authentik/website/integrations/services/home-assistant/index.md


---
title: Home Assistant
---

<span class="badge badge--secondary">Support level: Community</span>

## What is Home Assistant

> Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.
>
> -- https://www.home-assistant.io/

:::caution
You might run into CSRF errors, this is caused by a technology Home-assistant uses and not authentik, see [this GitHub issue](https://github.com/goauthentik/authentik/issues/884#issuecomment-851542477).
:::
:::note
For Home Assistant to work with authentik, a custom integration needs to be installed for Home Assistant. 
:::

## Preparation

The following placeholders will be used:

-   `hass.company` is the FQDN of the Home Assistant install.
-   `authentik.company` is the FQDN of the authentik install.

## Home Assistant configuration

1. Configure [trusted_proxies](https://www.home-assistant.io/integrations/http/#trusted_proxies) for the HTTP integration with the IP(s) of the Host(s) authentik is running on.
2. If you don't already have it set up, install https://github.com/BeryJu/hass-auth-header, using the installation guide.
3. There are two ways to configure the custom component.

    1. To match on the user's authentik username, use the following configuration:

    ```yaml
    auth_header:
        username_header: X-authentik-username
    ```

   2.  Alternatively, you can associate an existing Home Assistant username to an authentik username.
       1.  Within authentik, naviagte to **Directory** > **Users**.
       2.  Select **Edit** for the user then add the following configuration to the **Attributes** section. Be sure to replace `hassusername` with the Home Assistant username.

       :::note
       This configuration will add an additional header for the authentik user which will contain the Home Assistant username and allow Home Assistant to authenticate based on that. 
       :::

        ```yaml
        additionalHeaders:
            X-ak-hass-user: hassusername
        ```

       3. Then configure the Home Assistant custom component to use this header:
        ```yaml
        auth_header:
            username_header: X-ak-hass-user
        ```

## authentik configuration

1. Create a **Proxy Provider** under **Applications** > **Providers** using the following settings:

   - **Name**: Home Assistant
   - **Authentication flow**: default-authentication-flow
   - **Authorization flow**: default-provider-authorization-explicit-consent
   - **External Host**: Set this to the external URL you will be accessing Home Assistant from
   - **Internal Host**: `http://hass.company:8123`

2. Create an **Application** under **Applications** > **Applications** using the following settings:
    - **Name**: Home Assistant
    - **Slug**: homeassistant
    - **Provider**: Home Assistant (the provider you created in step 1)

3. Create an outpost deployment for the provider you've created above, as described [here](../../../docs/outposts/). Deploy this Outpost either on the same host or a different host that can access Home Assistant. The outpost will connect to authentik and configure itself.
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00
Migrate to Docusaurus (#329) * docs: initial migration to docusaurus * website: add custom font, update blurbs and icons * website: update splash * root: update links to docs * flows: use .pbflow extension so docusaurus doesn't mangle the files * e2e: workaround prospector * Squashed commit of the following: commit 1248585dcae5d65ddb8ecc75b76204fd1407c33a Author: Jens Langhammer <jens.langhammer@beryju.org> Date: Sun Nov 15 20:46:53 2020 +0100 e2e: attempt to fix prospector error again commit 1319c480c4c6f86cf0dde91305dea52749c867a3 Author: Jens Langhammer <jens.langhammer@beryju.org> Date: Sun Nov 15 20:41:35 2020 +0100 ci: install previous python version for upgrade testing * web: update accent colours and format * website: format markdown files * website: fix colours for text * website: switch to temporary accent colour to improve readability * flows: fix path for TestTransferDocs * flows: fix formatting of tests 2020-11-15 21:42:02 +00:00			`---`
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`title: Home Assistant`
Migrate to Docusaurus (#329) * docs: initial migration to docusaurus * website: add custom font, update blurbs and icons * website: update splash * root: update links to docs * flows: use .pbflow extension so docusaurus doesn't mangle the files * e2e: workaround prospector * Squashed commit of the following: commit 1248585dcae5d65ddb8ecc75b76204fd1407c33a Author: Jens Langhammer <jens.langhammer@beryju.org> Date: Sun Nov 15 20:46:53 2020 +0100 e2e: attempt to fix prospector error again commit 1319c480c4c6f86cf0dde91305dea52749c867a3 Author: Jens Langhammer <jens.langhammer@beryju.org> Date: Sun Nov 15 20:41:35 2020 +0100 ci: install previous python version for upgrade testing * web: update accent colours and format * website: format markdown files * website: fix colours for text * website: switch to temporary accent colour to improve readability * flows: fix path for TestTransferDocs * flows: fix formatting of tests 2020-11-15 21:42:02 +00:00			`---`
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
website/docs: support levels (#3103) * website/docs: add badges for integration level Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add badge for sources Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-06-15 19:31:34 +00:00			`<span class="badge badge--secondary">Support level: Community</span>`

- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`## What is Home Assistant`
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
website/integrations: cite better (#6431) * update awx-tower to RHAAP Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate to new quotation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update all Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-07-31 10:16:58 +00:00			`> Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.`
			`>`
			`> -- https://www.home-assistant.io/`
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
providers/proxy: add initial header token auth (#4421) * initial implementation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * check for openid/profile claims Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include jwks sources in proxy provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add web ui for jwks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only show sources with JWKS data configured Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix introspection tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start basic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add basic auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs, update admonitions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add client_id to api, add tab for auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-01-13 15:22:03 +00:00			`:::caution`
website/integrations: clear up home-assistant integration Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-12 19:40:58 +00:00			`You might run into CSRF errors, this is caused by a technology Home-assistant uses and not authentik, see [this GitHub issue](https://github.com/goauthentik/authentik/issues/884#issuecomment-851542477).`
website/docs: add note for CSRF in hass Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-31 15:08:39 +00:00			`:::`
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`:::note`
			`For Home Assistant to work with authentik, a custom integration needs to be installed for Home Assistant.`
			`:::`
website/docs: add note for CSRF in hass Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-31 15:08:39 +00:00
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00			`## Preparation`

			`The following placeholders will be used:`

- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			- `hass.company` is the FQDN of the Home Assistant install.
website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			- `authentik.company` is the FQDN of the authentik install.
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`## Home Assistant configuration`
docs: update proxy docs 2020-10-29 21:12:13 +00:00
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`1. Configure [trusted_proxies](https://www.home-assistant.io/integrations/http/#trusted_proxies) for the HTTP integration with the IP(s) of the Host(s) authentik is running on.`
			`2. If you don't already have it set up, install https://github.com/BeryJu/hass-auth-header, using the installation guide.`
			`3. There are two ways to configure the custom component.`
docs: update proxy docs 2020-10-29 21:12:13 +00:00
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`1. To match on the user's authentik username, use the following configuration:`
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			```yaml
			`auth_header:`
			`username_header: X-authentik-username`
			```
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`2. Alternatively, you can associate an existing Home Assistant username to an authentik username.`
			`1. Within authentik, naviagte to Directory > Users.`
			2. Select Edit for the user then add the following configuration to the Attributes section. Be sure to replace `hassusername` with the Home Assistant username.
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`:::note`
			`This configuration will add an additional header for the authentik user which will contain the Home Assistant username and allow Home Assistant to authenticate based on that.`
			`:::`
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			```yaml
			`additionalHeaders:`
			`X-ak-hass-user: hassusername`
			```
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`3. Then configure the Home Assistant custom component to use this header:`
			```yaml
			`auth_header:`
			`username_header: X-ak-hass-user`
			```
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`## authentik configuration`
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`1. Create a Proxy Provider under Applications > Providers using the following settings:`
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`- Name: Home Assistant`
			`- Authentication flow: default-authentication-flow`
			`- Authorization flow: default-provider-authorization-explicit-consent`
			`- External Host: Set this to the external URL you will be accessing Home Assistant from`
			- Internal Host: `http://hass.company:8123`
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`2. Create an Application under Applications > Applications using the following settings:`
			`- Name: Home Assistant`
			`- Slug: homeassistant`
			`- Provider: Home Assistant (the provider you created in step 1)`
docs: add home-assistant integration docs 2020-10-26 21:03:37 +00:00
- Changing Home-Assistant to Home Assistant - Attempt to standardise the documentation - Attempted to make the Home Assistant configuration easier to follow 2023-12-18 16:51:05 +00:00			`3. Create an outpost deployment for the provider you've created above, as described [here](../../../docs/outposts/). Deploy this Outpost either on the same host or a different host that can access Home Assistant. The outpost will connect to authentik and configure itself.`