website/docs: add tenants

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 21:52:30 +02:00 · 2021-05-29 21:52:30 +02:00 · d2e9683411
parent a4c28a28b4
commit d2e9683411
9 changed files with 49 additions and 25 deletions
--- a/website/docs/flow/stages/authenticator_duo/index.md
+++ b/website/docs/flow/stages/authenticator_duo/index.md
@ -1,5 +1,5 @@
 ---
-title: Duo Authentication Setup stage
+title: Duo authenticator setup stage
 ---

 This stage configures a Duo authenticator. To get the API Credentials for this stage, open your Duo Admin dashboard.
--- a/website/docs/flow/stages/authenticator_static/index.md
+++ b/website/docs/flow/stages/authenticator_static/index.md
@ -1,7 +1,7 @@
 ---
-title: Static Authentication Setup stage
+title: Static authenticator setup stage
 ---

-This stage configures static OTP Tokens, which can be used as a backup method to time-based OTP tokens.
+This stage configures static Tokens, which can be used as a backup method to time-based OTP tokens.

 You can configure how many tokens are shown to the user.
--- a/website/docs/flow/stages/authenticator_totp/index.md
+++ b/website/docs/flow/stages/authenticator_totp/index.md
@ -1,5 +1,5 @@
 ---
-title: TOTP Authentication Setup stage
+title: TOTP authenticator setup stage
 ---

 This stage configures a time-based OTP Device, such as Google Authenticator or Authy.
--- a/website/docs/flow/stages/authenticator_validate/index.md
+++ b/website/docs/flow/stages/authenticator_validate/index.md
@ -4,6 +4,7 @@ title: Authenticator Validation Stage

 This stage validates an already configured Authenticator Device. This device has to be configured using any of the other authenticator stages:

+- [Duo authenticator stage](../authenticator_duo/index.md)
 - [TOTP authenticator stage](../authenticator_totp/index.md)
 - [Static authenticator stage](../authenticator_static/index.md).
 - [WebAuth authenticator stage](../authenticator_webauthn/index.md).
--- a/website/docs/flow/stages/authenticator_webauthn/index.md
+++ b/website/docs/flow/stages/authenticator_webauthn/index.md
@ -1,5 +1,5 @@
 ---
-title: WebAuthn Authentication Setup stage
+title: WebAuthn authenticator setup stage
 ---

 This stage configures a WebAuthn-based Authenticator. This can either be a browser, biometrics or a Security stick like a YubiKey.
--- a/website/docs/flow/stages/prompt/index.md
+++ b/website/docs/flow/stages/prompt/index.md
@ -42,3 +42,21 @@ A field placeholder, shown within the input field. This field is also used by th
 ### `order`

 The numerical index of the prompt. This applies to all stages which this prompt is a part of.
+
+# Validation
+
+Further validation of prompts can be done using policies.
+
+To validate that two password fields are identical, create the following expression policy:
+
+```python
+if request.context.get('prompt_data').get('password') == request.context.get('prompt_data').get('password_repeat'):
+    return True
+
+ak_message("Passwords don't match.")
+return False
+```
+
+This policy expects you to have two password fields with `field_key` set to `password` and `password_repeat`.
+
+Afterwards, bind this policy to the prompt stage you want to validate.
--- a/website/docs/flow/stages/prompt/validation.md
+++ b/website/docs/flow/stages/prompt/validation.md
@ -1,19 +0,0 @@
---
-title: Prompt stage validation
---
-
-Further validation of prompts can be done using policies.
-
-To validate that two password fields are identical, create the following expression policy:
-
-```python
-if request.context.get('prompt_data').get('password') == request.context.get('prompt_data').get('password_repeat'):
-    return True
-
-ak_message("Passwords don't match.")
-return False
-```
-
-This policy expects you to have two password fields with `field_key` set to `password` and `password_repeat`.
-
-Afterwards, bind this policy to the prompt stage you want to validate.
--- a/website/docs/tenants.md
+++ b/website/docs/tenants.md
@ -0,0 +1,21 @@
+---
+title: Tenants
+---
+
+authentik support soft multi-tennancy. This means that you can configure several options depending on domain, but all the objects like applications, providers, etc, are still global. This can be handy to use the same authentik instance, but branded differently for different domains.
+
+The main settings that tenants influence are flows and branding.
+
+## Flows
+
+authentik picks a default flow by picking the flow that is selected in the current tenant, otherwise any flow that
+
+    - matches the required designation
+    - comes first sorted by slug
+    - is allowed by policies
+
+This means that if you want to select a default flow based on policy, you can just leave the tenant default empty.
+
+## Branding
+
+The tenant can configure the branding title (shown in website document title and several other places), and the sidebar/header logo.
--- a/website/sidebars.js
+++ b/website/sidebars.js
@ -96,7 +96,6 @@ module.exports = {
                "flow/stages/invitation/index",
                "flow/stages/password/index",
                "flow/stages/prompt/index",
-                "flow/stages/prompt/validation",
                "flow/stages/user_delete",
                "flow/stages/user_login",
                "flow/stages/user_logout",
@ -133,6 +132,10 @@ module.exports = {
                "events/transports"
            ],
        },
+        {
+            type: "doc",
+            id: "tenants",
+        },
        {
            type: "category",
            label: "Maintenance",