add-secure-apps/providers/oauth2/client_credentials.mdx similarity index 95% rename from website/docs/add-secure-apps/providers/oauth2/client_credentials.md rename to website/docs/add-secure-apps/providers/oauth2/client_credentials.mdx index a3f316630db8..c825a7c29dba 100644 --- a/website/docs/add-secure-apps/providers/oauth2/client_credentials.md +++ b/website/docs/add-secure-apps/providers/oauth2/client_credentials.mdx @@ -1,3 +1,5 @@ +import VersionBadge from "@site/src/components/VersionBadge"; + ## Machine-to-machine authentication Client credentials can be used for machine-to-machine communication authentication. Clients can authenticate themselves using service-accounts; standard client_id + client_secret is not sufficient. This behavior is due to providers only being able to have a single secret at any given time. @@ -30,7 +32,7 @@ In addition to that, with authentik 2024.4 it is also possible to pass the confi ### JWT-authentication -#### Externally issued JWTs authentik 2022.4+ +#### Externally issued JWTs  You can authenticate and get a token using an existing JWT. For readability we will refer to the JWT issued by the external issuer/platform as input JWT, and the resulting JWT from authentik as the output JWT. @@ -59,7 +61,7 @@ To dynamically limit access based on the claims of the tokens, you can use _[Exp return request.context["oauth_jwt"]["iss"] == "https://my.issuer" ``` -#### authentik-issued JWTs authentik 2024.12+ +#### authentik-issued JWTs  To allow federation between providers, modify the provider settings of the application (whose token will be used for authentication) to select the provider of the application to which you want to federate. diff --git a/website/docs/add-secure-apps/providers/oauth2/index.md b/website/docs/add-secure-apps/providers/oauth2/index.mdx similarity index 98% rename from website/docs/add-secure-apps/providers/oauth2/index.md rename to website/docs/add-secure-apps/providers/oauth2/index.mdx index c2a93aeb38aa..c38d2a088870 100644 --- a/website/docs/add-secure-apps/providers/oauth2/index.md +++ b/website/docs/add-secure-apps/providers/oauth2/index.mdx @@ -2,6 +2,8 @@ title: OAuth 2.0 provider --- +import VersionBadge from "@site/src/components/VersionBadge"; + In authentik, you can [create](./create-oauth2-provider.md) an [OAuth 2.0](https://oauth.net/2/) provider that authentik uses to authenticate the user to the associated application. This provider supports both generic OAuth2 as well as OpenID Connect (OIDC). ## authentik and OAuth 2.0 @@ -112,7 +114,7 @@ The Hybrid Flow is an OpenID Connect flow that incorporates traits of both the I The client credentials flow and grant types are typically implemented for server-to-server scenarios, when code in a web application invokes a web API. -For more information, see [Machine-to-machine authentication](./client_credentials.md). +For more information, see [Machine-to-machine authentication](./client_credentials.mdx). ### 3. Device code @@ -176,6 +178,6 @@ When a _Signing Key_ is selected in the provider, the JWT will be signed asymmet When no _Signing Key_ is selected, the JWT will be signed symmetrically with the _Client secret_ of the provider, which can be seen in the provider settings. -### Encryption authentik 2024.10+ +### Encryption  authentik can also encrypt JWTs (turning them into JWEs) it issues by selecting an _Encryption Key_ in the provider. When selected, all JWTs will be encrypted symmetrically using the selected certificate. authentik uses the `RSA-OAEP-256` algorithm with the `A256CBC-HS512` encryption method. diff --git a/website/docs/add-secure-apps/providers/property-mappings/expression.mdx b/website/docs/add-secure-apps/providers/property-mappings/expression.mdx index f1a12160bdbe..1dd6086ed4d8 100644 --- a/website/docs/add-secure-apps/providers/property-mappings/expression.mdx +++ b/website/docs/add-secure-apps/providers/property-mappings/expression.mdx @@ -6,7 +6,7 @@ The property mapping should return a value that is expected by the provider. Sup ## Available Functions -import Functions from "../../../expressions/_functions.md"; +import Functions from "../../../expressions/_functions.mdx"; diff --git a/website/docs/add-secure-apps/providers/proxy/_caddy_standalone.md b/website/docs/add-secure-apps/providers/proxy/_caddy_standalone.md index 83582dd6324d..f295021185e7 100644 --- a/website/docs/add-secure-apps/providers/proxy/_caddy_standalone.md +++ b/website/docs/add-secure-apps/providers/proxy/_caddy_standalone.md @@ -1,6 +1,6 @@ Use the following configuration: -``` +```apacheconf app.company { # directive execution order is only as stated if enclosed with route. route { @@ -26,7 +26,7 @@ app.company { If you're trying to proxy to an upstream over HTTPS, you need to set the `Host` header to the value they expect for it to work correctly. -``` +```conf reverse_proxy /outpost.goauthentik.io/* https://outpost.company { header_up Host {http.reverse_proxy.upstream.hostport} } diff --git a/website/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md b/website/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md index f584bb6e89d7..5036e2e5d30f 100644 --- a/website/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md +++ b/website/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md @@ -1,4 +1,4 @@ -``` +```nginx # Increase buffer size for large headers # This is needed only if you get 'upstream sent too big header while reading response # header from upstream' error when trying to access an application protected by goauthentik diff --git a/website/docs/add-secure-apps/providers/proxy/_nginx_standalone.md b/website/docs/add-secure-apps/providers/proxy/_nginx_standalone.md index 891d9578c886..ddfc199302c3 100644 --- a/website/docs/add-secure-apps/providers/proxy/_nginx_standalone.md +++ b/website/docs/add-secure-apps/providers/proxy/_nginx_standalone.md @@ -1,4 +1,4 @@ -``` +```nginx # Upgrade WebSocket if requested, otherwise use keepalive map $http_upgrade $connection_upgrade_keepalive { default upgrade; diff --git a/website/docs/add-secure-apps/providers/proxy/header_authentication.md b/website/docs/add-secure-apps/providers/proxy/header_authentication.mdx similarity index 89% rename from website/docs/add-secure-apps/providers/proxy/header_authentication.md rename to website/docs/add-secure-apps/providers/proxy/header_authentication.mdx index 88a0f21591af..035b5dfb5b1a 100644 --- a/website/docs/add-secure-apps/providers/proxy/header_authentication.md +++ b/website/docs/add-secure-apps/providers/proxy/header_authentication.mdx @@ -2,6 +2,8 @@ title: Header authentication --- +import VersionBadge from "@site/src/components/VersionBadge"; + ## Sending authentication ### Send HTTP Basic authentication @@ -25,9 +27,9 @@ By default, when _Intercept header authentication_ is enabled, authentik will in If the proxied application requires usage of the "Authorization" header, the setting should be disabled. When this setting is disabled, authentik will still attempt to interpret the "Authorization" header, and fall back to the default behaviour if it can't. -### Receiving HTTP Basic authentication authentik 2023.1+ +### Receiving HTTP Basic authentication  -Proxy providers can receive HTTP basic authentication credentials. The password is expected to be an _App password_, as the credentials are used internally with the [OAuth2 machine-to-machine authentication flow](../oauth2/client_credentials.md). +Proxy providers can receive HTTP basic authentication credentials. The password is expected to be an _App password_, as the credentials are used internally with the [OAuth2 machine-to-machine authentication flow](../oauth2/client_credentials.mdx). Access control is done with the policies bound to the application being accessed. @@ -39,9 +41,9 @@ It is **strongly** recommended that the client sending requests with HTTP-Basic Starting with authentik 2023.2, logging in with the reserved username `goauthentik.io/token` will behave as if a bearer token was used. All the same options as below apply. This is to allow token-based authentication for applications which might only support basic authentication. -### Receiving HTTP Bearer authentication authentik 2023.1+ +### Receiving HTTP Bearer authentication  -Proxy providers can receive HTTP bearer authentication credentials. The token is expected to be a JWT token issued for the proxy provider. This is described [here](../oauth2/client_credentials.md), using the _client_id_ value shown in the admin interface. Both static and JWT authentication methods are supported. +Proxy providers can receive HTTP bearer authentication credentials. The token is expected to be a JWT token issued for the proxy provider. This is described [here](../oauth2/client_credentials.mdx), using the _client_id_ value shown in the admin interface. Both static and JWT authentication methods are supported. Access control is done with the policies bound to the application being accessed. diff --git a/website/docs/add-secure-apps/providers/proxy/server_caddy.mdx b/website/docs/add-secure-apps/providers/proxy/server_caddy.mdx index 34061456db2a..e9476c8c386c 100644 --- a/website/docs/add-secure-apps/providers/proxy/server_caddy.mdx +++ b/website/docs/add-secure-apps/providers/proxy/server_caddy.mdx @@ -1,17 +1,15 @@ --- title: Caddy -hide_title: true +authentik_version: "2022.8" --- -import Tabs from "@theme/Tabs" -import TabItem from "@theme/TabItem" - -# Caddy authentik 2022.8+ +import Tabs from "@theme/Tabs"; +import TabItem from "@theme/TabItem"; +import Placeholders from "./__placeholders.md"; +import CaddyStandalone from "./_caddy_standalone.md"; The configuration template shown below apply to both single-application and domain-level forward auth. -import Placeholders from "./__placeholders.md" - -import CaddyStandalone from "./_caddy_standalone.md"; - diff --git a/website/docs/add-secure-apps/providers/proxy/server_envoy.mdx b/website/docs/add-secure-apps/providers/proxy/server_envoy.mdx index 1438692fd3a8..c895b7c696c9 100644 --- a/website/docs/add-secure-apps/providers/proxy/server_envoy.mdx +++ b/website/docs/add-secure-apps/providers/proxy/server_envoy.mdx @@ -1,12 +1,14 @@ --- title: Envoy -hide_title: true +authentik_version: "2022.6" --- -import Tabs from "@theme/Tabs" -import TabItem from "@theme/TabItem" +import Tabs from "@theme/Tabs"; +import TabItem from "@theme/TabItem"; +import Placeholders from "./__placeholders.md"; +import EnvoyIstio from "./_envoy_istio.md"; -# Envoy authentik 2022.6+ +# Envoy The configuration template shown below apply to both single-application and domain-level forward auth. @@ -14,20 +16,18 @@ The configuration template shown below apply to both single-application and doma If you are using Istio and Kubernetes, use the port number that is exposed for your cluster. ::: -import Placeholders from "./__placeholders.md" - - - -import EnvoyIstio from "./_envoy_istio.md"; - - - - + defaultValue="envoy-istio" + values={[ + { + label: "Envoy (Istio)", + value: "envoy-istio", + }, + ]} +> + + + diff --git a/website/docs/add-secure-apps/providers/rac/how-to-rac.md b/website/docs/add-secure-apps/providers/rac/how-to-rac.md index c378b2cbe904..5f41bef2ffff 100644 --- a/website/docs/add-secure-apps/providers/rac/how-to-rac.md +++ b/website/docs/add-secure-apps/providers/rac/how-to-rac.md @@ -26,7 +26,7 @@ The first step is to create the RAC app and provider. 2. In the Admin interface, navigate to **Applications -> Applications**. -3. Click **Create with Wizard**. Follow the [instructions](../../applications/manage_apps.md#instructions) to create your RAC application and provider. +3. Click **Create with Wizard**. Follow the [instructions](../../applications/manage_apps.mdx#instructions) to create your RAC application and provider. ### Step 2. Create RAC property mapping diff --git a/website/docs/add-secure-apps/providers/rac/index.md b/website/docs/add-secure-apps/providers/rac/index.md index 838a3e203380..35cd36a59c09 100644 --- a/website/docs/add-secure-apps/providers/rac/index.md +++ b/website/docs/add-secure-apps/providers/rac/index.md @@ -1,9 +1,6 @@ --- title: Remote Access Control (RAC) Provider ---- - -Enterprise - +authentik_enterprise: true --- :::info diff --git a/website/docs/add-secure-apps/providers/radius/index.mdx b/website/docs/add-secure-apps/providers/radius/index.mdx index b0cdf9045b94..29efeb156714 100644 --- a/website/docs/add-secure-apps/providers/radius/index.mdx +++ b/website/docs/add-secure-apps/providers/radius/index.mdx @@ -18,9 +18,9 @@ Authentication requests against the Radius Server use a flow in the background. The following stages are supported: -- [Identification](../../flows-stages/stages/identification/index.md) +- [Identification](../../flows-stages/stages/identification/index.mdx) - [Password](../../flows-stages/stages/password/index.md) -- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.md) +- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.mdx) Note: Authenticator validation currently only supports DUO, TOTP, and static authenticators. diff --git a/website/docs/customize/blueprints/export.md b/website/docs/customize/blueprints/export.mdx similarity index 91% rename from website/docs/customize/blueprints/export.md rename to website/docs/customize/blueprints/export.mdx index 0f94c78acac2..1c518a9dc229 100644 --- a/website/docs/customize/blueprints/export.md +++ b/website/docs/customize/blueprints/export.mdx @@ -2,7 +2,9 @@ title: Export --- -## Global export authentik 2022.8.2+ +import VersionBadge from "@site/src/components/VersionBadge"; + +## Global export  To migrate existing configurations to blueprints, run `ak export_blueprint` within any authentik Worker container. This will output a blueprint for most currently created objects. Some objects will not be exported as they might have dependencies on other things. diff --git a/website/docs/customize/blueprints/index.md b/website/docs/customize/blueprints/index.mdx similarity index 95% rename from website/docs/customize/blueprints/index.md rename to website/docs/customize/blueprints/index.mdx index aa2fb1b2d2fb..26e651fda4e1 100644 --- a/website/docs/customize/blueprints/index.md +++ b/website/docs/customize/blueprints/index.mdx @@ -1,10 +1,9 @@ --- title: Blueprints +authentik_version: "2022.8" --- -authentik 2022.8+ - ---- +import VersionBadge from "@site/src/components/VersionBadge"; Blueprints offer a new way to template, automate and distribute authentik configuration. Blueprints can be used to automatically configure instances, manage config as code without any external tools, and to distribute application configs. @@ -58,7 +57,7 @@ To push a blueprint to an OCI-compatible registry, [ORAS](https://oras.land/) ca oras push ghcr.io//blueprint/:latest :application/vnd.goauthentik.blueprint.v1+yaml ``` -## Storage - Internal authentik 2023.1+ +## Storage - Internal  Blueprints can be stored in authentik's database, which allows blueprints to be managed via external configuration management tools like Terraform. diff --git a/website/docs/customize/blueprints/v1/models.md b/website/docs/customize/blueprints/v1/models.mdx similarity index 84% rename from website/docs/customize/blueprints/v1/models.md rename to website/docs/customize/blueprints/v1/models.mdx index 65451b1a2056..c18ae2b4d9bf 100644 --- a/website/docs/customize/blueprints/v1/models.md +++ b/website/docs/customize/blueprints/v1/models.mdx @@ -1,10 +1,12 @@ +import VersionBadge from "@site/src/components/VersionBadge"; + # Models Some models behave differently and allow for access to different API fields when created via blueprint. ## `authentik_core.token` -### `key` authentik 2023.4+ +### `key`  Via the standard API, a token's key cannot be changed, it can only be rotated. This is to ensure a high entropy in it's key, and to prevent insecure data from being used. However, when provisioning tokens via a blueprint, it may be required to set a token to an existing value. @@ -26,7 +28,7 @@ For example: ## `authentik_core.user` -### `password` authentik 2023.6+ +### `password`  Via the standard API, a user's password can only be set via the separate `/api/v3/core/users//set_password/` endpoint. In blueprints, the password of a user can be set using the `password` field. @@ -45,7 +47,7 @@ For example: password: this-should-be-a-long-value ``` -### `permissions` authentik 2024.8+ +### `permissions`  The `permissions` field can be used to set global permissions for a user. A full list of possible permissions is included in the JSON schema for blueprints. @@ -63,7 +65,7 @@ For example: ## `authentik_core.application` -### `icon` authentik 2023.5+ +### `icon`  Application icons can be directly set to URLs with the `icon` field. @@ -81,7 +83,7 @@ For example: ## `authentik_sources_oauth.oauthsource`, `authentik_sources_saml.samlsource`, `authentik_sources_plex.plexsource` -### `icon` authentik 2023.5+ +### `icon`  Source icons can be directly set to URLs with the `icon` field. @@ -99,7 +101,7 @@ For example: ## `authentik_flows.flow` -### `icon` authentik 2023.5+ +### `icon`  Flow backgrounds can be directly set to URLs with the `background` field. @@ -119,7 +121,7 @@ For example: ## `authentik_rbac.role` -### `permissions` authentik 2024.8+ +### `permissions`  The `permissions` field can be used to set global permissions for a role. A full list of possible permissions is included in the JSON schema for blueprints. diff --git a/website/docs/customize/blueprints/v1/tags.md b/website/docs/customize/blueprints/v1/tags.mdx similarity index 98% rename from website/docs/customize/blueprints/v1/tags.md rename to website/docs/customize/blueprints/v1/tags.mdx index 2b72822f065b..5076815e7a9e 100644 --- a/website/docs/customize/blueprints/v1/tags.md +++ b/website/docs/customize/blueprints/v1/tags.mdx @@ -1,10 +1,12 @@ +import VersionBadge from "@site/src/components/VersionBadge"; + # YAML Tags To use the custom tags with your preferred editor, you must make the editor aware of the custom tags. For VS Code, for example, add these entries to your `settings.json`: -``` +```json { "yaml.customTags": [ "!Condition sequence", @@ -301,7 +303,7 @@ The above example will resolve to something like this: - "bar: (index: 2, letter: r)" ``` -#### `!AtIndex` authentik 2024.12+ +#### `!AtIndex`  Minimal example: diff --git a/website/docs/customize/policies/expression.mdx b/website/docs/customize/policies/expression.mdx index de35397cd84d..756ae1f20337 100644 --- a/website/docs/customize/policies/expression.mdx +++ b/website/docs/customize/policies/expression.mdx @@ -42,7 +42,7 @@ ak_message("Access denied") return False ``` -import Functions from "../../expressions/_functions.md"; +import Functions from "../../expressions/_functions.mdx"; @@ -119,7 +119,7 @@ This includes the following: - `context['prompt_data']`: Data which has been saved from a prompt stage or an external source. (Optional) - `context['application']`: The application the user is in the process of authorizing. (Optional) - `context['source']`: The source the user is authenticating/enrolling with. (Optional) -- `context['pending_user']`: The currently pending user, see [User](../../users-sources/user/user_ref.md) +- `context['pending_user']`: The currently pending user, see [User](../../users-sources/user/user_ref.mdx) - `context['is_restored']`: Contains the flow token when the flow plan was restored from a link, for example the user clicked a link to a flow which was sent by an email stage. (Optional) - `context['auth_method']`: Authentication method (this value is set by password stages) (Optional) diff --git a/website/docs/customize/policies/expression/managing_flow_context_keys.md b/website/docs/customize/policies/expression/managing_flow_context_keys.md index 16a7528026d7..cb797a4c3a17 100644 --- a/website/docs/customize/policies/expression/managing_flow_context_keys.md +++ b/website/docs/customize/policies/expression/managing_flow_context_keys.md @@ -2,7 +2,7 @@ title: Managing flow context keys --- -[Flow context](../../../add-secure-apps/flows-stages/flow/context/index.md) can be managed in [Expression policies](../expression.mdx) via the `context['flow_plan'].context` variable. +[Flow context](../../../add-secure-apps/flows-stages/flow/context/index.mdx) can be managed in [Expression policies](../expression.mdx) via the `context['flow_plan'].context` variable. Here's an example of setting a key in an Expression policy: diff --git a/website/docs/customize/policies/working_with_policies.md b/website/docs/customize/policies/working_with_policies.md index 662048b0cea7..0dcb9d47cc8d 100644 --- a/website/docs/customize/policies/working_with_policies.md +++ b/website/docs/customize/policies/working_with_policies.md @@ -8,7 +8,7 @@ authentik provides several [standard policy types](./index.md#standard-policies) We also document how to use a policy to [whitelist email domains](./expression/whitelist_email.md) and to [ensure unique email addresses](./expression/unique_email.md). -To learn more see also [bindings](../../add-secure-apps/flows-stages/bindings/index.md) and how to use the [authentik Wizard to bind policy bindings to the new application](../../add-secure-apps/applications/manage_apps.md#add-new-applications) (for example, to configure application-specific access). +To learn more see also [bindings](../../add-secure-apps/flows-stages/bindings/index.md) and how to use the [authentik Wizard to bind policy bindings to the new application](../../add-secure-apps/applications/manage_apps.mdx#add-new-applications) (for example, to configure application-specific access). ## Create a policy diff --git a/website/docs/enterprise/get-started.md b/website/docs/enterprise/get-started.md index 1e4bc2dd00e2..c8446d6e6a0c 100644 --- a/website/docs/enterprise/get-started.md +++ b/website/docs/enterprise/get-started.md @@ -15,7 +15,7 @@ If this is a fresh install, refer to our [technical documentation](../install-co ## Access Enterprise -Access your Enterprise features by first [purchasing a license](./manage-enterprise.md#buy-a-license) for the organization. +Access your Enterprise features by first [purchasing a license](./manage-enterprise.mdx#buy-a-license) for the organization. To open the Customer Portal and buy a license, go to the Admin interface and in the left pane, navigate to **Enterprise -> Licenses**, and then click **Go to Customer Portal**. diff --git a/website/docs/enterprise/index.md b/website/docs/enterprise/index.md index 7e94b39727c8..90033bdb864b 100644 --- a/website/docs/enterprise/index.md +++ b/website/docs/enterprise/index.md @@ -7,7 +7,7 @@ The Enterprise release of authentik provides all of the functionality that we ha Refer to our Enterprise documentation for information about creating and managing your organization, purchasing and activating a license, support, and managing billing and organization members. - [Get started with Enterprise](./get-started.md) -- [Manage your Enterprise account](./manage-enterprise.md) +- [Manage your Enterprise account](./manage-enterprise.mdx) - [Support for Enterprise accounts](./entsupport.md) Our standard technical documentation covers how to configure, customize, and use authentik, whether the open source version that we have built our reputation on or our Enterprise version with dedicated support. diff --git a/website/docs/enterprise/manage-enterprise.md b/website/docs/enterprise/manage-enterprise.mdx similarity index 98% rename from website/docs/enterprise/manage-enterprise.md rename to website/docs/enterprise/manage-enterprise.mdx index b3857b0fbe3b..c6b0de1fddb8 100644 --- a/website/docs/enterprise/manage-enterprise.md +++ b/website/docs/enterprise/manage-enterprise.mdx @@ -2,6 +2,8 @@ title: Manage your Enterprise account --- +import VersionBadge from "@site/src/components/VersionBadge"; + ## Organization management Your organization defines the members, their roles, the licenses associated with the organization, and account management for billing, payment methods, and invoice history. @@ -109,7 +111,7 @@ The following events occur when a license expires or the internal/external user - Users can authenticate and authorize applications - Licenses can be modified - - Users can be modified/deleted authentik 2024.10.5+ + - Users can be modified/deleted After the violation is corrected (either the user count returns to be within the limits of the license or the license is renewed), authentik will return to the standard read-write mode and the notification will disappear. diff --git a/website/docs/expressions/_functions.md b/website/docs/expressions/_functions.mdx similarity index 89% rename from website/docs/expressions/_functions.md rename to website/docs/expressions/_functions.mdx index c5826dfa3781..832a4556ace4 100644 --- a/website/docs/expressions/_functions.md +++ b/website/docs/expressions/_functions.mdx @@ -1,3 +1,5 @@ +import VersionBadge from "@site/src/components/VersionBadge"; + ### `regex_match(value: Any, regex: str) -> bool` Check if `value` matches Regular Expression `regex`. @@ -29,7 +31,7 @@ user = list_flatten(["foo"]) # user = "foo" ``` -### `ak_call_policy(name: str, **kwargs) -> PolicyResult` authentik 2021.12+ +### `ak_call_policy(name: str, **kwargs) -> PolicyResult`  Call another policy with the name _name_. Current request is passed to policy. Key-word arguments can be used to modify the request's context. @@ -70,7 +72,7 @@ Example: other_user = ak_user_by(username="other_user") ``` -### `ak_user_has_authenticator(user: User, device_type: Optional[str] = None) -> bool` authentik 2022.9+ +### `ak_user_has_authenticator(user: User, device_type: Optional[str] = None) -> bool`  Check if a user has any authenticator devices. Only fully validated devices are counted. @@ -87,7 +89,7 @@ Example: return ak_user_has_authenticator(request.user) ``` -### `ak_create_event(action: str, **kwargs) -> None` authentik 2022.9+ +### `ak_create_event(action: str, **kwargs) -> None`  Create a new event with the action set to `action`. Any additional key-word parameters will be saved in the event context. Additionally, `context` will be set to the context in which this function is called. @@ -101,7 +103,7 @@ Example: ak_create_event("my_custom_event", foo=request.user) ``` -### `ak_create_jwt(user: User, provider: OAuth2Provider | str, scopes: list[str], validity = "seconds=60") -> str | None` authentik 2025.2+ +### `ak_create_jwt(user: User, provider: OAuth2Provider | str, scopes: list[str], validity = "seconds=60") -> str | None`  Create a new JWT signed by the given `provider` for `user`. @@ -136,7 +138,7 @@ ip_address('192.0.2.1') in ip_network('192.0.2.0/24') # evaluates to True ``` -## DNS resolution and reverse DNS lookups authentik 2023.3+ +## DNS resolution and reverse DNS lookups  To resolve a hostname to a list of IP addresses, use the functions `resolve_dns(hostname)` and `resolve_dns(hostname, ip_version)`. diff --git a/website/docs/expressions/_user.md b/website/docs/expressions/_user.md index 5722c8c3c391..1c39a84bc96a 100644 --- a/website/docs/expressions/_user.md +++ b/website/docs/expressions/_user.md @@ -1,4 +1,4 @@ -- `user`: The current user. This may be `None` if there is no contextual user. See [User](../users-sources/user/user_ref.md#object-properties). +- `user`: The current user. This may be `None` if there is no contextual user. See [User](../users-sources/user/user_ref.mdx#object-properties). Example: diff --git a/website/docs/install-config/automated-install.md b/website/docs/install-config/automated-install.mdx similarity index 66% rename from website/docs/install-config/automated-install.md rename to website/docs/install-config/automated-install.mdx index 989fc687eab7..f9ac9a3da994 100644 --- a/website/docs/install-config/automated-install.md +++ b/website/docs/install-config/automated-install.mdx @@ -2,36 +2,38 @@ title: Automated install --- +import VersionBadge from "@site/src/components/VersionBadge"; + To install authentik automatically (skipping the Out-of-box experience), you can use the following environment variables on the worker container: ### `AUTHENTIK_BOOTSTRAP_PASSWORD` Configure the default password for the `akadmin` user. Only read on the first startup. Can be used for any flow executor. -### `AUTHENTIK_BOOTSTRAP_TOKEN` authentik 2021.8+ +### `AUTHENTIK_BOOTSTRAP_TOKEN`  Create a token for the default `akadmin` user. Only read on the first startup. The string you specify for this variable is the token key you can use to authenticate yourself to the API. -### `AUTHENTIK_BOOTSTRAP_EMAIL` authentik 2023.3+ +### `AUTHENTIK_BOOTSTRAP_EMAIL`  Set the email address for the default `akadmin` user. ## Kubernetes -In the Helm values, set the `akadmin`user password and token: +In the Helm values, set the `akadmin` user password and token: -```text +```yaml authentik: - bootstrap_token: test - bootstrap_password: test + bootstrap_token: test + bootstrap_password: test ``` To store the password and token in a secret, use: -```text +```yaml envFrom: - - secretRef: - name: _some-secret_ + - secretRef: + name: _some-secret_ ``` where _some-secret_ contains the environment variables as in the documentation above. diff --git a/website/docs/install-config/configuration/configuration.mdx b/website/docs/install-config/configuration/configuration.mdx index 17e3c4f7f602..0d223219d912 100644 --- a/website/docs/install-config/configuration/configuration.mdx +++ b/website/docs/install-config/configuration/configuration.mdx @@ -2,6 +2,8 @@ title: Configuration --- +import VersionBadge from "@site/src/components/VersionBadge"; + This page details all the authentik configuration options that you can set via environment variables. ## About authentik configurations @@ -17,7 +19,7 @@ All of these variables can be set to values, but you can also use a URI-like for ## Set your environment variables -import Tabs from "@theme/Tabs" +import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; @@ -143,7 +145,7 @@ Additionally, you can set `AUTHENTIK_POSTGRESQL__CONN_HEALTH_CHECK` to perform h - `AUTHENTIK_CACHE__TIMEOUT_REPUTATION`: Timeout for cached reputation until they expire in seconds, defaults to 300 :::info - `AUTHENTIK_CACHE__TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry-authentik-202382) to control how long reputation is persisted for. + `AUTHENTIK_CACHE__TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry) to control how long reputation is persisted for. ::: ## Channel Layer Settings (inter-instance communication) @@ -156,7 +158,7 @@ Additionally, you can set `AUTHENTIK_POSTGRESQL__CONN_HEALTH_CHECK` to perform h - `AUTHENTIK_BROKER__TRANSPORT_OPTIONS`: Base64-encoded broker transport options :::info - `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry-authentik-202382) to control how long reputation is persisted for. + `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry) to control how long reputation is persisted for. ::: ## Listen Settings @@ -319,47 +321,47 @@ Disable the inbuilt update-checker. Defaults to `false`. - Kubeconfig - Existence of a docker socket -### `AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS` authentik 2023.1+ +### `AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS`  Timeout in hours for LDAP synchronization tasks. Defaults to `2`. -### `AUTHENTIK_LDAP__PAGE_SIZE` authentik 2023.6.1+ +### `AUTHENTIK_LDAP__PAGE_SIZE`  Page size for LDAP synchronization. Controls the number of objects created in a single task. Defaults to `50`. -### `AUTHENTIK_LDAP__TLS__CIPHERS` authentik 2022.7+ +### `AUTHENTIK_LDAP__TLS__CIPHERS`  Allows configuration of TLS Cliphers for LDAP connections used by LDAP sources. Setting applies to all sources. Defaults to `null`. -### `AUTHENTIK_REPUTATION__EXPIRY` authentik 2023.8.2+ +### `AUTHENTIK_REPUTATION__EXPIRY`  Configure how long reputation scores should be saved for in seconds. Note that this is different than [`AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION`](#redis-settings), as reputation is saved to the database every 5 minutes. Defaults to `86400`. -### `AUTHENTIK_SESSION_STORAGE` authentik 2024.4+ +### `AUTHENTIK_SESSION_STORAGE`  Configure if the sessions are stored in the cache or the database. Defaults to `cache`. Allowed values are `cache` and `db`. Note that changing this value will invalidate all previous sessions. -### `AUTHENTIK_WEB__WORKERS` authentik 2022.9+ +### `AUTHENTIK_WEB__WORKERS`  Configure how many gunicorn worker processes should be started (see https://docs.gunicorn.org/en/stable/design.html). Defaults to 2. A value below 2 workers is not recommended. In environments where scaling with multiple replicas of the authentik server is not possible, this number can be increased to handle higher loads. -### `AUTHENTIK_WEB__THREADS` authentik 2022.9+ +### `AUTHENTIK_WEB__THREADS`  Configure how many gunicorn threads a worker processes should have (see https://docs.gunicorn.org/en/stable/design.html). Defaults to 4. -### `AUTHENTIK_WORKER__CONCURRENCY` authentik 2023.9+ +### `AUTHENTIK_WORKER__CONCURRENCY`  Configure Celery worker concurrency for authentik worker (see https://docs.celeryq.dev/en/latest/userguide/configuration.html#worker-concurrency). This essentially defines the number of worker processes spawned for a single worker. @@ -375,7 +377,7 @@ Configure the path under which authentik is serverd. For example to access authe Defaults to `/`. -## System settings authentik 2024.2+ +## System settings  Additional settings are configurable using the Admin interface, under **System** -> **Settings** or using the API. diff --git a/website/docs/install-config/index.mdx b/website/docs/install-config/index.mdx index 7a457a127fd2..ee40c5ae314a 100644 --- a/website/docs/install-config/index.mdx +++ b/website/docs/install-config/index.mdx @@ -4,7 +4,7 @@ title: Installation and Configuration Everything you need to get authentik up and running! -The installation process for our free open source version and our [Enterprise](../enterprise/index.md) version are exactly the same. For information about obtaining an Enterprise license, refer to [License management](../enterprise/manage-enterprise.md#license-management) documentation. +The installation process for our free open source version and our [Enterprise](../enterprise/index.md) version are exactly the same. For information about obtaining an Enterprise license, refer to [License management](../enterprise/manage-enterprise.mdx#license-management) documentation. For information about upgrading to a new version, refer to the Upgrade section in the relevant [Release Notes](../releases) and to our [Upgrade authentik](./upgrade.mdx) documentation. diff --git a/website/docs/releases/2022/v2022.3.md b/website/docs/releases/2022/v2022.3.md index 825c9605dd5e..157dd01f1302 100644 --- a/website/docs/releases/2022/v2022.3.md +++ b/website/docs/releases/2022/v2022.3.md @@ -11,7 +11,7 @@ User settings are now configured using flows and stages, allowing administrators ### `client_credentials` support -authentik now supports the OAuth `client_credentials` grant for machine-to-machine authentication. See [OAuth2 Provider](../../add-secure-apps/providers/oauth2/index.md) +authentik now supports the OAuth `client_credentials` grant for machine-to-machine authentication. See [OAuth2 Provider](../../add-secure-apps/providers/oauth2/index.mdx) ## Deprecations diff --git a/website/docs/releases/2022/v2022.5.md b/website/docs/releases/2022/v2022.5.md index 2db311012cfb..66749cbad692 100644 --- a/website/docs/releases/2022/v2022.5.md +++ b/website/docs/releases/2022/v2022.5.md @@ -24,7 +24,7 @@ slug: "/releases/2022.5" - OAuth2: Add support for `form_post` response mode - Don't prompt users for MFA when they've authenticated themselves within a time period - You can now configure any [Authenticator Validation Stage](../../add-secure-apps/flows-stages/stages/authenticator_validate/index.md) stage to not ask for MFA validation if the user has previously authenticated themselves with an MFA device (of any of the selected classes) in the `Last validation threshold`. + You can now configure any [Authenticator Validation Stage](../../add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx) stage to not ask for MFA validation if the user has previously authenticated themselves with an MFA device (of any of the selected classes) in the `Last validation threshold`. - Optimise bundling of web assets diff --git a/website/docs/releases/2022/v2022.8.md b/website/docs/releases/2022/v2022.8.md index 9ef9163a3d1b..9cb4dfa5989b 100644 --- a/website/docs/releases/2022/v2022.8.md +++ b/website/docs/releases/2022/v2022.8.md @@ -13,7 +13,7 @@ slug: "/releases/2022.8" - Blueprints - Blueprints allow for the configuration, automation and templating of authentik objects and configurations. They can be used to bootstrap new instances, configure them automatically without external tools, and to template configurations for sharing. See more [here](../../customize/blueprints/index.md). + Blueprints allow for the configuration, automation and templating of authentik objects and configurations. They can be used to bootstrap new instances, configure them automatically without external tools, and to template configurations for sharing. See more [here](../../customize/blueprints/index.mdx). For installations upgrading to 2022.8, if a single flow exists, then the default blueprints will not be activated, to not overwrite user modifications. diff --git a/website/docs/releases/2022/v2022.9.md b/website/docs/releases/2022/v2022.9.md index bdac30c7d05c..ebb85cdb13f5 100644 --- a/website/docs/releases/2022/v2022.9.md +++ b/website/docs/releases/2022/v2022.9.md @@ -5,7 +5,7 @@ slug: "/releases/2022.9" ## Breaking changes -- `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../../install-config/configuration/configuration.mdx#authentik_web__workers-authentik-20229) +- `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../../install-config/configuration/configuration.mdx#authentik_web__workers) ## New features @@ -15,7 +15,7 @@ slug: "/releases/2022.9" - Duo Admin API integration - When using a Duo MFA, Duo Access or Duo Beyond plan, authentik can now automatically import devices from Duo into authentik. More info [here](../../add-secure-apps/flows-stages/stages/authenticator_duo/index.md). + When using a Duo MFA, Duo Access or Duo Beyond plan, authentik can now automatically import devices from Duo into authentik. More info [here](../../add-secure-apps/flows-stages/stages/authenticator_duo/index.mdx). ## API Changes diff --git a/website/docs/releases/2023/v2023.1.md b/website/docs/releases/2023/v2023.1.md index d35b8597bf09..e0549da8eb21 100644 --- a/website/docs/releases/2023/v2023.1.md +++ b/website/docs/releases/2023/v2023.1.md @@ -17,7 +17,7 @@ slug: "/releases/2023.1" - Proxy provider now accepts HTTP Basic and Bearer authentication - See [Header authentication](../../add-secure-apps/providers/proxy/header_authentication.md). + See [Header authentication](../../add-secure-apps/providers/proxy/header_authentication.mdx). - LDAP provider now works with Code-based MFA stages diff --git a/website/docs/releases/2024/v2024.12.md b/website/docs/releases/2024/v2024.12.md index 5766f8300310..0f62f4f14530 100644 --- a/website/docs/releases/2024/v2024.12.md +++ b/website/docs/releases/2024/v2024.12.md @@ -46,7 +46,7 @@ slug: "/releases/2024.12" - **OAuth2 provider federation** - Configure [OAuth2 provider federation](../../add-secure-apps/providers/oauth2/client_credentials.md#authentik-issued-jwts-authentik-202412) to allow exchanging authentication tokens between multiple providers. + Configure [OAuth2 provider federation](../../add-secure-apps/providers/oauth2/client_credentials.mdx#authentik-issued-jwts) to allow exchanging authentication tokens between multiple providers. - **Silent authorization flow** diff --git a/website/docs/releases/2024/v2024.4.md b/website/docs/releases/2024/v2024.4.md index 106e46c1bd51..ad06d6269f44 100644 --- a/website/docs/releases/2024/v2024.4.md +++ b/website/docs/releases/2024/v2024.4.md @@ -43,7 +43,7 @@ slug: /releases/2024.4 Configure which types of WebAuthn devices can be used to enroll and validate for different authorization levels. - For details refer to [WebAuthn authenticator setup stage](../../add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md) + For details refer to [WebAuthn authenticator setup stage](../../add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx) - **Revamped UI for log messages** diff --git a/website/docs/releases/old/v0.10.md b/website/docs/releases/old/v0.10.md index 56d05efeab88..47be7f9b180a 100644 --- a/website/docs/releases/old/v0.10.md +++ b/website/docs/releases/old/v0.10.md @@ -73,4 +73,4 @@ This upgrade only applies if you are upgrading from a running 0.9 instance. auth Because this upgrade brings the new OAuth2 Provider, the old providers will be lost in the process. Make sure to take note of the providers you want to bring over. -Another side-effect of this upgrade is the change of OAuth2 URLs, see [here](../../add-secure-apps/providers/oauth2/index.md). +Another side-effect of this upgrade is the change of OAuth2 URLs, see [here](../../add-secure-apps/providers/oauth2/index.mdx). diff --git a/website/docs/security/security-hardening.md b/website/docs/security/security-hardening.md index f79e9af6b17b..65099b736ebc 100644 --- a/website/docs/security/security-hardening.md +++ b/website/docs/security/security-hardening.md @@ -25,7 +25,7 @@ However, for further hardening, it is possible to prevent any user (even super-u - `/api/v3/propertymappings*` - `/api/v3/managed/blueprints*` -With these restrictions in place, expressions can only be edited using [Blueprints on the file system](../customize/blueprints/index.md#storage---file). Take care to restrict access to the file system itself. +With these restrictions in place, expressions can only be edited using [Blueprints on the file system](../customize/blueprints/index.mdx#storage---file). Take care to restrict access to the file system itself. ### Blueprints @@ -35,7 +35,7 @@ To prevent any user from creating/editing blueprints, block API requests to this - `/api/v3/managed/blueprints*` -With these restrictions in place, Blueprints can only be edited via [the file system](../customize/blueprints/index.md#storage---file). +With these restrictions in place, Blueprints can only be edited via [the file system](../customize/blueprints/index.mdx#storage---file). ### CAPTCHA Stage @@ -46,7 +46,7 @@ To prevent any user from creating/editing CAPTCHA stages block API requests to t - `/api/v3/stages/captcha*` - `/api/v3/managed/blueprints*` -With these restrictions in place, CAPTCHA stages can only be edited using [Blueprints on the file system](../customize/blueprints/index.md#storage---file). +With these restrictions in place, CAPTCHA stages can only be edited using [Blueprints on the file system](../customize/blueprints/index.mdx#storage---file). ### Content Security Policy (CSP) diff --git a/website/docs/sys-mgmt/tenancy.md b/website/docs/sys-mgmt/tenancy.md index abe8cf728736..d874b0f47f9c 100644 --- a/website/docs/sys-mgmt/tenancy.md +++ b/website/docs/sys-mgmt/tenancy.md @@ -1,9 +1,6 @@ --- title: Tenancy ---- - -Enterprise - +authentik_enterprise: true --- ::::warning @@ -32,7 +29,7 @@ For each additional tenant (beyond the default one), one or more licenses is req A single tenant and its corresponding installation can have multiple license keys. For example, a company might purchase one license for 50 users, and then later in the same year need to buy another license for 50 more users, due to company growth. Both licenses are associated to the one installation, the one tenant. -Learn more in our documentation about [Enterprise licenses](../enterprise/manage-enterprise.md#license-management). +Learn more in our documentation about [Enterprise licenses](../enterprise/manage-enterprise.mdx#license-management). ### Important considerations diff --git a/website/docs/users-sources/groups/group_ref.md b/website/docs/users-sources/groups/group_ref.md index 28da0610ebb8..f75dad609f1f 100644 --- a/website/docs/users-sources/groups/group_ref.md +++ b/website/docs/users-sources/groups/group_ref.md @@ -13,4 +13,4 @@ The Group object has the following properties: ## Attributes -See [the user reference](../user/user_ref.md#attributes) for well-known attributes. +See [the user reference](../user/user_ref.mdx#attributes) for well-known attributes. diff --git a/website/docs/users-sources/groups/index.mdx b/website/docs/users-sources/groups/index.mdx index 6764bfc9cb8c..fb6c65935836 100644 --- a/website/docs/users-sources/groups/index.mdx +++ b/website/docs/users-sources/groups/index.mdx @@ -3,7 +3,7 @@ title: About groups description: Learn about groups in authentik --- -For information about creating and editing groups refer to [Manage groups](./manage_groups.md). +For information about creating and editing groups refer to [Manage groups](./manage_groups.mdx). ## Hierarchy diff --git a/website/docs/users-sources/groups/manage_groups.md b/website/docs/users-sources/groups/manage_groups.mdx similarity index 95% rename from website/docs/users-sources/groups/manage_groups.md rename to website/docs/users-sources/groups/manage_groups.mdx index 6e51e9801bca..66d1b5f9af3b 100644 --- a/website/docs/users-sources/groups/manage_groups.md +++ b/website/docs/users-sources/groups/manage_groups.mdx @@ -3,6 +3,8 @@ title: Manage groups description: "Learn how to work with groups in authentik." --- +import VersionBadge from "@site/src/components/VersionBadge"; + A group is a collection of users. Refer to the following sections to learn how to create and manage groups, assign users and roles to groups, and how [permissions](../access-control/manage_permissions.md) work on a group level. ## Create a group @@ -43,7 +45,7 @@ To delete a group, follow these steps: You can assign a role to a group, and then all users in the group inherit the permissions assigned to that role. For instructions and more information, see [Assign a role to a group](../roles/manage_roles.md#assign-a-role-to-a-group). -## Delegating group member management authentik 2024.4+ +## Delegating group member management  To give a specific Role or User the ability to manage group members, the following permissions need to be granted on the matching Group object: diff --git a/website/docs/users-sources/sources/directory-sync/active-directory/index.md b/website/docs/users-sources/sources/directory-sync/active-directory/index.md index dacc13aabdef..6b10fdfc1075 100644 --- a/website/docs/users-sources/sources/directory-sync/active-directory/index.md +++ b/website/docs/users-sources/sources/directory-sync/active-directory/index.md @@ -1,9 +1,8 @@ --- title: Active Directory +support_level: community --- -Support level: Community - ## Preparation The following placeholders are used in this guide: diff --git a/website/docs/users-sources/sources/directory-sync/freeipa/index.md b/website/docs/users-sources/sources/directory-sync/freeipa/index.md index 26c826ba28f3..b0e939b22bf2 100644 --- a/website/docs/users-sources/sources/directory-sync/freeipa/index.md +++ b/website/docs/users-sources/sources/directory-sync/freeipa/index.md @@ -1,9 +1,8 @@ --- title: FreeIPA +support_level: community --- -Support level: Community - ## Preparation The following placeholders are used in this guide: diff --git a/website/docs/users-sources/sources/index.md b/website/docs/users-sources/sources/index.md index bdf44ba72b2a..0ca0848205c4 100644 --- a/website/docs/users-sources/sources/index.md +++ b/website/docs/users-sources/sources/index.md @@ -8,7 +8,7 @@ Sources allow you to connect authentik to an external user directory. Sources ca Sources are in the following general categories: -- **Protocols** ([Kerberos](./protocols/kerberos/index.md), [LDAP](./protocols/ldap/index.md), [OAuth](./protocols/oauth/index.md), [SAML](./protocols/saml/index.md), and [SCIM](./protocols/scim/index.md)) +- **Protocols** ([Kerberos](./protocols/kerberos/index.md), [LDAP](./protocols/ldap/index.md), [OAuth](./protocols/oauth/index.mdx), [SAML](./protocols/saml/index.md), and [SCIM](./protocols/scim/index.md)) - [**Property mappings**](./property-mappings/index.md) or how to import data from a source - **Directory synchronization** (Active Directory, FreeIPA) - **Social logins** (Apple, Discord, Twitch, Twitter, and many others) diff --git a/website/docs/users-sources/sources/property-mappings/expressions.md b/website/docs/users-sources/sources/property-mappings/expressions.md index a36f8effeee1..ecee21cd4b88 100644 --- a/website/docs/users-sources/sources/property-mappings/expressions.md +++ b/website/docs/users-sources/sources/property-mappings/expressions.md @@ -16,6 +16,6 @@ import Objects from "../../../expressions/\_objects.md"; ## Available Functions -import Functions from "../../../expressions/\_functions.md"; +import Functions from "../../../expressions/\_functions.mdx"; diff --git a/website/docs/users-sources/sources/property-mappings/index.md b/website/docs/users-sources/sources/property-mappings/index.md index fc559140019f..cc9274673317 100644 --- a/website/docs/users-sources/sources/property-mappings/index.md +++ b/website/docs/users-sources/sources/property-mappings/index.md @@ -8,7 +8,7 @@ This page is an overview of how property mappings work. For information about sp - [Kerberos](../protocols/kerberos/#kerberos-source-property-mappings) - [LDAP](../protocols/ldap/index.md#ldap-source-property-mappings) -- [OAuth](../protocols/oauth/index.md#oauth-source-property-mappings) +- [OAuth](../protocols/oauth/index.mdx#oauth-source-property-mappings) - [SAML](../protocols/saml/index.md#saml-source-property-mappings) - [SCIM](../protocols/scim/index.md#scim-source-property-mappings) @@ -36,7 +36,7 @@ return { } ``` -You can see that the expression returns a Python dictionary. The dictionary keys must match [User properties](../../user/user_ref.md#object-properties) or [Group properties](../../groups/group_ref.md#object-properties). Note that for users, `ak_groups` and `group_attributes` cannot be set. +You can see that the expression returns a Python dictionary. The dictionary keys must match [User properties](../../user/user_ref.mdx#object-properties) or [Group properties](../../groups/group_ref.md#object-properties). Note that for users, `ak_groups` and `group_attributes` cannot be set. See each source documentation for a reference of the available data. See the authentik [expressions documentation](./expressions.md) for available data and functions. diff --git a/website/docs/users-sources/sources/protocols/kerberos/index.md b/website/docs/users-sources/sources/protocols/kerberos/index.md index d635e023fc32..8baed048a4a0 100644 --- a/website/docs/users-sources/sources/protocols/kerberos/index.md +++ b/website/docs/users-sources/sources/protocols/kerberos/index.md @@ -1,10 +1,7 @@ --- title: Kerberos ---- - -Preview -authentik 2024.10+ - +authentik_preview: true +authentik_version: "2024.10" --- This source allows users to enroll themselves with an existing Kerberos identity. diff --git a/website/docs/users-sources/sources/protocols/oauth/index.md b/website/docs/users-sources/sources/protocols/oauth/index.mdx similarity index 96% rename from website/docs/users-sources/sources/protocols/oauth/index.md rename to website/docs/users-sources/sources/protocols/oauth/index.mdx index db3d81c9512d..4aa4c2c7ecf8 100644 --- a/website/docs/users-sources/sources/protocols/oauth/index.md +++ b/website/docs/users-sources/sources/protocols/oauth/index.mdx @@ -2,6 +2,8 @@ title: OAuth Source --- +import VersionBadge from "@site/src/components/VersionBadge"; + This source allows users to enroll themselves with an external OAuth-based Identity Provider. The generic provider expects the endpoint to return OpenID-Connect compatible information. Vendor-specific implementations have their own OAuth Source. - Policies: Allow/Forbid users from linking their accounts with this provider. @@ -14,7 +16,7 @@ This source allows users to enroll themselves with an external OAuth-based Ident Starting with authentik 2022.10, the default scopes can be replaced by prefix the value for scopes with `*`. -### OpenID Connect authentik 2022.6+ +### OpenID Connect  #### Well-known diff --git a/website/docs/users-sources/sources/protocols/scim/index.md b/website/docs/users-sources/sources/protocols/scim/index.md index b76ca111194e..be836e50f144 100644 --- a/website/docs/users-sources/sources/protocols/scim/index.md +++ b/website/docs/users-sources/sources/protocols/scim/index.md @@ -1,9 +1,6 @@ --- title: SCIM Source ---- - -Preview - +authentik_preview: true --- The SCIM source allows other applications to directly create users and groups within authentik. SCIM provides predefined schema for users and groups, with a RESTful API, to enable automatic user provisioning and deprovisioning, SCIM is supported by applications such as Microsoft Entra ID, Google Workspace, and Okta. diff --git a/website/docs/users-sources/sources/social-logins/apple/index.md b/website/docs/users-sources/sources/social-logins/apple/index.md index 67204a832038..59bd2116f140 100644 --- a/website/docs/users-sources/sources/social-logins/apple/index.md +++ b/website/docs/users-sources/sources/social-logins/apple/index.md @@ -1,9 +1,8 @@ --- title: Apple +support_level: authentik --- -Support level: authentik - Allows users to authenticate using their Apple ID. ## Preparation diff --git a/website/docs/users-sources/sources/social-logins/azure-ad/index.md b/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx similarity index 94% rename from website/docs/users-sources/sources/social-logins/azure-ad/index.md rename to website/docs/users-sources/sources/social-logins/azure-ad/index.mdx index 5aac4bb604c8..da9fb5d3a2d5 100644 --- a/website/docs/users-sources/sources/social-logins/azure-ad/index.md +++ b/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx @@ -1,8 +1,9 @@ --- title: Azure AD +support_level: community --- -Support level: Community +import VersionBadge from "@site/src/components/VersionBadge"; ## Preparation @@ -112,9 +113,9 @@ return True Try to login with a **_new_** user. You should see no prompts and the user should have the correct information. -### Machine-to-machine authentication authentik 2024.12+ +### Machine-to-machine authentication  -If using [Machine-to-Machine](../../../../add-secure-apps/providers/oauth2/client_credentials.md#jwt-authentication) authentication, some specific steps need to be considered. +If using [Machine-to-Machine](../../../../add-secure-apps/providers/oauth2/client_credentials.mdx#jwt-authentication) authentication, some specific steps need to be considered. When getting the JWT token from Azure AD, set the scope to the Application ID URI, and _not_ the Graph URL; otherwise the JWT will be in an invalid format. diff --git a/website/docs/users-sources/sources/social-logins/discord/index.md b/website/docs/users-sources/sources/social-logins/discord/index.md index 3cbcdcbe04dc..b415415e4489 100644 --- a/website/docs/users-sources/sources/social-logins/discord/index.md +++ b/website/docs/users-sources/sources/social-logins/discord/index.md @@ -1,9 +1,8 @@ --- title: Discord +support_level: authentik --- -Support level: authentik - Allows users to authenticate using their Discord credentials ## Preparation diff --git a/website/docs/users-sources/sources/social-logins/facebook/index.md b/website/docs/users-sources/sources/social-logins/facebook/index.md index 8173f83707fd..738db0cb4eb8 100644 --- a/website/docs/users-sources/sources/social-logins/facebook/index.md +++ b/website/docs/users-sources/sources/social-logins/facebook/index.md @@ -1,9 +1,8 @@ --- title: Facebook +support_level: community --- -Support level: Community - Adding Facebook as a source allows users to authenticate through authentik using their Facebook credentials. ## Preparation diff --git a/website/docs/users-sources/sources/social-logins/github/index.md b/website/docs/users-sources/sources/social-logins/github/index.mdx similarity index 93% rename from website/docs/users-sources/sources/social-logins/github/index.md rename to website/docs/users-sources/sources/social-logins/github/index.mdx index 76b0dfa08f00..bb9a012d0533 100644 --- a/website/docs/users-sources/sources/social-logins/github/index.md +++ b/website/docs/users-sources/sources/social-logins/github/index.mdx @@ -1,8 +1,9 @@ --- title: Github +support_level: authentik --- -Support level: authentik +import VersionBadge from "@site/src/components/VersionBadge"; Allows users to authenticate using their Github credentials @@ -50,7 +51,7 @@ Save, and you now have Github as a source. For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). ::: -### Checking for membership of a GitHub Organisation authentik 2021.12.5.+ +### Checking for membership of a GitHub Organisation  To check if the user is member of an organisation, you can use the following policy on your flows: diff --git a/website/docs/users-sources/sources/social-logins/google/cloud/index.md b/website/docs/users-sources/sources/social-logins/google/cloud/index.md index 7769fc5b9c5d..d0b00d5ced1e 100644 --- a/website/docs/users-sources/sources/social-logins/google/cloud/index.md +++ b/website/docs/users-sources/sources/social-logins/google/cloud/index.md @@ -2,10 +2,9 @@ title: Google Cloud (with OAuth) sidebar_label: Google Cloud (OAuth) tags: [integration, oauth, google] +support_level: community --- -Support level: Community - Allows users to authenticate using their Google credentials ## Preparation diff --git a/website/docs/users-sources/sources/social-logins/google/workspace/index.md b/website/docs/users-sources/sources/social-logins/google/workspace/index.md index fffacfb43fdb..4dd71838ee33 100644 --- a/website/docs/users-sources/sources/social-logins/google/workspace/index.md +++ b/website/docs/users-sources/sources/social-logins/google/workspace/index.md @@ -2,10 +2,9 @@ title: Google Workspace (with SAML) sidebar_label: Google Workspace (SAML) tags: [integration, saml, google] +support_level: authentik --- -Support level: authentik - This topic covers configuring authentik to authenticate users with their Google Workspace credentials. ## What is Google Workspace? diff --git a/website/docs/users-sources/sources/social-logins/mailcow/index.md b/website/docs/users-sources/sources/social-logins/mailcow/index.md index 09803d228f50..b1f1b5a229eb 100644 --- a/website/docs/users-sources/sources/social-logins/mailcow/index.md +++ b/website/docs/users-sources/sources/social-logins/mailcow/index.md @@ -1,9 +1,8 @@ --- title: Mailcow +support_level: community --- -Support level: Community - Allows users to authenticate using their Mailcow credentials ## Preparation diff --git a/website/docs/users-sources/sources/social-logins/plex/index.md b/website/docs/users-sources/sources/social-logins/plex/index.md index d03916baac47..2f3fc53a4b3c 100644 --- a/website/docs/users-sources/sources/social-logins/plex/index.md +++ b/website/docs/users-sources/sources/social-logins/plex/index.md @@ -1,9 +1,8 @@ --- title: Plex +support_level: community --- -Support level: Community - Allows users to authenticate using their Plex credentials ## Preparation diff --git a/website/docs/users-sources/sources/social-logins/twitch/index.md b/website/docs/users-sources/sources/social-logins/twitch/index.md index 3b15357d6963..a801f8d18ca1 100644 --- a/website/docs/users-sources/sources/social-logins/twitch/index.md +++ b/website/docs/users-sources/sources/social-logins/twitch/index.md @@ -1,9 +1,8 @@ --- title: Twitch +support_level: community --- -Support level: Community - Allows users to authenticate using their Twitch credentials ## Preparation diff --git a/website/docs/users-sources/sources/social-logins/twitter/index.md b/website/docs/users-sources/sources/social-logins/twitter/index.md index 49558f3107fc..afb6392d157a 100644 --- a/website/docs/users-sources/sources/social-logins/twitter/index.md +++ b/website/docs/users-sources/sources/social-logins/twitter/index.md @@ -1,9 +1,8 @@ --- title: Twitter +support_level: authentik --- -Support level: authentik - Allows users to authenticate using their twitter credentials ## Preparation diff --git a/website/docs/users-sources/user/index.mdx b/website/docs/users-sources/user/index.mdx index 6af90501bde8..25915ae52437 100644 --- a/website/docs/users-sources/user/index.mdx +++ b/website/docs/users-sources/user/index.mdx @@ -6,7 +6,7 @@ import DocCardList from "@theme/DocCardList"; In authentik you can create and manage users with fine-tuned access control, session and event details, group membership, super-user rights, impersonation, and password management and recovery. -To learn more about Enterprise licenses with internal and external users, refer to our [Enterprise documentation](../../enterprise/manage-enterprise.md#about-users-and-licenses). +To learn more about Enterprise licenses with internal and external users, refer to our [Enterprise documentation](../../enterprise/manage-enterprise.mdx#about-users-and-licenses). To learn more about working with users in authentik, refer to the following topics: diff --git a/website/docs/users-sources/user/user_basic_operations.md b/website/docs/users-sources/user/user_basic_operations.md index 5cec096d9ae7..cbe31c0a9c56 100644 --- a/website/docs/users-sources/user/user_basic_operations.md +++ b/website/docs/users-sources/user/user_basic_operations.md @@ -30,7 +30,7 @@ The following topics are for the basic management of users: how to create, modif You should see a confirmation pop-up on the top-right of the screen that the user has been created, and see the new user in the user list. You can directly click the username if you want to [modify your user](./user_basic_operations#modify-a-user). :::info -To create a super-user, you need to add the user to a group that has super-user permissions. For more information, refer to [Create a Group](../groups/manage_groups.md#create-a-group). +To create a super-user, you need to add the user to a group that has super-user permissions. For more information, refer to [Create a Group](../groups/manage_groups.mdx#create-a-group). ::: ### View user details @@ -48,7 +48,7 @@ To view details about a specific user: - **Session** shows the active sessions established by the user. If there is any need, you can clean up the connected devices for a user by selecting the device(s) and then clicking **Delete**. This forces the user to authenticate again on the deleted devices. - **Groups** allows you to manage the group membership of the user. You can find more details on [groups](../groups/index.mdx). - **User events** displays all the events generated by the user during a session, such as login, logout, application authorisation, password reset, user info update, etc. -- **Explicit consent** lists all the permissions the user has given explicitly to an application. Entries will only appear if the user is validating an [explicit consent flow in an OAuth2 provider](../../add-secure-apps/providers/oauth2/index.md). If you want to delete the explicit consent (because the application is requiring new permissions, or the user has explicitly asked to reset his consent on third-party apps), select the applications and click **Delete**. The user will be asked to again give explicit consent to share information with the application. +- **Explicit consent** lists all the permissions the user has given explicitly to an application. Entries will only appear if the user is validating an [explicit consent flow in an OAuth2 provider](../../add-secure-apps/providers/oauth2/index.mdx). If you want to delete the explicit consent (because the application is requiring new permissions, or the user has explicitly asked to reset his consent on third-party apps), select the applications and click **Delete**. The user will be asked to again give explicit consent to share information with the application. - **OAuth Refresh Tokens** lists all the OAuth tokens currently distributed. You can remove the tokens by selecting the applications and then clicking **Delete**. - **MFA Authenticators** shows all the authentications that the user has registered to their user profile. You can remove the tokens if the user has lost their authenticator and want to enroll a new one. diff --git a/website/docs/users-sources/user/user_ref.md b/website/docs/users-sources/user/user_ref.mdx similarity index 95% rename from website/docs/users-sources/user/user_ref.md rename to website/docs/users-sources/user/user_ref.mdx index 1c98d3915eb7..7e3bd901699e 100644 --- a/website/docs/users-sources/user/user_ref.md +++ b/website/docs/users-sources/user/user_ref.mdx @@ -2,6 +2,8 @@ title: User properties and attributes --- +import VersionBadge from "@site/src/components/VersionBadge"; + ## Object properties The User object has the following properties: @@ -14,7 +16,7 @@ The User object has the following properties: - `is_active` Boolean field if user is active. - `date_joined` Date user joined/was created. - `password_change_date` Date password was last changed. -- `path` User's path, see [Path](#path-authentik-20227) +- `path` User's path, see [Path](#path) - `attributes` Dynamic attributes, see [Attributes](#attributes) - `group_attributes()` Merged attributes of all groups the user is member of and the user's own attributes. - `ak_groups` This is a queryset of all the user's groups. @@ -42,7 +44,7 @@ for group in user.ak_groups.all(): yield group.name ``` -## Path authentik 2022.7+ +## Path  Paths can be used to organize users into folders depending on which source created them or organizational structure. Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else. diff --git a/website/docusaurus.config.ts b/website/docusaurus.config.ts index 572e429b1dad..3ca955884bde 100644 --- a/website/docusaurus.config.ts +++ b/website/docusaurus.config.ts @@ -80,7 +80,15 @@ module.exports = async function (): Promise { prism: { theme: prismThemes.oneLight, darkTheme: prismThemes.oneDark, - additionalLanguages: ["python", "diff", "json", "http"], + additionalLanguages: [ + // --- + "apacheconf", + "diff", + "http", + "json", + "nginx", + "python", + ], }, }, presets: [ diff --git a/website/integrations/services/actual-budget/index.mdx b/website/integrations/services/actual-budget/index.mdx index e4a7327a5b37..48d2dc10dd22 100644 --- a/website/integrations/services/actual-budget/index.mdx +++ b/website/integrations/services/actual-budget/index.mdx @@ -1,12 +1,9 @@ --- title: Integrate with Actual Budget sidebar_label: Actual Budget +support_level: community --- -# Integrate With Actual Budget - -Support level: Community - ## What is Actual Budget > Actual Budget is a web-based financial management software. It helps users track and manage their income, expenses, and budgets in real time. diff --git a/website/integrations/services/apache-guacamole/index.mdx b/website/integrations/services/apache-guacamole/index.mdx index 5a6d0b3a3ada..e47963488b9a 100644 --- a/website/integrations/services/apache-guacamole/index.mdx +++ b/website/integrations/services/apache-guacamole/index.mdx @@ -1,10 +1,9 @@ --- title: Integrate with Apache Guacamole™ sidebar_label: Apache Guacamole™ +support_level: authentik --- -Support level: authentik - ## What is Apache Guacamole™ > Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. @@ -39,7 +38,7 @@ Note the Client ID value. Create an application, using the provider you've creat It is recommended you configure an admin account in Guacamole before setting up SSO to make things easier. Create a user in Guacamole using the username of your user in authentik and give them admin permissions. Without this, you might lose access to the Guacamole admin settings and have to revert the settings below. -import Tabs from "@theme/Tabs" +import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; Support level: Community - ## What is ArgoCD > Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. diff --git a/website/integrations/services/aruba-orchestrator/index.md b/website/integrations/services/aruba-orchestrator/index.md index 2fcc73b0085b..bd8fae0bf198 100644 --- a/website/integrations/services/aruba-orchestrator/index.md +++ b/website/integrations/services/aruba-orchestrator/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Aruba Orchestrator sidebar_label: Aruba Orchestrator +support_level: community --- -Support level: Community - ## What is Aruba Orchestrator > Aruba Orchestrator is a network management platform used to centrally manage, configure, monitor, and automate Aruba network devices and services. It provides tools for network visibility, policy management, and performance monitoring, simplifying the administration of complex and distributed network environments. diff --git a/website/integrations/services/aws/index.md b/website/integrations/services/aws/index.md index 01e6c63ef4ae..198549ba512c 100644 --- a/website/integrations/services/aws/index.md +++ b/website/integrations/services/aws/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Amazon Web Services sidebar_label: Amazon Web Services +support_level: authentik --- -Support level: authentik - ## What is AWS > Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud, with more than 200 fully featured services available from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, increase security, become more agile, and innovate faster. diff --git a/website/integrations/services/awx-tower/index.md b/website/integrations/services/awx-tower/index.md index 6b16cf182aec..d3078f7b40d9 100644 --- a/website/integrations/services/awx-tower/index.md +++ b/website/integrations/services/awx-tower/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Red Hat Ansible Automation Platform / AWX sidebar_label: Red Hat Ansible Automation Platform / AWX +support_level: community --- - - ## What is Tower From diff --git a/website/integrations/services/bookstack/index.md b/website/integrations/services/bookstack/index.md index 298c7e828e6e..9472632178c1 100644 --- a/website/integrations/services/bookstack/index.md +++ b/website/integrations/services/bookstack/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Bookstack sidebar_label: Bookstack +support_level: community --- -Support level: Community - ## What is Bookstack > BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform. Based on Laravel, a PHP framework, BookStack is released under the MIT License. It uses the ideas of books to organise pages and store information. BookStack is multilingual and available in over thirty languages. For the simplicity, BookStack is considered as suitable for smaller businesses or freelancers. diff --git a/website/integrations/services/budibase/index.md b/website/integrations/services/budibase/index.md index e4ad4a51b5b1..f50c21d83ee5 100644 --- a/website/integrations/services/budibase/index.md +++ b/website/integrations/services/budibase/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Budibase sidebar_label: Budibase +support_level: community --- -Support level: Community - ## What is Budibase > Budibase is an open source low-code platform, and the easiest way to build internal tools that improve productivity. diff --git a/website/integrations/services/chronograf/index.md b/website/integrations/services/chronograf/index.md index 98f6bdb22ab7..7e78154eef02 100644 --- a/website/integrations/services/chronograf/index.md +++ b/website/integrations/services/chronograf/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Chronograf sidebar_label: Chronograf +support_level: community --- -Support level: Community - ## What is Chronograf > Chronograf lets you quickly visualize the data stored in InfluxDB, enabling you to build robust queries and alerts. It is simple to use and comes with templates and libraries for rapidly creating dashboards with real-time data visualizations. diff --git a/website/integrations/services/cloudflare-access/index.md b/website/integrations/services/cloudflare-access/index.md index a4d2b9b400e1..96aa048ddce8 100644 --- a/website/integrations/services/cloudflare-access/index.md +++ b/website/integrations/services/cloudflare-access/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Cloudflare Access sidebar_label: Cloudflare Access +support_level: community --- -Support level: Community - ## What is Cloudflare Access > Cloudflare Access is a secure, cloud-based zero-trust solution for managing and authenticating user access to internal applications and resources. diff --git a/website/integrations/services/dokuwiki/index.md b/website/integrations/services/dokuwiki/index.md index ec79b6d68e17..5e7a61240abb 100644 --- a/website/integrations/services/dokuwiki/index.md +++ b/website/integrations/services/dokuwiki/index.md @@ -1,10 +1,9 @@ --- title: Integrate with DokuWiki sidebar_label: DokuWiki +support_level: community --- -Support level: Community - ## What is DokuWiki From https://en.wikipedia.org/wiki/DokuWiki diff --git a/website/integrations/services/engomo/index.md b/website/integrations/services/engomo/index.md index aaa4b2048280..a8a0dc780031 100644 --- a/website/integrations/services/engomo/index.md +++ b/website/integrations/services/engomo/index.md @@ -1,10 +1,9 @@ --- title: Integrate with engomo sidebar_label: engomo +support_level: community --- -Support level: Community - ## What is engomo > engomo is an low-code app development platform to create enterprise apps for smartphones and tablets based on Android, iOS, or iPadOS. diff --git a/website/integrations/services/espoCRM/index.md b/website/integrations/services/espoCRM/index.md index 4a5891d2f35f..8ba59e693eda 100644 --- a/website/integrations/services/espoCRM/index.md +++ b/website/integrations/services/espoCRM/index.md @@ -1,10 +1,9 @@ --- title: Integrate with EspoCRM sidebar_label: EspoCRM +support_level: community --- -Support level: Community - ## What is EspoCRM? > EspoCRM is a CRM (customer relationship management) web application that allows users to store, visualize, and analyze their company's business-related relationships such as opportunities, people, businesses, and projects. diff --git a/website/integrations/services/firezone/index.md b/website/integrations/services/firezone/index.md index ed688f26da95..7b4d114a357b 100644 --- a/website/integrations/services/firezone/index.md +++ b/website/integrations/services/firezone/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Firezone sidebar_label: Firezone +support_level: community --- -Support level: Community - ## What is Firezone > Firezone is an open-source remote access platform built on WireGuard®, a modern VPN protocol that's 4-6x faster than OpenVPN. diff --git a/website/integrations/services/fortigate-admin/index.md b/website/integrations/services/fortigate-admin/index.md index e7d498490237..6e2254632ec5 100644 --- a/website/integrations/services/fortigate-admin/index.md +++ b/website/integrations/services/fortigate-admin/index.md @@ -1,10 +1,9 @@ --- title: Integrate with FortiGate Admin Login sidebar_label: FortiGate Admin Login +support_level: community --- -Support level: Community - ## What is FortiGate > FortiGate is a firewall from FortiNet. It is a NGFW with layer7 inspection and able to become a part of a FortiNet security fabric. diff --git a/website/integrations/services/fortigate-ssl/index.md b/website/integrations/services/fortigate-ssl/index.md index 0077a186077f..ac44f12084f9 100644 --- a/website/integrations/services/fortigate-ssl/index.md +++ b/website/integrations/services/fortigate-ssl/index.md @@ -1,10 +1,9 @@ --- title: Integrate with FortiGate SSLVPN sidebar_label: FortiGate SSLVPN +support_level: community --- -Support level: Community - ## FortiGate SSLVPN > FortiGate is a firewall from FortiNet. It is a NGFW with layer7 inspection and able to become a part of a FortiNet security fabric. diff --git a/website/integrations/services/fortimanager/index.md b/website/integrations/services/fortimanager/index.md index 45c86d58d621..d6f5f6d84461 100644 --- a/website/integrations/services/fortimanager/index.md +++ b/website/integrations/services/fortimanager/index.md @@ -1,10 +1,9 @@ --- title: Integrate with FortiManager sidebar_label: FortiManager +support_level: community --- -Support level: Community - ## What is FortiManager > FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches. diff --git a/website/integrations/services/frappe/index.md b/website/integrations/services/frappe/index.md index d957f9601fce..d8a6304b2166 100644 --- a/website/integrations/services/frappe/index.md +++ b/website/integrations/services/frappe/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Frappe sidebar_label: Frappe +support_level: community --- -Support level: Community - :::note These instructions apply to all projects in the Frappe Family. ::: diff --git a/website/integrations/services/freshrss/index.md b/website/integrations/services/freshrss/index.md index 4f6c8e2d76d9..e77986dc9cdd 100644 --- a/website/integrations/services/freshrss/index.md +++ b/website/integrations/services/freshrss/index.md @@ -1,10 +1,9 @@ --- title: Integrate with FreshRSS sidebar_label: FreshRSS +support_level: community --- -Support level: Community - ## What is FreshRSS > FreshRSS is a self-hosted RSS feed aggregator. diff --git a/website/integrations/services/gatus/index.md b/website/integrations/services/gatus/index.md index 54231149ffbe..5a732a28c8f9 100644 --- a/website/integrations/services/gatus/index.md +++ b/website/integrations/services/gatus/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Gatus sidebar_label: Gatus +support_level: community --- -Support level: Community - ## What is Gatus? > Gatus is a free and open source project for endpoint monitoring. It allows many types of monitoring from pings or http requests to DNS checking and certification expiration. This is all done through yaml files. diff --git a/website/integrations/services/gitea/index.md b/website/integrations/services/gitea/index.md index ffb0e1a4ff2a..de35f69ef692 100644 --- a/website/integrations/services/gitea/index.md +++ b/website/integrations/services/gitea/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Gitea sidebar_label: Gitea +support_level: community --- -Support level: Community - ## What is Gitea > Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. diff --git a/website/integrations/services/github-enterprise-cloud/index.md b/website/integrations/services/github-enterprise-cloud/index.md index 5034ba12e7cd..dd16275beff1 100644 --- a/website/integrations/services/github-enterprise-cloud/index.md +++ b/website/integrations/services/github-enterprise-cloud/index.md @@ -1,10 +1,9 @@ --- title: Integrate with GitHub Enterprise Cloud sidebar_label: GitHub Enterprise Cloud +support_level: community --- -Support level: Community - ## What is GitHub Enterprise Cloud > GitHub is a complete developer platform to build, scale, and deliver secure software. Businesses use our suite of products to support the entire software development lifecycle, increasing development velocity and improving code quality. diff --git a/website/integrations/services/github-enterprise-emu/index.md b/website/integrations/services/github-enterprise-emu/index.md index a004c2b1d554..de2aa4f58164 100644 --- a/website/integrations/services/github-enterprise-emu/index.md +++ b/website/integrations/services/github-enterprise-emu/index.md @@ -1,10 +1,9 @@ --- title: Integrate with GitHub Enterprise Cloud - Enterprise Managed Users sidebar_label: GitHub Enterprise Cloud EMU +support_level: community --- -Support level: Community - ## What is GitHub Enterprise Cloud - Enterprise Managed Users > With Enterprise Managed Users, you manage the lifecycle and authentication of your users on GitHub from an external identity management system, or IdP: diff --git a/website/integrations/services/github-enterprise-server/index.md b/website/integrations/services/github-enterprise-server/index.md index 90bab26491da..d779ef43cdb5 100644 --- a/website/integrations/services/github-enterprise-server/index.md +++ b/website/integrations/services/github-enterprise-server/index.md @@ -1,10 +1,9 @@ --- title: Integrate with GitHub Enterprise Server sidebar_label: GitHub Enterprise Server +support_level: community --- -Support level: Community - ## What is GitHub Enterprise Server > GitHub Enterprise Server is a self-hosted platform for software development within your enterprise. Your team can use GitHub Enterprise Server to build and ship software using Git version control, powerful APIs, productivity and collaboration tools, and integrations. Developers familiar with GitHub.com can onboard and contribute seamlessly using familiar features and workflows. diff --git a/website/integrations/services/github-organization/index.md b/website/integrations/services/github-organization/index.md index 8c4841546ad3..d9c5e88c4f99 100644 --- a/website/integrations/services/github-organization/index.md +++ b/website/integrations/services/github-organization/index.md @@ -1,10 +1,9 @@ --- title: Integrate with GitHub Organization sidebar_label: GitHub Organization +support_level: community --- -Support level: Community - ## What is GitHub Organizations > Organizations are shared accounts where businesses and open-source projects can collaborate across many projects at once, with sophisticated security and administrative features. diff --git a/website/integrations/services/gitlab/index.md b/website/integrations/services/gitlab/index.md index 6f3879dd1ede..98c68e946979 100644 --- a/website/integrations/services/gitlab/index.md +++ b/website/integrations/services/gitlab/index.md @@ -1,10 +1,9 @@ --- title: Integrate with GitLab sidebar_label: GitLab +support_level: authentik --- -Support level: authentik - ## What is GitLab > GitLab is a complete DevOps platform with features for version control, CI/CD, issue tracking, and collaboration, facilitating efficient software development and deployment workflows. diff --git a/website/integrations/services/glitchtip/index.md b/website/integrations/services/glitchtip/index.md index 20f61cf481e4..c80efbf464a2 100644 --- a/website/integrations/services/glitchtip/index.md +++ b/website/integrations/services/glitchtip/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Glitchtip sidebar_label: Glitchtip +support_level: community --- -Support level: Community - ## What is Glitchtip > Bugs are inevitable in web development. The important thing is to catch them when they appear. With GlitchTip, you can rest easy knowing that if your web app throws an error or goes down, you will be notified immediately. GlitchTip combines error tracking and uptime monitoring in one open-source package to keep you and your team fully up-to-date on the status of your projects. diff --git a/website/integrations/services/globalprotect/index.md b/website/integrations/services/globalprotect/index.md index 1afcbf7d8820..c9c4782b1b63 100644 --- a/website/integrations/services/globalprotect/index.md +++ b/website/integrations/services/globalprotect/index.md @@ -1,10 +1,9 @@ --- title: Integrate with GlobalProtect sidebar_label: GlobalProtect +support_level: community --- -Support level: Community - ## What is GlobalProtect > GlobalProtect enables you to use Palo Alto Networks next-gen firewalls or Prisma Access to secure your mobile workforce. diff --git a/website/integrations/services/google/index.md b/website/integrations/services/google/index.md index f11d75483636..b4edf330b457 100644 --- a/website/integrations/services/google/index.md +++ b/website/integrations/services/google/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Google Workspace sidebar_label: Google Workspace +support_level: authentik --- -Support level: authentik - ## What is Google Workspace > Google Workspace is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google. diff --git a/website/integrations/services/grafana/index.mdx b/website/integrations/services/grafana/index.mdx index 333653076fd7..ce063ab9591d 100644 --- a/website/integrations/services/grafana/index.mdx +++ b/website/integrations/services/grafana/index.mdx @@ -1,10 +1,9 @@ --- title: Integrate with Grafana sidebar_label: Grafana +support_level: authentik --- -Support level: authentik - ## What is Grafana > Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources, Grafana Enterprise version with additional capabilities is also available. It is expandable through a plug-in system. @@ -94,7 +93,7 @@ resource "authentik_group" "grafana_viewers" { ## Grafana configuration -import Tabs from "@theme/Tabs" +import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; Support level: Community - ## What is Gravitee > Gravitee.io API Management is a flexible, lightweight and blazing-fast Open Source solution that helps your organization control who, when and how users access your APIs. diff --git a/website/integrations/services/harbor/index.md b/website/integrations/services/harbor/index.md index 87824d3d350a..b27c549944e0 100644 --- a/website/integrations/services/harbor/index.md +++ b/website/integrations/services/harbor/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Harbor sidebar_label: Harbor +support_level: community --- -Support level: Community - ## What is Harbor > Harbor is an open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted. A CNCF Graduated project, Harbor delivers compliance, performance, and interoperability to help you consistently and securely manage images across cloud native compute platforms like Kubernetes and Docker. diff --git a/website/integrations/services/hashicorp-cloud/index.md b/website/integrations/services/hashicorp-cloud/index.md index afd7cb80f1ed..53a1ee4b0229 100644 --- a/website/integrations/services/hashicorp-cloud/index.md +++ b/website/integrations/services/hashicorp-cloud/index.md @@ -1,10 +1,9 @@ --- title: Integrate with HashiCorp Cloud Platform sidebar_label: HashiCorp Cloud Platform +support_level: community --- -Support level: Community - ## What is HashiCorp Cloud > HashiCorp Cloud Platform is a fully managed platform for Terraform, Vault, Consul, and more. diff --git a/website/integrations/services/hashicorp-vault/index.md b/website/integrations/services/hashicorp-vault/index.md index e9989567a2e3..8f75bae4c04c 100644 --- a/website/integrations/services/hashicorp-vault/index.md +++ b/website/integrations/services/hashicorp-vault/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Hashicorp Vault sidebar_label: Hashicorp Vault +support_level: authentik --- -Support level: authentik - ## What is Vault > Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. diff --git a/website/integrations/services/hedgedoc/index.md b/website/integrations/services/hedgedoc/index.md index 5dd30bcc00be..a77a60627514 100644 --- a/website/integrations/services/hedgedoc/index.md +++ b/website/integrations/services/hedgedoc/index.md @@ -1,10 +1,9 @@ --- title: Integrate with HedgeDoc sidebar_label: HedgeDoc +support_level: community --- -Support level: Community - ## What is HedgeDoc > HedgeDoc lets you create real-time collaborative markdown notes. diff --git a/website/integrations/services/hoarder/index.md b/website/integrations/services/hoarder/index.md index 8be1287461a6..0cf68bb056a5 100644 --- a/website/integrations/services/hoarder/index.md +++ b/website/integrations/services/hoarder/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Hoarder sidebar_label: Hoarder +support_level: community --- -Support level: Community - ## What is Hoarder > A self-hostable bookmark-everything app (links, notes and images) with AI-based automatic tagging and full-text search. diff --git a/website/integrations/services/home-assistant/index.md b/website/integrations/services/home-assistant/index.md index 9aae526ed04d..1d18a5257164 100644 --- a/website/integrations/services/home-assistant/index.md +++ b/website/integrations/services/home-assistant/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Home Assistant sidebar_label: Home Assistant +support_level: community --- -Support level: Community - ## What is Home Assistant > Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. diff --git a/website/integrations/services/immich/index.md b/website/integrations/services/immich/index.md index 03b00a048c08..0c2251e96ba6 100644 --- a/website/integrations/services/immich/index.md +++ b/website/integrations/services/immich/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Immich sidebar_label: Immich +support_level: community --- -Support level: Community - ## What is Immich > Immich is a self-hosted backup solution for photos and videos on mobile devices. diff --git a/website/integrations/services/index.mdx b/website/integrations/services/index.mdx index c02f14102765..7c060e85fa1f 100644 --- a/website/integrations/services/index.mdx +++ b/website/integrations/services/index.mdx @@ -6,17 +6,21 @@ sidebar_label: Applications # Applications import DocCardList from "@theme/DocCardList"; +import SupportBadge from "@site/src/components/SupportBadge"; -Below is a list of all applications that are known to work with authentik. All app integrations will have one of these badges: +Below is a list of all applications that are known to work with authentik. -- Support level: Community The - integration is community maintained. +:::info{title="Support Levels"} +All app integrations will have one of these badges: -- Support level: Vendor The integration - is supported by the vendor. +| | | +| ----------------------------------- | ---------------------------------------------------------- | +| | The integration is community maintained. | +| | The integration is supported by the vendor. | +| | The integration is regularly tested by the authentik team. | +| | The integration is deprecated and may be removed. | -- Support level: authentik The - integration is regularly tested by the authentik team. +::: ### Add a new application diff --git a/website/integrations/services/jellyfin/index.md b/website/integrations/services/jellyfin/index.md index d7f072f451dc..361b74c5cf98 100644 --- a/website/integrations/services/jellyfin/index.md +++ b/website/integrations/services/jellyfin/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Jellyfin sidebar_label: Jellyfin +support_level: community --- -Support level: Community - ## What is Jellyfin > Jellyfin is a free and open source media management and streaming platform for movies, TV shows, and music. diff --git a/website/integrations/services/jenkins/index.md b/website/integrations/services/jenkins/index.md index b670fe398227..0f41552489f3 100644 --- a/website/integrations/services/jenkins/index.md +++ b/website/integrations/services/jenkins/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Jenkins sidebar_label: Jenkins +support_level: community --- -Support level: Community - ## What is Jenkins > The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project. diff --git a/website/integrations/services/kimai/index.md b/website/integrations/services/kimai/index.md index 4a024216d94d..2a1049dbf3ee 100644 --- a/website/integrations/services/kimai/index.md +++ b/website/integrations/services/kimai/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Kimai sidebar_label: Kimai +support_level: community --- -Support level: Community - ## What is Kimai > Kimai is a free & open source timetracker. It tracks work time and prints out a summary of your activities on demand. Yearly, monthly, daily, by customer, by project … Its simplicity is its strength. Due to Kimai's browser based interface it runs cross-platform, even on your mobile device. diff --git a/website/integrations/services/komga/index.md b/website/integrations/services/komga/index.md index efbaf9eeabf4..5b6364b3d761 100644 --- a/website/integrations/services/komga/index.md +++ b/website/integrations/services/komga/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Komga sidebar_label: Komga +support_level: community --- -Support level: Community - ## What is Komga > Komga is an open-source comic and manga server that lets users organize, read, and stream their digital comic collections with ease. diff --git a/website/integrations/services/linkwarden/index.md b/website/integrations/services/linkwarden/index.md index 2fd5d56fa56c..c0418b89ee29 100644 --- a/website/integrations/services/linkwarden/index.md +++ b/website/integrations/services/linkwarden/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Linkwarden sidebar_label: Linkwarden +support_level: community --- -Support level: Community - ## What is Linkwarden > Linkwarden is an open-source collaborative bookmark manager used to collect, organize, and preserve webpages. diff --git a/website/integrations/services/mastodon/index.md b/website/integrations/services/mastodon/index.md index 1e7420316c91..9088c2670bf0 100644 --- a/website/integrations/services/mastodon/index.md +++ b/website/integrations/services/mastodon/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Mastodon sidebar_label: Mastodon +support_level: community --- -Support level: Community - ## What is Mastodon > Mastodon is free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter diff --git a/website/integrations/services/matrix-synapse/index.md b/website/integrations/services/matrix-synapse/index.md index 7d7ddb6a6e6c..5123d6564641 100644 --- a/website/integrations/services/matrix-synapse/index.md +++ b/website/integrations/services/matrix-synapse/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Matrix Synapse sidebar_label: Matrix Synapse +support_level: community --- -Support level: Community - ## What is Matrix Synapse > Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations. diff --git a/website/integrations/services/meshcentral/index.md b/website/integrations/services/meshcentral/index.md index 8de555fdb42e..9c9460334e50 100644 --- a/website/integrations/services/meshcentral/index.md +++ b/website/integrations/services/meshcentral/index.md @@ -1,10 +1,9 @@ --- title: Integrate with MeshCentral sidebar_label: MeshCentral +support_level: community --- -Support level: Community - ## What is MeshCentral > MeshCentral is a free, open source, web-based platform for remote device management. diff --git a/website/integrations/services/minio/index.md b/website/integrations/services/minio/index.md index fabcb07a57f8..7d15beba888e 100644 --- a/website/integrations/services/minio/index.md +++ b/website/integrations/services/minio/index.md @@ -1,10 +1,9 @@ --- title: Integrate with MinIO sidebar_label: MinIO +support_level: authentik --- -Support level: authentik - ## What is MinIO > MinIO is an Amazon S3 compatible object storage suite capable of handling structured and unstructured data including log files, artifacts, backups, container images, photos and videos. The current maximum supported object size is 5TB. diff --git a/website/integrations/services/mobilizon/index.md b/website/integrations/services/mobilizon/index.md index b21181d4a5e5..dccf90469899 100644 --- a/website/integrations/services/mobilizon/index.md +++ b/website/integrations/services/mobilizon/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Mobilizon sidebar_label: Mobilizon +support_level: community --- -Support level: Community - ## What is Mobilizon > Gather, organize and mobilize yourselves with a convivial, ethical, and emancipating tool. https://joinmobilizon.org diff --git a/website/integrations/services/netbird/index.md b/website/integrations/services/netbird/index.md index cbc24b42c499..e161c59d3120 100644 --- a/website/integrations/services/netbird/index.md +++ b/website/integrations/services/netbird/index.md @@ -1,10 +1,9 @@ --- title: Integrate with NetBird sidebar_label: NetBird +support_level: community --- -Support level: Community - ## What is NetBird? > NetBird is an open source, zero trust, networking platform that allows you to create secure private networks for your organization or home. diff --git a/website/integrations/services/netbox/index.md b/website/integrations/services/netbox/index.md index f31d2b41a950..040392be4709 100644 --- a/website/integrations/services/netbox/index.md +++ b/website/integrations/services/netbox/index.md @@ -1,10 +1,9 @@ --- title: Integrate with NetBox sidebar_label: NetBox +support_level: community --- -Support level: Community - ## What is NetBox > NetBox is the leading solution for modeling and documenting modern networks. diff --git a/website/integrations/services/nextcloud/index.md b/website/integrations/services/nextcloud/index.md index 830da51d82c5..c845f5dcd398 100644 --- a/website/integrations/services/nextcloud/index.md +++ b/website/integrations/services/nextcloud/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Nextcloud sidebar_label: Nextcloud +support_level: community --- -Support level: Community - ## What is Nextcloud > Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices. diff --git a/website/integrations/services/node-red/index.md b/website/integrations/services/node-red/index.md index ff5548e33469..1f6c81fefd5f 100644 --- a/website/integrations/services/node-red/index.md +++ b/website/integrations/services/node-red/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Node-RED sidebar_label: Node-RED +support_level: community --- -Support level: Community - ## What is Node-RED > Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. diff --git a/website/integrations/services/observium/index.md b/website/integrations/services/observium/index.md index 7345a63a1a45..1fdcd7389336 100644 --- a/website/integrations/services/observium/index.md +++ b/website/integrations/services/observium/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Observium sidebar_label: Observium +support_level: community --- -Support level: Community - ## What is Observium > Observium is a network monitoring and management platform that provides real-time insight into network health and performance. diff --git a/website/integrations/services/onlyoffice/index.md b/website/integrations/services/onlyoffice/index.md index 806aa158476b..eb89886f66e5 100644 --- a/website/integrations/services/onlyoffice/index.md +++ b/website/integrations/services/onlyoffice/index.md @@ -1,10 +1,9 @@ --- title: Integrate with OnlyOffice sidebar_label: OnlyOffice +support_level: community --- -Support level: Community - ## What is OnlyOffice > OnlyOffice, stylized as ONLYOFFICE, is a free software office suite developed by Ascensio System SIA, a company headquartered in Riga, Latvia. It features online document editors, platform for document management, corporate communication, mail and project management tools diff --git a/website/integrations/services/opnsense/index.md b/website/integrations/services/opnsense/index.md index f0f57cd9a184..d45016ea80f7 100644 --- a/website/integrations/services/opnsense/index.md +++ b/website/integrations/services/opnsense/index.md @@ -1,10 +1,9 @@ --- title: Integrate with OPNsense sidebar_label: OPNsense +support_level: community --- -Support level: Community - ## What is OPNsense > OPNsense is a free and Open-Source FreeBSD-based firewall and routing software. It is licensed under an Open Source Initiative approved license. diff --git a/website/integrations/services/oracle-cloud/index.md b/website/integrations/services/oracle-cloud/index.md index 87b1d770855d..d02942c7fc2b 100644 --- a/website/integrations/services/oracle-cloud/index.md +++ b/website/integrations/services/oracle-cloud/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Oracle Cloud sidebar_label: Oracle Cloud +support_level: community --- -Support level: Community - ## What is Oracle Cloud > Oracle Cloud is the first public cloud built from the ground up to be a better cloud for every application. By rethinking core engineering and systems design for cloud computing, we created innovations that accelerate migrations, deliver better reliability and performance for all applications, and offer the complete services customers need to build innovative cloud applications. diff --git a/website/integrations/services/organizr/index.md b/website/integrations/services/organizr/index.md index a6a87b660196..a2a59229344c 100644 --- a/website/integrations/services/organizr/index.md +++ b/website/integrations/services/organizr/index.md @@ -1,10 +1,9 @@ --- title: Integrate with organizr sidebar_label: organizr +support_level: community --- -Support level: Community - ## What is organizr > Organizr allows you to setup "Tabs" that will be loaded all in one webpage. diff --git a/website/integrations/services/outline/index.md b/website/integrations/services/outline/index.md index 78e99d0c88ad..93c2279305b5 100644 --- a/website/integrations/services/outline/index.md +++ b/website/integrations/services/outline/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Outline sidebar_label: Outline +support_level: community --- -Support level: Community - ## What is Outline > Your team's knowledge base. diff --git a/website/integrations/services/owncloud/index.md b/website/integrations/services/owncloud/index.md index 60ec77998127..6fb30039da4b 100644 --- a/website/integrations/services/owncloud/index.md +++ b/website/integrations/services/owncloud/index.md @@ -1,10 +1,9 @@ --- title: Integrate with ownCloud sidebar_label: ownCloud +support_level: community --- -Support level: Community - ## What is ownCloud > ownCloud is a free and open-source software project for content collaboration and sharing and syncing of files. diff --git a/website/integrations/services/paperless-ng/index.md b/website/integrations/services/paperless-ng/index.md index 7244d1e8fe4d..e20ae7edf2c4 100644 --- a/website/integrations/services/paperless-ng/index.md +++ b/website/integrations/services/paperless-ng/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Paperless-ng sidebar_label: Paperless-ng +support_level: community --- -Support level: Community - ## What is Paperless-ng > Paperless-ng is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from the original Paperless that is no longer maintained. diff --git a/website/integrations/services/paperless-ngx/index.mdx b/website/integrations/services/paperless-ngx/index.mdx index bbc297a8a9da..efa81858ce65 100644 --- a/website/integrations/services/paperless-ngx/index.mdx +++ b/website/integrations/services/paperless-ngx/index.mdx @@ -1,10 +1,9 @@ --- title: Integrate with Paperless-ngx sidebar_label: Paperless-ngx +support_level: community --- -Support level: Community - ## What is Paperless-ngx > Paperless-ngx is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from paperless-ngx, in turn a fork from the original Paperless, neither of which are maintained any longer. @@ -41,7 +40,7 @@ Create an application (under Resources/Applications) with these settings: ## Paperless Configuration -import Tabs from "@theme/Tabs" +import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; Support level: Community - ## What is pfSense > The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. diff --git a/website/integrations/services/pgadmin/index.md b/website/integrations/services/pgadmin/index.md index 67a54b980862..631110439cb9 100644 --- a/website/integrations/services/pgadmin/index.md +++ b/website/integrations/services/pgadmin/index.md @@ -1,10 +1,9 @@ --- title: Integrate with pgAdmin sidebar_label: pgAdmin +support_level: community --- -Support level: Community - ## What is pgAdmin > pgAdmin is a management tool for PostgreSQL and derivative relational databases such as EnterpriseDB's EDB Advanced Server. It may be run either as a web or desktop application. diff --git a/website/integrations/services/phpipam/index.md b/website/integrations/services/phpipam/index.md index 305e4919790c..97164c12eb0d 100644 --- a/website/integrations/services/phpipam/index.md +++ b/website/integrations/services/phpipam/index.md @@ -1,10 +1,9 @@ --- title: Integrate with phpIPAM sidebar_label: phpIPAM +support_level: community --- -Support level: Community - ## What is phpIPAM > phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and HTML5/CSS3 features. diff --git a/website/integrations/services/portainer/index.md b/website/integrations/services/portainer/index.md index 270c6b82f578..07e0704087d4 100644 --- a/website/integrations/services/portainer/index.md +++ b/website/integrations/services/portainer/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Portainer sidebar_label: Portainer +support_level: community --- -Support level: Community - ## What is Portainer > Portainer is a powerful, GUI-based Container-as-a-Service solution that helps organizations manage and deploy cloud-native applications easily and securely. diff --git a/website/integrations/services/powerdns-admin/index.md b/website/integrations/services/powerdns-admin/index.md index 4d331026d69d..e88ade5e29b8 100644 --- a/website/integrations/services/powerdns-admin/index.md +++ b/website/integrations/services/powerdns-admin/index.md @@ -1,10 +1,9 @@ --- title: Integrate with PowerDNS-Admin sidebar_label: PowerDNS-Admin +support_level: community --- -Support level: Community - ## What is PowerDNS-Admin > A PowerDNS web interface with advanced features. diff --git a/website/integrations/services/proftpd/index.md b/website/integrations/services/proftpd/index.md index 29c5fe4ce707..b52d1cd432a3 100644 --- a/website/integrations/services/proftpd/index.md +++ b/website/integrations/services/proftpd/index.md @@ -1,10 +1,9 @@ --- title: Integrate with ProFTPD sidebar_label: ProFTPD +support_level: community --- -Support level: Community - ## What is ProFTPD > ProFTPD is a high-performance, extremely configurable, and most of all a secure FTP server, featuring Apache-like configuration and blazing performance. diff --git a/website/integrations/services/proxmox-ve/index.md b/website/integrations/services/proxmox-ve/index.md index 4a50063d95fe..d0303974582f 100644 --- a/website/integrations/services/proxmox-ve/index.md +++ b/website/integrations/services/proxmox-ve/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Proxmox VE sidebar_label: Proxmox VE +support_level: community --- -Support level: Community - ## What is Proxmox VE > Proxmox Virtual Environment is an open source server virtualization management solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, highly available clusters, storage, and networks with an integrated, easy-to-use web interface or via CLI. Proxmox VE code is licensed under the GNU Affero General Public License, version 3. The project is developed and maintained by Proxmox Server Solutions GmbH. diff --git a/website/integrations/services/rancher/index.md b/website/integrations/services/rancher/index.md index 08dee6f2084f..66f864529d7e 100644 --- a/website/integrations/services/rancher/index.md +++ b/website/integrations/services/rancher/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Rancher sidebar_label: Rancher +support_level: authentik --- -Support level: authentik - ## What is Rancher > An enterprise platform for managing Kubernetes Everywhere diff --git a/website/integrations/services/rocketchat/index.md b/website/integrations/services/rocketchat/index.md index 2c3a5a68b829..c937fac648d5 100644 --- a/website/integrations/services/rocketchat/index.md +++ b/website/integrations/services/rocketchat/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Rocket.chat sidebar_label: Rocket.chat +support_level: community --- -Support level: Community - ## What is Rocket.chat > Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript for organizations with high standards of data protection. It is licensed under the MIT License with some other licenses mixed in. See [Rocket.chat GitHub](https://github.com/RocketChat/Rocket.Chat/blob/develop/LICENSE) for licensing information. diff --git a/website/integrations/services/roundcube/index.md b/website/integrations/services/roundcube/index.md index 87183de3642d..28f07c5a358e 100644 --- a/website/integrations/services/roundcube/index.md +++ b/website/integrations/services/roundcube/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Roundcube sidebar_label: Roundcube +support_level: community --- -Support level: Community - ## What is Roundcube > **Roundcube** is a browser-based multilingual IMAP client with an application-like user interface. diff --git a/website/integrations/services/rustdesk-pro/index.mdx b/website/integrations/services/rustdesk-pro/index.mdx index b4ab0b074789..721bae44398b 100644 --- a/website/integrations/services/rustdesk-pro/index.mdx +++ b/website/integrations/services/rustdesk-pro/index.mdx @@ -1,10 +1,9 @@ --- title: Integrate with RustDesk Server Pro sidebar_label: RustDesk Server Pro +support_level: community --- -Support level: Community - ## What is RustDesk Server Pro? > RustDesk Server Pro is a premium self-hosted solution for managing remote desktop connections securely and efficiently. diff --git a/website/integrations/services/semaphore/index.mdx b/website/integrations/services/semaphore/index.mdx index 807e1562db64..ec149dfd6327 100644 --- a/website/integrations/services/semaphore/index.mdx +++ b/website/integrations/services/semaphore/index.mdx @@ -1,10 +1,9 @@ --- title: Integrate with Semaphore UI sidebar_label: Semaphore +support_level: community --- -Support level: Community - ## What is Semaphore UI > Semaphore UI is a modern web interface for managing popular DevOps tools. diff --git a/website/integrations/services/semgrep/index.md b/website/integrations/services/semgrep/index.md index 3da6216574f0..d1218915a92b 100644 --- a/website/integrations/services/semgrep/index.md +++ b/website/integrations/services/semgrep/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Semgrep sidebar_label: Semgrep +support_level: community --- -Support level: Community - ## What is Semgrep > **Semgrep**: An application security solution that combines SAST, SCA, and secret detection. diff --git a/website/integrations/services/sentry/index.md b/website/integrations/services/sentry/index.md index 82c3611c948d..ad2d8e79f13c 100644 --- a/website/integrations/services/sentry/index.md +++ b/website/integrations/services/sentry/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Sentry sidebar_label: Sentry +support_level: authentik --- -Support level: authentik - ## What is Sentry > Sentry provides self-hosted and cloud-based error monitoring that helps all software teams discover, triage, and prioritize errors in real-time. diff --git a/website/integrations/services/sharepoint-se/index.md b/website/integrations/services/sharepoint-se/index.md index f5129f9908a2..57965404dd31 100644 --- a/website/integrations/services/sharepoint-se/index.md +++ b/website/integrations/services/sharepoint-se/index.md @@ -1,10 +1,9 @@ --- title: Integrate with SharePoint Server SE sidebar_label: SharePoint Server SE +support_level: community --- -Support level: Community - ## What is Microsoft SharePoint > SharePoint is a proprietary, web-based collaborative platform that integrates natively with Microsoft 365. diff --git a/website/integrations/services/skyhigh/index.md b/website/integrations/services/skyhigh/index.md index 6bc6d22cd34d..8d7a202561b2 100644 --- a/website/integrations/services/skyhigh/index.md +++ b/website/integrations/services/skyhigh/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Skyhigh Security sidebar_label: Skyhigh Security +support_level: community --- -Support level: Community - ## What is Skyhigh Security > Skyhigh Security is a Security Services Edge (SSE), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG), and Private Access (PA / ZTNA) cloud provider. diff --git a/website/integrations/services/slack/index.md b/website/integrations/services/slack/index.md index ed729f1e9427..f467162b72dd 100644 --- a/website/integrations/services/slack/index.md +++ b/website/integrations/services/slack/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Slack sidebar_label: Slack +support_level: authentik --- -Support level: authentik - ## What is Slack > Slack is a platform for collaboration, with chat and real-time video capabilities. To learn more, visit https://slack.com. diff --git a/website/integrations/services/snipe-it/index.md b/website/integrations/services/snipe-it/index.md index 83ab0e2ae657..5833d6fe116e 100644 --- a/website/integrations/services/snipe-it/index.md +++ b/website/integrations/services/snipe-it/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Snipe-IT sidebar_label: Snipe-IT +support_level: community --- -Support level: Community - ## What is Snipe-IT > A free open source IT asset/license management system. diff --git a/website/integrations/services/sonar-qube/index.md b/website/integrations/services/sonar-qube/index.mdx similarity index 100% rename from website/integrations/services/sonar-qube/index.md rename to website/integrations/services/sonar-qube/index.mdx diff --git a/website/integrations/services/sonarr/index.md b/website/integrations/services/sonarr/index.md index 6b6ca45c7533..88dbf334c78e 100644 --- a/website/integrations/services/sonarr/index.md +++ b/website/integrations/services/sonarr/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Sonarr sidebar_label: Sonarr +support_level: community --- -Support level: Community - :::note These instructions apply to all projects in the \*arr Family. If you use multiple of these projects, you can assign them to the same Outpost. ::: diff --git a/website/integrations/services/sssd/index.md b/website/integrations/services/sssd/index.md index 71f0a94726a4..22b5da55af2f 100644 --- a/website/integrations/services/sssd/index.md +++ b/website/integrations/services/sssd/index.md @@ -1,10 +1,9 @@ --- title: Integrate with sssd sidebar_label: sssd +support_level: community --- -Support level: Community - ## What is sssd > **SSSD** is an acronym for System Security Services Daemon. It is the client component of centralized identity management solutions such as FreeIPA, 389 Directory Server, Microsoft Active Directory, OpenLDAP and other directory servers. The client serves and caches the information stored in the remote directory server and provides identity, authentication and authorization services to the host machine. diff --git a/website/integrations/services/synology-dsm/index.md b/website/integrations/services/synology-dsm/index.md index 847433e81c0f..fbaa7ed859a5 100644 --- a/website/integrations/services/synology-dsm/index.md +++ b/website/integrations/services/synology-dsm/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Synology DSM (DiskStation Manager) sidebar_label: Synology DSM (DiskStation Manager) +support_level: community --- -Support level: Community - ## What is Synology DSM > Synology Inc. is a Taiwanese corporation that specializes in network-attached storage (NAS) appliances. Synology's line of NAS is known as the DiskStation for desktop models, FlashStation for all-flash models, and RackStation for rack-mount models. Synology's products are distributed worldwide and localized in several languages. diff --git a/website/integrations/services/tautulli/index.md b/website/integrations/services/tautulli/index.md index 73d5b123124c..ea7ea6ba9b83 100644 --- a/website/integrations/services/tautulli/index.md +++ b/website/integrations/services/tautulli/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Tautulli sidebar_label: Tautulli +support_level: community --- -Support level: Community - ## What is Tautulli > Tautulli is a 3rd party application that you can run alongside your Plex Media Server to monitor activity and track various statistics. Most importantly, these statistics include what has been watched, who watched it, when and where they watched it, and how it was watched. The only thing missing is "why they watched it", but who am I to question your 42 plays of Frozen. All statistics are presented in a nice and clean interface with many tables and graphs, which makes it easy to brag about your server to everyone else. diff --git a/website/integrations/services/terrakube/index.md b/website/integrations/services/terrakube/index.md index 13e6214e0d7a..c823951b6993 100644 --- a/website/integrations/services/terrakube/index.md +++ b/website/integrations/services/terrakube/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Terrakube sidebar_label: Terrakube +support_level: community --- -Support level: Community - ## What is Terrakube > Terrakube is an open-source collaboration platform designed for managing remote Infrastructure-as-Code (IaC) operations with Terraform. It serves as a alternative to proprietary tools like Terraform Enterprise. diff --git a/website/integrations/services/thelounge/index.md b/website/integrations/services/thelounge/index.md index 25ec4acc5ff7..890e6dd32afb 100644 --- a/website/integrations/services/thelounge/index.md +++ b/website/integrations/services/thelounge/index.md @@ -1,10 +1,9 @@ --- title: Integrate with The Lounge sidebar_label: The Lounge +support_level: community --- -Support level: Community - ## What is The Lounge > The Lounge is a modern, web-based IRC (Internet Relay Chat) client that allows users to stay connected to IRC servers even when offline. diff --git a/website/integrations/services/truecommand/index.md b/website/integrations/services/truecommand/index.md index e0f68df72fbf..4925b88e4107 100644 --- a/website/integrations/services/truecommand/index.md +++ b/website/integrations/services/truecommand/index.md @@ -1,10 +1,9 @@ --- title: Integrate with TrueNAS TrueCommand sidebar_label: TrueNAS TrueCommand +support_level: community --- -Support level: Community - ## What is TrueNAS TrueCommand > TrueCommand is a ZFS-aware solution allowing you to set custom alerts on statistics like ARC usage or pool capacity and ensuring storage uptime and future planning. TrueCommand also identifies and pinpoints errors on drives or vdevs (RAID groups), saving you valuable time when resolving issues. diff --git a/website/integrations/services/ubuntu-landscape/index.md b/website/integrations/services/ubuntu-landscape/index.md index f7f80c9956be..8fd0fe803939 100644 --- a/website/integrations/services/ubuntu-landscape/index.md +++ b/website/integrations/services/ubuntu-landscape/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Ubuntu Landscape sidebar_label: Ubuntu Landscape +support_level: community --- -Support level: Community - ## What is Ubuntu Landscape > Landscape is a systems management tool developed by Canonical. It can be run on-premises or in the cloud depending on the needs of the user. It is primarily designed for use with Ubuntu derivatives such as Desktop, Server, and Core. diff --git a/website/integrations/services/uptime-kuma/index.md b/website/integrations/services/uptime-kuma/index.md index fb9e0f8290ff..a500725d8f86 100644 --- a/website/integrations/services/uptime-kuma/index.md +++ b/website/integrations/services/uptime-kuma/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Uptime Kuma sidebar_label: Uptime Kuma +support_level: community --- -Support level: Community - ## What is Uptime Kuma > Uptime Kuma is an easy-to-use self-hosted monitoring tool. diff --git a/website/integrations/services/veeam-enterprise-manager/index.md b/website/integrations/services/veeam-enterprise-manager/index.md index 1e9269076a57..088391d777f7 100644 --- a/website/integrations/services/veeam-enterprise-manager/index.md +++ b/website/integrations/services/veeam-enterprise-manager/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Veeam Enterprise Manager sidebar_label: Veeam Enterprise Manager +support_level: community --- -Support level: Community - ## What is Veeam Enterprise Manager > Veeam Backup Enterprise Manager (Enterprise Manager) is a management and reporting component that allows you to manage multiple Veeam Backup & Replication installations from a single web console. Veeam Backup Enterprise Manager helps you optimize performance in remote office/branch office (ROBO) and large-scale deployments and maintain a view of your entire virtual environment. diff --git a/website/integrations/services/vikunja/index.md b/website/integrations/services/vikunja/index.md index 47feee84d717..6db9d7b08762 100644 --- a/website/integrations/services/vikunja/index.md +++ b/website/integrations/services/vikunja/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Vikunja sidebar_label: Vikunja +support_level: community --- -Support level: Community - ## What is Vikunja > Vikunja is an Open-Source, self-hosted To-Do list application for all platforms. It is licensed under the GPLv3. diff --git a/website/integrations/services/vmware-vcenter/index.md b/website/integrations/services/vmware-vcenter/index.md index ee743100f3f4..fe317a2d5a64 100644 --- a/website/integrations/services/vmware-vcenter/index.md +++ b/website/integrations/services/vmware-vcenter/index.md @@ -1,10 +1,9 @@ --- title: Integrate with VMware vCenter sidebar_label: VMware vCenter +support_level: community --- -Support level: Community - ## What is vCenter > vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware vMotion and svMotion require the use of vCenter and ESXi hosts. diff --git a/website/integrations/services/weblate/index.md b/website/integrations/services/weblate/index.md index 5596d43cc870..98f32bd368fb 100644 --- a/website/integrations/services/weblate/index.md +++ b/website/integrations/services/weblate/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Weblate sidebar_label: Weblate +support_level: community --- -Support level: Community - ## What is Weblate > Weblate is a copylefted libre software web-based continuous localization system, used by over 2500 libre projects and companies in more than 165 countries. diff --git a/website/integrations/services/wekan/index.mdx b/website/integrations/services/wekan/index.mdx index 13a72aaab58b..af542e83cb70 100644 --- a/website/integrations/services/wekan/index.mdx +++ b/website/integrations/services/wekan/index.mdx @@ -1,10 +1,9 @@ --- title: Integrate with Wekan sidebar_label: Wekan +support_level: community --- -Support level: Community - ## What is Wekan > Wekan is an open-source kanban board which allows a card-based task and to-do management. @@ -33,7 +32,7 @@ Note the Client ID and Client Secret values. Create an application, using the pr ## Wekan -import Tabs from "@theme/Tabs" +import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; Support level: Community - ## What is What's Up Docker > What's Up Docker (WUD) is an easy-to-use tool that alerts you whenever a new version of your Docker containers is released. diff --git a/website/integrations/services/wiki-js/index.md b/website/integrations/services/wiki-js/index.md index 05d453b11107..51aea4c0da8c 100644 --- a/website/integrations/services/wiki-js/index.md +++ b/website/integrations/services/wiki-js/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Wiki.js sidebar_label: Wiki.js +support_level: community --- -Support level: Community - ## What is Wiki.js > Wiki.js is a wiki engine running on Node.js and written in JavaScript. It is free software released under the Affero GNU General Public License. It is available as a self-hosted solution or using "single-click" install on the DigitalOcean and AWS marketplace. diff --git a/website/integrations/services/wordpress/index.md b/website/integrations/services/wordpress/index.md index b4feeba5d267..848df34bf525 100644 --- a/website/integrations/services/wordpress/index.md +++ b/website/integrations/services/wordpress/index.md @@ -1,10 +1,9 @@ --- title: Integrate with WordPress sidebar_label: WordPress +support_level: community --- -Support level: Community - ## What is WordPress > WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes diff --git a/website/integrations/services/writefreely/index.md b/website/integrations/services/writefreely/index.md index 0f9e8bafd209..be97d57669d5 100644 --- a/website/integrations/services/writefreely/index.md +++ b/website/integrations/services/writefreely/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Writefreely sidebar_label: Writefreely +support_level: community --- -Support level: Community - ## What is Writefreely > An open source platform for building a writing space on the web. diff --git a/website/integrations/services/xen-orchestra/index.md b/website/integrations/services/xen-orchestra/index.md index 214db04f5369..d0ca58523647 100644 --- a/website/integrations/services/xen-orchestra/index.md +++ b/website/integrations/services/xen-orchestra/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Xen Orchestra sidebar_label: Xen Orchestra +support_level: community --- -Support level: Community - ## What is Xen Orchestra > Xen Orchestra provides a user friendly web interface for every Xen based hypervisor (XenServer, xcp-ng, etc.). diff --git a/website/integrations/services/zabbix/index.md b/website/integrations/services/zabbix/index.md index 5521be7d0478..fe4d5523184d 100644 --- a/website/integrations/services/zabbix/index.md +++ b/website/integrations/services/zabbix/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Zabbix sidebar_label: Zabbix +support_level: community --- -Support level: Community - ## What is Zabbix > Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices. diff --git a/website/integrations/services/zammad/index.md b/website/integrations/services/zammad/index.md index 03b226b98a1c..3639d5a36931 100644 --- a/website/integrations/services/zammad/index.md +++ b/website/integrations/services/zammad/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Zammad sidebar_label: Zammad +support_level: community --- -Support level: Community - ## What is Zammad > Zammad is a web-based, open source user support/ticketing solution. diff --git a/website/integrations/services/zulip/index.md b/website/integrations/services/zulip/index.md index 1eb759099b0e..8c0e2059973a 100644 --- a/website/integrations/services/zulip/index.md +++ b/website/integrations/services/zulip/index.md @@ -1,10 +1,9 @@ --- title: Integrate with Zulip sidebar_label: Zulip +support_level: community --- -Support level: Community - ## What is Zulip > **Zulip**: Chat for distributed teams. Zulip combines the immediacy of real-time chat with an email threading model. diff --git a/website/integrations/template/service.md b/website/integrations/template/service.md index 720a5f72a515..92b9b5169910 100644 --- a/website/integrations/template/service.md +++ b/website/integrations/template/service.md @@ -1,10 +1,9 @@ --- title: Integrate with Service Name sidebar_label: Service Name +support_level: community --- -Support level: Community - ## What is Service-Name > Insert a quick overview of what Service Name is and what it does. Simply describe the product and what it is, how it is used, and do not include marketing or sales-oriented content. diff --git a/website/package-lock.json b/website/package-lock.json index 6bdeab4ed1ba..376d99950295 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -28,13 +28,15 @@ "react-feather": "^2.0.10", "react-toggle": "^4.1.3", "react-tooltip": "^5.28.0", - "remark-github": "^12.0.0" + "remark-github": "^12.0.0", + "semver": "^7.7.0" }, "devDependencies": { "@docusaurus/module-type-aliases": "^3.3.2", "@docusaurus/tsconfig": "^3.7.0", "@docusaurus/types": "^3.3.2", "@types/react": "^18.3.13", + "@types/semver": "^7.5.8", "cross-env": "^7.0.3", "prettier": "3.4.2", "typescript": "~5.7.3", @@ -5062,6 +5064,13 @@ "@types/node": "*" } }, + "node_modules/@types/semver": { + "version": "7.5.8", + "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.8.tgz", + "integrity": "sha512-I8EUhyrgfLrcTkzV3TSsGyl1tSuPrEDzr0yd5m90UgNxQkyDXULk3b6MlQqTCpZpNtWe1K0hzclnZkTcLBe2UQ==", + "dev": true, + "license": "MIT" + }, "node_modules/@types/send": { "version": "0.17.4", "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", @@ -16421,6 +16430,18 @@ "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", "license": "MIT" }, + "node_modules/openapi-to-postmanv2/node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "license": "ISC", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/openapi-to-postmanv2/node_modules/mime-db": { "version": "1.52.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", @@ -16464,6 +16485,21 @@ "node": ">=10" } }, + "node_modules/openapi-to-postmanv2/node_modules/semver": { + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", + "license": "ISC", + "dependencies": { + "lru-cache": "^6.0.0" + }, + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/openapi-to-postmanv2/node_modules/uuid": { "version": "8.3.2", "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", @@ -16473,6 +16509,12 @@ "uuid": "dist/bin/uuid" } }, + "node_modules/openapi-to-postmanv2/node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "license": "ISC" + }, "node_modules/opener": { "version": "1.5.2", "resolved": "https://registry.npmjs.org/opener/-/opener-1.5.2.tgz", @@ -18396,6 +18438,18 @@ "node": ">=10" } }, + "node_modules/postman-collection/node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "license": "ISC", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/postman-collection/node_modules/mime-db": { "version": "1.52.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", @@ -18417,6 +18471,21 @@ "node": ">= 0.6" } }, + "node_modules/postman-collection/node_modules/semver": { + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", + "license": "ISC", + "dependencies": { + "lru-cache": "^6.0.0" + }, + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/postman-collection/node_modules/uuid": { "version": "8.3.2", "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", @@ -18426,6 +18495,12 @@ "uuid": "dist/bin/uuid" } }, + "node_modules/postman-collection/node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "license": "ISC" + }, "node_modules/postman-url-encoder": { "version": "3.0.5", "resolved": "https://registry.npmjs.org/postman-url-encoder/-/postman-url-encoder-3.0.5.tgz", @@ -20669,13 +20744,10 @@ } }, "node_modules/semver": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", - "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", + "version": "7.7.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.0.tgz", + "integrity": "sha512-DrfFnPzblFmNrIZzg5RzHegbiRWg7KMR7btwi2yjHwx06zsUbO5g613sVwEV7FTwmzJu+Io0lJe2GJ3LxqpvBQ==", "license": "ISC", - "dependencies": { - "lru-cache": "^6.0.0" - }, "bin": { "semver": "bin/semver.js" }, @@ -20698,24 +20770,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/semver/node_modules/lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "license": "ISC", - "dependencies": { - "yallist": "^4.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/semver/node_modules/yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", - "license": "ISC" - }, "node_modules/send": { "version": "0.19.0", "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz", diff --git a/website/package.json b/website/package.json index 67882a333b52..7fc8d2999c87 100644 --- a/website/package.json +++ b/website/package.json @@ -17,6 +17,7 @@ "watch": "docusaurus gen-api-docs all && docusaurus start" }, "dependencies": { + "semver": "^7.7.0", "@docusaurus/core": "^3.7.0", "@docusaurus/plugin-client-redirects": "^3.7.0", "@docusaurus/plugin-content-docs": "^3.7.0", @@ -51,6 +52,7 @@ ] }, "devDependencies": { + "@types/semver": "^7.5.8", "@docusaurus/module-type-aliases": "^3.3.2", "@docusaurus/tsconfig": "^3.7.0", "@docusaurus/types": "^3.3.2", diff --git a/website/src/components/PreviewBadge.tsx b/website/src/components/PreviewBadge.tsx new file mode 100644 index 000000000000..50cb35811195 --- /dev/null +++ b/website/src/components/PreviewBadge.tsx @@ -0,0 +1,10 @@ +import React from "react"; + +/** + * Badge indicating the preview status of a feature or integration. + */ +export const PreviewBadge: React.FC = () => { + return Preview; +}; + +export default PreviewBadge; diff --git a/website/src/components/SupportBadge.tsx b/website/src/components/SupportBadge.tsx new file mode 100644 index 000000000000..f5441c2494a7 --- /dev/null +++ b/website/src/components/SupportBadge.tsx @@ -0,0 +1,26 @@ +import React from "react"; +import { + isSupportLevel, + SupportLevel, + SupportLevelToLabel, +} from "@site/src/core/support-level"; + +export interface SupportBadgeProps { + level: string; +} + +/** + * Badge indicating the support level of a feature or integration. + */ +export const SupportBadge: React.FC = ({ level }) => { + if (!isSupportLevel(level)) { + throw new TypeError(`Invalid support level: ${level}`); + } + + const label = SupportLevelToLabel[level]; + const className = `badge badge--support-${level}`; + + return Support level: {label}; +}; + +export default SupportBadge; diff --git a/website/src/components/VersionBadge.tsx b/website/src/components/VersionBadge.tsx new file mode 100644 index 000000000000..51d2123ea77c --- /dev/null +++ b/website/src/components/VersionBadge.tsx @@ -0,0 +1,25 @@ +import React from "react"; +import { coerce } from "semver"; + +export interface AuthentikVersionProps { + semver: string; +} + +/** + * Badge indicating semantic versioning of authentik required for a feature or integration. + */ +export const VersionBadge: React.FC = ({ semver }) => { + const parsed = coerce(semver); + + if (!parsed) { + throw new Error(`Invalid semver version: ${semver}`); + } + + return ( + + authentik: {parsed.format()}+ + + ); +}; + +export default VersionBadge; diff --git a/website/src/core/support-level.ts b/website/src/core/support-level.ts new file mode 100644 index 000000000000..0719af45b04d --- /dev/null +++ b/website/src/core/support-level.ts @@ -0,0 +1,21 @@ +/** + * Support levels for authentik. + */ +export type SupportLevel = "authentik" | "community" | "vendor" | "deprecated"; + +/** + * Mapping of support levels to badge classes. + */ +export const SupportLevelToLabel = { + authentik: "authentik", + community: "Community", + vendor: "Vendor", + deprecated: "Deprecated", +} as const satisfies Record; + +/** + * Type-predicate to determine if a string is a known support level. + */ +export function isSupportLevel(input: string): input is SupportLevel { + return Object.hasOwn(SupportLevelToLabel, input); +} diff --git a/website/src/css/custom.css b/website/src/css/custom.css index 99fbb952b01c..ca90aa0eb7f1 100644 --- a/website/src/css/custom.css +++ b/website/src/css/custom.css @@ -1,4 +1,4 @@ -/*#region root*/ +/* #region root */ :root { --ifm-color-primary: #fd4b2d; @@ -13,9 +13,9 @@ --ifm-navbar-link-hover-color: var(--ifm-color-gray-1000); } -/*#endregion*/ +/* #endregion */ -/*#region Buttons*/ +/* #region Buttons */ .button.button--outline { color: var(--white) !important; @@ -27,9 +27,9 @@ --ifm-button-background-color: var(--white); } -/*#endregion*/ +/* #endregion */ -/*#region Navbar*/ +/* #region Navbar */ .navbar { background-color: var(--ifm-color-primary); @@ -47,9 +47,9 @@ stroke: var(--white); } -/*#endregion*/ +/* #endregion */ -/*#region Header*/ +/* #region Header */ .header-github-link:hover { opacity: 0.6; @@ -77,7 +77,7 @@ no-repeat; } -/*#endregion*/ +/* #endregion */ @media (min-width: 1600px) { #__docusaurus_skipToContent_fallback > div { @@ -99,11 +99,12 @@ src: url("https://fonts.googleapis.com/css2?family=Roboto:wght@300&display=swap"); } +/* #region Containers */ + body { font-family: "Roboto", sans-serif; } -/* Container styles */ .content { width: 100vw; height: 100vh; @@ -112,6 +113,10 @@ body { justify-content: center; } +/* #endregion */ + +/* #region Sidebar */ + /* styling for version selector in sidebar */ .theme-doc-sidebar-menu .dropdown { display: block; @@ -128,31 +133,70 @@ body { margin-right: -0.5rem; } +/* #endregion */ + +/* #region Navbar */ + /* Nav header background color on mobile */ .navbar-sidebar__brand, .navbar-sidebar__items { background-color: var(--ifm-color-primary); } -.badge--version { - --ifm-badge-background-color: var(--ifm-color-primary-contrast-background); - color: var(--ifm-color-primary-contrast-foreground); - --ifm-badge-border-color: var(--ifm-badge-background-color); +/* #endregion */ + +/* #region Badges */ + +.anchor > .badge { font-size: 0.75rem; vertical-align: middle; } +.badge--support-vendor { + --ifm-badge-background-color: var(--ifm-color-warning-contrast-background); + --ifm-badge-color: var(--ifm-color-warning-contrast-foreground); + --ifm-badge-border-color: var(--ifm-color-warning-contrast-foreground); +} + +.badge--support-community { + --ifm-badge-background-color: var(--ifm-color-secondary); + --ifm-badge-border-color: var(--ifm-color-secondary-contrast-background); + --ifm-badge-color: var(--ifm-color-secondary-contrast-background); +} + +.badge--support-deprecated { + --ifm-badge-background-color: var(--ifm-color-danger); + --ifm-badge-border-color: var(--ifm-color-danger-contrast-background); + --ifm-badge-color: var(--ifm-color-danger-contrast-foreground); +} + +.badge--support-authentik { + --ifm-badge-background-color: var(--ifm-color-primary); + --ifm-badge-border-color: var(--ifm-color-primary-contrast-foreground); + --ifm-badge-color: var(--ifm-color-primary-contrast-foreground); +} + +.badge--version { + --ifm-badge-background-color: var(--ifm-color-primary-contrast-background); + --ifm-badge-border-color: var(--ifm-color-primary-contrast-foreground); + --ifm-badge-color: var(--ifm-color-primary-contrast-foreground); +} + .badge--preview { --ifm-badge-background-color: rgb(115, 188, 247); - color: var(--ifm-color-primary-contrast-foreground); --ifm-badge-border-color: var(--ifm-badge-background-color); - font-size: 0.75rem; - vertical-align: middle; + --ifm-badge-color: var(--ifm-color-primary-contrast-foreground); +} + +.badge-group { + display: flex; + flex-wrap: wrap; + gap: 1rem; } -/*#endregion*/ +/* #endregion */ -/*#region Mermaid*/ +/* #region Mermaid */ .docusaurus-mermaid-container { /* Improve contrast. */ @@ -163,7 +207,7 @@ body { paint-order: stroke; } } -/*#endregion*/ +/* #endregion */ .markdown { /* Remove empty table headers. */ diff --git a/website/src/hooks/title.ts b/website/src/hooks/title.ts new file mode 100644 index 000000000000..b2b76ea76c5c --- /dev/null +++ b/website/src/hooks/title.ts @@ -0,0 +1,23 @@ +import { useDoc } from "@docusaurus/plugin-content-docs/client"; + +/** + * Title can be declared inside md content or declared through + * front matter and added manually. To make both cases consistent, + * the added title is added under the same div.markdown block + * See https://github.com/facebook/docusaurus/pull/4882#issuecomment-853021120 + * + * We render a "synthetic title" if: + * - user doesn't ask to hide it with front matter + * - the markdown content does not already contain a top-level h1 heading + * + * @vendor docusaurus + */ +export function useSyntheticTitle(): string | null { + const { metadata, frontMatter, contentTitle } = useDoc(); + const shouldRender = + !frontMatter.hide_title && typeof contentTitle === "undefined"; + if (!shouldRender) { + return null; + } + return metadata.title; +} diff --git a/website/src/theme/DocItem/Content/index.tsx b/website/src/theme/DocItem/Content/index.tsx index 66366141f3b4..4802c20d4c85 100644 --- a/website/src/theme/DocItem/Content/index.tsx +++ b/website/src/theme/DocItem/Content/index.tsx @@ -1,4 +1,14 @@ -import React, { type ReactNode } from "react"; +/** + * @file Swizzled DocItemContent component. + * + * This component is a swizzled version of the original DocItemContent component. + * + * Similar to Docusaurus' default `DocItemContent`, this component renders + * the content of a documentation page. However, it also adds support for + * support badges, and Authentik version badges. + */ + +import React from "react"; import clsx from "clsx"; import { ThemeClassNames } from "@docusaurus/theme-common"; import { @@ -9,83 +19,70 @@ import Heading from "@theme/Heading"; import MDXContent from "@theme/MDXContent"; import type { Props } from "@theme/DocItem/Content"; import { DocFrontMatter } from "@docusaurus/plugin-content-docs"; - -/** - * Title can be declared inside md content or declared through - * front matter and added manually. To make both cases consistent, - * the added title is added under the same div.markdown block - * See https://github.com/facebook/docusaurus/pull/4882#issuecomment-853021120 - * - * We render a "synthetic title" if: - * - user doesn't ask to hide it with front matter - * - the markdown content does not already contain a top-level h1 heading - */ -function useSyntheticTitle(): string | null { - const { metadata, frontMatter, contentTitle } = useDoc(); - const shouldRender = - !frontMatter.hide_title && typeof contentTitle === "undefined"; - if (!shouldRender) { - return null; - } - return metadata.title; -} - -type SupportLevel = "authentik" | "community" | "deprecated"; +import { useSyntheticTitle } from "@site/src/hooks/title"; +import { SupportBadge } from "@site/src/components/SupportBadge"; +import { VersionBadge } from "@site/src/components/VersionBadge"; interface SwizzledDocFrontMatter extends DocFrontMatter { - support_level?: SupportLevel; + support_level?: string; + authentik_version?: string; + authentik_preview: boolean; + authentik_enterprise: boolean; } interface SwizzledDocContextValue extends DocContextValue { frontMatter: SwizzledDocFrontMatter; } -const SupportLevelToLabel = new Map([ - ["authentik", "authentik"], - ["community", "community"], - ["deprecated", "deprecated"], -]); - -const SupportLevelToBadgeClass = new Map([ - ["authentik", "badge--primary"], - ["community", "badge--secondary"], - ["deprecated", "badge--danger"], -]); - -const SupportLevelBadge: React.FC = () => { +const DocItemContent: React.FC = ({ children }) => { + const syntheticTitle = useSyntheticTitle(); const { frontMatter } = useDoc() as SwizzledDocContextValue; - const { support_level } = frontMatter; + const { + support_level, + authentik_version, + authentik_enterprise, + authentik_preview, + } = frontMatter; + + const badges: JSX.Element[] = []; - if (!support_level || !SupportLevelToLabel.has(support_level)) { - return null; + if (authentik_version) { + badges.push(); } - const label = SupportLevelToLabel.get(support_level); + if (support_level) { + badges.push(); + } - return ( - - Support level: {label} - - ); -}; + if (authentik_preview) { + badges.push(Preview); + } -export default function DocItemContent({ children }: Props): ReactNode { - const syntheticTitle = useSyntheticTitle(); + if (authentik_enterprise) { + badges.push(Enterprise); + } return (
- {syntheticTitle && ( + {syntheticTitle ? (
{syntheticTitle} - + + {badges.length ? ( +

+ {badges.map((badge, index) => ( + + {badge} + + ))} +

+ ) : null}
- )} + ) : null} + {children}
); -} +}; + +export default DocItemContent; diff --git a/website/tsconfig.json b/website/tsconfig.json new file mode 100644 index 000000000000..fd4481fe32bd --- /dev/null +++ b/website/tsconfig.json @@ -0,0 +1,8 @@ +{ + // This file is not used in compilation. It is here just for a nice editor experience. + "extends": "@docusaurus/tsconfig", + "compilerOptions": { + "baseUrl": "." + }, + "exclude": [".docusaurus", "build", "node_modules"] +}