diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index bfce33eea8f1..54e9b8b5b0a2 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,7 +1,7 @@ ## Details diff --git a/Makefile b/Makefile index 277139e32148..c43030551328 100644 --- a/Makefile +++ b/Makefile @@ -19,13 +19,14 @@ pg_name := $(shell python -m authentik.lib.config postgresql.name 2>/dev/null) CODESPELL_ARGS = -D - -D .github/codespell-dictionary.txt \ -I .github/codespell-words.txt \ -S 'web/src/locales/**' \ - -S 'website/docs/developer-docs/api/reference/**' \ + -S 'website/developer-docs/api/reference/**' \ authentik \ internal \ cmd \ web/src \ website/src \ website/blog \ + website/developer-docs \ website/docs \ website/integrations \ website/src diff --git a/README.md b/README.md index 3ae306574d44..613b41e24988 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ For bigger setups, there is a Helm Chart [here](https://github.com/goauthentik/h ## Development -See [Developer Documentation](https://docs.goauthentik.io/docs/developer-docs/?utm_source=github) +See [Developer Documentation](https://goauthentik.io/developer-docs/?utm_source=github) ## Security diff --git a/authentik/blueprints/v1/importer.py b/authentik/blueprints/v1/importer.py index 4f3d4f762b0c..08d79769322c 100644 --- a/authentik/blueprints/v1/importer.py +++ b/authentik/blueprints/v1/importer.py @@ -69,7 +69,7 @@ from authentik.tenants.models import Tenant # Context set when the serializer is created in a blueprint context -# Update website/docs/customize/blueprints/v1/models.md when used +# Update website/developer-docs/blueprints/v1/models.md when used SERIALIZER_CONTEXT_BLUEPRINT = "blueprint_entry" diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index 7a6bff04a547..cf6ca74f2cc5 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -1,4 +1,4 @@ -# update website/docs/install-config/configuration/configuration.mdx +# update website/docs/installation/configuration.mdx # This is the default configuration file postgresql: host: localhost diff --git a/authentik/outposts/models.py b/authentik/outposts/models.py index 4032892fe870..2a6f45789fb6 100644 --- a/authentik/outposts/models.py +++ b/authentik/outposts/models.py @@ -53,7 +53,7 @@ class ServiceConnectionInvalid(SentryIgnoredException): class OutpostConfig: """Configuration an outpost uses to configure it self""" - # update website/docs/add-secure-apps/outposts/_config.md + # update website/docs/outposts/_config.md authentik_host: str = "" authentik_host_insecure: bool = False diff --git a/authentik/stages/prompt/models.py b/authentik/stages/prompt/models.py index 7ee995c747f7..a05853e3632f 100644 --- a/authentik/stages/prompt/models.py +++ b/authentik/stages/prompt/models.py @@ -38,7 +38,7 @@ class FieldTypes(models.TextChoices): """Field types an Prompt can be""" - # update website/docs/add-secure-apps/flows-stages/stages/prompt/index.md + # update website/docs/flow/stages/prompt/index.md # Simple text field TEXT = "text", _("Text: Simple Text input") diff --git a/scripts/api-ts-templates/README.mustache b/scripts/api-ts-templates/README.mustache index a606e48553af..1067c9e88d43 100644 --- a/scripts/api-ts-templates/README.mustache +++ b/scripts/api-ts-templates/README.mustache @@ -4,7 +4,7 @@ This package provides a generated API Client for [authentik](https://goauthentik ### Building -See https://docs.goauthentik.io/docs/developer-docs/making-schema-changes +See https://goauthentik.io/developer-docs/making-schema-changes ### Consuming diff --git a/web/src/admin/applications/ApplicationListPage.ts b/web/src/admin/applications/ApplicationListPage.ts index 50b4ee908c7a..628f387e0a84 100644 --- a/web/src/admin/applications/ApplicationListPage.ts +++ b/web/src/admin/applications/ApplicationListPage.ts @@ -2,7 +2,7 @@ import "@goauthentik/admin/applications/ApplicationForm"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { PFSize } from "@goauthentik/common/enums.js"; import "@goauthentik/components/ak-app-icon"; -import MDApplication from "@goauthentik/docs/add-secure-apps/applications/index.md"; +import MDApplication from "@goauthentik/docs/applications/index.md"; import "@goauthentik/elements/Markdown"; import "@goauthentik/elements/buttons/SpinnerButton"; import "@goauthentik/elements/forms/DeleteBulkForm"; diff --git a/web/src/admin/blueprints/BlueprintForm.ts b/web/src/admin/blueprints/BlueprintForm.ts index ad2ef155234e..dd08b6b87290 100644 --- a/web/src/admin/blueprints/BlueprintForm.ts +++ b/web/src/admin/blueprints/BlueprintForm.ts @@ -159,7 +159,7 @@ export class BlueprintForm extends ModelForm { target="_blank" rel="noopener noreferrer" href="${docLink( - "/docs/customize/blueprints/?utm_source=authentik#storage---oci", + "/developer-docs/blueprints/?utm_source=authentik#storage---oci", )}" >${msg("Documentation")} diff --git a/web/src/admin/outposts/OutpostDeploymentModal.ts b/web/src/admin/outposts/OutpostDeploymentModal.ts index fcbd4bb36ef6..55e8289c39d8 100644 --- a/web/src/admin/outposts/OutpostDeploymentModal.ts +++ b/web/src/admin/outposts/OutpostDeploymentModal.ts @@ -22,9 +22,7 @@ export class OutpostDeploymentModal extends ModalButton {

${msg("View deployment documentation")} diff --git a/web/src/admin/outposts/OutpostForm.ts b/web/src/admin/outposts/OutpostForm.ts index 3c276caaf7ae..f11d9d2a7819 100644 --- a/web/src/admin/outposts/OutpostForm.ts +++ b/web/src/admin/outposts/OutpostForm.ts @@ -215,7 +215,7 @@ export class OutpostForm extends ModelForm { ${msg("See documentation")}.

@@ -251,7 +251,7 @@ export class OutpostForm extends ModelForm { target="_blank" rel="noopener noreferrer" href="${docLink( - "/docs/add-secure-apps/outposts?utm_source=authentik#configuration", + "/docs/outposts?utm_source=authentik#configuration", )}" >${msg("Documentation")} diff --git a/web/src/admin/policies/expression/ExpressionPolicyForm.ts b/web/src/admin/policies/expression/ExpressionPolicyForm.ts index f2526141ac35..e207d42a9e6b 100644 --- a/web/src/admin/policies/expression/ExpressionPolicyForm.ts +++ b/web/src/admin/policies/expression/ExpressionPolicyForm.ts @@ -87,9 +87,7 @@ export class ExpressionPolicyForm extends BasePolicyForm { ${msg("See documentation for a list of all variables.")} diff --git a/web/src/admin/property-mappings/BasePropertyMappingForm.ts b/web/src/admin/property-mappings/BasePropertyMappingForm.ts index 899f116cc72f..f6dae4334b0f 100644 --- a/web/src/admin/property-mappings/BasePropertyMappingForm.ts +++ b/web/src/admin/property-mappings/BasePropertyMappingForm.ts @@ -16,7 +16,7 @@ export abstract class BasePropertyMappingForm extends string > { docLink(): string { - return "/docs/add-secure-apps/providers/property-mappings/expression?utm_source=authentik"; + return "/docs/providers/property-mappings/expression?utm_source=authentik"; } getSuccessMessage(): string { diff --git a/web/src/admin/property-mappings/PropertyMappingProviderRACForm.ts b/web/src/admin/property-mappings/PropertyMappingProviderRACForm.ts index b41b8d7e9ad4..d30d9202f577 100644 --- a/web/src/admin/property-mappings/PropertyMappingProviderRACForm.ts +++ b/web/src/admin/property-mappings/PropertyMappingProviderRACForm.ts @@ -154,7 +154,7 @@ export class PropertyMappingProviderRACForm extends BasePropertyMappingForm ${msg("See documentation for a list of all variables.")} diff --git a/web/src/admin/property-mappings/PropertyMappingSourceLDAPForm.ts b/web/src/admin/property-mappings/PropertyMappingSourceLDAPForm.ts index da7d7097e892..8ca03e9761a5 100644 --- a/web/src/admin/property-mappings/PropertyMappingSourceLDAPForm.ts +++ b/web/src/admin/property-mappings/PropertyMappingSourceLDAPForm.ts @@ -10,7 +10,7 @@ import { LDAPSourcePropertyMapping, PropertymappingsApi } from "@goauthentik/api @customElement("ak-property-mapping-source-ldap-form") export class PropertyMappingSourceLDAPForm extends BasePropertyMappingForm { docLink(): string { - return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik"; + return "/docs/sources/property-mappings/expressions?utm_source=authentik"; } loadInstance(pk: string): Promise { diff --git a/web/src/admin/property-mappings/PropertyMappingSourceOAuthForm.ts b/web/src/admin/property-mappings/PropertyMappingSourceOAuthForm.ts index e18deb6c5655..f1563e2bc19b 100644 --- a/web/src/admin/property-mappings/PropertyMappingSourceOAuthForm.ts +++ b/web/src/admin/property-mappings/PropertyMappingSourceOAuthForm.ts @@ -10,7 +10,7 @@ import { OAuthSourcePropertyMapping, PropertymappingsApi } from "@goauthentik/ap @customElement("ak-property-mapping-source-oauth-form") export class PropertyMappingSourceOAuthForm extends BasePropertyMappingForm { docLink(): string { - return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik"; + return "/docs/sources/property-mappings/expressions?utm_source=authentik"; } loadInstance(pk: string): Promise { diff --git a/web/src/admin/property-mappings/PropertyMappingSourcePlexForm.ts b/web/src/admin/property-mappings/PropertyMappingSourcePlexForm.ts index aa69294d83b8..663805694cd0 100644 --- a/web/src/admin/property-mappings/PropertyMappingSourcePlexForm.ts +++ b/web/src/admin/property-mappings/PropertyMappingSourcePlexForm.ts @@ -10,7 +10,7 @@ import { PlexSourcePropertyMapping, PropertymappingsApi } from "@goauthentik/api @customElement("ak-property-mapping-source-plex-form") export class PropertyMappingSourcePlexForm extends BasePropertyMappingForm { docLink(): string { - return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik"; + return "/docs/sources/property-mappings/expressions?utm_source=authentik"; } loadInstance(pk: string): Promise { diff --git a/web/src/admin/property-mappings/PropertyMappingSourceSAMLForm.ts b/web/src/admin/property-mappings/PropertyMappingSourceSAMLForm.ts index 1aa908cac58c..f1f703581a56 100644 --- a/web/src/admin/property-mappings/PropertyMappingSourceSAMLForm.ts +++ b/web/src/admin/property-mappings/PropertyMappingSourceSAMLForm.ts @@ -10,7 +10,7 @@ import { PropertymappingsApi, SAMLSourcePropertyMapping } from "@goauthentik/api @customElement("ak-property-mapping-source-saml-form") export class PropertyMappingSourceSAMLForm extends BasePropertyMappingForm { docLink(): string { - return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik"; + return "/docs/sources/property-mappings/expressions?utm_source=authentik"; } loadInstance(pk: string): Promise { diff --git a/web/src/admin/property-mappings/PropertyMappingSourceSCIMForm.ts b/web/src/admin/property-mappings/PropertyMappingSourceSCIMForm.ts index f840002fff62..7ff39cadfcc4 100644 --- a/web/src/admin/property-mappings/PropertyMappingSourceSCIMForm.ts +++ b/web/src/admin/property-mappings/PropertyMappingSourceSCIMForm.ts @@ -10,7 +10,7 @@ import { PropertymappingsApi, SCIMSourcePropertyMapping } from "@goauthentik/api @customElement("ak-property-mapping-source-scim-form") export class PropertyMappingSourceSCIMForm extends BasePropertyMappingForm { docLink(): string { - return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik"; + return "/docs/sources/property-mappings/expressions?utm_source=authentik"; } loadInstance(pk: string): Promise { diff --git a/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts b/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts index 6bba6b3bccc3..00f59f5931da 100644 --- a/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts +++ b/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts @@ -4,7 +4,7 @@ import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { EVENT_REFRESH } from "@goauthentik/common/constants"; import renderDescriptionList from "@goauthentik/components/DescriptionList"; import "@goauthentik/components/events/ObjectChangelog"; -import MDProviderOAuth2 from "@goauthentik/docs/add-secure-apps/providers/oauth2/index.md"; +import MDProviderOAuth2 from "@goauthentik/docs/providers/oauth2/index.md"; import { AKElement } from "@goauthentik/elements/Base"; import "@goauthentik/elements/CodeMirror"; import "@goauthentik/elements/EmptyState"; diff --git a/web/src/admin/providers/proxy/ProxyProviderViewPage.ts b/web/src/admin/providers/proxy/ProxyProviderViewPage.ts index bf68b9ba1ba1..a4336c1d36f6 100644 --- a/web/src/admin/providers/proxy/ProxyProviderViewPage.ts +++ b/web/src/admin/providers/proxy/ProxyProviderViewPage.ts @@ -6,14 +6,14 @@ import { EVENT_REFRESH } from "@goauthentik/common/constants"; import { convertToSlug } from "@goauthentik/common/utils"; import "@goauthentik/components/ak-status-label"; import "@goauthentik/components/events/ObjectChangelog"; -import MDCaddyStandalone from "@goauthentik/docs/add-secure-apps/providers/proxy/_caddy_standalone.md"; -import MDNginxIngress from "@goauthentik/docs/add-secure-apps/providers/proxy/_nginx_ingress.md"; -import MDNginxPM from "@goauthentik/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md"; -import MDNginxStandalone from "@goauthentik/docs/add-secure-apps/providers/proxy/_nginx_standalone.md"; -import MDTraefikCompose from "@goauthentik/docs/add-secure-apps/providers/proxy/_traefik_compose.md"; -import MDTraefikIngress from "@goauthentik/docs/add-secure-apps/providers/proxy/_traefik_ingress.md"; -import MDTraefikStandalone from "@goauthentik/docs/add-secure-apps/providers/proxy/_traefik_standalone.md"; -import MDHeaderAuthentication from "@goauthentik/docs/add-secure-apps/providers/proxy/header_authentication.md"; +import MDCaddyStandalone from "@goauthentik/docs/providers/proxy/_caddy_standalone.md"; +import MDNginxIngress from "@goauthentik/docs/providers/proxy/_nginx_ingress.md"; +import MDNginxPM from "@goauthentik/docs/providers/proxy/_nginx_proxy_manager.md"; +import MDNginxStandalone from "@goauthentik/docs/providers/proxy/_nginx_standalone.md"; +import MDTraefikCompose from "@goauthentik/docs/providers/proxy/_traefik_compose.md"; +import MDTraefikIngress from "@goauthentik/docs/providers/proxy/_traefik_ingress.md"; +import MDTraefikStandalone from "@goauthentik/docs/providers/proxy/_traefik_standalone.md"; +import MDHeaderAuthentication from "@goauthentik/docs/providers/proxy/header_authentication.md"; import { AKElement } from "@goauthentik/elements/Base"; import "@goauthentik/elements/CodeMirror"; import "@goauthentik/elements/Markdown"; @@ -166,7 +166,7 @@ export class ProxyProviderViewPage extends AKElement { return input; } const extHost = new URL(this.provider.externalHost); - // See website/docs/add-secure-apps/providers/proxy/forward_auth.mdx + // See website/docs/providers/proxy/forward_auth.mdx if (this.provider?.mode === ProxyMode.ForwardSingle) { return input .replaceAll("authentik.company", window.location.hostname) diff --git a/web/src/admin/providers/scim/SCIMProviderViewPage.ts b/web/src/admin/providers/scim/SCIMProviderViewPage.ts index 0af3a4807c6f..4d80a2fa99e9 100644 --- a/web/src/admin/providers/scim/SCIMProviderViewPage.ts +++ b/web/src/admin/providers/scim/SCIMProviderViewPage.ts @@ -5,7 +5,7 @@ import "@goauthentik/admin/rbac/ObjectPermissionsPage"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { EVENT_REFRESH } from "@goauthentik/common/constants"; import "@goauthentik/components/events/ObjectChangelog"; -import MDSCIMProvider from "@goauthentik/docs/add-secure-apps/providers/scim/index.md"; +import MDSCIMProvider from "@goauthentik/docs/providers/scim/index.md"; import { AKElement } from "@goauthentik/elements/Base"; import "@goauthentik/elements/Markdown"; import "@goauthentik/elements/SyncStatusCard"; diff --git a/website/.gitignore b/website/.gitignore index df1c20be4476..9fc88bc19b48 100644 --- a/website/.gitignore +++ b/website/.gitignore @@ -25,4 +25,4 @@ yarn-error.log* static/docker-compose.yml static/schema.yaml -docs/developer-docs/api/reference/** +developer-docs/api/reference/** diff --git a/website/docs/developer-docs/api/api.md b/website/developer-docs/api/api.md similarity index 100% rename from website/docs/developer-docs/api/api.md rename to website/developer-docs/api/api.md diff --git a/website/docs/developer-docs/api/clients.md b/website/developer-docs/api/clients.md similarity index 100% rename from website/docs/developer-docs/api/clients.md rename to website/developer-docs/api/clients.md diff --git a/website/docs/developer-docs/api/flow-executor.md b/website/developer-docs/api/flow-executor.md similarity index 96% rename from website/docs/developer-docs/api/flow-executor.md rename to website/developer-docs/api/flow-executor.md index bd39b2887377..afc65dc8e36a 100644 --- a/website/docs/developer-docs/api/flow-executor.md +++ b/website/developer-docs/api/flow-executor.md @@ -2,7 +2,7 @@ title: Flow executor (backend) --- -A big focus of authentik is the flows system, which allows you to combine and build complex conditional processes using stages and policies. Normally, these flows are automatically executed in the browser using authentik's [standard browser-based flow executor (/if/flows)](../../add-secure-apps/flows-stages/flow/executors/if-flow.md). +A big focus of authentik is the flows system, which allows you to combine and build complex conditional processes using stages and policies. Normally, these flows are automatically executed in the browser using authentik's [standard browser-based flow executor (/if/flows)](/docs/flow/executors/if-flow). However, any flow can be executed via an API from anywhere, in fact that is what every flow executor does. With a few requests you can execute flows from anywhere, and integrate authentik even better. diff --git a/website/docs/developer-docs/api/making-schema-changes.md b/website/developer-docs/api/making-schema-changes.md similarity index 100% rename from website/docs/developer-docs/api/making-schema-changes.md rename to website/developer-docs/api/making-schema-changes.md diff --git a/website/docs/developer-docs/api/websocket.md b/website/developer-docs/api/websocket.md similarity index 100% rename from website/docs/developer-docs/api/websocket.md rename to website/developer-docs/api/websocket.md diff --git a/website/docs/customize/blueprints/export.md b/website/developer-docs/blueprints/export.md similarity index 100% rename from website/docs/customize/blueprints/export.md rename to website/developer-docs/blueprints/export.md diff --git a/website/docs/customize/blueprints/index.md b/website/developer-docs/blueprints/index.md similarity index 100% rename from website/docs/customize/blueprints/index.md rename to website/developer-docs/blueprints/index.md diff --git a/website/docs/customize/blueprints/v1/example.md b/website/developer-docs/blueprints/v1/example.md similarity index 100% rename from website/docs/customize/blueprints/v1/example.md rename to website/developer-docs/blueprints/v1/example.md diff --git a/website/docs/customize/blueprints/v1/meta.md b/website/developer-docs/blueprints/v1/meta.md similarity index 100% rename from website/docs/customize/blueprints/v1/meta.md rename to website/developer-docs/blueprints/v1/meta.md diff --git a/website/docs/customize/blueprints/v1/models.md b/website/developer-docs/blueprints/v1/models.md similarity index 100% rename from website/docs/customize/blueprints/v1/models.md rename to website/developer-docs/blueprints/v1/models.md diff --git a/website/docs/customize/blueprints/v1/structure.md b/website/developer-docs/blueprints/v1/structure.md similarity index 100% rename from website/docs/customize/blueprints/v1/structure.md rename to website/developer-docs/blueprints/v1/structure.md diff --git a/website/docs/customize/blueprints/v1/tags.md b/website/developer-docs/blueprints/v1/tags.md similarity index 100% rename from website/docs/customize/blueprints/v1/tags.md rename to website/developer-docs/blueprints/v1/tags.md diff --git a/website/docs/developer-docs/docs/style-guide.mdx b/website/developer-docs/docs/style-guide.mdx similarity index 100% rename from website/docs/developer-docs/docs/style-guide.mdx rename to website/developer-docs/docs/style-guide.mdx diff --git a/website/docs/developer-docs/docs/templates/combo.md b/website/developer-docs/docs/templates/combo.md similarity index 100% rename from website/docs/developer-docs/docs/templates/combo.md rename to website/developer-docs/docs/templates/combo.md diff --git a/website/docs/developer-docs/docs/templates/combo.tmpl.md b/website/developer-docs/docs/templates/combo.tmpl.md similarity index 100% rename from website/docs/developer-docs/docs/templates/combo.tmpl.md rename to website/developer-docs/docs/templates/combo.tmpl.md diff --git a/website/docs/developer-docs/docs/templates/conceptual.md b/website/developer-docs/docs/templates/conceptual.md similarity index 100% rename from website/docs/developer-docs/docs/templates/conceptual.md rename to website/developer-docs/docs/templates/conceptual.md diff --git a/website/docs/developer-docs/docs/templates/conceptual.tmpl.md b/website/developer-docs/docs/templates/conceptual.tmpl.md similarity index 100% rename from website/docs/developer-docs/docs/templates/conceptual.tmpl.md rename to website/developer-docs/docs/templates/conceptual.tmpl.md diff --git a/website/docs/developer-docs/docs/templates/index.md b/website/developer-docs/docs/templates/index.md similarity index 100% rename from website/docs/developer-docs/docs/templates/index.md rename to website/developer-docs/docs/templates/index.md diff --git a/website/docs/developer-docs/docs/templates/procedural.md b/website/developer-docs/docs/templates/procedural.md similarity index 100% rename from website/docs/developer-docs/docs/templates/procedural.md rename to website/developer-docs/docs/templates/procedural.md diff --git a/website/docs/developer-docs/docs/templates/procedural.tmpl.md b/website/developer-docs/docs/templates/procedural.tmpl.md similarity index 100% rename from website/docs/developer-docs/docs/templates/procedural.tmpl.md rename to website/developer-docs/docs/templates/procedural.tmpl.md diff --git a/website/docs/developer-docs/docs/templates/reference.md b/website/developer-docs/docs/templates/reference.md similarity index 100% rename from website/docs/developer-docs/docs/templates/reference.md rename to website/developer-docs/docs/templates/reference.md diff --git a/website/docs/developer-docs/docs/templates/reference.tmpl.md b/website/developer-docs/docs/templates/reference.tmpl.md similarity index 100% rename from website/docs/developer-docs/docs/templates/reference.tmpl.md rename to website/developer-docs/docs/templates/reference.tmpl.md diff --git a/website/docs/developer-docs/docs/writing-documentation.md b/website/developer-docs/docs/writing-documentation.md similarity index 100% rename from website/docs/developer-docs/docs/writing-documentation.md rename to website/developer-docs/docs/writing-documentation.md diff --git a/website/docs/developer-docs/hackathon/horizontal-brandon-frie-rdHeGGn7rwQ-unsplash.jpg b/website/developer-docs/hackathon/horizontal-brandon-frie-rdHeGGn7rwQ-unsplash.jpg similarity index 100% rename from website/docs/developer-docs/hackathon/horizontal-brandon-frie-rdHeGGn7rwQ-unsplash.jpg rename to website/developer-docs/hackathon/horizontal-brandon-frie-rdHeGGn7rwQ-unsplash.jpg diff --git a/website/docs/developer-docs/hackathon/index.md b/website/developer-docs/hackathon/index.md similarity index 98% rename from website/docs/developer-docs/hackathon/index.md rename to website/developer-docs/hackathon/index.md index 404be80ed12a..70788205e59a 100644 --- a/website/docs/developer-docs/hackathon/index.md +++ b/website/developer-docs/hackathon/index.md @@ -4,7 +4,7 @@ title: Hackathon 2023 ![hackathon-image](./horizontal-brandon-frie-rdHeGGn7rwQ-unsplash.jpg) -**REGISTRATION NOW CLOSED. PLEASE JOIN US FOR A FUTURE AUTHENTIK HACKATHON.** +**REGISTRATION NOW CLOSED! PLEASE JOIN US FOR A FUTURE AUTHENTIK HACKATHON.** ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ diff --git a/website/docs/developer-docs/index.md b/website/developer-docs/index.md similarity index 99% rename from website/docs/developer-docs/index.md rename to website/developer-docs/index.md index 96316d4c4d7b..461aef8755c3 100644 --- a/website/docs/developer-docs/index.md +++ b/website/developer-docs/index.md @@ -1,5 +1,6 @@ --- title: Contributing to authentik +slug: / --- :+1::tada: Thanks for taking the time to contribute! :tada::+1: @@ -116,7 +117,7 @@ When you are creating an enhancement suggestion, please fill in [the template](h authentik can be run locally, all though depending on which part you want to work on, different pre-requisites are required. -This is documented in the [developer docs](./setup/frontend-dev-environment.md). +This is documented in the [developer docs](./setup/frontend-dev-environment.md) ### Help with the Docs @@ -135,13 +136,13 @@ The process described here has several goals: Please follow these steps to have your contribution considered by the maintainers: -1. Follow the [styleguides](#style-guides) +1. Follow the [styleguides](#styleguides) 2. After you submit your pull request, verify that all [status checks](https://help.github.com/articles/about-status-checks/) are passing
What if the status checks are failing?If a status check is failing, and you believe that the failure is unrelated to your change, please leave a comment on the pull request explaining why you believe the failure is unrelated. A maintainer will re-run the status check for you. If we conclude that the failure was a false positive, then we will open an issue to track that problem with our status check suite.
3. Ensure your Code has tests. While it is not always possible to test every single case, the majority of the code should be tested. While the prerequisites above must be satisfied prior to having your pull request reviewed, the reviewer(s) may ask you to complete additional design work, tests, or other changes before your pull request can be ultimately accepted. -## Style guides +## Styleguides ### PR naming diff --git a/website/docs/developer-docs/releases/index.md b/website/developer-docs/releases/index.md similarity index 100% rename from website/docs/developer-docs/releases/index.md rename to website/developer-docs/releases/index.md diff --git a/website/docs/developer-docs/setup/frontend-dev-environment.md b/website/developer-docs/setup/frontend-dev-environment.md similarity index 92% rename from website/docs/developer-docs/setup/frontend-dev-environment.md rename to website/developer-docs/setup/frontend-dev-environment.md index 770680c9a6eb..c14c10db987b 100644 --- a/website/docs/developer-docs/setup/frontend-dev-environment.md +++ b/website/developer-docs/setup/frontend-dev-environment.md @@ -16,8 +16,8 @@ Depending on platform, some native dependencies might be required. On macOS, run ### Instructions -1. Clone the git repo from https://github.com/goauthentik/authentik. -2. In the cloned repository, follow the docker-compose installation instructions [here](../../install-config/install/docker-compose). +1. Clone the git repo from https://github.com/goauthentik/authentik +2. In the cloned repository, follow the docker-compose installation instructions [here](/docs/installation/docker-compose) 3. Add the following entry to your `.env` file: ``` @@ -29,7 +29,7 @@ Depending on platform, some native dependencies might be required. On macOS, run This will cause authentik to use the beta images. -4. Add this volume mapping to your compose file. +4. Add this volume mapping to your compose file ```yaml services: diff --git a/website/docs/developer-docs/setup/full-dev-environment.md b/website/developer-docs/setup/full-dev-environment.md similarity index 100% rename from website/docs/developer-docs/setup/full-dev-environment.md rename to website/developer-docs/setup/full-dev-environment.md diff --git a/website/docs/developer-docs/setup/website-dev-environment.md b/website/developer-docs/setup/website-dev-environment.md similarity index 100% rename from website/docs/developer-docs/setup/website-dev-environment.md rename to website/developer-docs/setup/website-dev-environment.md diff --git a/website/docs/developer-docs/translation.md b/website/developer-docs/translation.md similarity index 100% rename from website/docs/developer-docs/translation.md rename to website/developer-docs/translation.md diff --git a/website/docs/add-secure-apps/flows-stages/stages/user_logout.md b/website/docs/add-secure-apps/flows-stages/stages/user_logout.md deleted file mode 100644 index 8bc469acf529..000000000000 --- a/website/docs/add-secure-apps/flows-stages/stages/user_logout.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: User logout stage ---- - -Opposite stage of [User Login Stages](./user_login/index.md). It removes the user from the current session. diff --git a/website/docs/sys-mgmt/tenancy.md b/website/docs/advanced/tenancy.md similarity index 88% rename from website/docs/sys-mgmt/tenancy.md rename to website/docs/advanced/tenancy.md index c6d825699638..de8ba6deac95 100644 --- a/website/docs/sys-mgmt/tenancy.md +++ b/website/docs/advanced/tenancy.md @@ -11,7 +11,7 @@ This feature is in alpha. Use at your own risk. :::: ::::info -This feature is available from 2024.2 and is not to be confused with [brands](../customize/brands.md), which were previously called tenants. +This feature is available from 2024.2 and is not to be confused with [brands](../core/brands.md), which were previously called tenants. :::: ## About tenants @@ -32,7 +32,7 @@ For each additional tenant (beyond the default one), one or more licenses is req A single tenant and its corresponding installation can have multiple license keys. For example, a company might purchase one license for 50 users, and then later in the same year need to buy another license for 50 more users, due to company growth. Both licenses are associated to the one installation, the one tenant. -Learn more in our documentation about [Enterprise licenses](../enterprise/manage-enterprise.md#license-management). +Learn more in our documentation about [Enterprise licenses](../enterprise/manage-enterprise#license-management). ### Important considerations @@ -42,7 +42,7 @@ Learn more in our documentation about [Enterprise licenses](../enterprise/manage - Files are isolated on a per-tenant basis, with each tenant folder named according to the schema_name. For example, `/media/t_example`. The same is true regardless of the storage backend. -- Using an [embedded outpost](../add-secure-apps/outposts/embedded/embedded.mdx) with multi-tenancy is not currently supported. Disable the embedded outpost with `AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true` configuration setting. +- Using an [embedded outpost](../outposts/embedded/embedded.mdx) with multi-tenancy is not currently supported. Disable the embedded outpost with `AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true` configuration setting. ## Usage @@ -50,7 +50,7 @@ To create one or more additional tenants (beyond the default tenant) use the fol ### 1. Configure authentik to allow multiple tenants -First, enable the multi-tenancy feature with the `AUTHENTIK_TENANTS__ENABLED=true` [configuration setting](../install-config/configuration/configuration.mdx). +First, enable the multi-tenancy feature with the `AUTHENTIK_TENANTS__ENABLED=true` [configuration setting](../installation/configuration.mdx). Next, set `AUTHENTIK_TENANTS__API_KEY` to a random string. This string will be used to authenticate to the tenancy API. This key allows the creation of recovery keys for every tenant hosted by authentik, so be sure to _store it securely_. Be aware that creating a recovery key allows access to all data stored inside a tenant. @@ -58,7 +58,7 @@ Be sure to disable the embedded outpost with `AUTHENTIK_OUTPOSTS__DISABLE_EMBEDD ### 2. Create a new tenant with authentik API endpoints -Tenants are created using the API routes associated. Search for `tenant` in the [API browser](../developer-docs/api/reference/authentik) for the available endpoints. +Tenants are created using the API routes associated. Search for `tenant` in the [API browser](/developer-docs/api/reference/authentik) for the available endpoints. When creating a tenant you must specify a `name`, used for display purposes, and a `schema_name`, used to create the PostgreSQL schema associated with the tenant. diff --git a/website/docs/add-secure-apps/applications/index.md b/website/docs/applications/index.md similarity index 93% rename from website/docs/add-secure-apps/applications/index.md rename to website/docs/applications/index.md index d67cf8206c93..5cf9e9404d36 100644 --- a/website/docs/add-secure-apps/applications/index.md +++ b/website/docs/applications/index.md @@ -22,7 +22,7 @@ Applications are displayed to users when: - The user has access defined via policies (or the application has no policies bound) - A valid Launch URL is configured/could be guessed, this consists of URLs starting with http:// and https:// -The following options can be configured: +The following aspects can be configured: - _Name_: This is the name shown for the application card - _Launch URL_: The URL that is opened when a user clicks on the application. When left empty, authentik tries to guess it based on the provider @@ -35,7 +35,7 @@ The following options can be configured: If the authentik server does not have a volume mounted under `/media`, you'll get a text input. This accepts absolute URLs. If you've mounted single files into the container, you can reference them using `https://authentik.company/media/my-file.png`. - If there is a mount under `/media` or if [S3 storage](../../install-config/storage-s3.md) is configured, you'll instead see a field to upload a file. + If there is a mount under `/media` or if [S3 storage](../installation/storage-s3.md) is configured, you'll instead see a field to upload a file. - _Publisher_: Text shown below the application - _Description_: Subtext shown on the application card below the publisher diff --git a/website/docs/add-secure-apps/applications/manage_apps.md b/website/docs/applications/manage_apps.md similarity index 100% rename from website/docs/add-secure-apps/applications/manage_apps.md rename to website/docs/applications/manage_apps.md diff --git a/website/docs/core/architecture.md b/website/docs/core/architecture.md index f663db2389d2..078279afecae 100644 --- a/website/docs/core/architecture.md +++ b/website/docs/core/architecture.md @@ -25,7 +25,7 @@ The core sub-component handles most of authentik's logic, such as API requests, #### Embedded outpost -Similar to [other outposts](../add-secure-apps/outposts/index.mdx), this outpost allows using [Proxy providers](../add-secure-apps/providers/proxy/index.md) without deploying a separate outpost. +Similar to [other outposts](../outposts/index.mdx), this outpost allows using [Proxy providers](../providers/proxy/index.md) without deploying a separate outpost. #### Persistence @@ -37,8 +37,8 @@ This container executes background tasks, such as sending emails, the event noti #### Persistence -- `/certs` is used for authentik to import external certs, which in most cases shouldn't be used for SAML, but rather if you use authentik without a reverse proxy, this can be used for example for the [Let's Encrypt integration](../sys-mgmt/certificates.md#lets-encrypt) -- `/templates` is used for [custom email templates](../add-secure-apps/flows-stages/stages/email/index.mdx#custom-templates), and as with the other ones fully optional +- `/certs` is used for authentik to import external certs, which in most cases shouldn't be used for SAML, but rather if you use authentik without a reverse proxy, this can be used for example for the [Let's Encrypt integration](../core/certificates.md#lets-encrypt) +- `/templates` is used for [custom email templates](../flow/stages/email/index.mdx#custom-templates), and as with the other ones fully optional ### PostgreSQL diff --git a/website/docs/customize/brands.md b/website/docs/core/brands.md similarity index 100% rename from website/docs/customize/brands.md rename to website/docs/core/brands.md diff --git a/website/docs/sys-mgmt/certificates.md b/website/docs/core/certificates.md similarity index 100% rename from website/docs/sys-mgmt/certificates.md rename to website/docs/core/certificates.md diff --git a/website/docs/install-config/geoip.mdx b/website/docs/core/geoip.mdx similarity index 96% rename from website/docs/install-config/geoip.mdx rename to website/docs/core/geoip.mdx index 79ad9b9a5fc4..62156dc906a0 100644 --- a/website/docs/install-config/geoip.mdx +++ b/website/docs/core/geoip.mdx @@ -1,6 +1,6 @@ # GeoIP -authentik supports GeoIP to add additional information to login/authorization/enrollment requests. Additionally, a [GeoIP policy](../customize/policies/index.md#geoip-policy) can be used to make policy decisions based on the lookup result. +authentik supports GeoIP to add additional information to login/authorization/enrollment requests. Additionally, a [GeoIP policy](../policies/#geoip-policy) can be used to make policy decisions based on the lookup result. ### Configuration diff --git a/website/docs/sys-mgmt/settings.md b/website/docs/core/settings.md similarity index 85% rename from website/docs/sys-mgmt/settings.md rename to website/docs/core/settings.md index 0c794590958c..a7a5ed071505 100644 --- a/website/docs/sys-mgmt/settings.md +++ b/website/docs/core/settings.md @@ -2,7 +2,7 @@ title: System Settings --- -These settings are similar to the configuration options listed [here](../install-config/configuration/configuration.mdx), however they can only be adjusted through the authentik Admin interface or API. +These settings are similar to the configuration options listed [here](../installation/configuration.mdx), however they can only be adjusted through the authentik Admin interface or API. ### Avatars @@ -39,7 +39,7 @@ Enable the ability for users to change their Usernames, defaults to `false`. ### Event retention -Configure how long [Events](./events/index.md) are retained for within authentik. Default value is `days=365`. When forwarding events to an external application, this value can be decreased. When changing this value, only new events are affected. +Configure how long [Events](../events/index.md) are retained for within authentik. Default value is `days=365`. When forwarding events to an external application, this value can be decreased. When changing this value, only new events are affected. ### Footer links diff --git a/website/docs/core/terminology.md b/website/docs/core/terminology.md index 6ffe3b79c159..61ba65619a4e 100644 --- a/website/docs/core/terminology.md +++ b/website/docs/core/terminology.md @@ -45,7 +45,7 @@ A Provider is a way for other applications to authenticate against authentik. Co At a base level a policy is a yes/no gate. It will either evaluate to True or False depending on the Policy Kind and settings. For example, a "Group Membership Policy" evaluates to True if the user is member of the specified Group and False if not. This can be used to conditionally apply Stages, grant/deny access to various objects, and for other custom logic. -See [Policies](../customize/policies/index.md) +See [Policies](../policies/index.md) ### Flows & Stages @@ -57,19 +57,19 @@ A stage represents a single verification or logic step. They are used to authent Certain use cases within authentik add steps that are run as part of a flow. These steps are a special type of stage called the "Dynamic in-memory" stage, as they are added to flows dynamically when required, only exist in memory, and are thus not configurable by administrators. -See [Flows](../add-secure-apps/flows-stages/flow/index.md) +See [Flows](../flow/index.md) ### Property Mappings Property Mappings allow you to make information available for external applications, and to modify how information from sources are stored in authentik. For example, if you want to log in to AWS with authentik, you'd use property mappings to set the user's roles in AWS based on their group memberships in authentik. -See [Providers Property Mappings](../add-secure-apps/providers/property-mappings/index.md) and [Source Property Mappings](../users-sources/sources/property-mappings/index.md). +See [Providers Property Mappings](../providers/property-mappings/index.md) and [Source Property Mappings](../sources/property-mappings/index.md). ### Outpost An outpost is a separate component of authentik, which can be deployed anywhere, regardless of the authentik deployment. The outpost offers services that aren't implemented directly into the authentik core, e.g. Reverse Proxying. -See [Outposts](../add-secure-apps/outposts/index.mdx) +See [Outposts](../outposts/index.mdx) ### System tasks diff --git a/website/docs/enterprise/get-started.md b/website/docs/enterprise/get-started.md index c4b4d2a3d665..b3c6470d801b 100644 --- a/website/docs/enterprise/get-started.md +++ b/website/docs/enterprise/get-started.md @@ -6,12 +6,12 @@ Installing authentik is exactly the same process for both Enterprise version and ## Install Enterprise -To get started working with Enterprise authentik, [upgrade](../install-config/upgrade.mdx) to the [2023.8.x](../releases) version or later. +To get started working with Enterprise authentik, [upgrade](../installation/upgrade.mdx) to the [2023.8.x](../releases) version or later. -If this is a fresh install, refer to our [technical documentation](../install-config/index.mdx) for instructions to install and configure authentik. +If this is a fresh install, refer to our [technical documentation](../installation/index.mdx) for instructions to install and configure authentik. -- [Docker Compose installation](../install-config/install/docker-compose.mdx) -- [Kubernetes installation](../install-config/install/kubernetes.md) +- [Docker Compose installation](../installation/docker-compose.mdx) +- [Kubernetes installation](../installation/kubernetes.md) ## Access Enterprise diff --git a/website/docs/enterprise/manage-enterprise.md b/website/docs/enterprise/manage-enterprise.md index 38729c7783ca..97ad247b1dd0 100644 --- a/website/docs/enterprise/manage-enterprise.md +++ b/website/docs/enterprise/manage-enterprise.md @@ -8,7 +8,7 @@ Your organization defines the members, their roles, the licenses associated with ### Create an Organization -1. To create a new organization, log in to the [Customer portal](./get-started.md#access-enterprise). +1. To create a new organization, log in to the [Customer portal](./get-started#access-enterprise). 2. On the **My organizations** page, click **Create an organization**. @@ -27,7 +27,7 @@ In the Customer portal you can remove members and invite new members to the orga - **Member**: can view licenses, including the license key. - **Owner**: can do everything the Member role can do, plus: add and remove members, order and renew licenses, and edit the organization. -1. To manage membership in an organization, log in to the [Customer portal](./get-started.md#access-enterprise). +1. To manage membership in an organization, log in to the [Customer portal](./get-started#access-enterprise). 2. On the **My organizations** page, click the name of the organization you want to edit membership in. @@ -107,7 +107,7 @@ The following events occur when a license expires or the internal/external user License usage is calculated based on total user counts that authentik regularly captures. This data is checked against all valid licenses, and the sum total of all users. Internal and external users are counted based on the number of active users of the respective type saved in authentik. Service account users are not counted towards the license. -An **internal** user is typically a team member, such as a company employee, who has access to the full Enterprise feature set. An **external** user might be an external consultant, a volunteer in a charitable site, or a B2C customer who logged onto your website to shop. External users don't get access to Enterprise features, nor to the **My applications** page in authentik. Instead, external users are authenticated and then redirected to log directly into their [default application](../customize/brands.md#external-user-settings). +An **internal** user is typically a team member, such as a company employee, who has access to the full Enterprise feature set. An **external** user might be an external consultant, a volunteer in a charitable site, or a B2C customer who logged onto your website to shop. External users don't get access to Enterprise features, nor to the **My applications** page in authentik. Instead, external users are authenticated and then redirected to log directly into their [default application](../core/brands.md#external-user-settings). ### Upgrade the number of users in a license diff --git a/website/docs/sys-mgmt/events/event_matcher.png b/website/docs/events/event_matcher.png similarity index 100% rename from website/docs/sys-mgmt/events/event_matcher.png rename to website/docs/events/event_matcher.png diff --git a/website/docs/sys-mgmt/events/index.md b/website/docs/events/index.md similarity index 100% rename from website/docs/sys-mgmt/events/index.md rename to website/docs/events/index.md diff --git a/website/docs/sys-mgmt/events/notifications.md b/website/docs/events/notifications.md similarity index 94% rename from website/docs/sys-mgmt/events/notifications.md rename to website/docs/events/notifications.md index 93dc8f605f47..40b4c55d743e 100644 --- a/website/docs/sys-mgmt/events/notifications.md +++ b/website/docs/events/notifications.md @@ -36,6 +36,6 @@ Before authentik 2023.5, when no group is selected, policies bound to the rule a ::: You also have to select which transports should be used to send the notification. -A transport with the name "default-email-transport" is created by default. This transport will use the [global email configuration](../../install-config/install/docker-compose.mdx#email-configuration-optional-but-recommended). +A transport with the name "default-email-transport" is created by default. This transport will use the [global email configuration](../installation/docker-compose#email-configuration-optional-but-recommended). Starting with authentik 2022.6, a new default transport will be created. This is because notifications are no longer created by default, they are now a transport method instead. This allows for better customization of the notification before it is created. diff --git a/website/docs/sys-mgmt/events/transports.md b/website/docs/events/transports.md similarity index 88% rename from website/docs/sys-mgmt/events/transports.md rename to website/docs/events/transports.md index 533c6fdba5d3..58f543a3712a 100644 --- a/website/docs/sys-mgmt/events/transports.md +++ b/website/docs/events/transports.md @@ -2,7 +2,7 @@ title: Transports --- -Notifications can be sent to users via multiple mediums. By default, the [global email configuration](../../install-config/install/docker-compose.mdx#email-configuration-optional-but-recommended) will be used. +Notifications can be sent to users via multiple mediums. By default, the [global email configuration](../installation/docker-compose#email-configuration-optional-but-recommended) will be used. ## Generic Webhook diff --git a/website/docs/expressions/_functions.md b/website/docs/expressions/_functions.md index d065cc2a1e26..dc934a101f31 100644 --- a/website/docs/expressions/_functions.md +++ b/website/docs/expressions/_functions.md @@ -62,7 +62,7 @@ return ak_is_group_member(request.user, name="test_group") Fetch a user matching `**filters`. -Returns "None" if no user was found, otherwise returns the [User](/docs/users-sources/user) object. +Returns "None" if no user was found, otherwise returns the [User](/docs/user-group-role/user) object. Example: diff --git a/website/docs/expressions/_user.md b/website/docs/expressions/_user.md index 691cf712aa22..f38484bae282 100644 --- a/website/docs/expressions/_user.md +++ b/website/docs/expressions/_user.md @@ -1,4 +1,4 @@ -- `user`: The current user. This may be `None` if there is no contextual user. See [User](../users-sources/user/user_ref.md#object-properties). +- `user`: The current user. This may be `None` if there is no contextual user. See [User](../user-group-role/user/user_ref.md#object-properties). Example: diff --git a/website/docs/add-secure-apps/flows-stages/flow/context/index.md b/website/docs/flow/context/index.md similarity index 77% rename from website/docs/add-secure-apps/flows-stages/flow/context/index.md rename to website/docs/flow/context/index.md index 55fd7c186f59..b6c79415fb8c 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/context/index.md +++ b/website/docs/flow/context/index.md @@ -22,15 +22,15 @@ Keys prefixed with `goauthentik.io` are used internally by authentik and are sub ### Common keys -#### `pending_user` ([User object](../../../../users-sources/user/user_ref.md#object-properties)) +#### `pending_user` ([User object](../../user-group-role/user/user_ref.md#object-properties)) -`pending_user` is used by multiple stages. In the context of most flow executions, it represents the data of the user that is executing the flow. This value is not set automatically, it is set via the [Identification stage](../../stages/identification/index.md). +`pending_user` is used by multiple stages. In the context of most flow executions, it represents the data of the user that is executing the flow. This value is not set automatically, it is set via the [Identification stage](../stages/identification/). -Stages that require a user, such as the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.md) and others will use this value if it is set, and fallback to the request's users when possible. +Stages that require a user, such as the [Password stage](../stages/password/), the [Authenticator validation stage](../stages/authenticator_validate/) and others will use this value if it is set, and fallback to the request's users when possible. #### `prompt_data` (Dictionary) -`prompt_data` is primarily used by the [Prompt stage](../../stages/prompt/index.md). The value of any field within a prompt stage is written to the `prompt_data` dictionary. For example, given a field with the _Field key_ `email` that was submitted with the value `foo@bar.baz` will result in the following context: +`prompt_data` is primarily used by the [Prompt stage](../stages/prompt/). The value of any field within a prompt stage is written to the `prompt_data` dictionary. For example, given a field with the _Field key_ `email` that was submitted with the value `foo@bar.baz` will result in the following context: ```json { @@ -40,7 +40,7 @@ Stages that require a user, such as the [Password stage](../../stages/password/i } ``` -This data can be modified with policies. The data is also used by stages like [User write](../../stages/user_write.md), which takes data in `prompt_data` and writes it to `pending_user`. +This data can be modified with policies. The data is also used by stages like [User write](../stages/user_write.md), which takes data in `prompt_data` and writes it to `pending_user`. #### `redirect` (string) @@ -62,7 +62,7 @@ When a user authenticates/enrolls via an external source, this will be set to th #### `outpost` (dictionary) authentik 2024.10+ -When a flow is executed by an Outpost (for example the [LDAP](../../../providers/ldap/index.md) or [RADIUS](../../../providers/radius/index.mdx)), this will be set to a dictionary containing the Outpost instance under the key `"instance"`. +When a flow is executed by an Outpost (for example the [LDAP](../../providers/ldap/index.md) or [RADIUS](../../providers/radius/index.mdx)), this will be set to a dictionary containing the Outpost instance under the key `"instance"`. ### Scenario-specific keys @@ -72,7 +72,7 @@ Set to `True` when the flow is executed from an "SSO" context. For example, this #### `is_restored` (Token object) -Set when a flow execution is continued from a token. This happens for example when an [Email stage](../../stages/email/index.mdx) is used and the user clicks on the link within the email. The token object contains the key that was used to restore the flow execution. +Set when a flow execution is continued from a token. This happens for example when an [Email stage](../stages/email/index.mdx) is used and the user clicks on the link within the email. The token object contains the key that was used to restore the flow execution. ### Stage-specific keys @@ -118,9 +118,9 @@ Optionally overwrite the deny message shown, has a higher priority than the mess #### User write stage -##### `groups` (List of [Group objects](../../../../users-sources/groups/index.mdx)) +##### `groups` (List of [Group objects](../../user-group-role/groups/index.mdx)) -See [Group](../../../../users-sources/groups/index.mdx). If set in the flow context, the `pending_user` will be added to all the groups in this list. +See [Group](../../user-group-role/groups/index.mdx). If set in the flow context, the `pending_user` will be added to all the groups in this list. If set, this must be a list of group objects and not group names. @@ -136,11 +136,11 @@ Type the `pending_user` will be created as. Must be one of `internal`, `external ##### `user_backend` (string) -Set by the [Password stage](../../stages/password/index.md) after successfully authenticating in the user. Contains a dot-notation to the authentication backend that was used to successfully authenticate the user. +Set by the [Password stage](../stages/password/index.md) after successfully authenticating in the user. Contains a dot-notation to the authentication backend that was used to successfully authenticate the user. ##### `auth_method` (string) -Set by the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.md), the [OAuth2 Provider](../../../providers/oauth2/index.md), and the API authentication depending on which method was used to authenticate. +Set by the [Password stage](../stages/password/index.md), the [Authenticator validation stage](../stages/authenticator_validate/index.md), the [OAuth2 Provider](../../providers/oauth2/index.md), and the API authentication depending on which method was used to authenticate. Possible options: @@ -149,7 +149,7 @@ Possible options: - `ldap` (Authenticated via LDAP bind from an LDAP source) - `auth_mfa` (Authentication via MFA device without password) - `auth_webauthn_pwl` (Passwordless authentication via WebAuthn) -- `jwt` ([M2M](../../../providers/oauth2/client_credentials.md) authentication via an existing JWT) +- `jwt` ([M2M](../../providers/oauth2/client_credentials.md) authentication via an existing JWT) ##### `auth_method_args` (dictionary) diff --git a/website/docs/add-secure-apps/flows-stages/flow/create-flow.png b/website/docs/flow/create-flow.png similarity index 100% rename from website/docs/add-secure-apps/flows-stages/flow/create-flow.png rename to website/docs/flow/create-flow.png diff --git a/website/docs/add-secure-apps/flows-stages/flow/examples/flows.md b/website/docs/flow/examples/flows.md similarity index 100% rename from website/docs/add-secure-apps/flows-stages/flow/examples/flows.md rename to website/docs/flow/examples/flows.md diff --git a/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.md b/website/docs/flow/examples/snippets.md similarity index 100% rename from website/docs/add-secure-apps/flows-stages/flow/examples/snippets.md rename to website/docs/flow/examples/snippets.md diff --git a/website/docs/add-secure-apps/flows-stages/flow/executors/headless.md b/website/docs/flow/executors/headless.md similarity index 51% rename from website/docs/add-secure-apps/flows-stages/flow/executors/headless.md rename to website/docs/flow/executors/headless.md index abbf6f19ddd4..b0bb7051d133 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/executors/headless.md +++ b/website/docs/flow/executors/headless.md @@ -6,6 +6,6 @@ The headless flow executor is used by clients that don't have access to the web The following stages are supported: -- [**Identification stage**](../../stages/identification/index.md) -- [**Password stage**](../../stages/password/index.md) -- [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.md) +- [**Identification stage**](../stages/identification/) +- [**Password stage**](../stages/password/) +- [**Authenticator Validation Stage**](../stages/authenticator_validate/) diff --git a/website/docs/add-secure-apps/flows-stages/flow/executors/if-flow.md b/website/docs/flow/executors/if-flow.md similarity index 55% rename from website/docs/add-secure-apps/flows-stages/flow/executors/if-flow.md rename to website/docs/flow/executors/if-flow.md index 20419a1a67e9..442bd8064671 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/executors/if-flow.md +++ b/website/docs/flow/executors/if-flow.md @@ -5,5 +5,5 @@ title: Default This is the default, web-based environment that flows are executed in. All stages are compatible with this environment and no limitations are imposed. :::info -All flow executors use the same [API](../../../../developer-docs/api/flow-executor.md), which allows for the implementation of custom flow executors. +All flow executors use the same [API](../../../developer-docs/api/flow-executor), which allows for the implementation of custom flow executors. ::: diff --git a/website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md b/website/docs/flow/executors/sfe.md similarity index 79% rename from website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md rename to website/docs/flow/executors/sfe.md index fa1b7d976069..c68ec6eac9a9 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md +++ b/website/docs/flow/executors/sfe.md @@ -13,14 +13,14 @@ Currently this flow executor is automatically used for the following browsers: The following stages are supported: -- [**Identification stage**](../../stages/identification/index.md) +- [**Identification stage**](../stages/identification/) :::info Only user identifier and user identifier + password stage configurations are supported; sources and passwordless configurations are not supported. ::: -- [**Password stage**](../../stages/password/index.md) -- [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.md) +- [**Password stage**](../stages/password/) +- [**Authenticator Validation Stage**](../stages/authenticator_validate/) Compared to the [default flow executor](./if-flow.md), this flow executor does _not_ support the following features: diff --git a/website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md b/website/docs/flow/executors/user-settings.md similarity index 93% rename from website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md rename to website/docs/flow/executors/user-settings.md index a3efe8b0a14e..4771401dcd0e 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md +++ b/website/docs/flow/executors/user-settings.md @@ -10,4 +10,4 @@ The user interface (/if/user/) uses a specialized flow executor to allow individ Because the stages in a flow can change during its execution, be awre that configuring this executor to use any stage type other than Prompt or User Write will automatically trigger a redirect to the standard executor. -An admin can customize which fields can be changed by the user by updating the default-user-settings-flow, or copying it to create a new flow with a Prompt Stage and a User Write Stage. Different variants of your flow can be applied to different [Brands](../../../../customize/brands.md) on the same authentik instance. +An admin can customize which fields can be changed by the user by updating the default-user-settings-flow, or copying it to create a new flow with a Prompt Stage and a User Write Stage. Different variants of your flow can be applied to different [Brands](../../core/brands.md) on the same authentik instance. diff --git a/website/docs/add-secure-apps/flows-stages/flow/flow-inspector.png b/website/docs/flow/flow-inspector.png similarity index 100% rename from website/docs/add-secure-apps/flows-stages/flow/flow-inspector.png rename to website/docs/flow/flow-inspector.png diff --git a/website/docs/add-secure-apps/flows-stages/flow/index.md b/website/docs/flow/index.md similarity index 75% rename from website/docs/add-secure-apps/flows-stages/flow/index.md rename to website/docs/flow/index.md index 6bfc125f145b..d36a87dbb889 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/index.md +++ b/website/docs/flow/index.md @@ -2,7 +2,7 @@ title: Flows --- -Flows are a major component in authentik. In conjunction with stages and [policies](../../../customize/policies/index.md), flows are at the heart of our system of building blocks, used to define and execute the workflows of authentication, authorization, enrollment, and user settings. +Flows are a major component in authentik. In conjunction with stages and [policies](../policies/index.md), flows are at the heart of our system of building blocks, used to define and execute the workflows of authentication, authorization, enrollment, and user settings. There are over a dozen default, out-of-the box flows available in authentik. Users can decide if they already have everything they need with the default flows or if they want to [create](#create-a-custom-flow) their own custom flow, using the Admin interface. @@ -20,13 +20,13 @@ When these stages are successfully completed, authentik logs in the user. By default, policies are evaluated dynamically, right before the stage (to which a policy is bound) is presented to the user. This flexibility allows the login process to continue, change, or stop, based on the success or failure of each policy. -This default behaviour can be altered by enabling the **Evaluate when flow is planned** option on the stage binding. With this setting a _flow plan_ containing all stages is generated upon flow execution. This means that all attached policies are evaluated upon execution. For more information about flow plans, read our [flow context documentation](./context/index.md). +This default behaviour can be altered by enabling the **Evaluate when flow is planned** option on the stage binding. With this setting a _flow plan_ containing all stages is generated upon flow execution. This means that all attached policies are evaluated upon execution. For more information about flow plans, read our [flow context documentation](../flow/context/index.md). -To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../../../customize/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used. +To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../core/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used. ## Permissions -Flows can have [policies](../stages/index.md) assigned to them. These policies determine if the current user is allowed to see and use this flow. +Flows can have [policies](../flow/stages/index.md) assigned to them. These policies determine if the current user is allowed to see and use this flow. Keep in mind that in certain circumstances, policies cannot match against users and groups as there is no authenticated user yet. @@ -46,9 +46,9 @@ To create a flow, follow these steps: 2. In the Admin interface, navigate to **Flows and Stages -> Flows**. 3. Click **Create**, define the flow using the [configuration settings](#flow-configuration-options) described below, and then click **Finish**. -After creating the flow, you can then [bind specific stages](../stages/index.md#bind-a-stage-to-a-flow) to the flow and [bind policies](../../../customize/policies/working_with_policies/working_with_policies.md) to the flow to further customize the user's log in and authentication process. +After creating the flow, you can then [bind specific stages](../flow/stages/index.md#bind-a-stage-to-a-flow) to the flow and [bind policies](../policies/working_with_policies/working_with_policies.md) to the flow to further customize the user's log in and authentication process. -To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../../../customize/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used. +To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../core/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used. ## Flow configuration options @@ -64,17 +64,17 @@ When creating or editing a flow in the UI of the Admin interface, you can set th **Designation**: Flows are designated for a single purpose. This designation changes when a flow is used. The following designations are available: -- **Authentication**: this option designates a flow to be used for authentication. The authentication flow should always contain a [**User Login**](../stages/user_login/index.md) stage, which attaches the staged user to the current session. +- **Authentication**: this option designates a flow to be used for authentication. The authentication flow should always contain a [**User Login**](stages/user_login/index.md) stage, which attaches the staged user to the current session. - **Authorization**: designates a flow to be used for authorization. The authorization flow `default-provider-authorization-explicit-consent` should always contain a consent stage. -- **Invalidation**: designates a flow to be used to invalidate a session. This flow should always contain a [**User Logout**](../stages/user_logout.md) stage, which resets the current session. +- **Invalidation**: designates a flow to be used to invalidate a session. This flow should always contain a [**User Logout**](stages/user_logout.md) stage, which resets the current session. -- **Enrollment**: designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**email**](../stages/email/index.mdx) or [**captcha**](../stages/captcha/index.md). At the end, to create the user, you can use the [**user_write**](../stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one. +- **Enrollment**: designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). At the end, to create the user, you can use the [**user_write**](stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one. -- **Unenrollment**: designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](../stages/email/index.mdx) or [**captcha**](../stages/captcha/index.md). As a final stage, to delete the account, use the [**user_delete**](../stages/user_delete.md) stage. +- **Unenrollment**: designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). As a final stage, to delete the account, use the [**user_delete**](stages/user_delete.md) stage. -- **Recovery**: designates a flow for recovery. This flow normally contains an [**identification**](../stages/identification/index.md) stage to find the user. It can also contain any amount of verification stages, such as [**email**](../stages/email/index.mdx) or [**captcha**](../stages/captcha/index.md). Afterwards, use the [**prompt**](../stages/prompt/index.md) stage to ask the user for a new password and the [**user_write**](../stages/user_write.md) stage to update the password. +- **Recovery**: designates a flow for recovery. This flow normally contains an [**identification**](stages/identification/) stage to find the user. It can also contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). Afterwards, use the [**prompt**](stages/prompt/) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password. - **Stage configuration**: designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure Factors, like change a password and setup TOTP. diff --git a/website/docs/add-secure-apps/flows-stages/flow/inspector.md b/website/docs/flow/inspector.md similarity index 92% rename from website/docs/add-secure-apps/flows-stages/flow/inspector.md rename to website/docs/flow/inspector.md index 7b78831536dd..fc848017c78c 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/inspector.md +++ b/website/docs/flow/inspector.md @@ -2,7 +2,7 @@ title: Flow Inspector --- -The flow inspector, introduced in 2021.10, allows administrators to visually determine how custom flows work, inspect the current [flow context](./context/index.md), and investigate issues. +The flow inspector, introduced in 2021.10, allows administrators to visually determine how custom flows work, inspect the current [flow context](../flow/context/index.md), and investigate issues. As shown in the screenshot below, the flow inspector displays next to the selected flow (in this case, "Change Password"), with [information](#flow-inspector-details) about that specific flow and flow context. @@ -11,12 +11,12 @@ As shown in the screenshot below, the flow inspector displays next to the select ## Access the Flow Inspector :::info -Be aware that when running a flow with the inspector enabled, the flow is still executed normally. This means that for example, a [User write](../stages/user_write.md) stage _will_ write user data. +Be aware that when running a flow with the inspector enabled, the flow is still executed normally. This means that for example, a [User write](../flow/stages/user_write.md) stage _will_ write user data. ::: ### Permissions and debug mode -By default, the inspector is only enabled when the currently authenticated user is a superuser, OR if a user has been granted the [permission](../../../users-sources/access-control/permissions.md) **Can inspect a Flow's execution** (or is a user assigned to role with the permission). +By default, the inspector is only enabled when the currently authenticated user is a superuser, OR if a user has been granted the [permission](../user-group-role/access-control/permissions.md) **Can inspect a Flow's execution** (or is a user assigned to role with the permission). When developing authentik with the debug mode enabled, the inspector is enabled by default and can be accessed by both unauthenticated users and standard users. However the debug mode should only be used for the development of authentik. So unless you are a developer and need the more verbose error information, the best practice for using the flow inspector is to assign the permission, not use debug mode. diff --git a/website/docs/add-secure-apps/flows-stages/flow/layouts.md b/website/docs/flow/layouts.md similarity index 100% rename from website/docs/add-secure-apps/flows-stages/flow/layouts.md rename to website/docs/flow/layouts.md diff --git a/website/docs/add-secure-apps/flows-stages/flow/layouts/content_left.png b/website/docs/flow/layouts/content_left.png similarity index 100% rename from website/docs/add-secure-apps/flows-stages/flow/layouts/content_left.png rename to website/docs/flow/layouts/content_left.png diff --git a/website/docs/add-secure-apps/flows-stages/flow/layouts/content_right.png b/website/docs/flow/layouts/content_right.png similarity index 100% rename from website/docs/add-secure-apps/flows-stages/flow/layouts/content_right.png rename to website/docs/flow/layouts/content_right.png diff --git a/website/docs/add-secure-apps/flows-stages/flow/layouts/sidebar_left.png b/website/docs/flow/layouts/sidebar_left.png similarity index 100% rename from website/docs/add-secure-apps/flows-stages/flow/layouts/sidebar_left.png rename to website/docs/flow/layouts/sidebar_left.png diff --git a/website/docs/add-secure-apps/flows-stages/flow/layouts/sidebar_right.png b/website/docs/flow/layouts/sidebar_right.png similarity index 100% rename from website/docs/add-secure-apps/flows-stages/flow/layouts/sidebar_right.png rename to website/docs/flow/layouts/sidebar_right.png diff --git a/website/docs/add-secure-apps/flows-stages/flow/layouts/stacked.png b/website/docs/flow/layouts/stacked.png similarity index 100% rename from website/docs/add-secure-apps/flows-stages/flow/layouts/stacked.png rename to website/docs/flow/layouts/stacked.png diff --git a/website/docs/add-secure-apps/flows-stages/flow/simple_stages.png b/website/docs/flow/simple_stages.png similarity index 100% rename from website/docs/add-secure-apps/flows-stages/flow/simple_stages.png rename to website/docs/flow/simple_stages.png diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.md b/website/docs/flow/stages/authenticator_duo/index.md similarity index 100% rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.md rename to website/docs/flow/stages/authenticator_duo/index.md diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.md b/website/docs/flow/stages/authenticator_sms/index.md similarity index 99% rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.md rename to website/docs/flow/stages/authenticator_sms/index.md index e78d02481d0d..b9d785769598 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.md +++ b/website/docs/flow/stages/authenticator_sms/index.md @@ -48,7 +48,7 @@ return { ## Verify only authentik 2022.6+ -To only verify the validity of a users' phone number, without saving it in an easily accessible way, you can enable this option. Phone numbers from devices enrolled through this stage will only have their hashed phone number saved. These devices can also not be used with the [Authenticator validation](../authenticator_validate/index.md) stage. +To only verify the validity of a users' phone number, without saving it in an easily accessible way, you can enable this option. Phone numbers from devices enrolled through this stage will only have their hashed phone number saved. These devices can also not be used with the [Authenticator validation](../authenticator_validate/) stage. ## Limiting phone numbers diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_static/index.md b/website/docs/flow/stages/authenticator_static/index.md similarity index 100% rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_static/index.md rename to website/docs/flow/stages/authenticator_static/index.md diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_totp/index.md b/website/docs/flow/stages/authenticator_totp/index.md similarity index 100% rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_totp/index.md rename to website/docs/flow/stages/authenticator_totp/index.md diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md b/website/docs/flow/stages/authenticator_validate/index.md similarity index 91% rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md rename to website/docs/flow/stages/authenticator_validate/index.md index 907a967e1907..bc5e1aa45a15 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md +++ b/website/docs/flow/stages/authenticator_validate/index.md @@ -4,11 +4,11 @@ title: Authenticator validation stage This stage validates an already configured Authenticator Device. This device has to be configured using any of the other authenticator stages: -- [Duo authenticator stage](../authenticator_duo/index.md) -- [SMS authenticator stage](../authenticator_sms/index.md). -- [Static authenticator stage](../authenticator_static/index.md). -- [TOTP authenticator stage](../authenticator_totp/index.md) -- [WebAuth authenticator stage](../authenticator_webauthn/index.md). +- [Duo authenticator stage](../authenticator_duo/) +- [SMS authenticator stage](../authenticator_sms/). +- [Static authenticator stage](../authenticator_static/). +- [TOTP authenticator stage](../authenticator_totp/) +- [WebAuth authenticator stage](../authenticator_webauthn/). You can select which type of device classes are allowed. diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md b/website/docs/flow/stages/authenticator_webauthn/index.md similarity index 100% rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md rename to website/docs/flow/stages/authenticator_webauthn/index.md diff --git a/website/docs/add-secure-apps/flows-stages/stages/captcha/captcha-admin.png b/website/docs/flow/stages/captcha/captcha-admin.png similarity index 100% rename from website/docs/add-secure-apps/flows-stages/stages/captcha/captcha-admin.png rename to website/docs/flow/stages/captcha/captcha-admin.png diff --git a/website/docs/add-secure-apps/flows-stages/stages/captcha/index.md b/website/docs/flow/stages/captcha/index.md similarity index 98% rename from website/docs/add-secure-apps/flows-stages/stages/captcha/index.md rename to website/docs/flow/stages/captcha/index.md index ed75f9119804..6dcfb6c91d3f 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/captcha/index.md +++ b/website/docs/flow/stages/captcha/index.md @@ -14,7 +14,7 @@ This stage adds a form of verification using [Google's ReCaptcha](https://www.go This stage has two required fields: Public key and private key. These can both be acquired at https://www.google.com/recaptcha/admin. -![](./captcha-admin.png) +![](captcha-admin.png) #### Configuration options diff --git a/website/docs/add-secure-apps/flows-stages/stages/deny.md b/website/docs/flow/stages/deny.md similarity index 100% rename from website/docs/add-secure-apps/flows-stages/stages/deny.md rename to website/docs/flow/stages/deny.md diff --git a/website/docs/add-secure-apps/flows-stages/stages/email/custom_template.png b/website/docs/flow/stages/email/custom_template.png similarity index 100% rename from website/docs/add-secure-apps/flows-stages/stages/email/custom_template.png rename to website/docs/flow/stages/email/custom_template.png diff --git a/website/docs/add-secure-apps/flows-stages/stages/email/email_recovery.png b/website/docs/flow/stages/email/email_recovery.png similarity index 100% rename from website/docs/add-secure-apps/flows-stages/stages/email/email_recovery.png rename to website/docs/flow/stages/email/email_recovery.png diff --git a/website/docs/add-secure-apps/flows-stages/stages/email/index.mdx b/website/docs/flow/stages/email/index.mdx similarity index 99% rename from website/docs/add-secure-apps/flows-stages/stages/email/index.mdx rename to website/docs/flow/stages/email/index.mdx index 63f84fdadeea..c76bb6731e26 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/email/index.mdx +++ b/website/docs/flow/stages/email/index.mdx @@ -4,7 +4,7 @@ title: Email stage This stage can be used for email verification. authentik's background worker will send an email using the specified connection details. When an email can't be delivered, delivery is automatically retried periodically. -![](./email_recovery.png) +![](email_recovery.png) ## Behaviour @@ -75,7 +75,7 @@ volumeMounts: If you've add the line and created a file, and can't see if, check the worker logs using `docker compose logs -f worker` or `kubectl logs -f deployment/authentik-worker`. ::: -![](./custom_template.png) +![](custom_template.png) ### Example template diff --git a/website/docs/add-secure-apps/flows-stages/stages/identification/index.md b/website/docs/flow/stages/identification/index.md similarity index 83% rename from website/docs/add-secure-apps/flows-stages/stages/identification/index.md rename to website/docs/flow/stages/identification/index.md index 5bbe682782f3..fa592812a4c7 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/identification/index.md +++ b/website/docs/flow/stages/identification/index.md @@ -12,7 +12,7 @@ Select which fields the user can use to identify themselves. Multiple fields can - Email - UPN - UPN will attempt to identify the user based on the `upn` attribute, which can be imported with an [LDAP Source](../../../../users-sources/sources/protocols/ldap) + UPN will attempt to identify the user based on the `upn` attribute, which can be imported with an [LDAP Source](/docs/sources/ldap/) ## Password stage @@ -28,7 +28,7 @@ When enabled, any user identifier will be accepted as valid (as long as they mat ## Source settings -Some sources (like the [OAuth Source](../../../../users-sources/sources/protocols/oauth/index.md) and [SAML Source](../../../../users-sources/sources/protocols/saml/index.md)) require user interaction. To make these sources available to users, they can be selected in the Identification stage settings, which will show them below the selected [user field](#user-fields). +Some sources (like the [OAuth Source](../../../../docs/sources/oauth/) and [SAML Source](../../../../docs/sources/saml/)) require user interaction. To make these sources available to users, they can be selected in the Identification stage settings, which will show them below the selected [user field](#user-fields). By default, sources are only shown with their icon, which can be changed with the _Show sources' labels_ option. diff --git a/website/docs/add-secure-apps/flows-stages/stages/index.md b/website/docs/flow/stages/index.md similarity index 91% rename from website/docs/add-secure-apps/flows-stages/stages/index.md rename to website/docs/flow/stages/index.md index e3ff640bb835..474a4eab7619 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/index.md +++ b/website/docs/flow/stages/index.md @@ -2,7 +2,7 @@ title: Stages --- -Stages are one of the fundamental building blocks in authentik, along with [flows](../flow/index.md) and [policies](../../../customize/policies/index.md). +Stages are one of the fundamental building blocks in authentik, along with [flows](../index.md) and [policies](docs/policies/index.md). A stage represents a single verification or logic step within a flow. You can bind one or more stages to a flow to create a customized, flexible login and authentication process. @@ -43,7 +43,7 @@ To create a stage, follow these steps: 2. In the Admin interface, navigate to **Flows and Stages -> Stages**. 3. Click **Create**, define the flow using the configuration settings, and then click **Finish**. -After creating the stage, you can then [bind the stage to a flow](#bind-a-stage-to-a-flow) or [bind a policy to the stage](../../../customize/policies/working_with_policies/working_with_policies.md) (the policy determines whether or not the stage will be implemented in the flow). +After creating the stage, you can then [bind the stage to a flow](#bind-a-stage-to-a-flow) or [bind a policy to the stage](../../policies/working_with_policies/working_with_policies.md) (the policy determines whether or not the stage will be implemented in the flow). ## Bind a stage to a flow diff --git a/website/docs/add-secure-apps/flows-stages/stages/invitation/index.md b/website/docs/flow/stages/invitation/index.md similarity index 88% rename from website/docs/add-secure-apps/flows-stages/stages/invitation/index.md rename to website/docs/flow/stages/invitation/index.md index 4b0f46019bac..c557a3b40001 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/invitation/index.md +++ b/website/docs/flow/stages/invitation/index.md @@ -10,4 +10,4 @@ To check if a user has used an invitation within a policy, you can check `reques To use an invitation, use the URL `https://authentik.tld/if/flow/your-enrollment-flow/?itoken=invitation-token`. -You can also prompt the user for an invite by using the [_Prompt stage_](../prompt/index.md) by using a field with a field key of `token`. +You can also prompt the user for an invite by using the [_Prompt stage_](../prompt/) by using a field with a field key of `token`. diff --git a/website/docs/add-secure-apps/flows-stages/stages/password/index.md b/website/docs/flow/stages/password/index.md similarity index 100% rename from website/docs/add-secure-apps/flows-stages/stages/password/index.md rename to website/docs/flow/stages/password/index.md diff --git a/website/docs/add-secure-apps/flows-stages/stages/prompt/index.md b/website/docs/flow/stages/prompt/index.md similarity index 97% rename from website/docs/add-secure-apps/flows-stages/stages/prompt/index.md rename to website/docs/flow/stages/prompt/index.md index 2090e80d4292..5c9a115f1d8d 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/prompt/index.md +++ b/website/docs/flow/stages/prompt/index.md @@ -63,7 +63,7 @@ A flag which decides whether or not this field is required. A field placeholder, shown within the input field. By default, the placeholder is interpreted as-is. If you enable _Interpret placeholder as expression_, the placeholder -will be evaluated as a Python expression. This happens in the same environment as [_Policies_](../../../../customize/policies/expression.mdx). +will be evaluated as a Python expression. This happens in the same environment as [_Policies_](../../../policies/expression). In the case of `Radio Button Group` and `Dropdown` prompts, this field defines all possible values (choices). When interpreted as-is, only one value will be allowed (the placeholder string). When interpreted as expression, a list of values can be returned to define multiple choices. For example, `return ["first option", 42, "another option"]` defines 3 possible values. @@ -78,7 +78,7 @@ The prompt's initial value. It can also be left empty, in which case the field w With the `hidden` prompt, the initial value will also be the actual value, because the field is hidden to the user. By default, the initial value is interpreted as-is. If you enable _Interpret initial value as expression_, the initial value -will be evaluated as a Python expression. This happens in the same environment as [_Policies_](../../../../customize/policies/expression.mdx). +will be evaluated as a Python expression. This happens in the same environment as [_Policies_](../../../policies/expression). In the case of `Radio Button Group` and `Dropdown` prompts, this field defines the default choice. When interpreted as-is, the default choice will be the initial value string. When interpreted as expression, the default choice will be the returned value. For example, `return 42` defines `42` as the default choice. diff --git a/website/docs/add-secure-apps/flows-stages/stages/source/index.md b/website/docs/flow/stages/source/index.md similarity index 65% rename from website/docs/add-secure-apps/flows-stages/stages/source/index.md rename to website/docs/flow/stages/source/index.md index cc5bc7330dcc..e69dbd4101d2 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/source/index.md +++ b/website/docs/flow/stages/source/index.md @@ -7,7 +7,7 @@ title: Source stage --- -The source stage injects an [OAuth](../../../../users-sources/sources/protocols/oauth/index.md) or [SAML](../../../../users-sources/sources/protocols/saml/index.md) Source into the flow execution. This allows for additional user verification, or to dynamically access different sources for different user identifiers (username, email address, etc). +The source stage injects an [OAuth](../../../../docs/sources/oauth/) or [SAML](../../../../docs/sources/saml/) Source into the flow execution. This allows for additional user verification, or to dynamically access different sources for different user identifiers (username, email address, etc). ```mermaid sequenceDiagram @@ -36,7 +36,7 @@ sequenceDiagram It is very important that the configured source's authentication and enrollment flows (when set; they can be left unselected to prevent authentication or enrollment with the source) do **not** have a [User login stage](../user_login/index.md) bound to them. -This is because the Source stage works by appending a [dynamic in-memory](../../../../core/terminology.md#dynamic-in-memory-stage) stage to the source's flow, so having a [User login stage](../user_login/index.md) bound will cause the source's flow to not resume the original flow it was started from, and instead directly authenticating the pending user. +This is because the Source stage works by appending a [dynamic in-memory](../../../core/terminology.md#dynamic-in-memory-stage) stage to the source's flow, so having a [User login stage](../user_login/index.md) bound will cause the source's flow to not resume the original flow it was started from, and instead directly authenticating the pending user. ### Example use case @@ -44,13 +44,13 @@ This stage can be used to leverage an external OAuth/SAML identity provider. For example, you can authenticate users by routing them through a custom device-health solution. -Another use case is to route users to authenticate with your legacy (Okta, etc) IdP and then use the returned identity and attributes within authentik as part of an authorization flow, for example as part of an IdP migration. For authentication/enrollment this is also possible with an [OAuth](../../../../users-sources/sources/protocols/oauth/index.md)/[SAML](../../../../users-sources/sources/protocols/saml/index.md) source by itself. +Another use case is to route users to authenticate with your legacy (Okta, etc) IdP and then use the returned identity and attributes within authentik as part of an authorization flow, for example as part of an IdP migration. For authentication/enrollment this is also possible with an [OAuth](../../../../docs/sources/oauth/)/[SAML](../../../../docs/sources/saml/) source by itself. ### Options #### Source -The source the user is redirected to. Must be a web-based source, such as [OAuth](../../../../users-sources/sources/protocols/oauth/index.md) or [SAML](../../../../users-sources/sources/protocols/saml/index.md). Sources like [LDAP](../../../../users-sources/sources/protocols/ldap/index.md) are _not_ compatible. +The source the user is redirected to. Must be a web-based source, such as [OAuth](../../../../docs/sources/oauth/) or [SAML](../../../../docs/sources/saml/). Sources like [LDAP](../../../../docs/sources/ldap/) are _not_ compatible. #### Resume timeout diff --git a/website/docs/add-secure-apps/flows-stages/stages/user_delete.md b/website/docs/flow/stages/user_delete.md similarity index 100% rename from website/docs/add-secure-apps/flows-stages/stages/user_delete.md rename to website/docs/flow/stages/user_delete.md diff --git a/website/docs/add-secure-apps/flows-stages/stages/user_login/index.md b/website/docs/flow/stages/user_login/index.md similarity index 94% rename from website/docs/add-secure-apps/flows-stages/stages/user_login/index.md rename to website/docs/flow/stages/user_login/index.md index daab7d399695..a4a73bfc2a5a 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/user_login/index.md +++ b/website/docs/flow/stages/user_login/index.md @@ -40,7 +40,7 @@ When creating or editing this stage in the UI of the Admin interface, you can se When configured, all sessions authenticated by this stage will be bound to the selected network and/or GeoIP criteria. - Sessions that break this binding will be terminated on use. The created [`logout`](../../../../sys-mgmt/events/index.md#logout) event will contain additional data related to what caused the binding to be broken: + Sessions that break this binding will be terminated on use. The created [`logout`](../../../events/index.md#logout) event will contain additional data related to what caused the binding to be broken: ```json { diff --git a/website/docs/add-secure-apps/flows-stages/stages/user_login/stay_signed_in.png b/website/docs/flow/stages/user_login/stay_signed_in.png similarity index 100% rename from website/docs/add-secure-apps/flows-stages/stages/user_login/stay_signed_in.png rename to website/docs/flow/stages/user_login/stay_signed_in.png diff --git a/website/docs/flow/stages/user_logout.md b/website/docs/flow/stages/user_logout.md new file mode 100644 index 000000000000..56dc227e48de --- /dev/null +++ b/website/docs/flow/stages/user_logout.md @@ -0,0 +1,5 @@ +--- +title: User logout stage +--- + +Opposite stage of [User Login Stages](user_login/index.md). It removes the user from the current session. diff --git a/website/docs/add-secure-apps/flows-stages/stages/user_write.md b/website/docs/flow/stages/user_write.md similarity index 100% rename from website/docs/add-secure-apps/flows-stages/stages/user_write.md rename to website/docs/flow/stages/user_write.md diff --git a/website/docs/index.mdx b/website/docs/index.mdx index cab65a7c8fd8..b2cb8f162457 100755 --- a/website/docs/index.mdx +++ b/website/docs/index.mdx @@ -1,5 +1,6 @@ --- title: Welcome to authentik +slug: / --- ## What is authentik? @@ -20,7 +21,7 @@ The authentik product provides the following consoles: - **User interface**: this console view in authentik displays all of the applications and integrations in which you have implemented authentik. Click on the app that you want to access to open it, or drill down to edit its configuration in the admin interface. -- **Flows**: [_Flows_](./add-secure-apps/flows-stages/flow/index.md) are the steps by which the various _Stages_ of a login and authentication process occurs. A stage represents a single verification or logic step in the sign-on process. authentik allows for the customization and exact definition of these flows. +- **Flows**: [_Flows_](./flow) are the steps by which the various _Stages_ of a login and authentication process occurs. A stage represents a single verification or logic step in the sign-on process. authentik allows for the customization and exact definition of these flows. In authentik, you can use Light or Dark mode for the Admin interface, User interface, and the Flow interface. @@ -67,10 +68,10 @@ Our tech docs cover the typical topics, from installation to configuration, addi - For information about integrating a specific application or software into authentik, refer to our **Integrations** section, accessible from the top menu bar. -- For developer-focused documentation, such as using our APIs and blueprints, setting up your development environment, translations, or how to contribute, refer to the [**Developer**](./developer-docs/index.md) area, accessible from the top menu bar. +- For developer-focused documentation, such as using our APIs and blueprints, setting up your development environment, translations, or how to contribute, refer to the [**Developer**](../developer-docs) area, accessible from the top menu bar. ## Installation -Refer to the installation steps in either [Docker-compose](./install-config/install/docker-compose.mdx) or [Kubernetes](./install-config/install/kubernetes.md). +Refer to the installation steps in either [Docker-compose](installation/docker-compose) or [Kubernetes](installation/kubernetes). -For more information about configuration, beta versions, and additional installation options, see our main [Installation](./install-config/index.mdx) section. +For more information about configuration, beta versions, and additional installation options, see our main [Installation](installation) section. diff --git a/website/docs/install-config/air-gapped.mdx b/website/docs/installation/air-gapped.mdx similarity index 93% rename from website/docs/install-config/air-gapped.mdx rename to website/docs/installation/air-gapped.mdx index 784ba884ed3f..ad886337a383 100644 --- a/website/docs/install-config/air-gapped.mdx +++ b/website/docs/installation/air-gapped.mdx @@ -15,7 +15,7 @@ To disable these outbound connections, adjust the settings as follows: ## Configuration options -To view a list of all configuration options, refer to the [Configuration](./configuration/configuration.mdx) documentation. +To view a list of all configuration options, refer to the [Configuration](./configuration.mdx) documentation. import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; @@ -56,7 +56,7 @@ Afterwards, run the upgrade commands from the latest release notes. ## Settings -In addition to the configuration options above, the following [System settings](../sys-mgmt/settings.md) need to also be adjusted: +In addition to the configuration options above, the following [System settings](../core/settings.md) need to also be adjusted: - **Avatars**: By default this setting uses [Gravatar](https://secure.gravatar.com/). The option can be set to a combination of any of the other options, for example `initials` diff --git a/website/docs/install-config/automated-install.md b/website/docs/installation/automated-install.md similarity index 100% rename from website/docs/install-config/automated-install.md rename to website/docs/installation/automated-install.md diff --git a/website/docs/install-config/beta.mdx b/website/docs/installation/beta.mdx similarity index 100% rename from website/docs/install-config/beta.mdx rename to website/docs/installation/beta.mdx diff --git a/website/docs/install-config/configuration/configuration.mdx b/website/docs/installation/configuration.mdx similarity index 100% rename from website/docs/install-config/configuration/configuration.mdx rename to website/docs/installation/configuration.mdx diff --git a/website/docs/install-config/dashboard.png b/website/docs/installation/dashboard.png similarity index 100% rename from website/docs/install-config/dashboard.png rename to website/docs/installation/dashboard.png diff --git a/website/docs/install-config/install/docker-compose.mdx b/website/docs/installation/docker-compose.mdx similarity index 90% rename from website/docs/install-config/install/docker-compose.mdx rename to website/docs/installation/docker-compose.mdx index 4bfa63b2a646..9b3ed7cf8cb6 100644 --- a/website/docs/install-config/install/docker-compose.mdx +++ b/website/docs/installation/docker-compose.mdx @@ -66,7 +66,7 @@ echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env ## Email configuration (optional but recommended) -It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts and configuration issues. They can also be used by [Email stages](../../add-secure-apps/flows-stages/stages/email/index.mdx) to send verification/recovery emails. +It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts and configuration issues. They can also be used by [Email stages](../flow/stages/email/) to send verification/recovery emails. To configure email credentials, append this block to your `.env` file @@ -95,7 +95,7 @@ COMPOSE_PORT_HTTP=80 COMPOSE_PORT_HTTPS=443 ``` -See [Configuration](../configuration/configuration.mdx) to change the internal ports. Be sure to run `docker compose up -d` to rebuild with the new port numbers. +See [Configuration](../installation/configuration) to change the internal ports. Be sure to run `docker compose up -d` to rebuild with the new port numbers. ## Startup @@ -113,10 +113,10 @@ docker compose pull docker compose up -d ``` -The `docker-compose.yml` file statically references the latest version available at the time of downloading the compose file. Each time you upgrade to a newer version of authentik, you download a new `docker-compose.yml` file, which points to the latest available version. For more information, refer to the **Upgrading** section in the [Release Notes](../../releases/). +The `docker-compose.yml` file statically references the latest version available at the time of downloading the compose file. Each time you upgrade to a newer version of authentik, you download a new `docker-compose.yml` file, which points to the latest available version. For more information, refer to the **Upgrading** section in the [Release Notes](../releases). To start the initial setup, navigate to `http://:9000/if/flow/initial-setup/`. There you are prompted to set a password for the `akadmin` user (the default user). -For an explanation about what each service in the docker compose file does, see [Architecture](../../core/architecture.md). +For an explanation about what each service in the docker compose file does, see [Architecture](../core/architecture.md). diff --git a/website/docs/install-config/index.mdx b/website/docs/installation/index.mdx similarity index 87% rename from website/docs/install-config/index.mdx rename to website/docs/installation/index.mdx index d413f9f09594..641337512d0a 100644 --- a/website/docs/install-config/index.mdx +++ b/website/docs/installation/index.mdx @@ -4,7 +4,7 @@ title: Installation Everything you need to get authentik up and running! -For information about upgrading to a new version, refer to the Upgrade section in the relevant [Release Notes](../releases) and to our [Upgrade authentik](./upgrade.mdx) documentation. +For information about upgrading to a new version, refer to the Upgrade section in the relevant [Release Notes](../releases) and to our [Upgrade authentik](../installation/upgrade.mdx) documentation. The installation process for our free open source version and our [Enterprise](../enterprise/index.md) version are exactly the same. For information about obtaining an Enterprise license, refer to [License management](../enterprise/manage-enterprise.md#license-management) documentation. diff --git a/website/docs/install-config/install/kubernetes.md b/website/docs/installation/kubernetes.md similarity index 96% rename from website/docs/install-config/install/kubernetes.md rename to website/docs/installation/kubernetes.md index 03a4c59e6841..fd7675596128 100644 --- a/website/docs/install-config/install/kubernetes.md +++ b/website/docs/installation/kubernetes.md @@ -76,7 +76,7 @@ After the installation is complete, access authentik at `https:// Outposts** and then click **Create**. -![](./outpost-create.png) +![](outpost-create.png) 3. Define the following values: diff --git a/website/docs/add-secure-apps/outposts/integrations/docker.md b/website/docs/outposts/integrations/docker.md similarity index 97% rename from website/docs/add-secure-apps/outposts/integrations/docker.md rename to website/docs/outposts/integrations/docker.md index 26cc41202eb9..8c779b93556e 100644 --- a/website/docs/add-secure-apps/outposts/integrations/docker.md +++ b/website/docs/outposts/integrations/docker.md @@ -9,7 +9,7 @@ This integration has the advantage over manual deployments of automatic updates The following outpost settings are used: - `object_naming_template`: Configures how the container is called -- `container_image`: Optionally overwrites the standard container image (see [Configuration](../../../install-config/configuration/configuration.mdx#authentik_outposts) to configure the global default) +- `container_image`: Optionally overwrites the standard container image (see [Configuration](../../installation/configuration.mdx#authentik_outposts) to configure the global default) - `docker_network`: The Docker network the container should be added to. This needs to be modified if you plan to connect to authentik using the internal hostname. - `docker_map_ports`: Enable/disable the mapping of ports. When using a proxy outpost with Traefik for example, you might not want to bind ports as they are routed through Traefik. - `docker_labels`: Optional additional labels that can be applied to the container. diff --git a/website/docs/add-secure-apps/outposts/integrations/kubernetes.md b/website/docs/outposts/integrations/kubernetes.md similarity index 95% rename from website/docs/add-secure-apps/outposts/integrations/kubernetes.md rename to website/docs/outposts/integrations/kubernetes.md index 1c1cce95c53b..bad36b3adac5 100644 --- a/website/docs/add-secure-apps/outposts/integrations/kubernetes.md +++ b/website/docs/outposts/integrations/kubernetes.md @@ -18,7 +18,7 @@ This integration creates the following objects: The following outpost settings are used: - `object_naming_template`: Configures how the container is called -- `container_image`: Optionally overwrites the standard container image (see [Configuration](../../../install-config/configuration/configuration.mdx) to configure the global default) +- `container_image`: Optionally overwrites the standard container image (see [Configuration](../../installation/configuration.mdx) to configure the global default) - `kubernetes_replicas`: Replica count for the deployment of the outpost - `kubernetes_namespace`: Namespace to deploy in, defaults to the same namespace authentik is deployed in (if available) - `kubernetes_ingress_annotations`: Any additional annotations to add to the ingress object, for example cert-manager diff --git a/website/docs/add-secure-apps/outposts/manual-deploy-docker-compose.md b/website/docs/outposts/manual-deploy-docker-compose.md similarity index 100% rename from website/docs/add-secure-apps/outposts/manual-deploy-docker-compose.md rename to website/docs/outposts/manual-deploy-docker-compose.md diff --git a/website/docs/add-secure-apps/outposts/manual-deploy-kubernetes.md b/website/docs/outposts/manual-deploy-kubernetes.md similarity index 100% rename from website/docs/add-secure-apps/outposts/manual-deploy-kubernetes.md rename to website/docs/outposts/manual-deploy-kubernetes.md diff --git a/website/docs/add-secure-apps/outposts/outpost-create.png b/website/docs/outposts/outpost-create.png similarity index 100% rename from website/docs/add-secure-apps/outposts/outpost-create.png rename to website/docs/outposts/outpost-create.png diff --git a/website/docs/add-secure-apps/outposts/upgrading.md b/website/docs/outposts/upgrading.md similarity index 100% rename from website/docs/add-secure-apps/outposts/upgrading.md rename to website/docs/outposts/upgrading.md diff --git a/website/docs/add-secure-apps/outposts/upgrading_outdated.png b/website/docs/outposts/upgrading_outdated.png similarity index 100% rename from website/docs/add-secure-apps/outposts/upgrading_outdated.png rename to website/docs/outposts/upgrading_outdated.png diff --git a/website/docs/customize/policies/expression.mdx b/website/docs/policies/expression.mdx similarity index 94% rename from website/docs/customize/policies/expression.mdx rename to website/docs/policies/expression.mdx index 0d2146a52ade..db2f2775d9b7 100644 --- a/website/docs/customize/policies/expression.mdx +++ b/website/docs/policies/expression.mdx @@ -42,19 +42,19 @@ ak_message("Access denied") return False ``` -import Functions from "../../expressions/_functions.md"; +import Functions from "../expressions/_functions.md"; ## Variables -import Objects from "../../expressions/_objects.md"; +import Objects from "../expressions/_objects.md"; - `request`: A PolicyRequest object, which has the following properties: - - `request.user`: The current user, against which the policy is applied. See [User](../../users-sources/user/index.mdx) + - `request.user`: The current user, against which the policy is applied. See [User](../user-group-role/user/user_ref.md#object-properties) :::caution When a policy is executed in the context of a flow, this will be set to the user initiaing request, and will only be changed by a `user_login` stage. For that reason, using this value in authentication flow policies may not return the expected user. Use `context['pending_user']` instead; User Identification and other stages update this value during flow execution. @@ -69,7 +69,7 @@ import Objects from "../../expressions/_objects.md"; - `geoip`: GeoIP dictionary. The following fields are available: :::info - For basic country matching, consider using a [GeoIP policy](./index.md#geoip-policy). + For basic country matching, consider using a [GeoIP policy](index.md#geoip-policy). ::: - `continent`: a two character continent code like `NA` (North America) or `OC` (Oceania). @@ -85,7 +85,7 @@ import Objects from "../../expressions/_objects.md"; - `asn`: ASN dictionary. The following fields are available: :::info - For basic ASN matching, consider using a [GeoIP policy](./index.md#geoip-policy). + For basic ASN matching, consider using a [GeoIP policy](index.md#geoip-policy). ::: - `asn`: the autonomous system number associated with the IP address. @@ -119,7 +119,7 @@ This includes the following: - `context['prompt_data']`: Data which has been saved from a prompt stage or an external source. (Optional) - `context['application']`: The application the user is in the process of authorizing. (Optional) - `context['source']`: The source the user is authenticating/enrolling with. (Optional) -- `context['pending_user']`: The currently pending user, see [User](../../users-sources/user/user_ref.md) +- `context['pending_user']`: The currently pending user, see [User](../user-group-role/user/user_ref.md#object-properties) - `context['is_restored']`: Contains the flow token when the flow plan was restored from a link, for example the user clicked a link to a flow which was sent by an email stage. (Optional) - `context['auth_method']`: Authentication method (this value is set by password stages) (Optional) diff --git a/website/docs/customize/policies/index.md b/website/docs/policies/index.md similarity index 94% rename from website/docs/customize/policies/index.md rename to website/docs/policies/index.md index 95ecff8ef374..de22d087474a 100644 --- a/website/docs/customize/policies/index.md +++ b/website/docs/policies/index.md @@ -8,7 +8,7 @@ In effect, policies determine whether or not a specific stage is applied to a fl For example, you can create a policy that, for certain users, skips over a stage that prompts for MFA input. Or, you can define a policy that allows users to access a login flow only if the policy criteria are met. See below for other policies, including the reputation policy and an events-driven policy to manage notifications. -For instructions about creating and binding policies to flows and stages, refer to ["Working with policies](./working_with_policies/working_with_policies.md)". +For instructions about creating and binding policies to flows and stages, refer to ["Working with policies](docs/policies/working_with_policies/working_with_policies.md)". ## Standard policies @@ -20,11 +20,11 @@ This policy is used by the events subsystem. You can use this policy to match ev ### Expression Policy -See [Expression Policy](./expression.mdx). +See [Expression Policy](expression.mdx). ### GeoIP policy -Use this policy for simple GeoIP lookups, such as country or ASN matching. (For a more advanced GeoIP lookup, use an [Expression policy](./expression.mdx).) +Use this policy for simple GeoIP lookups, such as country or ASN matching. (For a more advanced GeoIP lookup, use an [Expression policy](expression.mdx).) ### Password-Expiry Policy diff --git a/website/docs/customize/policies/working_with_policies/unique_email.md b/website/docs/policies/working_with_policies/unique_email.md similarity index 76% rename from website/docs/customize/policies/working_with_policies/unique_email.md rename to website/docs/policies/working_with_policies/unique_email.md index 9da2e36c681d..068d7d5268a9 100644 --- a/website/docs/customize/policies/working_with_policies/unique_email.md +++ b/website/docs/policies/working_with_policies/unique_email.md @@ -4,7 +4,7 @@ title: Ensure unique email addresses Due to the database design of authentik, email addresses are by default not required to be unique. This behavior can however be changed by policies. -The snippet below can be used as the expression in policies both with enrollment flows, where the policy should be bound to any stage before the [User write](../../../add-secure-apps/flows-stages/stages/user_write.md) stage, or with the [Prompt stage](../../../add-secure-apps/flows-stages/stages/prompt/index.md). +The snippet below can be used as the expression in policies both with enrollment flows, where the policy should be bound to any stage before the [User write](../../flow/stages/user_write.md) stage, or with the [Prompt stage](../../flow/stages/prompt/index.md). ```python from authentik.core.models import User diff --git a/website/docs/customize/policies/working_with_policies/whitelist_email.md b/website/docs/policies/working_with_policies/whitelist_email.md similarity index 100% rename from website/docs/customize/policies/working_with_policies/whitelist_email.md rename to website/docs/policies/working_with_policies/whitelist_email.md diff --git a/website/docs/customize/policies/working_with_policies/working_with_policies.md b/website/docs/policies/working_with_policies/working_with_policies.md similarity index 92% rename from website/docs/customize/policies/working_with_policies/working_with_policies.md rename to website/docs/policies/working_with_policies/working_with_policies.md index 8df05b0f6e01..1d33f4bf26b4 100644 --- a/website/docs/customize/policies/working_with_policies/working_with_policies.md +++ b/website/docs/policies/working_with_policies/working_with_policies.md @@ -6,7 +6,7 @@ For an overview of policies, refer to our documentation on [Policies](../index.m authentik provides several [standard policy types](../index.md#standard-policies), which can be configured for your specific needs. -We also document how to use a policy to [whitelist email domains](./whitelist_email.md) and to [ensure unique email addresses](./unique_email.md). +We also document how to use a policy to [whitelist email domains](../working_with_policies/whitelist_email.md) and to [ensure unique email addresses](../working_with_policies/unique_email.md). ## Create a policy @@ -19,7 +19,7 @@ To create a new policy, follow these steps: ## Bind a policy to a flow or stage -After creating the policy, you can bind it to either a [flow](../../../add-secure-apps/flows-stages/flow/index.md) or to a [stage](../../../add-secure-apps/flows-stages/stages/index.md). +After creating the policy, you can bind it to either a [flow](../../flow/index.md) or to a [stage](../../flow/stages/index.md). :::info Bindings are instantiated objects themselves, and conceptually can be considered as the "connector" between the policy and the stage or flow. This is why you might read about "binding a binding", because technically, a binding is "spliced" into another binding, in order to intercept and enforce the criteria defined in the policy. You can edit bindings on a flow's **Stage Bindings** tab. diff --git a/website/docs/add-secure-apps/providers/entra/add-entra-provider.md b/website/docs/providers/entra/add-entra-provider.md similarity index 100% rename from website/docs/add-secure-apps/providers/entra/add-entra-provider.md rename to website/docs/providers/entra/add-entra-provider.md diff --git a/website/docs/add-secure-apps/providers/entra/index.md b/website/docs/providers/entra/index.md similarity index 95% rename from website/docs/add-secure-apps/providers/entra/index.md rename to website/docs/providers/entra/index.md index 67702bab1ca1..6703fa91d715 100644 --- a/website/docs/add-secure-apps/providers/entra/index.md +++ b/website/docs/providers/entra/index.md @@ -12,8 +12,8 @@ This feature is in technical preview, so please report any bugs on [GitHub](http With the Microsoft Entra ID provider, authentik serves as the single source of truth for all users and groups. Configuring Entra ID as a provider allows for auto-discovery of user and group accounts, on-going synchronization of user data such as email address, name, and status, and integrated data mapping of field names and values. -- For instructions to configure your Entra ID tenant to integrate with authentik, refer to [Configure Entra ID](./setup-entra.md). -- For instructions to add Entra ID as a provider in authentik, refer to [Create a Entra ID provider](./add-entra-provider.md). +- For instructions to configure your Entra ID tenant to integrate with authentik, refer to [Configure Entra ID](./setup-entra). +- For instructions to add Entra ID as a provider in authentik, refer to [Create a Entra ID provider](./add-entra-provider). ## About using Entra ID with authentik diff --git a/website/docs/add-secure-apps/providers/entra/setup-entra.md b/website/docs/providers/entra/setup-entra.md similarity index 94% rename from website/docs/add-secure-apps/providers/entra/setup-entra.md rename to website/docs/providers/entra/setup-entra.md index 868b813a07d9..70b4a588b0c9 100644 --- a/website/docs/add-secure-apps/providers/entra/setup-entra.md +++ b/website/docs/providers/entra/setup-entra.md @@ -17,9 +17,9 @@ For detailed instructions, refer to Microsoft Entra ID documentation. 3. On the **Register an application** page, define the **Name** of the app, and under **Supported account types** select **Accounts in this organizational directory only**. Leave **Redirect URI** empty. 4. Click **Register**. The app's detail page displays. -5. On the app detail page, copy both the **Application (client) ID** and the **Directory (tenant) ID** values and store in a temporary place. These values will be needed when you [create the Entra ID provider](./add-entra-provider.md) in authentik. +5. On the app detail page, copy both the **Application (client) ID** and the **Directory (tenant) ID** values and store in a temporary place. These values will be needed when you [create the Entra ID provider](./add-entra-provider) in authentik. 6. Next, click on **Certificates and Secrets** in the near-left navigation pane and create a new secret. -7. On the **Certificates and Secrets** page, on the **Client secrets** tab, copy the **Value** of the secret and store it in a temporary place. Like with the client ID and the tenant ID, this secret will be needed when you [create the Entra ID provider](./add-entra-provider.md) in authentik. +7. On the **Certificates and Secrets** page, on the **Client secrets** tab, copy the **Value** of the secret and store it in a temporary place. Like with the client ID and the tenant ID, this secret will be needed when you [create the Entra ID provider](./add-entra-provider) in authentik. 8. Next, click on **API permissions** in the near-left navigation pane. 9. Click on **Add a permission** and add the following permissions by selecting **Microsoft Graph** and then **Application Permissions**: - `Group.Create` diff --git a/website/docs/add-secure-apps/providers/gws/add-gws-provider.md b/website/docs/providers/gws/add-gws-provider.md similarity index 89% rename from website/docs/add-secure-apps/providers/gws/add-gws-provider.md rename to website/docs/providers/gws/add-gws-provider.md index 4e95024b9056..88821617d524 100644 --- a/website/docs/add-secure-apps/providers/gws/add-gws-provider.md +++ b/website/docs/providers/gws/add-gws-provider.md @@ -17,7 +17,7 @@ For more information about using a Google Workspace provider, see the [Overview] To create a Google Workspace provider in authentik, you must have already [configured Google Workspace](./setup-gws.md) to integrate with authentik. :::info -When adding the Google Workspace provider in authentik, you must define the **Backchannel provider** using the name of the Google Workspace provider that you created in authentik. If you have also configured Google Workspace to log in using authentik following [these](../../../../integrations/services/google/), then this configuration can be done on the same app. +When adding the Google Workspace provider in authentik, you must define the **Backchannel provider** using the name of the Google Workspace provider that you created in authentik. If you have also configured Google Workspace to log in using authentik following [these](../../../integrations/services/google/), then this configuration can be done on the same app. ::: ### Create the Google Workspace provider in authentik @@ -55,7 +55,7 @@ When adding the Google Workspace provider in authentik, you must define the **Ba 1. Log in as an admin to authentik, and go to the Admin interface. 2. In the Admin interface, navigate to **Applications -> Applications**. :::info - If you have also configured Google Workspace to log in using authentik following [these](https://docs.goauthentik.io/integrations/services/google/index), then this configuration can be done on the same app by adding this new provider as a backchannel provider on the existing app instead of creating a new app. + If you have also configured Google Workspace to log in using authentik following [these](../../../integrations/services/google/), then this configuration can be done on the same app by adding this new provider as a backchannel provider on the existing app instead of creating a new app. ::: 3. Click **Create**, and in the **New provider** modal box, and define the following fields: diff --git a/website/docs/add-secure-apps/providers/gws/index.md b/website/docs/providers/gws/index.md similarity index 97% rename from website/docs/add-secure-apps/providers/gws/index.md rename to website/docs/providers/gws/index.md index a1b31e1e0086..c774cc89bbca 100644 --- a/website/docs/add-secure-apps/providers/gws/index.md +++ b/website/docs/providers/gws/index.md @@ -12,8 +12,8 @@ This feature is in technical preview, so please report any bugs on [GitHub](http With the Google Workspace provider, authentik serves as the single source of truth for all users and groups, when using Google products like Gmail. -- For instructions to configure your Google Workspace to integrate with authentik, refer to [Configure Google Workspace](./setup-gws.md). -- For instructions to add Google Workspace as a provider, refer to [Create a Google Workspace provider](./add-gws-provider.md). +- For instructions to configure your Google Workspace to integrate with authentik, refer to [Configure Google Workspace](./setup-gws). +- For instructions to add Google Workspace as a provider, refer to [Create a Google Workspace provider](./add-gws-provider). ## About using Google Workspace with authentik diff --git a/website/docs/add-secure-apps/providers/gws/setup-gws.md b/website/docs/providers/gws/setup-gws.md similarity index 100% rename from website/docs/add-secure-apps/providers/gws/setup-gws.md rename to website/docs/providers/gws/setup-gws.md diff --git a/website/docs/add-secure-apps/providers/index.mdx b/website/docs/providers/index.mdx similarity index 100% rename from website/docs/add-secure-apps/providers/index.mdx rename to website/docs/providers/index.mdx diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup1.png b/website/docs/providers/ldap/general_setup1.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup1.png rename to website/docs/providers/ldap/general_setup1.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup10.png b/website/docs/providers/ldap/general_setup10.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup10.png rename to website/docs/providers/ldap/general_setup10.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup11.png b/website/docs/providers/ldap/general_setup11.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup11.png rename to website/docs/providers/ldap/general_setup11.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup12.png b/website/docs/providers/ldap/general_setup12.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup12.png rename to website/docs/providers/ldap/general_setup12.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup13.png b/website/docs/providers/ldap/general_setup13.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup13.png rename to website/docs/providers/ldap/general_setup13.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup14.png b/website/docs/providers/ldap/general_setup14.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup14.png rename to website/docs/providers/ldap/general_setup14.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup15.png b/website/docs/providers/ldap/general_setup15.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup15.png rename to website/docs/providers/ldap/general_setup15.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup16.png b/website/docs/providers/ldap/general_setup16.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup16.png rename to website/docs/providers/ldap/general_setup16.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup2.png b/website/docs/providers/ldap/general_setup2.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup2.png rename to website/docs/providers/ldap/general_setup2.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup3.png b/website/docs/providers/ldap/general_setup3.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup3.png rename to website/docs/providers/ldap/general_setup3.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup4.png b/website/docs/providers/ldap/general_setup4.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup4.png rename to website/docs/providers/ldap/general_setup4.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup5.png b/website/docs/providers/ldap/general_setup5.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup5.png rename to website/docs/providers/ldap/general_setup5.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup6.png b/website/docs/providers/ldap/general_setup6.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup6.png rename to website/docs/providers/ldap/general_setup6.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup7.png b/website/docs/providers/ldap/general_setup7.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup7.png rename to website/docs/providers/ldap/general_setup7.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup8.png b/website/docs/providers/ldap/general_setup8.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup8.png rename to website/docs/providers/ldap/general_setup8.png diff --git a/website/docs/add-secure-apps/providers/ldap/general_setup9.png b/website/docs/providers/ldap/general_setup9.png similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/general_setup9.png rename to website/docs/providers/ldap/general_setup9.png diff --git a/website/docs/add-secure-apps/providers/ldap/generic_setup.md b/website/docs/providers/ldap/generic_setup.md similarity index 100% rename from website/docs/add-secure-apps/providers/ldap/generic_setup.md rename to website/docs/providers/ldap/generic_setup.md diff --git a/website/docs/add-secure-apps/providers/ldap/index.md b/website/docs/providers/ldap/index.md similarity index 88% rename from website/docs/add-secure-apps/providers/ldap/index.md rename to website/docs/providers/ldap/index.md index d7feeb00e741..2aa0feadf4b6 100644 --- a/website/docs/add-secure-apps/providers/ldap/index.md +++ b/website/docs/providers/ldap/index.md @@ -5,7 +5,7 @@ title: LDAP Provider You can configure an LDAP Provider for applications that don't support any newer protocols or require LDAP. :::info -Note: This provider requires the deployment of the [LDAP Outpost](../../outposts/index.mdx) +Note: This provider requires the deployment of the [LDAP Outpost](../../outposts/) ::: All users and groups in authentik's database are searchable. Currently, there is limited support for filters (you can only search for objectClass), but this will be expanded in further releases. @@ -70,7 +70,7 @@ This enables you to bind on port 636 using LDAPS. ## Integrations -See the integration guide for [sssd](/integrations/services/sssd) for an example guide. +See the integration guide for [sssd](../../../integrations/services/sssd/) for an example guide. ## Binding & Bind Modes @@ -78,9 +78,9 @@ All bind modes rely on flows. The following stages are supported: -- [Identification](../../flows-stages/stages/identification/index.md) -- [Password](../../flows-stages/stages/password/index.md) -- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.md) +- [Identification](../../flow/stages/identification/index.md) +- [Password](../../flow/stages/password/index.md) +- [Authenticator validation](../../flow/stages/authenticator_validate/index.md) Note: Authenticator validation currently only supports DUO, TOTP and static authenticators. @@ -90,9 +90,9 @@ The following stages are supported: SMS-based authenticators are not supported as they require a code to be sent from authentik, which is not possible during the bind. -- [User Logout](../../flows-stages/stages/user_logout.md) -- [User Login](../../flows-stages/stages/user_login/index.md) -- [Deny](../../flows-stages/stages/deny.md) +- [User Logout](../../flow/stages/user_logout.md) +- [User Login](../../flow/stages/user_login/index.md) +- [Deny](../../flow/stages/deny.md) #### Direct bind @@ -106,7 +106,7 @@ This mode uses the same logic as direct bind, however the result is cached for t Any user that is authorized to access the LDAP provider's application can execute search the LDAP directory. Without explicit permissions to do broader searches, a user's search request will return information about themselves, including user info, group info, and group membership. -[Users](../../../users-sources/user/index.mdx) and [roles](../../../users-sources/roles/index.md) can be assigned the permission "Search full LDAP directory" to allow them to search the full LDAP directory and retrieve information about all users in the authentik instance. +[Users](../../user-group-role/user/index.mdx) and [roles](../../user-group-role/roles/index.mdx) can be assigned the permission "Search full LDAP directory" to allow them to search the full LDAP directory and retrieve information about all users in the authentik instance. :::info Up to authentik version 2024.8 this was managed using the "Search group" attribute in the LDAP Provider, where users could be added to a group to grant them this permission. With authentik 2024.8 this is automatically migrated to the "Search full LDAP directory" permission, which can be assigned more flexibly. diff --git a/website/docs/add-secure-apps/providers/oauth2/client_credentials.md b/website/docs/providers/oauth2/client_credentials.md similarity index 98% rename from website/docs/add-secure-apps/providers/oauth2/client_credentials.md rename to website/docs/providers/oauth2/client_credentials.md index 5fd11ad2eee5..1169ea38d190 100644 --- a/website/docs/add-secure-apps/providers/oauth2/client_credentials.md +++ b/website/docs/providers/oauth2/client_credentials.md @@ -57,7 +57,7 @@ Alternatively, you can set the `client_secret` parameter to the `$inputJWT`, for Input JWTs are checked to be signed by any of the selected _Verification certificates_, and their `exp` attribute must not be now or in the past. -To do additional checks, you can use _[Expression policies](../../../customize/policies/expression.mdx)_: +To do additional checks, you can use _[Expression policies](../../policies/expression)_: ```python return request.context["oauth_jwt"]["iss"] == "https://my.issuer" diff --git a/website/docs/add-secure-apps/providers/oauth2/device_code.md b/website/docs/providers/oauth2/device_code.md similarity index 100% rename from website/docs/add-secure-apps/providers/oauth2/device_code.md rename to website/docs/providers/oauth2/device_code.md diff --git a/website/docs/add-secure-apps/providers/oauth2/index.md b/website/docs/providers/oauth2/index.md similarity index 98% rename from website/docs/add-secure-apps/providers/oauth2/index.md rename to website/docs/providers/oauth2/index.md index ace22e3a54d1..cf4ae28a0c13 100644 --- a/website/docs/add-secure-apps/providers/oauth2/index.md +++ b/website/docs/providers/oauth2/index.md @@ -51,7 +51,7 @@ Starting with authentik 2024.2, this grant requires the `offline_access` scope. ### `client_credentials`: -See [Machine-to-machine authentication](./client_credentials.md) +See [Machine-to-machine authentication](./client_credentials) ## Scope authorization diff --git a/website/docs/add-secure-apps/providers/property-mappings/expression.mdx b/website/docs/providers/property-mappings/expression.mdx similarity index 79% rename from website/docs/add-secure-apps/providers/property-mappings/expression.mdx rename to website/docs/providers/property-mappings/expression.mdx index 52002a50bc91..f5ec3e3ddd1c 100644 --- a/website/docs/add-secure-apps/providers/property-mappings/expression.mdx +++ b/website/docs/providers/property-mappings/expression.mdx @@ -6,17 +6,17 @@ The property mapping should return a value that is expected by the provider. Sup ## Available Functions -import Functions from "../../../expressions/_functions.md"; +import Functions from "../../expressions/_functions.md"; ## Variables -import Objects from "../../../expressions/_objects.md"; +import Objects from "../../expressions/_objects.md"; -import User from "../../../expressions/_user.md"; +import User from "../../expressions/_user.md"; diff --git a/website/docs/add-secure-apps/providers/property-mappings/index.md b/website/docs/providers/property-mappings/index.md similarity index 100% rename from website/docs/add-secure-apps/providers/property-mappings/index.md rename to website/docs/providers/property-mappings/index.md diff --git a/website/docs/add-secure-apps/providers/proxy/__placeholders.md b/website/docs/providers/proxy/__placeholders.md similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/__placeholders.md rename to website/docs/providers/proxy/__placeholders.md diff --git a/website/docs/add-secure-apps/providers/proxy/_caddy_standalone.md b/website/docs/providers/proxy/_caddy_standalone.md similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/_caddy_standalone.md rename to website/docs/providers/proxy/_caddy_standalone.md diff --git a/website/docs/add-secure-apps/providers/proxy/_envoy_istio.md b/website/docs/providers/proxy/_envoy_istio.md similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/_envoy_istio.md rename to website/docs/providers/proxy/_envoy_istio.md diff --git a/website/docs/add-secure-apps/providers/proxy/_nginx_ingress.md b/website/docs/providers/proxy/_nginx_ingress.md similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/_nginx_ingress.md rename to website/docs/providers/proxy/_nginx_ingress.md diff --git a/website/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md b/website/docs/providers/proxy/_nginx_proxy_manager.md similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md rename to website/docs/providers/proxy/_nginx_proxy_manager.md diff --git a/website/docs/add-secure-apps/providers/proxy/_nginx_standalone.md b/website/docs/providers/proxy/_nginx_standalone.md similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/_nginx_standalone.md rename to website/docs/providers/proxy/_nginx_standalone.md diff --git a/website/docs/add-secure-apps/providers/proxy/_traefik_compose.md b/website/docs/providers/proxy/_traefik_compose.md similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/_traefik_compose.md rename to website/docs/providers/proxy/_traefik_compose.md diff --git a/website/docs/add-secure-apps/providers/proxy/_traefik_ingress.md b/website/docs/providers/proxy/_traefik_ingress.md similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/_traefik_ingress.md rename to website/docs/providers/proxy/_traefik_ingress.md diff --git a/website/docs/add-secure-apps/providers/proxy/_traefik_standalone.md b/website/docs/providers/proxy/_traefik_standalone.md similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/_traefik_standalone.md rename to website/docs/providers/proxy/_traefik_standalone.md diff --git a/website/docs/add-secure-apps/providers/proxy/custom_headers.md b/website/docs/providers/proxy/custom_headers.md similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/custom_headers.md rename to website/docs/providers/proxy/custom_headers.md diff --git a/website/docs/add-secure-apps/providers/proxy/forward_auth.mdx b/website/docs/providers/proxy/forward_auth.mdx similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/forward_auth.mdx rename to website/docs/providers/proxy/forward_auth.mdx diff --git a/website/docs/add-secure-apps/providers/proxy/header_authentication.md b/website/docs/providers/proxy/header_authentication.md similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/header_authentication.md rename to website/docs/providers/proxy/header_authentication.md diff --git a/website/docs/add-secure-apps/providers/proxy/index.md b/website/docs/providers/proxy/index.md similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/index.md rename to website/docs/providers/proxy/index.md diff --git a/website/docs/add-secure-apps/providers/proxy/server_caddy.mdx b/website/docs/providers/proxy/server_caddy.mdx similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/server_caddy.mdx rename to website/docs/providers/proxy/server_caddy.mdx diff --git a/website/docs/add-secure-apps/providers/proxy/server_envoy.mdx b/website/docs/providers/proxy/server_envoy.mdx similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/server_envoy.mdx rename to website/docs/providers/proxy/server_envoy.mdx diff --git a/website/docs/add-secure-apps/providers/proxy/server_nginx.mdx b/website/docs/providers/proxy/server_nginx.mdx similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/server_nginx.mdx rename to website/docs/providers/proxy/server_nginx.mdx diff --git a/website/docs/add-secure-apps/providers/proxy/server_traefik.mdx b/website/docs/providers/proxy/server_traefik.mdx similarity index 100% rename from website/docs/add-secure-apps/providers/proxy/server_traefik.mdx rename to website/docs/providers/proxy/server_traefik.mdx diff --git a/website/docs/add-secure-apps/providers/rac/how-to-rac.md b/website/docs/providers/rac/how-to-rac.md similarity index 99% rename from website/docs/add-secure-apps/providers/rac/how-to-rac.md rename to website/docs/providers/rac/how-to-rac.md index fedcc95715f9..e009abcf618f 100644 --- a/website/docs/add-secure-apps/providers/rac/how-to-rac.md +++ b/website/docs/providers/rac/how-to-rac.md @@ -14,7 +14,7 @@ Fow more information about using a RAC provider, see the [Overview](./index.md) ## Prereqisites -The RAC provider requires the deployment of the [RAC Outpost](../../outposts/index.mdx). +The RAC provider requires the deployment of the [RAC Outpost](../../outposts/). ## Overview workflow to create a RAC provider diff --git a/website/docs/add-secure-apps/providers/rac/index.md b/website/docs/providers/rac/index.md similarity index 91% rename from website/docs/add-secure-apps/providers/rac/index.md rename to website/docs/providers/rac/index.md index 5a88a658d22a..3b94a40414cc 100644 --- a/website/docs/add-secure-apps/providers/rac/index.md +++ b/website/docs/providers/rac/index.md @@ -11,7 +11,7 @@ This feature is in technical preview, so please report any bugs on [GitHub](http ::: :::info -This provider requires the deployment of the [RAC Outpost](../../outposts/index.mdx). +This provider requires the deployment of the [RAC Outpost](../../outposts/). ::: ## About the Remote Access Control (RAC) Provider @@ -54,7 +54,7 @@ Each connection is authorized through authentik Policy objects that are bound to Additionally it is possible to modify the connection settings through the authorization flow. Configuration set in `connection_settings` in the flow plan context will be merged with other settings as shown above. -A new connection is created every time an endpoint is selected in the [User Interface](../../../customize/interfaces/user/customization.mdx). Once the user's authentik session expires, the connection is terminated. Additionally, the connection timeout can be specified in the provider, which applies even if the user is still authenticated. The connection can also be terminated manually. +A new connection is created every time an endpoint is selected in the [User Interface](../../interfaces/user/customization.mdx). Once the user's authentik session expires, the connection is terminated. Additionally, the connection timeout can be specified in the provider, which applies even if the user is still authenticated. The connection can also be terminated manually. ## Capabilities diff --git a/website/docs/add-secure-apps/providers/rac/rac-v3.png b/website/docs/providers/rac/rac-v3.png similarity index 100% rename from website/docs/add-secure-apps/providers/rac/rac-v3.png rename to website/docs/providers/rac/rac-v3.png diff --git a/website/docs/add-secure-apps/providers/radius/index.mdx b/website/docs/providers/radius/index.mdx similarity index 89% rename from website/docs/add-secure-apps/providers/radius/index.mdx rename to website/docs/providers/radius/index.mdx index 1eb1ac70e191..a8601371e8f9 100644 --- a/website/docs/add-secure-apps/providers/radius/index.mdx +++ b/website/docs/providers/radius/index.mdx @@ -7,7 +7,7 @@ import { Check, X, AlertTriangle } from "react-feather"; You can configure a Radius provider for applications that don't support any other protocols or that require Radius. :::info -This provider requires the deployment of the [RADIUS outpost](../../outposts/index.mdx) +This provider requires the deployment of the [RADIUS outpost](../../outposts/) ::: Currently, only authentication requests are supported. @@ -18,9 +18,9 @@ Authentication requests against the Radius Server use a flow in the background. The following stages are supported: -- [Identification](../../flows-stages/stages/identification/index.md) -- [Password](../../flows-stages/stages/password/index.md) -- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.md) +- [Identification](../../flow/stages/identification/index.md) +- [Password](../../flow/stages/password/index.md) +- [Authenticator validation](../../flow/stages/authenticator_validate/index.md) Note: Authenticator validation currently only supports DUO, TOTP, and static authenticators. @@ -28,9 +28,9 @@ The following stages are supported: SMS-based authenticators are not supported because they require a code to be sent from authentik, which is not possible during the bind. -- [User Logout](../../flows-stages/stages/user_logout.md) -- [User Login](../../flows-stages/stages/user_login/index.md) -- [Deny](../../flows-stages/stages/deny.md) +- [User Logout](../../flow/stages/user_logout.md) +- [User Login](../../flow/stages/user_login/index.md) +- [Deny](../../flow/stages/deny.md) ### RADIUS attributes diff --git a/website/docs/add-secure-apps/providers/saml/index.md b/website/docs/providers/saml/index.md similarity index 93% rename from website/docs/add-secure-apps/providers/saml/index.md rename to website/docs/providers/saml/index.md index 08352df5aabc..67eb1d2abd0e 100644 --- a/website/docs/add-secure-apps/providers/saml/index.md +++ b/website/docs/providers/saml/index.md @@ -2,7 +2,7 @@ title: SAML Provider --- -This provider allows you to integrate enterprise software using the SAML2 protocol. It supports signed requests and uses [property mappings](../property-mappings/index.md#saml-property-mappings) to determine which fields are exposed and what values they return. This makes it possible to expose vendor-specific fields. +This provider allows you to integrate enterprise software using the SAML2 protocol. It supports signed requests and uses [property mappings](../property-mappings/#saml-property-mappings) to determine which fields are exposed and what values they return. This makes it possible to expose vendor-specific fields. Default fields are exposed through auto-generated Property Mappings, which are prefixed with "authentik default". | Endpoint | URL | diff --git a/website/docs/add-secure-apps/providers/scim/index.md b/website/docs/providers/scim/index.md similarity index 100% rename from website/docs/add-secure-apps/providers/scim/index.md rename to website/docs/providers/scim/index.md diff --git a/website/docs/releases/2021/v2021.1.md b/website/docs/releases/2021/v2021.1.md index 725252c48111..414a445f6672 100644 --- a/website/docs/releases/2021/v2021.1.md +++ b/website/docs/releases/2021/v2021.1.md @@ -8,13 +8,13 @@ slug: "/releases/2021.1" - New versioning schema (year.month.release) - Add global email settings - In previous versions, you had to configure email connection details per [Email Stage](../../add-secure-apps/flows-stages/stages/email/index.mdx). Now, you can (and should) configure global settings. + In previous versions, you had to configure email connection details per [Email Stage](../../flow/stages/email/index.mdx). Now, you can (and should) configure global settings. - This is documented under the [docker-compose](../../install-config/install/docker-compose.mdx) and [Kubernetes](../../install-config/install/kubernetes.md) sections. + This is documented under the [docker-compose](../../installation/docker-compose.mdx) and [Kubernetes](../../installation/kubernetes.md) sections. - New notification system - More info can be found under [Notifications](../../sys-mgmt/events/notifications.md) and [Transports](../../sys-mgmt/events/transports.md). + More info can be found under [Notifications](../../events/notifications.md) and [Transports](../../events/transports.md). During the update, some default rules will be created. These rules notify you about policy exceptions, configuration errors and updates. diff --git a/website/docs/releases/2021/v2021.5.md b/website/docs/releases/2021/v2021.5.md index 84b5c2df7a6b..ff7d9dd521b5 100644 --- a/website/docs/releases/2021/v2021.5.md +++ b/website/docs/releases/2021/v2021.5.md @@ -20,7 +20,7 @@ This feature is still in technical preview, so please report any Bugs you run in - Compatibility with forwardAuth/auth_request The authentik proxy is now compatible with forwardAuth (traefik) / auth_request (nginx). All that is required is the latest version of the outpost, - and the correct config from [here](../../add-secure-apps/providers/proxy/forward_auth.mdx). + and the correct config from [here](../../providers/proxy/forward_auth.mdx). - Docker images for ARM diff --git a/website/docs/releases/2022/v2022.1.md b/website/docs/releases/2022/v2022.1.md index 65545053e45f..10cb4e92700b 100644 --- a/website/docs/releases/2022/v2022.1.md +++ b/website/docs/releases/2022/v2022.1.md @@ -25,7 +25,7 @@ This release mostly removes legacy fields and features that have been deprecated The proxy now also sets the host header based on what is configured as upstream in the proxy provider. The original Host is forwarded as `X-Forwarded-Host`. - Additionally, the header requirements for nginx have changed. Either a `X-Original-URL` or `X-Original-URI` header are now required. See the [_Proxy provider_](../../add-secure-apps/providers/proxy/forward_auth.mdx) documentation for updated snippets. + Additionally, the header requirements for nginx have changed. Either a `X-Original-URL` or `X-Original-URI` header are now required. See the [_Proxy provider_](../providers/proxy/forward_auth) documentation for updated snippets. - API: diff --git a/website/docs/releases/2022/v2022.10.md b/website/docs/releases/2022/v2022.10.md index 8ecb339c1572..1ef2a28ee989 100644 --- a/website/docs/releases/2022/v2022.10.md +++ b/website/docs/releases/2022/v2022.10.md @@ -13,7 +13,7 @@ slug: "/releases/2022.10" - Support for OAuth2 Device flow - See more in the OAuth2 provider docs [here](../../add-secure-apps/providers/oauth2/device_code.md). This flow allows users to authenticate on devices that have limited input possibilities and or no browser access. + See more in the OAuth2 provider docs [here](../providers/oauth2/device_code). This flow allows users to authenticate on devices that have limited input possibilities and or no browser access. - Customizable payload for SMS Authenticator stage when using Generic provider. - Revamped SAML Source @@ -3804,7 +3804,7 @@ Changed response : **200 OK** ## Fixed in 2022.10.2 -- \*: fix [CVE-2022-46145](../../security/cves/CVE-2022-46145.md), Reported by [@sdimovv](https://github.com/sdimovv) +- \*: fix [CVE-2022-46145](../security/CVE-2022-46145), Reported by [@sdimovv](https://github.com/sdimovv) ## Fixed in 2022.10.3 @@ -3812,8 +3812,8 @@ Changed response : **200 OK** ## Fixed in 2022.10.4 -- \*: fix [CVE-2022-46172](../../security/cves/CVE-2022-46172.md), Reported by [@DreamingRaven](https://github.com/DreamingRaven) -- \*: fix [CVE-2022-23555](../../security/cves/CVE-2022-23555.md), Reported by [@fuomag9](https://github.com/fuomag9) +- \*: fix [CVE-2022-46172](../security/CVE-2022-46172), Reported by [@DreamingRaven](https://github.com/DreamingRaven) +- \*: fix [CVE-2022-23555](../security/CVE-2022-23555), Reported by [@fuomag9](https://github.com/fuomag9) ## Upgrading diff --git a/website/docs/releases/2022/v2022.11.md b/website/docs/releases/2022/v2022.11.md index 63aa30d0e6ee..8fee376e616b 100644 --- a/website/docs/releases/2022/v2022.11.md +++ b/website/docs/releases/2022/v2022.11.md @@ -73,7 +73,7 @@ image: ## Fixed in 2022.11.2 -- \*: fix [CVE-2022-46145](../../security/cves/CVE-2022-46145.md), Reported by [@sdimovv](https://github.com/sdimovv) +- \*: fix [CVE-2022-46145](../security/CVE-2022-46145), Reported by [@sdimovv](https://github.com/sdimovv) ## Fixed in 2022.11.3 @@ -81,8 +81,8 @@ image: ## Fixed in 2022.11.4 -- \*: fix [CVE-2022-46172](../../security/cves/CVE-2022-46172.md), Reported by [@DreamingRaven](https://github.com/DreamingRaven) -- \*: fix [CVE-2022-23555](../../security/cves/CVE-2022-23555.md), Reported by [@fuomag9](https://github.com/fuomag9) +- \*: fix [CVE-2022-46172](../security/CVE-2022-46172), Reported by [@DreamingRaven](https://github.com/DreamingRaven) +- \*: fix [CVE-2022-23555](../security/CVE-2022-23555), Reported by [@fuomag9](https://github.com/fuomag9) ## API Changes diff --git a/website/docs/releases/2022/v2022.12.md b/website/docs/releases/2022/v2022.12.md index 3e6145e211d3..a3fd60ef4c1a 100644 --- a/website/docs/releases/2022/v2022.12.md +++ b/website/docs/releases/2022/v2022.12.md @@ -13,7 +13,7 @@ slug: "/releases/2022.12" - Bundled GeoIP City database - authentik now comes with a bundled MaxMind GeoLite2 City database. This allows everyone to take advantage of the extra data provided by GeoIP. The default docker-compose file removes the GeoIP update container as it is no longer needed. See more [here](../../install-config/geoip.mdx). + authentik now comes with a bundled MaxMind GeoLite2 City database. This allows everyone to take advantage of the extra data provided by GeoIP. The default docker-compose file removes the GeoIP update container as it is no longer needed. See more [here](../core/geoip) - Improved UX for user & group management and stage/policy binding @@ -168,7 +168,7 @@ image: ## Fixed in 2022.12.3 -- \*: fix [CVE-2023-26481](../../security/cves/CVE-2023-26481.md), Reported by [@fuomag9](https://github.com/fuomag9) +- \*: fix [CVE-2023-26481](../security/CVE-2023-26481), Reported by [@fuomag9](https://github.com/fuomag9) ## API Changes diff --git a/website/docs/releases/2022/v2022.3.md b/website/docs/releases/2022/v2022.3.md index 56b21fbb3eab..42d1b346458e 100644 --- a/website/docs/releases/2022/v2022.3.md +++ b/website/docs/releases/2022/v2022.3.md @@ -11,7 +11,7 @@ User settings are now configured using flows and stages, allowing administrators ### `client_credentials` support -authentik now supports the OAuth `client_credentials` grant for machine-to-machine authentication. See [OAuth2 Provider](../../add-secure-apps/providers/oauth2/index.md) +authentik now supports the OAuth `client_credentials` grant for machine-to-machine authentication. See [OAuth2 Provider](../providers/oauth2) ## Deprecations diff --git a/website/docs/releases/2022/v2022.5.md b/website/docs/releases/2022/v2022.5.md index 6372fd133a6e..f218259fc168 100644 --- a/website/docs/releases/2022/v2022.5.md +++ b/website/docs/releases/2022/v2022.5.md @@ -7,7 +7,7 @@ slug: "/releases/2022.5" - Twitter Source has been migrated to OAuth2 - This requires some reconfiguration on both Twitter's and authentik's side. Check out the new Twitter integration docs [here](../../users-sources/sources/social-logins/twitter/index.md). + This requires some reconfiguration on both Twitter's and authentik's side. Check out the new Twitter integration docs [here](../../docs/sources/twitter/) - OAuth Provider: Redirect URIs are now checked using regular expressions @@ -19,12 +19,12 @@ slug: "/releases/2022.5" Instead of always executing the configured flow when a new Bind request is received, the provider can now be configured to cache the session from the initial flow execution, and directly validate credentials in the outpost. This drastically improves the bind performance. - See [LDAP provider](../../add-secure-apps/providers/ldap/index.md#cached-bind) + See [LDAP provider](../../providers/ldap/index.md#cached-bind) - OAuth2: Add support for `form_post` response mode - Don't prompt users for MFA when they've authenticated themselves within a time period - You can now configure any [Authenticator Validation Stage](../../add-secure-apps/flows-stages/stages/authenticator_validate/index.md) stage to not ask for MFA validation if the user has previously authenticated themselves with an MFA device (of any of the selected classes) in the `Last validation threshold`. + You can now configure any [Authenticator Validation Stage](../../flow/stages/authenticator_validate/index.md) stage to not ask for MFA validation if the user has previously authenticated themselves with an MFA device (of any of the selected classes) in the `Last validation threshold`. - Optimise bundling of web assets diff --git a/website/docs/releases/2022/v2022.8.md b/website/docs/releases/2022/v2022.8.md index 4cf2a3a45d3d..6a6642344a3d 100644 --- a/website/docs/releases/2022/v2022.8.md +++ b/website/docs/releases/2022/v2022.8.md @@ -13,7 +13,7 @@ slug: "/releases/2022.8" - Blueprints - Blueprints allow for the configuration, automation and templating of authentik objects and configurations. They can be used to bootstrap new instances, configure them automatically without external tools, and to template configurations for sharing. See more [here](../../customize/blueprints/index.md). + Blueprints allow for the configuration, automation and templating of authentik objects and configurations. They can be used to bootstrap new instances, configure them automatically without external tools, and to template configurations for sharing. See more [here](../../developer-docs/blueprints/) For installations upgrading to 2022.8, if a single flow exists, then the default blueprints will not be activated, to not overwrite user modifications. @@ -23,7 +23,7 @@ slug: "/releases/2022.8" - Support for Caddy forward auth - Based on the traefik support, there is now dedicated support for Caddy with configuration examples, see [here](../../add-secure-apps/providers/proxy/forward_auth.mdx). + Based on the traefik support, there is now dedicated support for Caddy with configuration examples, see [here](../providers/proxy/forward_auth) ## Minor changes/fixes diff --git a/website/docs/releases/2022/v2022.9.md b/website/docs/releases/2022/v2022.9.md index a46e9d3979f0..cd0b89cf2bd3 100644 --- a/website/docs/releases/2022/v2022.9.md +++ b/website/docs/releases/2022/v2022.9.md @@ -5,7 +5,7 @@ slug: "/releases/2022.9" ## Breaking changes -- `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../../install-config/configuration/configuration.mdx#authentik_web__workers-authentik-20229) +- `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../../installation/configuration.mdx#authentik_web__workers-authentik-20229) ## New features @@ -15,7 +15,7 @@ slug: "/releases/2022.9" - Duo Admin API integration - When using a Duo MFA, Duo Access or Duo Beyond plan, authentik can now automatically import devices from Duo into authentik. More info [here](../../add-secure-apps/flows-stages/stages/authenticator_duo/index.md). + When using a Duo MFA, Duo Access or Duo Beyond plan, authentik can now automatically import devices from Duo into authentik. More info [here](../flow/stages/authenticator_duo/). ## API Changes diff --git a/website/docs/releases/2023/v2023.1.md b/website/docs/releases/2023/v2023.1.md index f6fe6692b6d8..7d090855ed31 100644 --- a/website/docs/releases/2023/v2023.1.md +++ b/website/docs/releases/2023/v2023.1.md @@ -17,7 +17,7 @@ slug: "/releases/2023.1" - Proxy provider now accepts HTTP Basic and Bearer authentication - See [Header authentication](../../add-secure-apps/providers/proxy/header_authentication.md). + See [Header authentication](../../providers/proxy/header_authentication.md). - LDAP provider now works with Code-based MFA stages @@ -121,7 +121,7 @@ image: ## Fixed in 2023.1.3 -- \*: fix [CVE-2023-26481](../../security/cves/CVE-2023-26481.md), Reported by [@fuomag9](https://github.com/fuomag9) +- \*: fix [CVE-2023-26481](../security/CVE-2023-26481), Reported by [@fuomag9](https://github.com/fuomag9) ## API Changes diff --git a/website/docs/releases/2023/v2023.10.md b/website/docs/releases/2023/v2023.10.md index 811bcebc4331..fe2bd54a22df 100644 --- a/website/docs/releases/2023/v2023.10.md +++ b/website/docs/releases/2023/v2023.10.md @@ -17,7 +17,7 @@ slug: "/releases/2023.10" - RBAC (preview) - With this release we're introducing the ability to finely configure permissions within authentik. These permissions can be used to delegate different tasks, such as user management, application creation and more to users without granting them full superuser permissions. With this system, a least-privilege system can also be implemented much more easily. See more info [here](../../users-sources/access-control/index.mdx) + With this release we're introducing the ability to finely configure permissions within authentik. These permissions can be used to delegate different tasks, such as user management, application creation and more to users without granting them full superuser permissions. With this system, a least-privilege system can also be implemented much more easily. See more info [here](../../user-group-role/access-control/index.mdx) - LDAP Provider improvements @@ -127,7 +127,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10 ## Fixed in 2023.10.2 -- \*: fix [GHSA-rjvp-29xq-f62w.md](../../security/cves/GHSA-rjvp-29xq-f62w.md), reported by [@devSparkle](https://github.com/devSparkle) +- \*: fix [GHSA-rjvp-29xq-f62w](../security/GHSA-rjvp-29xq-f62w), Reported by [@devSparkle](https://github.com/devSparkle) - blueprints: fix entries with state: absent not being deleted if their serializer has errors (#7345) - crypto: fix race conditions when creating self-signed certificates on startup (#7344) - lifecycle: rework otp_merge migration (#7359) @@ -161,7 +161,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10 - providers/proxy: Fix duplicate cookies when using file system store. (cherry-pick #7541) (#7544) - providers/scim: fix missing schemas attribute for User and Group (cherry-pick #7477) (#7596) - root: specify node and python versions in respective config files, deduplicate in CI (#7620) -- security: fix [CVE-2023-48228](../../security/cves/CVE-2023-48228.md), Reported by [@Sapd](https://github.com/Sapd) (#7666) +- security: fix [CVE-2023-48228](../../security/CVE-2023-48228.md), Reported by [@Sapd](https://github.com/Sapd) (#7666) - stages/email: use uuid for email confirmation token instead of username (cherry-pick #7581) (#7584) - web/admin: fix admins not able to delete MFA devices (#7660) @@ -186,7 +186,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10 - core: fix PropertyMapping context not being available in request context - outposts: disable deployment and secret reconciler for embedded outpost in code instead of in config (cherry-pick #8021) (#8024) - outposts: fix Outpost reconcile not re-assigning managed attribute (cherry-pick #8014) (#8020) -- providers/oauth2: fix [CVE-2024-21637](../../security/cves/CVE-2024-21637.md), Reported by [@lauritzh](https://github.com/lauritzh) (#8104) +- providers/oauth2: fix [CVE-2024-21637](../../security/CVE-2024-21637.md), Reported by [@lauritzh](https://github.com/lauritzh) (#8104) - providers/oauth2: remember session_id from initial token (cherry-pick #7976) (#7977) - providers/proxy: use access token (cherry-pick #8022) (#8023) - rbac: fix error when looking up permissions for now uninstalled apps (cherry-pick #8068) (#8070) @@ -195,7 +195,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10 ## Fixed in 2023.10.7 -- providers/oauth2: fix fix [CVE-2024-23647](../../security/cves/CVE-2024-23647.md) (cherry-pick #8345) (#8347) +- providers/oauth2: fix fix [CVE-2024-23647](../../security/CVE-2024-23647.md) (cherry-pick #8345) (#8347) - rbac: fix invitations listing with restricted permissions (cherry-pick #8227) (#8229) - root: fix listen trusted_proxy_cidrs config loading from environment (#8075) - root: fix redis config not being updated to match previous change diff --git a/website/docs/releases/2023/v2023.2.md b/website/docs/releases/2023/v2023.2.md index 914860df412d..3de017157bbf 100644 --- a/website/docs/releases/2023/v2023.2.md +++ b/website/docs/releases/2023/v2023.2.md @@ -21,7 +21,7 @@ slug: "/releases/2023.2" - Generated avatars, multiple avatar modes - authentik now supports multiple avatar modes, and will use the next configured mode when a mode doesn't have an avatar. For example, the new default configuration attempts to use gravatar, but if the user's email does not have a gravatar setup, it will instead use the new generated avatars. See [Configuration](../../sys-mgmt/settings.md#avatars) + authentik now supports multiple avatar modes, and will use the next configured mode when a mode doesn't have an avatar. For example, the new default configuration attempts to use gravatar, but if the user's email does not have a gravatar setup, it will instead use the new generated avatars. See [Configuration](../../core/settings.md#avatars) ## Upgrading @@ -109,7 +109,7 @@ image: ## Fixed in 2023.2.3 -- \*: fix [CVE-2023-26481.md](../../security/cves/CVE-2023-26481.md), Reported by [@fuomag9](https://github.com/fuomag9) +- \*: fix [CVE-2023-26481](../security/CVE-2023-26481), Reported by [@fuomag9](https://github.com/fuomag9) ## API Changes diff --git a/website/docs/releases/2023/v2023.3.md b/website/docs/releases/2023/v2023.3.md index 9b92f58d0944..5d8a7d97f3a0 100644 --- a/website/docs/releases/2023/v2023.3.md +++ b/website/docs/releases/2023/v2023.3.md @@ -13,12 +13,12 @@ slug: "/releases/2023.3" authentik can now provision users into other IT systems via the SCIM (System for Cross-domain Identity Management) protocol. The provider synchronizes Users, Groups and the user membership. Objects are synced both when they are saved and based on a pre-defined schedule in the background. - Documentation: [SCIM Provider](../../add-secure-apps/providers/scim/index.md) + Documentation: [SCIM Provider](../../../docs/providers/scim/index.md) - Theming improvements - - The custom.css file is now loaded in ShadowDOMs, allowing for much greater customization, as previously it was only possible to style elements outside of the ShadowDOM. See docs for [Flow](../../customize/interfaces/flow/customization.mdx), [User](../../customize/interfaces/user/customization.mdx) and [Admin](../../customize/interfaces/admin/customization.mdx) interfaces. - - Previously, authentik would automatically switch between dark and light theme based on the users' browsers' settings. This can now be overridden to either force the light or dark theme, per user/group/tenant. See docs for [Flow](../../customize/interfaces/flow/customization.mdx), [User](../../customize/interfaces/user/customization.mdx) and [Admin](../../customize/interfaces/admin/customization.mdx) interfaces. + - The custom.css file is now loaded in ShadowDOMs, allowing for much greater customization, as previously it was only possible to style elements outside of the ShadowDOM. See docs for [Flow](../../interfaces/flow/customization.mdx), [User](../../interfaces/user/customization.mdx) and [Admin](../../interfaces/admin/customization.mdx) interfaces. + - Previously, authentik would automatically switch between dark and light theme based on the users' browsers' settings. This can now be overridden to either force the light or dark theme, per user/group/tenant. See docs for [Flow](../../interfaces/flow/customization.mdx), [User](../../interfaces/user/customization.mdx) and [Admin](../../interfaces/admin/customization.mdx) interfaces. ## Upgrading diff --git a/website/docs/releases/2023/v2023.4.md b/website/docs/releases/2023/v2023.4.md index ed78363682d8..5b80dd5829d1 100644 --- a/website/docs/releases/2023/v2023.4.md +++ b/website/docs/releases/2023/v2023.4.md @@ -21,9 +21,9 @@ slug: "/releases/2023.4" authentik now supports the [RADIUS protocol](https://en.wikipedia.org/wiki/RADIUS) for authentication, allowing for the integration of a wider variety of systems such as VPN software, network switches/routers, and others. - The RADIUS provider also uses a flow to authenticate users, and supports the same stages as the [LDAP Provider](../../add-secure-apps/providers/ldap/index.md). + The RADIUS provider also uses a flow to authenticate users, and supports the same stages as the [LDAP Provider](../../../docs/providers/ldap/index.md). - Documentation: [RADIUS Provider](../../add-secure-apps/providers/radius/index.mdx) + Documentation: [RADIUS Provider](../../../docs/providers/radius/index.mdx) - Decreased CPU usage for workers @@ -35,11 +35,11 @@ slug: "/releases/2023.4" - "Stay logged in" prompt - In the [User login stage](../../add-secure-apps/flows-stages/stages/user_login/index.md), an admin can use the new "Stay Logged In" option to add additional minutes or hours to the defined `session duration` value. When this "Stay Logged In" offset time is configured, the user logging in is presented with a prompt asking if they want to extend their session. + In the [User login stage](../../../docs/flow/stages/user_login/index.md), an admin can use the new "Stay Logged In" option to add additional minutes or hours to the defined `session duration` value. When this "Stay Logged In" offset time is configured, the user logging in is presented with a prompt asking if they want to extend their session. - Prompt preview - When creating a single prompt for use with a [Prompt stage](../../add-secure-apps/flows-stages/stages/prompt/index.md), a live preview of the prompt is now shown. This makes it easier to test how a prompt will behave, and also shows what data it will send, and how it will be available in the flow context. + When creating a single prompt for use with a [Prompt stage](../../../docs/flow/stages/prompt/index.md), a live preview of the prompt is now shown. This makes it easier to test how a prompt will behave, and also shows what data it will send, and how it will be available in the flow context. ## Upgrading @@ -109,11 +109,11 @@ image: ## Fixed in 2023.4.2 -- security: Address pen-test findings from the [2023-06 Cure53 Code audit](../../security/audits-and-certs/2023-06-cure53.md) +- security: Address pen-test findings from the [2023-06 Cure53 Code audit](../../security/2023-06-cure53.md) ## Fixed in 2023.4.3 -- \*: fix [CVE-2023-36456](../../security/cves/CVE-2023-36456.md), Reported by [@thijsa](https://github.com/thijsa) +- \*: fix [CVE-2023-36456](../security/CVE-2023-36456), Reported by [@thijsa](https://github.com/thijsa) ## API Changes diff --git a/website/docs/releases/2023/v2023.5.md b/website/docs/releases/2023/v2023.5.md index 73eec68c6fac..802a125d4449 100644 --- a/website/docs/releases/2023/v2023.5.md +++ b/website/docs/releases/2023/v2023.5.md @@ -23,7 +23,7 @@ slug: "/releases/2023.5" - Backchannel providers - Backchannel providers can augment the functionality of applications by using additional protocols. The main provider of an application provides the SSO protocol that is used for logging into the application. Then, additional backchannel providers can be used for protocols such as [SCIM](../../add-secure-apps/providers/scim/index.md) and [LDAP](../../add-secure-apps/providers/ldap/index.md) to provide directory syncing. + Backchannel providers can augment the functionality of applications by using additional protocols. The main provider of an application provides the SSO protocol that is used for logging into the application. Then, additional backchannel providers can be used for protocols such as [SCIM](../../providers/scim/index.md) and [LDAP](../../providers/ldap/index.md) to provide directory syncing. Access restrictions that are configured on an application apply to all of its backchannel providers. @@ -146,15 +146,15 @@ image: ## Fixed in 2023.5.4 -- security: Address pen-test findings from the [2023-06 Cure53 Code audit](../../security/audits-and-certs/2023-06-cure53.md) +- security: Address pen-test findings from the [2023-06 Cure53 Code audit](../../security/2023-06-cure53.md) ## Fixed in 2023.5.5 -- \*: fix [CVE-2023-36456](../../security/cves/CVE-2023-36456.md), Reported by [@thijsa](https://github.com/thijsa) +- \*: fix [CVE-2023-36456](../security/CVE-2023-36456), Reported by [@thijsa](https://github.com/thijsa) ## Fixed in 2023.5.6 -- \*: fix [CVE-2023-39522](../../security/cves/CVE-2023-39522.md), Reported by [@markrassamni](https://github.com/markrassamni) +- \*: fix [CVE-2023-39522](../security/CVE-2023-39522), Reported by [@markrassamni](https://github.com/markrassamni) ## API Changes diff --git a/website/docs/releases/2023/v2023.6.md b/website/docs/releases/2023/v2023.6.md index be396829da7c..cc0fe34fda26 100644 --- a/website/docs/releases/2023/v2023.6.md +++ b/website/docs/releases/2023/v2023.6.md @@ -9,7 +9,7 @@ slug: "/releases/2023.6" - LDAP StartTLS support - authentik's [LDAP Provider](../../add-secure-apps/providers/ldap/index.md) now supports StartTLS in addition to supporting SSL. The StartTLS is a more modern method of encrypting LDAP traffic. With this added support, the LDAP [Outpost](../../add-secure-apps/outposts/index.mdx) can now support multiple certificates. + authentik's [LDAP Provider](../../providers/ldap/index.md) now supports StartTLS in addition to supporting SSL. The StartTLS is a more modern method of encrypting LDAP traffic. With this added support, the LDAP [Outpost](../../outposts/index.mdx) can now support multiple certificates. - LDAP Schema improvements @@ -90,7 +90,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.6 ## Fixed in 2023.6.2 -- \*: fix [CVE-2023-39522](../security/cves/CVE-2023-39522), Reported by [@markrassamni](https://github.com/markrassamni) +- \*: fix [CVE-2023-39522](../security/CVE-2023-39522), Reported by [@markrassamni](https://github.com/markrassamni) ## API Changes diff --git a/website/docs/releases/2023/v2023.8.md b/website/docs/releases/2023/v2023.8.md index ba6e999123db..2a62ca456c76 100644 --- a/website/docs/releases/2023/v2023.8.md +++ b/website/docs/releases/2023/v2023.8.md @@ -157,19 +157,19 @@ image: ## Fixed in 2023.8.4 -- security: fix [GHSA-rjvp-29xq-f62w.md](../../security/cves/GHSA-rjvp-29xq-f62w.md), Reported by [@devSparkle](https://github.com/devSparkle) +- security: fix [GHSA-rjvp-29xq-f62w](../security/GHSA-rjvp-29xq-f62w), Reported by [@devSparkle](https://github.com/devSparkle) ## Fixed in 2023.8.5 -- security: fix [CVE-2023-48228](../../security/cves/CVE-2023-48228.md), Reported by [@Sapd](https://github.com/Sapd) (#7666) +- security: fix [CVE-2023-48228](../../security/CVE-2023-48228.md), Reported by [@Sapd](https://github.com/Sapd) (#7666) ## Fixed in 2023.8.6 -- providers/oauth2: fix [CVE-2024-21637](../../security/cves/CVE-2024-21637.md), Reported by [@lauritzh](https://github.com/lauritzh) (#8104) +- providers/oauth2: fix [CVE-2024-21637](../../security/CVE-2024-21637.md), Reported by [@lauritzh](https://github.com/lauritzh) (#8104) ## Fixed in 2023.8.7 -- providers/oauth2: fix fix [CVE-2024-23647](../../security/cves/CVE-2024-23647.md) (cherry-pick #8345) (#8347) +- providers/oauth2: fix fix [CVE-2024-23647](../../security/CVE-2024-23647.md) (cherry-pick #8345) (#8347) ## API Changes diff --git a/website/docs/releases/2024/v2024.2.md b/website/docs/releases/2024/v2024.2.md index ce6830423e30..cca0fa98f997 100644 --- a/website/docs/releases/2024/v2024.2.md +++ b/website/docs/releases/2024/v2024.2.md @@ -25,7 +25,7 @@ slug: /releases/2024.2 Blueprints using `authentik_tenants.tenant` will need to be changed to use `authentik_brands.brand`. - For more information, refer to the [documentation for _brands_](../../customize/brands.md). + For more information, refer to the [documentation for _brands_](../../core/brands.md). Also, **the event retention settings configured in brands (previously tenants, see above) has been removed and is now a system setting**, managed in the Admin interface or via the API (see below). @@ -55,7 +55,7 @@ slug: /releases/2024.2 Cache settings have been moved from the `redis` top-level config key to their own `cache` top-level config key. - Settings have also been added to configure the Redis instance/database used for tasks and websockets separately from cache. See [here](../../install-config/configuration/configuration.mdx#redis-settings). + Settings have also been added to configure the Redis instance/database used for tasks and websockets separately from cache. See [here](../../installation/configuration.mdx#redis-settings). Typically, _no changes to the configuration are required_. @@ -114,11 +114,11 @@ slug: /releases/2024.2 Sessions for any users can now be bound to a specific geolocation (Continent, Country, City) or network (Autonomous System, subnet, IP address). If the session is accessed from a location/network that is different than that from which it was initially created, the session will be terminated. - Configuration steps are available [here](../../add-secure-apps/flows-stages/stages/user_login/index.md#user-login-stage-configuration-options). + Configuration steps are available [here](../../flow/stages/user_login/index.md#user-login-stage-configuration-options). - **S3 file storage** - Media files can now be stored on S3. Follow the [setup guide](../../install-config/storage-s3.md) to get started. + Media files can now be stored on S3. Follow the [setup guide](../../installation/storage-s3.md) to get started. - **_Pretend user exists_ option for Identification stage** @@ -166,7 +166,7 @@ slug: /releases/2024.2 - **LDAP source: new command to check connectivity** - Examples on how to use are available [here](../../troubleshooting/ldap_source.md). + Examples on how to use are available [here](../..//troubleshooting/ldap_source.md). --- @@ -349,8 +349,8 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.2 ## Fixed in 2024.2.4 -- security: fix [CVE-2024-37905](../../security/cves/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10238) -- security: fix [CVE-2024-38371](../../security/cves/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10235) +- security: fix [CVE-2024-37905](../../security/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10238) +- security: fix [CVE-2024-38371](../../security/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10235) ## API Changes diff --git a/website/docs/releases/2024/v2024.4.md b/website/docs/releases/2024/v2024.4.md index 00b02f5d7b95..6e89277270de 100644 --- a/website/docs/releases/2024/v2024.4.md +++ b/website/docs/releases/2024/v2024.4.md @@ -31,19 +31,19 @@ slug: /releases/2024.4 The source stage allows for an inclusion of a source as part of a flow. This can be used to link a user to a source as part of their authentication/enrollment, or it can be used as an external multi-factor to provide device health attestation for example. - For details refer to [Source stage](../../add-secure-apps/flows-stages/stages/source/index.md) + For details refer to [Source stage](../../flow/stages/source/index.md) - **SCIM Source** Preview Provision users and groups in authentik using an SCIM API. - For details refer to [SCIM Source](../../users-sources/sources/protocols/scim/index.md) + For details refer to [SCIM Source](../../../docs/sources/scim/) - **Configurable WebAuthn device restrictions** Configure which types of WebAuthn devices can be used to enroll and validate for different authorization levels. - For details refer to [WebAuthn authenticator setup stage](../../add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md) + For details refer to [WebAuthn authenticator setup stage](../../flow/stages/authenticator_webauthn/index.md) - **Revamped UI for log messages** @@ -57,7 +57,7 @@ slug: /releases/2024.4 When authentik is configured to federate with an LDAP source, upon authentication, authentik hashed the password and stored it in its own database. This allows authentication to function when LDAP is unreachable. Admins can now configure this behavior for when this is not desirable. - For details refer to [LDAP Source](../../users-sources/sources/protocols/ldap/index.md) + For details refer to [LDAP Source](../../../docs/sources/ldap/) - **Configurable app password token expiring** @@ -238,14 +238,14 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.4 ## Fixed in 2024.4.3 - core: fix source flow_manager not always appending save stage (cherry-pick #9659) (#9662) -- security: fix [CVE-2024-37905](../../security/cves/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10236) -- security: fix [CVE-2024-38371](../../security/cves/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10233) +- security: fix [CVE-2024-37905](../../security/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10236) +- security: fix [CVE-2024-38371](../../security/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10233) - sources/saml: fix FlowPlanner error due to pickle (cherry-pick #9708) (#9709) - web: fix value handling inside controlled components (cherry-pick #9648) (#9685) ## Fixed in 2024.4.4 -- security: fix [CVE-2024-42490](../../security/cves/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11024 +- security: fix [CVE-2024-42490](../../security/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11024 ## API Changes diff --git a/website/docs/releases/2024/v2024.6.md b/website/docs/releases/2024/v2024.6.md index a588f2ba4529..7ea292766756 100644 --- a/website/docs/releases/2024/v2024.6.md +++ b/website/docs/releases/2024/v2024.6.md @@ -25,7 +25,7 @@ With this release, authentik now enforces unique group names. Existing groups wi ### GeoIP and ASN context object -The `context["geoip"]` and `context["asn"]` objects available in expression policies are now dictionaries. Attributes must now be accessed via dictionary accessors. See [our policy examples](../../customize/policies/expression.mdx) for the updated syntax. +The `context["geoip"]` and `context["asn"]` objects available in expression policies are now dictionaries. Attributes must now be accessed via dictionary accessors. See [our policy examples](../../policies/expression.mdx) for the updated syntax. ## New features @@ -33,25 +33,25 @@ The `context["geoip"]` and `context["asn"]` objects available in expression poli With the Google Workspace provider, authentik serves as the single source of truth for all users and groups, when using Google products like Gmail. - For details refer to the [Google Workspace Provider documentation](../../add-secure-apps/providers/gws/index.md) + For details refer to the [Google Workspace Provider documentation](../../providers/gws/index.md) - **Microsoft Entra ID Provider** Enterprise Preview With the Microsoft Entra ID provider, authentik serves as the single source of truth for all users and groups. Configuring Entra ID as a provider allows for auto-discovery of user and group accounts, on-going synchronization of user data such as email address, name, and status, and integrated data mapping of field names and values. - For details refer to the [Microsoft Entra ID documentation](../../add-secure-apps/providers/entra/index.md) + For details refer to the [Microsoft Entra ID documentation](../../providers/entra/index.md) - **Read-replica DB support** Multiple read-only databases can be configured to route read-only requests to the non-primary database instance so that the main database can be reserved to write requests. - For details refer to the [PostgreSQL configuration](../../install-config/configuration/configuration.mdx#postgresql-settings) + For details refer to the [PostgreSQL configuration](../../installation/configuration.mdx#postgresql-settings) - **Improved CAPTCHA stage** Thresholds can now be configured on the CAPTCHA stage to customize its result. Additionally, the stage can be configured to continue the flow if the CAPTCHA score is outside of those thresholds for further decision making via expression policies. - For details refer to the [CAPTCHA stage](../../add-secure-apps/flows-stages/stages/captcha/index.md) + For details refer to the [CAPTCHA stage](../../flow/stages/captcha/index.md) - **Optimize sync and property mapping execution** @@ -65,7 +65,7 @@ The `context["geoip"]` and `context["asn"]` objects available in expression poli - **Reworked proxy provider redirect** - Following-up on a [highly requested issue](https://github.com/goauthentik/authentik/issues/6886), we've reworked our [Proxy provider](../../add-secure-apps/providers/proxy/index.md) to avoid invalid user-facing redirects. + Following-up on a [highly requested issue](https://github.com/goauthentik/authentik/issues/6886), we've reworked our [Proxy provider](../../providers/proxy/index.md) to avoid invalid user-facing redirects. ## Upgrading @@ -151,8 +151,8 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.6 - root: handle asgi exception (#10085) - root: include task_id in events and logs (#9749) - root: use custom model serializer that saves m2m without bulk (cherry-pick #10139) (#10151) -- security: fix [CVE-2024-37905](../../security/cves/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10237) -- security: fix [CVE-2024-38371](../../security/cves/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10234) +- security: fix [CVE-2024-37905](../../security/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10237) +- security: fix [CVE-2024-38371](../../security/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10234) - sources/oauth: ensure all UI sources return a valid source (#9401) - sources/oauth: fix OAuth Client sending token request incorrectly (#9474) - sources/oauth: modernizes discord icon (#9817) @@ -233,12 +233,12 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.6 ## Fixed in 2024.6.4 -- security: fix [CVE-2024-42490](../../security/cves/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11025 +- security: fix [CVE-2024-42490](../../security/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11025 ## Fixed in 2024.6.5 -- security: fix [CVE-2024-47070](../../security/cves/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11540) -- security: fix [CVE-2024-47077](../../security/cves/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11538) +- security: fix [CVE-2024-47070](../../security/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11540) +- security: fix [CVE-2024-47077](../../security/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11538) ## API Changes diff --git a/website/docs/releases/2024/v2024.8.md b/website/docs/releases/2024/v2024.8.md index ab05a126a697..28e15ba20361 100644 --- a/website/docs/releases/2024/v2024.8.md +++ b/website/docs/releases/2024/v2024.8.md @@ -81,19 +81,19 @@ slug: "/releases/2024.8" - **Source property mappings for SCIM, OAuth, SAML and Plex sources** - All source types now support property mappings to customize how authentik should interpret the data the source provides. In addition to that, it is also now possible to sync groups and group membership from sources that provide group information. See [Property Mappings](../../users-sources/sources/property-mappings/index.md). + All source types now support property mappings to customize how authentik should interpret the data the source provides. In addition to that, it is also now possible to sync groups and group membership from sources that provide group information. See [Property Mappings](../../sources/property-mappings/index.md). - **RADIUS provider custom attribute support** - With 2024.8 it is possible to define custom attributes for the RADIUS provider, for example vendor-specific attributes like Cisco's `AV-Pair` attribute. These attributes are defined in property mappings which means they can be dynamically defined based on the user authenticating. See [RADIUS Provider](../../add-secure-apps/providers/radius/index.mdx#radius-attributes) + With 2024.8 it is possible to define custom attributes for the RADIUS provider, for example vendor-specific attributes like Cisco's `AV-Pair` attribute. These attributes are defined in property mappings which means they can be dynamically defined based on the user authenticating. See [RADIUS Provider](../../providers/radius/index.mdx#radius-attributes) - **SAML encryption support** - It is now possible to configure SAML sources and providers to decrypt and validate encrypted assertions. This can be configured by creating a [Certificate-keypair](../../sys-mgmt/certificates.md) and selecting it in the SAML source or provider. + It is now possible to configure SAML sources and providers to decrypt and validate encrypted assertions. This can be configured by creating a [Certificate-keypair](../../core/certificates.md) and selecting it in the SAML source or provider. - **GeoIP Policy** - With the new [GeoIP Policy](../../customize/policies/index.md#geoip-policy) it is possible to grant/deny access based on Country and ASN, without having to write an expression policy. + With the new [GeoIP Policy](../../policies/index.md#geoip-policy) it is possible to grant/deny access based on Country and ASN, without having to write an expression policy. - **Simplification of LDAP Provider permissions** @@ -109,11 +109,11 @@ slug: "/releases/2024.8" - **WebFinger support** - With the addition of the [default application](../../customize/brands.md#external-user-settings) setting, when the default application uses an OIDC provider, a WebFinger endpoint is available now. + With the addition of the [default application](../../core/brands.md#external-user-settings) setting, when the default application uses an OIDC provider, a WebFinger endpoint is available now. ## Upgrading -This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../../install-config/upgrade.mdx). +This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../../installation/upgrade.mdx). :::warning When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance. @@ -279,8 +279,8 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8 - events: always use expiry from current tenant for events, not only when creating from HTTP request (cherry-pick #11415) (#11416) - providers/proxy: fix traefik label generation (cherry-pick #11460) (#11480) -- security: [CVE-2024-47070](../../security/cves/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11539) -- security: [CVE-2024-47077](../../security/cves/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11537) +- security: [CVE-2024-47070](../../security/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11539) +- security: [CVE-2024-47077](../../security/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11537) - sources/ldap: fix mapping check, fix debug endpoint (cherry-pick #11442) (#11498) - sources/ldap: fix ms_ad userAccountControl not checking for lockout (cherry-pick #11532) (#11534) - web: Fix missing integrity fields in package-lock.json (#11509) diff --git a/website/docs/releases/_template.md b/website/docs/releases/_template.md index ec3778becb7c..b02b61b4635c 100644 --- a/website/docs/releases/_template.md +++ b/website/docs/releases/_template.md @@ -15,7 +15,7 @@ To try out the release candidate, replace your Docker image tag with the latest ## Upgrading -This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../install-config/upgrade.mdx). +This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../installation/upgrade.mdx). :::warning When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance. diff --git a/website/docs/releases/old/v0.10.md b/website/docs/releases/old/v0.10.md index ae0c002b2ac7..e101731ceb66 100644 --- a/website/docs/releases/old/v0.10.md +++ b/website/docs/releases/old/v0.10.md @@ -13,13 +13,13 @@ This update brings a lot of big features, such as: Due to this new OAuth2 Provider, the Application Gateway Provider, now simply called "Proxy Provider" has been revamped as well. The new authentik Proxy integrates more tightly with authentik via the new Outposts system. The new proxy also supports multiple applications per proxy instance, can configure TLS based on authentik Keypairs, and more. - See [Proxy](../../add-secure-apps/providers/proxy/index.md) + See [Proxy](../../providers/proxy/index.md) - Outpost System This is a new Object type, currently used only by the Proxy Provider. It manages the creation and permissions of service accounts, which are used by the outposts to communicate with authentik. - See [Outposts](../../add-secure-apps/outposts/index.mdx) + See [Outposts](../../outposts/index.mdx) - Flow Import/Export @@ -73,4 +73,4 @@ This upgrade only applies if you are upgrading from a running 0.9 instance. auth Because this upgrade brings the new OAuth2 Provider, the old providers will be lost in the process. Make sure to take note of the providers you want to bring over. -Another side-effect of this upgrade is the change of OAuth2 URLs, see [here](../../add-secure-apps/providers/oauth2/index.md). +Another side-effect of this upgrade is the change of OAuth2 URLs, see [here](../providers/oauth2). diff --git a/website/docs/security/audits-and-certs/2023-06-cure53.md b/website/docs/security/2023-06-cure53.md similarity index 97% rename from website/docs/security/audits-and-certs/2023-06-cure53.md rename to website/docs/security/2023-06-cure53.md index 7407cdd814dc..b9d312743ae7 100644 --- a/website/docs/security/audits-and-certs/2023-06-cure53.md +++ b/website/docs/security/2023-06-cure53.md @@ -44,7 +44,7 @@ Related to ATH-01-003, it was possible to insert unintended diagrams into genera ## Additional info -In addition to the points above, several of the findings are classified as intended features (such as the expression policies). However, we have published additional [hardening documentation](../security-hardening.md) to provide guidance for further measures that can be taken to limit any possible risks associated with these features. +In addition to the points above, several of the findings are classified as intended features (such as the expression policies). However, we have published additional [hardening documentation](./security-hardening.md) to provide guidance for further measures that can be taken to limit any possible risks associated with these features. ### ATH-01-002: Stored XSS in help text of prompt module (Medium) diff --git a/website/docs/security/cves/CVE-2022-23555.md b/website/docs/security/CVE-2022-23555.md similarity index 100% rename from website/docs/security/cves/CVE-2022-23555.md rename to website/docs/security/CVE-2022-23555.md diff --git a/website/docs/security/cves/CVE-2022-46145.md b/website/docs/security/CVE-2022-46145.md similarity index 100% rename from website/docs/security/cves/CVE-2022-46145.md rename to website/docs/security/CVE-2022-46145.md diff --git a/website/docs/security/cves/CVE-2022-46172.md b/website/docs/security/CVE-2022-46172.md similarity index 100% rename from website/docs/security/cves/CVE-2022-46172.md rename to website/docs/security/CVE-2022-46172.md diff --git a/website/docs/security/cves/CVE-2023-26481.md b/website/docs/security/CVE-2023-26481.md similarity index 100% rename from website/docs/security/cves/CVE-2023-26481.md rename to website/docs/security/CVE-2023-26481.md diff --git a/website/docs/security/cves/CVE-2023-36456.md b/website/docs/security/CVE-2023-36456.md similarity index 100% rename from website/docs/security/cves/CVE-2023-36456.md rename to website/docs/security/CVE-2023-36456.md diff --git a/website/docs/security/cves/CVE-2023-39522.md b/website/docs/security/CVE-2023-39522.md similarity index 100% rename from website/docs/security/cves/CVE-2023-39522.md rename to website/docs/security/CVE-2023-39522.md diff --git a/website/docs/security/cves/CVE-2023-48228.md b/website/docs/security/CVE-2023-48228.md similarity index 100% rename from website/docs/security/cves/CVE-2023-48228.md rename to website/docs/security/CVE-2023-48228.md diff --git a/website/docs/security/cves/CVE-2024-21637.md b/website/docs/security/CVE-2024-21637.md similarity index 100% rename from website/docs/security/cves/CVE-2024-21637.md rename to website/docs/security/CVE-2024-21637.md diff --git a/website/docs/security/cves/CVE-2024-23647.md b/website/docs/security/CVE-2024-23647.md similarity index 100% rename from website/docs/security/cves/CVE-2024-23647.md rename to website/docs/security/CVE-2024-23647.md diff --git a/website/docs/security/cves/CVE-2024-37905.md b/website/docs/security/CVE-2024-37905.md similarity index 100% rename from website/docs/security/cves/CVE-2024-37905.md rename to website/docs/security/CVE-2024-37905.md diff --git a/website/docs/security/cves/CVE-2024-38371.md b/website/docs/security/CVE-2024-38371.md similarity index 100% rename from website/docs/security/cves/CVE-2024-38371.md rename to website/docs/security/CVE-2024-38371.md diff --git a/website/docs/security/cves/CVE-2024-42490.md b/website/docs/security/CVE-2024-42490.md similarity index 100% rename from website/docs/security/cves/CVE-2024-42490.md rename to website/docs/security/CVE-2024-42490.md diff --git a/website/docs/security/cves/CVE-2024-47070.md b/website/docs/security/CVE-2024-47070.md similarity index 100% rename from website/docs/security/cves/CVE-2024-47070.md rename to website/docs/security/CVE-2024-47070.md diff --git a/website/docs/security/cves/CVE-2024-47077.md b/website/docs/security/CVE-2024-47077.md similarity index 100% rename from website/docs/security/cves/CVE-2024-47077.md rename to website/docs/security/CVE-2024-47077.md diff --git a/website/docs/security/cves/GHSA-rjvp-29xq-f62w.md b/website/docs/security/GHSA-rjvp-29xq-f62w.md similarity index 100% rename from website/docs/security/cves/GHSA-rjvp-29xq-f62w.md rename to website/docs/security/GHSA-rjvp-29xq-f62w.md diff --git a/website/docs/security/security-hardening.md b/website/docs/security/security-hardening.md index 4592c307cc07..fb3041d22694 100644 --- a/website/docs/security/security-hardening.md +++ b/website/docs/security/security-hardening.md @@ -6,7 +6,7 @@ While authentik is secure out of the box, you can take steps to further increase ### Expressions -[Expressions](../customize/policies/expression.mdx) allow super-users and other highly privileged users to create custom logic within authentik to modify its behaviour. Editing/creating these expressions is, by default, limited to super-users and any related events are fully logged. +[Expressions](../policies/expression.mdx) allow super-users and other highly privileged users to create custom logic within authentik to modify its behaviour. Editing/creating these expressions is, by default, limited to super-users and any related events are fully logged. However, for further hardening, it is possible to prevent any user (even super-users) from using expressions to create or edit any objects. To do so, configure your deployment to block API requests to these endpoints: diff --git a/website/docs/users-sources/sources/directory-sync/active-directory/01_user_create.png b/website/docs/sources/active-directory/01_user_create.png similarity index 100% rename from website/docs/users-sources/sources/directory-sync/active-directory/01_user_create.png rename to website/docs/sources/active-directory/01_user_create.png diff --git a/website/docs/users-sources/sources/directory-sync/active-directory/02_delegate.png b/website/docs/sources/active-directory/02_delegate.png similarity index 100% rename from website/docs/users-sources/sources/directory-sync/active-directory/02_delegate.png rename to website/docs/sources/active-directory/02_delegate.png diff --git a/website/docs/sources/active-directory/03_additional_perms.png b/website/docs/sources/active-directory/03_additional_perms.png new file mode 100644 index 000000000000..e08094b01eb0 Binary files /dev/null and b/website/docs/sources/active-directory/03_additional_perms.png differ diff --git a/website/docs/users-sources/sources/directory-sync/active-directory/03_additional_perms.png b/website/docs/sources/active-directory/10_ak_status.png similarity index 100% rename from website/docs/users-sources/sources/directory-sync/active-directory/03_additional_perms.png rename to website/docs/sources/active-directory/10_ak_status.png diff --git a/website/docs/users-sources/sources/directory-sync/active-directory/11_ak_stage.png b/website/docs/sources/active-directory/11_ak_stage.png similarity index 100% rename from website/docs/users-sources/sources/directory-sync/active-directory/11_ak_stage.png rename to website/docs/sources/active-directory/11_ak_stage.png diff --git a/website/docs/users-sources/sources/directory-sync/active-directory/index.md b/website/docs/sources/active-directory/index.md similarity index 98% rename from website/docs/users-sources/sources/directory-sync/active-directory/index.md rename to website/docs/sources/active-directory/index.md index 79ef2b43b028..e5da36f0cb6b 100644 --- a/website/docs/users-sources/sources/directory-sync/active-directory/index.md +++ b/website/docs/sources/active-directory/index.md @@ -66,7 +66,7 @@ Additional settings that might need to be adjusted based on the setup of your do After you save the source, a synchronization will start in the background. When its done, you can see the summary under Dashboards -> System Tasks. -![](./03_additional_perms.png) +![](./10_ak_status.png) To finalise the Active Directory setup, you need to enable the backend "authentik LDAP" in the Password Stage. diff --git a/website/docs/users-sources/sources/social-logins/apple/app_id.png b/website/docs/sources/apple/app_id.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/apple/app_id.png rename to website/docs/sources/apple/app_id.png diff --git a/website/docs/users-sources/sources/social-logins/apple/app_service_config.png b/website/docs/sources/apple/app_service_config.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/apple/app_service_config.png rename to website/docs/sources/apple/app_service_config.png diff --git a/website/docs/users-sources/sources/social-logins/apple/index.md b/website/docs/sources/apple/index.md similarity index 94% rename from website/docs/users-sources/sources/social-logins/apple/index.md rename to website/docs/sources/apple/index.md index e7d70ba7ae47..29744e33f248 100644 --- a/website/docs/users-sources/sources/social-logins/apple/index.md +++ b/website/docs/sources/apple/index.md @@ -29,28 +29,28 @@ The following placeholders will be used: 5. Scroll down the list of capabilities, and check the box next to **Sign In with Apple**. 6. At the top, click **Continue** and **Register**. -![](./app_id.png) +![](app_id.png) 7. Register another new Identifier with the type of **Services IDs**. 8. Again, choose the same name as above for your **Description** field. 9. Use the same identifier as above, but add a suffix like `signin` or `oauth`, as identifiers are unique. 10. At the top, click **Continue** and **Register**. -![](./service_id.png) +![](service_id.png) 11. Once back at the overview list, click on the just-created Identifier. 12. Enable the checkbox next to **Sign In with Apple**, and click **Configure** 13. Under domains, enter `authentik.company`. 14. Under **Return URLs**, enter `https://authentik.company/source/oauth/callback/apple/`. -![](./app_service_config.png) +![](app_service_config.png) 15. Click on **Keys** in the sidebar. Register a new Key with any name, and select **Sign in with Apple**. 16. Click on **Configure**, and select the App ID you've created above. 17. At the top, click **Save**, **Continue** and **Register**. 18. Download the Key file and note the **Key ID**. -![](./key.png) +![](key.png) 19. Note the Team ID, visible at the top of the page. @@ -69,5 +69,5 @@ The following placeholders will be used: Save, and you now have Apple as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/users-sources/sources/social-logins/apple/key.png b/website/docs/sources/apple/key.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/apple/key.png rename to website/docs/sources/apple/key.png diff --git a/website/docs/users-sources/sources/social-logins/apple/service_id.png b/website/docs/sources/apple/service_id.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/apple/service_id.png rename to website/docs/sources/apple/service_id.png diff --git a/website/docs/users-sources/sources/social-logins/azure-ad/aad_01.png b/website/docs/sources/azure-ad/aad_01.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/azure-ad/aad_01.png rename to website/docs/sources/azure-ad/aad_01.png diff --git a/website/docs/users-sources/sources/social-logins/azure-ad/authentik_01.png b/website/docs/sources/azure-ad/authentik_01.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/azure-ad/authentik_01.png rename to website/docs/sources/azure-ad/authentik_01.png diff --git a/website/docs/users-sources/sources/social-logins/azure-ad/index.md b/website/docs/sources/azure-ad/index.md similarity index 94% rename from website/docs/users-sources/sources/social-logins/azure-ad/index.md rename to website/docs/sources/azure-ad/index.md index 807b25ae7a88..5530d0c523e4 100644 --- a/website/docs/users-sources/sources/social-logins/azure-ad/index.md +++ b/website/docs/sources/azure-ad/index.md @@ -47,7 +47,7 @@ If you kept the default _Supported account types_ selection of _Single tenant_, Save, and you now have Azure AD as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). ::: ### Automatic user enrollment and attribute mapping @@ -55,7 +55,7 @@ For more details on how-to have the new source display on the Login Page see [he Using the following process you can auto-enroll your users without interaction, and directly control the mapping Azure attribute to authentik. attribute. -1. Create a new _Expression Policy_ (see [here](../../../../customize/policies/index.md) for details). +1. Create a new _Expression Policy_ (see [here](../../../docs/policies/) for details). 2. Use _azure-ad-mapping_ as the name. 3. Add the following code and adjust to your needs. @@ -99,7 +99,7 @@ context['prompt_data'] = current_prompt_data return True ``` -4. Create a new enrollment flow _azure-ad-enrollment_ (see [here](../../../../add-secure-apps/flows-stages/flow/index.md) for details). +4. Create a new enrollment flow _azure-ad-enrollment_ (see [here](../../../docs/flow/) for details). 5. Add the policy _default-source-enrollment-if-sso_ to the flow. To do so open the newly created flow. Click on the tab **Policy/Group/User Bindings**. Click on **Bind existing policy** and choose _default-source-enrollment-if-sso_ from the list. diff --git a/website/docs/users-sources/sources/social-logins/discord/discord1.png b/website/docs/sources/discord/discord1.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/discord/discord1.png rename to website/docs/sources/discord/discord1.png diff --git a/website/docs/users-sources/sources/social-logins/discord/discord2.png b/website/docs/sources/discord/discord2.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/discord/discord2.png rename to website/docs/sources/discord/discord2.png diff --git a/website/docs/users-sources/sources/social-logins/discord/discord3.png b/website/docs/sources/discord/discord3.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/discord/discord3.png rename to website/docs/sources/discord/discord3.png diff --git a/website/docs/users-sources/sources/social-logins/discord/discord4.png b/website/docs/sources/discord/discord4.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/discord/discord4.png rename to website/docs/sources/discord/discord4.png diff --git a/website/docs/users-sources/sources/social-logins/discord/index.md b/website/docs/sources/discord/index.md similarity index 98% rename from website/docs/users-sources/sources/social-logins/discord/index.md rename to website/docs/sources/discord/index.md index 26b6fc7a4848..42ccdc286adc 100644 --- a/website/docs/users-sources/sources/social-logins/discord/index.md +++ b/website/docs/sources/discord/index.md @@ -16,11 +16,11 @@ The following placeholders will be used: 1. Create an application in the Discord Developer Portal (This is Free) https://discord.com/developers/applications -![New Application Button](./discord1.png) +![New Application Button](discord1.png) 2. Name the Application -![Name App](./discord2.png) +![Name App](discord2.png) 3. Select **OAuth2** from the left Menu @@ -32,7 +32,7 @@ The following placeholders will be used: Here is an example of a completed OAuth2 screen for Discord. -![](./discord3.png) +![](discord3.png) ## authentik @@ -45,12 +45,12 @@ Here is an example of a completed OAuth2 screen for Discord. Here is an example of a complete authentik Discord OAuth Source -![](./discord4.png) +![](discord4.png) Save, and you now have Discord as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). ::: ### Checking for membership of a Discord Guild diff --git a/website/docs/users-sources/sources/social-logins/facebook/index.md b/website/docs/sources/facebook/index.md similarity index 97% rename from website/docs/users-sources/sources/social-logins/facebook/index.md rename to website/docs/sources/facebook/index.md index 6be043c120c6..b00760efd614 100644 --- a/website/docs/users-sources/sources/social-logins/facebook/index.md +++ b/website/docs/sources/facebook/index.md @@ -70,5 +70,5 @@ Finally, you need to publish the Facebook app. You now have Facebook as a source. Verify by checking that appears on the **Directory -> Federation & Social login** page in authentik. :::note -For more details on how to display the new source on the authentik Login page refer to [Add Sources to default Login form](../../index.md#add-sources-to-default-login-page). +For more details on how to display the new source on the authentik Login page refer to [Add Sources to default Login form](../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/users-sources/sources/directory-sync/freeipa/01_user_create.pn b/website/docs/sources/freeipa/01_user_create.png similarity index 100% rename from website/docs/users-sources/sources/directory-sync/freeipa/01_user_create.pn rename to website/docs/sources/freeipa/01_user_create.png diff --git a/website/docs/users-sources/sources/directory-sync/freeipa/02_user_roles.png b/website/docs/sources/freeipa/02_user_roles.png similarity index 100% rename from website/docs/users-sources/sources/directory-sync/freeipa/02_user_roles.png rename to website/docs/sources/freeipa/02_user_roles.png diff --git a/website/docs/users-sources/sources/directory-sync/freeipa/03_add_user_role.png b/website/docs/sources/freeipa/03_add_user_role.png similarity index 100% rename from website/docs/users-sources/sources/directory-sync/freeipa/03_add_user_role.png rename to website/docs/sources/freeipa/03_add_user_role.png diff --git a/website/docs/users-sources/sources/directory-sync/freeipa/04_source_settings_1.png b/website/docs/sources/freeipa/04_source_settings_1.png similarity index 100% rename from website/docs/users-sources/sources/directory-sync/freeipa/04_source_settings_1.png rename to website/docs/sources/freeipa/04_source_settings_1.png diff --git a/website/docs/users-sources/sources/directory-sync/freeipa/05_source_settings_2.png b/website/docs/sources/freeipa/05_source_settings_2.png similarity index 100% rename from website/docs/users-sources/sources/directory-sync/freeipa/05_source_settings_2.png rename to website/docs/sources/freeipa/05_source_settings_2.png diff --git a/website/docs/users-sources/sources/directory-sync/freeipa/06_sync_source.png b/website/docs/sources/freeipa/06_sync_source.png similarity index 100% rename from website/docs/users-sources/sources/directory-sync/freeipa/06_sync_source.png rename to website/docs/sources/freeipa/06_sync_source.png diff --git a/website/docs/users-sources/sources/directory-sync/freeipa/07_password_stage.png b/website/docs/sources/freeipa/07_password_stage.png similarity index 100% rename from website/docs/users-sources/sources/directory-sync/freeipa/07_password_stage.png rename to website/docs/sources/freeipa/07_password_stage.png diff --git a/website/docs/users-sources/sources/directory-sync/freeipa/index.md b/website/docs/sources/freeipa/index.md similarity index 99% rename from website/docs/users-sources/sources/directory-sync/freeipa/index.md rename to website/docs/sources/freeipa/index.md index dfaa9d4c5064..0722506ffad2 100644 --- a/website/docs/users-sources/sources/directory-sync/freeipa/index.md +++ b/website/docs/sources/freeipa/index.md @@ -18,7 +18,7 @@ The following placeholders will be used: 2. Create a user in FreeIPA, matching your naming scheme. Provide a strong password, example generation methods: `pwgen 64 1` or `openssl rand 36 | base64 -w 0`. After you are done click **Add and Edit**. - ![](./01_user_create.pn) + ![](./01_user_create.png) 3. In the user management screen, select the Roles tab. diff --git a/website/docs/users-sources/sources/social-logins/github/github_org_membership.png b/website/docs/sources/github/github_org_membership.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/github/github_org_membership.png rename to website/docs/sources/github/github_org_membership.png diff --git a/website/docs/users-sources/sources/social-logins/github/githubdeveloper1.png b/website/docs/sources/github/githubdeveloper1.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/github/githubdeveloper1.png rename to website/docs/sources/github/githubdeveloper1.png diff --git a/website/docs/users-sources/sources/social-logins/github/githubdeveloperexample.png b/website/docs/sources/github/githubdeveloperexample.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/github/githubdeveloperexample.png rename to website/docs/sources/github/githubdeveloperexample.png diff --git a/website/docs/users-sources/sources/social-logins/github/githubexample2.png b/website/docs/sources/github/githubexample2.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/github/githubexample2.png rename to website/docs/sources/github/githubexample2.png diff --git a/website/docs/users-sources/sources/social-logins/github/index.md b/website/docs/sources/github/index.md similarity index 94% rename from website/docs/users-sources/sources/social-logins/github/index.md rename to website/docs/sources/github/index.md index c43419868b31..57fab9a85053 100644 --- a/website/docs/users-sources/sources/social-logins/github/index.md +++ b/website/docs/sources/github/index.md @@ -17,7 +17,7 @@ The following placeholders will be used: 1. Create an OAuth app under Developer Settings https://github.com/settings/developers by clicking on the **Register a new application** -![Register OAuth App](./githubdeveloper1.png) +![Register OAuth App](githubdeveloper1.png) 2. **Application Name:** Choose a name users will recognize ie: authentik 3. **Homepage URL**:: www.my.company @@ -26,7 +26,7 @@ The following placeholders will be used: Example screenshot -![](./githubdeveloperexample.png) +![](githubdeveloperexample.png) 6. Copy the **Client ID** and _save it for later_ 7. Click **Generate a new client secret** and _save it for later_ You will not be able to see the secret again, so be sure to copy it now. @@ -42,12 +42,12 @@ Example screenshot Here is an example of a complete authentik Github OAuth Source -![](./githubexample2.png) +![](githubexample2.png) Save, and you now have Github as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). ::: ### Checking for membership of a GitHub Organisation authentik 2021.12.5.+ diff --git a/website/docs/users-sources/sources/social-logins/google/authentiksource.png b/website/docs/sources/google/authentiksource.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/google/authentiksource.png rename to website/docs/sources/google/authentiksource.png diff --git a/website/docs/users-sources/sources/social-logins/google/googledeveloper1.png b/website/docs/sources/google/googledeveloper1.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/google/googledeveloper1.png rename to website/docs/sources/google/googledeveloper1.png diff --git a/website/docs/users-sources/sources/social-logins/google/googledeveloper2.png b/website/docs/sources/google/googledeveloper2.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/google/googledeveloper2.png rename to website/docs/sources/google/googledeveloper2.png diff --git a/website/docs/users-sources/sources/social-logins/google/googledeveloper3.png b/website/docs/sources/google/googledeveloper3.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/google/googledeveloper3.png rename to website/docs/sources/google/googledeveloper3.png diff --git a/website/docs/users-sources/sources/social-logins/google/googledeveloper4.png b/website/docs/sources/google/googledeveloper4.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/google/googledeveloper4.png rename to website/docs/sources/google/googledeveloper4.png diff --git a/website/docs/users-sources/sources/social-logins/google/googledeveloper5.png b/website/docs/sources/google/googledeveloper5.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/google/googledeveloper5.png rename to website/docs/sources/google/googledeveloper5.png diff --git a/website/docs/users-sources/sources/social-logins/google/googledeveloper6.png b/website/docs/sources/google/googledeveloper6.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/google/googledeveloper6.png rename to website/docs/sources/google/googledeveloper6.png diff --git a/website/docs/users-sources/sources/social-logins/google/index.md b/website/docs/sources/google/index.md similarity index 91% rename from website/docs/users-sources/sources/social-logins/google/index.md rename to website/docs/sources/google/index.md index 061049aa35d5..8fd9557b208b 100644 --- a/website/docs/users-sources/sources/social-logins/google/index.md +++ b/website/docs/sources/google/index.md @@ -19,23 +19,23 @@ You will need to create a new project, and OAuth credentials in the Google Devel 1. Visit https://console.developers.google.com/ to create a new project 2. Create a New project. -![](./googledeveloper1.png) +![](googledeveloper1.png) 3. **Project Name**: Choose a name 4. **Organization**: Leave as default if unsure 5. **Location**: Leave as default if unsure -![](./googledeveloper2.png) +![](googledeveloper2.png) 6. Click **Create** 7. Choose your project from the drop down at the top 8. Click the **Credentials** menu item on the left. It looks like a key. -![](./googledeveloper3.png) +![](googledeveloper3.png) 9. Click on **Configure Consent Screen** -![](./googledeveloper4.png) +![](googledeveloper4.png) 10. **User Type:** If you do not have a Google Workspace (GSuite) account choose _External_. If you do have a Google Workspace (Gsuite) account and want to limit access to only users inside of your organization choose _Internal_ @@ -52,13 +52,13 @@ _I'm only going to list the mandatory/important fields to complete._ 19. Click **Create Credentials** on the top of the screen 20. Choose **OAuth Client ID** -![](./googledeveloper5.png) +![](googledeveloper5.png) 21. **Application Type:** Web Application 22. **Name:** Choose a name 23. **Authorized redirect URIs:** `https://authentik.company/source/oauth/callback/google/` -![](./googledeveloper6.png) +![](googledeveloper6.png) 24. Click **Create** 25. Copy and store _Your Client ID_ and _Your Client Secret_ for later @@ -74,12 +74,12 @@ _I'm only going to list the mandatory/important fields to complete._ Here is an example of a complete authentik Google OAuth Source -![](./authentiksource.png) +![](authentiksource.png) Save, and you now have Google as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). ::: ## Username mapping @@ -99,4 +99,4 @@ return False Afterwards, edit the source's enrollment flow (by default _default-source-enrollment_), expand the policies bound to the first stage (_default-source-enrollment-prompt_), and bind the policy created above. Make sure the newly created policy comes before _default-source-enrollment-if-username_. Afterwards, any new logins will automatically have their google email address used as their username. -This can be combined with disallowing users from changing their usernames, see [Configuration](../../../../sys-mgmt/settings.md#allow-users-to-change-username). +This can be combined with disallowing users from changing their usernames, see [Configuration](../../../docs/core/settings#allow-users-to-change-username). diff --git a/website/docs/users-sources/sources/index.md b/website/docs/sources/index.md similarity index 87% rename from website/docs/users-sources/sources/index.md rename to website/docs/sources/index.md index 0550a099ccc2..b557b2ea6136 100644 --- a/website/docs/users-sources/sources/index.md +++ b/website/docs/sources/index.md @@ -1,5 +1,6 @@ --- title: Sources +slug: /sources --- Sources allow you to connect authentik to an external user directory. Sources can also be used with social login providers such as Facebook, Twitter, or GitHub. @@ -8,7 +9,7 @@ Sources allow you to connect authentik to an external user directory. Sources ca Sources are in the following general categories: -- **Protocols** ([LDAP](./protocols/ldap/index.md), [OAuth](./protocols/oauth/index.md), [SAML](./protocols/saml/index.md), and [SCIM](./protocols/scim/index.md)) +- **Protocols** ([LDAP](./ldap/index.md), [OAuth](./oauth/index.md), [SAML](./saml/index.md), and [SCIM](./scim/index.md)) - [**Property mappings**](./property-mappings/index.md) or how to import data from a source - **Directory synchronization** (Active Directory, FreeIPA) - **Social logins** (Apple, Discord, Twitch, Twitter, and many others) diff --git a/website/docs/users-sources/sources/protocols/ldap/index.md b/website/docs/sources/ldap/index.md similarity index 95% rename from website/docs/users-sources/sources/protocols/ldap/index.md rename to website/docs/sources/ldap/index.md index 449b3b71b84d..0fcc59253cee 100644 --- a/website/docs/users-sources/sources/protocols/ldap/index.md +++ b/website/docs/sources/ldap/index.md @@ -5,9 +5,9 @@ title: LDAP Source Sources allow you to connect authentik to an existing user directory. This source allows you to import users and groups from an LDAP Server. :::info -For Active Directory, follow the [Active Directory Integration](../../directory-sync/active-directory/index.md) +For Active Directory, follow the [Active Directory Integration](../active-directory/) -For FreeIPA, follow the [FreeIPA Integration](../../directory-sync/freeipa/index.md) +For FreeIPA, follow the [FreeIPA Integration](../freeipa/) ::: ## Configuration options for LDAP sources @@ -71,7 +71,7 @@ To create or edit a source in authentik, open the Admin interface and navigate t ## LDAP source property mappings -See the [overview](../../property-mappings/index.md) for information on how property mappings work. +See the [overview](../property-mappings/index.md) for information on how property mappings work. By default, authentik ships with [pre-configured mappings](#built-in-property-mappings) for the most common LDAP setups. These mappings can be found on the LDAP Source Configuration page in the Admin interface. @@ -133,4 +133,4 @@ Be aware of the following security considerations when turning on this functiona ## Troubleshooting -To troubleshoot LDAP sources and their synchronization, see [LDAP Troubleshooting](../../../../troubleshooting/ldap_source.md). +To troubleshoot LDAP sources and their synchronization, see [LDAP Troubleshooting](../../../docs/troubleshooting/ldap_source). diff --git a/website/docs/users-sources/sources/social-logins/mailcow/index.md b/website/docs/sources/mailcow/index.md similarity index 85% rename from website/docs/users-sources/sources/social-logins/mailcow/index.md rename to website/docs/sources/mailcow/index.md index 40272294f3aa..baffde79c899 100644 --- a/website/docs/users-sources/sources/social-logins/mailcow/index.md +++ b/website/docs/sources/mailcow/index.md @@ -17,23 +17,23 @@ The following placeholders will be used: 1. Log into mailcow as an admin and navigate to the OAuth2 Apps settings -![OAuth2 Apps menu](./mailcow1.png) +![OAuth2 Apps menu](mailcow1.png) 2. Click "Add OAuth2 Client" 3. Insert the redirect URL: `https://authentik.company/source/oauth/callback/mailcow/` -![Add OAuth2 CLient](./mailcow2.png) +![Add OAuth2 CLient](mailcow2.png) 4. Copy the **Client ID** and **Client secret** and _save it for later_ -![ClientID and Secret](./mailcow3.png) +![ClientID and Secret](mailcow3.png) ## authentik 5. Under _Directory -> Federation & Social login_ Click **Create > Mailcow OAuth Source** -![Mailcow OAuth Source](./mailcow4.png) +![Mailcow OAuth Source](mailcow4.png) 6. **Name:** Choose a name (For the example I used Mailcow) 7. **Slug:** mailcow (You can choose a different slug, if you do you will need to update the Mailcow redirect URL and point it to the correct slug.) @@ -45,10 +45,10 @@ The following placeholders will be used: Here is an example of a complete authentik Mailcow OAuth Source -![](./mailcow5.png) +![](mailcow5.png) Save, and you now have Mailcow as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/users-sources/sources/social-logins/mailcow/mailcow1.png b/website/docs/sources/mailcow/mailcow1.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/mailcow/mailcow1.png rename to website/docs/sources/mailcow/mailcow1.png diff --git a/website/docs/users-sources/sources/social-logins/mailcow/mailcow2.png b/website/docs/sources/mailcow/mailcow2.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/mailcow/mailcow2.png rename to website/docs/sources/mailcow/mailcow2.png diff --git a/website/docs/users-sources/sources/social-logins/mailcow/mailcow3.png b/website/docs/sources/mailcow/mailcow3.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/mailcow/mailcow3.png rename to website/docs/sources/mailcow/mailcow3.png diff --git a/website/docs/users-sources/sources/social-logins/mailcow/mailcow4.png b/website/docs/sources/mailcow/mailcow4.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/mailcow/mailcow4.png rename to website/docs/sources/mailcow/mailcow4.png diff --git a/website/docs/users-sources/sources/social-logins/mailcow/mailcow5.png b/website/docs/sources/mailcow/mailcow5.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/mailcow/mailcow5.png rename to website/docs/sources/mailcow/mailcow5.png diff --git a/website/docs/users-sources/sources/protocols/oauth/index.md b/website/docs/sources/oauth/index.md similarity index 93% rename from website/docs/users-sources/sources/protocols/oauth/index.md rename to website/docs/sources/oauth/index.md index ff575a51ad2d..2ab69973a817 100644 --- a/website/docs/users-sources/sources/protocols/oauth/index.md +++ b/website/docs/sources/oauth/index.md @@ -26,11 +26,11 @@ This URL is fetched upon saving the source, and all the URLs will be replaced by To simplify Machine-to-machine authentication, you can create an OAuth Source as "trusted" source of JWTs. Create a source and configure either the Well-known URL or the OIDC JWKS URL, or you can manually enter the JWKS data if you so desire. -Afterwards, this source can be selected in one or multiple OAuth2 providers, and any JWT issued by any of the configured sources' JWKS will be able to authenticate. To learn more about this, see [JWT-authentication](../../../../add-secure-apps/providers/oauth2/client_credentials#jwt-authentication). +Afterwards, this source can be selected in one or multiple OAuth2 providers, and any JWT issued by any of the configured sources' JWKS will be able to authenticate. To learn more about this, see [JWT-authentication](/docs/providers/oauth2/client_credentials#jwt-authentication). ## OAuth source property mappings -See the [overview](../../property-mappings/index.md) for information on how property mappings work. +See the [overview](../property-mappings/index.md) for information on how property mappings work. ### Expression data diff --git a/website/docs/users-sources/sources/social-logins/plex/index.md b/website/docs/sources/plex/index.md similarity index 84% rename from website/docs/users-sources/sources/social-logins/plex/index.md rename to website/docs/sources/plex/index.md index 88447d73c14b..572d2c33de1d 100644 --- a/website/docs/users-sources/sources/social-logins/plex/index.md +++ b/website/docs/sources/plex/index.md @@ -23,12 +23,12 @@ Add _Plex_ as a _source_ Save, and you now have Plex as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). ::: ## Plex source property mappings -See the [overview](../../property-mappings/index.md) for information on how property mappings work. +See the [overview](../property-mappings/index.md) for information on how property mappings work. ### Expression data diff --git a/website/docs/users-sources/sources/property-mappings/expressions.md b/website/docs/sources/property-mappings/expressions.md similarity index 86% rename from website/docs/users-sources/sources/property-mappings/expressions.md rename to website/docs/sources/property-mappings/expressions.md index 922d1211c35a..aa0163476177 100644 --- a/website/docs/users-sources/sources/property-mappings/expressions.md +++ b/website/docs/sources/property-mappings/expressions.md @@ -10,12 +10,12 @@ The property mapping should return a value that is expected by the source. Retur - `properties`: A Python dictionary containing the result of the previously run property mappings, plus the initial data computed by the source. - `request`: The current request. This may be `None` if there is no contextual request. See ([Django documentation](https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects)) -import Objects from "../../../expressions/\_objects.md"; +import Objects from "../../expressions/\_objects.md"; ## Available Functions -import Functions from "../../../expressions/\_functions.md"; +import Functions from "../../expressions/\_functions.md"; diff --git a/website/docs/users-sources/sources/property-mappings/index.md b/website/docs/sources/property-mappings/index.md similarity index 87% rename from website/docs/users-sources/sources/property-mappings/index.md rename to website/docs/sources/property-mappings/index.md index 3517404007b3..ab8d8e295cbb 100644 --- a/website/docs/users-sources/sources/property-mappings/index.md +++ b/website/docs/sources/property-mappings/index.md @@ -6,10 +6,10 @@ Source property mappings allow you to modify or gather extra information from so This page is an overview of how property mappings work. For information about specific protocol, please refer to each protocol page: -- [LDAP](../protocols/ldap/index.md#ldap-source-property-mappings) -- [OAuth](../protocols/oauth/index.md#oauth-source-property-mappings) -- [SAML](../protocols/saml/index.md#saml-source-property-mappings) -- [SCIM](../protocols/scim/index.md#scim-source-property-mappings) +- [LDAP](../ldap/#ldap-source-property-mappings) +- [OAuth](../oauth/#oauth-source-property-mappings) +- [SAML](../saml/#saml-source-property-mappings) +- [SCIM](../scim/#scim-source-property-mappings) ## Create a custom source property mapping @@ -35,7 +35,7 @@ return { } ``` -You can see that the expression returns a Python dictionary. The dictionary keys must match [User properties](../../user/user_ref.md#object-properties) or [Group properties](../../groups/group_ref.md#object-properties). Note that for users, `ak_groups` and `group_attributes` cannot be set. +You can see that the expression returns a Python dictionary. The dictionary keys must match [User properties](../../user-group-role/user/user_ref.md#object-properties) or [Group properties](../../user-group-role/groups/group_ref.md#object-properties). Note that for users, `ak_groups` and `group_attributes` cannot be set. See each source documentation for a reference of the available data. See the authentik [expressions documentation](./expressions.md) for available data and functions. diff --git a/website/docs/users-sources/sources/protocols/saml/index.md b/website/docs/sources/saml/index.md similarity index 98% rename from website/docs/users-sources/sources/protocols/saml/index.md rename to website/docs/sources/saml/index.md index d1b98585ebdf..90d988bd6e26 100644 --- a/website/docs/users-sources/sources/protocols/saml/index.md +++ b/website/docs/sources/saml/index.md @@ -83,7 +83,7 @@ This will depend heavily on what software you are using for your IDP. On the Met ## SAML source property mappings -See the [overview](../../property-mappings/index.md) for information on how property mappings work. +See the [overview](../property-mappings/index.md) for information on how property mappings work. ### Expression data diff --git a/website/docs/users-sources/sources/protocols/scim/index.md b/website/docs/sources/scim/index.md similarity index 96% rename from website/docs/users-sources/sources/protocols/scim/index.md rename to website/docs/sources/scim/index.md index 97738551c51d..da61988ced1f 100644 --- a/website/docs/users-sources/sources/protocols/scim/index.md +++ b/website/docs/sources/scim/index.md @@ -30,7 +30,7 @@ There is also the `/v2/ServiceProviderConfig` and `/v2/ResourceTypes`, which is ## SCIM source property mappings -See the [overview](../../property-mappings/index.md) for information on how property mappings work. +See the [overview](../property-mappings/index.md) for information on how property mappings work. ### Expression data diff --git a/website/docs/users-sources/sources/social-logins/twitch/index.md b/website/docs/sources/twitch/index.md similarity index 84% rename from website/docs/users-sources/sources/social-logins/twitch/index.md rename to website/docs/sources/twitch/index.md index 3b16554f73e6..577bc973c147 100644 --- a/website/docs/users-sources/sources/social-logins/twitch/index.md +++ b/website/docs/sources/twitch/index.md @@ -16,7 +16,7 @@ The following placeholders will be used: 1. Click **Register Your Application** in the Twitch Developers Console https://dev.twitch.tv/console -![Register Your Application Button](./twitch1.png) +![Register Your Application Button](twitch1.png) 2. Name your Application @@ -26,11 +26,11 @@ The following placeholders will be used: 5. Click **Create** to finish the registration of your Application -![Create Application](./twitch2.png) +![Create Application](twitch2.png) 6. Click **Manage** on your newly created Application -![Manage Application](./twitch3.png) +![Manage Application](twitch3.png) 7. Copy your Client ID and save it for later @@ -38,7 +38,7 @@ The following placeholders will be used: 9. Copy the above Secret and also save it for later -![Copy Keys](./twitch4.png) +![Copy Keys](twitch4.png) ## authentik @@ -51,10 +51,10 @@ The following placeholders will be used: Here is an example of a complete authentik Twitch OAuth Source -![Authentik Source Example](./twitch5.png) +![Authentik Source Example](twitch5.png) Save, and you now have Twitch as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/users-sources/sources/social-logins/twitch/twitch1.png b/website/docs/sources/twitch/twitch1.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/twitch/twitch1.png rename to website/docs/sources/twitch/twitch1.png diff --git a/website/docs/users-sources/sources/social-logins/twitch/twitch2.png b/website/docs/sources/twitch/twitch2.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/twitch/twitch2.png rename to website/docs/sources/twitch/twitch2.png diff --git a/website/docs/users-sources/sources/social-logins/twitch/twitch3.png b/website/docs/sources/twitch/twitch3.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/twitch/twitch3.png rename to website/docs/sources/twitch/twitch3.png diff --git a/website/docs/users-sources/sources/social-logins/twitch/twitch4.png b/website/docs/sources/twitch/twitch4.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/twitch/twitch4.png rename to website/docs/sources/twitch/twitch4.png diff --git a/website/docs/users-sources/sources/social-logins/twitch/twitch5.png b/website/docs/sources/twitch/twitch5.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/twitch/twitch5.png rename to website/docs/sources/twitch/twitch5.png diff --git a/website/docs/users-sources/sources/social-logins/twitter/index.md b/website/docs/sources/twitter/index.md similarity index 95% rename from website/docs/users-sources/sources/social-logins/twitter/index.md rename to website/docs/sources/twitter/index.md index b79defa5f026..e6b778836f15 100644 --- a/website/docs/users-sources/sources/social-logins/twitter/index.md +++ b/website/docs/sources/twitter/index.md @@ -44,5 +44,5 @@ You will need to create a new project, and OAuth credentials in the Twitter Deve 5. **Consumer Secret:** Your Client Secret from step 25 :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/users-sources/sources/social-logins/twitter/twitter1.png b/website/docs/sources/twitter/twitter1.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/twitter/twitter1.png rename to website/docs/sources/twitter/twitter1.png diff --git a/website/docs/users-sources/sources/social-logins/twitter/twitter2.png b/website/docs/sources/twitter/twitter2.png similarity index 100% rename from website/docs/users-sources/sources/social-logins/twitter/twitter2.png rename to website/docs/sources/twitter/twitter2.png diff --git a/website/docs/users-sources/access-control/flow-page.png b/website/docs/user-group-role/access-control/flow-page.png similarity index 100% rename from website/docs/users-sources/access-control/flow-page.png rename to website/docs/user-group-role/access-control/flow-page.png diff --git a/website/docs/users-sources/access-control/index.mdx b/website/docs/user-group-role/access-control/index.mdx similarity index 91% rename from website/docs/users-sources/access-control/index.mdx rename to website/docs/user-group-role/access-control/index.mdx index 4a61034a97d9..4ab437ad1653 100644 --- a/website/docs/users-sources/access-control/index.mdx +++ b/website/docs/user-group-role/access-control/index.mdx @@ -4,7 +4,7 @@ title: About access control import DocCardList from "@theme/DocCardList"; -To comply with important regulations such as PCI-DSS, HIPAA, SOC 2, and GDPR, it's necessary to have the ability to control which users have access to specific areas of the system, what [permissions](./permissions.md) they have globally and on certain objects, and a way to monitor [events](../../sys-mgmt/events/index.md) related to user activity. +To comply with important regulations such as PCI-DSS, HIPAA, SOC 2, and GDPR, it's necessary to have the ability to control which users have access to specific areas of the system, what [permissions](./permissions.md) they have globally and on certain objects, and a way to monitor [events](../../events) related to user activity. In authentik, we provide role-based access control (RBAC), an industry standard for managing access control. By carefully designing roles with appropriate permissions, and then assigning those roles to groups, RBAC provides a fine-tuned approach to controlling user access. diff --git a/website/docs/users-sources/access-control/manage_permissions.md b/website/docs/user-group-role/access-control/manage_permissions.md similarity index 98% rename from website/docs/users-sources/access-control/manage_permissions.md rename to website/docs/user-group-role/access-control/manage_permissions.md index d3973f5ebb5d..1bbc99586970 100644 --- a/website/docs/users-sources/access-control/manage_permissions.md +++ b/website/docs/user-group-role/access-control/manage_permissions.md @@ -3,7 +3,7 @@ title: "Manage permissions" description: "Learn how to use global and object permissions in authentik." --- -Refer to the following topics for instructions to view and manage permissions. To learn more about the concepts and fundamanetals of authentik permissions, refer to [About Permissions](./permissions.md). +Refer to the following topics for instructions to view and manage permissions. To learn more about the concepts and fundamanetals of authentik permissions, refer to [About Permissions](../access-control/permissions.md). ## View permissions diff --git a/website/docs/users-sources/access-control/permissions.md b/website/docs/user-group-role/access-control/permissions.md similarity index 77% rename from website/docs/users-sources/access-control/permissions.md rename to website/docs/user-group-role/access-control/permissions.md index e5786785cacb..a20d53e5effb 100644 --- a/website/docs/users-sources/access-control/permissions.md +++ b/website/docs/user-group-role/access-control/permissions.md @@ -6,10 +6,10 @@ description: "Learn about global and object permissions in authentik." Permissions are the central components in all access control systems, the lowest-level components, the controlling pieces of access data. Permissions are assigned to (or removed from!) to define exactly WHO can do WHAT to WHICH part of the overall software system. :::info -Note that global and object permissions only apply to objects within authentik, and not to who can access certain applications (which are access-controlled using [policies](../../customize/policies/index.md)). +Note that global and object permissions only apply to objects within authentik, and not to who can access certain applications (which are access-controlled using [policies](../../policies/index.md)). ::: -For instructions to add, remove, and manage permissions, refer to [Manage Permissions](./manage_permissions.md). +For instructions to add, remove, and manage permissions, refer to [Manage Permissions](../access-control/manage_permissions.md). ## Fundamentals of authentik permissions @@ -20,9 +20,9 @@ There are two main types of permissions in authentik: ### Global permissions -Global permissions define who can do what on a global level across the entire system. Some examples in authentik are the ability to add new [flows](../../add-secure-apps/flows-stages/flow/index.md) or to create a URL for users to recover their login credentials. +Global permissions define who can do what on a global level across the entire system. Some examples in authentik are the ability to add new [flows](../../flow/index.md) or to create a URL for users to recover their login credentials. -You can assign _global permissions_ to individual [users](../user/index.mdx) or to [roles](../roles/index.md). The most common and best practice is to assign permissions to roles. +You can assign _global permissions_ to individual [users](../user/index.mdx) or to [roles](../roles/index.mdx). The most common and best practice is to assign permissions to roles. ### Object permissions @@ -31,7 +31,7 @@ Object permissions have two categories: - **_User_ object permissions**: defines WHO (which user) can change the **_object_** - **_Role_ object permissions**: defines which ROLE can change the **_object_** -Object permissions are assigned, as the name indicates, to an object ([users](../user/index.mdx), [groups](../groups/index.mdx), [roles](../roles/index.md), [flows](../../add-secure-apps/flows-stages/flow/index.md), and stages), and the assigned permissions state exactly what a user or role can do TO the object (i.e. what permissions does the user or role have on that object). +Object permissions are assigned, as the name indicates, to an object ([users](../user/index.mdx), [groups](../groups/index.mdx), [roles](../roles/index.mdx), [flows](../../flow/index.md), and stages), and the assigned permissions state exactly what a user or role can do TO the object (i.e. what permissions does the user or role have on that object). When working with object permissions it is important to understand that when you are viewing the page for an object, the permissions table shows which users or roles have permissions ON that specific object. Those permissions describe what those users or roles can do TO the object detailed on the page. diff --git a/website/docs/users-sources/access-control/user-page.png b/website/docs/user-group-role/access-control/user-page.png similarity index 100% rename from website/docs/users-sources/access-control/user-page.png rename to website/docs/user-group-role/access-control/user-page.png diff --git a/website/docs/users-sources/groups/group_ref.md b/website/docs/user-group-role/groups/group_ref.md similarity index 100% rename from website/docs/users-sources/groups/group_ref.md rename to website/docs/user-group-role/groups/group_ref.md diff --git a/website/docs/users-sources/groups/index.mdx b/website/docs/user-group-role/groups/index.mdx similarity index 100% rename from website/docs/users-sources/groups/index.mdx rename to website/docs/user-group-role/groups/index.mdx diff --git a/website/docs/users-sources/groups/manage_groups.md b/website/docs/user-group-role/groups/manage_groups.md similarity index 96% rename from website/docs/users-sources/groups/manage_groups.md rename to website/docs/user-group-role/groups/manage_groups.md index 95493785c517..c8d41910f866 100644 --- a/website/docs/users-sources/groups/manage_groups.md +++ b/website/docs/user-group-role/groups/manage_groups.md @@ -54,4 +54,4 @@ To give a specific Role or User the ability to manage group members, the followi In addition, the permission "Can view User" needs to be assigned, either globally or on specific users that should be manageable. -These permissions can be assigned to a [Role](../roles/index.md) or directly to a [User](../user/index.mdx). +These permissions can be assigned to a [Role](../roles/index.mdx) or directly to a [User](../user/index.mdx). diff --git a/website/docs/users-sources/roles/index.md b/website/docs/user-group-role/roles/index.mdx similarity index 85% rename from website/docs/users-sources/roles/index.md rename to website/docs/user-group-role/roles/index.mdx index 1eb0219ce80f..ddda83ee7f3c 100644 --- a/website/docs/users-sources/roles/index.md +++ b/website/docs/user-group-role/roles/index.mdx @@ -4,13 +4,13 @@ title: About roles import DocCardList from "@theme/DocCardList"; -Roles are a way to simplify the assignment of permissions. Roles are also the backbone of role-based access control (RBAC), an industry standard for managing [access control](../access-control/index.mdx). In authentik, RBAC is how you manage access to system components and specific objects such as flows, stages, users, etc. +Roles are a way to simplify the assignment of permissions. Roles are also the backbone of role-based access control (RBAC), an industry standard for managing [access control](../access-control). In authentik, RBAC is how you manage access to system components and specific objects such as flows, stages, users, etc. Think of roles as a collection of permissions. A role, along with its "bucket" of assigned permissions, can then be assigned to a group, which means that every user who is a part of that group will inherit all of the permissions in that role's "bucket". For example, let's take a look at the following scenario: -> You need to add 5 new users, all new hires, to authentik, your identity management system. These users will be the first team members on the brand new Security team, so they will need some high-level permissions, with object permissions to create and remove other users, revoke permissions, and send recovery emails. They will also need [global permissions](../access-control/permissions.md#fundamentals-of-authentik-permissions) to control access to flows and stages. +> You need to add 5 new users, all new hires, to authentik, your identity management system. These users will be the first team members on the brand new Security team, so they will need some high-level permissions, with object permissions to create and remove other users, revoke permissions, and send recovery emails. They will also need [global permissions](../access-control/permissions#fundamentals-of-authentik-permissions) to control access to flows and stages. The easiest workflow for setting up these new users involves [creating a role](./manage_roles.md#create-a-role) specifically for their type of work, and then [assigning that role to a group](./manage_roles.md#assign-a-role-to-a-group) to which all of the users belong. diff --git a/website/docs/users-sources/roles/manage_roles.md b/website/docs/user-group-role/roles/manage_roles.md similarity index 100% rename from website/docs/users-sources/roles/manage_roles.md rename to website/docs/user-group-role/roles/manage_roles.md diff --git a/website/docs/users-sources/user/create_invite.png b/website/docs/user-group-role/user/create_invite.png similarity index 100% rename from website/docs/users-sources/user/create_invite.png rename to website/docs/user-group-role/user/create_invite.png diff --git a/website/docs/users-sources/user/index.mdx b/website/docs/user-group-role/user/index.mdx similarity index 100% rename from website/docs/users-sources/user/index.mdx rename to website/docs/user-group-role/user/index.mdx diff --git a/website/docs/users-sources/user/invitations.md b/website/docs/user-group-role/user/invitations.md similarity index 94% rename from website/docs/users-sources/user/invitations.md rename to website/docs/user-group-role/user/invitations.md index b8de25ded54c..bbb8736b26e0 100644 --- a/website/docs/users-sources/user/invitations.md +++ b/website/docs/user-group-role/user/invitations.md @@ -36,7 +36,7 @@ In the Admin UI, navigate to **Directory --> Invitations**, and then click **Cre - **Name**: provide a name for your invitation object. - **Expires**: select a date for when you want the invitation to expire. - **Flow**: in the drop-down menu, select the **default-enrollment-flow** Flow. -- **Custom attributes**: (_optional_) enter optional key/value pairs here, to pre-define any information about the user that you will invite to enroll. The data entered here is considered as a variable, specifically the `context['prompt_data']` variable. This data is read by the context flow's [prompt stage](../../add-secure-apps/flows-stages/stages/prompt/index.md) in an expression policy. +- **Custom attributes**: (_optional_) enter optional key/value pairs here, to pre-define any information about the user that you will invite to enroll. The data entered here is considered as a variable, specifically the `context['prompt_data']` variable. This data is read by the context flow's [prompt stage](../../flow/stages/prompt/index.md) in an expression policy. ![Create an invitation modal box](./create_invite.png) diff --git a/website/docs/users-sources/user/user_basic_operations.md b/website/docs/user-group-role/user/user_basic_operations.md similarity index 84% rename from website/docs/users-sources/user/user_basic_operations.md rename to website/docs/user-group-role/user/user_basic_operations.md index fc20a58a1ff2..0bbfb084f5ae 100644 --- a/website/docs/users-sources/user/user_basic_operations.md +++ b/website/docs/user-group-role/user/user_basic_operations.md @@ -4,11 +4,11 @@ title: Manage users The following topics are for the basic management of users: how to create, modify, delete or deactivate users, and using a recovery email. -[Policies](../../customize/policies/index.md) can be used to further manage how users are authenticated. For example, by default authentik does not require email addresses be unique, but you can use a policy to [enforce unique email addresses](../../customize/policies/working_with_policies/unique_email.md). +[Policies](../../policies/index.md) can be used to further manage how users are authenticated. For example, by default authentik does not require email addresses be unique, but you can use a policy to [enforce unique email addresses](../../policies/working_with_policies/unique_email.md). ### Create a user -> If you want to automate user creation, you can do that either by [invitations](./invitations.md), [`user_write` stage](../../add-secure-apps/flows-stages/stages/user_write.md), or [using the API](/docs/developer-docs/api/reference/core-users-create). +> If you want to automate user creation, you can do that either by [invitations](./invitations.md), [`user_write` stage](../../flow/stages/user_write), or [using the API](/developer-docs/api/reference/core-users-create). 1. In the Admin interface of your authentik instance, select **Directory > Users** in the left side menu. 2. Select the folder where you want to create a user. @@ -21,7 +21,7 @@ The following topics are for the basic management of users: how to create, modif 5. Fill the **_optional_** fields if needed: - **Name**: The display name of the user. -- **Email**: The email address of the user. Email addresses are used in [email stages](../../add-secure-apps/flows-stages/stages/email/index.mdx) and to receive [notifications](../../sys-mgmt/events/notifications.md), if configured. +- **Email**: The email address of the user. Email addresses are used in [email stages](../../flow/stages/email) and to receive [notifications](../../events/notifications), if configured. - **Is active**: Define if the newly created user account is active. Selected by default. - **Attributes**: Custom attributes definition for the user, in YAML or JSON format. These attributes can be used to enforce additional prompts on authentication stages or define conditions to enforce specific policies if the current implementation does not fit your use case. The value is an empty dictionary by default. @@ -30,7 +30,7 @@ The following topics are for the basic management of users: how to create, modif You should see a confirmation pop-up on the top-right of the screen that the user has been created, and see the new user in the user list. You can directly click the username if you want to [modify your user](./user_basic_operations#modify-a-user). :::info -To create a super-user, you need to add the user to a group that has super-user permissions. For more information, refer to [Create a Group](../groups/manage_groups.md#create-a-group). +To create a super-user, you need to add the user to a group that has super-user permissions. For more information, refer to [Create a Group](../groups/manage_groups#create-a-group). ::: ### View user details @@ -48,7 +48,7 @@ To view details about a specific user: - **Session** shows the active sessions established by the user. If there is any need, you can clean up the connected devices for a user by selecting the device(s) and then clicking **Delete**. This forces the user to authenticate again on the deleted devices. - **Groups** allows you to manage the group membership of the user. You can find more details on [groups](../groups/index.mdx). - **User events** displays all the events generated by the user during a session, such as login, logout, application authorisation, password reset, user info update, etc. -- **Explicit consent** lists all the permissions the user has given explicitly to an application. Entries will only appear if the user is validating an [explicit consent flow in an OAuth2 provider](../../add-secure-apps/providers/oauth2/index.md). If you want to delete the explicit consent (because the application is requiring new permissions, or the user has explicitly asked to reset his consent on third-party apps), select the applications and click **Delete**. The user will be asked to again give explicit consent to share information with the application. +- **Explicit consent** lists all the permissions the user has given explicitly to an application. Entries will only appear if the user is validating an [explicit consent flow in an OAuth2 provider](../../providers/oauth2/). If you want to delete the explicit consent (because the application is requiring new permissions, or the user has explicitly asked to reset his consent on third-party apps), select the applications and click **Delete**. The user will be asked to again give explicit consent to share information with the application. - **OAuth Refresh Tokens** lists all the OAuth tokens currently distributed. You can remove the tokens by selecting the applications and then clicking **Delete**. - **MFA Authenticators** shows all the authentications that the user has registered to their user profile. You can remove the tokens if the user has lost their authenticator and want to enroll a new one. @@ -84,13 +84,13 @@ A pop-up will appear on your browser with the link for you to copy and to send t ### Automate email to a user -You can use our automated email to send a link with the URL for the user to reset their password. This option will only work if you have properly [configured a SMTP server during the installation](../../install-config/install/docker-compose.mdx#email-configuration-optional-but-recommended) and set an email address for the user. +You can use our automated email to send a link with the URL for the user to reset their password. This option will only work if you have properly [configured a SMTP server during the installation](../../installation/docker-compose#email-configuration-optional-but-recommended) and set an email address for the user. 1. In the Admin interface, navigate to **Directory > Users** to display all users. 2. Either click the name of the user to display the full User details page, or click the chevron beside their name to expand the toptions. 3. To send the automated email to the user, click **Email recovery link**. -If the user does not receive the email, check if the mail server parameters [are properly configured](../../troubleshooting/emails.md). +If the user does not receive the email, check if the mail server parameters [are properly configured](../../troubleshooting/emails). ### Reset the password for the user diff --git a/website/docs/users-sources/user/user_ref.md b/website/docs/user-group-role/user/user_ref.md similarity index 97% rename from website/docs/users-sources/user/user_ref.md rename to website/docs/user-group-role/user/user_ref.md index 10f7d56cc235..93c83687f9a1 100644 --- a/website/docs/users-sources/user/user_ref.md +++ b/website/docs/user-group-role/user/user_ref.md @@ -76,7 +76,7 @@ Format is string of format `days=10;hours=1;minute=3;seconds=5`. ### `goauthentik.io/user/debug`: -See [Troubleshooting access problems](../../troubleshooting/access.md), when set, the user gets a more detailed explanation of access decisions. +See [Troubleshooting access problems](../../troubleshooting/access), when set, the user gets a more detailed explanation of access decisions. ### `additionalHeaders`: diff --git a/website/docusaurus.config.ts b/website/docusaurus.config.ts index ce06d97ac3ca..a37e0463d4d1 100644 --- a/website/docusaurus.config.ts +++ b/website/docusaurus.config.ts @@ -17,6 +17,14 @@ module.exports = async function (): Promise { organizationName: "Authentik Security Inc.", projectName: "authentik", themeConfig: { + announcementBar: { + id: "new_docs_structure", + content: + 'Change is hard, especially when a familiar site gets re-arranged. But we think the new layout is easier to navigate. Take a preview peek at the upcoming new Docs structure!', + backgroundColor: "#cc0099", + textColor: "#ffffff", + isCloseable: false, + }, image: "img/social.png", navbar: { logo: { @@ -42,6 +50,11 @@ module.exports = async function (): Promise { label: "Integrations", position: "left", }, + { + to: "developer-docs/", + label: "Developer", + position: "left", + }, { to: "https://goauthentik.io/pricing/", label: "Pricing", @@ -92,7 +105,6 @@ module.exports = async function (): Promise { sidebarPath: "./sidebars.js", editUrl: "https://github.com/goauthentik/authentik/edit/main/website/", - docItemComponent: "@theme/ApiItem", remarkPlugins: [ [ remarkGithub, @@ -127,15 +139,27 @@ module.exports = async function (): Promise { "https://github.com/goauthentik/authentik/edit/main/website/", }, ], + [ + "@docusaurus/plugin-content-docs", + { + id: "docsDevelopers", + path: "developer-docs", + routeBasePath: "developer-docs", + sidebarPath: "./sidebarsDev.js", + docItemComponent: "@theme/ApiItem", + editUrl: + "https://github.com/goauthentik/authentik/edit/main/website/", + }, + ], [ "docusaurus-plugin-openapi-docs", { id: "api", - docsPluginId: "docs", + docsPluginId: "docsDevelopers", config: { authentik: { specPath: "static/schema.yaml", - outputDir: "docs/developer-docs/api/reference/", + outputDir: "developer-docs/api/reference/", hideSendButton: true, sidebarOptions: { groupPathsBy: "tag", diff --git a/website/integrations/index.mdx b/website/integrations/index.mdx index 9029a9486334..acb13d7d88f5 100644 --- a/website/integrations/index.mdx +++ b/website/integrations/index.mdx @@ -1,5 +1,6 @@ --- title: Integrations overview +slug: / --- There are two main types of integrations with authentik: **Applications** and **Sources**. @@ -14,6 +15,6 @@ authentik integrates with many applications. For a full list, and to learn more In addition to applications, authentik also integrates with external sources, including federated directories like Active Directory and through protocols such as LDAP, OAuth, SAML, and SCIM sources. Sources are a way for authentik to use external credentials for authentication and verification. Sources in authentik can also be used for social logins, using external providers such as Facebook, Twitter, etc. -To learn more, refer to the [Sources](https://docs.goauthentik.io/docs/users-sources/sources/index) documentation. +To learn more, refer to the [Sources](../docs/sources) documentation. ![](./sources-logo.png) diff --git a/website/integrations/services/home-assistant/index.md b/website/integrations/services/home-assistant/index.md index 797033acc0d0..70b91fa58f7a 100644 --- a/website/integrations/services/home-assistant/index.md +++ b/website/integrations/services/home-assistant/index.md @@ -43,7 +43,7 @@ The following placeholders will be used: - **Slug**: homeassistant - **Provider**: Home Assistant (the provider you created in step 1) -3. Create an outpost deployment for the provider you've created above, as described [here](https://docs.goauthentik.io/docs/add-secure-apps/outposts/index.md). Deploy this Outpost either on the same host or a different host that can access Home Assistant. The outpost will connect to authentik and configure itself. +3. Create an outpost deployment for the provider you've created above, as described [here](../../../docs/outposts/). Deploy this Outpost either on the same host or a different host that can access Home Assistant. The outpost will connect to authentik and configure itself. ## Home Assistant configuration diff --git a/website/integrations/services/minio/index.md b/website/integrations/services/minio/index.md index 8749d36e9e4a..326efa9f6987 100644 --- a/website/integrations/services/minio/index.md +++ b/website/integrations/services/minio/index.md @@ -46,7 +46,7 @@ elif ak_is_group_member(request.user, name="Minio users"): return None ``` -Note that you can assign multiple policies to a user by returning a list, and returning `None` will map no policies to the user, resulting in no access to the MinIO instance. For more information on writing expressions, see [Expressions](/docs/add-secure-apps/providers/property-mappings/expression) and [User](/docs/users-sources/user/user_ref#object-properties) docs. +Note that you can assign multiple policies to a user by returning a list, and returning `None` will map no policies to the user, resulting in no access to the MinIO instance. For more information on writing expressions, see [Expressions](../../../docs/providers/property-mappings/expression) and [User](../../../docs/user-group-role/user/user_ref#object-properties) docs. ### Creating application and provider diff --git a/website/integrations/services/nextcloud/index.md b/website/integrations/services/nextcloud/index.md index 4e333e216660..4a2c55eb82fa 100644 --- a/website/integrations/services/nextcloud/index.md +++ b/website/integrations/services/nextcloud/index.md @@ -111,7 +111,7 @@ Create a provider for Nextcloud. In the Admin Interface, go to _Applications_ -> - `Nextcloud Profile` (or `authentik default Oauth Mapping profile` if you skipped the [custom profile scope](#custom-profile-scope) section) - Subject mode: Based on the User's UUID :::danger - Nextcloud will use the UUID as username. However, mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the subject mode to an username, [disable username changing](https://docs.goauthentik.io/sys-mgmt/settings.md#allow-users-to-change-username) in authentik and set this to `Based on the User's username`. + Nextcloud will use the UUID as username. However, mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the subject mode to an username, [disable username changing](../../../docs/core/settings#allow-users-to-change-username) in authentik and set this to `Based on the User's username`. ::: - Include claims in ID token: ✔️ @@ -249,7 +249,7 @@ Set the following values: - Attribute to map the UID to: `http://schemas.goauthentik.io/2021/02/saml/uid` :::danger - Nextcloud uses the UID attribute as username. However, mapping it to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the UID to an username, [disable username changing](https://docs.goauthentik.io/sys-mgmt/settings.md#allow-users-to-change-username) in authentik and set the UID attribute to "http://schemas.goauthentik.io/2021/02/saml/username". + Nextcloud uses the UID attribute as username. However, mapping it to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the UID to an username, [disable username changing](../../../docs/core/settings#allow-users-to-change-username) in authentik and set the UID attribute to "http://schemas.goauthentik.io/2021/02/saml/username". ::: - Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik` - Identifier of the IdP entity (must be a URI): `https://authentik.company` diff --git a/website/integrations/services/organizr/index.md b/website/integrations/services/organizr/index.md index a8c2362eb2d5..68638c51e6d6 100644 --- a/website/integrations/services/organizr/index.md +++ b/website/integrations/services/organizr/index.md @@ -13,7 +13,7 @@ sidebar_label: organizr > > -- https://github.com/causefx/Organizr -This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](https://docs.goauthentik.io/add-secure-apps/providers/ldap/generic_setup) for setting up the LDAP provider. +This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](../../../docs/providers/ldap/generic_setup) for setting up the LDAP provider. ## Preparation @@ -77,5 +77,5 @@ LDAP Backend Type: `OpenLDAP` Access for authentik users is managed locally within organizr under _User Management_. By default, new users are assigned the `User` group. ::: :::tip -Consider front-ending your application with a [forward auth provider](https://docs.goauthentik.io/docs/add-secure-apps/providers/proxy/forward_auth) for an SSO experience. +Consider front-ending your application with a [forward auth provider](../../../docs/providers/proxy/forward_auth) for an SSO experience. ::: diff --git a/website/integrations/services/proftpd/index.md b/website/integrations/services/proftpd/index.md index dc9586e32f6e..d6aa5ebc4a92 100644 --- a/website/integrations/services/proftpd/index.md +++ b/website/integrations/services/proftpd/index.md @@ -13,7 +13,7 @@ sidebar_label: ProFTPD > > -- From http://www.proftpd.org -This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap/generic_setup) for setting up the LDAP provider. +This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](../../../docs/providers/ldap/generic_setup) for setting up the LDAP provider. ## Preparation @@ -108,7 +108,7 @@ In this example, every user shares a single folder. If you want to have separate Additionally, note that each file will have Linux user and group ID `1000`. Beforehand, make sure that the respective Linux user exists (usually the first Linux user created receives ID `1000`). Check `/etc/passwd` and create a user if necessary. -If you do not set `LDAPForceDefaultUID`/`LDAPForceDefaultGID`, Authentik's `uidNumber` field will be used. If you do not set `LDAPGenerateHomedir`, Authentik's `homeDirectory` field will be used (`/home/$username`). For more information about default attributes provided by Authentik, refer to the [LDAP Provider documentation](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap). +If you do not set `LDAPForceDefaultUID`/`LDAPForceDefaultGID`, Authentik's `uidNumber` field will be used. If you do not set `LDAPGenerateHomedir`, Authentik's `homeDirectory` field will be used (`/home/$username`). For more information about default attributes provided by Authentik, refer to the [LDAP Provider documentation](../../../docs/providers/ldap). Make sure to read ProFTPD's [available LDAP options](http://www.proftpd.org/docs/contrib/mod_ldap.html). diff --git a/website/integrations/services/qnap-nas/index.md b/website/integrations/services/qnap-nas/index.md index 158c95510f95..8e5d5d36c2af 100644 --- a/website/integrations/services/qnap-nas/index.md +++ b/website/integrations/services/qnap-nas/index.md @@ -29,7 +29,7 @@ The following placeholders will be used: by authentik. Create an LDAP Provider if you don't already have one setup. -This guide assumes you will be running with TLS. See the [ldap provider docs](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap) for setting up SSL on the authentik side. +This guide assumes you will be running with TLS. See the [ldap provider docs](../../../docs/providers/ldap) for setting up SSL on the authentik side. Remember the `ldap.baseDN` you have configured for the provider as you'll need it in the sssd configuration. @@ -45,7 +45,7 @@ Max password length \<= 66 characters. ## Deployment -Create an outpost deployment for the provider you've created above, as described [here](https://docs.goauthentik.io/docs/add-secure-apps/outposts/). Deploy this Outpost either on the same host or a different host that your QNAP NAS can access. +Create an outpost deployment for the provider you've created above, as described [here](../../../docs/outposts/). Deploy this Outpost either on the same host or a different host that your QNAP NAS can access. The outpost will connect to authentik and configure itself. diff --git a/website/integrations/services/sonarr/index.md b/website/integrations/services/sonarr/index.md index c8be7d30c2f3..d683747500ae 100644 --- a/website/integrations/services/sonarr/index.md +++ b/website/integrations/services/sonarr/index.md @@ -40,7 +40,7 @@ Create an application in authentik and select the provider you've created above. ## Deployment -Create an outpost deployment for the provider you've created above, as described [here](https://docs.goauthentik.io/docs/add-secure-apps/outposts/). Deploy this Outpost either on the same host or a different host that can access Sonarr. +Create an outpost deployment for the provider you've created above, as described [here](../../../docs/outposts/). Deploy this Outpost either on the same host or a different host that can access Sonarr. The outpost will connect to authentik and configure itself. diff --git a/website/integrations/services/sssd/index.md b/website/integrations/services/sssd/index.md index 33de4d4a0bb1..3de6428381fe 100644 --- a/website/integrations/services/sssd/index.md +++ b/website/integrations/services/sssd/index.md @@ -37,7 +37,7 @@ The following placeholders will be used: Create an LDAP Provider if you don't already have one setup. This guide assumes you will be running with TLS and that you've correctly setup certificates both in authentik and on the host -running sssd. See the [ldap provider docs](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap) for setting up SSL on the authentik side. +running sssd. See the [ldap provider docs](../../../docs/providers/ldap) for setting up SSL on the authentik side. Remember the Base DN you have configured for the provider as you'll need it in the sssd configuration. @@ -48,7 +48,7 @@ to `ldap.searchGroup`. ## Deployment -Create an outpost deployment for the provider you've created above, as described [here](https://docs.goauthentik.io/add-secure-apps/outposts). Deploy this Outpost either on the same host or a different host that your +Create an outpost deployment for the provider you've created above, as described [here](../../../docs/outposts/). Deploy this Outpost either on the same host or a different host that your host(s) running sssd can access. The outpost will connect to authentik and configure itself. diff --git a/website/migratefile b/website/migratefile deleted file mode 100644 index 4a0934ea052d..000000000000 --- a/website/migratefile +++ /dev/null @@ -1,237 +0,0 @@ -advanced/tenancy.md -> sys-mgmt/tenancy.md -applications/index.md -> add-secure-apps/applications/index.md -applications/manage_apps.md -> add-secure-apps/applications/manage_apps.md -core/architecture.md -> core/architecture.md -core/brands.md -> customize/brands.md -core/certificates.md -> sys-mgmt/certificates.md -core/geoip.mdx -> install-config/geoip.mdx -core/settings.md -> sys-mgmt/settings.md -core/terminology.md -> core/terminology.md -enterprise/entsupport.md -> enterprise/entsupport.md -enterprise/get-started.md -> enterprise/get-started.md -enterprise/index.md -> enterprise/index.md -enterprise/licenses-page-admin.png -> enterprise/licenses-page-admin.png -enterprise/manage-enterprise.md -> enterprise/manage-enterprise.md -events/event_matcher.png -> sys-mgmt/events/event_matcher.png -events/index.md -> sys-mgmt/events/index.md -events/notifications.md -> sys-mgmt/events/notifications.md -events/transports.md -> sys-mgmt/events/transports.md -flow/context/index.md -> add-secure-apps/flows-stages/flow/context/index.md -flow/create-flow.png -> add-secure-apps/flows-stages/flow/create-flow.png -flow/examples/flows.md -> add-secure-apps/flows-stages/flow/examples/flows.md -flow/examples/snippets.md -> add-secure-apps/flows-stages/flow/examples/snippets.md -flow/executors/headless.md -> add-secure-apps/flows-stages/flow/executors/headless.md -flow/executors/if-flow.md -> add-secure-apps/flows-stages/flow/executors/if-flow.md -flow/executors/sfe.md -> add-secure-apps/flows-stages/flow/executors/sfe.md -flow/executors/user-settings.md -> add-secure-apps/flows-stages/flow/executors/user-settings.md -flow/flow-inspector.png -> add-secure-apps/flows-stages/flow/flow-inspector.png -flow/index.md -> add-secure-apps/flows-stages/flow/index.md -flow/inspector.md -> add-secure-apps/flows-stages/flow/inspector.md -flow/layouts.md -> add-secure-apps/flows-stages/flow/layouts.md -flow/layouts/content_left.png -> add-secure-apps/flows-stages/flow/layouts/content_left.png -flow/layouts/content_right.png -> add-secure-apps/flows-stages/flow/layouts/content_right.png -flow/layouts/sidebar_left.png -> add-secure-apps/flows-stages/flow/layouts/sidebar_left.png -flow/layouts/sidebar_right.png -> add-secure-apps/flows-stages/flow/layouts/sidebar_right.png -flow/layouts/stacked.png -> add-secure-apps/flows-stages/flow/layouts/stacked.png -flow/simple_stages.png -> add-secure-apps/flows-stages/flow/simple_stages.png -flow/stages/authenticator_duo/index.md -> add-secure-apps/flows-stages/stages//authenticator_duo/index.md -flow/stages/authenticator_sms/index.md -> add-secure-apps/flows-stages/stages/authenticator_sms/index.md -flow/stages/authenticator_static/index.md -> add-secure-apps/flows-stages/stages/authenticator_static/index.md -flow/stages/authenticator_totp/index.md -> add-secure-apps/flows-stages/stages/authenticator_totp/index.md -flow/stages/authenticator_validate/index.md -> add-secure-apps/flows-stages/stages/authenticator_validate/index.md -flow/stages/authenticator_webauthn/index.md -> add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md -flow/stages/captcha/captcha-admin.png -> add-secure-apps/flows-stages/stages/captcha/captcha-admin.png -flow/stages/captcha/index.md -> add-secure-apps/flows-stages/stages/captcha/index.md -flow/stages/deny.md -> add-secure-apps/flows-stages/stages/deny.md -flow/stages/email/custom_template.png -> add-secure-apps/flows-stages/stages/email/custom_template.png -flow/stages/email/email_recovery.png -> add-secure-apps/flows-stages/stages/email/email_recovery.png -flow/stages/email/index.mdx -> add-secure-apps/flows-stages/stages/email/index.mdx -flow/stages/identification/index.md -> add-secure-apps/flows-stages/stages/identification/index.md -flow/stages/index.md -> add-secure-apps/flows-stages/stages/index.md -flow/stages/invitation/index.md -> add-secure-apps/flows-stages/stages/invitation/index.md -flow/stages/password/index.md -> add-secure-apps/flows-stages/stages/password/index.md -flow/stages/prompt/index.md -> add-secure-apps/flows-stages/stages/prompt/index.md -flow/stages/source/index.md -> add-secure-apps/flows-stages/stages/source/index.md -flow/stages/user_delete.md -> add-secure-apps/flows-stages/stages/user_delete.md -flow/stages/user_login/index.md -> add-secure-apps/flows-stages/stages/user_login/index.md -flow/stages/user_login/stay_signed_in.png -> add-secure-apps/flows-stages/stages/user_login/stay_signed_in.png -flow/stages/user_logout.md -> add-secure-apps/flows-stages/stages/user_logout.md -flow/stages/user_write.md -> add-secure-apps/flows-stages/stages/user_write.md -installation/air-gapped.mdx -> install-config/air-gapped.mdx -installation/automated-install.md -> install-config/automated-install.md -installation/beta.mdx -> install-config/beta.mdx -installation/configuration.mdx -> install-config/configuration/configuration.mdx -installation/dashboard.png -> install-config/dashboard.png -installation/docker-compose.mdx -> install-config/install/docker-compose.mdx -installation/index.mdx -> install-config/index.mdx -installation/kubernetes.md -> install-config/install/kubernetes.md -installation/monitoring.md -> sys-mgmt/ops/monitoring.md -installation/reverse-proxy.md -> install-config/reverse-proxy.md -installation/storage-s3.md -> install-config/storage-s3.md -installation/upgrade.mdx -> install-config/upgrade.mdx -installation/version1.png -> install-config/version1.png -interfaces/_global/customcss.mdx -> customize/interfaces/_global/customcss.mdx -interfaces/_global/global.mdx -> customize/interfaces/_global/global.mdx -interfaces/admin/customization.mdx -> customize/interfaces/admin/customization.mdx -interfaces/flow/customization.mdx -> customize/interfaces/flow/customization.mdx -interfaces/user/customization.mdx -> customize/interfaces/user/customization.mdx -outposts/_config.md -> add-secure-apps/outposts/_config.md -outposts/embedded/embedded.mdx -> add-secure-apps/outposts/embedded/embedded.mdx -outposts/index.mdx -> add-secure-apps/outposts/index.mdx -outposts/integrations/docker.md -> add-secure-apps/outposts/integrations/docker.md -outposts/integrations/kubernetes.md -> add-secure-apps/outposts/integrations/kubernetes.md -outposts/manual-deploy-docker-compose.md -> add-secure-apps/outposts/manual-deploy-docker-compose.md -outposts/manual-deploy-kubernetes.md -> add-secure-apps/outposts/manual-deploy-kubernetes.md -outposts/outpost-create.png -> add-secure-apps/outposts/outpost-create.png -outposts/upgrading.md -> add-secure-apps/outposts/upgrading.md -outposts/upgrading_outdated.png -> add-secure-apps/outposts/upgrading_outdated.png -policies/expression.mdx -> customize/policies/expression.mdx -policies/index.md -> customize/policies/index.md -policies/working_with_policies/unique_email.md -> customize/policies/working_with_policies/unique_email.md -policies/working_with_policies/whitelist_email.md -> customize/policies/working_with_policies/whitelist_email.md -policies/working_with_policies/working_with_policies.md -> customize/policies/working_with_policies/working_with_policies.md -providers/entra/add-entra-provider.md -> add-secure-apps/providers/entra/add-entra-provider.md -providers/entra/index.md -> add-secure-apps/providers/entra/index.md -providers/entra/setup-entra.md -> add-secure-apps/providers/entra/setup-entra.md -providers/gws/add-gws-provider.md -> add-secure-apps/providers/gws/add-gws-provider.md -providers/gws/index.md -> add-secure-apps/providers/gws/index.md -providers/gws/setup-gws.md -> add-secure-apps/providers/gws/setup-gws.md -providers/index.mdx -> add-secure-apps/providers/index.mdx -providers/ldap/general_setup1.png -> add-secure-apps/providers/ldap/general_setup1.png -providers/ldap/general_setup10.png -> add-secure-apps/providers/ldap/general_setup10.png -providers/ldap/general_setup11.png -> add-secure-apps/providers/ldap/general_setup11.png -providers/ldap/general_setup12.png -> add-secure-apps/providers/ldap/general_setup12.png -providers/ldap/general_setup13.png -> add-secure-apps/providers/ldap/general_setup13.png -providers/ldap/general_setup14.png -> add-secure-apps/providers/ldap/general_setup14.png -providers/ldap/general_setup15.png -> add-secure-apps/providers/ldap/general_setup15.png -providers/ldap/general_setup16.png -> add-secure-apps/providers/ldap/general_setup16.png -providers/ldap/general_setup2.png -> add-secure-apps/providers/ldap/general_setup2.png -providers/ldap/general_setup3.png -> add-secure-apps/providers/ldap/general_setup3.png -providers/ldap/general_setup4.png -> add-secure-apps/providers/ldap/general_setup4.png -providers/ldap/general_setup5.png -> add-secure-apps/providers/ldap/general_setup5.png -providers/ldap/general_setup6.png -> add-secure-apps/providers/ldap/general_setup6.png -providers/ldap/general_setup7.png -> add-secure-apps/providers/ldap/general_setup7.png -providers/ldap/general_setup8.png -> add-secure-apps/providers/ldap/general_setup8.png -providers/ldap/general_setup9.png -> add-secure-apps/providers/ldap/general_setup9.png -providers/ldap/generic_setup.md -> add-secure-apps/providers/ldap/generic_setup.md -providers/ldap/index.md -> add-secure-apps/providers/ldap/index.md -providers/oauth2/client_credentials.md -> add-secure-apps/providers/oauth2/client_credentials.md -providers/oauth2/device_code.md -> add-secure-apps/providers/oauth2/device_code.md -providers/oauth2/index.md -> add-secure-apps/providers/oauth2/index.md -providers/property-mappings/expression.mdx -> add-secure-apps/providers/property-mappings/expression.mdx -providers/property-mappings/index.md -> add-secure-apps/providers/property-mappings/index.md -providers/proxy/__placeholders.md -> add-secure-apps/providers/proxy/__placeholders.md -providers/proxy/_caddy_standalone.md -> add-secure-apps/providers/proxy/_caddy_standalone.md -providers/proxy/_envoy_istio.md -> add-secure-apps/providers/proxy/_envoy_istio.md -providers/proxy/_nginx_ingress.md -> add-secure-apps/providers/proxy/_nginx_ingress.md -providers/proxy/_nginx_proxy_manager.md -> add-secure-apps/providers/proxy/_nginx_proxy_manager.md -providers/proxy/_nginx_standalone.md -> add-secure-apps/providers/proxy/_nginx_standalone.md -providers/proxy/_traefik_compose.md -> add-secure-apps/providers/proxy/_traefik_compose.md -providers/proxy/_traefik_ingress.md -> add-secure-apps/providers/proxy/_traefik_ingress.md -providers/proxy/_traefik_standalone.md -> add-secure-apps/providers/proxy/_traefik_standalone.md -providers/proxy/custom_headers.md -> add-secure-apps/providers/proxy/custom_headers.md -providers/proxy/forward_auth.mdx -> add-secure-apps/providers/proxy/forward_auth.mdx -providers/proxy/header_authentication.md -> add-secure-apps/providers/proxy/header_authentication.md -providers/proxy/index.md -> add-secure-apps/providers/proxy/index.md -providers/proxy/server_caddy.mdx -> add-secure-apps/providers/proxy/server_caddy.mdx -providers/proxy/server_envoy.mdx -> add-secure-apps/providers/proxy/server_envoy.mdx -providers/proxy/server_nginx.mdx -> add-secure-apps/providers/proxy/server_nginx.mdx -providers/proxy/server_traefik.mdx -> add-secure-apps/providers/proxy/server_traefik.mdx -providers/rac/how-to-rac.md -> add-secure-apps/providers/rac/how-to-rac.md -providers/rac/index.md -> add-secure-apps/providers/rac/index.md -providers/rac/rac-v3.png -> add-secure-apps/providers/rac/rac-v3.png -providers/radius/index.mdx -> add-secure-apps/providers/radius/index.mdx -providers/saml/index.md -> add-secure-apps/providers/saml/index.md -providers/scim/index.md -> add-secure-apps/providers/scim/index.md -security/2023-06-cure53.md -> security/audits-and-certs/2023-06-cure53.md -security/CVE-2022-23555.md -> security/cves/CVE-2022-23555.md -security/CVE-2022-46145.md -> security/cves/CVE-2022-46145.md -security/CVE-2022-46172.md -> security/cves/CVE-2022-46172.md -security/CVE-2023-26481.md -> security/cves/CVE-2023-26481.md -security/CVE-2023-36456.md -> security/cves/CVE-2023-36456.md -security/CVE-2023-39522.md -> security/cves/CVE-2023-39522.md -security/CVE-2023-48228.md -> security/cves/CVE-2023-48228.md -security/CVE-2024-21637.md -> security/cves/CVE-2024-21637.md -security/CVE-2024-23647.md -> security/cves/CVE-2024-23647.md -security/CVE-2024-37905.md -> security/cves/CVE-2024-37905.md -security/CVE-2024-38371.md -> security/cves/CVE-2024-38371.md -security/GHSA-rjvp-29xq-f62w.md -> security/cves/GHSA-rjvp-29xq-f62w.md -sources/active-directory/01_user_create.png -> users-sources/sources/directory-sync/active-directory/01_user_create.png -sources/active-directory/02_delegate.png -> users-sources/sources/directory-sync/active-directory/02_delegate.png -sources/active-directory/03_additional_perms.png -> users-sources/sources/directory-sync/active-directory/03_additional_perms.png -sources/active-directory/10_ak_status.png -> users-sources/sources/directory-sync/active-directory/03_additional_perms.png -sources/active-directory/11_ak_stage.png -> users-sources/sources/directory-sync/active-directory/11_ak_stage.png -sources/active-directory/index.md -> users-sources/sources/directory-sync/active-directory/index.md -sources/apple/app_id.png -> users-sources/sources/social-logins/apple/app_id.png -sources/apple/app_service_config.png -> users-sources/sources/social-logins/apple/app_service_config.png -sources/apple/index.md -> users-sources/sources/social-logins/apple/index.md -sources/apple/key.png -> users-sources/sources/social-logins/apple/key.png -sources/apple/service_id.png -> users-sources/sources/social-logins/apple/service_id.png -sources/azure-ad/aad_01.png -> users-sources/sources/social-logins/azure-ad/aad_01.png -sources/azure-ad/authentik_01.png -> users-sources/sources/social-logins/azure-ad/authentik_01.png -sources/azure-ad/index.md -> users-sources/sources/social-logins/azure-ad/index.md -sources/discord/discord1.png -> users-sources/sources/social-logins/discord/discord1.png -sources/discord/discord2.png -> users-sources/sources/social-logins/discord/discord2.png -sources/discord/discord3.png -> users-sources/sources/social-logins/discord/discord3.png -sources/discord/discord4.png -> users-sources/sources/social-logins/discord/discord4.png -sources/discord/index.md -> users-sources/sources/social-logins/discord/index.md -sources/facebook/index.md -> users-sources/sources/social-logins/facebook/index.md -sources/freeipa/01_user_create.png -> users-sources/sources/directory-sync/freeipa/01_user_create.pn -sources/freeipa/02_user_roles.png -> users-sources/sources/directory-sync/freeipa/02_user_roles.png -sources/freeipa/03_add_user_role.png -> users-sources/sources/directory-sync/freeipa/03_add_user_role.png -sources/freeipa/04_source_settings_1.png -> users-sources/sources/directory-sync/freeipa/04_source_settings_1.png -sources/freeipa/05_source_settings_2.png -> users-sources/sources/directory-sync/freeipa/05_source_settings_2.png -sources/freeipa/06_sync_source.png -> users-sources/sources/directory-sync/freeipa/06_sync_source.png -sources/freeipa/07_password_stage.png -> users-sources/sources/directory-sync/freeipa/07_password_stage.png -sources/freeipa/index.md -> users-sources/sources/directory-sync/freeipa/index.md -sources/github/github_org_membership.png -> users-sources/sources/social-logins/github/github_org_membership.png -sources/github/githubdeveloper1.png -> users-sources/sources/social-logins/github/githubdeveloper1.png -sources/github/githubdeveloperexample.png -> users-sources/sources/social-logins/github/githubdeveloperexample.png -sources/github/githubexample2.png -> users-sources/sources/social-logins/github/githubexample2.png -sources/github/index.md -> users-sources/sources/social-logins/github/index.md -sources/google/authentiksource.png -> users-sources/sources/social-logins/google/authentiksource.png -sources/google/googledeveloper1.png -> users-sources/sources/social-logins/google/googledeveloper1.png -sources/google/googledeveloper2.png -> users-sources/sources/social-logins/google/googledeveloper2.png -sources/google/googledeveloper3.png -> users-sources/sources/social-logins/google/googledeveloper3.png -sources/google/googledeveloper4.png -> users-sources/sources/social-logins/google/googledeveloper4.png -sources/google/googledeveloper5.png -> users-sources/sources/social-logins/google/googledeveloper5.png -sources/google/googledeveloper6.png -> users-sources/sources/social-logins/google/googledeveloper6.png -sources/google/index.md -> users-sources/sources/social-logins/google/index.md -sources/index.md -> users-sources/sources/index.md -sources/ldap/index.md -> users-sources/sources/protocols/ldap/index.md -sources/mailcow/index.md -> users-sources/sources/social-logins/mailcow/index.md -sources/mailcow/mailcow1.png -> users-sources/sources/social-logins/mailcow/mailcow1.png -sources/mailcow/mailcow2.png -> users-sources/sources/social-logins/mailcow/mailcow2.png -sources/mailcow/mailcow3.png -> users-sources/sources/social-logins/mailcow/mailcow3.png -sources/mailcow/mailcow4.png -> users-sources/sources/social-logins/mailcow/mailcow4.png -sources/mailcow/mailcow5.png -> users-sources/sources/social-logins/mailcow/mailcow5.png -sources/oauth/index.md -> users-sources/sources/protocols/oauth/index.md -sources/plex/index.md -> users-sources/sources/social-logins/plex/index.md -sources/property-mappings/expressions.md -> users-sources/sources/property-mappings/expressions.md -sources/property-mappings/index.md -> users-sources/sources/property-mappings/index.md -sources/saml/index.md -> users-sources/sources/protocols/saml/index.md -sources/scim/index.md -> users-sources/sources/protocols/scim/index.md -sources/twitch/index.md -> users-sources/sources/social-logins/twitch/index.md -sources/twitch/twitch1.png -> users-sources/sources/social-logins/twitch/twitch1.png -sources/twitch/twitch2.png -> users-sources/sources/social-logins/twitch/twitch2.png -sources/twitch/twitch3.png -> users-sources/sources/social-logins/twitch/twitch3.png -sources/twitch/twitch4.png -> users-sources/sources/social-logins/twitch/twitch4.png -sources/twitch/twitch5.png -> users-sources/sources/social-logins/twitch/twitch5.png -sources/twitter/index.md -> users-sources/sources/social-logins/twitter/index.md -sources/twitter/twitter1.png -> users-sources/sources/social-logins/twitter/twitter1.png -sources/twitter/twitter2.png -> users-sources/sources/social-logins/twitter/twitter2.png -user-group-role/access-control/flow-page.png -> users-sources/access-control/flow-page.png -user-group-role/access-control/index.mdx -> users-sources/access-control/index.mdx -user-group-role/access-control/manage_permissions.md -> users-sources/access-control/manage_permissions.md -user-group-role/access-control/permissions.md -> users-sources/access-control/permissions.md -user-group-role/access-control/user-page.png -> users-sources/access-control/user-page.png -user-group-role/groups/group_ref.md -> users-sources/groups/group_ref.md -user-group-role/groups/index.mdx -> users-sources/groups/index.mdx -user-group-role/groups/manage_groups.md -> users-sources/groups/manage_groups.md -user-group-role/roles/index.mdx -> users-sources/roles/index.md -user-group-role/roles/manage_roles.md -> users-sources/roles/manage_roles.md -user-group-role/user/create_invite.png -> users-sources/user/create_invite.png -user-group-role/user/index.mdx -> users-sources/user/index.mdx -user-group-role/user/invitations.md -> users-sources/user/invitations.md -user-group-role/user/user_basic_operations.md -> users-sources/user/user_basic_operations.md -user-group-role/user/user_ref.md -> users-sources/user/user_ref.md diff --git a/website/netlify.toml b/website/netlify.toml index 8b3aa3d33569..00af61600f68 100644 --- a/website/netlify.toml +++ b/website/netlify.toml @@ -11,22 +11,22 @@ [[redirects]] from = "/docs/:firstPart/index" to = "/docs/:firstPart/" - status = 302 + status = 301 force = true [[redirects]] from = "/docs/:firstPart/:secondPart/index" to = "/docs/:firstPart/:secondPart/" - status = 302 + status = 301 force = true [[redirects]] from = "/integrations/:firstPart/index" to = "/integrations/:firstPart/" - status = 302 + status = 301 force = true [[redirects]] from = "/integrations/:firstPart/:secondPart/index" to = "/integrations/:firstPart/:secondPart/" - status = 302 + status = 301 force = true [[headers]] @@ -56,1498 +56,7 @@ from = "/docs/property-mappings/" to = "/docs/providers/property-mappings/" status = 302 - [[redirects]] from = "/docs/property-mappings/expression" to = "/docs/providers/property-mappings/expression" status = 302 - -# Migration to new structure with script Sept 2025 -[[redirects]] - from = "advanced/tenancy.md" - to = "sys-mgmt/tenancy.md" - status = 302 - force = true - -[[redirects]] - from = "applications/index.md" - to = "add-secure-apps/applications/index.md" - status = 302 - force = true - -[[redirects]] - from = "applications/manage_apps.md" - to = "add-secure-apps/applications/manage_apps.md" - status = 302 - force = true - -[[redirects]] - from = "core/brands.md" - to = "customize/brands.md" - status = 302 - force = true - -[[redirects]] - from = "core/certificates.md" - to = "sys-mgmt/certificates.md" - status = 302 - force = true - -[[redirects]] - from = "core/geoip.mdx" - to = "install-config/geoip.mdx" - status = 302 - force = true - -[[redirects]] - from = "core/settings.md" - to = "sys-mgmt/settings.md" - status = 302 - force = true - -[[redirects]] - from = "events/event_matcher.png" - to = "sys-mgmt/events/event_matcher.png" - status = 302 - force = true - -[[redirects]] - from = "events/index.md" - to = "sys-mgmt/events/index.md" - status = 302 - force = true - -[[redirects]] - from = "events/notifications.md" - to = "sys-mgmt/events/notifications.md" - status = 302 - force = true - -[[redirects]] - from = "events/transports.md" - to = "sys-mgmt/events/transports.md" - status = 302 - force = true - -[[redirects]] - from = "flow/context/index.md" - to = "add-secure-apps/flows-stages/flow/context/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/create-flow.png" - to = "add-secure-apps/flows-stages/flow/create-flow.png" - status = 302 - force = true - -[[redirects]] - from = "flow/examples/flows.md" - to = "add-secure-apps/flows-stages/flow/examples/flows.md" - status = 302 - force = true - -[[redirects]] - from = "flow/examples/snippets.md" - to = "add-secure-apps/flows-stages/flow/examples/snippets.md" - status = 302 - force = true - -[[redirects]] - from = "flow/executors/headless.md" - to = "add-secure-apps/flows-stages/flow/executors/headless.md" - status = 302 - force = true - -[[redirects]] - from = "flow/executors/if-flow.md" - to = "add-secure-apps/flows-stages/flow/executors/if-flow.md" - status = 302 - force = true - -[[redirects]] - from = "flow/executors/sfe.md" - to = "add-secure-apps/flows-stages/flow/executors/sfe.md" - status = 302 - force = true - -[[redirects]] - from = "flow/executors/user-settings.md" - to = "add-secure-apps/flows-stages/flow/executors/user-settings.md" - status = 302 - force = true - -[[redirects]] - from = "flow/flow-inspector.png" - to = "add-secure-apps/flows-stages/flow/flow-inspector.png" - status = 302 - force = true - -[[redirects]] - from = "flow/index.md" - to = "add-secure-apps/flows-stages/flow/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/inspector.md" - to = "add-secure-apps/flows-stages/flow/inspector.md" - status = 302 - force = true - -[[redirects]] - from = "flow/layouts.md" - to = "add-secure-apps/flows-stages/flow/layouts.md" - status = 302 - force = true - -[[redirects]] - from = "flow/layouts/content_left.png" - to = "add-secure-apps/flows-stages/flow/layouts/content_left.png" - status = 302 - force = true - -[[redirects]] - from = "flow/layouts/content_right.png" - to = "add-secure-apps/flows-stages/flow/layouts/content_right.png" - status = 302 - force = true - -[[redirects]] - from = "flow/layouts/sidebar_left.png" - to = "add-secure-apps/flows-stages/flow/layouts/sidebar_left.png" - status = 302 - force = true - -[[redirects]] - from = "flow/layouts/sidebar_right.png" - to = "add-secure-apps/flows-stages/flow/layouts/sidebar_right.png" - status = 302 - force = true - -[[redirects]] - from = "flow/layouts/stacked.png" - to = "add-secure-apps/flows-stages/flow/layouts/stacked.png" - status = 302 - force = true - -[[redirects]] - from = "flow/simple_stages.png" - to = "add-secure-apps/flows-stages/flow/simple_stages.png" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/authenticator_duo/index.md" - to = "add-secure-apps/flows-stages/stages//authenticator_duo/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/authenticator_sms/index.md" - to = "add-secure-apps/flows-stages/stages/authenticator_sms/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/authenticator_static/index.md" - to = "add-secure-apps/flows-stages/stages/authenticator_static/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/authenticator_totp/index.md" - to = "add-secure-apps/flows-stages/stages/authenticator_totp/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/authenticator_validate/index.md" - to = "add-secure-apps/flows-stages/stages/authenticator_validate/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/authenticator_webauthn/index.md" - to = "add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/captcha/captcha-admin.png" - to = "add-secure-apps/flows-stages/stages/captcha/captcha-admin.png" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/captcha/index.md" - to = "add-secure-apps/flows-stages/stages/captcha/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/deny.md" - to = "add-secure-apps/flows-stages/stages/deny.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/email/custom_template.png" - to = "add-secure-apps/flows-stages/stages/email/custom_template.png" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/email/email_recovery.png" - to = "add-secure-apps/flows-stages/stages/email/email_recovery.png" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/email/index.mdx" - to = "add-secure-apps/flows-stages/stages/email/index.mdx" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/identification/index.md" - to = "add-secure-apps/flows-stages/stages/identification/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/index.md" - to = "add-secure-apps/flows-stages/stages/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/invitation/index.md" - to = "add-secure-apps/flows-stages/stages/invitation/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/password/index.md" - to = "add-secure-apps/flows-stages/stages/password/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/prompt/index.md" - to = "add-secure-apps/flows-stages/stages/prompt/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/source/index.md" - to = "add-secure-apps/flows-stages/stages/source/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/user_delete.md" - to = "add-secure-apps/flows-stages/stages/user_delete.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/user_login/index.md" - to = "add-secure-apps/flows-stages/stages/user_login/index.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/user_login/stay_signed_in.png" - to = "add-secure-apps/flows-stages/stages/user_login/stay_signed_in.png" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/user_logout.md" - to = "add-secure-apps/flows-stages/stages/user_logout.md" - status = 302 - force = true - -[[redirects]] - from = "flow/stages/user_write.md" - to = "add-secure-apps/flows-stages/stages/user_write.md" - status = 302 - force = true - -[[redirects]] - from = "installation/air-gapped.mdx" - to = "install-config/air-gapped.mdx" - status = 302 - force = true - -[[redirects]] - from = "installation/automated-install.md" - to = "install-config/automated-install.md" - status = 302 - force = true - -[[redirects]] - from = "installation/beta.mdx" - to = "install-config/beta.mdx" - status = 302 - force = true - -[[redirects]] - from = "installation/configuration.mdx" - to = "install-config/configuration/configuration.mdx" - status = 302 - force = true - -[[redirects]] - from = "installation/dashboard.png" - to = "install-config/dashboard.png" - status = 302 - force = true - -[[redirects]] - from = "installation/docker-compose.mdx" - to = "install-config/install/docker-compose.mdx" - status = 302 - force = true - -[[redirects]] - from = "installation/index.mdx" - to = "install-config/index.mdx" - status = 302 - force = true - -[[redirects]] - from = "installation/kubernetes.md" - to = "install-config/install/kubernetes.md" - status = 302 - force = true - -[[redirects]] - from = "installation/monitoring.md" - to = "sys-mgmt/ops/monitoring.md" - status = 302 - force = true - -[[redirects]] - from = "installation/reverse-proxy.md" - to = "install-config/reverse-proxy.md" - status = 302 - force = true - -[[redirects]] - from = "installation/storage-s3.md" - to = "install-config/storage-s3.md" - status = 302 - force = true - -[[redirects]] - from = "installation/upgrade.mdx" - to = "install-config/upgrade.mdx" - status = 302 - force = true - -[[redirects]] - from = "installation/version1.png" - to = "install-config/version1.png" - status = 302 - force = true - -[[redirects]] - from = "interfaces/_global/customcss.mdx" - to = "customize/interfaces/_global/customcss.mdx" - status = 302 - force = true - -[[redirects]] - from = "interfaces/_global/global.mdx" - to = "customize/interfaces/_global/global.mdx" - status = 302 - force = true - -[[redirects]] - from = "interfaces/admin/customization.mdx" - to = "customize/interfaces/admin/customization.mdx" - status = 302 - force = true - -[[redirects]] - from = "interfaces/flow/customization.mdx" - to = "customize/interfaces/flow/customization.mdx" - status = 302 - force = true - -[[redirects]] - from = "interfaces/user/customization.mdx" - to = "customize/interfaces/user/customization.mdx" - status = 302 - force = true - -[[redirects]] - from = "outposts/_config.md" - to = "add-secure-apps/outposts/_config.md" - status = 302 - force = true - -[[redirects]] - from = "outposts/embedded/embedded.mdx" - to = "add-secure-apps/outposts/embedded/embedded.mdx" - status = 302 - force = true - -[[redirects]] - from = "outposts/index.mdx" - to = "add-secure-apps/outposts/index.mdx" - status = 302 - force = true - -[[redirects]] - from = "outposts/integrations/docker.md" - to = "add-secure-apps/outposts/integrations/docker.md" - status = 302 - force = true - -[[redirects]] - from = "outposts/integrations/kubernetes.md" - to = "add-secure-apps/outposts/integrations/kubernetes.md" - status = 302 - force = true - -[[redirects]] - from = "outposts/manual-deploy-docker-compose.md" - to = "add-secure-apps/outposts/manual-deploy-docker-compose.md" - status = 302 - force = true - -[[redirects]] - from = "outposts/manual-deploy-kubernetes.md" - to = "add-secure-apps/outposts/manual-deploy-kubernetes.md" - status = 302 - force = true - -[[redirects]] - from = "outposts/outpost-create.png" - to = "add-secure-apps/outposts/outpost-create.png" - status = 302 - force = true - -[[redirects]] - from = "outposts/upgrading.md" - to = "add-secure-apps/outposts/upgrading.md" - status = 302 - force = true - -[[redirects]] - from = "outposts/upgrading_outdated.png" - to = "add-secure-apps/outposts/upgrading_outdated.png" - status = 302 - force = true - -[[redirects]] - from = "policies/expression.mdx" - to = "customize/policies/expression.mdx" - status = 302 - force = true - -[[redirects]] - from = "policies/index.md" - to = "customize/policies/index.md" - status = 302 - force = true - -[[redirects]] - from = "policies/working_with_policies/unique_email.md" - to = "customize/policies/working_with_policies/unique_email.md" - status = 302 - force = true - -[[redirects]] - from = "policies/working_with_policies/whitelist_email.md" - to = "customize/policies/working_with_policies/whitelist_email.md" - status = 302 - force = true - -[[redirects]] - from = "policies/working_with_policies/working_with_policies.md" - to = "customize/policies/working_with_policies/working_with_policies.md" - status = 302 - force = true - -[[redirects]] - from = "providers/entra/add-entra-provider.md" - to = "add-secure-apps/providers/entra/add-entra-provider.md" - status = 302 - force = true - -[[redirects]] - from = "providers/entra/index.md" - to = "add-secure-apps/providers/entra/index.md" - status = 302 - force = true - -[[redirects]] - from = "providers/entra/setup-entra.md" - to = "add-secure-apps/providers/entra/setup-entra.md" - status = 302 - force = true - -[[redirects]] - from = "providers/gws/add-gws-provider.md" - to = "add-secure-apps/providers/gws/add-gws-provider.md" - status = 302 - force = true - -[[redirects]] - from = "providers/gws/index.md" - to = "add-secure-apps/providers/gws/index.md" - status = 302 - force = true - -[[redirects]] - from = "providers/gws/setup-gws.md" - to = "add-secure-apps/providers/gws/setup-gws.md" - status = 302 - force = true - -[[redirects]] - from = "providers/index.mdx" - to = "add-secure-apps/providers/index.mdx" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup1.png" - to = "add-secure-apps/providers/ldap/general_setup1.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup10.png" - to = "add-secure-apps/providers/ldap/general_setup10.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup11.png" - to = "add-secure-apps/providers/ldap/general_setup11.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup12.png" - to = "add-secure-apps/providers/ldap/general_setup12.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup13.png" - to = "add-secure-apps/providers/ldap/general_setup13.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup14.png" - to = "add-secure-apps/providers/ldap/general_setup14.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup15.png" - to = "add-secure-apps/providers/ldap/general_setup15.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup16.png" - to = "add-secure-apps/providers/ldap/general_setup16.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup2.png" - to = "add-secure-apps/providers/ldap/general_setup2.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup3.png" - to = "add-secure-apps/providers/ldap/general_setup3.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup4.png" - to = "add-secure-apps/providers/ldap/general_setup4.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup5.png" - to = "add-secure-apps/providers/ldap/general_setup5.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup6.png" - to = "add-secure-apps/providers/ldap/general_setup6.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup7.png" - to = "add-secure-apps/providers/ldap/general_setup7.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup8.png" - to = "add-secure-apps/providers/ldap/general_setup8.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/general_setup9.png" - to = "add-secure-apps/providers/ldap/general_setup9.png" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/generic_setup.md" - to = "add-secure-apps/providers/ldap/generic_setup.md" - status = 302 - force = true - -[[redirects]] - from = "providers/ldap/index.md" - to = "add-secure-apps/providers/ldap/index.md" - status = 302 - force = true - -[[redirects]] - from = "providers/oauth2/client_credentials.md" - to = "add-secure-apps/providers/oauth2/client_credentials.md" - status = 302 - force = true - -[[redirects]] - from = "providers/oauth2/device_code.md" - to = "add-secure-apps/providers/oauth2/device_code.md" - status = 302 - force = true - -[[redirects]] - from = "providers/oauth2/index.md" - to = "add-secure-apps/providers/oauth2/index.md" - status = 302 - force = true - -[[redirects]] - from = "providers/property-mappings/expression.mdx" - to = "add-secure-apps/providers/property-mappings/expression.mdx" - status = 302 - force = true - -[[redirects]] - from = "providers/property-mappings/index.md" - to = "add-secure-apps/providers/property-mappings/index.md" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/__placeholders.md" - to = "add-secure-apps/providers/proxy/__placeholders.md" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/_caddy_standalone.md" - to = "add-secure-apps/providers/proxy/_caddy_standalone.md" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/_envoy_istio.md" - to = "add-secure-apps/providers/proxy/_envoy_istio.md" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/_nginx_ingress.md" - to = "add-secure-apps/providers/proxy/_nginx_ingress.md" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/_nginx_proxy_manager.md" - to = "add-secure-apps/providers/proxy/_nginx_proxy_manager.md" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/_nginx_standalone.md" - to = "add-secure-apps/providers/proxy/_nginx_standalone.md" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/_traefik_compose.md" - to = "add-secure-apps/providers/proxy/_traefik_compose.md" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/_traefik_ingress.md" - to = "add-secure-apps/providers/proxy/_traefik_ingress.md" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/_traefik_standalone.md" - to = "add-secure-apps/providers/proxy/_traefik_standalone.md" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/custom_headers.md" - to = "add-secure-apps/providers/proxy/custom_headers.md" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/forward_auth.mdx" - to = "add-secure-apps/providers/proxy/forward_auth.mdx" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/header_authentication.md" - to = "add-secure-apps/providers/proxy/header_authentication.md" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/index.md" - to = "add-secure-apps/providers/proxy/index.md" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/server_caddy.mdx" - to = "add-secure-apps/providers/proxy/server_caddy.mdx" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/server_envoy.mdx" - to = "add-secure-apps/providers/proxy/server_envoy.mdx" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/server_nginx.mdx" - to = "add-secure-apps/providers/proxy/server_nginx.mdx" - status = 302 - force = true - -[[redirects]] - from = "providers/proxy/server_traefik.mdx" - to = "add-secure-apps/providers/proxy/server_traefik.mdx" - status = 302 - force = true - -[[redirects]] - from = "providers/rac/how-to-rac.md" - to = "add-secure-apps/providers/rac/how-to-rac.md" - status = 302 - force = true - -[[redirects]] - from = "providers/rac/index.md" - to = "add-secure-apps/providers/rac/index.md" - status = 302 - force = true - -[[redirects]] - from = "providers/rac/rac-v3.png" - to = "add-secure-apps/providers/rac/rac-v3.png" - status = 302 - force = true - -[[redirects]] - from = "providers/radius/index.mdx" - to = "add-secure-apps/providers/radius/index.mdx" - status = 302 - force = true - -[[redirects]] - from = "providers/saml/index.md" - to = "add-secure-apps/providers/saml/index.md" - status = 302 - force = true - -[[redirects]] - from = "providers/scim/index.md" - to = "add-secure-apps/providers/scim/index.md" - status = 302 - force = true - -[[redirects]] - from = "security/2023-06-cure53.md" - to = "security/audits-and-certs/2023-06-cure53.md" - status = 302 - force = true - -[[redirects]] - from = "security/CVE-2022-23555.md" - to = "security/cves/CVE-2022-23555.md" - status = 302 - force = true - -[[redirects]] - from = "security/CVE-2022-46145.md" - to = "security/cves/CVE-2022-46145.md" - status = 302 - force = true - -[[redirects]] - from = "security/CVE-2022-46172.md" - to = "security/cves/CVE-2022-46172.md" - status = 302 - force = true - -[[redirects]] - from = "security/CVE-2023-26481.md" - to = "security/cves/CVE-2023-26481.md" - status = 302 - force = true - -[[redirects]] - from = "security/CVE-2023-36456.md" - to = "security/cves/CVE-2023-36456.md" - status = 302 - force = true - -[[redirects]] - from = "security/CVE-2023-39522.md" - to = "security/cves/CVE-2023-39522.md" - status = 302 - force = true - -[[redirects]] - from = "security/CVE-2023-48228.md" - to = "security/cves/CVE-2023-48228.md" - status = 302 - force = true - -[[redirects]] - from = "security/CVE-2024-21637.md" - to = "security/cves/CVE-2024-21637.md" - status = 302 - force = true - -[[redirects]] - from = "security/CVE-2024-23647.md" - to = "security/cves/CVE-2024-23647.md" - status = 302 - force = true - -[[redirects]] - from = "security/CVE-2024-37905.md" - to = "security/cves/CVE-2024-37905.md" - status = 302 - force = true - -[[redirects]] - from = "security/CVE-2024-38371.md" - to = "security/cves/CVE-2024-38371.md" - status = 302 - force = true - -[[redirects]] - from = "security/GHSA-rjvp-29xq-f62w.md" - to = "security/cves/GHSA-rjvp-29xq-f62w.md" - status = 302 - force = true - -[[redirects]] - from = "sources/active-directory/01_user_create.png" - to = "users-sources/sources/directory-sync/active-directory/01_user_create.png" - status = 302 - force = true - -[[redirects]] - from = "sources/active-directory/02_delegate.png" - to = "users-sources/sources/directory-sync/active-directory/02_delegate.png" - status = 302 - force = true - -[[redirects]] - from = "sources/active-directory/03_additional_perms.png" - to = "users-sources/sources/directory-sync/active-directory/03_additional_perms.png" - status = 302 - force = true - -[[redirects]] - from = "sources/active-directory/10_ak_status.png" - to = "users-sources/sources/directory-sync/active-directory/03_additional_perms.png" - status = 302 - force = true - -[[redirects]] - from = "sources/active-directory/11_ak_stage.png" - to = "users-sources/sources/directory-sync/active-directory/11_ak_stage.png" - status = 302 - force = true - -[[redirects]] - from = "sources/active-directory/index.md" - to = "users-sources/sources/directory-sync/active-directory/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/apple/app_id.png" - to = "users-sources/sources/social-logins/apple/app_id.png" - status = 302 - force = true - -[[redirects]] - from = "sources/apple/app_service_config.png" - to = "users-sources/sources/social-logins/apple/app_service_config.png" - status = 302 - force = true - -[[redirects]] - from = "sources/apple/index.md" - to = "users-sources/sources/social-logins/apple/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/apple/key.png" - to = "users-sources/sources/social-logins/apple/key.png" - status = 302 - force = true - -[[redirects]] - from = "sources/apple/service_id.png" - to = "users-sources/sources/social-logins/apple/service_id.png" - status = 302 - force = true - -[[redirects]] - from = "sources/azure-ad/aad_01.png" - to = "users-sources/sources/social-logins/azure-ad/aad_01.png" - status = 302 - force = true - -[[redirects]] - from = "sources/azure-ad/authentik_01.png" - to = "users-sources/sources/social-logins/azure-ad/authentik_01.png" - status = 302 - force = true - -[[redirects]] - from = "sources/azure-ad/index.md" - to = "users-sources/sources/social-logins/azure-ad/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/discord/discord1.png" - to = "users-sources/sources/social-logins/discord/discord1.png" - status = 302 - force = true - -[[redirects]] - from = "sources/discord/discord2.png" - to = "users-sources/sources/social-logins/discord/discord2.png" - status = 302 - force = true - -[[redirects]] - from = "sources/discord/discord3.png" - to = "users-sources/sources/social-logins/discord/discord3.png" - status = 302 - force = true - -[[redirects]] - from = "sources/discord/discord4.png" - to = "users-sources/sources/social-logins/discord/discord4.png" - status = 302 - force = true - -[[redirects]] - from = "sources/discord/index.md" - to = "users-sources/sources/social-logins/discord/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/facebook/index.md" - to = "users-sources/sources/social-logins/facebook/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/freeipa/01_user_create.png" - to = "users-sources/sources/directory-sync/freeipa/01_user_create.pn" - status = 302 - force = true - -[[redirects]] - from = "sources/freeipa/02_user_roles.png" - to = "users-sources/sources/directory-sync/freeipa/02_user_roles.png" - status = 302 - force = true - -[[redirects]] - from = "sources/freeipa/03_add_user_role.png" - to = "users-sources/sources/directory-sync/freeipa/03_add_user_role.png" - status = 302 - force = true - -[[redirects]] - from = "sources/freeipa/04_source_settings_1.png" - to = "users-sources/sources/directory-sync/freeipa/04_source_settings_1.png" - status = 302 - force = true - -[[redirects]] - from = "sources/freeipa/05_source_settings_2.png" - to = "users-sources/sources/directory-sync/freeipa/05_source_settings_2.png" - status = 302 - force = true - -[[redirects]] - from = "sources/freeipa/06_sync_source.png" - to = "users-sources/sources/directory-sync/freeipa/06_sync_source.png" - status = 302 - force = true - -[[redirects]] - from = "sources/freeipa/07_password_stage.png" - to = "users-sources/sources/directory-sync/freeipa/07_password_stage.png" - status = 302 - force = true - -[[redirects]] - from = "sources/freeipa/index.md" - to = "users-sources/sources/directory-sync/freeipa/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/github/github_org_membership.png" - to = "users-sources/sources/social-logins/github/github_org_membership.png" - status = 302 - force = true - -[[redirects]] - from = "sources/github/githubdeveloper1.png" - to = "users-sources/sources/social-logins/github/githubdeveloper1.png" - status = 302 - force = true - -[[redirects]] - from = "sources/github/githubdeveloperexample.png" - to = "users-sources/sources/social-logins/github/githubdeveloperexample.png" - status = 302 - force = true - -[[redirects]] - from = "sources/github/githubexample2.png" - to = "users-sources/sources/social-logins/github/githubexample2.png" - status = 302 - force = true - -[[redirects]] - from = "sources/github/index.md" - to = "users-sources/sources/social-logins/github/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/google/authentiksource.png" - to = "users-sources/sources/social-logins/google/authentiksource.png" - status = 302 - force = true - -[[redirects]] - from = "sources/google/googledeveloper1.png" - to = "users-sources/sources/social-logins/google/googledeveloper1.png" - status = 302 - force = true - -[[redirects]] - from = "sources/google/googledeveloper2.png" - to = "users-sources/sources/social-logins/google/googledeveloper2.png" - status = 302 - force = true - -[[redirects]] - from = "sources/google/googledeveloper3.png" - to = "users-sources/sources/social-logins/google/googledeveloper3.png" - status = 302 - force = true - -[[redirects]] - from = "sources/google/googledeveloper4.png" - to = "users-sources/sources/social-logins/google/googledeveloper4.png" - status = 302 - force = true - -[[redirects]] - from = "sources/google/googledeveloper5.png" - to = "users-sources/sources/social-logins/google/googledeveloper5.png" - status = 302 - force = true - -[[redirects]] - from = "sources/google/googledeveloper6.png" - to = "users-sources/sources/social-logins/google/googledeveloper6.png" - status = 302 - force = true - -[[redirects]] - from = "sources/google/index.md" - to = "users-sources/sources/social-logins/google/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/index.md" - to = "users-sources/sources/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/ldap/index.md" - to = "users-sources/sources/protocols/ldap/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/mailcow/index.md" - to = "users-sources/sources/social-logins/mailcow/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/mailcow/mailcow1.png" - to = "users-sources/sources/social-logins/mailcow/mailcow1.png" - status = 302 - force = true - -[[redirects]] - from = "sources/mailcow/mailcow2.png" - to = "users-sources/sources/social-logins/mailcow/mailcow2.png" - status = 302 - force = true - -[[redirects]] - from = "sources/mailcow/mailcow3.png" - to = "users-sources/sources/social-logins/mailcow/mailcow3.png" - status = 302 - force = true - -[[redirects]] - from = "sources/mailcow/mailcow4.png" - to = "users-sources/sources/social-logins/mailcow/mailcow4.png" - status = 302 - force = true - -[[redirects]] - from = "sources/mailcow/mailcow5.png" - to = "users-sources/sources/social-logins/mailcow/mailcow5.png" - status = 302 - force = true - -[[redirects]] - from = "sources/oauth/index.md" - to = "users-sources/sources/protocols/oauth/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/plex/index.md" - to = "users-sources/sources/social-logins/plex/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/property-mappings/expressions.md" - to = "users-sources/sources/property-mappings/expressions.md" - status = 302 - force = true - -[[redirects]] - from = "sources/property-mappings/index.md" - to = "users-sources/sources/property-mappings/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/saml/index.md" - to = "users-sources/sources/protocols/saml/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/scim/index.md" - to = "users-sources/sources/protocols/scim/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/twitch/index.md" - to = "users-sources/sources/social-logins/twitch/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/twitch/twitch1.png" - to = "users-sources/sources/social-logins/twitch/twitch1.png" - status = 302 - force = true - -[[redirects]] - from = "sources/twitch/twitch2.png" - to = "users-sources/sources/social-logins/twitch/twitch2.png" - status = 302 - force = true - -[[redirects]] - from = "sources/twitch/twitch3.png" - to = "users-sources/sources/social-logins/twitch/twitch3.png" - status = 302 - force = true - -[[redirects]] - from = "sources/twitch/twitch4.png" - to = "users-sources/sources/social-logins/twitch/twitch4.png" - status = 302 - force = true - -[[redirects]] - from = "sources/twitch/twitch5.png" - to = "users-sources/sources/social-logins/twitch/twitch5.png" - status = 302 - force = true - -[[redirects]] - from = "sources/twitter/index.md" - to = "users-sources/sources/social-logins/twitter/index.md" - status = 302 - force = true - -[[redirects]] - from = "sources/twitter/twitter1.png" - to = "users-sources/sources/social-logins/twitter/twitter1.png" - status = 302 - force = true - -[[redirects]] - from = "sources/twitter/twitter2.png" - to = "users-sources/sources/social-logins/twitter/twitter2.png" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/access-control/flow-page.png" - to = "users-sources/access-control/flow-page.png" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/access-control/index.mdx" - to = "users-sources/access-control/index.mdx" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/access-control/manage_permissions.md" - to = "users-sources/access-control/manage_permissions.md" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/access-control/permissions.md" - to = "users-sources/access-control/permissions.md" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/access-control/user-page.png" - to = "users-sources/access-control/user-page.png" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/groups/group_ref.md" - to = "users-sources/groups/group_ref.md" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/groups/index.mdx" - to = "users-sources/groups/index.mdx" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/groups/manage_groups.md" - to = "users-sources/groups/manage_groups.md" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/roles/index.mdx" - to = "users-sources/roles/index.md" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/roles/manage_roles.md" - to = "users-sources/roles/manage_roles.md" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/user/create_invite.png" - to = "users-sources/user/create_invite.png" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/user/index.mdx" - to = "users-sources/user/index.mdx" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/user/invitations.md" - to = "users-sources/user/invitations.md" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/user/user_basic_operations.md" - to = "users-sources/user/user_basic_operations.md" - status = 302 - force = true - -[[redirects]] - from = "user-group-role/user/user_ref.md" - to = "users-sources/user/user_ref.md" - status = 302 - force = true - -# Manual redirects, moved Dev Docs into regular docs Sept 2024 -[[redirects]] - from = "/developer-docs/index.md" - to = "/docs/developer-docs/index.md" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/setup/full-dev-environment" - to = "/docs/developer-docs/setup/full-dev-environment" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/setup/frontend-dev-environment" - to = "/docs/developer-docs/setup/frontend-dev-environment" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/setup/website-dev-environment" - to = "/docs/developer-docs/setup/website-dev-environment" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/api/api" - to = "/docs/developer-docs/api/api" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/api/flow-executor" - to = "/docs/developer-docs/api/flow-executor" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/api/making-schema-changes" - to = "/docs/developer-docs/api/making-schema-changes" - status = 302 - force = true - -[[redirects]] - from = "/developer-docsapi/websocket" - to = "/docs/developer-docs/api/websocket" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/api/clients" - to = "/docs/developer-docs/api/clients" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/docs/writing-documentation" - to = "/docs/developer-docs/docs/writing-documentation" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/docs/style-guide" - to = "/docs/developer-docs/docs/style-guide" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/docs/templates/index" - to = "/docs/developer-docs/docs/templates/index" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/docs/templates/procedural" - to = "/docs/developer-docs/docs/templates/procedural" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/docs/templates/conceptual" - to = "/docs/developer-docs/docs/templates/conceptual" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/docs/templates/reference" - to = "/docs/developer-docs/docs/templates/reference" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/docs/templates/combo" - to = "/docs/developer-docs/docs/templates/combo" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/releases/index" - to = "/docs/developer-docs/releases/index" - status = 302 - force = true - -[[redirects]] - from = "/developer-docs/translation" - to = "/docs/developer-docs/translation" - status = 302 - force = true diff --git a/website/sidebars.js b/website/sidebars.js index ac398d02eea6..aa5e755b6b01 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -1,6 +1,5 @@ const generateVersionDropdown = require("./src/utils.js").generateVersionDropdown; -const apiReference = require("./docs/developer-docs/api/reference/sidebar"); const docsSidebar = { docs: [ @@ -13,9 +12,37 @@ const docsSidebar = { }, { type: "category", - label: "Core Concepts", + label: "Installation", collapsed: true, - items: ["core/terminology", "core/architecture"], + link: { + type: "doc", + id: "installation/index", + }, + items: [ + "installation/docker-compose", + "installation/kubernetes", + "installation/upgrade", + "installation/beta", + "installation/configuration", + "installation/reverse-proxy", + "installation/automated-install", + "installation/air-gapped", + "installation/monitoring", + "installation/storage-s3", + ], + }, + { + type: "category", + label: "Core Concepts & Tasks", + collapsed: true, + items: [ + "core/terminology", + "core/brands", + "core/certificates", + "core/geoip", + "core/architecture", + "core/settings", + ], }, { type: "category", @@ -33,618 +60,356 @@ const docsSidebar = { }, { type: "category", - label: "Installation and Configuration ", - collapsed: true, + label: "Applications", link: { type: "doc", - id: "install-config/index", + id: "applications/index", }, - items: [ - { - type: "category", - label: "Installation", - collapsed: true, - items: [ - "install-config/install/docker-compose", - "install-config/install/kubernetes", - ], - }, - { - type: "category", - label: "Configuration", - link: { - type: "doc", - id: "install-config/configuration/configuration", - }, - items: [], - }, - "install-config/upgrade", - "install-config/beta", - "install-config/reverse-proxy", - "install-config/geoip", - "install-config/automated-install", - "install-config/air-gapped", - "install-config/storage-s3", - ], + items: ["applications/manage_apps"], }, { type: "category", - label: "Add and Secure Applications", - collapsed: true, + label: "Providers", + link: { + type: "doc", + id: "providers/index", + }, items: [ { type: "category", - label: "Applications", + label: "OAuth2 Provider", link: { type: "doc", - id: "add-secure-apps/applications/index", + id: "providers/oauth2/index", }, - items: ["add-secure-apps/applications/manage_apps"], + items: [ + "providers/oauth2/client_credentials", + "providers/oauth2/device_code", + ], }, + "providers/saml/index", { type: "category", - label: "Providers", + label: "Google Workspace Provider", link: { type: "doc", - id: "add-secure-apps/providers/index", + id: "providers/gws/index", }, items: [ - { - type: "category", - label: "Property Mappings", - link: { - type: "doc", - id: "add-secure-apps/providers/property-mappings/index", - }, - items: [ - "add-secure-apps/providers/property-mappings/expression", - , - ], - }, - { - type: "category", - label: "Google Workspace Provider", - link: { - type: "doc", - id: "add-secure-apps/providers/gws/index", - }, - items: [ - "add-secure-apps/providers/gws/setup-gws", - "add-secure-apps/providers/gws/add-gws-provider", - ], - }, - { - type: "category", - label: "LDAP Provider", - link: { - type: "doc", - id: "add-secure-apps/providers/ldap/index", - }, - items: [ - "add-secure-apps/providers/ldap/generic_setup", - ], - }, - { - type: "category", - label: "Microsoft Entra ID Provider", - link: { - type: "doc", - id: "add-secure-apps/providers/entra/index", - }, - items: [ - "add-secure-apps/providers/entra/setup-entra", - "add-secure-apps/providers/entra/add-entra-provider", - ], - }, - { - type: "category", - label: "OAuth2 Provider", - link: { - type: "doc", - id: "add-secure-apps/providers/oauth2/index", - }, - items: [ - "add-secure-apps/providers/oauth2/client_credentials", - "add-secure-apps/providers/oauth2/device_code", - ], - }, - "add-secure-apps/providers/saml/index", - "add-secure-apps/providers/radius/index", - { - type: "category", - label: "Proxy Provider", - link: { - type: "doc", - id: "add-secure-apps/providers/proxy/index", - }, - items: [ - "add-secure-apps/providers/proxy/custom_headers", - "add-secure-apps/providers/proxy/header_authentication", - { - type: "category", - label: "Forward authentication", - link: { - type: "doc", - id: "add-secure-apps/providers/proxy/forward_auth", - }, - items: [ - "add-secure-apps/providers/proxy/server_nginx", - "add-secure-apps/providers/proxy/server_traefik", - "add-secure-apps/providers/proxy/server_envoy", - "add-secure-apps/providers/proxy/server_caddy", - ], - }, - ], - }, - "add-secure-apps/providers/scim/index", - { - type: "category", - label: "RAC (Remote Access Control) Provider", - link: { - type: "doc", - id: "add-secure-apps/providers/rac/index", - }, - items: ["add-secure-apps/providers/rac/how-to-rac"], - }, + "providers/gws/setup-gws", + "providers/gws/add-gws-provider", ], }, { type: "category", - label: "Flows and Stages", - collapsed: true, - items: [ - { - type: "category", - label: "Flows", - link: { - type: "doc", - id: "add-secure-apps/flows-stages/flow/index", - }, - items: [ - "add-secure-apps/flows-stages/flow/layouts", - "add-secure-apps/flows-stages/flow/inspector", - "add-secure-apps/flows-stages/flow/context/index", - { - type: "category", - label: "Examples", - items: [ - "add-secure-apps/flows-stages/flow/examples/flows", - "add-secure-apps/flows-stages/flow/examples/snippets", - ], - }, - { - type: "category", - label: "Executors", - items: [ - "add-secure-apps/flows-stages/flow/executors/if-flow", - "add-secure-apps/flows-stages/flow/executors/sfe", - "add-secure-apps/flows-stages/flow/executors/user-settings", - "add-secure-apps/flows-stages/flow/executors/headless", - ], - }, - ], - }, - { - type: "category", - label: "Stages", - link: { - type: "doc", - id: "add-secure-apps/flows-stages/stages/index", - }, - items: [ - "add-secure-apps/flows-stages/stages/authenticator_duo/index", - "add-secure-apps/flows-stages/stages/authenticator_sms/index", - "add-secure-apps/flows-stages/stages/authenticator_static/index", - "add-secure-apps/flows-stages/stages/authenticator_totp/index", - "add-secure-apps/flows-stages/stages/authenticator_validate/index", - "add-secure-apps/flows-stages/stages/authenticator_webauthn/index", - "add-secure-apps/flows-stages/stages/captcha/index", - "add-secure-apps/flows-stages/stages/deny", - "add-secure-apps/flows-stages/stages/email/index", - "add-secure-apps/flows-stages/stages/identification/index", - "add-secure-apps/flows-stages/stages/invitation/index", - "add-secure-apps/flows-stages/stages/password/index", - "add-secure-apps/flows-stages/stages/prompt/index", - "add-secure-apps/flows-stages/stages/source/index", - "add-secure-apps/flows-stages/stages/user_delete", - "add-secure-apps/flows-stages/stages/user_login/index", - "add-secure-apps/flows-stages/stages/user_logout", - "add-secure-apps/flows-stages/stages/user_write", - ], - }, - ], + label: "LDAP Provider", + link: { + type: "doc", + id: "providers/ldap/index", + }, + items: ["providers/ldap/generic_setup"], }, { type: "category", - label: "Outposts", + label: "Microsoft Entra ID Provider", link: { type: "doc", - id: "add-secure-apps/outposts/index", + id: "providers/entra/index", }, items: [ - "add-secure-apps/outposts/embedded/embedded", - { - type: "category", - label: "Integrations", - items: [ - "add-secure-apps/outposts/integrations/docker", - "add-secure-apps/outposts/integrations/kubernetes", - ], - }, - { - type: "category", - label: "Running and upgrading", - items: [ - "add-secure-apps/outposts/manual-deploy-docker-compose", - "add-secure-apps/outposts/manual-deploy-kubernetes", - "add-secure-apps/outposts/upgrading", - ], - }, - "add-secure-apps/outposts/manual-deploy-docker-compose", - "add-secure-apps/outposts/manual-deploy-kubernetes", + "providers/entra/setup-entra", + "providers/entra/add-entra-provider", ], }, - ], - }, - { - type: "category", - label: "Customize your instance", - collapsed: true, - items: [ + "providers/radius/index", { type: "category", - label: "Policies", - collapsed: true, + label: "Proxy Provider", link: { type: "doc", - id: "customize/policies/index", + id: "providers/proxy/index", }, items: [ + "providers/proxy/custom_headers", + "providers/proxy/header_authentication", { type: "category", - label: "Working with Policies", + label: "Forward authentication", link: { type: "doc", - id: "customize/policies/working_with_policies/working_with_policies", + id: "providers/proxy/forward_auth", }, items: [ - "customize/policies/working_with_policies/unique_email", - "customize/policies/working_with_policies/whitelist_email", + "providers/proxy/server_nginx", + "providers/proxy/server_traefik", + "providers/proxy/server_envoy", + "providers/proxy/server_caddy", ], }, ], }, + "providers/scim/index", { type: "category", - label: "Interfaces", - items: [ - { - type: "category", - label: "Flow", - items: ["customize/interfaces/flow/customization"], - }, - { - type: "category", - label: "User", - items: ["customize/interfaces/user/customization"], - }, - { - type: "category", - label: "Admin", - items: ["customize/interfaces/admin/customization"], - }, - ], + label: "RAC (Remote Access Control) Provider", + link: { + type: "doc", + id: "providers/rac/index", + }, + items: ["providers/rac/how-to-rac"], }, { type: "category", - label: "Blueprints", + label: "Property Mappings", link: { type: "doc", - id: "customize/blueprints/index", + id: "providers/property-mappings/index", }, - items: [ - "customize/blueprints/export", - "customize/blueprints/v1/structure", - "customize/blueprints/v1/tags", - "customize/blueprints/v1/example", - { - type: "category", - label: "Models", - link: { - type: "doc", - id: "customize/blueprints/v1/models", - }, - items: ["customize/blueprints/v1/meta"], - }, - ], + items: ["providers/property-mappings/expression"], }, - "customize/brands", ], }, { type: "category", - label: "Manage Users and Sources", + label: "Sources", collapsed: true, + link: { + type: "doc", + id: "sources/index", + }, items: [ { type: "category", - label: "Users", - link: { - type: "doc", - id: "users-sources/user/index", - }, - items: [ - "users-sources/user/user_basic_operations", - "users-sources/user/user_ref", - "users-sources/user/invitations", - ], - }, - { - type: "category", - label: "Groups", - link: { - type: "doc", - id: "users-sources/groups/index", - }, + label: "Protocols", items: [ - "users-sources/groups/manage_groups", - "users-sources/groups/group_ref", + "sources/ldap/index", + "sources/oauth/index", + "sources/saml/index", + "sources/scim/index", ], }, { type: "category", - label: "Roles", + label: "Property Mappings", link: { type: "doc", - id: "users-sources/roles/index", + id: "sources/property-mappings/index", }, - items: ["users-sources/roles/manage_roles"], + items: ["sources/property-mappings/expressions"], }, { type: "category", - label: "Access Control", - link: { - type: "doc", - id: "users-sources/access-control/index", - }, + label: "Directory synchronization", items: [ - "users-sources/access-control/permissions", - "users-sources/access-control/manage_permissions", + "sources/active-directory/index", + "sources/freeipa/index", ], }, { type: "category", - label: "Federated and Social Sources", - collapsed: true, - link: { - type: "doc", - id: "users-sources/sources/index", - }, + label: "Social Logins", items: [ - { - type: "category", - label: "Protocols", - collapsed: true, - items: [ - "users-sources/sources/protocols/ldap/index", - "users-sources/sources/protocols/oauth/index", - "users-sources/sources/protocols/saml/index", - "users-sources/sources/protocols/scim/index", - ], - }, - { - type: "category", - label: "Source Property Mappings", - link: { - type: "doc", - id: "users-sources/sources/property-mappings/index", - }, - items: [ - "users-sources/sources/property-mappings/expressions", - ], - }, - { - type: "category", - label: "Directory synchronization", - items: [ - "users-sources/sources/directory-sync/active-directory/index", - "users-sources/sources/directory-sync/freeipa/index", - ], - }, - { - type: "category", - label: "Social Logins", - items: [ - "users-sources/sources/social-logins/apple/index", - "users-sources/sources/social-logins/azure-ad/index", - "users-sources/sources/social-logins/discord/index", - "users-sources/sources/social-logins/facebook/index", - "users-sources/sources/social-logins/github/index", - "users-sources/sources/social-logins/google/index", - "users-sources/sources/social-logins/mailcow/index", - "users-sources/sources/social-logins/twitch/index", - "users-sources/sources/social-logins/plex/index", - "users-sources/sources/social-logins/twitter/index", - ], - }, + "sources/apple/index", + "sources/azure-ad/index", + "sources/discord/index", + "sources/facebook/index", + "sources/github/index", + "sources/google/index", + "sources/mailcow/index", + "sources/twitch/index", + "sources/plex/index", + "sources/twitter/index", ], }, ], }, { type: "category", - label: "System Management", - collapsed: true, + label: "Outposts", + link: { + type: "doc", + id: "outposts/index", + }, items: [ + "outposts/embedded/embedded", { type: "category", - label: "Operations", - collapsed: true, - items: ["sys-mgmt/ops/monitoring"], + label: "Integrations", + items: [ + "outposts/integrations/docker", + "outposts/integrations/kubernetes", + ], }, { type: "category", - label: "Events", - collapsed: true, - link: { - type: "doc", - id: "sys-mgmt/events/index", - }, + label: "Running and upgrading", items: [ - "sys-mgmt/events/notifications", - "sys-mgmt/events/transports", + "outposts/manual-deploy-docker-compose", + "outposts/manual-deploy-kubernetes", + "outposts/upgrading", ], }, - "sys-mgmt/certificates", - "sys-mgmt/settings", ], }, { type: "category", - label: "Developer Documentation", - collapsed: true, + label: "Flows", link: { type: "doc", - id: "developer-docs/index", + id: "flow/index", }, items: [ + "flow/layouts", + "flow/inspector", + "flow/context/index", { type: "category", - label: "Setup", - items: [ - "developer-docs/setup/full-dev-environment", - "developer-docs/setup/frontend-dev-environment", - "developer-docs/setup/website-dev-environment", - ], + label: "Examples", + items: ["flow/examples/flows", "flow/examples/snippets"], }, { type: "category", - label: "API", - link: { - type: "doc", - id: "developer-docs/api/api", - }, + label: "Executors", items: [ - "developer-docs/api/flow-executor", - "developer-docs/api/making-schema-changes", - "developer-docs/api/websocket", - { - type: "category", - label: "Reference", - items: apiReference, - }, - "developer-docs/api/clients", + "flow/executors/if-flow", + "flow/executors/sfe", + "flow/executors/user-settings", + "flow/executors/headless", ], }, + ], + }, + { + type: "category", + label: "Stages", + link: { + type: "doc", + id: "flow/stages/index", + }, + items: [ + "flow/stages/authenticator_duo/index", + "flow/stages/authenticator_sms/index", + "flow/stages/authenticator_static/index", + "flow/stages/authenticator_totp/index", + "flow/stages/authenticator_validate/index", + "flow/stages/authenticator_webauthn/index", + "flow/stages/captcha/index", + "flow/stages/deny", + "flow/stages/email/index", + "flow/stages/identification/index", + "flow/stages/invitation/index", + "flow/stages/password/index", + "flow/stages/prompt/index", + "flow/stages/source/index", + "flow/stages/user_delete", + "flow/stages/user_login/index", + "flow/stages/user_logout", + "flow/stages/user_write", + ], + }, + { + type: "category", + label: "Policies", + link: { + type: "doc", + id: "policies/index", + }, + items: [ { type: "category", - label: "Writing documentation", + label: "Working with policies", link: { type: "doc", - id: "developer-docs/docs/writing-documentation", + id: "policies/working_with_policies/working_with_policies", }, items: [ - "developer-docs/docs/style-guide", - { - type: "category", - label: "Templates", - link: { - type: "doc", - id: "developer-docs/docs/templates/index", - }, - items: [ - "developer-docs/docs/templates/procedural", - "developer-docs/docs/templates/conceptual", - "developer-docs/docs/templates/reference", - "developer-docs/docs/templates/combo", - ], - }, + "policies/working_with_policies/whitelist_email", + "policies/working_with_policies/unique_email", ], }, - { - type: "doc", - id: "developer-docs/releases/index", - }, - "developer-docs/translation", + "policies/expression", ], }, { type: "category", - label: "Security", - collapsed: true, + label: "Events", link: { - type: "generated-index", - title: "Security", - slug: "security", + type: "doc", + id: "events/index", }, + items: ["events/notifications", "events/transports"], + }, + { + type: "category", + label: "Interfaces", items: [ - "security/policy", - "security/security-hardening", { type: "category", - label: "Audits and Certificates", - items: ["security/audits-and-certs/2023-06-cure53"], + label: "Flow", + items: ["interfaces/flow/customization"], }, { type: "category", - label: "CVEs", - items: [ - "security/cves/CVE-2024-47077", - "security/cves/CVE-2024-47070", - "security/cves/CVE-2024-38371", - "security/cves/CVE-2024-37905", - "security/cves/CVE-2024-23647", - "security/cves/CVE-2024-21637", - "security/cves/CVE-2023-48228", - "security/cves/GHSA-rjvp-29xq-f62w", - "security/cves/CVE-2023-39522", - "security/cves/CVE-2023-36456", - "security/cves/CVE-2023-26481", - "security/cves/CVE-2022-23555", - "security/cves/CVE-2022-46145", - "security/cves/CVE-2022-46172", - ], + label: "User", + items: ["interfaces/user/customization"], + }, + { + type: "category", + label: "Admin", + items: ["interfaces/admin/customization"], }, ], }, { type: "category", - label: "Troubleshooting", - link: { - type: "generated-index", - title: "Troubleshooting", - slug: "troubleshooting", - description: "Troubleshooting various issues", - }, + label: "Users, Groups, & Roles", items: [ { type: "category", - label: "Forward auth", - items: ["troubleshooting/forward_auth/general"], + label: "Users", link: { - type: "generated-index", - title: "Forward auth troubleshooting", - slug: "troubleshooting/forward_auth", - description: - "Steps to help debug forward auth setups with various reverse proxies.", + type: "doc", + id: "user-group-role/user/index", }, + items: [ + "user-group-role/user/user_basic_operations", + "user-group-role/user/user_ref", + "user-group-role/user/invitations", + ], }, { type: "category", - label: "PostgreSQL", + label: "Groups", + link: { + type: "doc", + id: "user-group-role/groups/index", + }, items: [ - "troubleshooting/postgres/upgrade_kubernetes", - "troubleshooting/postgres/upgrade_docker", + "user-group-role/groups/manage_groups", + "user-group-role/groups/group_ref", + ], + }, + { + type: "category", + label: "Roles", + link: { + type: "doc", + id: "user-group-role/roles/index", + }, + items: ["user-group-role/roles/manage_roles"], + }, + { + type: "category", + label: "Access control", + link: { + type: "doc", + id: "user-group-role/access-control/index", + }, + items: [ + "user-group-role/access-control/permissions", + "user-group-role/access-control/manage_permissions", ], }, - "troubleshooting/access", - "troubleshooting/login", - "troubleshooting/image_upload", - "troubleshooting/missing_permission", - "troubleshooting/missing_admin_group", - "troubleshooting/csrf", - "troubleshooting/emails", - "troubleshooting/ldap_source", ], }, { @@ -657,13 +422,14 @@ const docsSidebar = { description: "Release Notes for recent authentik versions", }, items: [ + "releases/2024/v2024.8", "releases/2024/v2024.6", "releases/2024/v2024.4", - "releases/2024/v2024.2", { type: "category", label: "Previous versions", items: [ + "releases/2024/v2024.2", "releases/2023/v2023.10", "releases/2023/v2023.8", "releases/2023/v2023.6", @@ -704,7 +470,77 @@ const docsSidebar = { }, ], }, + { + type: "category", + label: "Troubleshooting", + link: { + type: "generated-index", + title: "Troubleshooting", + slug: "troubleshooting", + description: "Troubleshooting various issues", + }, + items: [ + { + type: "category", + label: "Forward auth", + items: ["troubleshooting/forward_auth/general"], + link: { + type: "generated-index", + title: "Forward auth troubleshooting", + slug: "troubleshooting/forward_auth", + description: + "Steps to help debug forward auth setups with various reverse proxies.", + }, + }, + { + type: "category", + label: "PostgreSQL", + items: [ + "troubleshooting/postgres/upgrade_kubernetes", + "troubleshooting/postgres/upgrade_docker", + ], + }, + "troubleshooting/access", + "troubleshooting/login", + "troubleshooting/image_upload", + "troubleshooting/missing_permission", + "troubleshooting/missing_admin_group", + "troubleshooting/csrf", + "troubleshooting/emails", + "troubleshooting/ldap_source", + ], + }, + { + type: "category", + label: "Security", + link: { + type: "generated-index", + title: "Security", + slug: "security", + }, + items: [ + "security/security-hardening", + "security/policy", + "security/CVE-2024-47077", + "security/CVE-2024-47070", + "security/CVE-2024-42490", + "security/CVE-2024-38371", + "security/CVE-2024-37905", + "security/CVE-2024-23647", + "security/CVE-2024-21637", + "security/CVE-2023-48228", + "security/GHSA-rjvp-29xq-f62w", + "security/CVE-2023-39522", + "security/CVE-2023-36456", + "security/2023-06-cure53", + "security/CVE-2023-26481", + "security/CVE-2022-23555", + "security/CVE-2022-46145", + "security/CVE-2022-46172", + ], + }, ], }; + docsSidebar.docs[0].value = generateVersionDropdown(docsSidebar); module.exports = docsSidebar; diff --git a/website/sidebarsDev.js b/website/sidebarsDev.js new file mode 100644 index 000000000000..8e1e8166d64b --- /dev/null +++ b/website/sidebarsDev.js @@ -0,0 +1,106 @@ +const docsSidebar = require("./sidebars.js"); +const generateVersionDropdown = + require("./src/utils.js").generateVersionDropdown; +const apiReference = require("./developer-docs/api/reference/sidebar"); + +module.exports = { + docs: [ + { + type: "html", + value: generateVersionDropdown(docsSidebar), + }, + { + type: "doc", + id: "index", + }, + { + type: "category", + label: "Blueprints", + link: { + type: "doc", + id: "blueprints/index", + }, + items: [ + "blueprints/export", + "blueprints/v1/structure", + "blueprints/v1/tags", + "blueprints/v1/example", + { + type: "category", + label: "Models", + link: { + type: "doc", + id: "blueprints/v1/models", + }, + items: ["blueprints/v1/meta"], + }, + ], + }, + { + type: "category", + label: "API", + link: { + type: "doc", + id: "api/api", + }, + items: [ + "api/flow-executor", + "api/making-schema-changes", + "api/websocket", + { + type: "category", + label: "Reference", + items: apiReference, + }, + "api/clients", + ], + }, + { + type: "category", + label: "Setup", + items: [ + "setup/full-dev-environment", + "setup/frontend-dev-environment", + "setup/website-dev-environment", + ], + }, + { + type: "doc", + id: "translation", + }, + { + type: "category", + label: "Writing documentation", + link: { + type: "doc", + id: "docs/writing-documentation", + }, + items: [ + "docs/style-guide", + { + type: "category", + label: "Templates", + link: { + type: "doc", + id: "docs/templates/index", + }, + items: [ + "docs/templates/procedural", + "docs/templates/conceptual", + "docs/templates/reference", + "docs/templates/combo", + ], + }, + ], + }, + { + type: "doc", + id: "releases/index", + }, + { + type: "category", + label: "Community Events", + items: ["hackathon/index"], + }, + ], +}; diff --git a/website/sidebarsIntegrations.js b/website/sidebarsIntegrations.js index abef921ac2c1..7faee66f55bb 100644 --- a/website/sidebarsIntegrations.js +++ b/website/sidebarsIntegrations.js @@ -1,5 +1,13 @@ +const docsSidebar = require("./sidebars.js"); +const generateVersionDropdown = + require("./src/utils.js").generateVersionDropdown; + module.exports = { integrations: [ + { + type: "html", + value: generateVersionDropdown(docsSidebar), + }, { type: "doc", id: "index",