website: add Firezone integration (#5945)

* website: Add Firezone integration

* website: Add Firezone integration

* Apply suggestions from code review

Signed-off-by: Jens L. <jens@beryju.org>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Darrin Walton <darrinw@obsidian-group.co>
Co-authored-by: Jens L <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Darrin 2023-06-22 07:26:48 -04:00 committed by GitHub
parent b163c38cc5
commit 724bb59c0e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 61 additions and 0 deletions

View file

@ -0,0 +1,60 @@
---
title: Firezone
---
<span class="badge badge--secondary">Support level: Community</span>
## What is Firezone
From https://www.firezone.dev
:::note
Firezone is an open-source remote access platform built on WireGuard?, a modern VPN protocol that's 4-6x faster than OpenVPN.
Deploy on your infrastructure and start onboarding users in minutes.
:::
## Preparation
The following placeholders will be used:
- `firezone.company` is the FQDN of the Firezone install.
- `authenik` is the unique ID used to generate logins for this provider.
- `authentik.company` is the FQDN of the authentik install.
Create an OAuth2/OpenID provider with the following parameters:
- Client type: `Confidential`
- Redirect URIs/Origins: `Redirect URI from Firezone Config`
- Signing Key: `<Select your certificate>`
- Click: `Finish`
Note the Client ID and Client Secret value. Create an application using the provider you've created above.
## Firezone Config
- Click _Security_ under Settings
- Under _Single Sign-On_, click on _Add OpenID Connect Provider_
- Config ID: `authentik`
- Label: `Text to display on the Login button`
- Scope: `(leave default of "openid email profile")`
- Response type: `(leave default of 'code')
- Client ID: `Taken from Authentik Provider Config`
- Client Secret: `Taken from Authentik Provider Config`
- Discovery Document URI: `OpenID Configuration URL from Authentik`
- Redirect URI: `https://firezone.company/auth/oidc/<ConfigID>/callback/`
:::note
You should be able to leave the default Rediret URL
:::
- Auto-create Users: Enabled in order to automatically provision users when signing in the first time.
- Click _Save_,
Although local authentication is quick and easy to get started with, you can limit attack surface by disabling local authentication altogether. For production deployments it's usually a good idea to disable local authentication and enforce MFA through authentik.
:::info
In case something goes wrong with the configuration, you can temporarily re-enable local authentication via the REST API or by following instructions from https://www.firezone.dev/docs/administer/troubleshoot/#re-enable-local-authentication-via-cli.
:::
## Additional Resources
- https://www.firezone.dev/docs/authenticate/oidc/
- https://www.firezone.dev/docs/administer/troubleshoot/#re-enable-local-authentication-via-cli

View file

@ -63,6 +63,7 @@ module.exports = {
"services/apache-guacamole/index",
"services/argocd/index",
"services/awx-tower/index",
"services/firezone/index",
"services/fortimanager/index",
"services/harbor/index",
"services/hashicorp-vault/index",