diff --git a/authentik/core/tests/test_impersonation.py b/authentik/core/tests/test_impersonation.py index d37695c2a..4411fbfe7 100644 --- a/authentik/core/tests/test_impersonation.py +++ b/authentik/core/tests/test_impersonation.py @@ -6,7 +6,6 @@ from rest_framework.test import APITestCase from authentik.core.models import User from authentik.core.tests.utils import create_test_admin_user -from authentik.lib.config import CONFIG from authentik.tenants.utils import get_current_tenant diff --git a/website/docs/core/tenants.md b/website/docs/core/brands.md similarity index 62% rename from website/docs/core/tenants.md rename to website/docs/core/brands.md index 210366733..09ecd5cbc 100644 --- a/website/docs/core/tenants.md +++ b/website/docs/core/brands.md @@ -1,22 +1,22 @@ --- -title: Tenants -slug: /tenants +title: Brands +slug: /brands --- authentik support soft multi-tenancy. This means that you can configure several options depending on domain, but all the objects like applications, providers, etc, are still global. This can be handy to use the same authentik instance, but branded differently for different domains. -The main settings that tenants influence are flows and branding. +The main settings that brands influence are flows and branding. ## Flows -authentik picks a default flow by picking the flow that is selected in the current tenant, otherwise any flow that +authentik picks a default flow by picking the flow that is selected in the current brand, otherwise any flow that - matches the required designation - comes first sorted by slug - is allowed by policies -This means that if you want to select a default flow based on policy, you can just leave the tenant default empty. +This means that if you want to select a default flow based on policy, you can just leave the brand default empty. ## Branding -The tenant can configure the branding title (shown in website document title and several other places), and the sidebar/header logo. +The brand can configure the branding title (shown in website document title and several other places), and the sidebar/header logo. diff --git a/website/docs/core/certificates.md b/website/docs/core/certificates.md index 465f98ca5..e41763626 100644 --- a/website/docs/core/certificates.md +++ b/website/docs/core/certificates.md @@ -100,6 +100,6 @@ services: Afterwards, run `docker-compose up -d`, which will start certbot and generate your certificate. Within a few minutes, you'll see the certificate in your authentik interface. (If the certificate does not appear, restart the worker container. This is caused by incompatible permissions set by certbot). -Navigate to _System -> Tenants_, edit any tenant and select the certificate of your choice. +Navigate to _System -> Brands_, edit any brand and select the certificate of your choice. Keep in mind this certbot container will only run once, but there are a variety of ways to schedule regular renewals. diff --git a/website/docs/events/index.md b/website/docs/events/index.md index 49705c0f1..032012e5c 100644 --- a/website/docs/events/index.md +++ b/website/docs/events/index.md @@ -8,7 +8,7 @@ Certain information is stripped from events, to ensure no passwords or other cre ## Event retention -The event retention is configured on a per-tenant level, with the default being set to 365 days. For events where a related tenant cannot be found, the retention is also set to 365 days. +The event retention is configured on a per-brand level, with the default being set to 365 days. For events where a related brand cannot be found, the retention is also set to 365 days. If you want to forward these events to another application, forward the log output of all authentik containers. Every event creation is logged with the log level "info". For this configuration, it is also recommended to set the internal retention pretty low (for example, `days=1`). @@ -45,11 +45,11 @@ A user logs in (including the source, if available) "client_ip": "::1", "created": "2023-02-15T15:33:42.771091Z", "expires": "2024-02-15T15:33:42.770425Z", - "tenant": { + "brand": { "pk": "fcba828076b94dedb2d5a6b4c5556fa1", - "app": "authentik_tenants", - "name": "Default tenant", - "model_name": "tenant" + "app": "authentik_brands", + "name": "Default brand", + "model_name": "brand" } } ``` @@ -93,11 +93,11 @@ A failed login attempt "client_ip": "::1", "created": "2023-02-15T15:32:55.319608Z", "expires": "2024-02-15T15:32:55.314581Z", - "tenant": { + "brand": { "pk": "fcba828076b94dedb2d5a6b4c5556fa1", - "app": "authentik_tenants", - "name": "Default tenant", - "model_name": "tenant" + "app": "authentik_brands", + "name": "Default brand", + "model_name": "brand" } } ``` @@ -133,11 +133,11 @@ A user logs out. "client_ip": "::1", "created": "2023-02-15T15:39:55.976243Z", "expires": "2024-02-15T15:39:55.975535Z", - "tenant": { + "brand": { "pk": "fcba828076b94dedb2d5a6b4c5556fa1", - "app": "authentik_tenants", - "name": "Default tenant", - "model_name": "tenant" + "app": "authentik_brands", + "name": "Default brand", + "model_name": "brand" } } ``` @@ -182,11 +182,11 @@ A user is written to during a flow execution. "client_ip": "::1", "created": "2023-02-15T15:41:18.411017Z", "expires": "2024-02-15T15:41:18.410276Z", - "tenant": { + "brand": { "pk": "fcba828076b94dedb2d5a6b4c5556fa1", - "app": "authentik_tenants", - "name": "Default tenant", - "model_name": "tenant" + "app": "authentik_brands", + "name": "Default brand", + "model_name": "brand" } } ``` @@ -257,11 +257,11 @@ A user authorizes an application. "client_ip": "::1", "created": "2023-02-15T10:02:48.615499Z", "expires": "2023-04-26T10:02:48.612809Z", - "tenant": { + "brand": { "pk": "10800be643d44842ab9d97cb5f898ce9", - "app": "authentik_tenants", - "name": "Default tenant", - "model_name": "tenant" + "app": "authentik_brands", + "name": "Default brand", + "model_name": "brand" } } ``` diff --git a/website/docs/flow/executors/user-settings.md b/website/docs/flow/executors/user-settings.md index a535de2f4..543f03eec 100644 --- a/website/docs/flow/executors/user-settings.md +++ b/website/docs/flow/executors/user-settings.md @@ -11,4 +11,4 @@ The user interface (`/if/user/`) embeds a downsized flow executor to allow the u This executor only supports [**prompt**](../stages/prompt/) stages. If the configured flow contains another stage, a button will be shown to open the default executor. Because the stages in a flow can change during it execution, this executor will redirect the user to the default interface _if_ a non-supported stage is returned. -To configure which flow is used for this, configure it in the tenant settings. +To configure which flow is used for this, configure it in the brand settings. diff --git a/website/docs/flow/stages/authenticator_totp/index.md b/website/docs/flow/stages/authenticator_totp/index.md index 566ad6748..cade40a79 100644 --- a/website/docs/flow/stages/authenticator_totp/index.md +++ b/website/docs/flow/stages/authenticator_totp/index.md @@ -6,4 +6,4 @@ This stage configures a time-based OTP Device, such as Google Authenticator or A You can configure how many digits should be used for the OTP Token. -The Config URL's Issuer is set based on the currently active tenant's branding title. The default setup can cause issues if the same username is used on multiple authentik issues within the same authenticator app, so changing the tenant tile is recommended. +The Config URL's Issuer is set based on the currently active brand's branding title. The default setup can cause issues if the same username is used on multiple authentik issues within the same authenticator app, so changing the brand title is recommended. diff --git a/website/docs/interfaces/flow/customization.mdx b/website/docs/interfaces/flow/customization.mdx index f6e2aacaf..5f6b18161 100644 --- a/website/docs/interfaces/flow/customization.mdx +++ b/website/docs/interfaces/flow/customization.mdx @@ -1,6 +1,6 @@ # Customization -Since flows can be executed authenticated or unauthenticated, the default settings can be set via tenants _attributes_. +Since flows can be executed authenticated or unauthenticated, the default settings can be set via brands _attributes_. ### `settings.theme.base` diff --git a/website/docs/providers/oauth2/device_code.md b/website/docs/providers/oauth2/device_code.md index f99029953..a6d4158d0 100644 --- a/website/docs/providers/oauth2/device_code.md +++ b/website/docs/providers/oauth2/device_code.md @@ -6,7 +6,7 @@ This type of authentication flow is useful for devices with limited input abilit ### Requirements -This device flow is only possible if the active tenant has a device code flow setup. This device code flow is run _after_ the user logs in, and before the user authenticates. +This device flow is only possible if the active brand has a device code flow setup. This device code flow is run _after_ the user logs in, and before the user authenticates. authentik doesn't ship with a default flow for this usecase, so it is recommended to create a new flow for this usecase with the designation of _Stage configuration_ diff --git a/website/sidebars.js b/website/sidebars.js index fe1b6725e..2cedc2a33 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -36,7 +36,7 @@ const docsSidebar = { items: [ "core/terminology", "core/applications", - "core/tenants", + "core/brands", "core/certificates", "core/geoip", "core/architecture",