authentik/website/integrations/services/immich/index.md

---
title: Immich
---

<span class="badge badge--secondary">Support level: Community</span>

## What is Immich

> Immich is a self-hosted backup solution for photos and videos on mobile devices.
>
> -- https://immich.app/

## Preparation

The following placeholders will be used:

-   `https://immich.company` is the URL used to access the Immich instance.
-   `authentik.company` is the FQDN of the authentik install.

## authentik configuration

1. Create a new OAuth2/OpenID Provider using the following settings:
    - **Name**: Immich
    - **Authentication flow**: default-authentication-flow
    - **Authorization flow**: default-provider-authorization-explicit-consent
    - **Client type**: Confidential
    - **Client ID**: Either create your own Client ID or make a note of the auto-populated one
    - **Client Secret**: Either create your own Client Secret or make a note of the auto-populated one
    - **Redirect URIs/Origins (RegEx)**:
      _Please note that the following URIs are just examples. Be sure to include all of the domains / URLs that you will use to access Immich._
        - app.immich:/
        - https://immich.company/auth/login
        - https://immich.company/user-settings
    - **Signing Key**: authentik Self-signed Certificate
    - Leave everything else as default
2. Open the new provider you've just created.
3. Make a note of the **OpenID Configuration Issuer**.

## Immich Configuration

Immich documentation can be found here: https://immich.app/docs/administration/oauth

1. In Immich, navigate to **Administration** > **Settings** > **OAuth Authentication**
2. Configure Immich as follows:
    - **Issuer URL**: Populate this field with the `OpenID Configuration Issuer`
    - **Client ID**: Enter your Client ID from authentik
    - **Client Secret**: Enter your Client Secret from authentik
    - **Scope**: `openid email profile`
website/integrations: add Immich (#7829) 2023-12-15 13:02:53 +00:00			`---`
			`title: Immich`
			`---`

			`<span class="badge badge--secondary">Support level: Community</span>`

			`## What is Immich`

			`> Immich is a self-hosted backup solution for photos and videos on mobile devices.`
			`>`
			`> -- https://immich.app/`

			`## Preparation`

			`The following placeholders will be used:`

			- `https://immich.company` is the URL used to access the Immich instance.
			- `authentik.company` is the FQDN of the authentik install.

			`## authentik configuration`

			`1. Create a new OAuth2/OpenID Provider using the following settings:`
			`- Name: Immich`
			`- Authentication flow: default-authentication-flow`
			`- Authorization flow: default-provider-authorization-explicit-consent`
			`- Client type: Confidential`
			`- Client ID: Either create your own Client ID or make a note of the auto-populated one`
			`- Client Secret: Either create your own Client Secret or make a note of the auto-populated one`
			`- Redirect URIs/Origins (RegEx):`
			`_Please note that the following URIs are just examples. Be sure to include all of the domains / URLs that you will use to access Immich._`
			`- app.immich:/`
			`- https://immich.company/auth/login`
			`- https://immich.company/user-settings`
			`- Signing Key: authentik Self-signed Certificate`
			`- Leave everything else as default`
			`2. Open the new provider you've just created.`
			`3. Make a note of the OpenID Configuration Issuer.`

			`## Immich Configuration`

			`Immich documentation can be found here: https://immich.app/docs/administration/oauth`

			`1. In Immich, navigate to Administration > Settings > OAuth Authentication`
			`2. Configure Immich as follows:`
			- Issuer URL: Populate this field with the `OpenID Configuration Issuer`
			`- Client ID: Enter your Client ID from authentik`
			`- Client Secret: Enter your Client Secret from authentik`
			- Scope: `openid email profile`