diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml
index 44a606f47..159d85aa2 100644
--- a/.github/workflows/ci-main.yml
+++ b/.github/workflows/ci-main.yml
@@ -139,6 +139,7 @@ jobs:
         working-directory: web
         run: |
           npm ci
+          make -C .. gen-client-web
           npm run build
       - name: run e2e
         run: |
@@ -172,6 +173,7 @@ jobs:
         working-directory: web/
         run: |
           npm ci
+          make -C .. gen-client-web
           npm run build
       - name: run e2e
         run: |
diff --git a/Makefile b/Makefile
index 3cb2feaba..734b6e0da 100644
--- a/Makefile
+++ b/Makefile
@@ -71,9 +71,9 @@ gen-client-web:
 		-o /local/gen-ts-api \
 		--additional-properties=typescriptThreePlus=true,supportsES6=true,npmName=@goauthentik/api,npmVersion=${NPM_VERSION}
 	mkdir -p web/node_modules/@goauthentik/api
-	\cp -fv scripts/web_api_readme.md gen-ts-api/README.md
+	ln -fs scripts/web_api_readme.md gen-ts-api/README.md
 	cd gen-ts-api && npm i
-	\cp -rfv gen-ts-api/* web/node_modules/@goauthentik/api
+	ln -fs gen-ts-api web/node_modules/@goauthentik/api
 
 gen-client-go:
 	wget https://raw.githubusercontent.com/goauthentik/client-go/main/config.yaml -O config.yaml
@@ -169,8 +169,3 @@ ci-pending-migrations: ci--meta-debug
 
 install: web-install website-install
 	poetry install
-
-a: install
-	tmux \
-		new-session 'make run' \; \
-		split-window 'make web-watch'
diff --git a/authentik/api/authentication.py b/authentik/api/authentication.py
index 5e95fab1d..25e1b6a6f 100644
--- a/authentik/api/authentication.py
+++ b/authentik/api/authentication.py
@@ -10,6 +10,8 @@ from structlog.stdlib import get_logger
 from authentik.core.middleware import KEY_AUTH_VIA, LOCAL
 from authentik.core.models import Token, TokenIntents, User
 from authentik.outposts.models import Outpost
+from authentik.providers.oauth2.constants import SCOPE_AUTHENTIK_API
+from authentik.providers.oauth2.models import RefreshToken
 
 LOGGER = get_logger()
 
@@ -24,7 +26,7 @@ def validate_auth(header: bytes) -> str:
     if auth_type.lower() != "bearer":
         LOGGER.debug("Unsupported authentication type, denying", type=auth_type.lower())
         raise AuthenticationFailed("Unsupported authentication type")
-    if auth_credentials == "":  # nosec
+    if auth_credentials == "":  # nosec # noqa
         raise AuthenticationFailed("Malformed header")
     return auth_credentials
 
@@ -34,14 +36,30 @@ def bearer_auth(raw_header: bytes) -> Optional[User]:
     auth_credentials = validate_auth(raw_header)
     if not auth_credentials:
         return None
+    if not hasattr(LOCAL, "authentik"):
+        LOCAL.authentik = {}
     # first, check traditional tokens
-    token = Token.filter_not_expired(key=auth_credentials, intent=TokenIntents.INTENT_API).first()
-    if hasattr(LOCAL, "authentik"):
+    key_token = Token.filter_not_expired(
+        key=auth_credentials, intent=TokenIntents.INTENT_API
+    ).first()
+    if key_token:
         LOCAL.authentik[KEY_AUTH_VIA] = "api_token"
-    if token:
-        return token.user
+        return key_token.user
+    # then try to auth via JWT
+    jwt_token = RefreshToken.filter_not_expired(
+        refresh_token=auth_credentials, _scope__icontains=SCOPE_AUTHENTIK_API
+    ).first()
+    if jwt_token:
+        # Double-check scopes, since they are saved in a single string
+        # we want to check the parsed version too
+        if SCOPE_AUTHENTIK_API not in jwt_token.scope:
+            raise AuthenticationFailed("Token invalid/expired")
+        LOCAL.authentik[KEY_AUTH_VIA] = "jwt"
+        return jwt_token.user
+    # then try to auth via secret key (for embedded outpost/etc)
     user = token_secret_key(auth_credentials)
     if user:
+        LOCAL.authentik[KEY_AUTH_VIA] = "secret_key"
         return user
     raise AuthenticationFailed("Token invalid/expired")
 
@@ -56,8 +74,6 @@ def token_secret_key(value: str) -> Optional[User]:
     outposts = Outpost.objects.filter(managed=MANAGED_OUTPOST)
     if not outposts:
         return None
-    if hasattr(LOCAL, "authentik"):
-        LOCAL.authentik[KEY_AUTH_VIA] = "secret_key"
     outpost = outposts.first()
     return outpost.user
 
diff --git a/authentik/api/tests/test_auth.py b/authentik/api/tests/test_auth.py
index ef49d3dee..91b05b3cf 100644
--- a/authentik/api/tests/test_auth.py
+++ b/authentik/api/tests/test_auth.py
@@ -8,28 +8,37 @@ from rest_framework.exceptions import AuthenticationFailed
 
 from authentik.api.authentication import bearer_auth
 from authentik.core.models import USER_ATTRIBUTE_SA, Token, TokenIntents
+from authentik.core.tests.utils import create_test_flow
+from authentik.lib.generators import generate_id
 from authentik.outposts.managed import OutpostManager
+from authentik.providers.oauth2.constants import SCOPE_AUTHENTIK_API
+from authentik.providers.oauth2.models import OAuth2Provider, RefreshToken
 
 
 class TestAPIAuth(TestCase):
     """Test API Authentication"""
 
-    def test_valid_bearer(self):
-        """Test valid token"""
-        token = Token.objects.create(intent=TokenIntents.INTENT_API, user=get_anonymous_user())
-        self.assertEqual(bearer_auth(f"Bearer {token.key}".encode()), token.user)
-
     def test_invalid_type(self):
         """Test invalid type"""
         with self.assertRaises(AuthenticationFailed):
             bearer_auth("foo bar".encode())
 
+    def test_invalid_empty(self):
+        """Test invalid type"""
+        self.assertIsNone(bearer_auth("Bearer ".encode()))
+        self.assertIsNone(bearer_auth("".encode()))
+
     def test_invalid_no_token(self):
         """Test invalid with no token"""
         with self.assertRaises(AuthenticationFailed):
             auth = b64encode(":abc".encode()).decode()
             self.assertIsNone(bearer_auth(f"Basic :{auth}".encode()))
 
+    def test_bearer_valid(self):
+        """Test valid token"""
+        token = Token.objects.create(intent=TokenIntents.INTENT_API, user=get_anonymous_user())
+        self.assertEqual(bearer_auth(f"Bearer {token.key}".encode()), token.user)
+
     def test_managed_outpost(self):
         """Test managed outpost"""
         with self.assertRaises(AuthenticationFailed):
@@ -38,3 +47,30 @@ class TestAPIAuth(TestCase):
         OutpostManager().run()
         user = bearer_auth(f"Bearer {settings.SECRET_KEY}".encode())
         self.assertEqual(user.attributes[USER_ATTRIBUTE_SA], True)
+
+    def test_jwt_valid(self):
+        """Test valid JWT"""
+        provider = OAuth2Provider.objects.create(
+            name=generate_id(), client_id=generate_id(), authorization_flow=create_test_flow()
+        )
+        refresh = RefreshToken.objects.create(
+            user=get_anonymous_user(),
+            provider=provider,
+            refresh_token=generate_id(),
+            _scope=SCOPE_AUTHENTIK_API,
+        )
+        self.assertEqual(bearer_auth(f"Bearer {refresh.refresh_token}".encode()), refresh.user)
+
+    def test_jwt_missing_scope(self):
+        """Test valid JWT"""
+        provider = OAuth2Provider.objects.create(
+            name=generate_id(), client_id=generate_id(), authorization_flow=create_test_flow()
+        )
+        refresh = RefreshToken.objects.create(
+            user=get_anonymous_user(),
+            provider=provider,
+            refresh_token=generate_id(),
+            _scope="",
+        )
+        with self.assertRaises(AuthenticationFailed):
+            self.assertEqual(bearer_auth(f"Bearer {refresh.refresh_token}".encode()), refresh.user)
diff --git a/authentik/flows/challenge.py b/authentik/flows/challenge.py
index e3fefd4ca..2933f0284 100644
--- a/authentik/flows/challenge.py
+++ b/authentik/flows/challenge.py
@@ -1,6 +1,6 @@
 """Challenge helpers"""
 from enum import Enum
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, Optional, TypedDict
 
 from django.db import models
 from django.http import JsonResponse
@@ -95,6 +95,13 @@ class AccessDeniedChallenge(WithUserInfoChallenge):
     component = CharField(default="ak-stage-access-denied")
 
 
+class PermissionDict(TypedDict):
+    """Consent Permission"""
+
+    id: str
+    name: str
+
+
 class PermissionSerializer(PassiveSerializer):
     """Permission used for consent"""
 
diff --git a/authentik/providers/oauth2/constants.py b/authentik/providers/oauth2/constants.py
index 7edf5b9c3..044818317 100644
--- a/authentik/providers/oauth2/constants.py
+++ b/authentik/providers/oauth2/constants.py
@@ -18,6 +18,8 @@ SCOPE_OPENID = "openid"
 SCOPE_OPENID_PROFILE = "profile"
 SCOPE_OPENID_EMAIL = "email"
 
+SCOPE_AUTHENTIK_API = "goauthentik.io/api"
+
 # Read/write full user (including email)
 SCOPE_GITHUB_USER = "user"
 # Read user (without email)
diff --git a/authentik/providers/oauth2/views/userinfo.py b/authentik/providers/oauth2/views/userinfo.py
index 36a875029..efed0f43f 100644
--- a/authentik/providers/oauth2/views/userinfo.py
+++ b/authentik/providers/oauth2/views/userinfo.py
@@ -4,12 +4,15 @@ from typing import Any, Optional
 from deepmerge import always_merger
 from django.http import HttpRequest, HttpResponse
 from django.http.response import HttpResponseBadRequest
+from django.utils.translation import gettext_lazy as _
 from django.views import View
 from structlog.stdlib import get_logger
 
 from authentik.core.exceptions import PropertyMappingExpressionException
 from authentik.events.models import Event, EventAction
+from authentik.flows.challenge import PermissionDict
 from authentik.providers.oauth2.constants import (
+    SCOPE_AUTHENTIK_API,
     SCOPE_GITHUB_ORG_READ,
     SCOPE_GITHUB_USER,
     SCOPE_GITHUB_USER_EMAIL,
@@ -27,23 +30,27 @@ class UserInfoView(View):
 
     token: Optional[RefreshToken]
 
-    def get_scope_descriptions(self, scopes: list[str]) -> list[dict[str, str]]:
+    def get_scope_descriptions(self, scopes: list[str]) -> list[PermissionDict]:
         """Get a list of all Scopes's descriptions"""
         scope_descriptions = []
         for scope in ScopeMapping.objects.filter(scope_name__in=scopes).order_by("scope_name"):
-            if scope.description != "":
-                scope_descriptions.append({"id": scope.scope_name, "name": scope.description})
+            if scope.description == "":
+                continue
+            scope_descriptions.append(PermissionDict(id=scope.scope_name, name=scope.description))
         # GitHub Compatibility Scopes are handled differently, since they required custom paths
         # Hence they don't exist as Scope objects
-        github_scope_map = {
-            SCOPE_GITHUB_USER: ("GitHub Compatibility: Access your User Information"),
-            SCOPE_GITHUB_USER_READ: ("GitHub Compatibility: Access your User Information"),
-            SCOPE_GITHUB_USER_EMAIL: ("GitHub Compatibility: Access you Email addresses"),
-            SCOPE_GITHUB_ORG_READ: ("GitHub Compatibility: Access your Groups"),
+        special_scope_map = {
+            SCOPE_GITHUB_USER: _("GitHub Compatibility: Access your User Information"),
+            SCOPE_GITHUB_USER_READ: _("GitHub Compatibility: Access your User Information"),
+            SCOPE_GITHUB_USER_EMAIL: _("GitHub Compatibility: Access you Email addresses"),
+            SCOPE_GITHUB_ORG_READ: _("GitHub Compatibility: Access your Groups"),
+            SCOPE_AUTHENTIK_API: _("authentik API Access on behalf of your user"),
         }
         for scope in scopes:
-            if scope in github_scope_map:
-                scope_descriptions.append({"id": scope, "name": github_scope_map[scope]})
+            if scope in special_scope_map:
+                scope_descriptions.append(
+                    PermissionDict(id=scope, name=str(special_scope_map[scope]))
+                )
         return scope_descriptions
 
     def get_claims(self, token: RefreshToken) -> dict[str, Any]:
diff --git a/authentik/stages/consent/api.py b/authentik/stages/consent/api.py
index f170020b0..5a25b1db0 100644
--- a/authentik/stages/consent/api.py
+++ b/authentik/stages/consent/api.py
@@ -40,7 +40,7 @@ class UserConsentSerializer(StageSerializer):
     class Meta:
 
         model = UserConsent
-        fields = ["pk", "expires", "user", "application"]
+        fields = ["pk", "expires", "user", "application", "permissions"]
 
 
 class UserConsentViewSet(
diff --git a/authentik/stages/consent/migrations/0004_alter_userconsent_unique_together_and_more.py b/authentik/stages/consent/migrations/0004_alter_userconsent_unique_together_and_more.py
new file mode 100644
index 000000000..396f1e6c9
--- /dev/null
+++ b/authentik/stages/consent/migrations/0004_alter_userconsent_unique_together_and_more.py
@@ -0,0 +1,29 @@
+# Generated by Django 4.0.5 on 2022-06-26 10:42
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_core", "0021_source_user_path_user_path"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ("authentik_stages_consent", "0003_auto_20200924_1403"),
+    ]
+
+    operations = [
+        migrations.AlterUniqueTogether(
+            name="userconsent",
+            unique_together=set(),
+        ),
+        migrations.AddField(
+            model_name="userconsent",
+            name="permissions",
+            field=models.TextField(default=""),
+        ),
+        migrations.AlterUniqueTogether(
+            name="userconsent",
+            unique_together={("user", "application", "permissions")},
+        ),
+    ]
diff --git a/authentik/stages/consent/models.py b/authentik/stages/consent/models.py
index 45c251cb2..672082147 100644
--- a/authentik/stages/consent/models.py
+++ b/authentik/stages/consent/models.py
@@ -56,12 +56,13 @@ class UserConsent(ExpiringModel):
 
     user = models.ForeignKey(User, on_delete=models.CASCADE)
     application = models.ForeignKey(Application, on_delete=models.CASCADE)
+    permissions = models.TextField(default="")
 
     def __str__(self):
         return f"User Consent {self.application} by {self.user}"
 
     class Meta:
 
-        unique_together = (("user", "application"),)
+        unique_together = (("user", "application", "permissions"),)
         verbose_name = _("User Consent")
         verbose_name_plural = _("User Consents")
diff --git a/authentik/stages/consent/stage.py b/authentik/stages/consent/stage.py
index bfeff6046..ec515f822 100644
--- a/authentik/stages/consent/stage.py
+++ b/authentik/stages/consent/stage.py
@@ -1,4 +1,6 @@
 """authentik consent stage"""
+from typing import Optional
+
 from django.http import HttpRequest, HttpResponse
 from django.utils.timezone import now
 from rest_framework.fields import CharField
@@ -18,13 +20,15 @@ from authentik.stages.consent.models import ConsentMode, ConsentStage, UserConse
 PLAN_CONTEXT_CONSENT_TITLE = "consent_title"
 PLAN_CONTEXT_CONSENT_HEADER = "consent_header"
 PLAN_CONTEXT_CONSENT_PERMISSIONS = "consent_permissions"
+PLAN_CONTEXT_CONSNET_EXTRA_PERMISSIONS = "consent_additional_permissions"
 
 
 class ConsentChallenge(WithUserInfoChallenge):
     """Challenge info for consent screens"""
 
-    header_text = CharField()
+    header_text = CharField(required=False)
     permissions = PermissionSerializer(many=True)
+    additional_permissions = PermissionSerializer(many=True)
     component = CharField(default="ak-stage-consent")
 
 
@@ -43,6 +47,9 @@ class ConsentStageView(ChallengeStageView):
         data = {
             "type": ChallengeTypes.NATIVE.value,
             "permissions": self.executor.plan.context.get(PLAN_CONTEXT_CONSENT_PERMISSIONS, []),
+            "additional_permissions": self.executor.plan.context.get(
+                PLAN_CONTEXT_CONSNET_EXTRA_PERMISSIONS, []
+            ),
         }
         if PLAN_CONTEXT_CONSENT_TITLE in self.executor.plan.context:
             data["title"] = self.executor.plan.context[PLAN_CONTEXT_CONSENT_TITLE]
@@ -72,10 +79,26 @@ class ConsentStageView(ChallengeStageView):
         if PLAN_CONTEXT_PENDING_USER in self.executor.plan.context:
             user = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
 
-        if UserConsent.filter_not_expired(user=user, application=application).exists():
+        consent: Optional[UserConsent] = UserConsent.filter_not_expired(
+            user=user, application=application
+        ).first()
+
+        if consent:
+            perms = self.executor.plan.context.get(PLAN_CONTEXT_CONSENT_PERMISSIONS, [])
+            allowed_perms = set(consent.permissions.split(" "))
+            requested_perms = set(x["id"] for x in perms)
+
+            if allowed_perms != requested_perms:
+                self.executor.plan.context[PLAN_CONTEXT_CONSENT_PERMISSIONS] = [
+                    x for x in perms if x["id"] in allowed_perms
+                ]
+                self.executor.plan.context[PLAN_CONTEXT_CONSNET_EXTRA_PERMISSIONS] = [
+                    x for x in perms if x["id"] in requested_perms.difference(allowed_perms)
+                ]
+                return super().get(request, *args, **kwargs)
             return self.executor.stage_ok()
 
-        # No consent found, return consent
+        # No consent found, return consent prompt
         return super().get(request, *args, **kwargs)
 
     def challenge_valid(self, response: ChallengeResponse) -> HttpResponse:
@@ -83,6 +106,10 @@ class ConsentStageView(ChallengeStageView):
         if PLAN_CONTEXT_APPLICATION not in self.executor.plan.context:
             return self.executor.stage_ok()
         application = self.executor.plan.context[PLAN_CONTEXT_APPLICATION]
+        permissions = self.executor.plan.context.get(
+            PLAN_CONTEXT_CONSENT_PERMISSIONS, []
+        ) + self.executor.plan.context.get(PLAN_CONTEXT_CONSNET_EXTRA_PERMISSIONS, [])
+        permissions_string = " ".join(x["id"] for x in permissions)
         # Make this StageView work when injected, in which case `current_stage` is an instance
         # of the base class, and we don't save any consent, as it is assumed to be a one-time
         # prompt
@@ -91,12 +118,16 @@ class ConsentStageView(ChallengeStageView):
         # Since we only get here when no consent exists, we can create it without update
         if current_stage.mode == ConsentMode.PERMANENT:
             UserConsent.objects.create(
-                user=self.request.user, application=application, expiring=False
+                user=self.request.user,
+                application=application,
+                expiring=False,
+                permissions=permissions_string,
             )
         if current_stage.mode == ConsentMode.EXPIRING:
             UserConsent.objects.create(
                 user=self.request.user,
                 application=application,
                 expires=now() + timedelta_from_string(current_stage.consent_expire_in),
+                permissions=permissions_string,
             )
         return self.executor.stage_ok()
diff --git a/authentik/stages/consent/tests.py b/authentik/stages/consent/tests.py
index e6fe2a127..37d72ed82 100644
--- a/authentik/stages/consent/tests.py
+++ b/authentik/stages/consent/tests.py
@@ -6,12 +6,15 @@ from django.urls import reverse
 from authentik.core.models import Application
 from authentik.core.tasks import clean_expired_models
 from authentik.core.tests.utils import create_test_admin_user, create_test_flow
+from authentik.flows.challenge import PermissionDict
 from authentik.flows.markers import StageMarker
 from authentik.flows.models import FlowDesignation, FlowStageBinding
 from authentik.flows.planner import PLAN_CONTEXT_APPLICATION, FlowPlan
 from authentik.flows.tests import FlowTestCase
 from authentik.flows.views.executor import SESSION_KEY_PLAN
+from authentik.lib.generators import generate_id
 from authentik.stages.consent.models import ConsentMode, ConsentStage, UserConsent
+from authentik.stages.consent.stage import PLAN_CONTEXT_CONSENT_PERMISSIONS
 
 
 class TestConsentStage(FlowTestCase):
@@ -21,14 +24,14 @@ class TestConsentStage(FlowTestCase):
         super().setUp()
         self.user = create_test_admin_user()
         self.application = Application.objects.create(
-            name="test-application",
-            slug="test-application",
+            name=generate_id(),
+            slug=generate_id(),
         )
 
     def test_always_required(self):
         """Test always required consent"""
         flow = create_test_flow(FlowDesignation.AUTHENTICATION)
-        stage = ConsentStage.objects.create(name="consent", mode=ConsentMode.ALWAYS_REQUIRE)
+        stage = ConsentStage.objects.create(name=generate_id(), mode=ConsentMode.ALWAYS_REQUIRE)
         binding = FlowStageBinding.objects.create(target=flow, stage=stage, order=2)
 
         plan = FlowPlan(flow_pk=flow.pk.hex, bindings=[binding], markers=[StageMarker()])
@@ -48,7 +51,7 @@ class TestConsentStage(FlowTestCase):
         """Test permanent consent from user"""
         self.client.force_login(self.user)
         flow = create_test_flow(FlowDesignation.AUTHENTICATION)
-        stage = ConsentStage.objects.create(name="consent", mode=ConsentMode.PERMANENT)
+        stage = ConsentStage.objects.create(name=generate_id(), mode=ConsentMode.PERMANENT)
         binding = FlowStageBinding.objects.create(target=flow, stage=stage, order=2)
 
         plan = FlowPlan(
@@ -75,7 +78,7 @@ class TestConsentStage(FlowTestCase):
         self.client.force_login(self.user)
         flow = create_test_flow(FlowDesignation.AUTHENTICATION)
         stage = ConsentStage.objects.create(
-            name="consent", mode=ConsentMode.EXPIRING, consent_expire_in="seconds=1"
+            name=generate_id(), mode=ConsentMode.EXPIRING, consent_expire_in="seconds=1"
         )
         binding = FlowStageBinding.objects.create(target=flow, stage=stage, order=2)
 
@@ -88,6 +91,18 @@ class TestConsentStage(FlowTestCase):
         session = self.client.session
         session[SESSION_KEY_PLAN] = plan
         session.save()
+        response = self.client.get(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": flow.slug}),
+            {},
+        )
+        self.assertEqual(response.status_code, 200)
+        self.assertStageResponse(
+            response,
+            flow,
+            self.user,
+            permissions=[],
+            additional_permissions=[],
+        )
         response = self.client.post(
             reverse("authentik_api:flow-executor", kwargs={"flow_slug": flow.slug}),
             {},
@@ -102,3 +117,95 @@ class TestConsentStage(FlowTestCase):
         self.assertFalse(
             UserConsent.objects.filter(user=self.user, application=self.application).exists()
         )
+
+    def test_permanent_more_perms(self):
+        """Test permanent consent from user"""
+        self.client.force_login(self.user)
+        flow = create_test_flow(FlowDesignation.AUTHENTICATION)
+        stage = ConsentStage.objects.create(name=generate_id(), mode=ConsentMode.PERMANENT)
+        binding = FlowStageBinding.objects.create(target=flow, stage=stage, order=2)
+
+        plan = FlowPlan(
+            flow_pk=flow.pk.hex,
+            bindings=[binding],
+            markers=[StageMarker()],
+            context={
+                PLAN_CONTEXT_APPLICATION: self.application,
+                PLAN_CONTEXT_CONSENT_PERMISSIONS: [PermissionDict(id="foo", name="foo-desc")],
+            },
+        )
+        session = self.client.session
+        session[SESSION_KEY_PLAN] = plan
+        session.save()
+
+        # First, consent with a single permission
+        response = self.client.get(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": flow.slug}),
+            {},
+        )
+        self.assertEqual(response.status_code, 200)
+        self.assertStageResponse(
+            response,
+            flow,
+            self.user,
+            permissions=[
+                {"id": "foo", "name": "foo-desc"},
+            ],
+            additional_permissions=[],
+        )
+        response = self.client.post(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": flow.slug}),
+            {},
+        )
+        self.assertEqual(response.status_code, 200)
+        self.assertStageRedirects(response, reverse("authentik_core:root-redirect"))
+        self.assertTrue(
+            UserConsent.objects.filter(
+                user=self.user, application=self.application, permissions="foo"
+            ).exists()
+        )
+
+        # Request again with more perms
+        plan = FlowPlan(
+            flow_pk=flow.pk.hex,
+            bindings=[binding],
+            markers=[StageMarker()],
+            context={
+                PLAN_CONTEXT_APPLICATION: self.application,
+                PLAN_CONTEXT_CONSENT_PERMISSIONS: [
+                    PermissionDict(id="foo", name="foo-desc"),
+                    PermissionDict(id="bar", name="bar-desc"),
+                ],
+            },
+        )
+        session = self.client.session
+        session[SESSION_KEY_PLAN] = plan
+        session.save()
+
+        response = self.client.get(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": flow.slug}),
+            {},
+        )
+        self.assertEqual(response.status_code, 200)
+        self.assertStageResponse(
+            response,
+            flow,
+            self.user,
+            permissions=[
+                {"id": "foo", "name": "foo-desc"},
+            ],
+            additional_permissions=[
+                {"id": "bar", "name": "bar-desc"},
+            ],
+        )
+        response = self.client.post(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": flow.slug}),
+            {},
+        )
+        self.assertEqual(response.status_code, 200)
+        self.assertStageRedirects(response, reverse("authentik_core:root-redirect"))
+        self.assertTrue(
+            UserConsent.objects.filter(
+                user=self.user, application=self.application, permissions="foo bar"
+            ).exists()
+        )
diff --git a/locale/en/LC_MESSAGES/django.po b/locale/en/LC_MESSAGES/django.po
index c06025d00..b793aecee 100644
--- a/locale/en/LC_MESSAGES/django.po
+++ b/locale/en/LC_MESSAGES/django.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-01-03 12:29+0000\n"
+"POT-Creation-Date: 2022-06-26 11:48+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: authentik/admin/api/tasks.py:95
+#: authentik/admin/api/tasks.py:99
 #, python-format
 msgid "Successfully re-scheduled Task %(name)s!"
 msgstr ""
@@ -39,113 +39,125 @@ msgstr ""
 msgid "Create a SAML Provider by importing its Metadata."
 msgstr ""
 
-#: authentik/core/models.py:69
+#: authentik/core/api/users.py:90
+msgid "No leading or trailing slashes allowed."
+msgstr ""
+
+#: authentik/core/api/users.py:93
+msgid "No empty segments in user path allowed."
+msgstr ""
+
+#: authentik/core/models.py:76
 msgid "name"
 msgstr ""
 
-#: authentik/core/models.py:71
+#: authentik/core/models.py:78
 msgid "Users added to this group will be superusers."
 msgstr ""
 
-#: authentik/core/models.py:129
+#: authentik/core/models.py:146
 msgid "User's display name."
 msgstr ""
 
-#: authentik/core/models.py:212 authentik/providers/oauth2/models.py:299
+#: authentik/core/models.py:237 authentik/providers/oauth2/models.py:318
 msgid "User"
 msgstr ""
 
-#: authentik/core/models.py:213
+#: authentik/core/models.py:238
 msgid "Users"
 msgstr ""
 
-#: authentik/core/models.py:224
+#: authentik/core/models.py:249
 msgid "Flow used when authorizing this provider."
 msgstr ""
 
-#: authentik/core/models.py:257
+#: authentik/core/models.py:282
 msgid "Application's display Name."
 msgstr ""
 
-#: authentik/core/models.py:258
+#: authentik/core/models.py:283
 msgid "Internal application name, used in URLs."
 msgstr ""
 
-#: authentik/core/models.py:311
+#: authentik/core/models.py:295
+msgid "Open launch URL in a new browser tab or window."
+msgstr ""
+
+#: authentik/core/models.py:354
 msgid "Application"
 msgstr ""
 
-#: authentik/core/models.py:312
+#: authentik/core/models.py:355
 msgid "Applications"
 msgstr ""
 
-#: authentik/core/models.py:318
+#: authentik/core/models.py:361
 msgid "Use the source-specific identifier"
 msgstr ""
 
-#: authentik/core/models.py:326
+#: authentik/core/models.py:369
 msgid ""
 "Use the user's email address, but deny enrollment when the email address "
 "already exists."
 msgstr ""
 
-#: authentik/core/models.py:335
+#: authentik/core/models.py:378
 msgid ""
 "Use the user's username, but deny enrollment when the username already "
 "exists."
 msgstr ""
 
-#: authentik/core/models.py:342
+#: authentik/core/models.py:385
 msgid "Source's display Name."
 msgstr ""
 
-#: authentik/core/models.py:343
+#: authentik/core/models.py:386
 msgid "Internal source name, used in URLs."
 msgstr ""
 
-#: authentik/core/models.py:354
+#: authentik/core/models.py:399
 msgid "Flow to use when authenticating existing users."
 msgstr ""
 
-#: authentik/core/models.py:363
+#: authentik/core/models.py:408
 msgid "Flow to use when enrolling new users."
 msgstr ""
 
-#: authentik/core/models.py:501
+#: authentik/core/models.py:557
 msgid "Token"
 msgstr ""
 
-#: authentik/core/models.py:502
+#: authentik/core/models.py:558
 msgid "Tokens"
 msgstr ""
 
-#: authentik/core/models.py:545
+#: authentik/core/models.py:601
 msgid "Property Mapping"
 msgstr ""
 
-#: authentik/core/models.py:546
+#: authentik/core/models.py:602
 msgid "Property Mappings"
 msgstr ""
 
-#: authentik/core/models.py:582
+#: authentik/core/models.py:638
 msgid "Authenticated Session"
 msgstr ""
 
-#: authentik/core/models.py:583
+#: authentik/core/models.py:639
 msgid "Authenticated Sessions"
 msgstr ""
 
-#: authentik/core/sources/flow_manager.py:166
+#: authentik/core/sources/flow_manager.py:177
 msgid "source"
 msgstr ""
 
-#: authentik/core/sources/flow_manager.py:220
-#: authentik/core/sources/flow_manager.py:258
+#: authentik/core/sources/flow_manager.py:245
+#: authentik/core/sources/flow_manager.py:283
 #, python-format
 msgid "Successfully authenticated with %(source)s!"
 msgstr ""
 
-#: authentik/core/sources/flow_manager.py:239
+#: authentik/core/sources/flow_manager.py:264
 #, python-format
 msgid "Successfully linked %(source)s!"
 msgstr ""
@@ -156,8 +168,8 @@ msgstr ""
 
 #: authentik/core/templates/if/admin.html:18
 #: authentik/core/templates/if/admin.html:24
-#: authentik/core/templates/if/flow.html:28
-#: authentik/core/templates/if/flow.html:34
+#: authentik/core/templates/if/flow.html:35
+#: authentik/core/templates/if/flow.html:41
 #: authentik/core/templates/if/user.html:18
 #: authentik/core/templates/if/user.html:24
 msgid "Loading..."
@@ -200,11 +212,18 @@ msgid ""
 "        "
 msgstr ""
 
-#: authentik/core/templates/login/base_full.html:65
+#: authentik/core/templates/login/base_full.html:89
 msgid "Powered by authentik"
 msgstr ""
 
-#: authentik/crypto/api.py:132
+#: authentik/core/views/apps.py:48
+#: authentik/providers/oauth2/views/authorize.py:356
+#: authentik/providers/saml/views/sso.py:69
+#, python-format
+msgid "You're about to sign into %(application)s."
+msgstr ""
+
+#: authentik/crypto/api.py:143
 msgid "Subject-alt name"
 msgstr ""
 
@@ -231,85 +250,89 @@ msgstr ""
 msgid "Successfully imported %(count)d files."
 msgstr ""
 
-#: authentik/events/models.py:285
+#: authentik/events/models.py:288
 msgid "Event"
 msgstr ""
 
-#: authentik/events/models.py:286
+#: authentik/events/models.py:289
 msgid "Events"
 msgstr ""
 
-#: authentik/events/models.py:292
+#: authentik/events/models.py:295
+msgid "authentik inbuilt notifications"
+msgstr ""
+
+#: authentik/events/models.py:296
 msgid "Generic Webhook"
 msgstr ""
 
-#: authentik/events/models.py:293
+#: authentik/events/models.py:297
 msgid "Slack Webhook (Slack/Discord)"
 msgstr ""
 
-#: authentik/events/models.py:294
+#: authentik/events/models.py:298
 msgid "Email"
 msgstr ""
 
-#: authentik/events/models.py:312
+#: authentik/events/models.py:316
 msgid ""
 "Only send notification once, for example when sending a webhook into a chat "
 "channel."
 msgstr ""
 
-#: authentik/events/models.py:357
+#: authentik/events/models.py:374
 msgid "Severity"
 msgstr ""
 
-#: authentik/events/models.py:362
+#: authentik/events/models.py:379
 msgid "Dispatched for user"
 msgstr ""
 
-#: authentik/events/models.py:439
+#: authentik/events/models.py:456
 msgid "Notification Transport"
 msgstr ""
 
-#: authentik/events/models.py:440
+#: authentik/events/models.py:457
 msgid "Notification Transports"
 msgstr ""
 
-#: authentik/events/models.py:446
+#: authentik/events/models.py:463
 msgid "Notice"
 msgstr ""
 
-#: authentik/events/models.py:447
+#: authentik/events/models.py:464
 msgid "Warning"
 msgstr ""
 
-#: authentik/events/models.py:448
+#: authentik/events/models.py:465
 msgid "Alert"
 msgstr ""
 
-#: authentik/events/models.py:468
+#: authentik/events/models.py:485
 msgid "Notification"
 msgstr ""
 
-#: authentik/events/models.py:469
+#: authentik/events/models.py:486
 msgid "Notifications"
 msgstr ""
 
-#: authentik/events/models.py:488
+#: authentik/events/models.py:506
 msgid "Controls which severity level the created notifications will have."
 msgstr ""
 
-#: authentik/events/models.py:508
+#: authentik/events/models.py:526
 msgid "Notification Rule"
 msgstr ""
 
-#: authentik/events/models.py:509
+#: authentik/events/models.py:527
 msgid "Notification Rules"
 msgstr ""
 
-#: authentik/events/models.py:530
+#: authentik/events/models.py:548
 msgid "Notification Webhook Mapping"
 msgstr ""
 
-#: authentik/events/models.py:531
+#: authentik/events/models.py:549
 msgid "Notification Webhook Mappings"
 msgstr ""
 
@@ -317,42 +340,52 @@ msgstr ""
 msgid "Task has not been run yet."
 msgstr ""
 
-#: authentik/flows/api/flows.py:350
+#: authentik/flows/api/flows.py:227 authentik/flows/api/flows.py:249
+#, python-format
+msgid "Policy (%(type)s)"
+msgstr ""
+
+#: authentik/flows/api/flows.py:258
+#, python-format
+msgid "Stage (%(type)s)"
+msgstr ""
+
+#: authentik/flows/api/flows.py:373
 #, python-format
 msgid "Flow not applicable to current user/request: %(messages)s"
 msgstr ""
 
-#: authentik/flows/models.py:107
+#: authentik/flows/models.py:108
 msgid "Visible in the URL."
 msgstr ""
 
-#: authentik/flows/models.py:109
+#: authentik/flows/models.py:110
 msgid "Shown as the Title in Flow pages."
 msgstr ""
 
-#: authentik/flows/models.py:126
+#: authentik/flows/models.py:128
 msgid "Background shown during execution"
 msgstr ""
 
-#: authentik/flows/models.py:133
+#: authentik/flows/models.py:135
 msgid ""
 "Enable compatibility mode, increases compatibility with password managers on "
 "mobile devices."
 msgstr ""
 
-#: authentik/flows/models.py:178
+#: authentik/flows/models.py:180
 msgid "Flow"
 msgstr ""
 
-#: authentik/flows/models.py:179
+#: authentik/flows/models.py:181
 msgid "Flows"
 msgstr ""
 
-#: authentik/flows/models.py:209
+#: authentik/flows/models.py:211
 msgid "Evaluate policies when the Stage is present to the user."
 msgstr ""
 
-#: authentik/flows/models.py:216
+#: authentik/flows/models.py:218
 msgid ""
 "Configure how the flow executor should handle an invalid response to a "
 "challenge. RETRY returns the error message and a similar challenge to the "
@@ -360,19 +393,19 @@ msgid ""
 "RESTART_WITH_CONTEXT restarts the flow while keeping the current context."
 msgstr ""
 
-#: authentik/flows/models.py:240
+#: authentik/flows/models.py:242
 msgid "Flow Stage Binding"
 msgstr ""
 
-#: authentik/flows/models.py:241
+#: authentik/flows/models.py:243
 msgid "Flow Stage Bindings"
 msgstr ""
 
-#: authentik/flows/models.py:291
+#: authentik/flows/models.py:293
 msgid "Flow Token"
 msgstr ""
 
-#: authentik/flows/models.py:292
+#: authentik/flows/models.py:294
 msgid "Flow Tokens"
 msgstr ""
 
@@ -384,7 +417,7 @@ msgstr ""
 msgid "Something went wrong! Please try again later."
 msgstr ""
 
-#: authentik/lib/utils/time.py:24
+#: authentik/lib/utils/time.py:27
 #, python-format
 msgid "%(value)s is not in the correct format of 'hours=3;minutes=1'."
 msgstr ""
@@ -393,46 +426,46 @@ msgstr ""
 msgid "Managed by authentik"
 msgstr ""
 
-#: authentik/outposts/api/service_connections.py:131
+#: authentik/outposts/api/service_connections.py:132
 msgid ""
 "You can only use an empty kubeconfig when connecting to a local cluster."
 msgstr ""
 
-#: authentik/outposts/api/service_connections.py:139
+#: authentik/outposts/api/service_connections.py:140
 msgid "Invalid kubeconfig"
 msgstr ""
 
-#: authentik/outposts/models.py:151
+#: authentik/outposts/models.py:154
 msgid "Outpost Service-Connection"
 msgstr ""
 
-#: authentik/outposts/models.py:152
+#: authentik/outposts/models.py:155
 msgid "Outpost Service-Connections"
 msgstr ""
 
-#: authentik/outposts/models.py:188
+#: authentik/outposts/models.py:191
 msgid ""
 "Certificate/Key used for authentication. Can be left empty for no "
 "authentication."
 msgstr ""
 
-#: authentik/outposts/models.py:201
+#: authentik/outposts/models.py:204
 msgid "Docker Service-Connection"
 msgstr ""
 
-#: authentik/outposts/models.py:202
+#: authentik/outposts/models.py:205
 msgid "Docker Service-Connections"
 msgstr ""
 
-#: authentik/outposts/models.py:227
+#: authentik/outposts/models.py:230
 msgid "Kubernetes Service-Connection"
 msgstr ""
 
-#: authentik/outposts/models.py:228
+#: authentik/outposts/models.py:231
 msgid "Kubernetes Service-Connections"
 msgstr ""
 
-#: authentik/policies/denied.py:24
+#: authentik/policies/denied.py:25
 msgid "Access denied"
 msgstr ""
 
@@ -476,26 +509,26 @@ msgstr ""
 msgid "Expression Policies"
 msgstr ""
 
-#: authentik/policies/hibp/models.py:22
+#: authentik/policies/hibp/models.py:23
 #: authentik/policies/password/models.py:24
 msgid "Field key to check, field keys defined in Prompt stages are available."
 msgstr ""
 
-#: authentik/policies/hibp/models.py:47
+#: authentik/policies/hibp/models.py:51
 #: authentik/policies/password/models.py:57
 msgid "Password not set in context"
 msgstr ""
 
-#: authentik/policies/hibp/models.py:60
+#: authentik/policies/hibp/models.py:64
 #, python-format
 msgid "Password exists on %(count)d online lists."
 msgstr ""
 
-#: authentik/policies/hibp/models.py:66
+#: authentik/policies/hibp/models.py:70
 msgid "Have I Been Pwned Policy"
 msgstr ""
 
-#: authentik/policies/hibp/models.py:67
+#: authentik/policies/hibp/models.py:71
 msgid "Have I Been Pwned Policies"
 msgstr ""
 
@@ -547,11 +580,11 @@ msgstr ""
 msgid "Password Policies"
 msgstr ""
 
-#: authentik/policies/reputation/models.py:54
+#: authentik/policies/reputation/models.py:59
 msgid "Reputation Policy"
 msgstr ""
 
-#: authentik/policies/reputation/models.py:55
+#: authentik/policies/reputation/models.py:60
 msgid "Reputation Policies"
 msgstr ""
 
@@ -560,19 +593,27 @@ msgstr ""
 msgid "Permission denied"
 msgstr ""
 
-#: authentik/policies/templates/policies/denied.html:20
+#: authentik/policies/templates/policies/denied.html:21
+msgid "User's avatar"
+msgstr ""
+
+#: authentik/policies/templates/policies/denied.html:25
+msgid "Not you?"
+msgstr ""
+
+#: authentik/policies/templates/policies/denied.html:33
 msgid "Request has been denied."
 msgstr ""
 
-#: authentik/policies/templates/policies/denied.html:31
+#: authentik/policies/templates/policies/denied.html:44
 msgid "Messages:"
 msgstr ""
 
-#: authentik/policies/templates/policies/denied.html:41
+#: authentik/policies/templates/policies/denied.html:54
 msgid "Explanation:"
 msgstr ""
 
-#: authentik/policies/templates/policies/denied.html:45
+#: authentik/policies/templates/policies/denied.html:58
 #, python-format
 msgid ""
 "\n"
@@ -609,188 +650,210 @@ msgid ""
 "primary groups gidNumber"
 msgstr ""
 
-#: authentik/providers/ldap/models.py:97
+#: authentik/providers/ldap/models.py:98
 msgid "LDAP Provider"
 msgstr ""
 
-#: authentik/providers/ldap/models.py:98
+#: authentik/providers/ldap/models.py:99
 msgid "LDAP Providers"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:36
+#: authentik/providers/oauth2/models.py:37
 msgid "Confidential"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:37
+#: authentik/providers/oauth2/models.py:38
 msgid "Public"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:51
+#: authentik/providers/oauth2/models.py:60
 msgid "Based on the Hashed User ID"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:52
+#: authentik/providers/oauth2/models.py:61
 msgid "Based on the username"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:55
+#: authentik/providers/oauth2/models.py:64
 msgid "Based on the User's Email. This is recommended over the UPN method."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:71
+#: authentik/providers/oauth2/models.py:80
 msgid "Same identifier is used for all providers"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:73
+#: authentik/providers/oauth2/models.py:82
 msgid "Each provider has a different issuer, based on the application slug."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:80
+#: authentik/providers/oauth2/models.py:89
 msgid "code (Authorization Code Flow)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:81
+#: authentik/providers/oauth2/models.py:90
 msgid "id_token (Implicit Flow)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:82
+#: authentik/providers/oauth2/models.py:91
 msgid "id_token token (Implicit Flow)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:83
+#: authentik/providers/oauth2/models.py:92
 msgid "code token (Hybrid Flow)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:84
+#: authentik/providers/oauth2/models.py:93
 msgid "code id_token (Hybrid Flow)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:85
+#: authentik/providers/oauth2/models.py:94
 msgid "code id_token token (Hybrid Flow)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:91
+#: authentik/providers/oauth2/models.py:100
 msgid "HS256 (Symmetric Encryption)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:92
+#: authentik/providers/oauth2/models.py:101
 msgid "RS256 (Asymmetric Encryption)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:93
+#: authentik/providers/oauth2/models.py:102
 msgid "ES256 (Asymmetric Encryption)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:99
+#: authentik/providers/oauth2/models.py:108
 msgid "Scope used by the client"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:125
+#: authentik/providers/oauth2/models.py:134
 msgid "Scope Mapping"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:126
+#: authentik/providers/oauth2/models.py:135
 msgid "Scope Mappings"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:136
+#: authentik/providers/oauth2/models.py:145
 msgid "Client Type"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:142
+#: authentik/providers/oauth2/models.py:151
 msgid "Client ID"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:148
+#: authentik/providers/oauth2/models.py:157
 msgid "Client Secret"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:154
+#: authentik/providers/oauth2/models.py:163
 msgid "Redirect URIs"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:155
+#: authentik/providers/oauth2/models.py:164
 msgid "Enter each URI on a new line."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:160
+#: authentik/providers/oauth2/models.py:169
 msgid "Include claims in id_token"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:208
-msgid "RSA Key"
+#: authentik/providers/oauth2/models.py:217
+msgid "Signing Key"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:212
+#: authentik/providers/oauth2/models.py:221
 msgid ""
 "Key used to sign the tokens. Only required when JWT Algorithm is set to "
 "RS256."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:291
+#: authentik/providers/oauth2/models.py:228
+msgid ""
+"Any JWT signed by the JWK of the selected source can be used to authenticate."
+msgstr ""
+
+#: authentik/providers/oauth2/models.py:310
 msgid "OAuth2/OpenID Provider"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:292
+#: authentik/providers/oauth2/models.py:311
 msgid "OAuth2/OpenID Providers"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:300
+#: authentik/providers/oauth2/models.py:319
 msgid "Scopes"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:319
+#: authentik/providers/oauth2/models.py:338
 msgid "Code"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:320
+#: authentik/providers/oauth2/models.py:339
 msgid "Nonce"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:321
+#: authentik/providers/oauth2/models.py:340
 msgid "Is Authentication?"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:322
+#: authentik/providers/oauth2/models.py:341
 msgid "Code Challenge"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:324
+#: authentik/providers/oauth2/models.py:343
 msgid "Code Challenge Method"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:338
+#: authentik/providers/oauth2/models.py:357
 msgid "Authorization Code"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:339
+#: authentik/providers/oauth2/models.py:358
 msgid "Authorization Codes"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:382
+#: authentik/providers/oauth2/models.py:401
 msgid "Access Token"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:383
+#: authentik/providers/oauth2/models.py:402
 msgid "Refresh Token"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:384
+#: authentik/providers/oauth2/models.py:403
 msgid "ID Token"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:387
+#: authentik/providers/oauth2/models.py:406
 msgid "OAuth2 Token"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:388
+#: authentik/providers/oauth2/models.py:407
 msgid "OAuth2 Tokens"
 msgstr ""
 
-#: authentik/providers/oauth2/views/authorize.py:458
-#: authentik/providers/saml/views/sso.py:69
+#: authentik/providers/oauth2/views/authorize.py:410
+#: authentik/providers/saml/views/flows.py:86
 #, python-format
-msgid "You're about to sign into %(application)s."
+msgid "Redirecting to %(app)s..."
+msgstr ""
+
+#: authentik/providers/oauth2/views/userinfo.py:43
+#: authentik/providers/oauth2/views/userinfo.py:44
+msgid "GitHub Compatibility: Access your User Information"
+msgstr ""
+
+#: authentik/providers/oauth2/views/userinfo.py:45
+msgid "GitHub Compatibility: Access you Email addresses"
+msgstr ""
+
+#: authentik/providers/oauth2/views/userinfo.py:46
+msgid "GitHub Compatibility: Access your Groups"
+msgstr ""
+
+#: authentik/providers/oauth2/views/userinfo.py:47
+msgid "authentik API Access on behalf of your user"
 msgstr ""
 
 #: authentik/providers/proxy/models.py:52
@@ -832,11 +895,11 @@ msgstr ""
 msgid "Proxy Providers"
 msgstr ""
 
-#: authentik/providers/saml/api.py:176
+#: authentik/providers/saml/api.py:177
 msgid "Invalid XML Syntax"
 msgstr ""
 
-#: authentik/providers/saml/api.py:186
+#: authentik/providers/saml/api.py:187
 #, python-format
 msgid "Failed to import Metadata: %(message)s"
 msgstr ""
@@ -857,39 +920,39 @@ msgstr ""
 msgid "NameID Property Mapping"
 msgstr ""
 
-#: authentik/providers/saml/models.py:109 authentik/sources/saml/models.py:128
+#: authentik/providers/saml/models.py:109 authentik/sources/saml/models.py:139
 msgid "SHA1"
 msgstr ""
 
-#: authentik/providers/saml/models.py:110 authentik/sources/saml/models.py:129
+#: authentik/providers/saml/models.py:110 authentik/sources/saml/models.py:140
 msgid "SHA256"
 msgstr ""
 
-#: authentik/providers/saml/models.py:111 authentik/sources/saml/models.py:130
+#: authentik/providers/saml/models.py:111 authentik/sources/saml/models.py:141
 msgid "SHA384"
 msgstr ""
 
-#: authentik/providers/saml/models.py:112 authentik/sources/saml/models.py:131
+#: authentik/providers/saml/models.py:112 authentik/sources/saml/models.py:142
 msgid "SHA512"
 msgstr ""
 
-#: authentik/providers/saml/models.py:119 authentik/sources/saml/models.py:138
+#: authentik/providers/saml/models.py:119 authentik/sources/saml/models.py:149
 msgid "RSA-SHA1"
 msgstr ""
 
-#: authentik/providers/saml/models.py:120 authentik/sources/saml/models.py:139
+#: authentik/providers/saml/models.py:120 authentik/sources/saml/models.py:150
 msgid "RSA-SHA256"
 msgstr ""
 
-#: authentik/providers/saml/models.py:121 authentik/sources/saml/models.py:140
+#: authentik/providers/saml/models.py:121 authentik/sources/saml/models.py:151
 msgid "RSA-SHA384"
 msgstr ""
 
-#: authentik/providers/saml/models.py:122 authentik/sources/saml/models.py:141
+#: authentik/providers/saml/models.py:122 authentik/sources/saml/models.py:152
 msgid "RSA-SHA512"
 msgstr ""
 
-#: authentik/providers/saml/models.py:123 authentik/sources/saml/models.py:142
+#: authentik/providers/saml/models.py:123 authentik/sources/saml/models.py:153
 msgid "DSA-SHA1"
 msgstr ""
 
@@ -901,7 +964,7 @@ msgstr ""
 msgid "Keypair used to sign outgoing Responses going to the Service Provider."
 msgstr ""
 
-#: authentik/providers/saml/models.py:150 authentik/sources/saml/models.py:118
+#: authentik/providers/saml/models.py:150 authentik/sources/saml/models.py:129
 msgid "Signing Keypair"
 msgstr ""
 
@@ -1044,95 +1107,107 @@ msgstr ""
 msgid "URL used by authentik to get user information."
 msgstr ""
 
-#: authentik/sources/oauth/models.py:97
+#: authentik/sources/oauth/models.py:48
+msgid "Additional Scopes"
+msgstr ""
+
+#: authentik/sources/oauth/models.py:104
 msgid "OAuth Source"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:98
+#: authentik/sources/oauth/models.py:105
 msgid "OAuth Sources"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:107
+#: authentik/sources/oauth/models.py:114
 msgid "GitHub OAuth Source"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:108
+#: authentik/sources/oauth/models.py:115
 msgid "GitHub OAuth Sources"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:117
+#: authentik/sources/oauth/models.py:124
+msgid "Mailcow OAuth Source"
+msgstr ""
+
+#: authentik/sources/oauth/models.py:125
+msgid "Mailcow OAuth Sources"
+msgstr ""
+
+#: authentik/sources/oauth/models.py:134
 msgid "Twitter OAuth Source"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:118
+#: authentik/sources/oauth/models.py:135
 msgid "Twitter OAuth Sources"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:127
+#: authentik/sources/oauth/models.py:144
 msgid "Facebook OAuth Source"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:128
+#: authentik/sources/oauth/models.py:145
 msgid "Facebook OAuth Sources"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:137
+#: authentik/sources/oauth/models.py:154
 msgid "Discord OAuth Source"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:138
+#: authentik/sources/oauth/models.py:155
 msgid "Discord OAuth Sources"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:147
+#: authentik/sources/oauth/models.py:164
 msgid "Google OAuth Source"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:148
+#: authentik/sources/oauth/models.py:165
 msgid "Google OAuth Sources"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:157
+#: authentik/sources/oauth/models.py:174
 msgid "Azure AD OAuth Source"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:158
+#: authentik/sources/oauth/models.py:175
 msgid "Azure AD OAuth Sources"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:167
+#: authentik/sources/oauth/models.py:184
 msgid "OpenID OAuth Source"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:168
+#: authentik/sources/oauth/models.py:185
 msgid "OpenID OAuth Sources"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:177
+#: authentik/sources/oauth/models.py:194
 msgid "Apple OAuth Source"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:178
+#: authentik/sources/oauth/models.py:195
 msgid "Apple OAuth Sources"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:187
+#: authentik/sources/oauth/models.py:204
 msgid "Okta OAuth Source"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:188
+#: authentik/sources/oauth/models.py:205
 msgid "Okta OAuth Sources"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:203
+#: authentik/sources/oauth/models.py:220
 msgid "User OAuth Source Connection"
 msgstr ""
 
-#: authentik/sources/oauth/models.py:204
+#: authentik/sources/oauth/models.py:221
 msgid "User OAuth Source Connections"
 msgstr ""
 
-#: authentik/sources/oauth/views/callback.py:98
+#: authentik/sources/oauth/views/callback.py:99
 msgid "Authentication Failed."
 msgstr ""
 
@@ -1164,72 +1239,72 @@ msgstr ""
 msgid "User Plex Source Connections"
 msgstr ""
 
-#: authentik/sources/saml/models.py:36
+#: authentik/sources/saml/models.py:38
 msgid "Redirect Binding"
 msgstr ""
 
-#: authentik/sources/saml/models.py:37
+#: authentik/sources/saml/models.py:39
 msgid "POST Binding"
 msgstr ""
 
-#: authentik/sources/saml/models.py:38
+#: authentik/sources/saml/models.py:40
 msgid "POST Binding with auto-confirmation"
 msgstr ""
 
-#: authentik/sources/saml/models.py:57
+#: authentik/sources/saml/models.py:68
 msgid "Flow used before authentication."
 msgstr ""
 
-#: authentik/sources/saml/models.py:64
+#: authentik/sources/saml/models.py:75
 msgid "Issuer"
 msgstr ""
 
-#: authentik/sources/saml/models.py:65
+#: authentik/sources/saml/models.py:76
 msgid "Also known as Entity ID. Defaults the Metadata URL."
 msgstr ""
 
-#: authentik/sources/saml/models.py:69
+#: authentik/sources/saml/models.py:80
 msgid "SSO URL"
 msgstr ""
 
-#: authentik/sources/saml/models.py:70
+#: authentik/sources/saml/models.py:81
 msgid "URL that the initial Login request is sent to."
 msgstr ""
 
-#: authentik/sources/saml/models.py:76
+#: authentik/sources/saml/models.py:87
 msgid "SLO URL"
 msgstr ""
 
-#: authentik/sources/saml/models.py:77
+#: authentik/sources/saml/models.py:88
 msgid "Optional URL if your IDP supports Single-Logout."
 msgstr ""
 
-#: authentik/sources/saml/models.py:83
+#: authentik/sources/saml/models.py:94
 msgid ""
 "Allows authentication flows initiated by the IdP. This can be a security "
 "risk, as no validation of the request ID is done."
 msgstr ""
 
-#: authentik/sources/saml/models.py:91
+#: authentik/sources/saml/models.py:102
 msgid ""
 "NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent."
 msgstr ""
 
-#: authentik/sources/saml/models.py:102
+#: authentik/sources/saml/models.py:113
 msgid "Delete temporary users after"
 msgstr ""
 
-#: authentik/sources/saml/models.py:120
+#: authentik/sources/saml/models.py:131
 msgid ""
 "Keypair which is used to sign outgoing requests. Leave empty to disable "
 "signing."
 msgstr ""
 
-#: authentik/sources/saml/models.py:188
+#: authentik/sources/saml/models.py:199
 msgid "SAML Source"
 msgstr ""
 
-#: authentik/sources/saml/models.py:189
+#: authentik/sources/saml/models.py:200
 msgid "SAML Sources"
 msgstr ""
 
@@ -1241,32 +1316,44 @@ msgstr ""
 msgid "Duo Authenticator Setup Stages"
 msgstr ""
 
-#: authentik/stages/authenticator_duo/models.py:82
+#: authentik/stages/authenticator_duo/models.py:84
 msgid "Duo Device"
 msgstr ""
 
-#: authentik/stages/authenticator_duo/models.py:83
+#: authentik/stages/authenticator_duo/models.py:85
 msgid "Duo Devices"
 msgstr ""
 
-#: authentik/stages/authenticator_sms/models.py:157
+#: authentik/stages/authenticator_sms/models.py:53
+msgid ""
+"When enabled, the Phone number is only used during enrollment to verify the "
+"users authenticity. Only a hash of the phone number is saved to ensure it is "
+"not re-used in the future."
+msgstr ""
+
+#: authentik/stages/authenticator_sms/models.py:167
 msgid "SMS Authenticator Setup Stage"
 msgstr ""
 
-#: authentik/stages/authenticator_sms/models.py:158
+#: authentik/stages/authenticator_sms/models.py:168
 msgid "SMS Authenticator Setup Stages"
 msgstr ""
 
-#: authentik/stages/authenticator_sms/models.py:175
+#: authentik/stages/authenticator_sms/models.py:207
 msgid "SMS Device"
 msgstr ""
 
-#: authentik/stages/authenticator_sms/models.py:176
+#: authentik/stages/authenticator_sms/models.py:208
 msgid "SMS Devices"
 msgstr ""
 
-#: authentik/stages/authenticator_sms/stage.py:54
-#: authentik/stages/authenticator_totp/stage.py:45
+#: authentik/stages/authenticator_sms/stage.py:56
+msgid "Invalid phone number"
+msgstr ""
+
+#: authentik/stages/authenticator_sms/stage.py:61
+#: authentik/stages/authenticator_totp/stage.py:39
+#: authentik/stages/authenticator_totp/stage.py:42
 msgid "Code does not match"
 msgstr ""
 
@@ -1294,51 +1381,55 @@ msgstr ""
 msgid "TOTP Authenticator Setup Stages"
 msgstr ""
 
-#: authentik/stages/authenticator_validate/challenge.py:99
+#: authentik/stages/authenticator_validate/challenge.py:110
 msgid "Invalid Token"
 msgstr ""
 
 #: authentik/stages/authenticator_validate/models.py:17
-msgid "TOTP"
+msgid "Static"
 msgstr ""
 
 #: authentik/stages/authenticator_validate/models.py:18
-msgid "WebAuthn"
+msgid "TOTP"
 msgstr ""
 
 #: authentik/stages/authenticator_validate/models.py:19
-msgid "Duo"
+msgid "WebAuthn"
 msgstr ""
 
 #: authentik/stages/authenticator_validate/models.py:20
+msgid "Duo"
+msgstr ""
+
+#: authentik/stages/authenticator_validate/models.py:21
 msgid "SMS"
 msgstr ""
 
-#: authentik/stages/authenticator_validate/models.py:58
+#: authentik/stages/authenticator_validate/models.py:57
 msgid "Device classes which can be used to authenticate"
 msgstr ""
 
-#: authentik/stages/authenticator_validate/models.py:80
+#: authentik/stages/authenticator_validate/models.py:90
 msgid "Authenticator Validation Stage"
 msgstr ""
 
-#: authentik/stages/authenticator_validate/models.py:81
+#: authentik/stages/authenticator_validate/models.py:91
 msgid "Authenticator Validation Stages"
 msgstr ""
 
-#: authentik/stages/authenticator_webauthn/models.py:71
+#: authentik/stages/authenticator_webauthn/models.py:112
 msgid "WebAuthn Authenticator Setup Stage"
 msgstr ""
 
-#: authentik/stages/authenticator_webauthn/models.py:72
+#: authentik/stages/authenticator_webauthn/models.py:113
 msgid "WebAuthn Authenticator Setup Stages"
 msgstr ""
 
-#: authentik/stages/authenticator_webauthn/models.py:105
+#: authentik/stages/authenticator_webauthn/models.py:146
 msgid "WebAuthn Device"
 msgstr ""
 
-#: authentik/stages/authenticator_webauthn/models.py:106
+#: authentik/stages/authenticator_webauthn/models.py:147
 msgid "WebAuthn Devices"
 msgstr ""
 
@@ -1360,19 +1451,19 @@ msgstr ""
 msgid "Captcha Stages"
 msgstr ""
 
-#: authentik/stages/consent/models.py:52
+#: authentik/stages/consent/models.py:50
 msgid "Consent Stage"
 msgstr ""
 
-#: authentik/stages/consent/models.py:53
+#: authentik/stages/consent/models.py:51
 msgid "Consent Stages"
 msgstr ""
 
-#: authentik/stages/consent/models.py:68
+#: authentik/stages/consent/models.py:67
 msgid "User Consent"
 msgstr ""
 
-#: authentik/stages/consent/models.py:69
+#: authentik/stages/consent/models.py:68
 msgid "User Consents"
 msgstr ""
 
@@ -1416,15 +1507,15 @@ msgstr ""
 msgid "Email Stages"
 msgstr ""
 
-#: authentik/stages/email/stage.py:106
+#: authentik/stages/email/stage.py:108
 msgid "Successfully verified Email."
 msgstr ""
 
-#: authentik/stages/email/stage.py:113 authentik/stages/email/stage.py:135
+#: authentik/stages/email/stage.py:115 authentik/stages/email/stage.py:137
 msgid "No pending user."
 msgstr ""
 
-#: authentik/stages/email/stage.py:125
+#: authentik/stages/email/stage.py:127
 msgid "Email sent."
 msgstr ""
 
@@ -1536,7 +1627,7 @@ msgstr ""
 msgid "Identification Stages"
 msgstr ""
 
-#: authentik/stages/identification/stage.py:175
+#: authentik/stages/identification/stage.py:176
 msgid "Log in"
 msgstr ""
 
@@ -1548,19 +1639,19 @@ msgstr ""
 msgid "Invitation Stages"
 msgstr ""
 
-#: authentik/stages/invitation/models.py:57
+#: authentik/stages/invitation/models.py:59
 msgid "When enabled, the invitation will be deleted after usage."
 msgstr ""
 
-#: authentik/stages/invitation/models.py:64
+#: authentik/stages/invitation/models.py:66
 msgid "Optional fixed data to enforce on user enrollment."
 msgstr ""
 
-#: authentik/stages/invitation/models.py:72
+#: authentik/stages/invitation/models.py:74
 msgid "Invitation"
 msgstr ""
 
-#: authentik/stages/invitation/models.py:73
+#: authentik/stages/invitation/models.py:75
 msgid "Invitations"
 msgstr ""
 
@@ -1588,55 +1679,59 @@ msgstr ""
 msgid "Password Stages"
 msgstr ""
 
-#: authentik/stages/password/stage.py:152
+#: authentik/stages/password/stage.py:160
 msgid "Invalid password"
 msgstr ""
 
-#: authentik/stages/prompt/models.py:29
+#: authentik/stages/prompt/models.py:38
 msgid "Text: Simple Text input"
 msgstr ""
 
-#: authentik/stages/prompt/models.py:32
+#: authentik/stages/prompt/models.py:41
 msgid "Text (read-only): Simple Text input, but cannot be edited."
 msgstr ""
 
-#: authentik/stages/prompt/models.py:39
+#: authentik/stages/prompt/models.py:48
 msgid "Email: Text field with Email type."
 msgstr ""
 
-#: authentik/stages/prompt/models.py:55
+#: authentik/stages/prompt/models.py:64
 msgid "Separator: Static Separator Line"
 msgstr ""
 
-#: authentik/stages/prompt/models.py:56
+#: authentik/stages/prompt/models.py:65
 msgid "Hidden: Hidden field, can be used to insert data into form."
 msgstr ""
 
-#: authentik/stages/prompt/models.py:57
+#: authentik/stages/prompt/models.py:66
 msgid "Static: Static value, displayed as-is."
 msgstr ""
 
-#: authentik/stages/prompt/models.py:66
+#: authentik/stages/prompt/models.py:68
+msgid "authentik: Selection of locales authentik supports"
+msgstr ""
+
+#: authentik/stages/prompt/models.py:77
 msgid "Name of the form field, also used to store the value"
 msgstr ""
 
-#: authentik/stages/prompt/models.py:131
+#: authentik/stages/prompt/models.py:170
 msgid "Prompt"
 msgstr ""
 
-#: authentik/stages/prompt/models.py:132
+#: authentik/stages/prompt/models.py:171
 msgid "Prompts"
 msgstr ""
 
-#: authentik/stages/prompt/models.py:160
+#: authentik/stages/prompt/models.py:199
 msgid "Prompt Stage"
 msgstr ""
 
-#: authentik/stages/prompt/models.py:161
+#: authentik/stages/prompt/models.py:200
 msgid "Prompt Stages"
 msgstr ""
 
-#: authentik/stages/prompt/stage.py:94
+#: authentik/stages/prompt/stage.py:95
 msgid "Passwords don't match."
 msgstr ""
 
@@ -1648,7 +1743,7 @@ msgstr ""
 msgid "User Delete Stages"
 msgstr ""
 
-#: authentik/stages/user_delete/stage.py:24
+#: authentik/stages/user_delete/stage.py:22
 msgid "No Pending User."
 msgstr ""
 
@@ -1666,11 +1761,11 @@ msgstr ""
 msgid "User Login Stages"
 msgstr ""
 
-#: authentik/stages/user_login/stage.py:29
+#: authentik/stages/user_login/stage.py:27
 msgid "No Pending user to login."
 msgstr ""
 
-#: authentik/stages/user_login/stage.py:57
+#: authentik/stages/user_login/stage.py:55
 msgid "Successfully logged in!"
 msgstr ""
 
@@ -1690,15 +1785,15 @@ msgstr ""
 msgid "Optionally add newly created users to this group."
 msgstr ""
 
-#: authentik/stages/user_write/models.py:47
+#: authentik/stages/user_write/models.py:52
 msgid "User Write Stage"
 msgstr ""
 
-#: authentik/stages/user_write/models.py:48
+#: authentik/stages/user_write/models.py:53
 msgid "User Write Stages"
 msgstr ""
 
-#: authentik/stages/user_write/stage.py:53
+#: authentik/stages/user_write/stage.py:112
 msgid "No Pending data."
 msgstr ""
 
@@ -1708,10 +1803,10 @@ msgid ""
 "and `ba.b`"
 msgstr ""
 
-#: authentik/tenants/models.py:70
+#: authentik/tenants/models.py:75
 msgid "Tenant"
 msgstr ""
 
-#: authentik/tenants/models.py:71
+#: authentik/tenants/models.py:76
 msgid "Tenants"
 msgstr ""
diff --git a/schema.yml b/schema.yml
index 605369ced..a712e9531 100644
--- a/schema.yml
+++ b/schema.yml
@@ -20510,8 +20510,12 @@ components:
           type: array
           items:
             $ref: '#/components/schemas/Permission'
+        additional_permissions:
+          type: array
+          items:
+            $ref: '#/components/schemas/Permission'
       required:
-      - header_text
+      - additional_permissions
       - pending_user
       - pending_user_avatar
       - permissions
@@ -31215,6 +31219,9 @@ components:
           $ref: '#/components/schemas/User'
         application:
           $ref: '#/components/schemas/Application'
+        permissions:
+          type: string
+          default: ''
       required:
       - application
       - pk
diff --git a/web/src/flows/stages/consent/ConsentStage.ts b/web/src/flows/stages/consent/ConsentStage.ts
index ea53dc901..af6bf991d 100644
--- a/web/src/flows/stages/consent/ConsentStage.ts
+++ b/web/src/flows/stages/consent/ConsentStage.ts
@@ -36,6 +36,66 @@ export class ConsentStage extends BaseStage<ConsentChallenge, ConsentChallengeRe
         ];
     }
 
+    renderNoPrevious(): TemplateResult {
+        return html`
+            <div class="pf-c-form__group">
+                <p id="header-text" class="pf-u-mb-xl">${this.challenge.headerText}</p>
+                ${this.challenge.permissions.length > 0
+                    ? html`
+                          <p class="pf-u-mb-sm">
+                              ${t`Application requires following permissions:`}
+                          </p>
+                          <ul class="pf-c-list" id="permmissions">
+                              ${this.challenge.permissions.map((permission) => {
+                                  return html`<li data-permission-code="${permission.id}">
+                                      ${permission.name}
+                                  </li>`;
+                              })}
+                          </ul>
+                      `
+                    : html``}
+            </div>
+        `;
+    }
+
+    renderAdditional(): TemplateResult {
+        return html`
+            <div class="pf-c-form__group">
+                <p id="header-text" class="pf-u-mb-xl">${this.challenge.headerText}</p>
+                ${this.challenge.permissions.length > 0
+                    ? html`
+                          <p class="pf-u-mb-sm">
+                              ${t`Application already has access to the following permissions:`}
+                          </p>
+                          <ul class="pf-c-list" id="permmissions">
+                              ${this.challenge.permissions.map((permission) => {
+                                  return html`<li data-permission-code="${permission.id}">
+                                      ${permission.name}
+                                  </li>`;
+                              })}
+                          </ul>
+                      `
+                    : html``}
+            </div>
+            <div class="pf-c-form__group pf-u-mt-md">
+                ${this.challenge.additionalPermissions.length > 0
+                    ? html`
+                          <strong class="pf-u-mb-sm">
+                              ${t`Application requires following new permissions:`}
+                          </strong>
+                          <ul class="pf-c-list" id="permmissions">
+                              ${this.challenge.additionalPermissions.map((permission) => {
+                                  return html`<li data-permission-code="${permission.id}">
+                                      ${permission.name}
+                                  </li>`;
+                              })}
+                          </ul>
+                      `
+                    : html``}
+            </div>
+        `;
+    }
+
     render(): TemplateResult {
         if (!this.challenge) {
             return html`<ak-empty-state ?loading="${true}" header=${t`Loading`}> </ak-empty-state>`;
@@ -61,23 +121,9 @@ export class ConsentStage extends BaseStage<ConsentChallenge, ConsentChallengeRe
                             >
                         </div>
                     </ak-form-static>
-                    <div class="pf-c-form__group">
-                        <p id="header-text" class="pf-u-mb-xl">${this.challenge.headerText}</p>
-                        ${this.challenge.permissions.length > 0
-                            ? html`
-                                  <p class="pf-u-mb-sm">
-                                      ${t`Application requires following permissions:`}
-                                  </p>
-                                  <ul class="pf-c-list" id="permmissions">
-                                      ${this.challenge.permissions.map((permission) => {
-                                          return html`<li data-permission-code="${permission.id}">
-                                              ${permission.name}
-                                          </li>`;
-                                      })}
-                                  </ul>
-                              `
-                            : html``}
-                    </div>
+                    ${this.challenge.additionalPermissions.length > 0
+                        ? this.renderAdditional()
+                        : this.renderNoPrevious()}
 
                     <div class="pf-c-form__group pf-m-action">
                         <button type="submit" class="pf-c-button pf-m-primary pf-m-block">
diff --git a/web/src/locales/de.po b/web/src/locales/de.po
index 5a4bbdaa2..cc495ab20 100644
--- a/web/src/locales/de.po
+++ b/web/src/locales/de.po
@@ -103,6 +103,7 @@ msgstr "Ein nicht abnehmbarer Authentifikator, wie TouchID oder Windows Hello"
 msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
 msgstr "Eine Richtlinie, die zum Testen verwendet wird. Gibt nach einer zufälligen Wartezeit immer das unten angegeben Ergebnis zurück."
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderViewPage.ts
 msgid "ACS URL"
@@ -126,6 +127,10 @@ msgstr "EINE, eine Bedingung muss erfüllt sein, um Zugang zu gewähren."
 msgid "ANY, any policy must match to include this stage access."
 msgstr "EINE, eine Bedingung muss erfüllt sein, um Zugang zu dieser Stufe zu gewähren."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "API"
+msgstr ""
+
 #: src/pages/tokens/TokenListPage.ts
 msgid "API Access"
 msgstr "API Zugriff"
@@ -270,6 +275,10 @@ msgstr "Zusatz Benutzer-DN"
 msgid "Additional Scope"
 msgstr "Zusätzlicher Scope"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Additional UI settings"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Additional group DN, prepended to the Base DN."
 msgstr "Zusätzlicher Gruppen-DN, dem Basis-DN vorangestellt."
@@ -390,6 +399,7 @@ msgid "App password (can be used to login using a flow executor)"
 msgstr "App-Passwort (kann für die Anmeldung mit einem Ablauf genutzt werden)"
 
 #: src/elements/user/UserConsentList.ts
+#: src/flows/stages/consent/ConsentStage.ts
 #: src/pages/admin-overview/TopApplicationsTable.ts
 #: src/pages/providers/ProviderListPage.ts
 msgid "Application"
@@ -400,6 +410,14 @@ msgstr "Anwendung"
 msgid "Application Icon"
 msgstr "Anwendungs-Symbol"
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Application Link"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application already has access to the following permissions:"
+msgstr ""
+
 #: src/elements/charts/UserChart.ts
 msgid "Application authorizations"
 msgstr "Applikationsgenehmigungen"
@@ -408,11 +426,25 @@ msgstr "Applikationsgenehmigungen"
 msgid "Application authorized"
 msgstr "Anwendung authorisiert"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Application details"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application requires following new permissions:"
+msgstr ""
+
 #: src/flows/stages/consent/ConsentStage.ts
 msgid "Application requires following permissions:"
 msgstr "Anwendung benötigt die folgenden Berechtigungen:"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Application type"
+msgstr ""
+
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Application's display Name."
 msgstr "Anzeigename der Anwendung"
 
@@ -427,6 +459,18 @@ msgstr "Anwendung(en)"
 msgid "Applications"
 msgstr "Anwendungen"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which handle the authentication server-side (for example, Python, Go, Rust, Java, PHP)"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which redirect users to a non-web callback (for example, Android, iOS)"
+msgstr ""
+
+#: src/elements/wizard/ActionWizardPage.ts
+msgid "Apply changes"
+msgstr ""
+
 #: src/pages/admin-overview/AdminOverviewPage.ts
 msgid "Apps with most usage"
 msgstr "Meistgenutzte Apps"
@@ -544,6 +588,14 @@ msgstr "URL zur Authentifizierung"
 msgid "Authentication flow"
 msgstr "Authentifizierungsablauf"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Authentication method"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Authentication without user interaction, or machine-to-machine authentication."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "Authenticator"
 msgstr "Authentifikator"
@@ -568,6 +620,7 @@ msgstr "Autorisierung"
 msgid "Authorization URL"
 msgstr "Autorisierungs-URL"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
@@ -626,6 +679,7 @@ msgstr "Hintergrund während der Ausführung."
 #~ msgid "Backup status"
 #~ msgstr "Backupstatus"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 #: src/pages/providers/ldap/LDAPProviderViewPage.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
@@ -720,6 +774,10 @@ msgstr "Build hash:"
 msgid "Built-in"
 msgstr "Eingebaut"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "By default, all service accounts can authenticate as this application, as long as they have a valid token of the type app-password."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "By default, only icons are shown for sources. Enable this to show their full names."
 msgstr "Standardmäßig werden für Quellen nur Symbole angezeigt. Aktiviere diese Option, um den vollständigen Namen anzuzeigen."
@@ -1212,6 +1270,7 @@ msgstr "Wiederherstellungslink kopieren"
 
 #: src/pages/applications/ApplicationListPage.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/ApplicationWizard.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/events/RuleListPage.ts
@@ -1350,6 +1409,10 @@ msgstr "Benutzer erstellen"
 msgid "Create a new application"
 msgstr "Erstelle eine neue Anwendung"
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "Create a new application."
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "Create a new outpost integration."
 msgstr ""
@@ -1374,14 +1437,27 @@ msgstr ""
 msgid "Create a new stage."
 msgstr ""
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Create application"
+msgstr ""
+
 #: src/pages/users/ServiceAccountForm.ts
 msgid "Create group"
 msgstr "Gruppe erstellen"
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 msgid "Create provider"
 msgstr "Anbieter erstellen"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "Create service account"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Create users as inactive"
 msgstr "Benutzer als inaktiv anlegen"
@@ -1557,6 +1633,7 @@ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in S
 msgstr ""
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/property-mappings/PropertyMappingScopeForm.ts
 #: src/pages/system-tasks/SystemTaskListPage.ts
 #: src/pages/tokens/TokenForm.ts
@@ -2056,6 +2133,14 @@ msgstr "Externe Anwendungen, die Authentik als Identitätsanbieter verwenden und
 msgid "External Host"
 msgstr "Externer Host"
 
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain"
+msgstr ""
+
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain you will be accessing the domain from."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "External host"
@@ -2228,6 +2313,10 @@ msgstr "Ablauf, der zum Abmelden genutzt wird. Wenn keiner angegeben ist, wird d
 msgid "Flow used when authorizing this provider."
 msgstr "Ablauf der zur Authorisierung des Providers verwendet wird."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgid "Flow used when users access this application."
+msgstr ""
+
 #: src/pages/flows/FlowListPage.ts
 msgid "Flow(s)"
 msgstr "Ablauf/Abläufe"
@@ -2462,7 +2551,6 @@ msgid "Hide managed mappings"
 msgstr "Verwaltete Zuordnungen ausblenden"
 
 #: src/pages/users/RelatedUserList.ts
-#: src/pages/users/UserListPage.ts
 msgid "Hide service-accounts"
 msgstr "Interne Konten ausblenden"
 
@@ -2624,10 +2712,22 @@ msgstr "Importieren"
 msgid "Import Flow"
 msgstr "Ablauf importieren"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import SAML Metadata"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
+msgid "Import SAML metadata"
+msgstr ""
+
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 msgid "Import certificates of external providers or create certificates to sign requests with."
 msgstr "Importieren Sie Zertifikate externer Anbieter oder erstellen Sie Zertifikate zum Signieren von Anfragen."
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import the metadata document of the applicaation you want to configure."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "In case you can't access any other method."
 msgstr "Falls Sie auf keine andere Methode zugreifen können."
@@ -2770,6 +2870,7 @@ msgstr "Schlüsselpaar, das zum Signieren ausgehender Anfragen verwendet wird. L
 msgid "Kubeconfig"
 msgstr "Kubeconfig"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 msgid "LDAP"
@@ -2791,9 +2892,9 @@ msgstr "LDAP DN, unter dem Bind-Requests und Suchanfragen gestellt werden könne
 msgid "LDAP Sync status"
 msgstr "LDAP-Synchronisierungsstatus"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "LDAP details"
-#~ msgstr ""
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "LDAP details"
+msgstr ""
 
 #: src/pages/stages/prompt/PromptForm.ts
 #: src/pages/stages/prompt/PromptListPage.ts
@@ -2846,6 +2947,10 @@ msgstr "Start URL"
 msgid "Layout"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Legacy applications which don't natively support SSO."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "Let the user identify themselves with their username or Email address."
 msgstr "Lassen Sie den Benutzer sich mit seinem Benutzernamen oder seiner E-Mail-Adresse identifizieren."
@@ -2853,6 +2958,11 @@ msgstr "Lassen Sie den Benutzer sich mit seinem Benutzernamen oder seiner E-Mail
 #~ msgid "Library"
 #~ msgstr "Bibliothek"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Link"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
 msgid "Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses"
@@ -2911,6 +3021,7 @@ msgstr "Wird geladen"
 #: src/elements/Spinner.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/TransportForm.ts
@@ -2946,7 +3057,6 @@ msgstr "Wird geladen"
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
-#: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
@@ -2971,7 +3081,6 @@ msgstr "Wird geladen"
 #: src/pages/stages/password/PasswordStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
-#: src/pages/stages/user_write/UserWriteStageForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
@@ -3076,6 +3185,14 @@ msgstr "Verwaltet durch Authentik"
 msgid "Managed by authentik (Discovered)"
 msgstr "Verwaltet von authentik (Discovered)"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manual configuration"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manually configure SAML"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Mark newly created users as inactive."
 msgstr "Neu erstellte Benutzer als inaktiv markieren."
@@ -3121,11 +3238,18 @@ msgstr "Nachricht"
 msgid "Messages"
 msgstr "Nachrichten"
 
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderImportForm.ts
 #: src/pages/sources/saml/SAMLSourceViewPage.ts
 msgid "Metadata"
 msgstr "Metadaten"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthImplicitApplicationWizardPage.ts
+msgid "Method details"
+msgstr ""
+
 #: src/pages/policies/password/PasswordPolicyForm.ts
 msgid "Minimum amount of Digits"
 msgstr "Mindestanzahl von Ziffern"
@@ -3169,6 +3293,10 @@ msgstr "Modell gelöscht"
 msgid "Model updated"
 msgstr "Modell aktualisiert"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Modern applications, APIs and Single-page applications."
+msgstr ""
+
 #~ msgid "Monitor"
 #~ msgstr "Monitor"
 
@@ -3183,6 +3311,7 @@ msgstr "Meine Anwendungen"
 #: src/elements/forms/DeleteBulkForm.ts
 #: src/pages/applications/ApplicationForm.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/crypto/CertificateKeyPairForm.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
@@ -3280,6 +3409,10 @@ msgstr "NameID Richtlinie"
 msgid "NameID Property Mapping"
 msgstr "NameID Eigenschaft"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Native application"
+msgstr ""
+
 #: src/flows/stages/identification/IdentificationStage.ts
 msgid "Need an account?"
 msgstr "Wird ein Konto gebraucht?"
@@ -3292,6 +3425,10 @@ msgstr "Ergebnis verneinen"
 msgid "Negates the outcome of the binding. Messages are unaffected."
 msgstr "Negiert das Ergebnis der Bindung. Nachrichten sind nicht betroffen."
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "New application"
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "New outpost integration"
 msgstr ""
@@ -3547,6 +3684,10 @@ msgstr "OAuth-Aktualisierungscodes"
 #~ msgid "OAuth/OIDC"
 #~ msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "OAuth2/OIDC"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 msgid "OIDC JWKS"
 msgstr ""
@@ -3820,6 +3961,21 @@ msgstr "Passwort: Maskierte Eingabe, Passwort wird anhand von Quellen validiert.
 msgid "Passwordless flow"
 msgstr "Passwortloser Ablauf"
 
+#: src/pages/users/UserForm.ts
+msgid "Path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "Path new users will be created under. If left blank, the default path will be used.fo"
+msgstr ""
+
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "Path template for users created. Use placeholders like `%(slug)s` to insert the source slug."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "Persistent"
 msgstr "Persistent"
@@ -4028,6 +4184,11 @@ msgstr "Protokolleinstellungen"
 msgid "Protocol settings"
 msgstr "Protokolleinstellungen"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Provide an LDAP interface for applications and users to authenticate against."
+msgstr ""
+
 #: src/pages/providers/ProviderListPage.ts
 msgid "Provide support for protocols like SAML and OAuth to assigned applications."
 msgstr "Stellen Unterstützung für Protokolle wie SAML und OAuth für zugewiesene Anwendungen bereit."
@@ -4058,6 +4219,7 @@ msgstr "Anbieter"
 msgid "Providers"
 msgstr "Anbieter"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
@@ -4065,9 +4227,9 @@ msgstr "Anbieter"
 msgid "Proxy"
 msgstr "Proxy"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "Proxy details"
-#~ msgstr ""
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "Proxy details"
+msgstr ""
 
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Public"
@@ -4082,6 +4244,7 @@ msgid "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html.
 msgstr "Öffentlicher Schlüssel, erworben von https://www.google.com/recaptcha/intro/v3.html."
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Publisher"
 msgstr "Herausgeber"
 
@@ -4334,13 +4497,17 @@ msgstr "Zurück zur Geräteauswahl"
 msgid "Revoked?"
 msgstr "Widerrufen?"
 
+#: src/elements/TreeView.ts
+msgid "Root"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceViewPage.ts
 msgid "Run sync again"
 msgstr "Synchronisation erneut ausführen"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML"
-#~ msgstr ""
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "SAML"
+msgstr ""
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML (metadata import)"
@@ -4354,9 +4521,9 @@ msgstr "SAML-Attributsname"
 msgid "SAML Metadata"
 msgstr "SAML-Metadaten"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML details"
-#~ msgstr ""
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "SAML details"
+msgstr ""
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML details (import from metadata)"
@@ -4757,6 +4924,14 @@ msgstr "Einzelne Eingabeaufforderungen, die für Eingabeaufforderungsphasen verw
 msgid "Single use"
 msgstr "Einmalbenutzung"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications which handle authentication in the browser (for example, Javascript, Angular, React, Vue)"
+msgstr ""
+
 #~ msgid "Skip path regex"
 #~ msgstr "Pfad-Regex überspringen"
 
@@ -5479,6 +5654,10 @@ msgstr ""
 msgid "The following objects use {objName}"
 msgstr "Die folgenden Objekte verwenden {objName}"
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
+msgstr ""
+
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@@ -5540,6 +5719,10 @@ msgstr ""
 msgid "These policies control which users can access this application."
 msgstr "Diese Richtlinien steuern, welche Benutzer auf diese Anwendung zugreifen können."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "This configuration can be used to authenticate to authentik with other APIs other otherwise programmatically."
+msgstr ""
+
 #: src/flows/FlowInspector.ts
 msgid "This flow is completed."
 msgstr "Dieser Ablauf ist abgeschlossen."
@@ -5724,6 +5907,14 @@ msgstr "Zustellungsarten"
 msgid "Trusted OIDC Sources"
 msgstr ""
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try it now"
+msgstr ""
+
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try the new application wizard"
+msgstr ""
+
 #: src/interfaces/locale.ts
 msgid "Turkish"
 msgstr "Türkisch"
@@ -5777,6 +5968,10 @@ msgstr "UPN"
 msgid "URL settings"
 msgstr "URL-Einstellungen"
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "URL that authentik will redirect back to after successful authentication."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "URL that the initial Login request is sent to."
 msgstr "URL, an die die erste Login-Anfrage gesendet wird."
@@ -5797,6 +5992,10 @@ msgstr "URL, die von Authentik zum Abrufen von Token verwendet wird."
 msgid "URL used to request the initial token. This URL is only required for OAuth 1."
 msgstr "URL, die zur Anforderung des anfänglichen Tokens verwendet wird. Diese URL ist nur für OAuth 1 erforderlich"
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "URL which will be opened when a user clicks on the application."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Unauthenticated Paths"
 msgstr "Nicht authentifizierte Pfade"
@@ -6136,6 +6335,10 @@ msgstr "Benutzerereignisse"
 msgid "User fields"
 msgstr "Benutzerfelder"
 
+#: src/pages/users/UserListPage.ts
+msgid "User folders"
+msgstr ""
+
 #: src/interfaces/AdminInterface.ts
 msgid "User interface"
 msgstr "Benutzeroberfläche"
@@ -6160,6 +6363,17 @@ msgstr "Benutzerobjektfilter"
 msgid "User password writeback"
 msgstr "Rückschreiben des Benutzerkennworts"
 
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "User path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "User path template"
+msgstr ""
+
 #: src/pages/tenants/TenantForm.ts
 msgid "User settings flow"
 msgstr ""
@@ -6395,6 +6609,10 @@ msgstr "Warnung: authentik-Domain ist nicht konfiguriert. Authentifizierungen we
 msgid "Web Certificate"
 msgstr "Web-Zertifikat"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Web application"
+msgstr ""
+
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 msgid "WebAuthn Authenticators"
 msgstr "WebAuthn-Authentifikatoren"
@@ -6515,6 +6733,10 @@ msgstr ""
 msgid "X509 Subject"
 msgstr "X509 Betreff"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "XML-based SSO standard. Use this if your application only supports SAML."
+msgstr ""
+
 #: src/elements/oauth/UserRefreshList.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/groups/GroupListPage.ts
diff --git a/web/src/locales/en.po b/web/src/locales/en.po
index e2616357d..9f77b65e6 100644
--- a/web/src/locales/en.po
+++ b/web/src/locales/en.po
@@ -87,6 +87,7 @@ msgstr "A non-removable authenticator, like TouchID or Windows Hello"
 msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
 msgstr "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderViewPage.ts
 msgid "ACS URL"
@@ -110,6 +111,10 @@ msgstr "ANY, any policy must match to grant access."
 msgid "ANY, any policy must match to include this stage access."
 msgstr "ANY, any policy must match to include this stage access."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "API"
+msgstr "API"
+
 #: src/pages/tokens/TokenListPage.ts
 msgid "API Access"
 msgstr "API Access"
@@ -259,6 +264,10 @@ msgstr "Addition User DN"
 msgid "Additional Scope"
 msgstr "Additional Scope"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Additional UI settings"
+msgstr "Additional UI settings"
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Additional group DN, prepended to the Base DN."
 msgstr "Additional group DN, prepended to the Base DN."
@@ -380,6 +389,7 @@ msgid "App password (can be used to login using a flow executor)"
 msgstr "App password (can be used to login using a flow executor)"
 
 #: src/elements/user/UserConsentList.ts
+#: src/flows/stages/consent/ConsentStage.ts
 #: src/pages/admin-overview/TopApplicationsTable.ts
 #: src/pages/providers/ProviderListPage.ts
 msgid "Application"
@@ -390,6 +400,14 @@ msgstr "Application"
 msgid "Application Icon"
 msgstr "Application Icon"
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Application Link"
+msgstr "Application Link"
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application already has access to the following permissions:"
+msgstr "Application already has access to the following permissions:"
+
 #: src/elements/charts/UserChart.ts
 msgid "Application authorizations"
 msgstr "Application authorizations"
@@ -398,11 +416,25 @@ msgstr "Application authorizations"
 msgid "Application authorized"
 msgstr "Application authorized"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Application details"
+msgstr "Application details"
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application requires following new permissions:"
+msgstr "Application requires following new permissions:"
+
 #: src/flows/stages/consent/ConsentStage.ts
 msgid "Application requires following permissions:"
 msgstr "Application requires following permissions:"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Application type"
+msgstr "Application type"
+
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Application's display Name."
 msgstr "Application's display Name."
 
@@ -417,6 +449,18 @@ msgstr "Application(s)"
 msgid "Applications"
 msgstr "Applications"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which handle the authentication server-side (for example, Python, Go, Rust, Java, PHP)"
+msgstr "Applications which handle the authentication server-side (for example, Python, Go, Rust, Java, PHP)"
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which redirect users to a non-web callback (for example, Android, iOS)"
+msgstr "Applications which redirect users to a non-web callback (for example, Android, iOS)"
+
+#: src/elements/wizard/ActionWizardPage.ts
+msgid "Apply changes"
+msgstr "Apply changes"
+
 #: src/pages/admin-overview/AdminOverviewPage.ts
 msgid "Apps with most usage"
 msgstr "Apps with most usage"
@@ -536,6 +580,14 @@ msgstr "Authentication URL"
 msgid "Authentication flow"
 msgstr "Authentication flow"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Authentication method"
+msgstr "Authentication method"
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Authentication without user interaction, or machine-to-machine authentication."
+msgstr "Authentication without user interaction, or machine-to-machine authentication."
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "Authenticator"
 msgstr "Authenticator"
@@ -561,6 +613,7 @@ msgstr "Authorization"
 msgid "Authorization URL"
 msgstr "Authorization URL"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
@@ -622,6 +675,7 @@ msgstr "Background shown during execution."
 #~ msgid "Backup status"
 #~ msgstr "Backup status"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 #: src/pages/providers/ldap/LDAPProviderViewPage.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
@@ -717,6 +771,10 @@ msgstr "Build hash:"
 msgid "Built-in"
 msgstr "Built-in"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "By default, all service accounts can authenticate as this application, as long as they have a valid token of the type app-password."
+msgstr "By default, all service accounts can authenticate as this application, as long as they have a valid token of the type app-password."
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "By default, only icons are shown for sources. Enable this to show their full names."
 msgstr "By default, only icons are shown for sources. Enable this to show their full names."
@@ -1222,6 +1280,7 @@ msgstr "Copy recovery link"
 
 #: src/pages/applications/ApplicationListPage.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/ApplicationWizard.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/events/RuleListPage.ts
@@ -1360,6 +1419,10 @@ msgstr "Create User"
 msgid "Create a new application"
 msgstr "Create a new application"
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "Create a new application."
+msgstr "Create a new application."
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "Create a new outpost integration."
 msgstr "Create a new outpost integration."
@@ -1384,14 +1447,27 @@ msgstr "Create a new source."
 msgid "Create a new stage."
 msgstr "Create a new stage."
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Create application"
+msgstr "Create application"
+
 #: src/pages/users/ServiceAccountForm.ts
 msgid "Create group"
 msgstr "Create group"
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 msgid "Create provider"
 msgstr "Create provider"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "Create service account"
+msgstr "Create service account"
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Create users as inactive"
 msgstr "Create users as inactive"
@@ -1575,6 +1651,7 @@ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in S
 msgstr "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/property-mappings/PropertyMappingScopeForm.ts
 #: src/pages/system-tasks/SystemTaskListPage.ts
 #: src/pages/tokens/TokenForm.ts
@@ -2091,6 +2168,14 @@ msgstr "External Applications which use authentik as Identity-Provider, utilizin
 msgid "External Host"
 msgstr "External Host"
 
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain"
+msgstr "External domain"
+
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain you will be accessing the domain from."
+msgstr "External domain you will be accessing the domain from."
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "External host"
@@ -2264,6 +2349,10 @@ msgstr "Flow used to logout. If left empty, the first applicable flow sorted by
 msgid "Flow used when authorizing this provider."
 msgstr "Flow used when authorizing this provider."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgid "Flow used when users access this application."
+msgstr "Flow used when users access this application."
+
 #: src/pages/flows/FlowListPage.ts
 msgid "Flow(s)"
 msgstr "Flow(s)"
@@ -2501,7 +2590,6 @@ msgid "Hide managed mappings"
 msgstr "Hide managed mappings"
 
 #: src/pages/users/RelatedUserList.ts
-#: src/pages/users/UserListPage.ts
 msgid "Hide service-accounts"
 msgstr "Hide service-accounts"
 
@@ -2669,10 +2757,22 @@ msgstr "Import"
 msgid "Import Flow"
 msgstr "Import Flow"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import SAML Metadata"
+msgstr "Import SAML Metadata"
+
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
+msgid "Import SAML metadata"
+msgstr "Import SAML metadata"
+
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 msgid "Import certificates of external providers or create certificates to sign requests with."
 msgstr "Import certificates of external providers or create certificates to sign requests with."
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import the metadata document of the applicaation you want to configure."
+msgstr "Import the metadata document of the applicaation you want to configure."
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "In case you can't access any other method."
 msgstr "In case you can't access any other method."
@@ -2821,6 +2921,7 @@ msgstr "Keypair which is used to sign outgoing requests. Leave empty to disable
 msgid "Kubeconfig"
 msgstr "Kubeconfig"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 msgid "LDAP"
@@ -2842,9 +2943,9 @@ msgstr "LDAP DN under which bind requests and search requests can be made."
 msgid "LDAP Sync status"
 msgstr "LDAP Sync status"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "LDAP details"
-#~ msgstr "LDAP details"
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "LDAP details"
+msgstr "LDAP details"
 
 #: src/pages/stages/prompt/PromptForm.ts
 #: src/pages/stages/prompt/PromptListPage.ts
@@ -2897,6 +2998,10 @@ msgstr "Launch URL"
 msgid "Layout"
 msgstr "Layout"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Legacy applications which don't natively support SSO."
+msgstr "Legacy applications which don't natively support SSO."
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "Let the user identify themselves with their username or Email address."
 msgstr "Let the user identify themselves with their username or Email address."
@@ -2905,6 +3010,11 @@ msgstr "Let the user identify themselves with their username or Email address."
 #~ msgid "Library"
 #~ msgstr "Library"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Link"
+msgstr "Link"
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
 msgid "Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses"
@@ -2963,6 +3073,7 @@ msgstr "Loading"
 #: src/elements/Spinner.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/TransportForm.ts
@@ -2998,7 +3109,6 @@ msgstr "Loading"
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
-#: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
@@ -3023,7 +3133,6 @@ msgstr "Loading"
 #: src/pages/stages/password/PasswordStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
-#: src/pages/stages/user_write/UserWriteStageForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
@@ -3128,6 +3237,14 @@ msgstr "Managed by authentik"
 msgid "Managed by authentik (Discovered)"
 msgstr "Managed by authentik (Discovered)"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manual configuration"
+msgstr "Manual configuration"
+
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manually configure SAML"
+msgstr "Manually configure SAML"
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Mark newly created users as inactive."
 msgstr "Mark newly created users as inactive."
@@ -3173,11 +3290,18 @@ msgstr "Message"
 msgid "Messages"
 msgstr "Messages"
 
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderImportForm.ts
 #: src/pages/sources/saml/SAMLSourceViewPage.ts
 msgid "Metadata"
 msgstr "Metadata"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthImplicitApplicationWizardPage.ts
+msgid "Method details"
+msgstr "Method details"
+
 #: src/pages/policies/password/PasswordPolicyForm.ts
 msgid "Minimum amount of Digits"
 msgstr "Minimum amount of Digits"
@@ -3221,6 +3345,10 @@ msgstr "Model deleted"
 msgid "Model updated"
 msgstr "Model updated"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Modern applications, APIs and Single-page applications."
+msgstr "Modern applications, APIs and Single-page applications."
+
 #: 
 #~ msgid "Monitor"
 #~ msgstr "Monitor"
@@ -3236,6 +3364,7 @@ msgstr "My applications"
 #: src/elements/forms/DeleteBulkForm.ts
 #: src/pages/applications/ApplicationForm.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/crypto/CertificateKeyPairForm.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
@@ -3333,6 +3462,10 @@ msgstr "NameID Policy"
 msgid "NameID Property Mapping"
 msgstr "NameID Property Mapping"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Native application"
+msgstr "Native application"
+
 #: src/flows/stages/identification/IdentificationStage.ts
 msgid "Need an account?"
 msgstr "Need an account?"
@@ -3345,6 +3478,10 @@ msgstr "Negate result"
 msgid "Negates the outcome of the binding. Messages are unaffected."
 msgstr "Negates the outcome of the binding. Messages are unaffected."
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "New application"
+msgstr "New application"
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "New outpost integration"
 msgstr "New outpost integration"
@@ -3605,6 +3742,10 @@ msgstr "OAuth Refresh Codes"
 #~ msgid "OAuth/OIDC"
 #~ msgstr "OAuth/OIDC"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "OAuth2/OIDC"
+msgstr "OAuth2/OIDC"
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 msgid "OIDC JWKS"
 msgstr "OIDC JWKS"
@@ -3884,6 +4025,21 @@ msgstr "Password: Masked input, password is validated against sources. Policies
 msgid "Passwordless flow"
 msgstr "Passwordless flow"
 
+#: src/pages/users/UserForm.ts
+msgid "Path"
+msgstr "Path"
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "Path new users will be created under. If left blank, the default path will be used.fo"
+msgstr "Path new users will be created under. If left blank, the default path will be used.fo"
+
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "Path template for users created. Use placeholders like `%(slug)s` to insert the source slug."
+msgstr "Path template for users created. Use placeholders like `%(slug)s` to insert the source slug."
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "Persistent"
 msgstr "Persistent"
@@ -4097,6 +4253,11 @@ msgstr "Protocol Settings"
 msgid "Protocol settings"
 msgstr "Protocol settings"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Provide an LDAP interface for applications and users to authenticate against."
+msgstr "Provide an LDAP interface for applications and users to authenticate against."
+
 #: src/pages/providers/ProviderListPage.ts
 msgid "Provide support for protocols like SAML and OAuth to assigned applications."
 msgstr "Provide support for protocols like SAML and OAuth to assigned applications."
@@ -4128,6 +4289,7 @@ msgstr "Provider(s)"
 msgid "Providers"
 msgstr "Providers"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
@@ -4135,9 +4297,9 @@ msgstr "Providers"
 msgid "Proxy"
 msgstr "Proxy"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "Proxy details"
-#~ msgstr "Proxy details"
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "Proxy details"
+msgstr "Proxy details"
 
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Public"
@@ -4152,6 +4314,7 @@ msgid "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html.
 msgstr "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html."
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Publisher"
 msgstr "Publisher"
 
@@ -4414,13 +4577,17 @@ msgstr "Return to device picker"
 msgid "Revoked?"
 msgstr "Revoked?"
 
+#: src/elements/TreeView.ts
+msgid "Root"
+msgstr "Root"
+
 #: src/pages/sources/ldap/LDAPSourceViewPage.ts
 msgid "Run sync again"
 msgstr "Run sync again"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML"
-#~ msgstr "SAML"
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "SAML"
+msgstr "SAML"
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML (metadata import)"
@@ -4434,9 +4601,9 @@ msgstr "SAML Attribute Name"
 msgid "SAML Metadata"
 msgstr "SAML Metadata"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML details"
-#~ msgstr "SAML details"
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "SAML details"
+msgstr "SAML details"
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML details (import from metadata)"
@@ -4845,6 +5012,14 @@ msgstr "Single Prompts that can be used for Prompt Stages."
 msgid "Single use"
 msgstr "Single use"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications"
+msgstr "Single-page applications"
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications which handle authentication in the browser (for example, Javascript, Angular, React, Vue)"
+msgstr "Single-page applications which handle authentication in the browser (for example, Javascript, Angular, React, Vue)"
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #~ msgid "Skip path regex"
 #~ msgstr "Skip path regex"
@@ -5594,6 +5769,10 @@ msgstr "The following keywords are supported:"
 msgid "The following objects use {objName}"
 msgstr "The following objects use {objName}"
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
+msgstr "The new application wizard greatly simplifies the steps required to create applications and providers."
+
 #: src/pages/policies/reputation/ReputationPolicyForm.ts
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
@@ -5656,6 +5835,10 @@ msgstr ""
 msgid "These policies control which users can access this application."
 msgstr "These policies control which users can access this application."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "This configuration can be used to authenticate to authentik with other APIs other otherwise programmatically."
+msgstr "This configuration can be used to authenticate to authentik with other APIs other otherwise programmatically."
+
 #: src/flows/FlowInspector.ts
 msgid "This flow is completed."
 msgstr "This flow is completed."
@@ -5844,6 +6027,14 @@ msgstr "Transports"
 msgid "Trusted OIDC Sources"
 msgstr "Trusted OIDC Sources"
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try it now"
+msgstr "Try it now"
+
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try the new application wizard"
+msgstr "Try the new application wizard"
+
 #: src/interfaces/locale.ts
 msgid "Turkish"
 msgstr "Turkish"
@@ -5897,6 +6088,10 @@ msgstr "UPN"
 msgid "URL settings"
 msgstr "URL settings"
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "URL that authentik will redirect back to after successful authentication."
+msgstr "URL that authentik will redirect back to after successful authentication."
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "URL that the initial Login request is sent to."
 msgstr "URL that the initial Login request is sent to."
@@ -5917,6 +6112,10 @@ msgstr "URL used by authentik to retrieve tokens."
 msgid "URL used to request the initial token. This URL is only required for OAuth 1."
 msgstr "URL used to request the initial token. This URL is only required for OAuth 1."
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "URL which will be opened when a user clicks on the application."
+msgstr "URL which will be opened when a user clicks on the application."
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Unauthenticated Paths"
 msgstr "Unauthenticated Paths"
@@ -6261,6 +6460,10 @@ msgstr "User events"
 msgid "User fields"
 msgstr "User fields"
 
+#: src/pages/users/UserListPage.ts
+msgid "User folders"
+msgstr "User folders"
+
 #: src/interfaces/AdminInterface.ts
 msgid "User interface"
 msgstr "User interface"
@@ -6286,6 +6489,17 @@ msgstr "User object filter"
 msgid "User password writeback"
 msgstr "User password writeback"
 
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "User path"
+msgstr "User path"
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "User path template"
+msgstr "User path template"
+
 #: src/pages/tenants/TenantForm.ts
 msgid "User settings flow"
 msgstr "User settings flow"
@@ -6522,6 +6736,10 @@ msgstr "Warning: authentik Domain is not configured, authentication will not wor
 msgid "Web Certificate"
 msgstr "Web Certificate"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Web application"
+msgstr "Web application"
+
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 msgid "WebAuthn Authenticators"
 msgstr "WebAuthn Authenticators"
@@ -6645,6 +6863,10 @@ msgstr ""
 msgid "X509 Subject"
 msgstr "X509 Subject"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "XML-based SSO standard. Use this if your application only supports SAML."
+msgstr "XML-based SSO standard. Use this if your application only supports SAML."
+
 #: src/elements/oauth/UserRefreshList.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/groups/GroupListPage.ts
diff --git a/web/src/locales/es.po b/web/src/locales/es.po
index dd697c6ad..3bd282de5 100644
--- a/web/src/locales/es.po
+++ b/web/src/locales/es.po
@@ -90,6 +90,7 @@ msgstr "Un autenticador no extraíble, como TouchID o Windows Hello"
 msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
 msgstr "Una política utilizada para las pruebas. Siempre devuelve el mismo resultado que se especifica a continuación después de esperar una duración aleatoria."
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderViewPage.ts
 msgid "ACS URL"
@@ -113,6 +114,10 @@ msgstr "CUALQUIERA, cualquier política debe coincidir para otorgar acceso."
 msgid "ANY, any policy must match to include this stage access."
 msgstr "CUALQUIERA, cualquier política debe coincidir para incluir el acceso a esta etapa."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "API"
+msgstr ""
+
 #: src/pages/tokens/TokenListPage.ts
 msgid "API Access"
 msgstr "Acceso a la API"
@@ -257,6 +262,10 @@ msgstr "DN de usuario adicional"
 msgid "Additional Scope"
 msgstr "Ámbito adicional"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Additional UI settings"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Additional group DN, prepended to the Base DN."
 msgstr "DN de grupo adicional, antepuesto al DN base."
@@ -377,6 +386,7 @@ msgid "App password (can be used to login using a flow executor)"
 msgstr "Contraseña de la aplicación (se puede usar para iniciar sesión con un ejecutor de flujo)"
 
 #: src/elements/user/UserConsentList.ts
+#: src/flows/stages/consent/ConsentStage.ts
 #: src/pages/admin-overview/TopApplicationsTable.ts
 #: src/pages/providers/ProviderListPage.ts
 msgid "Application"
@@ -387,6 +397,14 @@ msgstr "Aplicación"
 msgid "Application Icon"
 msgstr "Icono de aplicación"
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Application Link"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application already has access to the following permissions:"
+msgstr ""
+
 #: src/elements/charts/UserChart.ts
 msgid "Application authorizations"
 msgstr "Autorizaciones de solicitudes"
@@ -395,11 +413,25 @@ msgstr "Autorizaciones de solicitudes"
 msgid "Application authorized"
 msgstr "Solicitud autorizada"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Application details"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application requires following new permissions:"
+msgstr ""
+
 #: src/flows/stages/consent/ConsentStage.ts
 msgid "Application requires following permissions:"
 msgstr "La aplicación requiere los siguientes permisos:"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Application type"
+msgstr ""
+
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Application's display Name."
 msgstr "Nombre para mostrar de la aplicación."
 
@@ -414,6 +446,18 @@ msgstr "Solicitud (s)"
 msgid "Applications"
 msgstr "Aplicaciones"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which handle the authentication server-side (for example, Python, Go, Rust, Java, PHP)"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which redirect users to a non-web callback (for example, Android, iOS)"
+msgstr ""
+
+#: src/elements/wizard/ActionWizardPage.ts
+msgid "Apply changes"
+msgstr ""
+
 #: src/pages/admin-overview/AdminOverviewPage.ts
 msgid "Apps with most usage"
 msgstr "Aplicaciones con mayor uso"
@@ -531,6 +575,14 @@ msgstr "URL de autenticación"
 msgid "Authentication flow"
 msgstr "Flujo de autenticación"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Authentication method"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Authentication without user interaction, or machine-to-machine authentication."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "Authenticator"
 msgstr "Autenticador"
@@ -555,6 +607,7 @@ msgstr "Autorización"
 msgid "Authorization URL"
 msgstr "URL de autorización"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
@@ -616,6 +669,7 @@ msgstr "Se muestra el fondo durante la ejecución."
 #~ msgid "Backup status"
 #~ msgstr "Estado de respaldo"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 #: src/pages/providers/ldap/LDAPProviderViewPage.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
@@ -710,6 +764,10 @@ msgstr "Compilar hash:"
 msgid "Built-in"
 msgstr "Incorporado"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "By default, all service accounts can authenticate as this application, as long as they have a valid token of the type app-password."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "By default, only icons are shown for sources. Enable this to show their full names."
 msgstr "De forma predeterminada, solo se muestran los iconos de las fuentes. Actívela para mostrar sus nombres completos."
@@ -1203,6 +1261,7 @@ msgstr "Enlace de recuperación de copia"
 
 #: src/pages/applications/ApplicationListPage.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/ApplicationWizard.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/events/RuleListPage.ts
@@ -1341,6 +1400,10 @@ msgstr "Crear usuario"
 msgid "Create a new application"
 msgstr "Crea una nueva aplicación"
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "Create a new application."
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "Create a new outpost integration."
 msgstr ""
@@ -1365,14 +1428,27 @@ msgstr ""
 msgid "Create a new stage."
 msgstr ""
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Create application"
+msgstr ""
+
 #: src/pages/users/ServiceAccountForm.ts
 msgid "Create group"
 msgstr "Crear grupo"
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 msgid "Create provider"
 msgstr "Crear proveedor"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "Create service account"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Create users as inactive"
 msgstr "Crear usuarios como inactivos"
@@ -1548,6 +1624,7 @@ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in S
 msgstr ""
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/property-mappings/PropertyMappingScopeForm.ts
 #: src/pages/system-tasks/SystemTaskListPage.ts
 #: src/pages/tokens/TokenForm.ts
@@ -2047,6 +2124,14 @@ msgstr "Aplicaciones externas que usan authentik como proveedor de identidad, ut
 msgid "External Host"
 msgstr "Anfitrión externo"
 
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain"
+msgstr ""
+
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain you will be accessing the domain from."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "External host"
@@ -2219,6 +2304,10 @@ msgstr "Flujo utilizado para cerrar sesión. Si se deja vacío, se usa el primer
 msgid "Flow used when authorizing this provider."
 msgstr "Flujo utilizado al autorizar a este proveedor."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgid "Flow used when users access this application."
+msgstr ""
+
 #: src/pages/flows/FlowListPage.ts
 msgid "Flow(s)"
 msgstr "Flujo (s)"
@@ -2453,7 +2542,6 @@ msgid "Hide managed mappings"
 msgstr "Ocultar asignaciones administradas"
 
 #: src/pages/users/RelatedUserList.ts
-#: src/pages/users/UserListPage.ts
 msgid "Hide service-accounts"
 msgstr "Ocultar cuentas de servicio"
 
@@ -2615,10 +2703,22 @@ msgstr "Importación"
 msgid "Import Flow"
 msgstr "Flujo de importación"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import SAML Metadata"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
+msgid "Import SAML metadata"
+msgstr ""
+
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 msgid "Import certificates of external providers or create certificates to sign requests with."
 msgstr "Importe certificados de proveedores externos o cree certificados para firmar solicitudes con ellos."
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import the metadata document of the applicaation you want to configure."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "In case you can't access any other method."
 msgstr "En caso de que no puedas acceder a ningún otro método."
@@ -2763,6 +2863,7 @@ msgstr "Keypair que se usa para firmar solicitudes salientes. Déjelo vacío par
 msgid "Kubeconfig"
 msgstr "Configuración de Kube"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 msgid "LDAP"
@@ -2784,9 +2885,9 @@ msgstr "DN de LDAP con el que se pueden realizar solicitudes de enlace y solicit
 msgid "LDAP Sync status"
 msgstr "Estado de sincronización de LDAP"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "LDAP details"
-#~ msgstr ""
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "LDAP details"
+msgstr ""
 
 #: src/pages/stages/prompt/PromptForm.ts
 #: src/pages/stages/prompt/PromptListPage.ts
@@ -2839,6 +2940,10 @@ msgstr "URL de lanzamiento"
 msgid "Layout"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Legacy applications which don't natively support SSO."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "Let the user identify themselves with their username or Email address."
 msgstr "Permite que el usuario se identifique con su nombre de usuario o dirección de correo electrónico."
@@ -2846,6 +2951,11 @@ msgstr "Permite que el usuario se identifique con su nombre de usuario o direcci
 #~ msgid "Library"
 #~ msgstr "Biblioteca"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Link"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
 msgid "Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses"
@@ -2904,6 +3014,7 @@ msgstr "Cargando"
 #: src/elements/Spinner.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/TransportForm.ts
@@ -2939,7 +3050,6 @@ msgstr "Cargando"
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
-#: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
@@ -2964,7 +3074,6 @@ msgstr "Cargando"
 #: src/pages/stages/password/PasswordStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
-#: src/pages/stages/user_write/UserWriteStageForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
@@ -3069,6 +3178,14 @@ msgstr "Administrado por authentik"
 msgid "Managed by authentik (Discovered)"
 msgstr "Administrado por authentik (descubierto)"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manual configuration"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manually configure SAML"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Mark newly created users as inactive."
 msgstr "Marque los usuarios recién creados como inactivos."
@@ -3114,11 +3231,18 @@ msgstr "Mensaje"
 msgid "Messages"
 msgstr "Mensajes"
 
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderImportForm.ts
 #: src/pages/sources/saml/SAMLSourceViewPage.ts
 msgid "Metadata"
 msgstr "Metadatos"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthImplicitApplicationWizardPage.ts
+msgid "Method details"
+msgstr ""
+
 #: src/pages/policies/password/PasswordPolicyForm.ts
 msgid "Minimum amount of Digits"
 msgstr "Cantidad mínima de dígitos"
@@ -3162,6 +3286,10 @@ msgstr "Modelo eliminado"
 msgid "Model updated"
 msgstr "Modelo actualizado"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Modern applications, APIs and Single-page applications."
+msgstr ""
+
 #~ msgid "Monitor"
 #~ msgstr "Monitor"
 
@@ -3176,6 +3304,7 @@ msgstr "Mis solicitudes"
 #: src/elements/forms/DeleteBulkForm.ts
 #: src/pages/applications/ApplicationForm.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/crypto/CertificateKeyPairForm.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
@@ -3273,6 +3402,10 @@ msgstr "Política de NameID"
 msgid "NameID Property Mapping"
 msgstr "Asignación de propiedades NameID"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Native application"
+msgstr ""
+
 #: src/flows/stages/identification/IdentificationStage.ts
 msgid "Need an account?"
 msgstr "¿Necesitas una cuenta?"
@@ -3285,6 +3418,10 @@ msgstr "Negar el resultado"
 msgid "Negates the outcome of the binding. Messages are unaffected."
 msgstr "Niega el resultado de la unión. Los mensajes no se ven afectados."
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "New application"
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "New outpost integration"
 msgstr ""
@@ -3540,6 +3677,10 @@ msgstr "Códigos de actualización de OAuth"
 #~ msgid "OAuth/OIDC"
 #~ msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "OAuth2/OIDC"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 msgid "OIDC JWKS"
 msgstr ""
@@ -3813,6 +3954,21 @@ msgstr "Contraseña: entrada enmascarada, la contraseña se valida contra las fu
 msgid "Passwordless flow"
 msgstr "Flujo sin contraseña"
 
+#: src/pages/users/UserForm.ts
+msgid "Path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "Path new users will be created under. If left blank, the default path will be used.fo"
+msgstr ""
+
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "Path template for users created. Use placeholders like `%(slug)s` to insert the source slug."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "Persistent"
 msgstr "persistente"
@@ -4021,6 +4177,11 @@ msgstr "Configuración de protocolo"
 msgid "Protocol settings"
 msgstr "Configuración del protocolo"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Provide an LDAP interface for applications and users to authenticate against."
+msgstr ""
+
 #: src/pages/providers/ProviderListPage.ts
 msgid "Provide support for protocols like SAML and OAuth to assigned applications."
 msgstr "Proporcionar soporte para protocolos como SAML y OAuth a las aplicaciones asignadas."
@@ -4051,6 +4212,7 @@ msgstr "Proveedor (s)"
 msgid "Providers"
 msgstr "Proveedores"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
@@ -4058,9 +4220,9 @@ msgstr "Proveedores"
 msgid "Proxy"
 msgstr "Proxy"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "Proxy details"
-#~ msgstr ""
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "Proxy details"
+msgstr ""
 
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Public"
@@ -4075,6 +4237,7 @@ msgid "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html.
 msgstr "Clave pública, adquirida en https://www.google.com/recaptcha/intro/v3.html."
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Publisher"
 msgstr "Editorial"
 
@@ -4327,13 +4490,17 @@ msgstr "Regresar al selector de dispositivos"
 msgid "Revoked?"
 msgstr "¿Revocado?"
 
+#: src/elements/TreeView.ts
+msgid "Root"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceViewPage.ts
 msgid "Run sync again"
 msgstr "Vuelve a ejecutar la sincronización"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML"
-#~ msgstr ""
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "SAML"
+msgstr ""
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML (metadata import)"
@@ -4347,9 +4514,9 @@ msgstr "Nombre de atributo SAML"
 msgid "SAML Metadata"
 msgstr "Metadatos SAML"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML details"
-#~ msgstr ""
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "SAML details"
+msgstr ""
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML details (import from metadata)"
@@ -4750,6 +4917,14 @@ msgstr "Indicaciones únicas que se pueden utilizar para las etapas de selecció
 msgid "Single use"
 msgstr "De un solo uso"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications which handle authentication in the browser (for example, Javascript, Angular, React, Vue)"
+msgstr ""
+
 #~ msgid "Skip path regex"
 #~ msgstr "Omitir expresión regular de ruta"
 
@@ -5473,6 +5648,10 @@ msgstr ""
 msgid "The following objects use {objName}"
 msgstr "Los siguientes objetos usan {objName}"
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
+msgstr ""
+
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@@ -5534,6 +5713,10 @@ msgstr ""
 msgid "These policies control which users can access this application."
 msgstr "Estas políticas controlan qué usuarios pueden acceder a esta aplicación."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "This configuration can be used to authenticate to authentik with other APIs other otherwise programmatically."
+msgstr ""
+
 #: src/flows/FlowInspector.ts
 msgid "This flow is completed."
 msgstr "Este flujo se ha completado."
@@ -5718,6 +5901,14 @@ msgstr "Transportes"
 msgid "Trusted OIDC Sources"
 msgstr ""
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try it now"
+msgstr ""
+
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try the new application wizard"
+msgstr ""
+
 #: src/interfaces/locale.ts
 msgid "Turkish"
 msgstr "turco"
@@ -5771,6 +5962,10 @@ msgstr "UPN"
 msgid "URL settings"
 msgstr "Configuración de URL"
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "URL that authentik will redirect back to after successful authentication."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "URL that the initial Login request is sent to."
 msgstr "URL a la que se envía la solicitud de inicio de sesión inicial."
@@ -5791,6 +5986,10 @@ msgstr "URL utilizada por authentik para recuperar tokens."
 msgid "URL used to request the initial token. This URL is only required for OAuth 1."
 msgstr "URL utilizada para solicitar el token inicial. Esta URL solo es necesaria para OAuth 1."
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "URL which will be opened when a user clicks on the application."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Unauthenticated Paths"
 msgstr "Rutas no autenticadas"
@@ -6130,6 +6329,10 @@ msgstr "Eventos del usuario"
 msgid "User fields"
 msgstr "Campos de usuario"
 
+#: src/pages/users/UserListPage.ts
+msgid "User folders"
+msgstr ""
+
 #: src/interfaces/AdminInterface.ts
 msgid "User interface"
 msgstr "Interfaz de usuario"
@@ -6154,6 +6357,17 @@ msgstr "Filtro de objetos de usuario"
 msgid "User password writeback"
 msgstr "Reescritura de contraseña de usuario"
 
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "User path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "User path template"
+msgstr ""
+
 #: src/pages/tenants/TenantForm.ts
 msgid "User settings flow"
 msgstr ""
@@ -6389,6 +6603,10 @@ msgstr "Advertencia: el dominio authentik no está configurado, la autenticació
 msgid "Web Certificate"
 msgstr "Certificado web"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Web application"
+msgstr ""
+
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 msgid "WebAuthn Authenticators"
 msgstr "Autenticadores WebAuthn"
@@ -6509,6 +6727,10 @@ msgstr ""
 msgid "X509 Subject"
 msgstr "Asunto X509"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "XML-based SSO standard. Use this if your application only supports SAML."
+msgstr ""
+
 #: src/elements/oauth/UserRefreshList.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/groups/GroupListPage.ts
diff --git a/web/src/locales/fr_FR.po b/web/src/locales/fr_FR.po
index f94d956ca..d976182cb 100644
--- a/web/src/locales/fr_FR.po
+++ b/web/src/locales/fr_FR.po
@@ -93,6 +93,7 @@ msgstr ""
 msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
 msgstr "Une politique utilisée pour les tests. Retourne toujours la même valeur telle qu'indiquée ci-dessous après une attente aléatoire."
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderViewPage.ts
 msgid "ACS URL"
@@ -116,6 +117,10 @@ msgstr "ANY, n'importe laquelle des politiques doit être vérifiée pour accord
 msgid "ANY, any policy must match to include this stage access."
 msgstr "ANY, n'importe laquelle des politiques doit être vérifiée pour inclure l'accès à cette étape."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "API"
+msgstr ""
+
 #: src/pages/tokens/TokenListPage.ts
 msgid "API Access"
 msgstr "Accès à l'API"
@@ -260,6 +265,10 @@ msgstr "Préfixe DN utilisateurs"
 msgid "Additional Scope"
 msgstr ""
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Additional UI settings"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Additional group DN, prepended to the Base DN."
 msgstr "DN à préfixer au DN de base pour les groupes"
@@ -381,6 +390,7 @@ msgid "App password (can be used to login using a flow executor)"
 msgstr "Mot de passe de l'App (peut être utilisé pour ouvrir une session en utilisant un flux d'exécution)"
 
 #: src/elements/user/UserConsentList.ts
+#: src/flows/stages/consent/ConsentStage.ts
 #: src/pages/admin-overview/TopApplicationsTable.ts
 #: src/pages/providers/ProviderListPage.ts
 msgid "Application"
@@ -391,6 +401,14 @@ msgstr "Application"
 msgid "Application Icon"
 msgstr "Icône d'application"
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Application Link"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application already has access to the following permissions:"
+msgstr ""
+
 #: src/elements/charts/UserChart.ts
 msgid "Application authorizations"
 msgstr "Autorisations de l'application"
@@ -399,11 +417,25 @@ msgstr "Autorisations de l'application"
 msgid "Application authorized"
 msgstr "Application autorisé"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Application details"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application requires following new permissions:"
+msgstr ""
+
 #: src/flows/stages/consent/ConsentStage.ts
 msgid "Application requires following permissions:"
 msgstr "Cette application requiert les permissions suivantes :"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Application type"
+msgstr ""
+
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Application's display Name."
 msgstr "Nom d'affichage de l'application"
 
@@ -418,6 +450,18 @@ msgstr "Application(s)"
 msgid "Applications"
 msgstr "Applications"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which handle the authentication server-side (for example, Python, Go, Rust, Java, PHP)"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which redirect users to a non-web callback (for example, Android, iOS)"
+msgstr ""
+
+#: src/elements/wizard/ActionWizardPage.ts
+msgid "Apply changes"
+msgstr ""
+
 #: src/pages/admin-overview/AdminOverviewPage.ts
 msgid "Apps with most usage"
 msgstr "Apps les plus utilisées"
@@ -537,6 +581,14 @@ msgstr ""
 msgid "Authentication flow"
 msgstr "Flux d'authentification"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Authentication method"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Authentication without user interaction, or machine-to-machine authentication."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "Authenticator"
 msgstr "Authentificateur"
@@ -561,6 +613,7 @@ msgstr "Authorisation"
 msgid "Authorization URL"
 msgstr "URL d'autorisation"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
@@ -622,6 +675,7 @@ msgstr "Arrière-plan utilisé durant l'exécution."
 #~ msgid "Backup status"
 #~ msgstr "État de la sauvegarde"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 #: src/pages/providers/ldap/LDAPProviderViewPage.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
@@ -716,6 +770,10 @@ msgstr "Hash de build :"
 msgid "Built-in"
 msgstr "Intégré"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "By default, all service accounts can authenticate as this application, as long as they have a valid token of the type app-password."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "By default, only icons are shown for sources. Enable this to show their full names."
 msgstr ""
@@ -1215,6 +1273,7 @@ msgstr "Copier le lien de récupération"
 
 #: src/pages/applications/ApplicationListPage.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/ApplicationWizard.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/events/RuleListPage.ts
@@ -1353,6 +1412,10 @@ msgstr "Créer un utilisateu"
 msgid "Create a new application"
 msgstr ""
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "Create a new application."
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "Create a new outpost integration."
 msgstr ""
@@ -1377,14 +1440,27 @@ msgstr ""
 msgid "Create a new stage."
 msgstr ""
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Create application"
+msgstr ""
+
 #: src/pages/users/ServiceAccountForm.ts
 msgid "Create group"
 msgstr "Créer un groupe"
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 msgid "Create provider"
 msgstr "Créer un fournisseur"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "Create service account"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Create users as inactive"
 msgstr "Créer des utilisateurs inactifs"
@@ -1560,6 +1636,7 @@ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in S
 msgstr ""
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/property-mappings/PropertyMappingScopeForm.ts
 #: src/pages/system-tasks/SystemTaskListPage.ts
 #: src/pages/tokens/TokenForm.ts
@@ -2072,6 +2149,14 @@ msgstr "Applications externes qui utilisent authentik comme fournisseur d'identi
 msgid "External Host"
 msgstr "Hôte externe"
 
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain"
+msgstr ""
+
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain you will be accessing the domain from."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "External host"
@@ -2244,6 +2329,10 @@ msgstr "Flux utilisé pour la déconnexion. S'il est laissé vide, le premier fl
 msgid "Flow used when authorizing this provider."
 msgstr "Flux utilisé lors de l'autorisation de ce fournisseur."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgid "Flow used when users access this application."
+msgstr ""
+
 #: src/pages/flows/FlowListPage.ts
 msgid "Flow(s)"
 msgstr "Flux"
@@ -2479,7 +2568,6 @@ msgid "Hide managed mappings"
 msgstr "Cacher les mapping gérés"
 
 #: src/pages/users/RelatedUserList.ts
-#: src/pages/users/UserListPage.ts
 msgid "Hide service-accounts"
 msgstr "Cacher les comptes de service"
 
@@ -2645,10 +2733,22 @@ msgstr "Importer"
 msgid "Import Flow"
 msgstr "Importer un flux"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import SAML Metadata"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
+msgid "Import SAML metadata"
+msgstr ""
+
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 msgid "Import certificates of external providers or create certificates to sign requests with."
 msgstr "Importer les certificats des fournisseurs externes ou créer des certificats pour signer les demandes."
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import the metadata document of the applicaation you want to configure."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "In case you can't access any other method."
 msgstr "Au cas où aucune autre méthode ne soit disponible."
@@ -2794,6 +2894,7 @@ msgstr "Paire de clés utilisée pour signer le requêtes sortantes. Laisser vid
 msgid "Kubeconfig"
 msgstr "Kubeconfig"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 msgid "LDAP"
@@ -2815,9 +2916,9 @@ msgstr "DN LDAP avec lequel les connexions et recherches sont effectuées."
 msgid "LDAP Sync status"
 msgstr "Statut de synchro LDAP"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "LDAP details"
-#~ msgstr ""
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "LDAP details"
+msgstr ""
 
 #: src/pages/stages/prompt/PromptForm.ts
 #: src/pages/stages/prompt/PromptListPage.ts
@@ -2870,6 +2971,10 @@ msgstr "URL de lancement"
 msgid "Layout"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Legacy applications which don't natively support SSO."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "Let the user identify themselves with their username or Email address."
 msgstr "Laisser l'utilisateur s'identifier lui-même avec son nom d'utilisateur ou son adresse e-mail."
@@ -2877,6 +2982,11 @@ msgstr "Laisser l'utilisateur s'identifier lui-même avec son nom d'utilisateur
 #~ msgid "Library"
 #~ msgstr "Bibliothèque"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Link"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
 msgid "Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses"
@@ -2935,6 +3045,7 @@ msgstr "Chargement en cours"
 #: src/elements/Spinner.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/TransportForm.ts
@@ -2970,7 +3081,6 @@ msgstr "Chargement en cours"
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
-#: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
@@ -2995,7 +3105,6 @@ msgstr "Chargement en cours"
 #: src/pages/stages/password/PasswordStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
-#: src/pages/stages/user_write/UserWriteStageForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
@@ -3100,6 +3209,14 @@ msgstr ""
 msgid "Managed by authentik (Discovered)"
 msgstr ""
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manual configuration"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manually configure SAML"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Mark newly created users as inactive."
 msgstr "Marquer les utilisateurs nouvellements créés comme inactifs."
@@ -3145,11 +3262,18 @@ msgstr "Message"
 msgid "Messages"
 msgstr "Messages"
 
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderImportForm.ts
 #: src/pages/sources/saml/SAMLSourceViewPage.ts
 msgid "Metadata"
 msgstr "Métadonnées"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthImplicitApplicationWizardPage.ts
+msgid "Method details"
+msgstr ""
+
 #: src/pages/policies/password/PasswordPolicyForm.ts
 msgid "Minimum amount of Digits"
 msgstr ""
@@ -3193,6 +3317,10 @@ msgstr "Modèle supprimé"
 msgid "Model updated"
 msgstr "Modèle mis à jour"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Modern applications, APIs and Single-page applications."
+msgstr ""
+
 #~ msgid "Monitor"
 #~ msgstr "Surveiller"
 
@@ -3207,6 +3335,7 @@ msgstr "Mes applications"
 #: src/elements/forms/DeleteBulkForm.ts
 #: src/pages/applications/ApplicationForm.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/crypto/CertificateKeyPairForm.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
@@ -3304,6 +3433,10 @@ msgstr "Politique NameID"
 msgid "NameID Property Mapping"
 msgstr "Mappage de la propriété NameID"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Native application"
+msgstr ""
+
 #: src/flows/stages/identification/IdentificationStage.ts
 msgid "Need an account?"
 msgstr "Besoin d'un compte ?"
@@ -3316,6 +3449,10 @@ msgstr "Inverser le résultat"
 msgid "Negates the outcome of the binding. Messages are unaffected."
 msgstr "Inverse le résultat de la liaison. Les messages ne sont pas affectés."
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "New application"
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "New outpost integration"
 msgstr ""
@@ -3574,6 +3711,10 @@ msgstr "Code de rafraîchissement OAuth"
 #~ msgid "OAuth/OIDC"
 #~ msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "OAuth2/OIDC"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 msgid "OIDC JWKS"
 msgstr ""
@@ -3849,6 +3990,21 @@ msgstr "Mot de passe : Entrée masquée, le mot de passe est vérifié par les s
 msgid "Passwordless flow"
 msgstr ""
 
+#: src/pages/users/UserForm.ts
+msgid "Path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "Path new users will be created under. If left blank, the default path will be used.fo"
+msgstr ""
+
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "Path template for users created. Use placeholders like `%(slug)s` to insert the source slug."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "Persistent"
 msgstr "Persistant"
@@ -4057,6 +4213,11 @@ msgstr "Paramètres du protocole"
 msgid "Protocol settings"
 msgstr "Paramètres du protocole"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Provide an LDAP interface for applications and users to authenticate against."
+msgstr ""
+
 #: src/pages/providers/ProviderListPage.ts
 msgid "Provide support for protocols like SAML and OAuth to assigned applications."
 msgstr "Assure la prise en charge de protocoles tels que SAML et OAuth aux applications attribuées."
@@ -4087,6 +4248,7 @@ msgstr "Fournisseur(s)"
 msgid "Providers"
 msgstr "Fournisseurs"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
@@ -4094,9 +4256,9 @@ msgstr "Fournisseurs"
 msgid "Proxy"
 msgstr "Proxy"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "Proxy details"
-#~ msgstr ""
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "Proxy details"
+msgstr ""
 
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Public"
@@ -4111,6 +4273,7 @@ msgid "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html.
 msgstr "Clé publique, obtenue depuis https://www.google.com/recaptcha/intro/v3.html."
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Publisher"
 msgstr "Éditeur"
 
@@ -4375,13 +4538,17 @@ msgstr "Retourner à la sélection d'appareil"
 msgid "Revoked?"
 msgstr "Révoqué ?"
 
+#: src/elements/TreeView.ts
+msgid "Root"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceViewPage.ts
 msgid "Run sync again"
 msgstr "Relancer la synchro"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML"
-#~ msgstr ""
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "SAML"
+msgstr ""
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML (metadata import)"
@@ -4395,9 +4562,9 @@ msgstr "Nom d'attribut SAML"
 msgid "SAML Metadata"
 msgstr ""
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML details"
-#~ msgstr ""
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "SAML details"
+msgstr ""
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML details (import from metadata)"
@@ -4799,6 +4966,14 @@ msgstr "Invites simples qui peuvent être utilisés pour les étapes d'invite."
 msgid "Single use"
 msgstr "Usage unique"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications which handle authentication in the browser (for example, Javascript, Angular, React, Vue)"
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #~ msgid "Skip path regex"
 #~ msgstr "Regex chemins exclus"
@@ -5538,6 +5713,10 @@ msgstr ""
 msgid "The following objects use {objName}"
 msgstr "Les objets suivants utilisent {objName}"
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
+msgstr ""
+
 #: src/pages/policies/reputation/ReputationPolicyForm.ts
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
@@ -5590,6 +5769,10 @@ msgstr "Ces liaisons contrôlent les utilisateurs qui peuvent accéder à cette
 msgid "These policies control which users can access this application."
 msgstr "Ces politiques contrôlent les autorisations d'accès des utilisateurs à cette application."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "This configuration can be used to authenticate to authentik with other APIs other otherwise programmatically."
+msgstr ""
+
 #: src/flows/FlowInspector.ts
 msgid "This flow is completed."
 msgstr "Ce flux est terminé."
@@ -5776,6 +5959,14 @@ msgstr "Transports"
 msgid "Trusted OIDC Sources"
 msgstr ""
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try it now"
+msgstr ""
+
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try the new application wizard"
+msgstr ""
+
 #: src/interfaces/locale.ts
 msgid "Turkish"
 msgstr ""
@@ -5829,6 +6020,10 @@ msgstr "UPN"
 msgid "URL settings"
 msgstr "Paramètres d'URL"
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "URL that authentik will redirect back to after successful authentication."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "URL that the initial Login request is sent to."
 msgstr "URL de destination de la requête initiale de login."
@@ -5849,6 +6044,10 @@ msgstr "URL utilisée par authentik pour récupérer les jetons."
 msgid "URL used to request the initial token. This URL is only required for OAuth 1."
 msgstr "URL utilisée pour demander le jeton initial. Cette URL est uniquement requise pour OAuth 1."
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "URL which will be opened when a user clicks on the application."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Unauthenticated Paths"
 msgstr ""
@@ -6190,6 +6389,10 @@ msgstr "Événements de l'utilisateur"
 msgid "User fields"
 msgstr "Champs de l'utilisateur"
 
+#: src/pages/users/UserListPage.ts
+msgid "User folders"
+msgstr ""
+
 #: src/interfaces/AdminInterface.ts
 msgid "User interface"
 msgstr "Interface utilisateur"
@@ -6215,6 +6418,17 @@ msgstr "Filtre des objets utilisateur"
 msgid "User password writeback"
 msgstr "Réécriture du mot de passe utilisateur"
 
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "User path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "User path template"
+msgstr ""
+
 #: src/pages/tenants/TenantForm.ts
 msgid "User settings flow"
 msgstr ""
@@ -6451,6 +6665,10 @@ msgstr "Avertissement : le domaine d'authentik n'est pas configuré, l'authentif
 msgid "Web Certificate"
 msgstr ""
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Web application"
+msgstr ""
+
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 msgid "WebAuthn Authenticators"
 msgstr "Authentificateurs WebAuthn"
@@ -6570,6 +6788,10 @@ msgstr "Écrit toute donnée provenant du contexte du flux 'prompt_data' à l'ut
 msgid "X509 Subject"
 msgstr "Sujet X509"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "XML-based SSO standard. Use this if your application only supports SAML."
+msgstr ""
+
 #: src/elements/oauth/UserRefreshList.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/groups/GroupListPage.ts
diff --git a/web/src/locales/pl.po b/web/src/locales/pl.po
index 562e05800..ea9fd506a 100644
--- a/web/src/locales/pl.po
+++ b/web/src/locales/pl.po
@@ -90,6 +90,7 @@ msgstr "Nieusuwalny token uwierzytelniający, taki jak TouchID lub Windows Hello
 msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
 msgstr "Zasada używana do testowania. Zawsze zwraca ten sam wynik, jak określono poniżej, po odczekaniu losowego czasu trwania."
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderViewPage.ts
 msgid "ACS URL"
@@ -113,6 +114,10 @@ msgstr "ANY, dowolna zasada musi być zgodna, aby przyznać dostęp."
 msgid "ANY, any policy must match to include this stage access."
 msgstr "ANY, każda zasada musi być zgodna, aby uwzględnić dostęp do tego etapu."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "API"
+msgstr ""
+
 #: src/pages/tokens/TokenListPage.ts
 msgid "API Access"
 msgstr "Dostęp API"
@@ -257,6 +262,10 @@ msgstr "Dodatkowa nazwa wyróżniająca użytkownika"
 msgid "Additional Scope"
 msgstr "Dodatkowy zakres"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Additional UI settings"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Additional group DN, prepended to the Base DN."
 msgstr "Dodatkowa DN grupy, poprzedzona podstawową DN."
@@ -377,6 +386,7 @@ msgid "App password (can be used to login using a flow executor)"
 msgstr "Hasło aplikacji (może być użyte do zalogowania się za pomocą executora przepływu)"
 
 #: src/elements/user/UserConsentList.ts
+#: src/flows/stages/consent/ConsentStage.ts
 #: src/pages/admin-overview/TopApplicationsTable.ts
 #: src/pages/providers/ProviderListPage.ts
 msgid "Application"
@@ -387,6 +397,14 @@ msgstr "Aplikacja"
 msgid "Application Icon"
 msgstr "Ikona aplikacji"
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Application Link"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application already has access to the following permissions:"
+msgstr ""
+
 #: src/elements/charts/UserChart.ts
 msgid "Application authorizations"
 msgstr "Autoryzacje aplikacji"
@@ -395,11 +413,25 @@ msgstr "Autoryzacje aplikacji"
 msgid "Application authorized"
 msgstr "Aplikacja autoryzowana"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Application details"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application requires following new permissions:"
+msgstr ""
+
 #: src/flows/stages/consent/ConsentStage.ts
 msgid "Application requires following permissions:"
 msgstr "Aplikacja wymaga następujących uprawnień:"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Application type"
+msgstr ""
+
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Application's display Name."
 msgstr "Wyświetlana nazwa aplikacji."
 
@@ -414,6 +446,18 @@ msgstr "Aplikacja(e)"
 msgid "Applications"
 msgstr "Aplikacje"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which handle the authentication server-side (for example, Python, Go, Rust, Java, PHP)"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which redirect users to a non-web callback (for example, Android, iOS)"
+msgstr ""
+
+#: src/elements/wizard/ActionWizardPage.ts
+msgid "Apply changes"
+msgstr ""
+
 #: src/pages/admin-overview/AdminOverviewPage.ts
 msgid "Apps with most usage"
 msgstr "Najczęściej używane aplikacje"
@@ -531,6 +575,14 @@ msgstr "URL uwierzytelniania"
 msgid "Authentication flow"
 msgstr "Przepływ uwierzytelniania"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Authentication method"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Authentication without user interaction, or machine-to-machine authentication."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "Authenticator"
 msgstr "Uwierzytelniacz"
@@ -555,6 +607,7 @@ msgstr "Autoryzacja"
 msgid "Authorization URL"
 msgstr "URL autoryzacji"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
@@ -613,6 +666,7 @@ msgstr "Tło pokazywane podczas wykonywania."
 #~ msgid "Backup status"
 #~ msgstr "Stan kopii zapasowej"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 #: src/pages/providers/ldap/LDAPProviderViewPage.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
@@ -707,6 +761,10 @@ msgstr "Hash kompilacji:"
 msgid "Built-in"
 msgstr "Wbudowany"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "By default, all service accounts can authenticate as this application, as long as they have a valid token of the type app-password."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "By default, only icons are shown for sources. Enable this to show their full names."
 msgstr "Domyślnie dla źródeł wyświetlane są tylko ikony. Włącz tę opcję, aby wyświetlić ich pełne nazwy."
@@ -1200,6 +1258,7 @@ msgstr "Skopiuj link odzyskiwania"
 
 #: src/pages/applications/ApplicationListPage.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/ApplicationWizard.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/events/RuleListPage.ts
@@ -1338,6 +1397,10 @@ msgstr "Utwórz użytkownika"
 msgid "Create a new application"
 msgstr "Utwórz nową aplikację"
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "Create a new application."
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "Create a new outpost integration."
 msgstr ""
@@ -1362,14 +1425,27 @@ msgstr ""
 msgid "Create a new stage."
 msgstr ""
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Create application"
+msgstr ""
+
 #: src/pages/users/ServiceAccountForm.ts
 msgid "Create group"
 msgstr "Utwórz grupę"
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 msgid "Create provider"
 msgstr "Utwórz dostawcę"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "Create service account"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Create users as inactive"
 msgstr "Utwórz użytkowników jako nieaktywnych"
@@ -1545,6 +1621,7 @@ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in S
 msgstr ""
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/property-mappings/PropertyMappingScopeForm.ts
 #: src/pages/system-tasks/SystemTaskListPage.ts
 #: src/pages/tokens/TokenForm.ts
@@ -2044,6 +2121,14 @@ msgstr "Aplikacje zewnętrzne, które używają authentik jako dostawcy tożsamo
 msgid "External Host"
 msgstr "Zewnętrzny host"
 
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain"
+msgstr ""
+
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain you will be accessing the domain from."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "External host"
@@ -2216,6 +2301,10 @@ msgstr "Przepływ używany do wylogowania. Jeśli pozostanie pusty, używany jes
 msgid "Flow used when authorizing this provider."
 msgstr "Przepływ używany podczas autoryzacji tego dostawcy."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgid "Flow used when users access this application."
+msgstr ""
+
 #: src/pages/flows/FlowListPage.ts
 msgid "Flow(s)"
 msgstr "Przepływ(y)"
@@ -2450,7 +2539,6 @@ msgid "Hide managed mappings"
 msgstr "Ukryj zarządzane mapowania"
 
 #: src/pages/users/RelatedUserList.ts
-#: src/pages/users/UserListPage.ts
 msgid "Hide service-accounts"
 msgstr "Ukryj konta serwisowe"
 
@@ -2612,10 +2700,22 @@ msgstr "Importuj"
 msgid "Import Flow"
 msgstr "Importuj przepływ"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import SAML Metadata"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
+msgid "Import SAML metadata"
+msgstr ""
+
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 msgid "Import certificates of external providers or create certificates to sign requests with."
 msgstr "Importuj certyfikaty zewnętrznych dostawców lub twórz certyfikaty do podpisywania żądań."
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import the metadata document of the applicaation you want to configure."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "In case you can't access any other method."
 msgstr "Na wypadek, gdybyś nie miał dostępu do żadnej innej metody."
@@ -2760,6 +2860,7 @@ msgstr "Para kluczy służąca do podpisywania żądań wychodzących. Pozostaw
 msgid "Kubeconfig"
 msgstr "Kubeconfig"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 msgid "LDAP"
@@ -2781,9 +2882,9 @@ msgstr "LDAP DN, w ramach którego można tworzyć żądania powiązania i żąd
 msgid "LDAP Sync status"
 msgstr "Stan synchronizacji LDAP"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "LDAP details"
-#~ msgstr ""
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "LDAP details"
+msgstr ""
 
 #: src/pages/stages/prompt/PromptForm.ts
 #: src/pages/stages/prompt/PromptListPage.ts
@@ -2836,6 +2937,10 @@ msgstr "URL uruchamiania"
 msgid "Layout"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Legacy applications which don't natively support SSO."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "Let the user identify themselves with their username or Email address."
 msgstr "Pozwól użytkownikowi identyfikować się za pomocą swojej nazwy użytkownika lub adresu e-mail."
@@ -2843,6 +2948,11 @@ msgstr "Pozwól użytkownikowi identyfikować się za pomocą swojej nazwy użyt
 #~ msgid "Library"
 #~ msgstr "Biblioteka"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Link"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
 msgid "Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses"
@@ -2901,6 +3011,7 @@ msgstr "Ładowanie"
 #: src/elements/Spinner.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/TransportForm.ts
@@ -2936,7 +3047,6 @@ msgstr "Ładowanie"
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
-#: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
@@ -2961,7 +3071,6 @@ msgstr "Ładowanie"
 #: src/pages/stages/password/PasswordStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
-#: src/pages/stages/user_write/UserWriteStageForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
@@ -3066,6 +3175,14 @@ msgstr "Zarządzane przez authentik"
 msgid "Managed by authentik (Discovered)"
 msgstr "Zarządzane przez authentik (odkryte)"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manual configuration"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manually configure SAML"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Mark newly created users as inactive."
 msgstr "Oznacz nowo utworzonych użytkowników jako nieaktywnych."
@@ -3111,11 +3228,18 @@ msgstr "Wiadomość"
 msgid "Messages"
 msgstr "Wiadomości"
 
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderImportForm.ts
 #: src/pages/sources/saml/SAMLSourceViewPage.ts
 msgid "Metadata"
 msgstr "Metadane"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthImplicitApplicationWizardPage.ts
+msgid "Method details"
+msgstr ""
+
 #: src/pages/policies/password/PasswordPolicyForm.ts
 msgid "Minimum amount of Digits"
 msgstr "Minimalna ilość cyfr"
@@ -3159,6 +3283,10 @@ msgstr "Model usunięty"
 msgid "Model updated"
 msgstr "Zaktualizowano model"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Modern applications, APIs and Single-page applications."
+msgstr ""
+
 #~ msgid "Monitor"
 #~ msgstr "Monitor"
 
@@ -3173,6 +3301,7 @@ msgstr "Moje aplikacje"
 #: src/elements/forms/DeleteBulkForm.ts
 #: src/pages/applications/ApplicationForm.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/crypto/CertificateKeyPairForm.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
@@ -3270,6 +3399,10 @@ msgstr "Zasada NameID"
 msgid "NameID Property Mapping"
 msgstr "Mapowanie właściwości NameID"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Native application"
+msgstr ""
+
 #: src/flows/stages/identification/IdentificationStage.ts
 msgid "Need an account?"
 msgstr "Potrzebujesz konta?"
@@ -3282,6 +3415,10 @@ msgstr "Neguj wynik"
 msgid "Negates the outcome of the binding. Messages are unaffected."
 msgstr "Neguje wynik wiązania. Wiadomości pozostają nienaruszone."
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "New application"
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "New outpost integration"
 msgstr ""
@@ -3537,6 +3674,10 @@ msgstr "Kody odświeżania OAuth"
 #~ msgid "OAuth/OIDC"
 #~ msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "OAuth2/OIDC"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 msgid "OIDC JWKS"
 msgstr ""
@@ -3810,6 +3951,21 @@ msgstr "Hasło: wejście zamaskowane, hasło jest sprawdzane w oparciu o źród
 msgid "Passwordless flow"
 msgstr "Przepływ bezhasłowy"
 
+#: src/pages/users/UserForm.ts
+msgid "Path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "Path new users will be created under. If left blank, the default path will be used.fo"
+msgstr ""
+
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "Path template for users created. Use placeholders like `%(slug)s` to insert the source slug."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "Persistent"
 msgstr "Trwały"
@@ -4018,6 +4174,11 @@ msgstr "Ustawienia protokołu"
 msgid "Protocol settings"
 msgstr "Ustawienia protokołu"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Provide an LDAP interface for applications and users to authenticate against."
+msgstr ""
+
 #: src/pages/providers/ProviderListPage.ts
 msgid "Provide support for protocols like SAML and OAuth to assigned applications."
 msgstr "Zapewniają obsługę protokołów takich jak SAML i OAuth przypisanym aplikacjom."
@@ -4048,6 +4209,7 @@ msgstr "Dostawca(y)"
 msgid "Providers"
 msgstr "Dostawcy"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
@@ -4055,9 +4217,9 @@ msgstr "Dostawcy"
 msgid "Proxy"
 msgstr "Proxy"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "Proxy details"
-#~ msgstr ""
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "Proxy details"
+msgstr ""
 
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Public"
@@ -4072,6 +4234,7 @@ msgid "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html.
 msgstr "Klucz publiczny uzyskany z https://www.google.com/recaptcha/intro/v3.html."
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Publisher"
 msgstr "Wydawca"
 
@@ -4324,13 +4487,17 @@ msgstr "Wróć do wyboru urządzeń"
 msgid "Revoked?"
 msgstr "Unieważniono?"
 
+#: src/elements/TreeView.ts
+msgid "Root"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceViewPage.ts
 msgid "Run sync again"
 msgstr "Uruchom ponownie synchronizację"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML"
-#~ msgstr ""
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "SAML"
+msgstr ""
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML (metadata import)"
@@ -4344,9 +4511,9 @@ msgstr "Nazwa atrybutu SAML"
 msgid "SAML Metadata"
 msgstr "Metadane SAML"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML details"
-#~ msgstr ""
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "SAML details"
+msgstr ""
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML details (import from metadata)"
@@ -4747,6 +4914,14 @@ msgstr "Pojedyncze monity, których można używać dla etapów monitów."
 msgid "Single use"
 msgstr "Jednorazowego użytku"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications which handle authentication in the browser (for example, Javascript, Angular, React, Vue)"
+msgstr ""
+
 #~ msgid "Skip path regex"
 #~ msgstr "Pomiń path regex"
 
@@ -5470,6 +5645,10 @@ msgstr ""
 msgid "The following objects use {objName}"
 msgstr "Następujące obiekty używają {objName}"
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
+msgstr ""
+
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@@ -5531,6 +5710,10 @@ msgstr ""
 msgid "These policies control which users can access this application."
 msgstr "Te zasady kontrolują, którzy użytkownicy mogą uzyskać dostęp do tej aplikacji."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "This configuration can be used to authenticate to authentik with other APIs other otherwise programmatically."
+msgstr ""
+
 #: src/flows/FlowInspector.ts
 msgid "This flow is completed."
 msgstr "Ten przepływ jest zakończony."
@@ -5715,6 +5898,14 @@ msgstr "Transporty"
 msgid "Trusted OIDC Sources"
 msgstr ""
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try it now"
+msgstr ""
+
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try the new application wizard"
+msgstr ""
+
 #: src/interfaces/locale.ts
 msgid "Turkish"
 msgstr "Turecki"
@@ -5768,6 +5959,10 @@ msgstr "UPN"
 msgid "URL settings"
 msgstr "Ustawienia URL"
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "URL that authentik will redirect back to after successful authentication."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "URL that the initial Login request is sent to."
 msgstr "URL, do którego wysyłane jest początkowe żądanie logowania."
@@ -5788,6 +5983,10 @@ msgstr "URL używany przez authentik do pobierania tokenów."
 msgid "URL used to request the initial token. This URL is only required for OAuth 1."
 msgstr "URL używany do żądania początkowego tokena. Ten adres URL jest wymagany tylko w przypadku protokołu OAuth 1."
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "URL which will be opened when a user clicks on the application."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Unauthenticated Paths"
 msgstr "Nieuwierzytelnione ścieżki"
@@ -6127,6 +6326,10 @@ msgstr "Zdarzenia użytkownika"
 msgid "User fields"
 msgstr "Pola użytkownika"
 
+#: src/pages/users/UserListPage.ts
+msgid "User folders"
+msgstr ""
+
 #: src/interfaces/AdminInterface.ts
 msgid "User interface"
 msgstr "Interfejs użytkownika"
@@ -6151,6 +6354,17 @@ msgstr "Filtr obiektów użytkownika"
 msgid "User password writeback"
 msgstr "Zapis zwrotny hasła użytkownika"
 
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "User path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "User path template"
+msgstr ""
+
 #: src/pages/tenants/TenantForm.ts
 msgid "User settings flow"
 msgstr ""
@@ -6386,6 +6600,10 @@ msgstr "Ostrzeżenie: domena authentik nie jest skonfigurowana, uwierzytelnianie
 msgid "Web Certificate"
 msgstr "Certyfikat sieciowy"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Web application"
+msgstr ""
+
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 msgid "WebAuthn Authenticators"
 msgstr "Uwierzytelniacze WebAuthn"
@@ -6506,6 +6724,10 @@ msgstr ""
 msgid "X509 Subject"
 msgstr "Temat X509"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "XML-based SSO standard. Use this if your application only supports SAML."
+msgstr ""
+
 #: src/elements/oauth/UserRefreshList.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/groups/GroupListPage.ts
diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po
index ad72c490a..da8f088b6 100644
--- a/web/src/locales/pseudo-LOCALE.po
+++ b/web/src/locales/pseudo-LOCALE.po
@@ -87,6 +87,7 @@ msgstr ""
 msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
 msgstr ""
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderViewPage.ts
 msgid "ACS URL"
@@ -110,6 +111,10 @@ msgstr ""
 msgid "ANY, any policy must match to include this stage access."
 msgstr ""
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "API"
+msgstr ""
+
 #: src/pages/tokens/TokenListPage.ts
 msgid "API Access"
 msgstr ""
@@ -255,6 +260,10 @@ msgstr ""
 msgid "Additional Scope"
 msgstr ""
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Additional UI settings"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Additional group DN, prepended to the Base DN."
 msgstr ""
@@ -376,6 +385,7 @@ msgid "App password (can be used to login using a flow executor)"
 msgstr ""
 
 #: src/elements/user/UserConsentList.ts
+#: src/flows/stages/consent/ConsentStage.ts
 #: src/pages/admin-overview/TopApplicationsTable.ts
 #: src/pages/providers/ProviderListPage.ts
 msgid "Application"
@@ -386,6 +396,14 @@ msgstr ""
 msgid "Application Icon"
 msgstr ""
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Application Link"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application already has access to the following permissions:"
+msgstr ""
+
 #: src/elements/charts/UserChart.ts
 msgid "Application authorizations"
 msgstr ""
@@ -394,11 +412,25 @@ msgstr ""
 msgid "Application authorized"
 msgstr ""
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Application details"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application requires following new permissions:"
+msgstr ""
+
 #: src/flows/stages/consent/ConsentStage.ts
 msgid "Application requires following permissions:"
 msgstr ""
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Application type"
+msgstr ""
+
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Application's display Name."
 msgstr ""
 
@@ -413,6 +445,18 @@ msgstr ""
 msgid "Applications"
 msgstr ""
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which handle the authentication server-side (for example, Python, Go, Rust, Java, PHP)"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which redirect users to a non-web callback (for example, Android, iOS)"
+msgstr ""
+
+#: src/elements/wizard/ActionWizardPage.ts
+msgid "Apply changes"
+msgstr ""
+
 #: src/pages/admin-overview/AdminOverviewPage.ts
 msgid "Apps with most usage"
 msgstr ""
@@ -528,6 +572,14 @@ msgstr ""
 msgid "Authentication flow"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Authentication method"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Authentication without user interaction, or machine-to-machine authentication."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "Authenticator"
 msgstr ""
@@ -553,6 +605,7 @@ msgstr ""
 msgid "Authorization URL"
 msgstr ""
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
@@ -614,6 +667,7 @@ msgstr ""
 #~ msgid "Backup status"
 #~ msgstr ""
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 #: src/pages/providers/ldap/LDAPProviderViewPage.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
@@ -709,6 +763,10 @@ msgstr ""
 msgid "Built-in"
 msgstr ""
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "By default, all service accounts can authenticate as this application, as long as they have a valid token of the type app-password."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "By default, only icons are shown for sources. Enable this to show their full names."
 msgstr ""
@@ -1210,6 +1268,7 @@ msgstr ""
 
 #: src/pages/applications/ApplicationListPage.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/ApplicationWizard.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/events/RuleListPage.ts
@@ -1348,6 +1407,10 @@ msgstr ""
 msgid "Create a new application"
 msgstr ""
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "Create a new application."
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "Create a new outpost integration."
 msgstr ""
@@ -1372,14 +1435,27 @@ msgstr ""
 msgid "Create a new stage."
 msgstr ""
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Create application"
+msgstr ""
+
 #: src/pages/users/ServiceAccountForm.ts
 msgid "Create group"
 msgstr ""
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 msgid "Create provider"
 msgstr ""
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "Create service account"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Create users as inactive"
 msgstr ""
@@ -1561,6 +1637,7 @@ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in S
 msgstr ""
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/property-mappings/PropertyMappingScopeForm.ts
 #: src/pages/system-tasks/SystemTaskListPage.ts
 #: src/pages/tokens/TokenForm.ts
@@ -2077,6 +2154,14 @@ msgstr ""
 msgid "External Host"
 msgstr ""
 
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain"
+msgstr ""
+
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain you will be accessing the domain from."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "External host"
@@ -2250,6 +2335,10 @@ msgstr ""
 msgid "Flow used when authorizing this provider."
 msgstr ""
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgid "Flow used when users access this application."
+msgstr ""
+
 #: src/pages/flows/FlowListPage.ts
 msgid "Flow(s)"
 msgstr ""
@@ -2487,7 +2576,6 @@ msgid "Hide managed mappings"
 msgstr ""
 
 #: src/pages/users/RelatedUserList.ts
-#: src/pages/users/UserListPage.ts
 msgid "Hide service-accounts"
 msgstr ""
 
@@ -2653,10 +2741,22 @@ msgstr ""
 msgid "Import Flow"
 msgstr ""
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import SAML Metadata"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
+msgid "Import SAML metadata"
+msgstr ""
+
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 msgid "Import certificates of external providers or create certificates to sign requests with."
 msgstr ""
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import the metadata document of the applicaation you want to configure."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "In case you can't access any other method."
 msgstr ""
@@ -2803,6 +2903,7 @@ msgstr ""
 msgid "Kubeconfig"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 msgid "LDAP"
@@ -2824,9 +2925,9 @@ msgstr ""
 msgid "LDAP Sync status"
 msgstr ""
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "LDAP details"
-#~ msgstr ""
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "LDAP details"
+msgstr ""
 
 #: src/pages/stages/prompt/PromptForm.ts
 #: src/pages/stages/prompt/PromptListPage.ts
@@ -2879,6 +2980,10 @@ msgstr ""
 msgid "Layout"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Legacy applications which don't natively support SSO."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "Let the user identify themselves with their username or Email address."
 msgstr ""
@@ -2887,6 +2992,11 @@ msgstr ""
 #~ msgid "Library"
 #~ msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Link"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
 msgid "Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses"
@@ -2945,6 +3055,7 @@ msgstr ""
 #: src/elements/Spinner.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/TransportForm.ts
@@ -2980,7 +3091,6 @@ msgstr ""
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
-#: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
@@ -3005,7 +3115,6 @@ msgstr ""
 #: src/pages/stages/password/PasswordStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
-#: src/pages/stages/user_write/UserWriteStageForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
@@ -3110,6 +3219,14 @@ msgstr ""
 msgid "Managed by authentik (Discovered)"
 msgstr ""
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manual configuration"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manually configure SAML"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Mark newly created users as inactive."
 msgstr ""
@@ -3155,11 +3272,18 @@ msgstr ""
 msgid "Messages"
 msgstr ""
 
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderImportForm.ts
 #: src/pages/sources/saml/SAMLSourceViewPage.ts
 msgid "Metadata"
 msgstr ""
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthImplicitApplicationWizardPage.ts
+msgid "Method details"
+msgstr ""
+
 #: src/pages/policies/password/PasswordPolicyForm.ts
 msgid "Minimum amount of Digits"
 msgstr ""
@@ -3203,6 +3327,10 @@ msgstr ""
 msgid "Model updated"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Modern applications, APIs and Single-page applications."
+msgstr ""
+
 #: 
 #~ msgid "Monitor"
 #~ msgstr ""
@@ -3218,6 +3346,7 @@ msgstr ""
 #: src/elements/forms/DeleteBulkForm.ts
 #: src/pages/applications/ApplicationForm.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/crypto/CertificateKeyPairForm.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
@@ -3315,6 +3444,10 @@ msgstr ""
 msgid "NameID Property Mapping"
 msgstr ""
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Native application"
+msgstr ""
+
 #: src/flows/stages/identification/IdentificationStage.ts
 msgid "Need an account?"
 msgstr ""
@@ -3327,6 +3460,10 @@ msgstr ""
 msgid "Negates the outcome of the binding. Messages are unaffected."
 msgstr ""
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "New application"
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "New outpost integration"
 msgstr ""
@@ -3587,6 +3724,10 @@ msgstr ""
 #~ msgid "OAuth/OIDC"
 #~ msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "OAuth2/OIDC"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 msgid "OIDC JWKS"
 msgstr ""
@@ -3866,6 +4007,21 @@ msgstr ""
 msgid "Passwordless flow"
 msgstr ""
 
+#: src/pages/users/UserForm.ts
+msgid "Path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "Path new users will be created under. If left blank, the default path will be used.fo"
+msgstr ""
+
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "Path template for users created. Use placeholders like `%(slug)s` to insert the source slug."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "Persistent"
 msgstr ""
@@ -4077,6 +4233,11 @@ msgstr ""
 msgid "Protocol settings"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Provide an LDAP interface for applications and users to authenticate against."
+msgstr ""
+
 #: src/pages/providers/ProviderListPage.ts
 msgid "Provide support for protocols like SAML and OAuth to assigned applications."
 msgstr ""
@@ -4108,6 +4269,7 @@ msgstr ""
 msgid "Providers"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
@@ -4115,9 +4277,9 @@ msgstr ""
 msgid "Proxy"
 msgstr ""
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "Proxy details"
-#~ msgstr ""
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "Proxy details"
+msgstr ""
 
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Public"
@@ -4132,6 +4294,7 @@ msgid "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html.
 msgstr ""
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Publisher"
 msgstr ""
 
@@ -4394,13 +4557,17 @@ msgstr ""
 msgid "Revoked?"
 msgstr ""
 
+#: src/elements/TreeView.ts
+msgid "Root"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceViewPage.ts
 msgid "Run sync again"
 msgstr ""
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML"
-#~ msgstr ""
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "SAML"
+msgstr ""
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML (metadata import)"
@@ -4414,9 +4581,9 @@ msgstr ""
 msgid "SAML Metadata"
 msgstr ""
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML details"
-#~ msgstr ""
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "SAML details"
+msgstr ""
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML details (import from metadata)"
@@ -4825,6 +4992,14 @@ msgstr ""
 msgid "Single use"
 msgstr ""
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications which handle authentication in the browser (for example, Javascript, Angular, React, Vue)"
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #~ msgid "Skip path regex"
 #~ msgstr ""
@@ -5574,6 +5749,10 @@ msgstr ""
 msgid "The following objects use {objName}"
 msgstr ""
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
+msgstr ""
+
 #: src/pages/policies/reputation/ReputationPolicyForm.ts
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
@@ -5626,6 +5805,10 @@ msgstr ""
 msgid "These policies control which users can access this application."
 msgstr ""
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "This configuration can be used to authenticate to authentik with other APIs other otherwise programmatically."
+msgstr ""
+
 #: src/flows/FlowInspector.ts
 msgid "This flow is completed."
 msgstr ""
@@ -5814,6 +5997,14 @@ msgstr ""
 msgid "Trusted OIDC Sources"
 msgstr ""
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try it now"
+msgstr ""
+
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try the new application wizard"
+msgstr ""
+
 #: src/interfaces/locale.ts
 msgid "Turkish"
 msgstr ""
@@ -5867,6 +6058,10 @@ msgstr ""
 msgid "URL settings"
 msgstr ""
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "URL that authentik will redirect back to after successful authentication."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "URL that the initial Login request is sent to."
 msgstr ""
@@ -5887,6 +6082,10 @@ msgstr ""
 msgid "URL used to request the initial token. This URL is only required for OAuth 1."
 msgstr ""
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "URL which will be opened when a user clicks on the application."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Unauthenticated Paths"
 msgstr ""
@@ -6231,6 +6430,10 @@ msgstr ""
 msgid "User fields"
 msgstr ""
 
+#: src/pages/users/UserListPage.ts
+msgid "User folders"
+msgstr ""
+
 #: src/interfaces/AdminInterface.ts
 msgid "User interface"
 msgstr ""
@@ -6256,6 +6459,17 @@ msgstr ""
 msgid "User password writeback"
 msgstr ""
 
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "User path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "User path template"
+msgstr ""
+
 #: src/pages/tenants/TenantForm.ts
 msgid "User settings flow"
 msgstr ""
@@ -6492,6 +6706,10 @@ msgstr ""
 msgid "Web Certificate"
 msgstr ""
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Web application"
+msgstr ""
+
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 msgid "WebAuthn Authenticators"
 msgstr ""
@@ -6611,6 +6829,10 @@ msgstr ""
 msgid "X509 Subject"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "XML-based SSO standard. Use this if your application only supports SAML."
+msgstr ""
+
 #: src/elements/oauth/UserRefreshList.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/groups/GroupListPage.ts
diff --git a/web/src/locales/tr.po b/web/src/locales/tr.po
index fcd1fbd51..8b23d8888 100644
--- a/web/src/locales/tr.po
+++ b/web/src/locales/tr.po
@@ -90,6 +90,7 @@ msgstr ""
 msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
 msgstr "Test için kullanılan bir ilke. Her zaman rastgele bir süre bekledikten sonra aşağıda belirtilen sonucu döndürür."
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderViewPage.ts
 msgid "ACS URL"
@@ -113,6 +114,10 @@ msgstr "HERHANGİ, erişim izni vermek için herhangi bir ilke eşleşmelidir."
 msgid "ANY, any policy must match to include this stage access."
 msgstr "HERHANGİ, bu aşama erişimini içerecek şekilde herhangi bir ilke"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "API"
+msgstr ""
+
 #: src/pages/tokens/TokenListPage.ts
 msgid "API Access"
 msgstr "API Erişimi"
@@ -257,6 +262,10 @@ msgstr "Ekleme Kullanıcı DN"
 msgid "Additional Scope"
 msgstr "Ek Kapsam"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Additional UI settings"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Additional group DN, prepended to the Base DN."
 msgstr "Ek grup DN, Base DN için eklenmiş."
@@ -377,6 +386,7 @@ msgid "App password (can be used to login using a flow executor)"
 msgstr "Uygulama parolası (bir akış yürütücüyle giriş yapmak için kullanılabilir)"
 
 #: src/elements/user/UserConsentList.ts
+#: src/flows/stages/consent/ConsentStage.ts
 #: src/pages/admin-overview/TopApplicationsTable.ts
 #: src/pages/providers/ProviderListPage.ts
 msgid "Application"
@@ -387,6 +397,14 @@ msgstr "Uygulama"
 msgid "Application Icon"
 msgstr "Uygulama Simgesi"
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Application Link"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application already has access to the following permissions:"
+msgstr ""
+
 #: src/elements/charts/UserChart.ts
 msgid "Application authorizations"
 msgstr "Uygulama yetkilendirmeleri"
@@ -395,11 +413,25 @@ msgstr "Uygulama yetkilendirmeleri"
 msgid "Application authorized"
 msgstr "Başvuru yetkili"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Application details"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application requires following new permissions:"
+msgstr ""
+
 #: src/flows/stages/consent/ConsentStage.ts
 msgid "Application requires following permissions:"
 msgstr "Uygulama aşağıdaki izinleri gerektirir:"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Application type"
+msgstr ""
+
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Application's display Name."
 msgstr "Uygulamanın görünen Adı."
 
@@ -414,6 +446,18 @@ msgstr "Uygulama (lar)"
 msgid "Applications"
 msgstr "Uygulamalar"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which handle the authentication server-side (for example, Python, Go, Rust, Java, PHP)"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which redirect users to a non-web callback (for example, Android, iOS)"
+msgstr ""
+
+#: src/elements/wizard/ActionWizardPage.ts
+msgid "Apply changes"
+msgstr ""
+
 #: src/pages/admin-overview/AdminOverviewPage.ts
 msgid "Apps with most usage"
 msgstr "En çok kullanıma sahip uygulamalar"
@@ -531,6 +575,14 @@ msgstr "Kimlik Doğrulama URL'si"
 msgid "Authentication flow"
 msgstr "Kimlik doğrulama akışı"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Authentication method"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Authentication without user interaction, or machine-to-machine authentication."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "Authenticator"
 msgstr "Kimlik Doğrulayıcı"
@@ -555,6 +607,7 @@ msgstr "Yetkilendirme"
 msgid "Authorization URL"
 msgstr "Yetkilendirme URL'si"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
@@ -616,6 +669,7 @@ msgstr "Yürütme sırasında arka plan gösterilir."
 #~ msgid "Backup status"
 #~ msgstr "Yedekleme durumu"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 #: src/pages/providers/ldap/LDAPProviderViewPage.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
@@ -710,6 +764,10 @@ msgstr "Derleme karması:"
 msgid "Built-in"
 msgstr "Dahili"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "By default, all service accounts can authenticate as this application, as long as they have a valid token of the type app-password."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "By default, only icons are shown for sources. Enable this to show their full names."
 msgstr "Varsayılan olarak, kaynaklar için yalnızca simgeler gösterilir. Tam adlarını göstermek için bunu etkinleştirin."
@@ -1203,6 +1261,7 @@ msgstr "Kurtarma bağlantısı kopyalama"
 
 #: src/pages/applications/ApplicationListPage.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/ApplicationWizard.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/events/RuleListPage.ts
@@ -1341,6 +1400,10 @@ msgstr "Kullanıcı Oluştur"
 msgid "Create a new application"
 msgstr "Yeni bir uygulama oluştur"
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "Create a new application."
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "Create a new outpost integration."
 msgstr ""
@@ -1365,14 +1428,27 @@ msgstr ""
 msgid "Create a new stage."
 msgstr ""
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Create application"
+msgstr ""
+
 #: src/pages/users/ServiceAccountForm.ts
 msgid "Create group"
 msgstr "Grup oluştur"
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 msgid "Create provider"
 msgstr "Sağlayıcı oluştur"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "Create service account"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Create users as inactive"
 msgstr "Kullanıcıları etkin olmayan olarak oluşturma"
@@ -1548,6 +1624,7 @@ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in S
 msgstr ""
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/property-mappings/PropertyMappingScopeForm.ts
 #: src/pages/system-tasks/SystemTaskListPage.ts
 #: src/pages/tokens/TokenForm.ts
@@ -2047,6 +2124,14 @@ msgstr "OAuth2 ve SAML gibi protokolleri kullanan Kimlik Sağlayıcı olarak aut
 msgid "External Host"
 msgstr "Harici Ana Bilgisayar"
 
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain"
+msgstr ""
+
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain you will be accessing the domain from."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "External host"
@@ -2219,6 +2304,10 @@ msgstr "Çıkış yapmak için kullanılan akış. Boş bırakılırsa, kısa is
 msgid "Flow used when authorizing this provider."
 msgstr "Bu sağlayıcıyı yetkilendirirken kullanılan akış."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgid "Flow used when users access this application."
+msgstr ""
+
 #: src/pages/flows/FlowListPage.ts
 msgid "Flow(s)"
 msgstr "Akış (ler)"
@@ -2453,7 +2542,6 @@ msgid "Hide managed mappings"
 msgstr "Yönetilen eşlemeleri gizle"
 
 #: src/pages/users/RelatedUserList.ts
-#: src/pages/users/UserListPage.ts
 msgid "Hide service-accounts"
 msgstr "Hizmet hesaplarını gizle"
 
@@ -2616,10 +2704,22 @@ msgstr "İçe Aktar"
 msgid "Import Flow"
 msgstr "Akışı İçe Aktar"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import SAML Metadata"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
+msgid "Import SAML metadata"
+msgstr ""
+
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 msgid "Import certificates of external providers or create certificates to sign requests with."
 msgstr "Harici sağlayıcıların sertifikalarını içe aktarın veya istekleri imzalamak için sertifikalar oluşturun."
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import the metadata document of the applicaation you want to configure."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "In case you can't access any other method."
 msgstr "Başka bir yönteme erişemiyorsanız."
@@ -2764,6 +2864,7 @@ msgstr "Giden istekleri imzalamak için kullanılan anahtar çifti. İmzalamayı
 msgid "Kubeconfig"
 msgstr "Kubeconfig"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 msgid "LDAP"
@@ -2785,9 +2886,9 @@ msgstr "Bağlama istekleri ve arama istekleri altında yapılabilen LDAP DN."
 msgid "LDAP Sync status"
 msgstr "LDAP Eşitleme durumu"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "LDAP details"
-#~ msgstr ""
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "LDAP details"
+msgstr ""
 
 #: src/pages/stages/prompt/PromptForm.ts
 #: src/pages/stages/prompt/PromptListPage.ts
@@ -2840,6 +2941,10 @@ msgstr "URL Başlat"
 msgid "Layout"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Legacy applications which don't natively support SSO."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "Let the user identify themselves with their username or Email address."
 msgstr "Kullanıcının kullanıcı adı veya E-posta adresi ile kendilerini tanımlamasına izin verin."
@@ -2847,6 +2952,11 @@ msgstr "Kullanıcının kullanıcı adı veya E-posta adresi ile kendilerini tan
 #~ msgid "Library"
 #~ msgstr "Kitaplık"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Link"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
 msgid "Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses"
@@ -2905,6 +3015,7 @@ msgstr "Yükleniyor"
 #: src/elements/Spinner.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/TransportForm.ts
@@ -2940,7 +3051,6 @@ msgstr "Yükleniyor"
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
-#: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
@@ -2965,7 +3075,6 @@ msgstr "Yükleniyor"
 #: src/pages/stages/password/PasswordStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
-#: src/pages/stages/user_write/UserWriteStageForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
@@ -3070,6 +3179,14 @@ msgstr "Auentik tarafından yönetiliyor"
 msgid "Managed by authentik (Discovered)"
 msgstr "Auentik tarafından yönetilen (Keşfedildi)"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manual configuration"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manually configure SAML"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Mark newly created users as inactive."
 msgstr "Yeni oluşturulan kullanıcıları etkin değil olarak işaretleyin."
@@ -3115,11 +3232,18 @@ msgstr "Mesaj"
 msgid "Messages"
 msgstr "İletiler"
 
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderImportForm.ts
 #: src/pages/sources/saml/SAMLSourceViewPage.ts
 msgid "Metadata"
 msgstr "Meta veriler"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthImplicitApplicationWizardPage.ts
+msgid "Method details"
+msgstr ""
+
 #: src/pages/policies/password/PasswordPolicyForm.ts
 msgid "Minimum amount of Digits"
 msgstr "Minimum Rakam sayısı"
@@ -3163,6 +3287,10 @@ msgstr "Model silindi"
 msgid "Model updated"
 msgstr "Model güncellendi"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Modern applications, APIs and Single-page applications."
+msgstr ""
+
 #~ msgid "Monitor"
 #~ msgstr "Monitör"
 
@@ -3177,6 +3305,7 @@ msgstr "Uygulamalarım"
 #: src/elements/forms/DeleteBulkForm.ts
 #: src/pages/applications/ApplicationForm.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/crypto/CertificateKeyPairForm.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
@@ -3274,6 +3403,10 @@ msgstr "NameID İlkesi"
 msgid "NameID Property Mapping"
 msgstr "NameID Özellik Eşlemesi"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Native application"
+msgstr ""
+
 #: src/flows/stages/identification/IdentificationStage.ts
 msgid "Need an account?"
 msgstr "Bir hesaba mı ihtiyacınız var?"
@@ -3286,6 +3419,10 @@ msgstr "Negate sonucu"
 msgid "Negates the outcome of the binding. Messages are unaffected."
 msgstr "Bağlamanın sonucunu susturur. Mesajlar etkilenmez."
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "New application"
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "New outpost integration"
 msgstr ""
@@ -3542,6 +3679,10 @@ msgstr "OAuth Yenile Kodları"
 #~ msgid "OAuth/OIDC"
 #~ msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "OAuth2/OIDC"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 msgid "OIDC JWKS"
 msgstr ""
@@ -3815,6 +3956,21 @@ msgstr "Parola: Maskeli giriş, parola kaynaklara karşı doğrulanır. İlkeler
 msgid "Passwordless flow"
 msgstr "Parolasız akış"
 
+#: src/pages/users/UserForm.ts
+msgid "Path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "Path new users will be created under. If left blank, the default path will be used.fo"
+msgstr ""
+
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "Path template for users created. Use placeholders like `%(slug)s` to insert the source slug."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "Persistent"
 msgstr "Kalıcı"
@@ -4023,6 +4179,11 @@ msgstr "Protokol Ayarları"
 msgid "Protocol settings"
 msgstr "Protokol ayarları"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Provide an LDAP interface for applications and users to authenticate against."
+msgstr ""
+
 #: src/pages/providers/ProviderListPage.ts
 msgid "Provide support for protocols like SAML and OAuth to assigned applications."
 msgstr "Atanan uygulamalara SAML ve OAuth gibi protokoller için destek sağlayın."
@@ -4053,6 +4214,7 @@ msgstr "Sağlayıcı (lar)"
 msgid "Providers"
 msgstr "Sağlayıcılar"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
@@ -4060,9 +4222,9 @@ msgstr "Sağlayıcılar"
 msgid "Proxy"
 msgstr "Vekil Sunucu"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "Proxy details"
-#~ msgstr ""
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "Proxy details"
+msgstr ""
 
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Public"
@@ -4077,6 +4239,7 @@ msgid "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html.
 msgstr "https://www.google.com/recaptcha/intro/v3.html adresinden edinilen genel anahtar."
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Publisher"
 msgstr "Yayıncı"
 
@@ -4329,13 +4492,17 @@ msgstr "Aygıt seçiciye geri dön"
 msgid "Revoked?"
 msgstr "İptal mi edildi?"
 
+#: src/elements/TreeView.ts
+msgid "Root"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceViewPage.ts
 msgid "Run sync again"
 msgstr "Eşzamanlamayı tekrar çalıştır"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML"
-#~ msgstr ""
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "SAML"
+msgstr ""
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML (metadata import)"
@@ -4349,9 +4516,9 @@ msgstr "SAML Öznitelik Adı"
 msgid "SAML Metadata"
 msgstr "SAML Meta Verileri"
 
-#: src/pages/providers/ProviderWizard.ts
-#~ msgid "SAML details"
-#~ msgstr ""
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "SAML details"
+msgstr ""
 
 #: src/pages/providers/ProviderWizard.ts
 #~ msgid "SAML details (import from metadata)"
@@ -4752,6 +4919,14 @@ msgstr "İstemi Aşamaları için kullanılabilecek Tek İstemler."
 msgid "Single use"
 msgstr "Tek kullanımlık"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications which handle authentication in the browser (for example, Javascript, Angular, React, Vue)"
+msgstr ""
+
 #~ msgid "Skip path regex"
 #~ msgstr "Yol regex atla"
 
@@ -5475,6 +5650,10 @@ msgstr ""
 msgid "The following objects use {objName}"
 msgstr "Aşağıdaki nesneler {objName}"
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
+msgstr ""
+
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@@ -5536,6 +5715,10 @@ msgstr ""
 msgid "These policies control which users can access this application."
 msgstr "Bu ilkeler hangi kullanıcıların bu uygulamaya erişebileceğini denetler."
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "This configuration can be used to authenticate to authentik with other APIs other otherwise programmatically."
+msgstr ""
+
 #: src/flows/FlowInspector.ts
 msgid "This flow is completed."
 msgstr "Bu akış tamamlandı."
@@ -5720,6 +5903,14 @@ msgstr "Aktarıcılar"
 msgid "Trusted OIDC Sources"
 msgstr ""
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try it now"
+msgstr ""
+
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try the new application wizard"
+msgstr ""
+
 #: src/interfaces/locale.ts
 msgid "Turkish"
 msgstr "Türkçe"
@@ -5773,6 +5964,10 @@ msgstr "UPN"
 msgid "URL settings"
 msgstr "URL ayarları"
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "URL that authentik will redirect back to after successful authentication."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "URL that the initial Login request is sent to."
 msgstr "İlk oturum açma isteğinin gönderildiği URL."
@@ -5793,6 +5988,10 @@ msgstr "Auentik tarafından belirteçleri almak için kullanılan URL."
 msgid "URL used to request the initial token. This URL is only required for OAuth 1."
 msgstr "İlk belirteci istemek için kullanılan URL. Bu URL yalnızca OAuth 1 için gereklidir."
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "URL which will be opened when a user clicks on the application."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Unauthenticated Paths"
 msgstr "Kimliği Doğrulanmamış Yollar"
@@ -6132,6 +6331,10 @@ msgstr "Kullanıcı olayları"
 msgid "User fields"
 msgstr "Kullanıcı alanları"
 
+#: src/pages/users/UserListPage.ts
+msgid "User folders"
+msgstr ""
+
 #: src/interfaces/AdminInterface.ts
 msgid "User interface"
 msgstr "Kullanıcı arayüzü"
@@ -6156,6 +6359,17 @@ msgstr "Kullanıcı nesne filtresi"
 msgid "User password writeback"
 msgstr "Kullanıcı parolasını geri yazma"
 
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "User path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "User path template"
+msgstr ""
+
 #: src/pages/tenants/TenantForm.ts
 msgid "User settings flow"
 msgstr ""
@@ -6391,6 +6605,10 @@ msgstr "Uyarı: authentik Domain yapılandırılmamış, kimlik doğrulama çal
 msgid "Web Certificate"
 msgstr "Web Sertifikası"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Web application"
+msgstr ""
+
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 msgid "WebAuthn Authenticators"
 msgstr "WebAuthn Kimlik Doğrulayıcıları"
@@ -6511,6 +6729,10 @@ msgstr ""
 msgid "X509 Subject"
 msgstr "X509 Konusu"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "XML-based SSO standard. Use this if your application only supports SAML."
+msgstr ""
+
 #: src/elements/oauth/UserRefreshList.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/groups/GroupListPage.ts
diff --git a/web/src/locales/zh-Hans.po b/web/src/locales/zh-Hans.po
index 6f68b0941..2733706e3 100644
--- a/web/src/locales/zh-Hans.po
+++ b/web/src/locales/zh-Hans.po
@@ -91,6 +91,7 @@ msgstr "不可移除的身份验证器，例如 TouchID 或 Windows Hello"
 msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
 msgstr "用于测试的策略。等待随机时长后，始终返回下面指定的结果。"
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderViewPage.ts
 msgid "ACS URL"
@@ -114,6 +115,10 @@ msgstr "ANY，必须匹配任意策略才能授予访问权限。"
 msgid "ANY, any policy must match to include this stage access."
 msgstr "ANY，必须匹配任意策略才能包含此阶段访问权限。"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "API"
+msgstr ""
+
 #: src/pages/tokens/TokenListPage.ts
 msgid "API Access"
 msgstr "API 访问权限"
@@ -257,6 +262,10 @@ msgstr "额外的用户 DN"
 msgid "Additional Scope"
 msgstr "额外的作用域"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Additional UI settings"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Additional group DN, prepended to the Base DN."
 msgstr "额外的组 DN，添加到 Base DN 起始处。"
@@ -377,6 +386,7 @@ msgid "App password (can be used to login using a flow executor)"
 msgstr "应用密码（可用于使用流程执行器登录）"
 
 #: src/elements/user/UserConsentList.ts
+#: src/flows/stages/consent/ConsentStage.ts
 #: src/pages/admin-overview/TopApplicationsTable.ts
 #: src/pages/providers/ProviderListPage.ts
 msgid "Application"
@@ -387,6 +397,14 @@ msgstr "应用程序"
 msgid "Application Icon"
 msgstr "应用程序图标"
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Application Link"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application already has access to the following permissions:"
+msgstr ""
+
 #: src/elements/charts/UserChart.ts
 msgid "Application authorizations"
 msgstr "应用程序授权"
@@ -395,11 +413,25 @@ msgstr "应用程序授权"
 msgid "Application authorized"
 msgstr "应用程序已授权"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Application details"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application requires following new permissions:"
+msgstr ""
+
 #: src/flows/stages/consent/ConsentStage.ts
 msgid "Application requires following permissions:"
 msgstr "应用程序需要以下权限："
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Application type"
+msgstr ""
+
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Application's display Name."
 msgstr "应用的显示名称。"
 
@@ -414,6 +446,18 @@ msgstr "应用程序"
 msgid "Applications"
 msgstr "应用程序"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which handle the authentication server-side (for example, Python, Go, Rust, Java, PHP)"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which redirect users to a non-web callback (for example, Android, iOS)"
+msgstr ""
+
+#: src/elements/wizard/ActionWizardPage.ts
+msgid "Apply changes"
+msgstr ""
+
 #: src/pages/admin-overview/AdminOverviewPage.ts
 msgid "Apps with most usage"
 msgstr "使用率最高的应用"
@@ -530,6 +574,14 @@ msgstr "身份验证 URL"
 msgid "Authentication flow"
 msgstr "身份验证流程"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Authentication method"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Authentication without user interaction, or machine-to-machine authentication."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "Authenticator"
 msgstr "身份验证器"
@@ -553,6 +605,7 @@ msgstr "授权"
 msgid "Authorization URL"
 msgstr "授权 URL"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
@@ -611,6 +664,7 @@ msgstr "执行过程中显示的背景。"
 #~ msgid "Backup status"
 #~ msgstr "备份状态"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 #: src/pages/providers/ldap/LDAPProviderViewPage.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
@@ -705,6 +759,10 @@ msgstr "构建哈希："
 msgid "Built-in"
 msgstr "内置"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "By default, all service accounts can authenticate as this application, as long as they have a valid token of the type app-password."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "By default, only icons are shown for sources. Enable this to show their full names."
 msgstr "默认情况下，只为源显示图标。启用此选项可显示它们的全名。"
@@ -1198,6 +1256,7 @@ msgstr "复制恢复链接"
 
 #: src/pages/applications/ApplicationListPage.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/ApplicationWizard.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/events/RuleListPage.ts
@@ -1336,6 +1395,10 @@ msgstr "创建用户"
 msgid "Create a new application"
 msgstr "创建新应用程序"
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "Create a new application."
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "Create a new outpost integration."
 msgstr "创建一个新前哨集成。"
@@ -1360,14 +1423,27 @@ msgstr "创建一个新身份来源。"
 msgid "Create a new stage."
 msgstr "创建一个新阶段。"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Create application"
+msgstr ""
+
 #: src/pages/users/ServiceAccountForm.ts
 msgid "Create group"
 msgstr "创建组"
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 msgid "Create provider"
 msgstr "创建提供程序"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "Create service account"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Create users as inactive"
 msgstr "创建未激活用户"
@@ -1543,6 +1619,7 @@ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in S
 msgstr "已弃用。请在身份来源中配置 JWKS 数据 / URL 代替此字段。"
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/property-mappings/PropertyMappingScopeForm.ts
 #: src/pages/system-tasks/SystemTaskListPage.ts
 #: src/pages/tokens/TokenForm.ts
@@ -2035,6 +2112,14 @@ msgstr "利用 OAuth2 和 SAML 等协议，使用 authentik 作为身份提供
 msgid "External Host"
 msgstr "外部主机"
 
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain"
+msgstr ""
+
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain you will be accessing the domain from."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "External host"
@@ -2207,6 +2292,10 @@ msgstr "用于登出的流程。如果留空，则使用按 Slug 排序的第一
 msgid "Flow used when authorizing this provider."
 msgstr "授权此提供程序时使用的流程。"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgid "Flow used when users access this application."
+msgstr ""
+
 #: src/pages/flows/FlowListPage.ts
 msgid "Flow(s)"
 msgstr "流程"
@@ -2439,7 +2528,6 @@ msgid "Hide managed mappings"
 msgstr "隐藏管理映射"
 
 #: src/pages/users/RelatedUserList.ts
-#: src/pages/users/UserListPage.ts
 msgid "Hide service-accounts"
 msgstr "隐藏服务账户"
 
@@ -2600,10 +2688,22 @@ msgstr "导入"
 msgid "Import Flow"
 msgstr "导入流程"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import SAML Metadata"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
+msgid "Import SAML metadata"
+msgstr ""
+
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 msgid "Import certificates of external providers or create certificates to sign requests with."
 msgstr "导入外部提供商的证书或创建用于签名请求的证书。"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import the metadata document of the applicaation you want to configure."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "In case you can't access any other method."
 msgstr "以防万一您无法使用任何其他方法。"
@@ -2748,6 +2848,7 @@ msgstr "用于签名传出请求的密钥对。留空则禁用签名。"
 msgid "Kubeconfig"
 msgstr "Kubeconfig"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 msgid "LDAP"
@@ -2768,8 +2869,9 @@ msgstr "可以发出绑定请求和搜索请求的 LDAP DN。"
 msgid "LDAP Sync status"
 msgstr "LDAP 同步状态"
 
-#~ msgid "LDAP details"
-#~ msgstr "LDAP 详情"
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "LDAP details"
+msgstr "LDAP 详情"
 
 #: src/pages/stages/prompt/PromptForm.ts
 #: src/pages/stages/prompt/PromptListPage.ts
@@ -2822,6 +2924,10 @@ msgstr "启动 URL"
 msgid "Layout"
 msgstr "布局"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Legacy applications which don't natively support SSO."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "Let the user identify themselves with their username or Email address."
 msgstr "让用户使用用户名或电子邮件地址来标识自己。"
@@ -2829,6 +2935,11 @@ msgstr "让用户使用用户名或电子邮件地址来标识自己。"
 #~ msgid "Library"
 #~ msgstr "Library"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Link"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
 msgid "Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses"
@@ -2887,6 +2998,7 @@ msgstr "正在加载"
 #: src/elements/Spinner.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/TransportForm.ts
@@ -2922,7 +3034,6 @@ msgstr "正在加载"
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
-#: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
@@ -2947,7 +3058,6 @@ msgstr "正在加载"
 #: src/pages/stages/password/PasswordStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
-#: src/pages/stages/user_write/UserWriteStageForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
@@ -3051,6 +3161,14 @@ msgstr "由 authentik 管理"
 msgid "Managed by authentik (Discovered)"
 msgstr "由 authentik 管理（已发现）"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manual configuration"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manually configure SAML"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Mark newly created users as inactive."
 msgstr "将新创建的用户标记为未激活。"
@@ -3096,11 +3214,18 @@ msgstr "消息"
 msgid "Messages"
 msgstr "消息"
 
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderImportForm.ts
 #: src/pages/sources/saml/SAMLSourceViewPage.ts
 msgid "Metadata"
 msgstr "元数据"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthImplicitApplicationWizardPage.ts
+msgid "Method details"
+msgstr ""
+
 #: src/pages/policies/password/PasswordPolicyForm.ts
 msgid "Minimum amount of Digits"
 msgstr "最低数字字符数"
@@ -3144,6 +3269,10 @@ msgstr "模型已删除"
 msgid "Model updated"
 msgstr "模型已更新"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Modern applications, APIs and Single-page applications."
+msgstr ""
+
 #~ msgid "Monitor"
 #~ msgstr "监控"
 
@@ -3158,6 +3287,7 @@ msgstr "我的应用"
 #: src/elements/forms/DeleteBulkForm.ts
 #: src/pages/applications/ApplicationForm.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/crypto/CertificateKeyPairForm.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
@@ -3255,6 +3385,10 @@ msgstr "NameID 策略"
 msgid "NameID Property Mapping"
 msgstr "NameID 属性映射"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Native application"
+msgstr ""
+
 #: src/flows/stages/identification/IdentificationStage.ts
 msgid "Need an account?"
 msgstr "需要一个账户？"
@@ -3267,6 +3401,10 @@ msgstr "反转结果"
 msgid "Negates the outcome of the binding. Messages are unaffected."
 msgstr "反转绑定的结果。消息不受影响。"
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "New application"
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "New outpost integration"
 msgstr "新前哨集成"
@@ -3519,6 +3657,10 @@ msgstr "OAuth 刷新代码"
 #~ msgid "OAuth/OIDC"
 #~ msgstr "OAuth/OIDC"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "OAuth2/OIDC"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 msgid "OIDC JWKS"
 msgstr "OIDC JWKS"
@@ -3787,6 +3929,21 @@ msgstr "密码：屏蔽输入内容，密码根据来源进行验证。策略仍
 msgid "Passwordless flow"
 msgstr "无密码流程"
 
+#: src/pages/users/UserForm.ts
+msgid "Path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "Path new users will be created under. If left blank, the default path will be used.fo"
+msgstr ""
+
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "Path template for users created. Use placeholders like `%(slug)s` to insert the source slug."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "Persistent"
 msgstr "持久的"
@@ -3993,6 +4150,11 @@ msgstr "协议设置"
 msgid "Protocol settings"
 msgstr "协议设置"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Provide an LDAP interface for applications and users to authenticate against."
+msgstr ""
+
 #: src/pages/providers/ProviderListPage.ts
 msgid "Provide support for protocols like SAML and OAuth to assigned applications."
 msgstr "为分配的应用程序提供对 SAML 和 OAuth 等协议的支持。"
@@ -4023,6 +4185,7 @@ msgstr "提供程序"
 msgid "Providers"
 msgstr "提供程序"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
@@ -4030,8 +4193,9 @@ msgstr "提供程序"
 msgid "Proxy"
 msgstr "代理"
 
-#~ msgid "Proxy details"
-#~ msgstr "代理详情"
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "Proxy details"
+msgstr "代理详情"
 
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Public"
@@ -4046,6 +4210,7 @@ msgid "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html.
 msgstr "公钥，从 https://www.google.com/recaptcha/intro/v3.html 获取。"
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Publisher"
 msgstr "发布者"
 
@@ -4295,12 +4460,17 @@ msgstr "返回设备选择器"
 msgid "Revoked?"
 msgstr "已吊销？"
 
+#: src/elements/TreeView.ts
+msgid "Root"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceViewPage.ts
 msgid "Run sync again"
 msgstr "再次运行同步"
 
-#~ msgid "SAML"
-#~ msgstr "SAML"
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "SAML"
+msgstr "SAML"
 
 #~ msgid "SAML (metadata import)"
 #~ msgstr "SAML（元数据导入）"
@@ -4313,8 +4483,9 @@ msgstr "SAML 属性名称"
 msgid "SAML Metadata"
 msgstr "SAML 元数据"
 
-#~ msgid "SAML details"
-#~ msgstr "SAML 详情"
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "SAML details"
+msgstr "SAML 详情"
 
 #~ msgid "SAML details (import from metadata)"
 #~ msgstr "SAML 详情（从元数据导入）"
@@ -4713,6 +4884,14 @@ msgstr "可用于输入阶段的单个输入项。"
 msgid "Single use"
 msgstr "一次性使用"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications which handle authentication in the browser (for example, Javascript, Angular, React, Vue)"
+msgstr ""
+
 #~ msgid "Skip path regex"
 #~ msgstr "跳过路径正则表达式"
 
@@ -5434,6 +5613,10 @@ msgstr "支持以下关键字："
 msgid "The following objects use {objName}"
 msgstr "以下对象使用 {objName}"
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
+msgstr ""
+
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@@ -5495,6 +5678,10 @@ msgstr ""
 msgid "These policies control which users can access this application."
 msgstr "这些策略控制哪些用户可以访问此应用程序。"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "This configuration can be used to authenticate to authentik with other APIs other otherwise programmatically."
+msgstr ""
+
 #: src/flows/FlowInspector.ts
 msgid "This flow is completed."
 msgstr "此流程已完成。"
@@ -5677,6 +5864,14 @@ msgstr "传输"
 msgid "Trusted OIDC Sources"
 msgstr "信任的 OIDC 来源"
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try it now"
+msgstr ""
+
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try the new application wizard"
+msgstr ""
+
 #: src/interfaces/locale.ts
 msgid "Turkish"
 msgstr "土耳其语"
@@ -5730,6 +5925,10 @@ msgstr "UPN"
 msgid "URL settings"
 msgstr "URL 设置"
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "URL that authentik will redirect back to after successful authentication."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "URL that the initial Login request is sent to."
 msgstr "初始登录请求发送到的 URL。"
@@ -5750,6 +5949,10 @@ msgstr "authentik 用来获取令牌的 URL。"
 msgid "URL used to request the initial token. This URL is only required for OAuth 1."
 msgstr "用于请求初始令牌的 URL。只有 OAuth 1 才需要此网址。"
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "URL which will be opened when a user clicks on the application."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Unauthenticated Paths"
 msgstr "不验证身份的路径"
@@ -6089,6 +6292,10 @@ msgstr "用户事件"
 msgid "User fields"
 msgstr "用户字段"
 
+#: src/pages/users/UserListPage.ts
+msgid "User folders"
+msgstr ""
+
 #: src/interfaces/AdminInterface.ts
 msgid "User interface"
 msgstr "用户界面"
@@ -6113,6 +6320,17 @@ msgstr "用户对象筛选器"
 msgid "User password writeback"
 msgstr "用户密码写回"
 
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "User path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "User path template"
+msgstr ""
+
 #: src/pages/tenants/TenantForm.ts
 msgid "User settings flow"
 msgstr "用户设置流程"
@@ -6347,6 +6565,10 @@ msgstr "警告：未配置 authentik 域名，身份验证将不起作用。"
 msgid "Web Certificate"
 msgstr "Web 证书"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Web application"
+msgstr ""
+
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 msgid "WebAuthn Authenticators"
 msgstr "WebAuthn 身份验证器"
@@ -6469,6 +6691,10 @@ msgstr ""
 msgid "X509 Subject"
 msgstr "X509 主题"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "XML-based SSO standard. Use this if your application only supports SAML."
+msgstr ""
+
 #: src/elements/oauth/UserRefreshList.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/groups/GroupListPage.ts
diff --git a/web/src/locales/zh-Hant.po b/web/src/locales/zh-Hant.po
index 77dc0b945..70ee9f7b8 100644
--- a/web/src/locales/zh-Hant.po
+++ b/web/src/locales/zh-Hant.po
@@ -92,6 +92,7 @@ msgstr "不可移除的身份验证器，例如 TouchID 或 Windows Hello"
 msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
 msgstr "用于测试的策略。等待随机持续时间后，始终返回与下面指定的结果相同的结果。"
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderViewPage.ts
 msgid "ACS URL"
@@ -115,6 +116,10 @@ msgstr "ANY，任何策略都必须匹配才能授予访问权限。"
 msgid "ANY, any policy must match to include this stage access."
 msgstr "ANY，任何策略都必须匹配才能包含此阶段访问权限。"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "API"
+msgstr ""
+
 #: src/pages/tokens/TokenListPage.ts
 msgid "API Access"
 msgstr "API 访问权限"
@@ -258,6 +263,10 @@ msgstr "额外的用户 DN"
 msgid "Additional Scope"
 msgstr "额外的范围"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Additional UI settings"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Additional group DN, prepended to the Base DN."
 msgstr "额外的Group DN，优先于Base DN。"
@@ -378,6 +387,7 @@ msgid "App password (can be used to login using a flow executor)"
 msgstr "应用程序密码（可用于使用流程执行器登录）"
 
 #: src/elements/user/UserConsentList.ts
+#: src/flows/stages/consent/ConsentStage.ts
 #: src/pages/admin-overview/TopApplicationsTable.ts
 #: src/pages/providers/ProviderListPage.ts
 msgid "Application"
@@ -388,6 +398,14 @@ msgstr "应用程序"
 msgid "Application Icon"
 msgstr "应用程序图标"
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Application Link"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application already has access to the following permissions:"
+msgstr ""
+
 #: src/elements/charts/UserChart.ts
 msgid "Application authorizations"
 msgstr "应用程序授权"
@@ -396,11 +414,25 @@ msgstr "应用程序授权"
 msgid "Application authorized"
 msgstr "应用程序已授权"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Application details"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application requires following new permissions:"
+msgstr ""
+
 #: src/flows/stages/consent/ConsentStage.ts
 msgid "Application requires following permissions:"
 msgstr "应用程序需要以下权限："
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Application type"
+msgstr ""
+
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Application's display Name."
 msgstr "应用的显示名称。"
 
@@ -415,6 +447,18 @@ msgstr "应用程序"
 msgid "Applications"
 msgstr "应用程序"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which handle the authentication server-side (for example, Python, Go, Rust, Java, PHP)"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which redirect users to a non-web callback (for example, Android, iOS)"
+msgstr ""
+
+#: src/elements/wizard/ActionWizardPage.ts
+msgid "Apply changes"
+msgstr ""
+
 #: src/pages/admin-overview/AdminOverviewPage.ts
 msgid "Apps with most usage"
 msgstr "使用率最高的应用"
@@ -532,6 +576,14 @@ msgstr "身份验证 URL"
 msgid "Authentication flow"
 msgstr "身份验证流程"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Authentication method"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Authentication without user interaction, or machine-to-machine authentication."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "Authenticator"
 msgstr "身份验证器"
@@ -555,6 +607,7 @@ msgstr "授权"
 msgid "Authorization URL"
 msgstr "授权网址"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
@@ -613,6 +666,7 @@ msgstr "执行过程中显示背景。"
 #~ msgid "Backup status"
 #~ msgstr "备份状态"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 #: src/pages/providers/ldap/LDAPProviderViewPage.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
@@ -707,6 +761,10 @@ msgstr "Build hash:"
 msgid "Built-in"
 msgstr "内置"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "By default, all service accounts can authenticate as this application, as long as they have a valid token of the type app-password."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "By default, only icons are shown for sources. Enable this to show their full names."
 msgstr "默认情况下，只为源显示图标。启用此选项可显示他们的全名。"
@@ -1200,6 +1258,7 @@ msgstr "复制恢复链接"
 
 #: src/pages/applications/ApplicationListPage.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/ApplicationWizard.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/events/RuleListPage.ts
@@ -1338,6 +1397,10 @@ msgstr "创建用户"
 msgid "Create a new application"
 msgstr "创建新应用程序"
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "Create a new application."
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "Create a new outpost integration."
 msgstr "创建一个新前哨集成。"
@@ -1362,14 +1425,27 @@ msgstr "创建一个新身份来源。"
 msgid "Create a new stage."
 msgstr "创建一个新阶段。"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Create application"
+msgstr ""
+
 #: src/pages/users/ServiceAccountForm.ts
 msgid "Create group"
 msgstr "创建组"
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 msgid "Create provider"
 msgstr "创建提供商"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "Create service account"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Create users as inactive"
 msgstr "将用户创建为非活动用户"
@@ -1545,6 +1621,7 @@ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in S
 msgstr ""
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/property-mappings/PropertyMappingScopeForm.ts
 #: src/pages/system-tasks/SystemTaskListPage.ts
 #: src/pages/tokens/TokenForm.ts
@@ -2038,6 +2115,14 @@ msgstr "使用 authentik 作为身份提供程序的外部应用程序，利用
 msgid "External Host"
 msgstr "外部主机"
 
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain"
+msgstr ""
+
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain you will be accessing the domain from."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "External host"
@@ -2210,6 +2295,10 @@ msgstr "用于注销的流程。如果留空，则使用按辅助信息块排序
 msgid "Flow used when authorizing this provider."
 msgstr "授权此请求发起端时使用的Flow。"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgid "Flow used when users access this application."
+msgstr ""
+
 #: src/pages/flows/FlowListPage.ts
 msgid "Flow(s)"
 msgstr "流程"
@@ -2442,7 +2531,6 @@ msgid "Hide managed mappings"
 msgstr "隐藏托管映射"
 
 #: src/pages/users/RelatedUserList.ts
-#: src/pages/users/UserListPage.ts
 msgid "Hide service-accounts"
 msgstr "隐藏服务账户"
 
@@ -2603,10 +2691,22 @@ msgstr "导入"
 msgid "Import Flow"
 msgstr "导入流程"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import SAML Metadata"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
+msgid "Import SAML metadata"
+msgstr ""
+
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 msgid "Import certificates of external providers or create certificates to sign requests with."
 msgstr "导入外部提供商的证书或创建用于签署请求的证书。"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import the metadata document of the applicaation you want to configure."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "In case you can't access any other method."
 msgstr "万一你无法访问任何其他方法。"
@@ -2751,6 +2851,7 @@ msgstr "用于签署传出请求的密钥对。留空则禁用签名。"
 msgid "Kubeconfig"
 msgstr "Kubeconfig"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 msgid "LDAP"
@@ -2772,8 +2873,9 @@ msgstr "可以发出绑定请求和搜索请求的 LDAP DN。"
 msgid "LDAP Sync status"
 msgstr "LDAP 同步状态"
 
-#~ msgid "LDAP details"
-#~ msgstr "LDAP 详情"
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "LDAP details"
+msgstr "LDAP 详情"
 
 #: src/pages/stages/prompt/PromptForm.ts
 #: src/pages/stages/prompt/PromptListPage.ts
@@ -2826,6 +2928,10 @@ msgstr "启动 URL"
 msgid "Layout"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Legacy applications which don't natively support SSO."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "Let the user identify themselves with their username or Email address."
 msgstr "让用户使用其用户名或电子邮件地址来标识自己。"
@@ -2833,6 +2939,11 @@ msgstr "让用户使用其用户名或电子邮件地址来标识自己。"
 #~ msgid "Library"
 #~ msgstr "Library"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Link"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
 msgid "Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses"
@@ -2891,6 +3002,7 @@ msgstr "正在加载"
 #: src/elements/Spinner.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/TransportForm.ts
@@ -2926,7 +3038,6 @@ msgstr "正在加载"
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
-#: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
@@ -2951,7 +3062,6 @@ msgstr "正在加载"
 #: src/pages/stages/password/PasswordStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
-#: src/pages/stages/user_write/UserWriteStageForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
@@ -3055,6 +3165,14 @@ msgstr "由 authentik 管理"
 msgid "Managed by authentik (Discovered)"
 msgstr "由 authentik 管理（已发现）"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manual configuration"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manually configure SAML"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Mark newly created users as inactive."
 msgstr "将新创建的用户标记为非活动用户。"
@@ -3100,11 +3218,18 @@ msgstr "信息"
 msgid "Messages"
 msgstr "信息"
 
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderImportForm.ts
 #: src/pages/sources/saml/SAMLSourceViewPage.ts
 msgid "Metadata"
 msgstr "元数据"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthImplicitApplicationWizardPage.ts
+msgid "Method details"
+msgstr ""
+
 #: src/pages/policies/password/PasswordPolicyForm.ts
 msgid "Minimum amount of Digits"
 msgstr "最低位数"
@@ -3148,6 +3273,10 @@ msgstr "模型已删除"
 msgid "Model updated"
 msgstr "模型已更新"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Modern applications, APIs and Single-page applications."
+msgstr ""
+
 #~ msgid "Monitor"
 #~ msgstr "监控"
 
@@ -3162,6 +3291,7 @@ msgstr "我的应用"
 #: src/elements/forms/DeleteBulkForm.ts
 #: src/pages/applications/ApplicationForm.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/crypto/CertificateKeyPairForm.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
@@ -3259,6 +3389,10 @@ msgstr "NameID 政策"
 msgid "NameID Property Mapping"
 msgstr "nameID 属性映射"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Native application"
+msgstr ""
+
 #: src/flows/stages/identification/IdentificationStage.ts
 msgid "Need an account?"
 msgstr "需要一个账户？"
@@ -3271,6 +3405,10 @@ msgstr "否定结果"
 msgid "Negates the outcome of the binding. Messages are unaffected."
 msgstr "否定绑定的结果。消息不受影响。"
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "New application"
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "New outpost integration"
 msgstr "新前哨集成"
@@ -3523,6 +3661,10 @@ msgstr "OAuth 刷新代码"
 #~ msgid "OAuth/OIDC"
 #~ msgstr "OAuth/OIDC"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "OAuth2/OIDC"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 msgid "OIDC JWKS"
 msgstr ""
@@ -3792,6 +3934,21 @@ msgstr "密码：屏蔽输入，密码根据来源进行验证。策略仍需应
 msgid "Passwordless flow"
 msgstr "无密码流"
 
+#: src/pages/users/UserForm.ts
+msgid "Path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "Path new users will be created under. If left blank, the default path will be used.fo"
+msgstr ""
+
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "Path template for users created. Use placeholders like `%(slug)s` to insert the source slug."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "Persistent"
 msgstr "持久"
@@ -3998,6 +4155,11 @@ msgstr "协议设置"
 msgid "Protocol settings"
 msgstr "协议设置"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Provide an LDAP interface for applications and users to authenticate against."
+msgstr ""
+
 #: src/pages/providers/ProviderListPage.ts
 msgid "Provide support for protocols like SAML and OAuth to assigned applications."
 msgstr "为分配的应用程序提供对 SAML 和 OAuth 等协议的支持。"
@@ -4028,6 +4190,7 @@ msgstr "提供商"
 msgid "Providers"
 msgstr "提供商"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
@@ -4035,8 +4198,9 @@ msgstr "提供商"
 msgid "Proxy"
 msgstr "代理"
 
-#~ msgid "Proxy details"
-#~ msgstr "代理详情"
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "Proxy details"
+msgstr "代理详情"
 
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Public"
@@ -4051,6 +4215,7 @@ msgid "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html.
 msgstr "公钥，从 https://www.google.com/recaptcha/intro/v3.html 获取。"
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Publisher"
 msgstr "发行人"
 
@@ -4301,12 +4466,17 @@ msgstr "返回设备选择器"
 msgid "Revoked?"
 msgstr "已吊销？"
 
+#: src/elements/TreeView.ts
+msgid "Root"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceViewPage.ts
 msgid "Run sync again"
 msgstr "再次运行同步"
 
-#~ msgid "SAML"
-#~ msgstr "SAML"
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "SAML"
+msgstr "SAML"
 
 #~ msgid "SAML (metadata import)"
 #~ msgstr "SAML（元数据导入）"
@@ -4319,8 +4489,9 @@ msgstr "SAML 属性名称"
 msgid "SAML Metadata"
 msgstr "SAML 元数据"
 
-#~ msgid "SAML details"
-#~ msgstr "SAML 详情"
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "SAML details"
+msgstr "SAML 详情"
 
 #~ msgid "SAML details (import from metadata)"
 #~ msgstr "SAML 详情（从元数据导入）"
@@ -4720,6 +4891,14 @@ msgstr "可用于提示阶段的单个提示符。"
 msgid "Single use"
 msgstr "一次性使用"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications which handle authentication in the browser (for example, Javascript, Angular, React, Vue)"
+msgstr ""
+
 #~ msgid "Skip path regex"
 #~ msgstr "跳过路径正则表达式"
 
@@ -5441,6 +5620,10 @@ msgstr ""
 msgid "The following objects use {objName}"
 msgstr "以下对象使用 {objName}"
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
+msgstr ""
+
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@@ -5502,6 +5685,10 @@ msgstr ""
 msgid "These policies control which users can access this application."
 msgstr "这些策略控制哪些用户可以访问此应用程序。"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "This configuration can be used to authenticate to authentik with other APIs other otherwise programmatically."
+msgstr ""
+
 #: src/flows/FlowInspector.ts
 msgid "This flow is completed."
 msgstr "此流程已完成。"
@@ -5686,6 +5873,14 @@ msgstr "传输"
 msgid "Trusted OIDC Sources"
 msgstr ""
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try it now"
+msgstr ""
+
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try the new application wizard"
+msgstr ""
+
 #: src/interfaces/locale.ts
 msgid "Turkish"
 msgstr "土耳其语"
@@ -5739,6 +5934,10 @@ msgstr "UPN"
 msgid "URL settings"
 msgstr "URL 设置"
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "URL that authentik will redirect back to after successful authentication."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "URL that the initial Login request is sent to."
 msgstr "初始登录请求发送到的URL。"
@@ -5759,6 +5958,10 @@ msgstr "authentik 用来检索令牌的 URL。"
 msgid "URL used to request the initial token. This URL is only required for OAuth 1."
 msgstr "用于请求初始令牌的 URL。只有 OAuth 1 才需要此网址。"
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "URL which will be opened when a user clicks on the application."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Unauthenticated Paths"
 msgstr "未经身份验证的路径"
@@ -6098,6 +6301,10 @@ msgstr "用户事件"
 msgid "User fields"
 msgstr "用户字段"
 
+#: src/pages/users/UserListPage.ts
+msgid "User folders"
+msgstr ""
+
 #: src/interfaces/AdminInterface.ts
 msgid "User interface"
 msgstr "用户界面"
@@ -6122,6 +6329,17 @@ msgstr "用户对象筛选器"
 msgid "User password writeback"
 msgstr "用户密码写回"
 
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "User path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "User path template"
+msgstr ""
+
 #: src/pages/tenants/TenantForm.ts
 msgid "User settings flow"
 msgstr "用户设置流程"
@@ -6357,6 +6575,10 @@ msgstr "警告：未配置 authentik 域，身份验证将不起作用。"
 msgid "Web Certificate"
 msgstr "网络证书"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Web application"
+msgstr ""
+
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 msgid "WebAuthn Authenticators"
 msgstr "WebAuthn 身份验证器"
@@ -6479,6 +6701,10 @@ msgstr ""
 msgid "X509 Subject"
 msgstr "X509 Subject"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "XML-based SSO standard. Use this if your application only supports SAML."
+msgstr ""
+
 #: src/elements/oauth/UserRefreshList.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/groups/GroupListPage.ts
diff --git a/web/src/locales/zh_TW.po b/web/src/locales/zh_TW.po
index 09f9ff684..bcf18f87a 100644
--- a/web/src/locales/zh_TW.po
+++ b/web/src/locales/zh_TW.po
@@ -92,6 +92,7 @@ msgstr "不可移除的身份验证器，例如 TouchID 或 Windows Hello"
 msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
 msgstr "用于测试的策略。等待随机持续时间后，始终返回与下面指定的结果相同的结果。"
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderViewPage.ts
 msgid "ACS URL"
@@ -115,6 +116,10 @@ msgstr "ANY，任何策略都必须匹配才能授予访问权限。"
 msgid "ANY, any policy must match to include this stage access."
 msgstr "ANY，任何策略都必须匹配才能包含此阶段访问权限。"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "API"
+msgstr ""
+
 #: src/pages/tokens/TokenListPage.ts
 msgid "API Access"
 msgstr "API 访问权限"
@@ -258,6 +263,10 @@ msgstr "额外的用户 DN"
 msgid "Additional Scope"
 msgstr "额外的范围"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Additional UI settings"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Additional group DN, prepended to the Base DN."
 msgstr "额外的Group DN，优先于Base DN。"
@@ -378,6 +387,7 @@ msgid "App password (can be used to login using a flow executor)"
 msgstr "应用程序密码（可用于使用流程执行器登录）"
 
 #: src/elements/user/UserConsentList.ts
+#: src/flows/stages/consent/ConsentStage.ts
 #: src/pages/admin-overview/TopApplicationsTable.ts
 #: src/pages/providers/ProviderListPage.ts
 msgid "Application"
@@ -388,6 +398,14 @@ msgstr "应用程序"
 msgid "Application Icon"
 msgstr "应用程序图标"
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Application Link"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application already has access to the following permissions:"
+msgstr ""
+
 #: src/elements/charts/UserChart.ts
 msgid "Application authorizations"
 msgstr "应用程序授权"
@@ -396,11 +414,25 @@ msgstr "应用程序授权"
 msgid "Application authorized"
 msgstr "应用程序已授权"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Application details"
+msgstr ""
+
+#: src/flows/stages/consent/ConsentStage.ts
+msgid "Application requires following new permissions:"
+msgstr ""
+
 #: src/flows/stages/consent/ConsentStage.ts
 msgid "Application requires following permissions:"
 msgstr "应用程序需要以下权限："
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Application type"
+msgstr ""
+
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Application's display Name."
 msgstr "应用的显示名称。"
 
@@ -415,6 +447,18 @@ msgstr "应用程序"
 msgid "Applications"
 msgstr "应用程序"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which handle the authentication server-side (for example, Python, Go, Rust, Java, PHP)"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Applications which redirect users to a non-web callback (for example, Android, iOS)"
+msgstr ""
+
+#: src/elements/wizard/ActionWizardPage.ts
+msgid "Apply changes"
+msgstr ""
+
 #: src/pages/admin-overview/AdminOverviewPage.ts
 msgid "Apps with most usage"
 msgstr "使用率最高的应用"
@@ -532,6 +576,14 @@ msgstr "身份验证 URL"
 msgid "Authentication flow"
 msgstr "身份验证流程"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Authentication method"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Authentication without user interaction, or machine-to-machine authentication."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "Authenticator"
 msgstr "身份验证器"
@@ -555,6 +607,7 @@ msgstr "授权"
 msgid "Authorization URL"
 msgstr "授权网址"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
@@ -613,6 +666,7 @@ msgstr "执行过程中显示背景。"
 #~ msgid "Backup status"
 #~ msgstr "备份状态"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 #: src/pages/providers/ldap/LDAPProviderViewPage.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
@@ -707,6 +761,10 @@ msgstr "Build hash:"
 msgid "Built-in"
 msgstr "内置"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "By default, all service accounts can authenticate as this application, as long as they have a valid token of the type app-password."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "By default, only icons are shown for sources. Enable this to show their full names."
 msgstr "默认情况下，只为源显示图标。启用此选项可显示他们的全名。"
@@ -1200,6 +1258,7 @@ msgstr "复制恢复链接"
 
 #: src/pages/applications/ApplicationListPage.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/ApplicationWizard.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/events/RuleListPage.ts
@@ -1338,6 +1397,10 @@ msgstr "创建用户"
 msgid "Create a new application"
 msgstr "创建新应用程序"
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "Create a new application."
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "Create a new outpost integration."
 msgstr "创建一个新前哨集成。"
@@ -1362,14 +1425,27 @@ msgstr "创建一个新身份来源。"
 msgid "Create a new stage."
 msgstr "创建一个新阶段。"
 
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
+msgid "Create application"
+msgstr ""
+
 #: src/pages/users/ServiceAccountForm.ts
 msgid "Create group"
 msgstr "创建组"
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 msgid "Create provider"
 msgstr "创建提供商"
 
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "Create service account"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Create users as inactive"
 msgstr "将用户创建为非活动用户"
@@ -1545,6 +1621,7 @@ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in S
 msgstr ""
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/property-mappings/PropertyMappingScopeForm.ts
 #: src/pages/system-tasks/SystemTaskListPage.ts
 #: src/pages/tokens/TokenForm.ts
@@ -2038,6 +2115,14 @@ msgstr "使用 authentik 作为身份提供程序的外部应用程序，利用
 msgid "External Host"
 msgstr "外部主机"
 
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain"
+msgstr ""
+
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "External domain you will be accessing the domain from."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "External host"
@@ -2210,6 +2295,10 @@ msgstr "用于注销的流程。如果留空，则使用按辅助信息块排序
 msgid "Flow used when authorizing this provider."
 msgstr "授权此请求发起端时使用的Flow。"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgid "Flow used when users access this application."
+msgstr ""
+
 #: src/pages/flows/FlowListPage.ts
 msgid "Flow(s)"
 msgstr "流程"
@@ -2442,7 +2531,6 @@ msgid "Hide managed mappings"
 msgstr "隐藏托管映射"
 
 #: src/pages/users/RelatedUserList.ts
-#: src/pages/users/UserListPage.ts
 msgid "Hide service-accounts"
 msgstr "隐藏服务账户"
 
@@ -2603,10 +2691,22 @@ msgstr "导入"
 msgid "Import Flow"
 msgstr "导入流程"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import SAML Metadata"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
+msgid "Import SAML metadata"
+msgstr ""
+
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 msgid "Import certificates of external providers or create certificates to sign requests with."
 msgstr "导入外部提供商的证书或创建用于签署请求的证书。"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Import the metadata document of the applicaation you want to configure."
+msgstr ""
+
 #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "In case you can't access any other method."
 msgstr "万一你无法访问任何其他方法。"
@@ -2751,6 +2851,7 @@ msgstr "用于签署传出请求的密钥对。留空则禁用签名。"
 msgid "Kubeconfig"
 msgstr "Kubeconfig"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 msgid "LDAP"
@@ -2772,8 +2873,9 @@ msgstr "可以发出绑定请求和搜索请求的 LDAP DN。"
 msgid "LDAP Sync status"
 msgstr "LDAP 同步状态"
 
-#~ msgid "LDAP details"
-#~ msgstr "LDAP 详情"
+#: src/pages/applications/wizard/ldap/TypeLDAPApplicationWizardPage.ts
+msgid "LDAP details"
+msgstr "LDAP 详情"
 
 #: src/pages/stages/prompt/PromptForm.ts
 #: src/pages/stages/prompt/PromptListPage.ts
@@ -2826,6 +2928,10 @@ msgstr "启动 URL"
 msgid "Layout"
 msgstr ""
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Legacy applications which don't natively support SSO."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "Let the user identify themselves with their username or Email address."
 msgstr "让用户使用其用户名或电子邮件地址来标识自己。"
@@ -2833,6 +2939,11 @@ msgstr "让用户使用其用户名或电子邮件地址来标识自己。"
 #~ msgid "Library"
 #~ msgstr "Library"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "Link"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
 msgid "Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses"
@@ -2891,6 +3002,7 @@ msgstr "正在加载"
 #: src/elements/Spinner.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/TransportForm.ts
@@ -2926,7 +3038,6 @@ msgstr "正在加载"
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
-#: src/pages/sources/ldap/LDAPSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 #: src/pages/sources/plex/PlexSourceForm.ts
@@ -2951,7 +3062,6 @@ msgstr "正在加载"
 #: src/pages/stages/password/PasswordStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
-#: src/pages/stages/user_write/UserWriteStageForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
 #: src/pages/tenants/TenantForm.ts
@@ -3055,6 +3165,14 @@ msgstr "由 authentik 管理"
 msgid "Managed by authentik (Discovered)"
 msgstr "由 authentik 管理（已发现）"
 
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manual configuration"
+msgstr ""
+
+#: src/pages/applications/wizard/saml/TypeSAMLApplicationWizardPage.ts
+msgid "Manually configure SAML"
+msgstr ""
+
 #: src/pages/stages/user_write/UserWriteStageForm.ts
 msgid "Mark newly created users as inactive."
 msgstr "将新创建的用户标记为非活动用户。"
@@ -3100,11 +3218,18 @@ msgstr "信息"
 msgid "Messages"
 msgstr "信息"
 
+#: src/pages/applications/wizard/saml/TypeSAMLImportApplicationWizardPage.ts
 #: src/pages/providers/saml/SAMLProviderImportForm.ts
 #: src/pages/sources/saml/SAMLSourceViewPage.ts
 msgid "Metadata"
 msgstr "元数据"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+#: src/pages/applications/wizard/oauth/TypeOAuthImplicitApplicationWizardPage.ts
+msgid "Method details"
+msgstr ""
+
 #: src/pages/policies/password/PasswordPolicyForm.ts
 msgid "Minimum amount of Digits"
 msgstr "最低位数"
@@ -3148,6 +3273,10 @@ msgstr "模型已删除"
 msgid "Model updated"
 msgstr "模型已更新"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Modern applications, APIs and Single-page applications."
+msgstr ""
+
 #~ msgid "Monitor"
 #~ msgstr "监控"
 
@@ -3162,6 +3291,7 @@ msgstr "我的应用"
 #: src/elements/forms/DeleteBulkForm.ts
 #: src/pages/applications/ApplicationForm.ts
 #: src/pages/applications/ApplicationListPage.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 #: src/pages/crypto/CertificateKeyPairForm.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
@@ -3259,6 +3389,10 @@ msgstr "NameID 政策"
 msgid "NameID Property Mapping"
 msgstr "nameID 属性映射"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Native application"
+msgstr ""
+
 #: src/flows/stages/identification/IdentificationStage.ts
 msgid "Need an account?"
 msgstr "需要一个账户？"
@@ -3271,6 +3405,10 @@ msgstr "否定结果"
 msgid "Negates the outcome of the binding. Messages are unaffected."
 msgstr "否定绑定的结果。消息不受影响。"
 
+#: src/pages/applications/wizard/ApplicationWizard.ts
+msgid "New application"
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionWizard.ts
 msgid "New outpost integration"
 msgstr "新前哨集成"
@@ -3523,6 +3661,10 @@ msgstr "OAuth 刷新代码"
 #~ msgid "OAuth/OIDC"
 #~ msgstr "OAuth/OIDC"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "OAuth2/OIDC"
+msgstr ""
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 msgid "OIDC JWKS"
 msgstr ""
@@ -3792,6 +3934,21 @@ msgstr "密码：屏蔽输入，密码根据来源进行验证。策略仍需应
 msgid "Passwordless flow"
 msgstr "无密码流"
 
+#: src/pages/users/UserForm.ts
+msgid "Path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "Path new users will be created under. If left blank, the default path will be used.fo"
+msgstr ""
+
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "Path template for users created. Use placeholders like `%(slug)s` to insert the source slug."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "Persistent"
 msgstr "持久"
@@ -3998,6 +4155,11 @@ msgstr "协议设置"
 msgid "Protocol settings"
 msgstr "协议设置"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "Provide an LDAP interface for applications and users to authenticate against."
+msgstr ""
+
 #: src/pages/providers/ProviderListPage.ts
 msgid "Provide support for protocols like SAML and OAuth to assigned applications."
 msgstr "为分配的应用程序提供对 SAML 和 OAuth 等协议的支持。"
@@ -4028,6 +4190,7 @@ msgstr "提供商"
 msgid "Providers"
 msgstr "提供商"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/outposts/OutpostListPage.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
@@ -4035,8 +4198,9 @@ msgstr "提供商"
 msgid "Proxy"
 msgstr "代理"
 
-#~ msgid "Proxy details"
-#~ msgstr "代理详情"
+#: src/pages/applications/wizard/proxy/TypeProxyApplicationWizardPage.ts
+msgid "Proxy details"
+msgstr "代理详情"
 
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Public"
@@ -4051,6 +4215,7 @@ msgid "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html.
 msgstr "公钥，从 https://www.google.com/recaptcha/intro/v3.html 获取。"
 
 #: src/pages/applications/ApplicationForm.ts
+#: src/pages/applications/wizard/InitialApplicationWizardPage.ts
 msgid "Publisher"
 msgstr "发行人"
 
@@ -4301,12 +4466,17 @@ msgstr "返回设备选择器"
 msgid "Revoked?"
 msgstr "已吊销？"
 
+#: src/elements/TreeView.ts
+msgid "Root"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceViewPage.ts
 msgid "Run sync again"
 msgstr "再次运行同步"
 
-#~ msgid "SAML"
-#~ msgstr "SAML"
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "SAML"
+msgstr "SAML"
 
 #~ msgid "SAML (metadata import)"
 #~ msgstr "SAML（元数据导入）"
@@ -4319,8 +4489,9 @@ msgstr "SAML 属性名称"
 msgid "SAML Metadata"
 msgstr "SAML 元数据"
 
-#~ msgid "SAML details"
-#~ msgstr "SAML 详情"
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "SAML details"
+msgstr "SAML 详情"
 
 #~ msgid "SAML details (import from metadata)"
 #~ msgstr "SAML 详情（从元数据导入）"
@@ -4720,6 +4891,14 @@ msgstr "可用于提示阶段的单个提示符。"
 msgid "Single use"
 msgstr "一次性使用"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications"
+msgstr ""
+
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Single-page applications which handle authentication in the browser (for example, Javascript, Angular, React, Vue)"
+msgstr ""
+
 #~ msgid "Skip path regex"
 #~ msgstr "跳过路径正则表达式"
 
@@ -5441,6 +5620,10 @@ msgstr ""
 msgid "The following objects use {objName}"
 msgstr "以下对象使用 {objName}"
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
+msgstr ""
+
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@@ -5502,6 +5685,10 @@ msgstr ""
 msgid "These policies control which users can access this application."
 msgstr "这些策略控制哪些用户可以访问此应用程序。"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthAPIApplicationWizardPage.ts
+msgid "This configuration can be used to authenticate to authentik with other APIs other otherwise programmatically."
+msgstr ""
+
 #: src/flows/FlowInspector.ts
 msgid "This flow is completed."
 msgstr "此流程已完成。"
@@ -5686,6 +5873,14 @@ msgstr "传输"
 msgid "Trusted OIDC Sources"
 msgstr ""
 
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try it now"
+msgstr ""
+
+#: src/pages/providers/ProviderWizard.ts
+msgid "Try the new application wizard"
+msgstr ""
+
 #: src/interfaces/locale.ts
 msgid "Turkish"
 msgstr "土耳其语"
@@ -5739,6 +5934,10 @@ msgstr "UPN"
 msgid "URL settings"
 msgstr "URL 设置"
 
+#: src/pages/applications/wizard/saml/TypeSAMLConfigApplicationWizardPage.ts
+msgid "URL that authentik will redirect back to after successful authentication."
+msgstr ""
+
 #: src/pages/sources/saml/SAMLSourceForm.ts
 msgid "URL that the initial Login request is sent to."
 msgstr "初始登录请求发送到的URL。"
@@ -5759,6 +5958,10 @@ msgstr "authentik 用来检索令牌的 URL。"
 msgid "URL used to request the initial token. This URL is only required for OAuth 1."
 msgstr "用于请求初始令牌的 URL。只有 OAuth 1 才需要此网址。"
 
+#: src/pages/applications/wizard/link/TypeLinkApplicationWizardPage.ts
+msgid "URL which will be opened when a user clicks on the application."
+msgstr ""
+
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Unauthenticated Paths"
 msgstr "未经身份验证的路径"
@@ -6098,6 +6301,10 @@ msgstr "用户事件"
 msgid "User fields"
 msgstr "用户字段"
 
+#: src/pages/users/UserListPage.ts
+msgid "User folders"
+msgstr ""
+
 #: src/interfaces/AdminInterface.ts
 msgid "User interface"
 msgstr "用户界面"
@@ -6122,6 +6329,17 @@ msgstr "用户对象筛选器"
 msgid "User password writeback"
 msgstr "用户密码写回"
 
+#: src/pages/sources/ldap/LDAPSourceForm.ts
+#: src/pages/sources/oauth/OAuthSourceForm.ts
+#: src/pages/sources/plex/PlexSourceForm.ts
+#: src/pages/sources/saml/SAMLSourceForm.ts
+msgid "User path"
+msgstr ""
+
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "User path template"
+msgstr ""
+
 #: src/pages/tenants/TenantForm.ts
 msgid "User settings flow"
 msgstr "用户设置流程"
@@ -6357,6 +6575,10 @@ msgstr "警告：未配置 authentik 域，身份验证将不起作用。"
 msgid "Web Certificate"
 msgstr "网络证书"
 
+#: src/pages/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
+msgid "Web application"
+msgstr ""
+
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 msgid "WebAuthn Authenticators"
 msgstr "WebAuthn 身份验证器"
@@ -6479,6 +6701,10 @@ msgstr ""
 msgid "X509 Subject"
 msgstr "X509 Subject"
 
+#: src/pages/applications/wizard/TypeApplicationWizardPage.ts
+msgid "XML-based SSO standard. Use this if your application only supports SAML."
+msgstr ""
+
 #: src/elements/oauth/UserRefreshList.ts
 #: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/groups/GroupListPage.ts
diff --git a/website/developer-docs/api/api.md b/website/developer-docs/api/api.md
index 61909f7c9..62d50000b 100644
--- a/website/developer-docs/api/api.md
+++ b/website/developer-docs/api/api.md
@@ -8,4 +8,18 @@ To generate an API client, you can use the OpenAPI v3 schema at https://authenti
 
 While testing, the API requests are authenticated by your browser session.
 
-To send an API request from outside the browser, you need to set the `Authorization` Header to `Bearer <your token>`.
+## Authentication
+
+For any of the token-based methods, set the `Authorization` header to `Bearer <token>`.
+
+### Session
+
+When authenticating with a flow, you'll get an authenticated Session cookie, that can be used for authentication. Keep in mind that in this context, a CSRF header is also required.
+
+### API Token
+
+Superusers can create tokens to authenticate as any user with a static key, which can optionally be expiring and auto-rotate.
+
+### JWT Token
+
+OAuth2 clients can request the scope `goauthentik.io/api`, which allows their OAuth Refresh token to be used to authenticate to the API.