diff --git a/website/integrations/services/synology-dsm/index.md b/website/integrations/services/synology-dsm/index.md new file mode 100644 index 000000000..a40381e14 --- /dev/null +++ b/website/integrations/services/synology-dsm/index.md @@ -0,0 +1,60 @@ +--- +title: Synology DSM +--- + +Support level: Community + +## What is Synology DSM + +> Synology Inc. is a Taiwanese corporation that specializes in network-attached storage (NAS) appliances. Synology's line of NAS is known as the DiskStation for desktop models, FlashStation for all-flash models, and RackStation for rack-mount models. Synology's products are distributed worldwide and localized in several languages. +> +> -- https://www.synology.com/en-global/dsm + +:::caution +This is tested with DSM 7.1 or newer. +::: + +## Preparation + +The following placeholders will be used: + +- `synology.company` is the FQDN of the Synology DSM server. +- `authentik.company` is the FQDN of the authentik install. + +### Step 1 + +Under _Providers_, create an OAuth2/OpenID provider with these settings: + +- Name: synology +- Redirect URI: `https://synology.company/#/signin` (Note the absence of the trailing slash, and the inclusion of the webinterface port) +- Signing Key: Select any available key +- Subject mode: Based on the Users's Email (Matching on username could work, but not if you have duplicates due to e.g. a LDAP connection) +- Take note of the 'Client ID' and 'Client secret' + +### Step 2 + +Create an application which uses this provider. Optionally apply access restrictions to the application. + +## Synology DSM setup + +To configure Synology DSM to utilize Authelia as an OpenID Connect 1.0 Provider: + +1. Go to DSM. +2. Go to Control Panel. +3. Go To Domain/LDAP. +4. Go to SSO Client. +5. Check the Enable OpenID Connect SSO service checkbox in the OpenID Connect SSO Service section. +6. Configure the following values: +7. Profile: OIDC +8. Name: Authentik +9. Well Known URL: Copy this from the 'OpenID Configuration URL' in the authentik provider (URL ends with '/.well-known/openid-configuration') +10. Application ID: The 'Client ID' from the authentik provider +11. Application Key: The 'Client secret' from the authentik provider +12. Redirect URL: https://synology.company/#/signin (This should match the 'Redirect URI' in authentik exactly) +13. Authorization Scope: openid profile email +14. Username Claim: preferred_username +15. Save the settings. + + +## See also: +[Synology DSM SSO Client Documentation](https://kb.synology.com/en-af/DSM/help/DSM/AdminCenter/file_directory_service_sso?version=7)