diff --git a/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx b/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx index 7599a33c4843..721355fdcb3d 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx +++ b/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx @@ -62,7 +62,7 @@ When an unauthenticated user attempts to access a secured resource, they are red When a user authenticates/enrolls via an external source, this will be set to the source they are using. -#### `outpost` (dictionary) :ak-version[2024.10] +#### `outpost` (dictionary):ak-version[2024.10] When a flow is executed by an Outpost (for example the [LDAP](../../../providers/ldap/index.md) or [RADIUS](../../../providers/radius/index.mdx)), this will be set to a dictionary containing the Outpost instance under the key `"instance"`. @@ -76,7 +76,7 @@ This key is set to `True` when the flow is executed from an "SSO" context. For e This key is set when a flow execution is continued from a token. This happens for example when an [Email stage](../../stages/email/index.mdx) is used and the user clicks on the link within the email. The token object contains the key that was used to restore the flow execution. -#### `is_redirected` (Flow object) :ak-version[2024.12] +#### `is_redirected` (Flow object):ak-version[2024.12] This key is set when the current flow was reached through a [Redirect stage](../../stages/redirect/index.md) in Flow mode. @@ -98,7 +98,7 @@ URL that the form will be submitted to. Key-value pairs of the data that is included in the form and will be submitted to `url`. -#### Captcha stage :ak-version[2024.6] +#### Captcha stage:ak-version[2024.6] ##### `captcha` (dictionary) @@ -118,7 +118,7 @@ An optional list of all permissions that will be given to the application by gra #### Deny stage -##### `deny_message` (string) :ak-version[2023.10] +##### `deny_message` (string):ak-version[2023.10] Optionally overwrite the deny message shown, has a higher priority than the message configured in the stage. @@ -134,7 +134,7 @@ If set, this must be a list of group objects and not group names. Path the `pending_user` will be written to. If not set in the flow, falls back to the value set in the user_write stage, and otherwise to the `users` path. -##### `user_type` (string) :ak-version[2023.10] +##### `user_type` (string):ak-version[2023.10] Type the `pending_user` will be created as. Must be one of `internal`, `external` or `service_account`. @@ -198,7 +198,7 @@ If _Show matched user_ is disabled, this key will be set to the user identifier #### Redirect stage -##### `redirect_stage_target` (string) :ak-version[2024.12] +##### `redirect_stage_target` (string):ak-version[2024.12] [Set this key](../../../../customize/policies/expression/managing_flow_context_keys.md) in an Expression Policy to override [Redirect stage](../../stages/redirect/index.md) to force it to redirect to a certain URL or flow. This is useful when a flow requires that the redirection target be decided dynamically. diff --git a/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.mdx b/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.mdx index fbe13d5930f3..4d7111bb62e8 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.mdx +++ b/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.mdx @@ -2,7 +2,7 @@ title: Example policy snippets for flows --- -### Redirect current flow to another URL :ak-version[2022.7] +### Redirect current flow to another URL:ak-version[2022.7] ```python plan = request.context.get("flow_plan") diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.mdx b/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.mdx index defc64ce80ba..ee5b529070b5 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.mdx +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.mdx @@ -10,7 +10,7 @@ Copy all of the integration key, secret key and API hostname, and paste them in Devices created reference the stage they were created with, since the API credentials are needed to authenticate. This also means when the stage is deleted, all devices are removed. -## Importing users :ak-version[2022.9] +## Importing users:ak-version[2022.9] :::info Due to the way the Duo API works, authentik can only automatically import existing Duo users when a Duo MFA or higher license is active. @@ -20,7 +20,7 @@ To import a device, open the Stages list in the authentik Admin interface. On th The Duo username can be found by navigating to your Duo Admin dashboard and selecting _Users_ in the sidebar. Optionally if you have multiple users with the same username, you can click on a User and copy their ID from the URL, and use that to import the device. -### Older versions :ak-version[2021.9.1] +### Older versions:ak-version[2021.9.1] You can call the `/api/v3/stages/authenticator/duo/{stage_uuid}/import_devices/` endpoint ([see here](https://goauthentik.io/api/#post-/stages/authenticator/duo/-stage_uuid-/import_devices/)) using the following parameters: diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.mdx b/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.mdx index 7b3803d26285..c9d22b139520 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.mdx +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.mdx @@ -46,7 +46,7 @@ return { } ``` -## Verify only :ak-version[2022.6] +## Verify only:ak-version[2022.6] To only verify the validity of a users' phone number, without saving it in an easily accessible way, you can enable this option. Phone numbers from devices enrolled through this stage will only have their hashed phone number saved. These devices can also not be used with the [Authenticator validation](../authenticator_validate/index.mdx) stage. diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx b/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx index 73b4ff7415f4..347592267331 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx @@ -23,11 +23,11 @@ Keep in mind that when using Code-based devices (TOTP, Static and SMS), values l ### Options -#### Less-frequent validation :ak-version[2022.5.1] +#### Less-frequent validation:ak-version[2022.5.1] You can configure this stage to only ask for MFA validation if the user hasn't authenticated themselves within a defined time period. To configure this, set _Last validation threshold_ to any non-zero value. Any of the users devices within the selected classes are checked. -#### Passwordless authentication :ak-version[2021.12.4] +#### Passwordless authentication:ak-version[2021.12.4] :::caution Firefox has some known issues regarding TouchID (see https://bugzilla.mozilla.org/show_bug.cgi?id=1536482) @@ -68,7 +68,7 @@ Logins which used Passwordless authentication have the _auth_method_ context var } ``` -#### WebAuthn Device type restrictions :ak-version[2024.4] +#### WebAuthn Device type restrictions:ak-version[2024.4] Optionally restrict which WebAuthn device types can be used to authenticate. diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx b/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx index 9d5671aba069..805d2e012289 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx @@ -18,7 +18,7 @@ Configure if the created authenticator is stored in the encrypted memory on the Configure if authentik will require either a removable device (like a YubiKey, Google Titan, etc) or a non-removable device (like Windows Hello, TouchID or password managers), or not send a requirement. -#### Device type restrictions :ak-version[2024.4] +#### Device type restrictions:ak-version[2024.4] Optionally restrict the types of devices allowed to be enrolled. This option can be used to ensure users are only able to enroll FIPS-compliant devices for example. diff --git a/website/docs/add-secure-apps/flows-stages/stages/identification/index.mdx b/website/docs/add-secure-apps/flows-stages/stages/identification/index.mdx index 8e281c164f5c..2f1f255eca67 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/identification/index.mdx +++ b/website/docs/add-secure-apps/flows-stages/stages/identification/index.mdx @@ -30,7 +30,7 @@ To run a CAPTCHA process in the background while the user is entering their iden These fields specify if and which flows are linked on the form. The enrollment flow is linked as `Need an account? Sign up.`, and the recovery flow is linked as `Forgot username or password?`. -## Pretend user exists :ak-version[2024.2] +## Pretend user exists:ak-version[2024.2] When enabled, any user identifier will be accepted as valid (as long as they match the correct format, i.e. when [User fields](#user-fields) is set to only allow Emails, then the identifier still needs to be an Email). The stage will succeed and the flow will continue to the next stage. Stages like the [Password stage](../password/index.md) and [Email stage](../email/index.mdx) are aware of this "pretend" user and will behave the same as if the user would exist. diff --git a/website/docs/add-secure-apps/providers/oauth2/client_credentials.mdx b/website/docs/add-secure-apps/providers/oauth2/client_credentials.mdx index 2aa5f864579d..e749ea5da081 100644 --- a/website/docs/add-secure-apps/providers/oauth2/client_credentials.mdx +++ b/website/docs/add-secure-apps/providers/oauth2/client_credentials.mdx @@ -30,7 +30,7 @@ In addition to that, with authentik 2024.4 it is also possible to pass the confi ### JWT-authentication -#### Externally issued JWTs :ak-version[2022.4] +#### Externally issued JWTs:ak-version[2022.4] You can authenticate and get a token using an existing JWT. For readability we will refer to the JWT issued by the external issuer/platform as input JWT, and the resulting JWT from authentik as the output JWT. @@ -59,7 +59,7 @@ To dynamically limit access based on the claims of the tokens, you can use _[Exp return request.context["oauth_jwt"]["iss"] == "https://my.issuer" ``` -#### authentik-issued JWTs :ak-version[2024.12] +#### authentik-issued JWTs:ak-version[2024.12] To allow federation between providers, modify the provider settings of the application (whose token will be used for authentication) to select the provider of the application to which you want to federate. diff --git a/website/docs/add-secure-apps/providers/oauth2/index.mdx b/website/docs/add-secure-apps/providers/oauth2/index.mdx index 21d2e9e29dcb..5272f386cdb5 100644 --- a/website/docs/add-secure-apps/providers/oauth2/index.mdx +++ b/website/docs/add-secure-apps/providers/oauth2/index.mdx @@ -176,6 +176,6 @@ When a _Signing Key_ is selected in the provider, the JWT will be signed asymmet When no _Signing Key_ is selected, the JWT will be signed symmetrically with the _Client secret_ of the provider, which can be seen in the provider settings. -### Encryption :ak-version[2024.10] +### Encryption:ak-version[2024.10] authentik can also encrypt JWTs (turning them into JWEs) it issues by selecting an _Encryption Key_ in the provider. When selected, all JWTs will be encrypted symmetrically using the selected certificate. authentik uses the `RSA-OAEP-256` algorithm with the `A256CBC-HS512` encryption method. diff --git a/website/docs/add-secure-apps/providers/proxy/header_authentication.mdx b/website/docs/add-secure-apps/providers/proxy/header_authentication.mdx index c45edc79421e..2a59c284228c 100644 --- a/website/docs/add-secure-apps/providers/proxy/header_authentication.mdx +++ b/website/docs/add-secure-apps/providers/proxy/header_authentication.mdx @@ -25,7 +25,7 @@ By default, when _Intercept header authentication_ is enabled, authentik will in If the proxied application requires usage of the "Authorization" header, the setting should be disabled. When this setting is disabled, authentik will still attempt to interpret the "Authorization" header, and fall back to the default behaviour if it can't. -### Receiving HTTP Basic authentication :ak-version[2023.1] +### Receiving HTTP Basic authentication:ak-version[2023.1] Proxy providers can receive HTTP basic authentication credentials. The password is expected to be an _App password_, as the credentials are used internally with the [OAuth2 machine-to-machine authentication flow](../oauth2/client_credentials.mdx). @@ -39,7 +39,7 @@ It is **strongly** recommended that the client sending requests with HTTP-Basic Starting with authentik 2023.2, logging in with the reserved username `goauthentik.io/token` will behave as if a bearer token was used. All the same options as below apply. This is to allow token-based authentication for applications which might only support basic authentication. -### Receiving HTTP Bearer authentication :ak-version[2023.1] +### Receiving HTTP Bearer authentication:ak-version[2023.1] Proxy providers can receive HTTP bearer authentication credentials. The token is expected to be a JWT token issued for the proxy provider. This is described [here](../oauth2/client_credentials.mdx), using the _client_id_ value shown in the admin interface. Both static and JWT authentication methods are supported. diff --git a/website/docs/customize/blueprints/export.mdx b/website/docs/customize/blueprints/export.mdx index e243d43ef542..eeb19983d108 100644 --- a/website/docs/customize/blueprints/export.mdx +++ b/website/docs/customize/blueprints/export.mdx @@ -2,7 +2,7 @@ title: Export --- -## Global export :ak-version[2022.8.2] +## Global export:ak-version[2022.8.2] To migrate existing configurations to blueprints, run `ak export_blueprint` within any authentik Worker container. This will output a blueprint for most currently created objects. Some objects will not be exported as they might have dependencies on other things. diff --git a/website/docs/customize/blueprints/index.mdx b/website/docs/customize/blueprints/index.mdx index 6bc8f83d9eda..58d2aaded357 100644 --- a/website/docs/customize/blueprints/index.mdx +++ b/website/docs/customize/blueprints/index.mdx @@ -55,7 +55,7 @@ To push a blueprint to an OCI-compatible registry, [ORAS](https://oras.land/) ca oras push ghcr.io//blueprint/:latest :application/vnd.goauthentik.blueprint.v1+yaml ``` -## Storage - Internal :ak-version[2023.1] +## Storage - Internal:ak-version[2023.1] Blueprints can be stored in authentik's database, which allows blueprints to be managed via external configuration management tools like Terraform. diff --git a/website/docs/customize/blueprints/v1/models.mdx b/website/docs/customize/blueprints/v1/models.mdx index 2955855d02c9..bcd946630f11 100644 --- a/website/docs/customize/blueprints/v1/models.mdx +++ b/website/docs/customize/blueprints/v1/models.mdx @@ -4,7 +4,7 @@ Some models behave differently and allow for access to different API fields when ## `authentik_core.token` -### `key` :ak-version[2023.4] +### `key`:ak-version[2023.4] Via the standard API, a token's key cannot be changed, it can only be rotated. This is to ensure a high entropy in it's key, and to prevent insecure data from being used. However, when provisioning tokens via a blueprint, it may be required to set a token to an existing value. @@ -26,7 +26,7 @@ For example: ## `authentik_core.user` -### `password` :ak-version[2023.6] +### `password`:ak-version[2023.6] Via the standard API, a user's password can only be set via the separate `/api/v3/core/users//set_password/` endpoint. In blueprints, the password of a user can be set using the `password` field. @@ -45,7 +45,7 @@ For example: password: this-should-be-a-long-value ``` -### `permissions` :ak-version[2024.8] +### `permissions`:ak-version[2024.8] The `permissions` field can be used to set global permissions for a user. A full list of possible permissions is included in the JSON schema for blueprints. @@ -63,7 +63,7 @@ For example: ## `authentik_core.application` -### `icon` :ak-version[2023.5] +### `icon`:ak-version[2023.5] Application icons can be directly set to URLs with the `icon` field. @@ -81,7 +81,7 @@ For example: ## `authentik_sources_oauth.oauthsource`, `authentik_sources_saml.samlsource`, `authentik_sources_plex.plexsource` -### `icon` :ak-version[2023.5] +### `icon`:ak-version[2023.5] Source icons can be directly set to URLs with the `icon` field. @@ -99,7 +99,7 @@ For example: ## `authentik_flows.flow` -### `icon` :ak-version[2023.5] +### `icon`:ak-version[2023.5] Flow backgrounds can be directly set to URLs with the `background` field. @@ -119,7 +119,7 @@ For example: ## `authentik_rbac.role` -### `permissions` :ak-version[2024.8] +### `permissions`:ak-version[2024.8] The `permissions` field can be used to set global permissions for a role. A full list of possible permissions is included in the JSON schema for blueprints. diff --git a/website/docs/customize/blueprints/v1/tags.mdx b/website/docs/customize/blueprints/v1/tags.mdx index ebdfac65295c..0be95dbdf1dc 100644 --- a/website/docs/customize/blueprints/v1/tags.mdx +++ b/website/docs/customize/blueprints/v1/tags.mdx @@ -301,7 +301,7 @@ The above example will resolve to something like this: - "bar: (index: 2, letter: r)" ``` -#### `!AtIndex` :ak-version[2024.12] +#### `!AtIndex`:ak-version[2024.12] Minimal example: diff --git a/website/docs/enterprise/manage-enterprise.mdx b/website/docs/enterprise/manage-enterprise.mdx index a5c4d2ed12b7..88d1ce3e2ece 100644 --- a/website/docs/enterprise/manage-enterprise.mdx +++ b/website/docs/enterprise/manage-enterprise.mdx @@ -109,7 +109,7 @@ The following events occur when a license expires or the internal/external user - Users can authenticate and authorize applications - Licenses can be modified - - Users can be modified/deleted :ak-version[2024.10.5] + - Users can be modified/deleted:ak-version[2024.10.5] After the violation is corrected (either the user count returns to be within the limits of the license or the license is renewed), authentik will return to the standard read-write mode and the notification will disappear. diff --git a/website/docs/expressions/_functions.mdx b/website/docs/expressions/_functions.mdx index 2cce3a085a49..45ba32f26663 100644 --- a/website/docs/expressions/_functions.mdx +++ b/website/docs/expressions/_functions.mdx @@ -29,7 +29,7 @@ user = list_flatten(["foo"]) # user = "foo" ``` -### `ak_call_policy(name: str, **kwargs) -> PolicyResult` :ak-version[2021.12] +### `ak_call_policy(name: str, **kwargs) -> PolicyResult`:ak-version[2021.12] Call another policy with the name _name_. Current request is passed to policy. Key-word arguments can be used to modify the request's context. @@ -70,7 +70,7 @@ Example: other_user = ak_user_by(username="other_user") ``` -### `ak_user_has_authenticator(user: User, device_type: Optional[str] = None) -> bool` :ak-version[2022.9] +### `ak_user_has_authenticator(user: User, device_type: Optional[str] = None) -> bool`:ak-version[2022.9] Check if a user has any authenticator devices. Only fully validated devices are counted. @@ -87,7 +87,7 @@ Example: return ak_user_has_authenticator(request.user) ``` -### `ak_create_event(action: str, **kwargs) -> None` :ak-version[2022.9] +### `ak_create_event(action: str, **kwargs) -> None`:ak-version[2022.9] Create a new event with the action set to `action`. Any additional key-word parameters will be saved in the event context. Additionally, `context` will be set to the context in which this function is called. @@ -101,7 +101,7 @@ Example: ak_create_event("my_custom_event", foo=request.user) ``` -### `ak_create_jwt(user: User, provider: OAuth2Provider | str, scopes: list[str], validity = "seconds=60") -> str | None` :ak-version[2025.2] +### `ak_create_jwt(user: User, provider: OAuth2Provider | str, scopes: list[str], validity = "seconds=60") -> str | None`:ak-version[2025.2] Create a new JWT signed by the given `provider` for `user`. @@ -136,7 +136,7 @@ ip_address('192.0.2.1') in ip_network('192.0.2.0/24') # evaluates to True ``` -## DNS resolution and reverse DNS lookups :ak-version[2023.3] +## DNS resolution and reverse DNS lookups:ak-version[2023.3] To resolve a hostname to a list of IP addresses, use the functions `resolve_dns(hostname)` and `resolve_dns(hostname, ip_version)`. diff --git a/website/docs/install-config/automated-install.mdx b/website/docs/install-config/automated-install.mdx index 42c58095eaac..533d4431114c 100644 --- a/website/docs/install-config/automated-install.mdx +++ b/website/docs/install-config/automated-install.mdx @@ -8,11 +8,11 @@ To install authentik automatically (skipping the Out-of-box experience), you can Configure the default password for the `akadmin` user. Only read on the first startup. Can be used for any flow executor. -### `AUTHENTIK_BOOTSTRAP_TOKEN` :ak-version[2021.8] +### `AUTHENTIK_BOOTSTRAP_TOKEN`:ak-version[2021.8] Create a token for the default `akadmin` user. Only read on the first startup. The string you specify for this variable is the token key you can use to authenticate yourself to the API. -### `AUTHENTIK_BOOTSTRAP_EMAIL` :ak-version[2023.3] +### `AUTHENTIK_BOOTSTRAP_EMAIL`:ak-version[2023.3] Set the email address for the default `akadmin` user. diff --git a/website/docs/install-config/configuration/configuration.mdx b/website/docs/install-config/configuration/configuration.mdx index 8188de79df1f..56139600fbef 100644 --- a/website/docs/install-config/configuration/configuration.mdx +++ b/website/docs/install-config/configuration/configuration.mdx @@ -17,7 +17,7 @@ All of these variables can be set to values, but you can also use a URI-like for ## Set your environment variables -import Tabs from "@theme/Tabs"; +import Tabs from "@theme/Tabs" import TabItem from "@theme/TabItem"; @@ -319,47 +319,47 @@ Disable the inbuilt update-checker. Defaults to `false`. - Kubeconfig - Existence of a docker socket -### `AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS` :ak-version[2023.1] +### `AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS`:ak-version[2023.1] Timeout in hours for LDAP synchronization tasks. Defaults to `2`. -### `AUTHENTIK_LDAP__PAGE_SIZE` :ak-version[2023.6.1] +### `AUTHENTIK_LDAP__PAGE_SIZE`:ak-version[2023.6.1] Page size for LDAP synchronization. Controls the number of objects created in a single task. Defaults to `50`. -### `AUTHENTIK_LDAP__TLS__CIPHERS` :ak-version[2022.7] +### `AUTHENTIK_LDAP__TLS__CIPHERS`:ak-version[2022.7] Allows configuration of TLS Cliphers for LDAP connections used by LDAP sources. Setting applies to all sources. Defaults to `null`. -### `AUTHENTIK_REPUTATION__EXPIRY` :ak-version[2023.8.2] +### `AUTHENTIK_REPUTATION__EXPIRY`:ak-version[2023.8.2] Configure how long reputation scores should be saved for in seconds. Note that this is different than [`AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION`](#redis-settings), as reputation is saved to the database every 5 minutes. Defaults to `86400`. -### `AUTHENTIK_SESSION_STORAGE` :ak-version[2024.4] +### `AUTHENTIK_SESSION_STORAGE`:ak-version[2024.4] Configure if the sessions are stored in the cache or the database. Defaults to `cache`. Allowed values are `cache` and `db`. Note that changing this value will invalidate all previous sessions. -### `AUTHENTIK_WEB__WORKERS` :ak-version[2022.9] +### `AUTHENTIK_WEB__WORKERS`:ak-version[2022.9] Configure how many gunicorn worker processes should be started (see https://docs.gunicorn.org/en/stable/design.html). Defaults to 2. A value below 2 workers is not recommended. In environments where scaling with multiple replicas of the authentik server is not possible, this number can be increased to handle higher loads. -### `AUTHENTIK_WEB__THREADS` :ak-version[2022.9] +### `AUTHENTIK_WEB__THREADS`:ak-version[2022.9] Configure how many gunicorn threads a worker processes should have (see https://docs.gunicorn.org/en/stable/design.html). Defaults to 4. -### `AUTHENTIK_WORKER__CONCURRENCY` :ak-version[2023.9] +### `AUTHENTIK_WORKER__CONCURRENCY`:ak-version[2023.9] Configure Celery worker concurrency for authentik worker (see https://docs.celeryq.dev/en/latest/userguide/configuration.html#worker-concurrency). This essentially defines the number of worker processes spawned for a single worker. @@ -375,7 +375,7 @@ Configure the path under which authentik is serverd. For example to access authe Defaults to `/`. -## System settings :ak-version[2024.2] +## System settings:ak-version[2024.2] Additional settings are configurable using the Admin interface, under **System** -> **Settings** or using the API. diff --git a/website/docs/users-sources/groups/manage_groups.mdx b/website/docs/users-sources/groups/manage_groups.mdx index 32bf04d5705f..6097d177b8f0 100644 --- a/website/docs/users-sources/groups/manage_groups.mdx +++ b/website/docs/users-sources/groups/manage_groups.mdx @@ -43,7 +43,7 @@ To delete a group, follow these steps: You can assign a role to a group, and then all users in the group inherit the permissions assigned to that role. For instructions and more information, see [Assign a role to a group](../roles/manage_roles.md#assign-a-role-to-a-group). -## Delegating group member management :ak-version[2024.4] +## Delegating group member management:ak-version[2024.4] To give a specific Role or User the ability to manage group members, the following permissions need to be granted on the matching Group object: diff --git a/website/docs/users-sources/sources/protocols/oauth/index.mdx b/website/docs/users-sources/sources/protocols/oauth/index.mdx index e4a8f6dd4a53..2ea79b74e9ed 100644 --- a/website/docs/users-sources/sources/protocols/oauth/index.mdx +++ b/website/docs/users-sources/sources/protocols/oauth/index.mdx @@ -14,7 +14,7 @@ This source allows users to enroll themselves with an external OAuth-based Ident Starting with authentik 2022.10, the default scopes can be replaced by prefix the value for scopes with `*`. -### OpenID Connect :ak-version[2022.6] +### OpenID Connect:ak-version[2022.6] #### Well-known diff --git a/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx b/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx index 4d2ebd771964..161dbc21c94a 100644 --- a/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx +++ b/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx @@ -111,7 +111,7 @@ return True Try to login with a **_new_** user. You should see no prompts and the user should have the correct information. -### Machine-to-machine authentication :ak-version[2024.12] +### Machine-to-machine authentication:ak-version[2024.12] If using [Machine-to-Machine](../../../../add-secure-apps/providers/oauth2/client_credentials.mdx#jwt-authentication) authentication, some specific steps need to be considered. diff --git a/website/docs/users-sources/sources/social-logins/github/index.mdx b/website/docs/users-sources/sources/social-logins/github/index.mdx index 5fd76d360a08..4b7fbdd44c89 100644 --- a/website/docs/users-sources/sources/social-logins/github/index.mdx +++ b/website/docs/users-sources/sources/social-logins/github/index.mdx @@ -49,7 +49,7 @@ Save, and you now have Github as a source. For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). ::: -### Checking for membership of a GitHub Organisation :ak-version[2021.12.5.] +### Checking for membership of a GitHub Organisation:ak-version[2021.12.5.] To check if the user is member of an organisation, you can use the following policy on your flows: diff --git a/website/docs/users-sources/user/user_ref.mdx b/website/docs/users-sources/user/user_ref.mdx index bba422b8cb49..22117bc8ca9d 100644 --- a/website/docs/users-sources/user/user_ref.mdx +++ b/website/docs/users-sources/user/user_ref.mdx @@ -42,7 +42,7 @@ for group in user.ak_groups.all(): yield group.name ``` -## Path :ak-version[2022.7] +## Path:ak-version[2022.7] Paths can be used to organize users into folders depending on which source created them or organizational structure. Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else. diff --git a/website/src/css/custom.css b/website/src/css/custom.css index ac6363653197..2de5b9f738a1 100644 --- a/website/src/css/custom.css +++ b/website/src/css/custom.css @@ -152,6 +152,10 @@ body { vertical-align: middle; } +.anchor > .badge { + margin-left: 0.5rem; +} + .badge--support-vendor { --ifm-badge-background-color: var(--ifm-color-warning-contrast-background); --ifm-badge-color: var(--ifm-color-warning-contrast-foreground);