website/docs: add azure ad docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-11-01 15:56:24 +01:00
parent ccab41a6ca
commit b86251255d
15 changed files with 65 additions and 15 deletions

View File

@ -1,5 +1,5 @@
---
title: Flows
title: Overview
---
Flows are a method of describing a sequence of stages. A stage represents a single verification or logic step. They are used to authenticate users, enroll them, and more.

View File

@ -9,7 +9,7 @@ The following placeholders will be used:
- `ad.company` is the Name of the Active Directory domain.
- `authentik.company` is the FQDN of the authentik install.
## Active Directory Setup
## Active Directory setup
1. Open Active Directory Users and Computers
@ -34,7 +34,8 @@ The following placeholders will be used:
Additional infos: https://support.microfocus.com/kb/doc.php?id=7023371
## authentik Setup
In authentik, create a new LDAP Source in Administration -> Sources.
In authentik, create a new LDAP Source in Resources -> Sources.
Use these settings:

View File

@ -63,5 +63,5 @@ The following placeholders will be used:
Save, and you now have Apple as a source.
:::note
For more details on how-to have the new source display on the Login Page see the Sources page.
For more details on how-to have the new source display on the Login Page see [here](../index).
:::

Binary file not shown.

After

Width:  |  Height:  |  Size: 78 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 96 KiB

View File

@ -0,0 +1,48 @@
---
title: Azure AD
---
## Preparation
The following placeholders will be used:
- `authentik.company` is the FQDN of the authentik install.
## Azure setup
1. Navigate to [portal.azure.com](https://portal.azure.com), and open the *App registration* service
2. Register a new application
Under *Supported account types*, select whichever account type applies to your use-case.
![](./aad_01.png)
3. Take note of the *Application (client) ID* value.
If you selected *Single tenant* in the *Supported account types* prompt, also note the *Directory (tenant) ID* value.
4. Navigate to *Certificates & secrets* in the sidebar, and to the *Client secrets* tab.
5. Add a new secret, with an identifier of your choice, and select any expiration. Currently the secret in authentik has to be rotated manually or via API, so it is recommended to choose at least 12 months.
6. Note the secret's value in the *Value* column.
## authentik Setup
In authentik, create a new *Azure AD OAuth Source* in Resources -> Sources.
Use the following settings:
- Name: `Azure AD`
- Slug: `azure-ad` (this must match the URL being used above)
- Consumer key: `*Application (client) ID* value from above`
- Consumer secret: `*Value* of the secret from above`
If you kept the default *Supported account types* selection of *Single tenant*, then you must change the URLs below as well:
- Authorization URL: `https://login.microsoftonline.com/*Directory (tenant) ID* from above/oauth2/v2.0/authorize`
- Access token URL: `https://login.microsoftonline.com/*Directory (tenant) ID* from above/oauth2/v2.0/token`
![](./authentik_01.png)
Save, and you now have Azure AD as a source.
:::note
For more details on how-to have the new source display on the Login Page see [here](../index).
:::

View File

@ -50,5 +50,5 @@ Here is an example of a complete authentik Discord OAuth Source
Save, and you now have Discord as a source.
:::note
For more details on how-to have the new source display on the Login Page see the Sources page
For more details on how-to have the new source display on the Login Page see [here](../index).
:::

View File

@ -56,5 +56,5 @@ Here is an example of a complete authentik Github OAuth Source
Save, and you now have Github as a source.
:::note
For more details on how-to have the new source display on the Login Page see the Sources page
For more details on how-to have the new source display on the Login Page see [here](../index).
:::

View File

@ -79,5 +79,5 @@ Here is an example of a complete authentik Google OAuth Source
Save, and you now have Google as a source.
:::note
For more details on how-to have the new source display on the Login Page see the Sources page
For more details on how-to have the new source display on the Login Page see [here](../index).
:::

View File

@ -1,5 +1,5 @@
---
title: Sources
title: Overview
---
Sources allow you to connect authentik to an existing user directory. They can also be used for social logins, using external providers such as Facebook, Twitter, etc.
@ -8,7 +8,7 @@ Sources allow you to connect authentik to an existing user directory. They can a
To have sources show on the default login screen you will need to add them. This is assuming you have not created or renamed the default stages and flows.
1. Access the **Flows** section
2. Click on **default-authentication-flow**
2. Click on **default-authentication-flow**
3. Click the **Stage Bindings** tab
4. Chose **Edit Stage** for the _default-authentication-identification_ stage
5. Under **Sources** you should see the additional sources you have configured. Click all applicable sources to have them displayed on the Login Page

View File

@ -1,5 +1,5 @@
---
title: Outposts
title: Overview
---
An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, Proxy Provider and LDAP are supported as outposts.

View File

@ -1,5 +1,5 @@
---
title: Policies
title: Overview
---
## Event-matcher policy

View File

@ -1,5 +1,5 @@
---
title: Property Mappings
title: Overview
---
Property Mappings allow you to pass information to external applications. For example, pass the current user's groups as a SAML parameter. Property Mappings are also used to map Source fields to authentik fields, for example when using LDAP.

View File

@ -1,5 +1,5 @@
---
title: Proxy provider
title: Overview
---
The proxy outpost sets the following headers:

View File

@ -36,7 +36,7 @@ module.exports = {
"providers/saml",
{
type: "category",
label: "Proxy",
label: "Proxy Provider",
items: [
"providers/proxy/proxy",
"providers/proxy/forward_auth",
@ -71,8 +71,9 @@ module.exports = {
label: "as Source",
items: [
"integrations/sources/index",
"integrations/sources/apple/index",
"integrations/sources/active-directory/index",
"integrations/sources/apple/index",
"integrations/sources/azure-ad/index",
"integrations/sources/discord/index",
"integrations/sources/freeipa/index",
"integrations/sources/github/index",