From 600b28b85952ff164b1bc8dafa024bd52347566e Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Wed, 13 Jul 2022 00:27:02 -0700 Subject: [PATCH] Add to Authentik documentation --- server/config/authentik/README.md | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/server/config/authentik/README.md b/server/config/authentik/README.md index c36b97e..17382f6 100644 --- a/server/config/authentik/README.md +++ b/server/config/authentik/README.md @@ -6,7 +6,7 @@ |:---------:|:-----:| | Provider type | OAuth2/OpenID Provider | | Name | *Name of new application (e.g. Grafana)* | -| Authorization flow | Authorize Application (default-provider-authorization-explicit-consent) | +| Authorization flow | Authorize Application (default-provider-authorization-implicit-consent) | | Client type | Confidential | | Client ID | *Copy this value for later use* | | Client Secret | *Copy this value for later use* | @@ -37,4 +37,21 @@ | Token URL | *Token URL* | | API URl | *Userinfo URL* | -7. Apply and restart the application. \ No newline at end of file +7. Apply and restart the application. + +# Switching to single-screen (autofill compatible) login +The default out-of-box configuration for Authentik uses two separate screens for inputting username and password (and an optional third for MFA). This breaks compatibility with password managers. To switch to using single-stage username and password login, + +1. Navigate to *Flows & Stages --> Stages --> default-authentication-identification* and edit the "Password stage" to use `default-authentication-password`. +2. Navigate to *Flows & Stages --> Flows --> default-authentication-flow* and open it. Go to Stage Bindings, select the `default-authentication-password` stage and delete it from the flow (as it is now included in the previous stage). + +All done. + +# Make Application Admin-only +Some applications should be available only to members of the Jafner.net Admins group. To protect an application behind this role, + +1. Navigate to *Applications --> Applications* and open the relevant application. +2. Switch to the "Policy / Group / User Bindings" tab. +3. Click "Create Binding", switch from "Policy" to "Group" (or "User", if preferred). From the drop-down, select the group which should be permitted to access the application, then click "Create". + +All done. \ No newline at end of file