providers/saml: initial SLO implementation (#2346)

* providers/saml: initial SLO implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/saml: add logout request tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/saml: add tests for POST SLO Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * matrix e2e tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix import Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * set e2e matrix name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix imports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * separate oidc and oauth tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add basic saml slo e2e tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add better metadata download url Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * kinda prepare release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * sort releases into folders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add slo urls to website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix linking Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 19:45:31 +01:00 · 2023-01-04 19:45:31 +01:00 · dc1359a763
parent 1e01e9813d
commit dc1359a763
69 changed files with 3085 additions and 1477 deletions
--- a/.github/workflows/ci-main.yml
+++ b/.github/workflows/ci-main.yml
@ -102,14 +102,31 @@ jobs:
        uses: helm/kind-action@v1.5.0
      - name: run integration
        run: |
-          poetry run make test-integration
+          poetry run coverage run manage.py test tests/integration
          poetry run coverage xml
      - if: ${{ always() }}
        uses: codecov/codecov-action@v3
        with:
          flags: integration
-  test-e2e-provider:
+  test-e2e:
    name: test-e2e (${{ matrix.job.name }})
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        job:
          - name: proxy
            glob: tests/e2e/test_provider_proxy*
          - name: oauth
            glob: tests/e2e/test_provider_oauth2_!(oidc) tests/e2e/test_source_oauth*
          - name: oauth-oidc
            glob: tests/e2e/test_provider_oauth2_oidc*
          - name: saml
            glob: tests/e2e/test_provider_saml* tests/e2e/test_source_saml*
          - name: ldap
            glob: tests/e2e/test_provider_ldap*
          - name: flows
            glob: tests/e2e/test_flows*
    steps:
      - uses: actions/checkout@v3
      - name: Setup authentik env
@ -131,36 +148,8 @@ jobs:
          npm run build
      - name: run e2e
        run: |
-          poetry run make test-e2e-provider
+          shopt -s extglob
-          poetry run coverage xml
+          poetry run coverage run manage.py test ${{ matrix.job.glob }}
      - if: ${{ always() }}
        uses: codecov/codecov-action@v3
        with:
          flags: e2e
  test-e2e-rest:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Setup authentik env
        uses: ./.github/actions/setup
      - name: Setup e2e env (chrome, etc)
        run: |
          docker-compose -f tests/e2e/docker-compose.yml up -d
      - id: cache-web
        uses: actions/cache@v3
        with:
          path: web/dist
          key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/src/**') }}
      - name: prepare web ui
        if: steps.cache-web.outputs.cache-hit != 'true'
        working-directory: web/
        run: |
          npm ci
          make -C .. gen-client-ts
          npm run build
      - name: run e2e
        run: |
          poetry run make test-e2e-rest
          poetry run coverage xml
      - if: ${{ always() }}
        uses: codecov/codecov-action@v3
@ -173,8 +162,7 @@ jobs:
      - test-migrations-from-stable
      - test-unittest
      - test-integration
-      - test-e2e-rest
+      - test-e2e
      - test-e2e-provider
    runs-on: ubuntu-latest
    steps:
      - run: echo mark
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -14,7 +14,9 @@
        "webauthn",
        "traefik",
        "passwordless",
-        "kubernetes"
+        "kubernetes",
        "sso",
        "slo"
    ],
    "python.linting.pylintEnabled": true,
    "todo-tree.tree.showCountsInTree": true,
--- a/9
+++ b/9
@ -6,15 +6,6 @@ NPM_VERSION = $(shell python -m scripts.npm_version)
 all: lint-fix lint test gen web
 test-integration:
 	coverage run manage.py test tests/integration
 test-e2e-provider:
 	coverage run manage.py test tests/e2e/test_provider*
 test-e2e-rest:
 	coverage run manage.py test tests/e2e/test_flows* tests/e2e/test_source*
 test-go:
 	go test -timeout 0 -v -race -cover ./...
--- a/authentik/core/tests/test_source_flow_manager.py
+++ b/authentik/core/tests/test_source_flow_manager.py
@ -1,7 +1,6 @@
 """Test Source flow_manager"""
 from django.contrib.auth.models import AnonymousUser
 from django.test import TestCase
 from django.test.client import RequestFactory
 from guardian.utils import get_anonymous_user
 from authentik.core.models import SourceUserMatchingModes, User
@ -22,7 +21,6 @@ class TestSourceFlowManager(TestCase):
    def setUp(self) -> None:
        super().setUp()
        self.source: OAuthSource = OAuthSource.objects.create(name="test")
        self.factory = RequestFactory()
        self.identifier = generate_id()
    def test_unauthenticated_enroll(self):
--- a/authentik/providers/oauth2/tests/test_jwks.py
+++ b/authentik/providers/oauth2/tests/test_jwks.py
@ -1,7 +1,6 @@
 """JWKS tests"""
 import json
 from django.test import RequestFactory
 from django.urls.base import reverse
 from jwt import PyJWKSet
@ -14,10 +13,6 @@ from authentik.providers.oauth2.tests.utils import OAuthTestCase
 class TestJWKS(OAuthTestCase):
    """Test JWKS view"""
    def setUp(self) -> None:
        super().setUp()
        self.factory = RequestFactory()
    def test_rs256(self):
        """Test JWKS request with RS256"""
        provider = OAuth2Provider.objects.create(
--- a/authentik/providers/saml/api/providers.py
+++ b/authentik/providers/saml/api/providers.py
@ -28,9 +28,9 @@ from authentik.core.models import Provider
 from authentik.flows.models import Flow, FlowDesignation
 from authentik.providers.saml.models import SAMLProvider
 from authentik.providers.saml.processors.assertion import AssertionProcessor
 from authentik.providers.saml.processors.authn_request_parser import AuthNRequest
 from authentik.providers.saml.processors.metadata import MetadataProcessor
 from authentik.providers.saml.processors.metadata_parser import ServiceProviderMetadataParser
 from authentik.providers.saml.processors.request_parser import AuthNRequest
 from authentik.sources.saml.processors.constants import SAML_BINDING_POST, SAML_BINDING_REDIRECT
 LOGGER = get_logger()
@ -44,6 +44,8 @@ class SAMLProviderSerializer(ProviderSerializer):
    url_sso_post = SerializerMethodField()
    url_sso_redirect = SerializerMethodField()
    url_sso_init = SerializerMethodField()
    url_slo_post = SerializerMethodField()
    url_slo_redirect = SerializerMethodField()
    def get_url_download_metadata(self, instance: SAMLProvider) -> str:
        """Get metadata download URL"""
@ -99,6 +101,36 @@ class SAMLProviderSerializer(ProviderSerializer):
        except Provider.application.RelatedObjectDoesNotExist:  # pylint: disable=no-member
            return "-"
    def get_url_slo_post(self, instance: SAMLProvider) -> str:
        """Get SLO POST URL"""
        if "request" not in self._context:
            return ""
        request: HttpRequest = self._context["request"]._request
        try:
            return request.build_absolute_uri(
                reverse(
                    "authentik_providers_saml:slo-post",
                    kwargs={"application_slug": instance.application.slug},
                )
            )
        except Provider.application.RelatedObjectDoesNotExist:  # pylint: disable=no-member
            return "-"
    def get_url_slo_redirect(self, instance: SAMLProvider) -> str:
        """Get SLO redirect URL"""
        if "request" not in self._context:
            return ""
        request: HttpRequest = self._context["request"]._request
        try:
            return request.build_absolute_uri(
                reverse(
                    "authentik_providers_saml:slo-redirect",
                    kwargs={"application_slug": instance.application.slug},
                )
            )
        except Provider.application.RelatedObjectDoesNotExist:  # pylint: disable=no-member
            return "-"
    class Meta:
        model = SAMLProvider
@ -120,6 +152,8 @@ class SAMLProviderSerializer(ProviderSerializer):
            "url_sso_post",
            "url_sso_redirect",
            "url_sso_init",
            "url_slo_post",
            "url_slo_redirect",
        ]
--- a/authentik/providers/saml/processors/assertion.py
+++ b/authentik/providers/saml/processors/assertion.py
@ -13,7 +13,7 @@ from authentik.events.models import Event, EventAction
 from authentik.events.signals import get_login_event
 from authentik.lib.utils.time import timedelta_from_string
 from authentik.providers.saml.models import SAMLPropertyMapping, SAMLProvider
-from authentik.providers.saml.processors.request_parser import AuthNRequest
+from authentik.providers.saml.processors.authn_request_parser import AuthNRequest
 from authentik.providers.saml.utils import get_random_id
 from authentik.providers.saml.utils.time import get_time_string
 from authentik.sources.ldap.auth import LDAP_DISTINGUISHED_NAME
--- a/authentik/providers/saml/processors/authn_request_parser.py
+++ b/authentik/providers/saml/processors/authn_request_parser.py
@ -24,7 +24,6 @@ from authentik.sources.saml.processors.constants import (
    SAML_NAME_ID_FORMAT_UNSPECIFIED,
 )
 LOGGER = get_logger()
 ERROR_CANNOT_DECODE_REQUEST = "Cannot decode SAML request."
 ERROR_SIGNATURE_REQUIRED_BUT_ABSENT = (
    "Verification Certificate configured, but request is not signed."
@ -51,6 +50,7 @@ class AuthNRequestParser:
    def __init__(self, provider: SAMLProvider):
        self.provider = provider
        self.logger = get_logger().bind(provider=self.provider)
    def _parse_xml(self, decoded_xml: str | bytes, relay_state: Optional[str]) -> AuthNRequest:
        root = ElementTree.fromstring(decoded_xml)
@ -68,7 +68,7 @@ class AuthNRequestParser:
                f"ACS URL of {request_acs_url} doesn't match Provider "
                f"ACS URL of {self.provider.acs_url}."
            )
-            LOGGER.warning(msg)
+            self.logger.warning(msg)
            raise CannotHandleAssertion(msg)
        auth_n_request = AuthNRequest(id=root.attrib["ID"], relay_state=relay_state)
--- a/authentik/providers/saml/processors/logout_request_parser.py
+++ b/authentik/providers/saml/processors/logout_request_parser.py
@ -0,0 +1,67 @@
 """LogoutRequest parser"""
 from base64 import b64decode
 from dataclasses import dataclass
 from typing import Optional
 from defusedxml import ElementTree
 from authentik.providers.saml.exceptions import CannotHandleAssertion
 from authentik.providers.saml.models import SAMLProvider
 from authentik.providers.saml.processors.authn_request_parser import ERROR_CANNOT_DECODE_REQUEST
 from authentik.providers.saml.utils.encoding import decode_base64_and_inflate
 from authentik.sources.saml.processors.constants import NS_SAML_PROTOCOL
@dataclass
 class LogoutRequest:
    """Logout Request"""
    # pylint: disable=invalid-name
    id: Optional[str] = None
    issuer: Optional[str] = None
    relay_state: Optional[str] = None
 class LogoutRequestParser:
    """LogoutRequest Parser"""
    provider: SAMLProvider
    def __init__(self, provider: SAMLProvider):
        self.provider = provider
    def _parse_xml(
        self, decoded_xml: str | bytes, relay_state: Optional[str] = None
    ) -> LogoutRequest:
        root = ElementTree.fromstring(decoded_xml)
        request = LogoutRequest(
            id=root.attrib["ID"],
        )
        issuers = root.findall(f"{{{NS_SAML_PROTOCOL}}}Issuer")
        if len(issuers) > 0:
            request.issuer = issuers[0].text
        request.relay_state = relay_state
        return request
    def parse(self, saml_request: str, relay_state: Optional[str] = None) -> LogoutRequest:
        """Validate and parse raw request with enveloped signautre."""
        try:
            decoded_xml = b64decode(saml_request.encode())
        except UnicodeDecodeError:
            raise CannotHandleAssertion(ERROR_CANNOT_DECODE_REQUEST)
        return self._parse_xml(decoded_xml, relay_state)
    def parse_detached(
        self,
        saml_request: str,
        relay_state: Optional[str] = None,
    ) -> LogoutRequest:
        """Validate and parse raw request with detached signature"""
        try:
            decoded_xml = decode_base64_and_inflate(saml_request)
        except UnicodeDecodeError:
            raise CannotHandleAssertion(ERROR_CANNOT_DECODE_REQUEST)
        return self._parse_xml(decoded_xml, relay_state)
--- a/authentik/providers/saml/processors/metadata.py
+++ b/authentik/providers/saml/processors/metadata.py
@ -68,23 +68,36 @@ class MetadataProcessor:
    def get_bindings(self) -> Iterator[Element]:
        """Get all Bindings supported"""
        binding_url_map = {
-            SAML_BINDING_REDIRECT: self.http_request.build_absolute_uri(
+            (SAML_BINDING_REDIRECT, "SingleSignOnService"): self.http_request.build_absolute_uri(
                reverse(
                    "authentik_providers_saml:sso-redirect",
                    kwargs={"application_slug": self.provider.application.slug},
                )
            ),
-            SAML_BINDING_POST: self.http_request.build_absolute_uri(
+            (SAML_BINDING_POST, "SingleSignOnService"): self.http_request.build_absolute_uri(
                reverse(
                    "authentik_providers_saml:sso-post",
                    kwargs={"application_slug": self.provider.application.slug},
                )
            ),
            (SAML_BINDING_REDIRECT, "SingleLogoutService"): self.http_request.build_absolute_uri(
                reverse(
                    "authentik_providers_saml:slo-redirect",
                    kwargs={"application_slug": self.provider.application.slug},
                )
            ),
            (SAML_BINDING_POST, "SingleLogoutService"): self.http_request.build_absolute_uri(
                reverse(
                    "authentik_providers_saml:slo-post",
                    kwargs={"application_slug": self.provider.application.slug},
                )
            ),
        }
-        for binding, url in binding_url_map.items():
+        for binding_svc, url in binding_url_map.items():
            binding, svc = binding_svc
            if self.force_binding and self.force_binding != binding:
                continue
-            element = Element(f"{{{NS_SAML_METADATA}}}SingleSignOnService")
+            element = Element(f"{{{NS_SAML_METADATA}}}{svc}")
            element.attrib["Binding"] = binding
            element.attrib["Location"] = url
            yield element
--- a/authentik/providers/saml/tests/test_api.py
+++ b/authentik/providers/saml/tests/test_api.py
@ -9,6 +9,7 @@ from authentik.blueprints.tests import apply_blueprint
 from authentik.core.models import Application
 from authentik.core.tests.utils import create_test_admin_user, create_test_flow
 from authentik.flows.models import FlowDesignation
 from authentik.lib.generators import generate_id
 from authentik.providers.saml.models import SAMLPropertyMapping, SAMLProvider
 from authentik.providers.saml.tests.test_metadata import METADATA_SIMPLE
@ -21,14 +22,26 @@ class TestSAMLProviderAPI(APITestCase):
        self.user = create_test_admin_user()
        self.client.force_login(self.user)
    def test_detail(self):
        """Test detail"""
        provider = SAMLProvider.objects.create(
            name=generate_id(),
            authorization_flow=create_test_flow(),
        )
        Application.objects.create(name=generate_id(), provider=provider, slug=generate_id())
        response = self.client.get(
            reverse("authentik_api:samlprovider-detail", kwargs={"pk": provider.pk}),
        )
        self.assertEqual(200, response.status_code)
    def test_metadata(self):
        """Test metadata export (normal)"""
        self.client.logout()
        provider = SAMLProvider.objects.create(
-            name="test",
+            name=generate_id(),
            authorization_flow=create_test_flow(),
        )
-        Application.objects.create(name="test", provider=provider, slug="test")
+        Application.objects.create(name=generate_id(), provider=provider, slug=generate_id())
        response = self.client.get(
            reverse("authentik_api:samlprovider-metadata", kwargs={"pk": provider.pk}),
        )
@ -38,10 +51,10 @@ class TestSAMLProviderAPI(APITestCase):
        """Test metadata export (download)"""
        self.client.logout()
        provider = SAMLProvider.objects.create(
-            name="test",
+            name=generate_id(),
            authorization_flow=create_test_flow(),
        )
-        Application.objects.create(name="test", provider=provider, slug="test")
+        Application.objects.create(name=generate_id(), provider=provider, slug=generate_id())
        response = self.client.get(
            reverse("authentik_api:samlprovider-metadata", kwargs={"pk": provider.pk})
            + "?download",
@ -54,7 +67,7 @@ class TestSAMLProviderAPI(APITestCase):
        self.client.logout()
        # Provider without application
        provider = SAMLProvider.objects.create(
-            name="test",
+            name=generate_id(),
            authorization_flow=create_test_flow(),
        )
        response = self.client.get(
@ -75,7 +88,7 @@ class TestSAMLProviderAPI(APITestCase):
                reverse("authentik_api:samlprovider-import-metadata"),
                {
                    "file": metadata,
-                    "name": "test",
+                    "name": generate_id(),
                    "authorization_flow": create_test_flow(FlowDesignation.AUTHORIZATION).slug,
                },
                format="multipart",
@ -92,7 +105,7 @@ class TestSAMLProviderAPI(APITestCase):
                reverse("authentik_api:samlprovider-import-metadata"),
                {
                    "file": metadata,
-                    "name": "test",
+                    "name": generate_id(),
                    "authorization_flow": create_test_flow().slug,
                },
                format="multipart",
@ -104,7 +117,7 @@ class TestSAMLProviderAPI(APITestCase):
        response = self.client.post(
            reverse("authentik_api:samlprovider-import-metadata"),
            {
-                "name": "test",
+                "name": generate_id(),
            },
            format="multipart",
        )
@ -114,11 +127,11 @@ class TestSAMLProviderAPI(APITestCase):
    def test_preview(self):
        """Test Preview API Endpoint"""
        provider: SAMLProvider = SAMLProvider.objects.create(
-            name="test",
+            name=generate_id(),
            authorization_flow=create_test_flow(),
        )
        provider.property_mappings.set(SAMLPropertyMapping.objects.all())
-        Application.objects.create(name="test", provider=provider, slug="test")
+        Application.objects.create(name=generate_id(), provider=provider, slug=generate_id())
        response = self.client.get(
            reverse("authentik_api:samlprovider-preview-user", kwargs={"pk": provider.pk})
        )
--- a/authentik/providers/saml/tests/test_auth_n_request.py
+++ b/authentik/providers/saml/tests/test_auth_n_request.py
@ -2,7 +2,7 @@
 from base64 import b64encode
 from django.http.request import QueryDict
-from django.test import RequestFactory, TestCase
+from django.test import TestCase
 from authentik.blueprints.tests import apply_blueprint
 from authentik.core.tests.utils import create_test_admin_user, create_test_cert, create_test_flow
@ -11,7 +11,7 @@ from authentik.events.models import Event, EventAction
 from authentik.lib.tests.utils import get_request
 from authentik.providers.saml.models import SAMLPropertyMapping, SAMLProvider
 from authentik.providers.saml.processors.assertion import AssertionProcessor
-from authentik.providers.saml.processors.request_parser import AuthNRequestParser
+from authentik.providers.saml.processors.authn_request_parser import AuthNRequestParser
 from authentik.sources.saml.exceptions import MismatchedRequestID
 from authentik.sources.saml.models import SAMLSource
 from authentik.sources.saml.processors.constants import (
@ -91,7 +91,6 @@ class TestAuthNRequest(TestCase):
            pre_authentication_flow=create_test_flow(),
            signing_kp=cert,
        )
        self.factory = RequestFactory()
    def test_signed_valid(self):
        """Test generated AuthNRequest with valid signature"""
--- a/authentik/providers/saml/tests/test_logout_request.py
+++ b/authentik/providers/saml/tests/test_logout_request.py
@ -0,0 +1,60 @@
 """logout request tests"""
 from django.test import TestCase
 from authentik.blueprints.tests import apply_blueprint
 from authentik.core.tests.utils import create_test_cert, create_test_flow
 from authentik.providers.saml.models import SAMLPropertyMapping, SAMLProvider
 from authentik.providers.saml.processors.logout_request_parser import LogoutRequestParser
 from authentik.sources.saml.models import SAMLSource
 GET_LOGOUT_REQUEST = (
    "lJLNauMwEMdfRejuSJbtEIvYsBAWDNlltyk99DaxJ41AllzNGNq3L3Z7CD0EehJo5vf/ENoTjH6yx/gSZ37A1xmJxdvo"
    "A9ll0sg5BRuBHNkAI5Ll3p5+/Tlas9EWiDCxi0HeINN9ZkqRYx+9FN2hkW7IDEJ+1vllWxfbAvq6wmKAEvKq1PW5HnbY"
    "V6aqy1KKJ0zkYmik2WgpOqIZu0AMgRtptDGZNpnJH01uC2PL7UbvzLMUByR2AXglr8yTVcrHHvw1Ettaa61gmrzr1xW1"
    "VFCMxIp8VAkHl7BnJdv1pezqmsTvmEbg+02XGzdkl3XVYmDH77JdVLJFP6Npr240vwz+wojdQSzH/xm8uzhMjbylpDj9"
    "uzv+eThOEMhhYKnaz1DfvkT7EQAA//8="
 )
 POST_LOGOUT_REQUEST = (
    "PHNhbWxwOkxvZ291dFJlcXVlc3QgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvb"
    "iIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgSUQ9ImlkLWI4ZjRmZDUxZW"
    "Q0MTA2ZjFlNzgyYjk1ZDUxZDlhZDNmMzg1ZTU4MTYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDIyLTAyLTI"
    "xVDIyOjUwOjMzLjk5OVoiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjkwMDAvYXBwbGljYXRpb24vc2FtbC90"
    "ZXN0L3Nsby9wb3N0LyI+PHNhbWw6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZ"
    "C1mb3JtYXQ6ZW50aXR5Ij5zYW1sLXRlc3Qtc3A8L3NhbWw6SXNzdWVyPjxzYW1sOk5hbWVJRCBOYW1lUXVhbGlmaWVyPS"
    "JzYW1sLXRlc3Qtc3AiIFNQTmFtZVF1YWxpZmllcj0ic2FtbC10ZXN0LXNwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp"
    "0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCIvPjwvc2FtbHA6TG9nb3V0UmVxdWVzdD4="
 )
 class TestLogoutRequest(TestCase):
    """Test LogoutRequest generator and parser"""
    @apply_blueprint("system/providers-saml.yaml")
    def setUp(self):
        cert = create_test_cert()
        self.provider: SAMLProvider = SAMLProvider.objects.create(
            authorization_flow=create_test_flow(),
            acs_url="http://testserver/source/saml/provider/acs/",
            signing_kp=cert,
            verification_kp=cert,
        )
        self.provider.property_mappings.set(SAMLPropertyMapping.objects.all())
        self.provider.save()
        self.source = SAMLSource.objects.create(
            slug="provider",
            issuer="authentik",
            pre_authentication_flow=create_test_flow(),
            signing_kp=cert,
        )
    def test_static_get(self):
        """Test static LogoutRequest"""
        request = LogoutRequestParser(self.provider).parse_detached(GET_LOGOUT_REQUEST)
        self.assertEqual(request.id, "id-2ea1b01f69363ac95e3da4a15409b9d8ec525944")
        self.assertIsNone(request.issuer)
    def test_static_post(self):
        """Test static LogoutRequest"""
        request = LogoutRequestParser(self.provider).parse(POST_LOGOUT_REQUEST)
        self.assertEqual(request.id, "id-b8f4fd51ed4106f1e782b95d51d9ad3f385e5816")
        self.assertIsNone(request.issuer)
--- a/authentik/providers/saml/tests/test_schema.py
+++ b/authentik/providers/saml/tests/test_schema.py
@ -1,7 +1,7 @@
 """Test Requests and Responses against schema"""
 from base64 import b64encode
-from django.test import RequestFactory, TestCase
+from django.test import TestCase
 from lxml import etree  # nosec
 from authentik.blueprints.tests import apply_blueprint
@ -10,7 +10,7 @@ from authentik.lib.tests.utils import get_request
 from authentik.lib.xml import lxml_from_string
 from authentik.providers.saml.models import SAMLPropertyMapping, SAMLProvider
 from authentik.providers.saml.processors.assertion import AssertionProcessor
-from authentik.providers.saml.processors.request_parser import AuthNRequestParser
+from authentik.providers.saml.processors.authn_request_parser import AuthNRequestParser
 from authentik.sources.saml.models import SAMLSource
 from authentik.sources.saml.processors.request import RequestProcessor
@ -35,7 +35,6 @@ class TestSchema(TestCase):
            signing_kp=cert,
            pre_authentication_flow=create_test_flow(),
        )
        self.factory = RequestFactory()
    def test_request_schema(self):
        """Test generated AuthNRequest against Schema"""
--- a/authentik/providers/saml/urls.py
+++ b/authentik/providers/saml/urls.py
@ -1,7 +1,7 @@
 """authentik SAML IDP URLs"""
 from django.urls import path
-from authentik.providers.saml.views import sso
+from authentik.providers.saml.views import metadata, slo, sso
 urlpatterns = [
    # SSO Bindings
@ -21,4 +21,21 @@ urlpatterns = [
        sso.SAMLSSOBindingInitView.as_view(),
        name="sso-init",
    ),
    # SLO Bindings
    path(
        "<slug:application_slug>/slo/redirect/",
        slo.SAMLSLOBindingRedirectView.as_view(),
        name="slo-redirect",
    ),
    path(
        "<slug:application_slug>/slo/post/",
        slo.SAMLSLOBindingPOSTView.as_view(),
        name="slo-post",
    ),
    # Metadata
    path(
        "<slug:application_slug>/metadata/",
        metadata.MetadataDownload.as_view(),
        name="metadata-download",
    ),
 ]
--- a/authentik/providers/saml/views/flows.py
+++ b/authentik/providers/saml/views/flows.py
@ -22,7 +22,7 @@ from authentik.flows.stage import ChallengeStageView
 from authentik.lib.views import bad_request_message
 from authentik.providers.saml.models import SAMLBindings, SAMLProvider
 from authentik.providers.saml.processors.assertion import AssertionProcessor
-from authentik.providers.saml.processors.request_parser import AuthNRequest
+from authentik.providers.saml.processors.authn_request_parser import AuthNRequest
 from authentik.providers.saml.utils.encoding import deflate_and_base64_encode, nice64
 from authentik.sources.saml.exceptions import SAMLException
@ -35,6 +35,8 @@ REQUEST_KEY_SAML_RESPONSE = "SAMLResponse"
 REQUEST_KEY_RELAY_STATE = "RelayState"
 SESSION_KEY_AUTH_N_REQUEST = "authentik/providers/saml/authn_request"
 SESSION_KEY_LOGOUT_REQUEST = "authentik/providers/saml/logout_request"
 # This View doesn't have a URL on purpose, as its called by the FlowExecutor
 class SAMLFlowFinalView(ChallengeStageView):
--- a/authentik/providers/saml/views/metadata.py
+++ b/authentik/providers/saml/views/metadata.py
@ -0,0 +1,26 @@
 """metadata redirect"""
 from django.http import Http404, HttpRequest, HttpResponse
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse
 from django.views import View
 from authentik.core.models import Application
 class MetadataDownload(View):
    """Redirect to metadata download"""
    def dispatch(self, request: HttpRequest, application_slug: str) -> HttpResponse:
        app: Application = get_object_or_404(Application, slug=application_slug)
        provider = app.get_provider()
        if not provider:
            raise Http404
        return redirect(
            reverse(
                "authentik_api:samlprovider-metadata",
                kwargs={
                    "pk": provider.pk,
                },
            )
            + "?download"
        )
--- a/authentik/providers/saml/views/slo.py
+++ b/authentik/providers/saml/views/slo.py
@ -0,0 +1,106 @@
 """SLO Views"""
 from typing import Optional
 from django.http import HttpRequest
 from django.http.response import HttpResponse
 from django.shortcuts import get_object_or_404, redirect
 from django.utils.decorators import method_decorator
 from django.views.decorators.clickjacking import xframe_options_sameorigin
 from django.views.decorators.csrf import csrf_exempt
 from structlog.stdlib import get_logger
 from authentik.core.models import Application
 from authentik.events.models import Event, EventAction
 from authentik.lib.views import bad_request_message
 from authentik.policies.views import PolicyAccessView
 from authentik.providers.saml.exceptions import CannotHandleAssertion
 from authentik.providers.saml.models import SAMLProvider
 from authentik.providers.saml.processors.logout_request_parser import LogoutRequestParser
 from authentik.providers.saml.views.flows import (
    REQUEST_KEY_RELAY_STATE,
    REQUEST_KEY_SAML_REQUEST,
    SESSION_KEY_LOGOUT_REQUEST,
 )
 LOGGER = get_logger()
 class SAMLSLOView(PolicyAccessView):
    """ "SAML SLO Base View, which plans a flow and injects our final stage.
    Calls get/post handler."""
    def resolve_provider_application(self):
        self.application = get_object_or_404(Application, slug=self.kwargs["application_slug"])
        self.provider: SAMLProvider = get_object_or_404(
            SAMLProvider, pk=self.application.provider_id
        )
    def check_saml_request(self) -> Optional[HttpRequest]:
        """Handler to verify the SAML Request. Must be implemented by a subclass"""
        raise NotImplementedError
    # pylint: disable=unused-argument
    def get(self, request: HttpRequest, application_slug: str) -> HttpResponse:
        """Verify the SAML Request, and if valid initiate the FlowPlanner for the application"""
        # Call the method handler, which checks the SAML
        # Request and returns a HTTP Response on error
        method_response = self.check_saml_request()
        if method_response:
            return method_response
        return redirect(
            "authentik_core:if-session-end",
            application_slug=self.kwargs["application_slug"],
        )
    def post(self, request: HttpRequest, application_slug: str) -> HttpResponse:
        """GET and POST use the same handler, but we can't
        override .dispatch easily because PolicyAccessView's dispatch"""
        return self.get(request, application_slug)
 class SAMLSLOBindingRedirectView(SAMLSLOView):
    """SAML Handler for SLO/Redirect bindings, which are sent via GET"""
    def check_saml_request(self) -> Optional[HttpRequest]:
        if REQUEST_KEY_SAML_REQUEST not in self.request.GET:
            LOGGER.info("check_saml_request: SAML payload missing")
            return bad_request_message(self.request, "The SAML request payload is missing.")
        try:
            logout_request = LogoutRequestParser(self.provider).parse_detached(
                self.request.GET[REQUEST_KEY_SAML_REQUEST],
                relay_state=self.request.GET.get(REQUEST_KEY_RELAY_STATE, None),
            )
            self.request.session[SESSION_KEY_LOGOUT_REQUEST] = logout_request
        except CannotHandleAssertion as exc:
            Event.new(
                EventAction.CONFIGURATION_ERROR,
                provider=self.provider,
                message=str(exc),
            ).save()
            LOGGER.info(str(exc))
            return bad_request_message(self.request, str(exc))
        return None
@method_decorator(xframe_options_sameorigin, name="dispatch")
@method_decorator(csrf_exempt, name="dispatch")
 class SAMLSLOBindingPOSTView(SAMLSLOView):
    """SAML Handler for SLO/POST bindings"""
    def check_saml_request(self) -> Optional[HttpRequest]:
        payload = self.request.POST
        if REQUEST_KEY_SAML_REQUEST not in payload:
            LOGGER.info("check_saml_request: SAML payload missing")
            return bad_request_message(self.request, "The SAML request payload is missing.")
        try:
            logout_request = LogoutRequestParser(self.provider).parse(
                payload[REQUEST_KEY_SAML_REQUEST],
                relay_state=payload.get(REQUEST_KEY_RELAY_STATE, None),
            )
            self.request.session[SESSION_KEY_LOGOUT_REQUEST] = logout_request
        except CannotHandleAssertion as exc:
            LOGGER.info(str(exc))
            return bad_request_message(self.request, str(exc))
        return None
--- a/authentik/providers/saml/views/sso.py
+++ b/authentik/providers/saml/views/sso.py
@ -19,7 +19,7 @@ from authentik.lib.views import bad_request_message
 from authentik.policies.views import PolicyAccessView
 from authentik.providers.saml.exceptions import CannotHandleAssertion
 from authentik.providers.saml.models import SAMLProvider
-from authentik.providers.saml.processors.request_parser import AuthNRequestParser
+from authentik.providers.saml.processors.authn_request_parser import AuthNRequestParser
 from authentik.providers.saml.views.flows import (
    REQUEST_KEY_RELAY_STATE,
    REQUEST_KEY_SAML_REQUEST,
--- a/locale/en/LC_MESSAGES/django.po
+++ b/locale/en/LC_MESSAGES/django.po
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-12-28 11:51+0000\n"
+"POT-Creation-Date: 2023-01-04 17:12+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -48,7 +48,7 @@ msgstr ""
 msgid "authentik Export - %(date)s"
 msgstr ""
-#: authentik/blueprints/v1/tasks.py:106 authentik/crypto/tasks.py:93
+#: authentik/blueprints/v1/tasks.py:146 authentik/crypto/tasks.py:93
 #, python-format
 msgid "Successfully imported %(count)d files."
 msgstr ""
@ -81,7 +81,7 @@ msgstr ""
 msgid "User's display name."
 msgstr ""
-#: authentik/core/models.py:263 authentik/providers/oauth2/models.py:333
+#: authentik/core/models.py:263 authentik/providers/oauth2/models.py:332
 msgid "User"
 msgstr ""
@ -254,7 +254,7 @@ msgstr ""
 msgid "You're about to sign into %(application)s."
 msgstr ""
-#: authentik/crypto/api.py:177
+#: authentik/crypto/api.py:179
 msgid "Subject-alt name"
 msgstr ""
@ -732,198 +732,198 @@ msgstr ""
 msgid "LDAP Providers"
 msgstr ""
-#: authentik/providers/oauth2/models.py:45
+#: authentik/providers/oauth2/models.py:44
 msgid "Confidential"
 msgstr ""
-#: authentik/providers/oauth2/models.py:46
+#: authentik/providers/oauth2/models.py:45
 msgid "Public"
 msgstr ""
-#: authentik/providers/oauth2/models.py:68
+#: authentik/providers/oauth2/models.py:67
 msgid "Based on the Hashed User ID"
 msgstr ""
-#: authentik/providers/oauth2/models.py:69
+#: authentik/providers/oauth2/models.py:68
 msgid "Based on the username"
 msgstr ""
-#: authentik/providers/oauth2/models.py:72
+#: authentik/providers/oauth2/models.py:71
 msgid "Based on the User's Email. This is recommended over the UPN method."
 msgstr ""
-#: authentik/providers/oauth2/models.py:88
+#: authentik/providers/oauth2/models.py:87
 msgid "Same identifier is used for all providers"
 msgstr ""
-#: authentik/providers/oauth2/models.py:90
+#: authentik/providers/oauth2/models.py:89
 msgid "Each provider has a different issuer, based on the application slug."
 msgstr ""
-#: authentik/providers/oauth2/models.py:97
+#: authentik/providers/oauth2/models.py:96
 msgid "code (Authorization Code Flow)"
 msgstr ""
-#: authentik/providers/oauth2/models.py:98
+#: authentik/providers/oauth2/models.py:97
 msgid "id_token (Implicit Flow)"
 msgstr ""
-#: authentik/providers/oauth2/models.py:99
+#: authentik/providers/oauth2/models.py:98
 msgid "id_token token (Implicit Flow)"
 msgstr ""
-#: authentik/providers/oauth2/models.py:100
+#: authentik/providers/oauth2/models.py:99
 msgid "code token (Hybrid Flow)"
 msgstr ""
-#: authentik/providers/oauth2/models.py:101
+#: authentik/providers/oauth2/models.py:100
 msgid "code id_token (Hybrid Flow)"
 msgstr ""
-#: authentik/providers/oauth2/models.py:102
+#: authentik/providers/oauth2/models.py:101
 msgid "code id_token token (Hybrid Flow)"
 msgstr ""
-#: authentik/providers/oauth2/models.py:108
+#: authentik/providers/oauth2/models.py:107
 msgid "HS256 (Symmetric Encryption)"
 msgstr ""
-#: authentik/providers/oauth2/models.py:109
+#: authentik/providers/oauth2/models.py:108
 msgid "RS256 (Asymmetric Encryption)"
 msgstr ""
-#: authentik/providers/oauth2/models.py:110
+#: authentik/providers/oauth2/models.py:109
 msgid "ES256 (Asymmetric Encryption)"
 msgstr ""
-#: authentik/providers/oauth2/models.py:116
+#: authentik/providers/oauth2/models.py:115
 msgid "Scope used by the client"
 msgstr ""
-#: authentik/providers/oauth2/models.py:142
+#: authentik/providers/oauth2/models.py:141
 msgid "Scope Mapping"
 msgstr ""
-#: authentik/providers/oauth2/models.py:143
+#: authentik/providers/oauth2/models.py:142
 msgid "Scope Mappings"
 msgstr ""
-#: authentik/providers/oauth2/models.py:153
+#: authentik/providers/oauth2/models.py:152
 msgid "Client Type"
 msgstr ""
-#: authentik/providers/oauth2/models.py:155
+#: authentik/providers/oauth2/models.py:154
 msgid ""
 "Confidential clients are capable of maintaining the confidentiality of their "
 "credentials. Public clients are incapable"
 msgstr ""
-#: authentik/providers/oauth2/models.py:162
+#: authentik/providers/oauth2/models.py:161
 msgid "Client ID"
 msgstr ""
-#: authentik/providers/oauth2/models.py:168
+#: authentik/providers/oauth2/models.py:167
 msgid "Client Secret"
 msgstr ""
-#: authentik/providers/oauth2/models.py:174
+#: authentik/providers/oauth2/models.py:173
 msgid "Redirect URIs"
 msgstr ""
-#: authentik/providers/oauth2/models.py:175
+#: authentik/providers/oauth2/models.py:174
 msgid "Enter each URI on a new line."
 msgstr ""
-#: authentik/providers/oauth2/models.py:180
+#: authentik/providers/oauth2/models.py:179
 msgid "Include claims in id_token"
 msgstr ""
-#: authentik/providers/oauth2/models.py:228
+#: authentik/providers/oauth2/models.py:227
 msgid "Signing Key"
 msgstr ""
-#: authentik/providers/oauth2/models.py:232
+#: authentik/providers/oauth2/models.py:231
 msgid ""
 "Key used to sign the tokens. Only required when JWT Algorithm is set to "
 "RS256."
 msgstr ""
-#: authentik/providers/oauth2/models.py:239
+#: authentik/providers/oauth2/models.py:238
 msgid ""
 "Any JWT signed by the JWK of the selected source can be used to authenticate."
 msgstr ""
-#: authentik/providers/oauth2/models.py:325
+#: authentik/providers/oauth2/models.py:324
 msgid "OAuth2/OpenID Provider"
 msgstr ""
-#: authentik/providers/oauth2/models.py:326
+#: authentik/providers/oauth2/models.py:325
 msgid "OAuth2/OpenID Providers"
 msgstr ""
-#: authentik/providers/oauth2/models.py:335
+#: authentik/providers/oauth2/models.py:334
-#: authentik/providers/oauth2/models.py:552
+#: authentik/providers/oauth2/models.py:554
 msgid "Scopes"
 msgstr ""
-#: authentik/providers/oauth2/models.py:353
+#: authentik/providers/oauth2/models.py:352
 msgid "Code"
 msgstr ""
-#: authentik/providers/oauth2/models.py:354
+#: authentik/providers/oauth2/models.py:353
 msgid "Nonce"
 msgstr ""
-#: authentik/providers/oauth2/models.py:355
+#: authentik/providers/oauth2/models.py:354
 msgid "Is Authentication?"
 msgstr ""
-#: authentik/providers/oauth2/models.py:356
+#: authentik/providers/oauth2/models.py:355
 msgid "Code Challenge"
 msgstr ""
-#: authentik/providers/oauth2/models.py:358
+#: authentik/providers/oauth2/models.py:357
 msgid "Code Challenge Method"
 msgstr ""
-#: authentik/providers/oauth2/models.py:378
+#: authentik/providers/oauth2/models.py:377
 msgid "Authorization Code"
 msgstr ""
-#: authentik/providers/oauth2/models.py:379
+#: authentik/providers/oauth2/models.py:378
 msgid "Authorization Codes"
 msgstr ""
-#: authentik/providers/oauth2/models.py:430
+#: authentik/providers/oauth2/models.py:431
 msgid "Access Token"
 msgstr ""
-#: authentik/providers/oauth2/models.py:431
+#: authentik/providers/oauth2/models.py:432
 msgid "Refresh Token"
 msgstr ""
-#: authentik/providers/oauth2/models.py:432
+#: authentik/providers/oauth2/models.py:433
 msgid "ID Token"
 msgstr ""
-#: authentik/providers/oauth2/models.py:441
+#: authentik/providers/oauth2/models.py:442
 msgid "OAuth2 Token"
 msgstr ""
-#: authentik/providers/oauth2/models.py:442
+#: authentik/providers/oauth2/models.py:443
 msgid "OAuth2 Tokens"
 msgstr ""
-#: authentik/providers/oauth2/models.py:564
+#: authentik/providers/oauth2/models.py:566
 msgid "Device Token"
 msgstr ""
-#: authentik/providers/oauth2/models.py:565
+#: authentik/providers/oauth2/models.py:567
 msgid "Device Tokens"
 msgstr ""
 #: authentik/providers/oauth2/views/authorize.py:412
-#: authentik/providers/saml/views/flows.py:86
+#: authentik/providers/saml/views/flows.py:88
 #, python-format
 msgid "Redirecting to %(app)s..."
 msgstr ""
@ -988,11 +988,11 @@ msgstr ""
 msgid "Proxy Providers"
 msgstr ""
-#: authentik/providers/saml/api/providers.py:219
+#: authentik/providers/saml/api/providers.py:261
 msgid "Invalid XML Syntax"
 msgstr ""
-#: authentik/providers/saml/api/providers.py:229
+#: authentik/providers/saml/api/providers.py:271
 #, python-format
 msgid "Failed to import Metadata: %(message)s"
 msgstr ""
@ -1595,11 +1595,11 @@ msgstr ""
 msgid "Deny Stages"
 msgstr ""
-#: authentik/stages/dummy/models.py:33
+#: authentik/stages/dummy/models.py:35
 msgid "Dummy Stage"
 msgstr ""
-#: authentik/stages/dummy/models.py:34
+#: authentik/stages/dummy/models.py:36
 msgid "Dummy Stages"
 msgstr ""
@ -1627,7 +1627,7 @@ msgstr ""
 msgid "Email Stages"
 msgstr ""
-#: authentik/stages/email/stage.py:110
+#: authentik/stages/email/stage.py:109
 msgid "Successfully verified Email."
 msgstr ""
@ -1869,7 +1869,7 @@ msgstr ""
 msgid "Prompt Stages"
 msgstr ""
-#: authentik/stages/prompt/stage.py:95
+#: authentik/stages/prompt/stage.py:96
 msgid "Passwords don't match."
 msgstr ""
--- a/schema.yml
+++ b/schema.yml
@ -36671,6 +36671,12 @@ components:
        url_sso_init:
          type: string
          readOnly: true
        url_slo_post:
          type: string
          readOnly: true
        url_slo_redirect:
          type: string
          readOnly: true
      required:
      - acs_url
      - assigned_application_name
@ -36681,6 +36687,8 @@ components:
      - name
      - pk
      - url_download_metadata
      - url_slo_post
      - url_slo_redirect
      - url_sso_init
      - url_sso_post
      - url_sso_redirect
--- a/tests/e2e/test_provider_saml.py
+++ b/tests/e2e/test_provider_saml.py
@ -422,3 +422,51 @@ class TestProviderSAML(SeleniumTestCase):
            self.driver.find_element(By.CSS_SELECTOR, "header > h1").text,
            "Permission denied",
        )
    @retry()
    @apply_blueprint(
        "default/10-flow-default-authentication-flow.yaml",
        "default/10-flow-default-invalidation-flow.yaml",
    )
    @apply_blueprint(
        "default/20-flow-default-provider-authorization-explicit-consent.yaml",
        "default/20-flow-default-provider-authorization-implicit-consent.yaml",
    )
    @apply_blueprint(
        "system/providers-saml.yaml",
    )
    @reconcile_app("authentik_crypto")
    def test_slo(self):
        """test SAML Provider flow SP-initiated flow (implicit consent)"""
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-implicit-consent"
        )
        provider: SAMLProvider = SAMLProvider.objects.create(
            name="saml-test",
            acs_url="http://localhost:9009/saml/acs",
            audience="authentik-e2e",
            issuer="authentik-e2e",
            sp_binding=SAMLBindings.POST,
            authorization_flow=authorization_flow,
            signing_kp=create_test_cert(),
        )
        provider.property_mappings.set(SAMLPropertyMapping.objects.all())
        provider.save()
        app = Application.objects.create(
            name="SAML",
            slug="authentik-saml",
            provider=provider,
        )
        self.container = self.setup_client(provider)
        self.driver.get("http://localhost:9009")
        self.login()
        self.wait_for_url("http://localhost:9009/")
        self.driver.get("http://localhost:9009/saml/logout")
        self.wait_for_url(
            self.url(
                "authentik_core:if-session-end",
                application_slug=app.slug,
            )
        )
--- a/web/src/admin/providers/saml/SAMLProviderViewPage.ts
+++ b/web/src/admin/providers/saml/SAMLProviderViewPage.ts
@ -315,6 +315,32 @@ export class SAMLProviderViewPage extends AKElement {
                                              value="${ifDefined(this.provider.urlSsoInit)}"
                                          />
                                      </div>
                                      <div class="pf-c-form__group">
                                          <label class="pf-c-form__label">
                                              <span class="pf-c-form__label-text"
                                                  >${t`SLO URL (Post)`}</span
                                              >
                                          </label>
                                          <input
                                              class="pf-c-form-control"
                                              readonly
                                              type="text"
                                              value="${ifDefined(this.provider.urlSloPost)}"
                                          />
                                      </div>
                                      <div class="pf-c-form__group">
                                          <label class="pf-c-form__label">
                                              <span class="pf-c-form__label-text"
                                                  >${t`SLO URL (Redirect)`}</span
                                              >
                                          </label>
                                          <input
                                              class="pf-c-form-control"
                                              readonly
                                              type="text"
                                              value="${ifDefined(this.provider.urlSloRedirect)}"
                                          />
                                      </div>
                                  </form>
                              </div>
                          </div>`
--- a/web/src/locales/de.po
+++ b/web/src/locales/de.po
@ -137,21 +137,21 @@ msgstr "ACS URL"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ALL, all policies must match to grant access."
+#~ msgid "ALL, all policies must match to grant access."
-msgstr "ALLE, Bedingungen müssen erfüllt sein, um Zugang gewährt zu bekommen."
+#~ msgstr "ALLE, Bedingungen müssen erfüllt sein, um Zugang gewährt zu bekommen."
 #: src/admin/flows/StageBindingForm.ts
-msgid "ALL, all policies must match to include this stage access."
+#~ msgid "ALL, all policies must match to include this stage access."
-msgstr "ALLE, Bedingungen müssen erfüllt sein, um Zugang zu dieser Stufe gewährt zu bekommen."
+#~ msgstr "ALLE, Bedingungen müssen erfüllt sein, um Zugang zu dieser Stufe gewährt zu bekommen."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ANY, any policy must match to grant access."
+#~ msgid "ANY, any policy must match to grant access."
-msgstr "ANY, eine Bedingung muss erfüllt sein, um Zugang zu gewähren."
+#~ msgstr "ANY, eine Bedingung muss erfüllt sein, um Zugang zu gewähren."
 #: src/admin/flows/StageBindingForm.ts
-msgid "ANY, any policy must match to include this stage access."
+#~ msgid "ANY, any policy must match to include this stage access."
-msgstr "EINE, eine Bedingung muss erfüllt sein, um Zugang zu dieser Stufe zu gewähren."
+#~ msgstr "EINE, eine Bedingung muss erfüllt sein, um Zugang zu dieser Stufe zu gewähren."
 #: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
 msgid "API"
@ -178,8 +178,12 @@ msgid "API Requests"
 msgstr "API Anfragen"
 #: src/admin/tokens/TokenForm.ts
-msgid "API Token (can be used to access the API programmatically)"
+msgid "API Token"
-msgstr "API Token (kann für den Zugriff auf die API verwendet werden)"
+msgstr ""
 #: src/admin/tokens/TokenForm.ts
 #~ msgid "API Token (can be used to access the API programmatically)"
 #~ msgstr "API Token (kann für den Zugriff auf die API verwendet werden)"
 #: src/admin/stages/captcha/CaptchaStageForm.ts
 msgid "API URL"
@ -382,12 +386,18 @@ msgid "Affected model:"
 msgstr "Betroffenes Modell:"
 #: src/admin/events/RuleForm.ts
-msgid "Alert"
+#~ msgid "Alert"
-msgstr "Alarm"
+#~ msgstr "Alarm"
 #~ msgid "Algorithm used to sign the JWT Tokens."
 #~ msgstr "Algorithmus, der zum Signieren der JWT-Token verwendet wird."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "All policies must match to grant access"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Allow IDP-initiated logins"
 msgstr "IDP-initiierte Anmeldungen zulassen"
@ -438,10 +448,18 @@ msgstr ""
 msgid "Alternatively, if your current device has Duo installed, click on this link:"
 msgstr "Alternativ kannst Du auch auf diesen Link klicken, wenn Du Duo auf Deinem Gerät installiert hast: "
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always execute the configured bind flow to authenticate the user"
 msgstr ""
 #: src/admin/stages/consent/ConsentStageForm.ts
 msgid "Always require consent"
 msgstr "Immer nach Zustimmung fragen"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always returns the latest data, but slower than cached querying"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 msgid "An example setup can look like this:"
 msgstr "Ein Beispiel-Setup kann so aussehen:"
@ -450,6 +468,12 @@ msgstr "Ein Beispiel-Setup kann so aussehen:"
 msgid "Any HTML can be used."
 msgstr "Jedes HTML kann verwendet werden."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "Any policy must match to grant access"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 msgid "App"
@ -460,8 +484,16 @@ msgid "App password"
 msgstr "App Passwort"
 #: src/admin/tokens/TokenForm.ts
-msgid "App password (can be used to login using a flow executor)"
+#~ msgid "App password (can be used to login using a flow executor)"
-msgstr "App-Passwort (kann für die Anmeldung mit einem Ablauf genutzt werden)"
+#~ msgstr "App-Passwort (kann für die Anmeldung mit einem Ablauf genutzt werden)"
 #: src/admin/tokens/TokenForm.ts
 msgid "App password."
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Appearance settings"
 msgstr ""
 #: src/admin/admin-overview/TopApplicationsTable.ts
 #: src/admin/providers/ProviderListPage.ts
@ -799,6 +831,10 @@ msgstr "Basic-Auth"
 msgid "Bearer Token"
 msgstr "Bearer Token"
 #: src/admin/flows/FlowForm.ts
 msgid "Behavior settings"
 msgstr ""
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 msgid "Bind CN"
 msgstr "Bind CN"
@ -887,12 +923,16 @@ msgid "CA which the endpoint's Certificate is verified against. Can be left empt
 msgstr "CA, anhand derer das Zertifikat des Endpunkts überprüft wird. Kann leer gelassen werden, um keine Validierung durchzuführen."
 #: src/admin/flows/FlowForm.ts
-msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
+#~ msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Cached binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+#~ msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
-msgstr "Zwischengespeicherte Bindung, Flow wird ausgeführt und Sitzung wird im Arbeitsspeicher zwischengespeichert. Flow wird ausgeführt, wenn die Sitzung abläuft."
+#~ msgstr "Zwischengespeicherte Bindung, Flow wird ausgeführt und Sitzung wird im Arbeitsspeicher zwischengespeichert. Flow wird ausgeführt, wenn die Sitzung abläuft."
 #: src/admin/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
@ -903,8 +943,12 @@ msgid "Cached policies"
 msgstr "Gecachte Richtlinien"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
+msgid "Cached querying"
-msgstr "Gecachte Abfrage, der Oupost hält alle Benutzer und Gruppen im Speicher und aktualisiert sich alle 5 Minuten."
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
 #~ msgstr "Gecachte Abfrage, der Oupost hält alle Benutzer und Gruppen im Speicher und aktualisiert sich alle 5 Minuten."
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Caddy (Standalone)"
@ -1177,6 +1221,7 @@ msgstr "Clienttyp"
 #: src/admin/users/UserListPage.ts
 #: src/elements/notifications/NotificationDrawer.ts
 #: src/elements/wizard/Wizard.ts
 #: src/flow/FlowInspector.ts
 msgid "Close"
 msgstr "Schließen"
@ -1250,8 +1295,12 @@ msgid "Configure how the NameID value will be created. When left empty, the Name
 msgstr "Konfigurieren Sie, wie der NameID-Wert erstellt wird. Wenn es leer gelassen wird, wird die NameIDPolicy der eingehenden Anfrage respektiert."
 #: src/admin/flows/StageBindingForm.ts
-msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgid "Configure how the flow executor should handle an invalid response to a challenge given by this bound stage."
-msgstr "Konfigurieren Sie, wie der Flow Executor eine ungültige Antwort auf eine Challenge behandeln soll."
+msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 #~ msgid "Configure how the flow executor should handle an invalid response to a challenge."
 #~ msgstr "Konfigurieren Sie, wie der Flow Executor eine ungültige Antwort auf eine Challenge behandeln soll."
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Configure how the issuer field of the ID Token should be filled."
@ -1673,8 +1722,8 @@ msgstr "Anpassung"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "DSA-SHA1"
+#~ msgid "DSA-SHA1"
-msgstr "DSA-SHA1"
+#~ msgstr "DSA-SHA1"
 #: src/admin/AdminInterface.ts
 msgid "Dashboards"
@ -1892,15 +1941,23 @@ msgid "Digits"
 msgstr "Ziffern"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct binding, always execute the configured bind flow to authenticate the user."
+msgid "Direct binding"
-msgstr "Direkte Bindung, führt immer den konfigurierten Bindungsablauf aus, um den Benutzer zu authentifizieren."
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Direct binding, always execute the configured bind flow to authenticate the user."
 #~ msgstr "Direkte Bindung, führt immer den konfigurierten Bindungsablauf aus, um den Benutzer zu authentifizieren."
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying"
 msgstr ""
 #~ msgid "Direct querying, always execute the configured bind flow to authenticate the user."
 #~ msgstr "Bei der direkten Abfrage wird immer der konfigurierte Bindungsfluss ausgeführt, um den Benutzer zu authentifizieren."
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct querying, always returns the latest data, but slower than cached querying."
+#~ msgid "Direct querying, always returns the latest data, but slower than cached querying."
-msgstr "Direkte Abfragen geben immer die neuesten Daten zurück, sind jedoch langsamer als zwischengespeicherte Abfragen."
+#~ msgstr "Direkte Abfragen geben immer die neuesten Daten zurück, sind jedoch langsamer als zwischengespeicherte Abfragen."
 #: src/admin/AdminInterface.ts
 msgid "Directory"
@ -1971,8 +2028,12 @@ msgid "Download signing certificate"
 msgstr "Signierzertifikat herunterladen"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
+msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate."
-msgstr "Aufgrund von Protokolleinschränkungen wird dieses Zertifikat nur verwendet, wenn der Outpost einen einzigen Provider hat."
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
 #~ msgstr "Aufgrund von Protokolleinschränkungen wird dieses Zertifikat nur verwendet, wenn der Outpost einen einzigen Provider hat."
 #~ msgid "Dummy"
 #~ msgstr "Platzhalter"
@ -2017,8 +2078,12 @@ msgid "Duration after which events will be deleted from the database."
 msgstr "Dauer, nach der ein Ereignis aus der Datenbank gelöscht wird."
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Each provider has a different issuer, based on the application slug."
+msgid "Each provider has a different issuer, based on the application slug"
-msgstr "Jeder Anbieter hat einen anderen Aussteller, der auf dem Slug der Anwendung basiert."
+msgstr ""
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "Each provider has a different issuer, based on the application slug."
 #~ msgstr "Jeder Anbieter hat einen anderen Aussteller, der auf dem Slug der Anwendung basiert."
 #: src/admin/applications/ApplicationViewPage.ts
 #: src/admin/applications/ApplicationViewPage.ts
@ -2126,8 +2191,8 @@ msgstr "Aktiviere StartTLS"
 #~ msgstr "Aktiviere TOTP"
 #: src/admin/flows/FlowForm.ts
-msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
+#~ msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
-msgstr "Aktivieren Sie den Kompatibilitätsmodus, um die Kompatibilität mit Passwortmanagern auf mobilen Geräten zu erhöhen."
+#~ msgstr "Aktivieren Sie den Kompatibilitätsmodus, um die Kompatibilität mit Passwortmanagern auf mobilen Geräten zu erhöhen."
 #: src/admin/blueprints/BlueprintForm.ts
 #: src/admin/blueprints/BlueprintListPage.ts
@ -2497,6 +2562,10 @@ msgstr "Ablauf-Ausführung"
 msgid "Flow inspector"
 msgstr "Ablauf-Inspektor"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Flow is executed and session is cached in memory. Flow is executed when session expires"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
@ -3032,6 +3101,10 @@ msgstr "Schließen Sie Benutzeransprüche aus Bereichen in das id_token ein, fü
 msgid "Include claims in id_token"
 msgstr "Ansprüche in id_token berücksichtigen"
 #: src/admin/flows/FlowForm.ts
 msgid "Increases compatibility with password managers and mobile devices."
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Integration"
@ -3078,8 +3151,12 @@ msgid ""
 msgstr "Fehlgeschlagene Anmeldeversuche verringern die Reputation für die jeweiligen Anwendungs-IPs und -namen um eins."
 #: src/admin/flows/StageBindingForm.ts
-msgid "Invalid response action"
+#~ msgid "Invalid response action"
-msgstr "Ungültige Antwortaktion"
+#~ msgstr "Ungültige Antwortaktion"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Invalid response behavior"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Invalidation"
@ -3321,82 +3398,29 @@ msgstr "Server laden"
 msgid "Loading"
 msgstr "Wird geladen"
-#: src/admin/applications/ApplicationCheckAccessForm.ts
+#: src/elements/forms/SearchSelect.ts
-#: src/admin/applications/ApplicationForm.ts
+msgid "Loading options..."
-#: src/admin/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgstr ""
-#: src/admin/blueprints/BlueprintForm.ts
+
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/TransportForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/policies/PolicyBindingForm.ts
 #: src/admin/policies/PolicyTestForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderImportForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
 #: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
 #: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
 #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 #: src/admin/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
 #: src/admin/stages/email/EmailStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/invitation/InvitationForm.ts
 #: src/admin/stages/invitation/InvitationListLink.ts
 #: src/admin/stages/password/PasswordStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tokens/TokenForm.ts
 #: src/admin/users/UserForm.ts
 #: src/admin/users/UserResetEmailForm.ts
 #: src/elements/Spinner.ts
 msgid "Loading..."
 msgstr "Lädt..."
@ -3481,12 +3505,12 @@ msgid "Long-running operations which authentik executes in the background."
 msgstr "Langlaufende Operationen, die Authentik im Hintergrund ausführt."
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE will notify the user the flow isn't applicable."
+#~ msgid "MESSAGE will notify the user the flow isn't applicable."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
+#~ msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
-msgstr ""
+#~ msgstr ""
 #: src/admin/users/UserViewPage.ts
 msgid "MFA Authenticators"
@ -3964,7 +3988,6 @@ msgstr "Noch nicht synchronisiert."
 msgid "Not used by any other object."
 msgstr "Von keinem anderen Objekt verwendet."
 #: src/flow/stages/FlowErrorStage.ts
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 #: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
 #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
@ -4483,8 +4506,16 @@ msgid "Post binding"
 msgstr "POST Bindung"
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "Post binding (auto-submit)"
+#~ msgid "Post binding (auto-submit)"
-msgstr "Post Bindung (Automatische Übermittlung)"
+#~ msgstr "Post Bindung (Automatische Übermittlung)"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post binding but the request is automatically sent and the user doesn't have to confirm."
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post-auto binding"
 msgstr ""
 #: src/flow/FlowExecutor.ts
 msgid "Powered by authentik"
@ -4646,16 +4677,16 @@ msgstr "Schnellaktionen"
 #~ msgstr "RESTART startet den Flow von Anfang an neu, während der Flow-Kontext beibehalten wird."
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART restarts the flow from the beginning."
+#~ msgid "RESTART restarts the flow from the beginning."
-msgstr "RESTART startet den Flow von Anfang an neu."
+#~ msgstr "RESTART startet den Flow von Anfang an neu."
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
+#~ msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "RETRY returns the error message and a similar challenge to the executor."
+#~ msgid "RETRY returns the error message and a similar challenge to the executor."
-msgstr "RETRY gibt die Fehlermeldung und eine ähnliche Aufforderung an den Executor zurück."
+#~ msgstr "RETRY gibt die Fehlermeldung und eine ähnliche Aufforderung an den Executor zurück."
 #~ msgid "RS256 (Asymmetric Encryption)"
 #~ msgstr "RS256 (Asymmetrische Verschlüsselung)"
@ -4665,23 +4696,23 @@ msgstr "RETRY gibt die Fehlermeldung und eine ähnliche Aufforderung an den Exec
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA1"
+#~ msgid "RSA-SHA1"
-msgstr "RSA-SHA1"
+#~ msgstr "RSA-SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA256"
+#~ msgid "RSA-SHA256"
-msgstr "RSA-SHA256"
+#~ msgstr "RSA-SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA384"
+#~ msgid "RSA-SHA384"
-msgstr "RSA-SHA384"
+#~ msgstr "RSA-SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA512"
+#~ msgid "RSA-SHA512"
-msgstr "RSA-SHA512"
+#~ msgstr "RSA-SHA512"
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 msgid "Raw JWKS data."
@ -4835,6 +4866,10 @@ msgstr "Reputation Punkte"
 msgid "Request"
 msgstr "Anfrage"
 #: src/flow/stages/FlowErrorStage.ts
 msgid "Request ID"
 msgstr ""
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 msgid "Request has been denied."
 msgstr "Anfrage wurde verweigert"
@ -4882,6 +4917,14 @@ msgstr "Resident-Key-Anforderung"
 #~ msgid "Resources"
 #~ msgstr "Ressourcen"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning"
 msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning, while keeping the flow context"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 msgid "Result"
@ -4900,8 +4943,8 @@ msgstr "Authentifizierung erneut versuchen"
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Return"
+#~ msgid "Return"
-msgstr "zurück"
+#~ msgstr "zurück"
 #: src/elements/router/Router404.ts
 msgid "Return home"
@ -4916,6 +4959,10 @@ msgstr "Zurück zur Geräteauswahl"
 #~ msgid "Return true if request IP/target username's score is below a certain threshold."
 #~ msgstr "Gibt true/wahr zurück, wenn Wertung der anfragenden IP-Adresse/des anfragenden Benutzernamens unter Grenzwert liegt."
 #: src/admin/flows/StageBindingForm.ts
 msgid "Returns the error message and a similar challenge to the executor"
 msgstr ""
 #: src/elements/oauth/UserRefreshList.ts
 msgid "Revoked?"
 msgstr "Widerrufen?"
@ -4956,29 +5003,37 @@ msgstr "SAML-Details"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA1"
+#~ msgid "SHA1"
-msgstr "SHA1"
+#~ msgstr "SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA256"
+#~ msgid "SHA256"
-msgstr "SHA256"
+#~ msgstr "SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA384"
+#~ msgid "SHA384"
-msgstr "SHA384"
+#~ msgstr "SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA512"
+#~ msgid "SHA512"
-msgstr "SHA512"
+#~ msgstr "SHA512"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceViewPage.ts
 msgid "SLO URL"
 msgstr "SLO URL"
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Post)"
 msgstr ""
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Redirect)"
 msgstr ""
 #: src/flow/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "SMS"
 msgstr "SMS"
@ -5131,7 +5186,7 @@ msgstr "Registrierungsablauf wählen"
 #~ msgid "Select an identification method."
 #~ msgstr "Wählen Sie eine Authentifizierungsmethode aus."
-#: src/elements/SearchSelect.ts
+#: src/elements/forms/SearchSelect.ts
 msgid "Select an object."
 msgstr "Wählen Sie ein Objekt aus."
@ -5398,9 +5453,7 @@ msgstr ""
 msgid "Slug"
 msgstr "Slug"
 #: src/flow/FlowExecutor.ts
 #: src/flow/stages/FlowErrorStage.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
 msgid "Something went wrong! Please try again later."
 msgstr "Etwas ist schiefgelaufen. Bitte probiere es später wieder"
@ -5414,6 +5467,10 @@ msgstr "Quelle verknüpft"
 #~ msgid "Source name"
 #~ msgstr "Quellenname"
 #: src/admin/stages/identification/IdentificationStageForm.ts
 msgid "Source settings"
 msgstr ""
 #~ msgid "Source {0}"
 #~ msgstr "Quelle {0}"
@ -6148,6 +6205,10 @@ msgstr "Die folgenden Objekte verwenden {objName}"
 msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "The outpost holds all users and groups in-memory and will refresh every 5 Minutes"
 msgstr ""
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@ -6265,6 +6326,10 @@ msgstr ""
 msgid "Threshold"
 msgstr "Schwellwert"
 #: src/admin/stages/dummy/DummyStageForm.ts
 msgid "Throw error?"
 msgstr ""
 #: src/admin/stages/email/EmailStageForm.ts
 msgid "Time in minutes the token sent is valid."
 msgstr "Zeit in Minuten wie lange der verschickte Token gültig ist"
@ -6550,6 +6615,39 @@ msgstr "Einzigartige Kennung zur Referenzierung des Token."
 msgid "Unknown"
 msgstr "Unbekannt"
 #: src/admin/flows/utils.ts
 msgid "Unknown designation"
 msgstr ""
 #: src/admin/tokens/TokenListPage.ts
 msgid "Unknown intent"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Unknown layout"
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 msgid "Unknown outpost type"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceViewPage.ts
 msgid "Unknown provider type"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Unknown proxy mode"
 msgstr ""
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Unknown type"
 msgstr ""
 #: src/admin/sources/oauth/utils.ts
 msgid "Unknown user matching mode"
 msgstr ""
 #~ msgid "Unmanaged"
 #~ msgstr "Unverwaltet"
@ -6810,6 +6908,14 @@ msgstr "Verwenden Sie diesen Anbieter mit auth_request von nginx oder forwardAut
 msgid "Use this tenant for each domain that doesn't have a dedicated tenant."
 msgstr "Nutze diese Umgebung für jede Domain, die keine eigene Umgebung hat."
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to access the API programmatically"
 msgstr ""
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to login using a flow executor"
 msgstr ""
 #: src/admin/applications/ApplicationCheckAccessForm.ts
 #: src/admin/events/EventInfo.ts
 #: src/admin/events/EventListPage.ts
@ -7275,8 +7381,20 @@ msgstr "Bei Verwendung des Proxy- oder Forward-Authentifizierungsmodus (Einzelan
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Whoops!"
+#~ msgid "Whoops!"
-msgstr "Whoops!"
+#~ msgstr "Whoops!"
 #: src/admin/flows/FlowForm.ts
 msgid "Will either follow the ?next parameter or redirect to the default interface"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will follow the ?next parameter if set, otherwise show a message"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will notify the user the flow isn't applicable"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Windows"
--- a/web/src/locales/en.po
+++ b/web/src/locales/en.po
@ -115,21 +115,21 @@ msgstr "ACS URL"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ALL, all policies must match to grant access."
+#~ msgid "ALL, all policies must match to grant access."
-msgstr "ALL, all policies must match to grant access."
+#~ msgstr "ALL, all policies must match to grant access."
 #: src/admin/flows/StageBindingForm.ts
-msgid "ALL, all policies must match to include this stage access."
+#~ msgid "ALL, all policies must match to include this stage access."
-msgstr "ALL, all policies must match to include this stage access."
+#~ msgstr "ALL, all policies must match to include this stage access."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ANY, any policy must match to grant access."
+#~ msgid "ANY, any policy must match to grant access."
-msgstr "ANY, any policy must match to grant access."
+#~ msgstr "ANY, any policy must match to grant access."
 #: src/admin/flows/StageBindingForm.ts
-msgid "ANY, any policy must match to include this stage access."
+#~ msgid "ANY, any policy must match to include this stage access."
-msgstr "ANY, any policy must match to include this stage access."
+#~ msgstr "ANY, any policy must match to include this stage access."
 #: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
 msgid "API"
@ -156,8 +156,12 @@ msgid "API Requests"
 msgstr "API Requests"
 #: src/admin/tokens/TokenForm.ts
-msgid "API Token (can be used to access the API programmatically)"
+msgid "API Token"
-msgstr "API Token (can be used to access the API programmatically)"
+msgstr "API Token"
 #: src/admin/tokens/TokenForm.ts
 #~ msgid "API Token (can be used to access the API programmatically)"
 #~ msgstr "API Token (can be used to access the API programmatically)"
 #: src/admin/stages/captcha/CaptchaStageForm.ts
 msgid "API URL"
@ -364,13 +368,19 @@ msgid "Affected model:"
 msgstr "Affected model:"
 #: src/admin/events/RuleForm.ts
-msgid "Alert"
+#~ msgid "Alert"
-msgstr "Alert"
+#~ msgstr "Alert"
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "Algorithm used to sign the JWT Tokens."
 #~ msgstr "Algorithm used to sign the JWT Tokens."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "All policies must match to grant access"
 msgstr "All policies must match to grant access"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Allow IDP-initiated logins"
 msgstr "Allow IDP-initiated logins"
@ -421,10 +431,18 @@ msgstr "Also known as EntityID."
 msgid "Alternatively, if your current device has Duo installed, click on this link:"
 msgstr "Alternatively, if your current device has Duo installed, click on this link:"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always execute the configured bind flow to authenticate the user"
 msgstr "Always execute the configured bind flow to authenticate the user"
 #: src/admin/stages/consent/ConsentStageForm.ts
 msgid "Always require consent"
 msgstr "Always require consent"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always returns the latest data, but slower than cached querying"
 msgstr "Always returns the latest data, but slower than cached querying"
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 msgid "An example setup can look like this:"
 msgstr "An example setup can look like this:"
@ -433,6 +451,12 @@ msgstr "An example setup can look like this:"
 msgid "Any HTML can be used."
 msgstr "Any HTML can be used."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "Any policy must match to grant access"
 msgstr "Any policy must match to grant access"
 #: src/admin/events/EventInfo.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 msgid "App"
@ -443,8 +467,16 @@ msgid "App password"
 msgstr "App password"
 #: src/admin/tokens/TokenForm.ts
-msgid "App password (can be used to login using a flow executor)"
+#~ msgid "App password (can be used to login using a flow executor)"
-msgstr "App password (can be used to login using a flow executor)"
+#~ msgstr "App password (can be used to login using a flow executor)"
 #: src/admin/tokens/TokenForm.ts
 msgid "App password."
 msgstr "App password."
 #: src/admin/flows/FlowForm.ts
 msgid "Appearance settings"
 msgstr "Appearance settings"
 #: src/admin/admin-overview/TopApplicationsTable.ts
 #: src/admin/providers/ProviderListPage.ts
@ -790,6 +822,10 @@ msgstr "Basic-Auth"
 msgid "Bearer Token"
 msgstr "Bearer Token"
 #: src/admin/flows/FlowForm.ts
 msgid "Behavior settings"
 msgstr "Behavior settings"
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 msgid "Bind CN"
 msgstr "Bind CN"
@ -879,12 +915,16 @@ msgid "CA which the endpoint's Certificate is verified against. Can be left empt
 msgstr "CA which the endpoint's Certificate is verified against. Can be left empty for no validation."
 #: src/admin/flows/FlowForm.ts
-msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
+#~ msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
-msgstr "CONTINUE will either follow the ?next parameter or redirect to the default interface."
+#~ msgstr "CONTINUE will either follow the ?next parameter or redirect to the default interface."
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+msgid "Cached binding"
-msgstr "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+msgstr "Cached binding"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
 #~ msgstr "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
 #: src/admin/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
@ -895,8 +935,12 @@ msgid "Cached policies"
 msgstr "Cached policies"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
+msgid "Cached querying"
-msgstr "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
+msgstr "Cached querying"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
 #~ msgstr "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Caddy (Standalone)"
@ -1173,6 +1217,7 @@ msgstr "Client type"
 #: src/admin/users/UserListPage.ts
 #: src/elements/notifications/NotificationDrawer.ts
 #: src/elements/wizard/Wizard.ts
 #: src/flow/FlowInspector.ts
 msgid "Close"
 msgstr "Close"
@ -1249,8 +1294,12 @@ msgid "Configure how the NameID value will be created. When left empty, the Name
 msgstr "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
 #: src/admin/flows/StageBindingForm.ts
-msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgid "Configure how the flow executor should handle an invalid response to a challenge given by this bound stage."
-msgstr "Configure how the flow executor should handle an invalid response to a challenge."
+msgstr "Configure how the flow executor should handle an invalid response to a challenge given by this bound stage."
 #: src/admin/flows/StageBindingForm.ts
 #~ msgid "Configure how the flow executor should handle an invalid response to a challenge."
 #~ msgstr "Configure how the flow executor should handle an invalid response to a challenge."
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Configure how the issuer field of the ID Token should be filled."
@ -1679,8 +1728,8 @@ msgstr "Customisation"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "DSA-SHA1"
+#~ msgid "DSA-SHA1"
-msgstr "DSA-SHA1"
+#~ msgstr "DSA-SHA1"
 #: src/admin/AdminInterface.ts
 msgid "Dashboards"
@ -1905,16 +1954,24 @@ msgid "Digits"
 msgstr "Digits"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct binding, always execute the configured bind flow to authenticate the user."
+msgid "Direct binding"
-msgstr "Direct binding, always execute the configured bind flow to authenticate the user."
+msgstr "Direct binding"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Direct binding, always execute the configured bind flow to authenticate the user."
 #~ msgstr "Direct binding, always execute the configured bind flow to authenticate the user."
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying"
 msgstr "Direct querying"
 #: src/pages/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Direct querying, always execute the configured bind flow to authenticate the user."
 #~ msgstr "Direct querying, always execute the configured bind flow to authenticate the user."
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct querying, always returns the latest data, but slower than cached querying."
+#~ msgid "Direct querying, always returns the latest data, but slower than cached querying."
-msgstr "Direct querying, always returns the latest data, but slower than cached querying."
+#~ msgstr "Direct querying, always returns the latest data, but slower than cached querying."
 #: src/admin/AdminInterface.ts
 msgid "Directory"
@ -1991,8 +2048,12 @@ msgid "Download signing certificate"
 msgstr "Download signing certificate"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
+msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate."
-msgstr "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
+msgstr "Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate."
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
 #~ msgstr "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
 #: src/pages/policies/PolicyWizard.ts
 #~ msgid "Dummy"
@ -2039,8 +2100,12 @@ msgid "Duration after which events will be deleted from the database."
 msgstr "Duration after which events will be deleted from the database."
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Each provider has a different issuer, based on the application slug."
+msgid "Each provider has a different issuer, based on the application slug"
-msgstr "Each provider has a different issuer, based on the application slug."
+msgstr "Each provider has a different issuer, based on the application slug"
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "Each provider has a different issuer, based on the application slug."
 #~ msgstr "Each provider has a different issuer, based on the application slug."
 #: src/admin/applications/ApplicationViewPage.ts
 #: src/admin/applications/ApplicationViewPage.ts
@ -2154,8 +2219,8 @@ msgstr "Enable StartTLS"
 #~ msgstr "Enable TOTP"
 #: src/admin/flows/FlowForm.ts
-msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
+#~ msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
-msgstr "Enable compatibility mode, increases compatibility with password managers on mobile devices."
+#~ msgstr "Enable compatibility mode, increases compatibility with password managers on mobile devices."
 #: src/admin/blueprints/BlueprintForm.ts
 #: src/admin/blueprints/BlueprintListPage.ts
@ -2534,6 +2599,10 @@ msgstr "Flow execution"
 msgid "Flow inspector"
 msgstr "Flow inspector"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Flow is executed and session is cached in memory. Flow is executed when session expires"
 msgstr "Flow is executed and session is cached in memory. Flow is executed when session expires"
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
@ -3079,6 +3148,10 @@ msgstr "Include User claims from scopes in the id_token, for applications that d
 msgid "Include claims in id_token"
 msgstr "Include claims in id_token"
 #: src/admin/flows/FlowForm.ts
 msgid "Increases compatibility with password managers and mobile devices."
 msgstr "Increases compatibility with password managers and mobile devices."
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Integration"
@ -3128,8 +3201,12 @@ msgstr ""
 "username they are attempting to login as, by one."
 #: src/admin/flows/StageBindingForm.ts
-msgid "Invalid response action"
+#~ msgid "Invalid response action"
-msgstr "Invalid response action"
+#~ msgstr "Invalid response action"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Invalid response behavior"
 msgstr "Invalid response behavior"
 #: src/admin/flows/utils.ts
 msgid "Invalidation"
@ -3376,82 +3453,29 @@ msgstr "Load servers"
 msgid "Loading"
 msgstr "Loading"
-#: src/admin/applications/ApplicationCheckAccessForm.ts
+#: src/elements/forms/SearchSelect.ts
-#: src/admin/applications/ApplicationForm.ts
+msgid "Loading options..."
-#: src/admin/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgstr "Loading options..."
-#: src/admin/blueprints/BlueprintForm.ts
+
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/TransportForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/policies/PolicyBindingForm.ts
 #: src/admin/policies/PolicyTestForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderImportForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
 #: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
 #: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
 #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 #: src/admin/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
 #: src/admin/stages/email/EmailStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/invitation/InvitationForm.ts
 #: src/admin/stages/invitation/InvitationListLink.ts
 #: src/admin/stages/password/PasswordStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tokens/TokenForm.ts
 #: src/admin/users/UserForm.ts
 #: src/admin/users/UserResetEmailForm.ts
 #: src/elements/Spinner.ts
 msgid "Loading..."
 msgstr "Loading..."
@ -3537,12 +3561,12 @@ msgid "Long-running operations which authentik executes in the background."
 msgstr "Long-running operations which authentik executes in the background."
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE will notify the user the flow isn't applicable."
+#~ msgid "MESSAGE will notify the user the flow isn't applicable."
-msgstr "MESSAGE will notify the user the flow isn't applicable."
+#~ msgstr "MESSAGE will notify the user the flow isn't applicable."
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
+#~ msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
-msgstr "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
+#~ msgstr "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
 #: src/admin/users/UserViewPage.ts
 msgid "MFA Authenticators"
@ -4023,7 +4047,6 @@ msgstr "Not synced yet."
 msgid "Not used by any other object."
 msgstr "Not used by any other object."
 #: src/flow/stages/FlowErrorStage.ts
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 #: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
 #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
@ -4568,8 +4591,16 @@ msgid "Post binding"
 msgstr "Post binding"
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "Post binding (auto-submit)"
+#~ msgid "Post binding (auto-submit)"
-msgstr "Post binding (auto-submit)"
+#~ msgstr "Post binding (auto-submit)"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post binding but the request is automatically sent and the user doesn't have to confirm."
 msgstr "Post binding but the request is automatically sent and the user doesn't have to confirm."
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post-auto binding"
 msgstr "Post-auto binding"
 #: src/flow/FlowExecutor.ts
 msgid "Powered by authentik"
@ -4734,16 +4765,16 @@ msgstr "Quick actions"
 #~ msgstr "RESTART restarts the flow from the beginning, while keeping the flow context."
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART restarts the flow from the beginning."
+#~ msgid "RESTART restarts the flow from the beginning."
-msgstr "RESTART restarts the flow from the beginning."
+#~ msgstr "RESTART restarts the flow from the beginning."
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
+#~ msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
-msgstr "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
+#~ msgstr "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
 #: src/admin/flows/StageBindingForm.ts
-msgid "RETRY returns the error message and a similar challenge to the executor."
+#~ msgid "RETRY returns the error message and a similar challenge to the executor."
-msgstr "RETRY returns the error message and a similar challenge to the executor."
+#~ msgstr "RETRY returns the error message and a similar challenge to the executor."
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "RS256 (Asymmetric Encryption)"
@ -4755,23 +4786,23 @@ msgstr "RETRY returns the error message and a similar challenge to the executor.
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA1"
+#~ msgid "RSA-SHA1"
-msgstr "RSA-SHA1"
+#~ msgstr "RSA-SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA256"
+#~ msgid "RSA-SHA256"
-msgstr "RSA-SHA256"
+#~ msgstr "RSA-SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA384"
+#~ msgid "RSA-SHA384"
-msgstr "RSA-SHA384"
+#~ msgstr "RSA-SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA512"
+#~ msgid "RSA-SHA512"
-msgstr "RSA-SHA512"
+#~ msgstr "RSA-SHA512"
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 msgid "Raw JWKS data."
@ -4933,6 +4964,10 @@ msgstr "Reputation scores"
 msgid "Request"
 msgstr "Request"
 #: src/flow/stages/FlowErrorStage.ts
 msgid "Request ID"
 msgstr "Request ID"
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 msgid "Request has been denied."
 msgstr "Request has been denied."
@ -4982,6 +5017,14 @@ msgstr "Resident key requirement"
 #~ msgid "Resources"
 #~ msgstr "Resources"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning"
 msgstr "Restarts the flow from the beginning"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning, while keeping the flow context"
 msgstr "Restarts the flow from the beginning, while keeping the flow context"
 #: src/admin/events/EventInfo.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 msgid "Result"
@ -5001,8 +5044,8 @@ msgstr "Retry authentication"
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Return"
+#~ msgid "Return"
-msgstr "Return"
+#~ msgstr "Return"
 #: src/elements/router/Router404.ts
 msgid "Return home"
@ -5018,6 +5061,10 @@ msgstr "Return to device picker"
 #~ msgid "Return true if request IP/target username's score is below a certain threshold."
 #~ msgstr "Return true if request IP/target username's score is below a certain threshold."
 #: src/admin/flows/StageBindingForm.ts
 msgid "Returns the error message and a similar challenge to the executor"
 msgstr "Returns the error message and a similar challenge to the executor"
 #: src/elements/oauth/UserRefreshList.ts
 msgid "Revoked?"
 msgstr "Revoked?"
@ -5060,29 +5107,37 @@ msgstr "SAML details"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA1"
+#~ msgid "SHA1"
-msgstr "SHA1"
+#~ msgstr "SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA256"
+#~ msgid "SHA256"
-msgstr "SHA256"
+#~ msgstr "SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA384"
+#~ msgid "SHA384"
-msgstr "SHA384"
+#~ msgstr "SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA512"
+#~ msgid "SHA512"
-msgstr "SHA512"
+#~ msgstr "SHA512"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceViewPage.ts
 msgid "SLO URL"
 msgstr "SLO URL"
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Post)"
 msgstr "SLO URL (Post)"
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Redirect)"
 msgstr "SLO URL (Redirect)"
 #: src/flow/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "SMS"
 msgstr "SMS"
@ -5237,7 +5292,7 @@ msgstr "Select an enrollment flow"
 #~ msgid "Select an identification method."
 #~ msgstr "Select an identification method."
-#: src/elements/SearchSelect.ts
+#: src/elements/forms/SearchSelect.ts
 msgid "Select an object."
 msgstr "Select an object."
@ -5512,9 +5567,7 @@ msgstr "Single-page applications which handle authentication in the browser (for
 msgid "Slug"
 msgstr "Slug"
 #: src/flow/FlowExecutor.ts
 #: src/flow/stages/FlowErrorStage.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
 msgid "Something went wrong! Please try again later."
 msgstr "Something went wrong! Please try again later."
@ -5530,6 +5583,10 @@ msgstr "Source linked"
 #~ msgid "Source name"
 #~ msgstr "Source name"
 #: src/admin/stages/identification/IdentificationStageForm.ts
 msgid "Source settings"
 msgstr "Source settings"
 #: src/user/user-settings/sources/SourceSettingsOAuth.ts
 #: src/user/user-settings/sources/SourceSettingsPlex.ts
 #~ msgid "Source {0}"
@ -6289,6 +6346,10 @@ msgstr "The following objects use {objName}"
 msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
 msgstr "The new application wizard greatly simplifies the steps required to create applications and providers."
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "The outpost holds all users and groups in-memory and will refresh every 5 Minutes"
 msgstr "The outpost holds all users and groups in-memory and will refresh every 5 Minutes"
 #: src/pages/policies/reputation/ReputationPolicyForm.ts
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
@ -6407,6 +6468,10 @@ msgstr "This stage checks the user's current session against the Google reCaptch
 msgid "Threshold"
 msgstr "Threshold"
 #: src/admin/stages/dummy/DummyStageForm.ts
 msgid "Throw error?"
 msgstr "Throw error?"
 #: src/admin/stages/email/EmailStageForm.ts
 msgid "Time in minutes the token sent is valid."
 msgstr "Time in minutes the token sent is valid."
@ -6698,6 +6763,39 @@ msgstr "Unique identifier the token is referenced by."
 msgid "Unknown"
 msgstr "Unknown"
 #: src/admin/flows/utils.ts
 msgid "Unknown designation"
 msgstr "Unknown designation"
 #: src/admin/tokens/TokenListPage.ts
 msgid "Unknown intent"
 msgstr "Unknown intent"
 #: src/admin/flows/utils.ts
 msgid "Unknown layout"
 msgstr "Unknown layout"
 #: src/admin/outposts/OutpostForm.ts
 msgid "Unknown outpost type"
 msgstr "Unknown outpost type"
 #: src/admin/sources/oauth/OAuthSourceViewPage.ts
 msgid "Unknown provider type"
 msgstr "Unknown provider type"
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Unknown proxy mode"
 msgstr "Unknown proxy mode"
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Unknown type"
 msgstr "Unknown type"
 #: src/admin/sources/oauth/utils.ts
 msgid "Unknown user matching mode"
 msgstr "Unknown user matching mode"
 #: 
 #~ msgid "Unmanaged"
 #~ msgstr "Unmanaged"
@ -6959,6 +7057,14 @@ msgstr "Use this provider with nginx's auth_request or traefik's forwardAuth. On
 msgid "Use this tenant for each domain that doesn't have a dedicated tenant."
 msgstr "Use this tenant for each domain that doesn't have a dedicated tenant."
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to access the API programmatically"
 msgstr "Used to access the API programmatically"
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to login using a flow executor"
 msgstr "Used to login using a flow executor"
 #: src/admin/applications/ApplicationCheckAccessForm.ts
 #: src/admin/events/EventInfo.ts
 #: src/admin/events/EventListPage.ts
@ -7436,8 +7542,20 @@ msgstr "When using proxy or forward auth (single application) mode, the requeste
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Whoops!"
+#~ msgid "Whoops!"
-msgstr "Whoops!"
+#~ msgstr "Whoops!"
 #: src/admin/flows/FlowForm.ts
 msgid "Will either follow the ?next parameter or redirect to the default interface"
 msgstr "Will either follow the ?next parameter or redirect to the default interface"
 #: src/admin/flows/FlowForm.ts
 msgid "Will follow the ?next parameter if set, otherwise show a message"
 msgstr "Will follow the ?next parameter if set, otherwise show a message"
 #: src/admin/flows/FlowForm.ts
 msgid "Will notify the user the flow isn't applicable"
 msgstr "Will notify the user the flow isn't applicable"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Windows"
--- a/web/src/locales/es.po
+++ b/web/src/locales/es.po
@ -121,21 +121,21 @@ msgstr "URL ACS"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ALL, all policies must match to grant access."
+#~ msgid "ALL, all policies must match to grant access."
-msgstr "TODAS, todas las políticas deben coincidir para otorgar acceso."
+#~ msgstr "TODAS, todas las políticas deben coincidir para otorgar acceso."
 #: src/admin/flows/StageBindingForm.ts
-msgid "ALL, all policies must match to include this stage access."
+#~ msgid "ALL, all policies must match to include this stage access."
-msgstr "TODAS, todas las políticas deben coincidir para incluir el acceso a esta etapa."
+#~ msgstr "TODAS, todas las políticas deben coincidir para incluir el acceso a esta etapa."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ANY, any policy must match to grant access."
+#~ msgid "ANY, any policy must match to grant access."
-msgstr "CUALQUIERA, cualquier política debe coincidir para otorgar acceso."
+#~ msgstr "CUALQUIERA, cualquier política debe coincidir para otorgar acceso."
 #: src/admin/flows/StageBindingForm.ts
-msgid "ANY, any policy must match to include this stage access."
+#~ msgid "ANY, any policy must match to include this stage access."
-msgstr "CUALQUIERA, cualquier política debe coincidir para incluir el acceso a esta etapa."
+#~ msgstr "CUALQUIERA, cualquier política debe coincidir para incluir el acceso a esta etapa."
 #: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
 msgid "API"
@ -162,8 +162,12 @@ msgid "API Requests"
 msgstr "Solicitudes de API"
 #: src/admin/tokens/TokenForm.ts
-msgid "API Token (can be used to access the API programmatically)"
+msgid "API Token"
-msgstr "Token de API (se puede usar para acceder a la API mediante programación)"
+msgstr ""
 #: src/admin/tokens/TokenForm.ts
 #~ msgid "API Token (can be used to access the API programmatically)"
 #~ msgstr "Token de API (se puede usar para acceder a la API mediante programación)"
 #: src/admin/stages/captcha/CaptchaStageForm.ts
 msgid "API URL"
@ -360,12 +364,18 @@ msgid "Affected model:"
 msgstr "Modelo afectado:"
 #: src/admin/events/RuleForm.ts
-msgid "Alert"
+#~ msgid "Alert"
-msgstr "Alerta"
+#~ msgstr "Alerta"
 #~ msgid "Algorithm used to sign the JWT Tokens."
 #~ msgstr "Algoritmo utilizado para firmar los tokens JWT."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "All policies must match to grant access"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Allow IDP-initiated logins"
 msgstr "Permitir inicios de sesión iniciados por el proveedor IDP"
@ -416,10 +426,18 @@ msgstr ""
 msgid "Alternatively, if your current device has Duo installed, click on this link:"
 msgstr "Como alternativa, si su dispositivo actual tiene instalado Duo, haga clic en este enlace:"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always execute the configured bind flow to authenticate the user"
 msgstr ""
 #: src/admin/stages/consent/ConsentStageForm.ts
 msgid "Always require consent"
 msgstr "Exigir siempre el consentimiento"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always returns the latest data, but slower than cached querying"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 msgid "An example setup can look like this:"
 msgstr "Un ejemplo de configuración podría ser así:"
@ -428,6 +446,12 @@ msgstr "Un ejemplo de configuración podría ser así:"
 msgid "Any HTML can be used."
 msgstr "Se puede usar cualquier código HTML."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "Any policy must match to grant access"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 msgid "App"
@ -438,8 +462,16 @@ msgid "App password"
 msgstr "contraseña de la aplicación"
 #: src/admin/tokens/TokenForm.ts
-msgid "App password (can be used to login using a flow executor)"
+#~ msgid "App password (can be used to login using a flow executor)"
-msgstr "Contraseña de la aplicación (se puede usar para iniciar sesión con un ejecutor de flujo)"
+#~ msgstr "Contraseña de la aplicación (se puede usar para iniciar sesión con un ejecutor de flujo)"
 #: src/admin/tokens/TokenForm.ts
 msgid "App password."
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Appearance settings"
 msgstr ""
 #: src/admin/admin-overview/TopApplicationsTable.ts
 #: src/admin/providers/ProviderListPage.ts
@ -777,6 +809,10 @@ msgstr "Autenticación básica"
 msgid "Bearer Token"
 msgstr "Token portador"
 #: src/admin/flows/FlowForm.ts
 msgid "Behavior settings"
 msgstr ""
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 msgid "Bind CN"
 msgstr "CN de enlace"
@ -865,12 +901,16 @@ msgid "CA which the endpoint's Certificate is verified against. Can be left empt
 msgstr "CA contra la que se verifica el certificado del destino. Se puede dejar vacío para que no se valide."
 #: src/admin/flows/FlowForm.ts
-msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
+#~ msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Cached binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+#~ msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
-msgstr ""
+#~ msgstr ""
 #: src/admin/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
@ -881,8 +921,12 @@ msgid "Cached policies"
 msgstr "Políticas almacenadas en caché"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
+msgid "Cached querying"
-msgstr "Al realizar consultas en caché, el controlador mantiene a todos los usuarios y grupos en memoria y se actualizará cada 5 minutos."
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
 #~ msgstr "Al realizar consultas en caché, el controlador mantiene a todos los usuarios y grupos en memoria y se actualizará cada 5 minutos."
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Caddy (Standalone)"
@ -1153,6 +1197,7 @@ msgstr "Tipo de cliente"
 #: src/admin/users/UserListPage.ts
 #: src/elements/notifications/NotificationDrawer.ts
 #: src/elements/wizard/Wizard.ts
 #: src/flow/FlowInspector.ts
 msgid "Close"
 msgstr "Cerrar"
@ -1226,8 +1271,12 @@ msgid "Configure how the NameID value will be created. When left empty, the Name
 msgstr "Configurar cómo se creará el valor NameID. Cuando se deja vacío, se respetará la NameIDPolicy de la solicitud entrante."
 #: src/admin/flows/StageBindingForm.ts
-msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgid "Configure how the flow executor should handle an invalid response to a challenge given by this bound stage."
-msgstr "Configurar cómo el ejecutor de flujo debe gestionar una respuesta no válida a un desafío."
+msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 #~ msgid "Configure how the flow executor should handle an invalid response to a challenge."
 #~ msgstr "Configurar cómo el ejecutor de flujo debe gestionar una respuesta no válida a un desafío."
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Configure how the issuer field of the ID Token should be filled."
@ -1649,8 +1698,8 @@ msgstr "Personalización"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "DSA-SHA1"
+#~ msgid "DSA-SHA1"
-msgstr "DSA-SHA1"
+#~ msgstr "DSA-SHA1"
 #: src/admin/AdminInterface.ts
 msgid "Dashboards"
@ -1868,15 +1917,23 @@ msgid "Digits"
 msgstr "Dígitos"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct binding, always execute the configured bind flow to authenticate the user."
+msgid "Direct binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Direct binding, always execute the configured bind flow to authenticate the user."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying"
 msgstr ""
 #~ msgid "Direct querying, always execute the configured bind flow to authenticate the user."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct querying, always returns the latest data, but slower than cached querying."
+#~ msgid "Direct querying, always returns the latest data, but slower than cached querying."
-msgstr "La consulta directa siempre devuelve los datos más recientes, pero es más lenta que la consulta en caché."
+#~ msgstr "La consulta directa siempre devuelve los datos más recientes, pero es más lenta que la consulta en caché."
 #: src/admin/AdminInterface.ts
 msgid "Directory"
@ -1947,8 +2004,12 @@ msgid "Download signing certificate"
 msgstr "Descargar certificado de firma"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
+msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate."
-msgstr "Debido a las limitaciones del protocolo, este certificado solo se usa cuando el controlador tiene un único proveedor."
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
 #~ msgstr "Debido a las limitaciones del protocolo, este certificado solo se usa cuando el controlador tiene un único proveedor."
 #~ msgid "Dummy"
 #~ msgstr ""
@ -1993,8 +2054,12 @@ msgid "Duration after which events will be deleted from the database."
 msgstr "Duración tras la cual los eventos se eliminarán de la base de datos."
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Each provider has a different issuer, based on the application slug."
+msgid "Each provider has a different issuer, based on the application slug"
-msgstr "Cada proveedor tiene un emisor diferente, en función del slug de la aplicación."
+msgstr ""
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "Each provider has a different issuer, based on the application slug."
 #~ msgstr "Cada proveedor tiene un emisor diferente, en función del slug de la aplicación."
 #: src/admin/applications/ApplicationViewPage.ts
 #: src/admin/applications/ApplicationViewPage.ts
@ -2102,8 +2167,8 @@ msgstr "Habilitar StartTLS"
 #~ msgstr "Habilitar TOTP"
 #: src/admin/flows/FlowForm.ts
-msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
+#~ msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
-msgstr "Habilitar el modo de compatibilidad, aumenta la compatibilidad con los administradores de contraseñas en dispositivos móviles."
+#~ msgstr "Habilitar el modo de compatibilidad, aumenta la compatibilidad con los administradores de contraseñas en dispositivos móviles."
 #: src/admin/blueprints/BlueprintForm.ts
 #: src/admin/blueprints/BlueprintListPage.ts
@ -2473,6 +2538,10 @@ msgstr "Ejecución de flujo"
 msgid "Flow inspector"
 msgstr "inspector de flujo"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Flow is executed and session is cached in memory. Flow is executed when session expires"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
@ -3006,6 +3075,10 @@ msgstr "Incluir las afirmaciones de usuario de los ámbitos en el id_token, para
 msgid "Include claims in id_token"
 msgstr "Incluir afirmaciones en id_token"
 #: src/admin/flows/FlowForm.ts
 msgid "Increases compatibility with password managers and mobile devices."
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Integration"
@ -3054,8 +3127,12 @@ msgstr ""
 "y del nombre de usuario con el que están intentando iniciar sesión, en uno."
 #: src/admin/flows/StageBindingForm.ts
-msgid "Invalid response action"
+#~ msgid "Invalid response action"
-msgstr "Acción de respuesta no válida"
+#~ msgstr "Acción de respuesta no válida"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Invalid response behavior"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Invalidation"
@ -3297,82 +3374,29 @@ msgstr "Cargar servidores"
 msgid "Loading"
 msgstr "Cargando"
-#: src/admin/applications/ApplicationCheckAccessForm.ts
+#: src/elements/forms/SearchSelect.ts
-#: src/admin/applications/ApplicationForm.ts
+msgid "Loading options..."
-#: src/admin/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgstr ""
-#: src/admin/blueprints/BlueprintForm.ts
+
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/TransportForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/policies/PolicyBindingForm.ts
 #: src/admin/policies/PolicyTestForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderImportForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
 #: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
 #: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
 #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 #: src/admin/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
 #: src/admin/stages/email/EmailStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/invitation/InvitationForm.ts
 #: src/admin/stages/invitation/InvitationListLink.ts
 #: src/admin/stages/password/PasswordStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tokens/TokenForm.ts
 #: src/admin/users/UserForm.ts
 #: src/admin/users/UserResetEmailForm.ts
 #: src/elements/Spinner.ts
 msgid "Loading..."
 msgstr "Cargando..."
@ -3457,12 +3481,12 @@ msgid "Long-running operations which authentik executes in the background."
 msgstr "Operaciones de larga ejecución que authentik ejecuta en segundo plano."
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE will notify the user the flow isn't applicable."
+#~ msgid "MESSAGE will notify the user the flow isn't applicable."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
+#~ msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
-msgstr ""
+#~ msgstr ""
 #: src/admin/users/UserViewPage.ts
 msgid "MFA Authenticators"
@ -3940,7 +3964,6 @@ msgstr "Aún no se ha sincronizado."
 msgid "Not used by any other object."
 msgstr "No lo usa ningún otro objeto."
 #: src/flow/stages/FlowErrorStage.ts
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 #: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
 #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
@ -4459,8 +4482,16 @@ msgid "Post binding"
 msgstr "Encuadernación"
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "Post binding (auto-submit)"
+#~ msgid "Post binding (auto-submit)"
-msgstr "Publicar enlace (envío automático)"
+#~ msgstr "Publicar enlace (envío automático)"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post binding but the request is automatically sent and the user doesn't have to confirm."
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post-auto binding"
 msgstr ""
 #: src/flow/FlowExecutor.ts
 msgid "Powered by authentik"
@ -4622,16 +4653,16 @@ msgstr "Acciones rápidas"
 #~ msgstr "RESTART reinicia el flujo desde el principio, a la vez que mantiene el contexto del flujo."
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART restarts the flow from the beginning."
+#~ msgid "RESTART restarts the flow from the beginning."
-msgstr "RESTART reinicia el flujo desde el principio."
+#~ msgstr "RESTART reinicia el flujo desde el principio."
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
+#~ msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "RETRY returns the error message and a similar challenge to the executor."
+#~ msgid "RETRY returns the error message and a similar challenge to the executor."
-msgstr "RETRY devuelve el mensaje de error y un desafío similar para el ejecutor."
+#~ msgstr "RETRY devuelve el mensaje de error y un desafío similar para el ejecutor."
 #~ msgid "RS256 (Asymmetric Encryption)"
 #~ msgstr "RS256 (cifrado asimétrico)"
@ -4641,23 +4672,23 @@ msgstr "RETRY devuelve el mensaje de error y un desafío similar para el ejecuto
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA1"
+#~ msgid "RSA-SHA1"
-msgstr "RSA-SHA1"
+#~ msgstr "RSA-SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA256"
+#~ msgid "RSA-SHA256"
-msgstr "RSA-SHA256"
+#~ msgstr "RSA-SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA384"
+#~ msgid "RSA-SHA384"
-msgstr "RSA-SHA384"
+#~ msgstr "RSA-SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA512"
+#~ msgid "RSA-SHA512"
-msgstr "RSA-SHA512"
+#~ msgstr "RSA-SHA512"
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 msgid "Raw JWKS data."
@ -4811,6 +4842,10 @@ msgstr "Puntuación de reputación"
 msgid "Request"
 msgstr "Solicitud"
 #: src/flow/stages/FlowErrorStage.ts
 msgid "Request ID"
 msgstr ""
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 msgid "Request has been denied."
 msgstr "Se ha denegado la solicitud."
@ -4858,6 +4893,14 @@ msgstr "Requisito clave residente"
 #~ msgid "Resources"
 #~ msgstr "Recursos"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning"
 msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning, while keeping the flow context"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 msgid "Result"
@ -4876,8 +4919,8 @@ msgstr "Reintentar la autenticación"
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Return"
+#~ msgid "Return"
-msgstr "Devolución"
+#~ msgstr "Devolución"
 #: src/elements/router/Router404.ts
 msgid "Return home"
@ -4892,6 +4935,10 @@ msgstr "Regresar al selector de dispositivos"
 #~ msgid "Return true if request IP/target username's score is below a certain threshold."
 #~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Returns the error message and a similar challenge to the executor"
 msgstr ""
 #: src/elements/oauth/UserRefreshList.ts
 msgid "Revoked?"
 msgstr "¿Revocado?"
@ -4932,29 +4979,37 @@ msgstr ""
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA1"
+#~ msgid "SHA1"
-msgstr "SHA1"
+#~ msgstr "SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA256"
+#~ msgid "SHA256"
-msgstr "SHA-256"
+#~ msgstr "SHA-256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA384"
+#~ msgid "SHA384"
-msgstr "SHA384"
+#~ msgstr "SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA512"
+#~ msgid "SHA512"
-msgstr "SHA512"
+#~ msgstr "SHA512"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceViewPage.ts
 msgid "SLO URL"
 msgstr "URL LENTO"
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Post)"
 msgstr ""
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Redirect)"
 msgstr ""
 #: src/flow/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "SMS"
 msgstr "SMS"
@ -5107,7 +5162,7 @@ msgstr "Seleccione un flujo de inscripción"
 #~ msgid "Select an identification method."
 #~ msgstr "Seleccione un método de identificación."
-#: src/elements/SearchSelect.ts
+#: src/elements/forms/SearchSelect.ts
 msgid "Select an object."
 msgstr ""
@ -5374,9 +5429,7 @@ msgstr ""
 msgid "Slug"
 msgstr "babosa"
 #: src/flow/FlowExecutor.ts
 #: src/flow/stages/FlowErrorStage.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
 msgid "Something went wrong! Please try again later."
 msgstr "¡Algo salió mal! Inténtelo de nuevo más tarde."
@ -5390,6 +5443,10 @@ msgstr "Fuente enlazada"
 #~ msgid "Source name"
 #~ msgstr "Nombre fuente"
 #: src/admin/stages/identification/IdentificationStageForm.ts
 msgid "Source settings"
 msgstr ""
 #~ msgid "Source {0}"
 #~ msgstr "Fuente {0}"
@ -6124,6 +6181,10 @@ msgstr "Los siguientes objetos usan {objName}"
 msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "The outpost holds all users and groups in-memory and will refresh every 5 Minutes"
 msgstr ""
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@ -6241,6 +6302,10 @@ msgstr ""
 msgid "Threshold"
 msgstr "umbral"
 #: src/admin/stages/dummy/DummyStageForm.ts
 msgid "Throw error?"
 msgstr ""
 #: src/admin/stages/email/EmailStageForm.ts
 msgid "Time in minutes the token sent is valid."
 msgstr "El tiempo en minutos que se envía el token es válido."
@ -6526,6 +6591,39 @@ msgstr "Identificador único por el que se hace referencia al token."
 msgid "Unknown"
 msgstr "Desconocido"
 #: src/admin/flows/utils.ts
 msgid "Unknown designation"
 msgstr ""
 #: src/admin/tokens/TokenListPage.ts
 msgid "Unknown intent"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Unknown layout"
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 msgid "Unknown outpost type"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceViewPage.ts
 msgid "Unknown provider type"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Unknown proxy mode"
 msgstr ""
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Unknown type"
 msgstr ""
 #: src/admin/sources/oauth/utils.ts
 msgid "Unknown user matching mode"
 msgstr ""
 #~ msgid "Unmanaged"
 #~ msgstr "No administrado"
@ -6786,6 +6884,14 @@ msgstr "Use este proveedor con auth_request de nginx o ForwardAuth de traefik. S
 msgid "Use this tenant for each domain that doesn't have a dedicated tenant."
 msgstr "Use este inquilino para cada dominio que no tenga un inquilino dedicado."
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to access the API programmatically"
 msgstr ""
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to login using a flow executor"
 msgstr ""
 #: src/admin/applications/ApplicationCheckAccessForm.ts
 #: src/admin/events/EventInfo.ts
 #: src/admin/events/EventListPage.ts
@ -7251,8 +7357,20 @@ msgstr "Cuando se usa el modo proxy o de autenticación directa (aplicación ún
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Whoops!"
+#~ msgid "Whoops!"
-msgstr "¡Ups!"
+#~ msgstr "¡Ups!"
 #: src/admin/flows/FlowForm.ts
 msgid "Will either follow the ?next parameter or redirect to the default interface"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will follow the ?next parameter if set, otherwise show a message"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will notify the user the flow isn't applicable"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Windows"
--- a/web/src/locales/fr_FR.po
+++ b/web/src/locales/fr_FR.po
@ -126,21 +126,21 @@ msgstr "ACS URL"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ALL, all policies must match to grant access."
+#~ msgid "ALL, all policies must match to grant access."
-msgstr "ALL, toutes les politiques doivent être vérifiée pour accorder l'accès."
+#~ msgstr "ALL, toutes les politiques doivent être vérifiée pour accorder l'accès."
 #: src/admin/flows/StageBindingForm.ts
-msgid "ALL, all policies must match to include this stage access."
+#~ msgid "ALL, all policies must match to include this stage access."
-msgstr "ALL, toutes les politiques doivent être vérifiées pour inclure l'accès à cette étape."
+#~ msgstr "ALL, toutes les politiques doivent être vérifiées pour inclure l'accès à cette étape."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ANY, any policy must match to grant access."
+#~ msgid "ANY, any policy must match to grant access."
-msgstr "ANY, n'importe laquelle des politiques doit être vérifiée pour accorder l'accès."
+#~ msgstr "ANY, n'importe laquelle des politiques doit être vérifiée pour accorder l'accès."
 #: src/admin/flows/StageBindingForm.ts
-msgid "ANY, any policy must match to include this stage access."
+#~ msgid "ANY, any policy must match to include this stage access."
-msgstr "ANY, n'importe laquelle des politiques doit être vérifiée pour inclure l'accès à cette étape."
+#~ msgstr "ANY, n'importe laquelle des politiques doit être vérifiée pour inclure l'accès à cette étape."
 #: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
 msgid "API"
@ -167,8 +167,12 @@ msgid "API Requests"
 msgstr "Requêtes d'API"
 #: src/admin/tokens/TokenForm.ts
-msgid "API Token (can be used to access the API programmatically)"
+msgid "API Token"
-msgstr "Jeton d'API (peut être utilisé pour accéder à l'API via un programme)"
+msgstr ""
 #: src/admin/tokens/TokenForm.ts
 #~ msgid "API Token (can be used to access the API programmatically)"
 #~ msgstr "Jeton d'API (peut être utilisé pour accéder à l'API via un programme)"
 #: src/admin/stages/captcha/CaptchaStageForm.ts
 msgid "API URL"
@ -365,12 +369,18 @@ msgid "Affected model:"
 msgstr "Modèle affecté :"
 #: src/admin/events/RuleForm.ts
-msgid "Alert"
+#~ msgid "Alert"
-msgstr "Alerte"
+#~ msgstr "Alerte"
 #~ msgid "Algorithm used to sign the JWT Tokens."
 #~ msgstr "Algorithme de signature utilisé pour les jetons JWT"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "All policies must match to grant access"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Allow IDP-initiated logins"
 msgstr "Autoriser les logins initiés par l'IDP"
@ -421,10 +431,18 @@ msgstr ""
 msgid "Alternatively, if your current device has Duo installed, click on this link:"
 msgstr "Sinon, si Duo est installé sur cet appareil, cliquez sur ce lien :"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always execute the configured bind flow to authenticate the user"
 msgstr ""
 #: src/admin/stages/consent/ConsentStageForm.ts
 msgid "Always require consent"
 msgstr "Toujours exiger l'approbation"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always returns the latest data, but slower than cached querying"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 msgid "An example setup can look like this:"
 msgstr ""
@ -433,6 +451,12 @@ msgstr ""
 msgid "Any HTML can be used."
 msgstr "N'importe quel HTML peut être utilisé."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "Any policy must match to grant access"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 msgid "App"
@ -443,8 +467,16 @@ msgid "App password"
 msgstr "Mot de passe de l'App"
 #: src/admin/tokens/TokenForm.ts
-msgid "App password (can be used to login using a flow executor)"
+#~ msgid "App password (can be used to login using a flow executor)"
-msgstr "Mot de passe de l'App (peut être utilisé pour ouvrir une session en utilisant un flux d'exécution)"
+#~ msgstr "Mot de passe de l'App (peut être utilisé pour ouvrir une session en utilisant un flux d'exécution)"
 #: src/admin/tokens/TokenForm.ts
 msgid "App password."
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Appearance settings"
 msgstr ""
 #: src/admin/admin-overview/TopApplicationsTable.ts
 #: src/admin/providers/ProviderListPage.ts
@ -782,6 +814,10 @@ msgstr "Basic-Auth"
 msgid "Bearer Token"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Behavior settings"
 msgstr ""
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 msgid "Bind CN"
 msgstr "Bind DN"
@ -870,12 +906,16 @@ msgid "CA which the endpoint's Certificate is verified against. Can be left empt
 msgstr "AC auprès de laquelle le certificat du terminal est vérifié. Peut être laissé vide en l'absence de validation."
 #: src/admin/flows/FlowForm.ts
-msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
+#~ msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Cached binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+#~ msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
-msgstr ""
+#~ msgstr ""
 #: src/admin/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
@ -886,9 +926,13 @@ msgid "Cached policies"
 msgstr "Politiques mises en cache"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
+msgid "Cached querying"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
 #~ msgstr ""
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Caddy (Standalone)"
 msgstr ""
@ -1158,6 +1202,7 @@ msgstr "Type du client"
 #: src/admin/users/UserListPage.ts
 #: src/elements/notifications/NotificationDrawer.ts
 #: src/elements/wizard/Wizard.ts
 #: src/flow/FlowInspector.ts
 msgid "Close"
 msgstr "Fermer"
@ -1231,8 +1276,12 @@ msgid "Configure how the NameID value will be created. When left empty, the Name
 msgstr "Configure la façon dont NameID sera créé. Si vide, la politique NameIDPolicy de la requête entrante sera appliquée."
 #: src/admin/flows/StageBindingForm.ts
-msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgid "Configure how the flow executor should handle an invalid response to a challenge given by this bound stage."
-msgstr "Configure comment l'exécuteur de flux gère une réponse invalide à un challenge."
+msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 #~ msgid "Configure how the flow executor should handle an invalid response to a challenge."
 #~ msgstr "Configure comment l'exécuteur de flux gère une réponse invalide à un challenge."
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Configure how the issuer field of the ID Token should be filled."
@ -1654,8 +1703,8 @@ msgstr "Personalisation"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "DSA-SHA1"
+#~ msgid "DSA-SHA1"
-msgstr "DSA-SHA1"
+#~ msgstr "DSA-SHA1"
 #: src/admin/AdminInterface.ts
 msgid "Dashboards"
@ -1871,15 +1920,23 @@ msgid "Digits"
 msgstr "Chiffres"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct binding, always execute the configured bind flow to authenticate the user."
+msgid "Direct binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Direct binding, always execute the configured bind flow to authenticate the user."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying"
 msgstr ""
 #~ msgid "Direct querying, always execute the configured bind flow to authenticate the user."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct querying, always returns the latest data, but slower than cached querying."
+#~ msgid "Direct querying, always returns the latest data, but slower than cached querying."
-msgstr ""
+#~ msgstr ""
 #: src/admin/AdminInterface.ts
 msgid "Directory"
@ -1950,8 +2007,12 @@ msgid "Download signing certificate"
 msgstr "Télécharger le certificat de signature"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
+msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate."
-msgstr "En raison des limitations du protocole, ce certificat n’est utilisé que lorsque l’avant-poste a un fournisseur unique."
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
 #~ msgstr "En raison des limitations du protocole, ce certificat n’est utilisé que lorsque l’avant-poste a un fournisseur unique."
 #~ msgid "Dummy"
 #~ msgstr ""
@ -1996,8 +2057,12 @@ msgid "Duration after which events will be deleted from the database."
 msgstr "Expiration des évènements à l'issue de laquelle ils seront supprimés de la base de donnée."
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Each provider has a different issuer, based on the application slug."
+msgid "Each provider has a different issuer, based on the application slug"
-msgstr "Chaque fournisseur a un émetteur différent, basé sur le slug de l'application."
+msgstr ""
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "Each provider has a different issuer, based on the application slug."
 #~ msgstr "Chaque fournisseur a un émetteur différent, basé sur le slug de l'application."
 #: src/admin/applications/ApplicationViewPage.ts
 #: src/admin/applications/ApplicationViewPage.ts
@ -2105,8 +2170,8 @@ msgstr "Activer StartTLS"
 #~ msgstr "Activer TOTP"
 #: src/admin/flows/FlowForm.ts
-msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
+#~ msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
-msgstr "Activer le mode de compatibilité, améliore la compatibilité avec les gestionnaires de mot de passe sur les équipements mobiles."
+#~ msgstr "Activer le mode de compatibilité, améliore la compatibilité avec les gestionnaires de mot de passe sur les équipements mobiles."
 #: src/admin/blueprints/BlueprintForm.ts
 #: src/admin/blueprints/BlueprintListPage.ts
@ -2476,6 +2541,10 @@ msgstr ""
 msgid "Flow inspector"
 msgstr "Inspecteur de flux"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Flow is executed and session is cached in memory. Flow is executed when session expires"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
@ -3009,6 +3078,10 @@ msgstr "Inclure les claims relatifs à l’utilisateur dans l’id_token, pour l
 msgid "Include claims in id_token"
 msgstr "Include les claims utilisateur dans l’id_token"
 #: src/admin/flows/FlowForm.ts
 msgid "Increases compatibility with password managers and mobile devices."
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Integration"
@ -3055,8 +3128,12 @@ msgid ""
 msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "Invalid response action"
+#~ msgid "Invalid response action"
-msgstr "Action de réponse invalide"
+#~ msgstr "Action de réponse invalide"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Invalid response behavior"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Invalidation"
@ -3298,82 +3375,29 @@ msgstr "Charger les serveurs"
 msgid "Loading"
 msgstr "Chargement en cours"
-#: src/admin/applications/ApplicationCheckAccessForm.ts
+#: src/elements/forms/SearchSelect.ts
-#: src/admin/applications/ApplicationForm.ts
+msgid "Loading options..."
-#: src/admin/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgstr ""
-#: src/admin/blueprints/BlueprintForm.ts
+
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/TransportForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/policies/PolicyBindingForm.ts
 #: src/admin/policies/PolicyTestForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderImportForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
 #: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
 #: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
 #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 #: src/admin/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
 #: src/admin/stages/email/EmailStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/invitation/InvitationForm.ts
 #: src/admin/stages/invitation/InvitationListLink.ts
 #: src/admin/stages/password/PasswordStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tokens/TokenForm.ts
 #: src/admin/users/UserForm.ts
 #: src/admin/users/UserResetEmailForm.ts
 #: src/elements/Spinner.ts
 msgid "Loading..."
 msgstr "Chargement en cours..."
@ -3458,12 +3482,12 @@ msgid "Long-running operations which authentik executes in the background."
 msgstr "Opérations de longue durée qu'Authentik exécute en arrière-plan."
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE will notify the user the flow isn't applicable."
+#~ msgid "MESSAGE will notify the user the flow isn't applicable."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
+#~ msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
-msgstr ""
+#~ msgstr ""
 #: src/admin/users/UserViewPage.ts
 msgid "MFA Authenticators"
@ -3941,7 +3965,6 @@ msgstr "Pas encore synchronisé."
 msgid "Not used by any other object."
 msgstr "Pas utilisé par un autre objet."
 #: src/flow/stages/FlowErrorStage.ts
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 #: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
 #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
@ -4460,8 +4483,16 @@ msgid "Post binding"
 msgstr "Post"
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "Post binding (auto-submit)"
+#~ msgid "Post binding (auto-submit)"
-msgstr "Post (automatique)"
+#~ msgstr "Post (automatique)"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post binding but the request is automatically sent and the user doesn't have to confirm."
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post-auto binding"
 msgstr ""
 #: src/flow/FlowExecutor.ts
 msgid "Powered by authentik"
@ -4623,16 +4654,16 @@ msgstr "Actions rapides"
 #~ msgstr "REDÉMARRER redémarre le flux depuis le début, en gardant le contexte du flux."
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART restarts the flow from the beginning."
+#~ msgid "RESTART restarts the flow from the beginning."
-msgstr "REDÉMARRER redémarre le flux depuis le début."
+#~ msgstr "REDÉMARRER redémarre le flux depuis le début."
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
+#~ msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "RETRY returns the error message and a similar challenge to the executor."
+#~ msgid "RETRY returns the error message and a similar challenge to the executor."
-msgstr "RETRY indiquer le message d'erreur et présenter un challenge similaire à l'utilisateur"
+#~ msgstr "RETRY indiquer le message d'erreur et présenter un challenge similaire à l'utilisateur"
 #~ msgid "RS256 (Asymmetric Encryption)"
 #~ msgstr "RS256 (chiffrement asymétrique)"
@ -4642,23 +4673,23 @@ msgstr "RETRY indiquer le message d'erreur et présenter un challenge similaire
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA1"
+#~ msgid "RSA-SHA1"
-msgstr "RSA-SHA1"
+#~ msgstr "RSA-SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA256"
+#~ msgid "RSA-SHA256"
-msgstr "RSA-SHA256"
+#~ msgstr "RSA-SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA384"
+#~ msgid "RSA-SHA384"
-msgstr "RSA-SHA384"
+#~ msgstr "RSA-SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA512"
+#~ msgid "RSA-SHA512"
-msgstr "RSA-SHA512"
+#~ msgstr "RSA-SHA512"
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 msgid "Raw JWKS data."
@ -4812,6 +4843,10 @@ msgstr "Scores de réputation"
 msgid "Request"
 msgstr "Requête"
 #: src/flow/stages/FlowErrorStage.ts
 msgid "Request ID"
 msgstr ""
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 msgid "Request has been denied."
 msgstr "La requête a été refusée."
@ -4859,6 +4894,14 @@ msgstr ""
 #~ msgid "Resources"
 #~ msgstr "Ressources"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning"
 msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning, while keeping the flow context"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 msgid "Result"
@ -4877,8 +4920,8 @@ msgstr "Réessayer l'authentification"
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Return"
+#~ msgid "Return"
-msgstr "Retourner"
+#~ msgstr "Retourner"
 #: src/elements/router/Router404.ts
 msgid "Return home"
@ -4893,6 +4936,10 @@ msgstr "Retourner à la sélection d'appareil"
 #~ msgid "Return true if request IP/target username's score is below a certain threshold."
 #~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Returns the error message and a similar challenge to the executor"
 msgstr ""
 #: src/elements/oauth/UserRefreshList.ts
 msgid "Revoked?"
 msgstr "Révoqué ?"
@ -4933,29 +4980,37 @@ msgstr ""
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA1"
+#~ msgid "SHA1"
-msgstr "SHA1"
+#~ msgstr "SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA256"
+#~ msgid "SHA256"
-msgstr "SHA256"
+#~ msgstr "SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA384"
+#~ msgid "SHA384"
-msgstr "SHA384"
+#~ msgstr "SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA512"
+#~ msgid "SHA512"
-msgstr "SHA512"
+#~ msgstr "SHA512"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceViewPage.ts
 msgid "SLO URL"
 msgstr "URL SLO"
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Post)"
 msgstr ""
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Redirect)"
 msgstr ""
 #: src/flow/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "SMS"
 msgstr "SMS"
@ -5108,7 +5163,7 @@ msgstr "Sélectionnez un flux d'inscription"
 #~ msgid "Select an identification method."
 #~ msgstr "Sélectionnez une méthode d'identification"
-#: src/elements/SearchSelect.ts
+#: src/elements/forms/SearchSelect.ts
 msgid "Select an object."
 msgstr "Sélectionner un objet."
@ -5375,9 +5430,7 @@ msgstr ""
 msgid "Slug"
 msgstr "Slug"
 #: src/flow/FlowExecutor.ts
 #: src/flow/stages/FlowErrorStage.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
 msgid "Something went wrong! Please try again later."
 msgstr "Une erreur s'est produite ! Veuillez réessayer plus tard."
@ -5391,6 +5444,10 @@ msgstr "Source liée"
 #~ msgid "Source name"
 #~ msgstr ""
 #: src/admin/stages/identification/IdentificationStageForm.ts
 msgid "Source settings"
 msgstr ""
 #~ msgid "Source {0}"
 #~ msgstr "Source {0}"
@ -6125,6 +6182,10 @@ msgstr "Les objets suivants utilisent {objName}"
 msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "The outpost holds all users and groups in-memory and will refresh every 5 Minutes"
 msgstr ""
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@ -6232,6 +6293,10 @@ msgstr ""
 msgid "Threshold"
 msgstr "Seuil"
 #: src/admin/stages/dummy/DummyStageForm.ts
 msgid "Throw error?"
 msgstr ""
 #: src/admin/stages/email/EmailStageForm.ts
 msgid "Time in minutes the token sent is valid."
 msgstr "Temps en minutes durant lequel le jeton envoyé est valide."
@ -6517,6 +6582,39 @@ msgstr "Identifiant unique par lequel le jeton est référencé."
 msgid "Unknown"
 msgstr "Inconnu"
 #: src/admin/flows/utils.ts
 msgid "Unknown designation"
 msgstr ""
 #: src/admin/tokens/TokenListPage.ts
 msgid "Unknown intent"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Unknown layout"
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 msgid "Unknown outpost type"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceViewPage.ts
 msgid "Unknown provider type"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Unknown proxy mode"
 msgstr ""
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Unknown type"
 msgstr ""
 #: src/admin/sources/oauth/utils.ts
 msgid "Unknown user matching mode"
 msgstr ""
 #~ msgid "Unmanaged"
 #~ msgstr "Non géré"
@ -6777,6 +6875,14 @@ msgstr "Utilisez ce fournisseur avec auth_request de nginx ou forwardAuth de tra
 msgid "Use this tenant for each domain that doesn't have a dedicated tenant."
 msgstr "Utilisez ce locataire pour chaque domaine qui ne dispose pas d'un locataire dédié."
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to access the API programmatically"
 msgstr ""
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to login using a flow executor"
 msgstr ""
 #: src/admin/applications/ApplicationCheckAccessForm.ts
 #: src/admin/events/EventInfo.ts
 #: src/admin/events/EventListPage.ts
@ -7242,8 +7348,20 @@ msgstr ""
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Whoops!"
+#~ msgid "Whoops!"
-msgstr "Oups !"
+#~ msgstr "Oups !"
 #: src/admin/flows/FlowForm.ts
 msgid "Will either follow the ?next parameter or redirect to the default interface"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will follow the ?next parameter if set, otherwise show a message"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will notify the user the flow isn't applicable"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Windows"
--- a/web/src/locales/pl.po
+++ b/web/src/locales/pl.po
@ -121,21 +121,21 @@ msgstr "ACS URL"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ALL, all policies must match to grant access."
+#~ msgid "ALL, all policies must match to grant access."
-msgstr "ALL, wszystkie zasady muszą być zgodne, aby przyznać dostęp."
+#~ msgstr "ALL, wszystkie zasady muszą być zgodne, aby przyznać dostęp."
 #: src/admin/flows/StageBindingForm.ts
-msgid "ALL, all policies must match to include this stage access."
+#~ msgid "ALL, all policies must match to include this stage access."
-msgstr "ALL, wszystkie zasady muszą być zgodne, aby uwzględnić dostęp do tego etapu."
+#~ msgstr "ALL, wszystkie zasady muszą być zgodne, aby uwzględnić dostęp do tego etapu."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ANY, any policy must match to grant access."
+#~ msgid "ANY, any policy must match to grant access."
-msgstr "ANY, dowolna zasada musi być zgodna, aby przyznać dostęp."
+#~ msgstr "ANY, dowolna zasada musi być zgodna, aby przyznać dostęp."
 #: src/admin/flows/StageBindingForm.ts
-msgid "ANY, any policy must match to include this stage access."
+#~ msgid "ANY, any policy must match to include this stage access."
-msgstr "ANY, każda zasada musi być zgodna, aby uwzględnić dostęp do tego etapu."
+#~ msgstr "ANY, każda zasada musi być zgodna, aby uwzględnić dostęp do tego etapu."
 #: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
 msgid "API"
@ -162,8 +162,12 @@ msgid "API Requests"
 msgstr "Żądania API"
 #: src/admin/tokens/TokenForm.ts
-msgid "API Token (can be used to access the API programmatically)"
+msgid "API Token"
-msgstr "Token API (może być używany do programowego dostępu do API)"
+msgstr ""
 #: src/admin/tokens/TokenForm.ts
 #~ msgid "API Token (can be used to access the API programmatically)"
 #~ msgstr "Token API (może być używany do programowego dostępu do API)"
 #: src/admin/stages/captcha/CaptchaStageForm.ts
 msgid "API URL"
@ -364,12 +368,18 @@ msgid "Affected model:"
 msgstr "Model, którego dotyczy problem:"
 #: src/admin/events/RuleForm.ts
-msgid "Alert"
+#~ msgid "Alert"
-msgstr "Alert"
+#~ msgstr "Alert"
 #~ msgid "Algorithm used to sign the JWT Tokens."
 #~ msgstr "Algorytm używany do podpisywania tokenów JWT."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "All policies must match to grant access"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Allow IDP-initiated logins"
 msgstr "Zezwalaj na logowanie inicjowane przez IDP"
@ -420,10 +430,18 @@ msgstr ""
 msgid "Alternatively, if your current device has Duo installed, click on this link:"
 msgstr "Alternatywnie, jeśli na Twoim obecnym urządzeniu jest zainstalowany Duo, kliknij ten link:"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always execute the configured bind flow to authenticate the user"
 msgstr ""
 #: src/admin/stages/consent/ConsentStageForm.ts
 msgid "Always require consent"
 msgstr "Zawsze wymagaj zgody"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always returns the latest data, but slower than cached querying"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 msgid "An example setup can look like this:"
 msgstr "Przykładowa konfiguracja może wyglądać tak:"
@ -432,6 +450,12 @@ msgstr "Przykładowa konfiguracja może wyglądać tak:"
 msgid "Any HTML can be used."
 msgstr "Można użyć dowolnego kodu HTML."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "Any policy must match to grant access"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 msgid "App"
@ -442,8 +466,16 @@ msgid "App password"
 msgstr "Hasło aplikacji"
 #: src/admin/tokens/TokenForm.ts
-msgid "App password (can be used to login using a flow executor)"
+#~ msgid "App password (can be used to login using a flow executor)"
-msgstr "Hasło aplikacji (może być użyte do zalogowania się za pomocą executora przepływu)"
+#~ msgstr "Hasło aplikacji (może być użyte do zalogowania się za pomocą executora przepływu)"
 #: src/admin/tokens/TokenForm.ts
 msgid "App password."
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Appearance settings"
 msgstr ""
 #: src/admin/admin-overview/TopApplicationsTable.ts
 #: src/admin/providers/ProviderListPage.ts
@ -781,6 +813,10 @@ msgstr "Basic-Auth"
 msgid "Bearer Token"
 msgstr "Bearer Token"
 #: src/admin/flows/FlowForm.ts
 msgid "Behavior settings"
 msgstr ""
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 msgid "Bind CN"
 msgstr "Bind CN"
@ -869,12 +905,16 @@ msgid "CA which the endpoint's Certificate is verified against. Can be left empt
 msgstr "CA względem którego weryfikowany jest certyfikat. Można pozostawić puste, aby nie sprawdzać poprawności."
 #: src/admin/flows/FlowForm.ts
-msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
+#~ msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Cached binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+#~ msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
-msgstr "Powiązanie w pamięci podręcznej, przepływ jest wykonywany, a sesja jest buforowana w pamięci. Przepływ jest wykonywany po wygaśnięciu sesji."
+#~ msgstr "Powiązanie w pamięci podręcznej, przepływ jest wykonywany, a sesja jest buforowana w pamięci. Przepływ jest wykonywany po wygaśnięciu sesji."
 #: src/admin/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
@ -885,8 +925,12 @@ msgid "Cached policies"
 msgstr "Zasady w pamięci podręcznej"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
+msgid "Cached querying"
-msgstr "Zbuforowane zapytania, placówka przechowuje w pamięci wszystkich użytkowników i grupy i odświeża się co 5 minut."
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
 #~ msgstr "Zbuforowane zapytania, placówka przechowuje w pamięci wszystkich użytkowników i grupy i odświeża się co 5 minut."
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Caddy (Standalone)"
@ -1159,6 +1203,7 @@ msgstr "Client type"
 #: src/admin/users/UserListPage.ts
 #: src/elements/notifications/NotificationDrawer.ts
 #: src/elements/wizard/Wizard.ts
 #: src/flow/FlowInspector.ts
 msgid "Close"
 msgstr "Zamknij"
@ -1232,8 +1277,12 @@ msgid "Configure how the NameID value will be created. When left empty, the Name
 msgstr "Skonfiguruj sposób tworzenia wartości NameID. Gdy puste, NameIDPolicy przychodzącego żądania będzie przestrzegany."
 #: src/admin/flows/StageBindingForm.ts
-msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgid "Configure how the flow executor should handle an invalid response to a challenge given by this bound stage."
-msgstr "Skonfiguruj sposób, w jaki executor przepływu powinien obsługiwać nieprawidłową odpowiedź na wyzwanie."
+msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 #~ msgid "Configure how the flow executor should handle an invalid response to a challenge."
 #~ msgstr "Skonfiguruj sposób, w jaki executor przepływu powinien obsługiwać nieprawidłową odpowiedź na wyzwanie."
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Configure how the issuer field of the ID Token should be filled."
@ -1655,8 +1704,8 @@ msgstr "Dostosowywanie"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "DSA-SHA1"
+#~ msgid "DSA-SHA1"
-msgstr "DSA-SHA1"
+#~ msgstr "DSA-SHA1"
 #: src/admin/AdminInterface.ts
 msgid "Dashboards"
@ -1874,15 +1923,23 @@ msgid "Digits"
 msgstr "Cyfry"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct binding, always execute the configured bind flow to authenticate the user."
+msgid "Direct binding"
-msgstr "Bezpośrednie wiązanie, zawsze wykonuj skonfigurowany przepływ wiązania, aby uwierzytelnić użytkownika."
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Direct binding, always execute the configured bind flow to authenticate the user."
 #~ msgstr "Bezpośrednie wiązanie, zawsze wykonuj skonfigurowany przepływ wiązania, aby uwierzytelnić użytkownika."
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying"
 msgstr ""
 #~ msgid "Direct querying, always execute the configured bind flow to authenticate the user."
 #~ msgstr "Bezpośrednie zapytania, zawsze wykonuj skonfigurowany przepływ wiązania, aby uwierzytelnić użytkownika."
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct querying, always returns the latest data, but slower than cached querying."
+#~ msgid "Direct querying, always returns the latest data, but slower than cached querying."
-msgstr "Zapytania bezpośrednie zawsze zwracają najnowsze dane, ale są wolniejsze niż zapytania w pamięci podręcznej."
+#~ msgstr "Zapytania bezpośrednie zawsze zwracają najnowsze dane, ale są wolniejsze niż zapytania w pamięci podręcznej."
 #: src/admin/AdminInterface.ts
 msgid "Directory"
@ -1953,8 +2010,12 @@ msgid "Download signing certificate"
 msgstr "Pobierz certyfikat podpisywania"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
+msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate."
-msgstr "Ze względu na ograniczenia protokołu ten certyfikat jest używany tylko wtedy, gdy placówka ma jednego dostawcę."
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
 #~ msgstr "Ze względu na ograniczenia protokołu ten certyfikat jest używany tylko wtedy, gdy placówka ma jednego dostawcę."
 #~ msgid "Dummy"
 #~ msgstr "Atrapa"
@ -1999,8 +2060,12 @@ msgid "Duration after which events will be deleted from the database."
 msgstr "Czas, po którym zdarzenia zostaną usunięte z bazy danych."
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Each provider has a different issuer, based on the application slug."
+msgid "Each provider has a different issuer, based on the application slug"
-msgstr "Każdy dostawca ma innego wystawcę, w oparciu o informacje o slug aplikacji."
+msgstr ""
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "Each provider has a different issuer, based on the application slug."
 #~ msgstr "Każdy dostawca ma innego wystawcę, w oparciu o informacje o slug aplikacji."
 #: src/admin/applications/ApplicationViewPage.ts
 #: src/admin/applications/ApplicationViewPage.ts
@ -2108,8 +2173,8 @@ msgstr "Włącz StartTLS"
 #~ msgstr "Włącz TOTP"
 #: src/admin/flows/FlowForm.ts
-msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
+#~ msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
-msgstr "Włącz tryb zgodności, zwiększa zgodność z menedżerami haseł na urządzeniach mobilnych."
+#~ msgstr "Włącz tryb zgodności, zwiększa zgodność z menedżerami haseł na urządzeniach mobilnych."
 #: src/admin/blueprints/BlueprintForm.ts
 #: src/admin/blueprints/BlueprintListPage.ts
@ -2479,6 +2544,10 @@ msgstr "Wykonanie przepływu"
 msgid "Flow inspector"
 msgstr "Inspektor przepływu"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Flow is executed and session is cached in memory. Flow is executed when session expires"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
@ -3014,6 +3083,10 @@ msgstr "Uwzględnij oświadczenia użytkownika z zakresów w id_token dla aplika
 msgid "Include claims in id_token"
 msgstr "Uwzględnij roszczenia w id_token"
 #: src/admin/flows/FlowForm.ts
 msgid "Increases compatibility with password managers and mobile devices."
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Integration"
@ -3062,8 +3135,12 @@ msgstr ""
 "nazwa użytkownika, pod którą próbują się zalogować, przez jeden."
 #: src/admin/flows/StageBindingForm.ts
-msgid "Invalid response action"
+#~ msgid "Invalid response action"
-msgstr "Nieprawidłowa akcja odpowiedzi"
+#~ msgstr "Nieprawidłowa akcja odpowiedzi"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Invalid response behavior"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Invalidation"
@ -3305,82 +3382,29 @@ msgstr "Załaduj serwery"
 msgid "Loading"
 msgstr "Ładowanie"
-#: src/admin/applications/ApplicationCheckAccessForm.ts
+#: src/elements/forms/SearchSelect.ts
-#: src/admin/applications/ApplicationForm.ts
+msgid "Loading options..."
-#: src/admin/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgstr ""
-#: src/admin/blueprints/BlueprintForm.ts
+
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/TransportForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/policies/PolicyBindingForm.ts
 #: src/admin/policies/PolicyTestForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderImportForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
 #: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
 #: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
 #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 #: src/admin/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
 #: src/admin/stages/email/EmailStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/invitation/InvitationForm.ts
 #: src/admin/stages/invitation/InvitationListLink.ts
 #: src/admin/stages/password/PasswordStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tokens/TokenForm.ts
 #: src/admin/users/UserForm.ts
 #: src/admin/users/UserResetEmailForm.ts
 #: src/elements/Spinner.ts
 msgid "Loading..."
 msgstr "Ładowanie..."
@ -3465,12 +3489,12 @@ msgid "Long-running operations which authentik executes in the background."
 msgstr "Długotrwałe operacje, które authentik wykonuje w tle."
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE will notify the user the flow isn't applicable."
+#~ msgid "MESSAGE will notify the user the flow isn't applicable."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
+#~ msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
-msgstr ""
+#~ msgstr ""
 #: src/admin/users/UserViewPage.ts
 msgid "MFA Authenticators"
@ -3948,7 +3972,6 @@ msgstr "Jeszcze nie zsynchronizowano."
 msgid "Not used by any other object."
 msgstr "Nie używany przez żaden inny obiekt."
 #: src/flow/stages/FlowErrorStage.ts
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 #: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
 #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
@ -4469,8 +4492,16 @@ msgid "Post binding"
 msgstr "Post binding"
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "Post binding (auto-submit)"
+#~ msgid "Post binding (auto-submit)"
-msgstr "Post binding (automatyczne przesyłanie)"
+#~ msgstr "Post binding (automatyczne przesyłanie)"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post binding but the request is automatically sent and the user doesn't have to confirm."
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post-auto binding"
 msgstr ""
 #: src/flow/FlowExecutor.ts
 msgid "Powered by authentik"
@ -4632,16 +4663,16 @@ msgstr "Szybkie akcje"
 #~ msgstr "RESTART ponownie uruchamia przepływ od początku, zachowując kontekst przepływu."
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART restarts the flow from the beginning."
+#~ msgid "RESTART restarts the flow from the beginning."
-msgstr "RESTART ponownie uruchamia przepływ od początku."
+#~ msgstr "RESTART ponownie uruchamia przepływ od początku."
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
+#~ msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "RETRY returns the error message and a similar challenge to the executor."
+#~ msgid "RETRY returns the error message and a similar challenge to the executor."
-msgstr "RETRY zwraca komunikat o błędzie i podobne wyzwanie do executora."
+#~ msgstr "RETRY zwraca komunikat o błędzie i podobne wyzwanie do executora."
 #~ msgid "RS256 (Asymmetric Encryption)"
 #~ msgstr "RS256 (szyfrowanie asymetryczne)"
@ -4651,23 +4682,23 @@ msgstr "RETRY zwraca komunikat o błędzie i podobne wyzwanie do executora."
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA1"
+#~ msgid "RSA-SHA1"
-msgstr "RSA-SHA1"
+#~ msgstr "RSA-SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA256"
+#~ msgid "RSA-SHA256"
-msgstr "RSA-SHA256"
+#~ msgstr "RSA-SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA384"
+#~ msgid "RSA-SHA384"
-msgstr "RSA-SHA384"
+#~ msgstr "RSA-SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA512"
+#~ msgid "RSA-SHA512"
-msgstr "RSA-SHA512"
+#~ msgstr "RSA-SHA512"
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 msgid "Raw JWKS data."
@ -4821,6 +4852,10 @@ msgstr "Punkty reputacji"
 msgid "Request"
 msgstr "Żądanie"
 #: src/flow/stages/FlowErrorStage.ts
 msgid "Request ID"
 msgstr ""
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 msgid "Request has been denied."
 msgstr "Żądanie zostało odrzucone."
@ -4868,6 +4903,14 @@ msgstr "Wymagania dotyczące klucza rezydenta"
 #~ msgid "Resources"
 #~ msgstr "Zasoby"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning"
 msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning, while keeping the flow context"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 msgid "Result"
@ -4886,8 +4929,8 @@ msgstr "Ponów uwierzytelnianie"
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Return"
+#~ msgid "Return"
-msgstr "Powróć"
+#~ msgstr "Powróć"
 #: src/elements/router/Router404.ts
 msgid "Return home"
@ -4902,6 +4945,10 @@ msgstr "Wróć do wyboru urządzeń"
 #~ msgid "Return true if request IP/target username's score is below a certain threshold."
 #~ msgstr "Zwróć true, jeśli wynik IP żądania/docelowej nazwy użytkownika jest poniżej określonego progu."
 #: src/admin/flows/StageBindingForm.ts
 msgid "Returns the error message and a similar challenge to the executor"
 msgstr ""
 #: src/elements/oauth/UserRefreshList.ts
 msgid "Revoked?"
 msgstr "Unieważniono?"
@ -4942,29 +4989,37 @@ msgstr "Szczegóły SAML"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA1"
+#~ msgid "SHA1"
-msgstr "SHA1"
+#~ msgstr "SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA256"
+#~ msgid "SHA256"
-msgstr "SHA256"
+#~ msgstr "SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA384"
+#~ msgid "SHA384"
-msgstr "SHA384"
+#~ msgstr "SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA512"
+#~ msgid "SHA512"
-msgstr "SHA512"
+#~ msgstr "SHA512"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceViewPage.ts
 msgid "SLO URL"
 msgstr "SLO URL"
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Post)"
 msgstr ""
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Redirect)"
 msgstr ""
 #: src/flow/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "SMS"
 msgstr "SMS"
@ -5117,7 +5172,7 @@ msgstr "Wybierz przepływ rejestracji"
 #~ msgid "Select an identification method."
 #~ msgstr "Wybierz metodę identyfikacji."
-#: src/elements/SearchSelect.ts
+#: src/elements/forms/SearchSelect.ts
 msgid "Select an object."
 msgstr "Wybierz obiekt."
@ -5384,9 +5439,7 @@ msgstr ""
 msgid "Slug"
 msgstr "Ślimak"
 #: src/flow/FlowExecutor.ts
 #: src/flow/stages/FlowErrorStage.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
 msgid "Something went wrong! Please try again later."
 msgstr "Coś poszło nie tak! Spróbuj ponownie później."
@ -5400,6 +5453,10 @@ msgstr "Źródło połączone"
 #~ msgid "Source name"
 #~ msgstr "Nazwa źródła"
 #: src/admin/stages/identification/IdentificationStageForm.ts
 msgid "Source settings"
 msgstr ""
 #~ msgid "Source {0}"
 #~ msgstr "Źródło {0}"
@ -6134,6 +6191,10 @@ msgstr "Następujące obiekty używają {objName}"
 msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "The outpost holds all users and groups in-memory and will refresh every 5 Minutes"
 msgstr ""
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@ -6251,6 +6312,10 @@ msgstr ""
 msgid "Threshold"
 msgstr "Próg"
 #: src/admin/stages/dummy/DummyStageForm.ts
 msgid "Throw error?"
 msgstr ""
 #: src/admin/stages/email/EmailStageForm.ts
 msgid "Time in minutes the token sent is valid."
 msgstr "Czas w minutach, w którym wysłany token jest ważny."
@ -6536,6 +6601,39 @@ msgstr "Unikalny identyfikator, do którego odwołuje się token."
 msgid "Unknown"
 msgstr "Nieznany"
 #: src/admin/flows/utils.ts
 msgid "Unknown designation"
 msgstr ""
 #: src/admin/tokens/TokenListPage.ts
 msgid "Unknown intent"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Unknown layout"
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 msgid "Unknown outpost type"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceViewPage.ts
 msgid "Unknown provider type"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Unknown proxy mode"
 msgstr ""
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Unknown type"
 msgstr ""
 #: src/admin/sources/oauth/utils.ts
 msgid "Unknown user matching mode"
 msgstr ""
 #~ msgid "Unmanaged"
 #~ msgstr "Niezarządzany"
@ -6796,6 +6894,14 @@ msgstr "Użyj tego dostawcy z auth_request nginx lub forwardAuth traefik. Tylko
 msgid "Use this tenant for each domain that doesn't have a dedicated tenant."
 msgstr "Użyj tego najemcy dla każdej domeny, która nie ma dedykowanej najmecy."
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to access the API programmatically"
 msgstr ""
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to login using a flow executor"
 msgstr ""
 #: src/admin/applications/ApplicationCheckAccessForm.ts
 #: src/admin/events/EventInfo.ts
 #: src/admin/events/EventListPage.ts
@ -7263,8 +7369,20 @@ msgstr "Podczas korzystania z trybu proxy lub uwierzytelniania do przodu (pojedy
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Whoops!"
+#~ msgid "Whoops!"
-msgstr "Ups!"
+#~ msgstr "Ups!"
 #: src/admin/flows/FlowForm.ts
 msgid "Will either follow the ?next parameter or redirect to the default interface"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will follow the ?next parameter if set, otherwise show a message"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will notify the user the flow isn't applicable"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Windows"
--- a/web/src/locales/pseudo-LOCALE.po
+++ b/web/src/locales/pseudo-LOCALE.po
@ -115,21 +115,21 @@ msgstr ""
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ALL, all policies must match to grant access."
+#~ msgid "ALL, all policies must match to grant access."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "ALL, all policies must match to include this stage access."
+#~ msgid "ALL, all policies must match to include this stage access."
-msgstr ""
+#~ msgstr ""
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ANY, any policy must match to grant access."
+#~ msgid "ANY, any policy must match to grant access."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "ANY, any policy must match to include this stage access."
+#~ msgid "ANY, any policy must match to include this stage access."
-msgstr ""
+#~ msgstr ""
 #: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
 msgid "API"
@ -156,9 +156,13 @@ msgid "API Requests"
 msgstr ""
 #: src/admin/tokens/TokenForm.ts
-msgid "API Token (can be used to access the API programmatically)"
+msgid "API Token"
 msgstr ""
 #: src/admin/tokens/TokenForm.ts
 #~ msgid "API Token (can be used to access the API programmatically)"
 #~ msgstr ""
 #: src/admin/stages/captcha/CaptchaStageForm.ts
 msgid "API URL"
 msgstr ""
@ -360,13 +364,19 @@ msgid "Affected model:"
 msgstr ""
 #: src/admin/events/RuleForm.ts
-msgid "Alert"
+#~ msgid "Alert"
-msgstr ""
+#~ msgstr ""
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "Algorithm used to sign the JWT Tokens."
 #~ msgstr ""
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "All policies must match to grant access"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Allow IDP-initiated logins"
 msgstr ""
@ -417,10 +427,18 @@ msgstr ""
 msgid "Alternatively, if your current device has Duo installed, click on this link:"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always execute the configured bind flow to authenticate the user"
 msgstr ""
 #: src/admin/stages/consent/ConsentStageForm.ts
 msgid "Always require consent"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always returns the latest data, but slower than cached querying"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 msgid "An example setup can look like this:"
 msgstr ""
@ -429,6 +447,12 @@ msgstr ""
 msgid "Any HTML can be used."
 msgstr ""
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "Any policy must match to grant access"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 msgid "App"
@ -439,7 +463,15 @@ msgid "App password"
 msgstr ""
 #: src/admin/tokens/TokenForm.ts
-msgid "App password (can be used to login using a flow executor)"
+#~ msgid "App password (can be used to login using a flow executor)"
 #~ msgstr ""
 #: src/admin/tokens/TokenForm.ts
 msgid "App password."
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Appearance settings"
 msgstr ""
 #: src/admin/admin-overview/TopApplicationsTable.ts
@ -782,6 +814,10 @@ msgstr ""
 msgid "Bearer Token"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Behavior settings"
 msgstr ""
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 msgid "Bind CN"
 msgstr ""
@ -871,12 +907,16 @@ msgid "CA which the endpoint's Certificate is verified against. Can be left empt
 msgstr ""
 #: src/admin/flows/FlowForm.ts
-msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
+#~ msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Cached binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+#~ msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
-msgstr ""
+#~ msgstr ""
 #: src/admin/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
@ -887,9 +927,13 @@ msgid "Cached policies"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
+msgid "Cached querying"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
 #~ msgstr ""
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Caddy (Standalone)"
 msgstr ""
@ -1161,6 +1205,7 @@ msgstr ""
 #: src/admin/users/UserListPage.ts
 #: src/elements/notifications/NotificationDrawer.ts
 #: src/elements/wizard/Wizard.ts
 #: src/flow/FlowInspector.ts
 msgid "Close"
 msgstr ""
@ -1237,9 +1282,13 @@ msgid "Configure how the NameID value will be created. When left empty, the Name
 msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgid "Configure how the flow executor should handle an invalid response to a challenge given by this bound stage."
 msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 #~ msgid "Configure how the flow executor should handle an invalid response to a challenge."
 #~ msgstr ""
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr ""
@ -1667,8 +1716,8 @@ msgstr ""
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "DSA-SHA1"
+#~ msgid "DSA-SHA1"
-msgstr ""
+#~ msgstr ""
 #: src/admin/AdminInterface.ts
 msgid "Dashboards"
@ -1891,7 +1940,15 @@ msgid "Digits"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct binding, always execute the configured bind flow to authenticate the user."
+msgid "Direct binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Direct binding, always execute the configured bind flow to authenticate the user."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying"
 msgstr ""
 #: src/pages/providers/ldap/LDAPProviderForm.ts
@ -1899,8 +1956,8 @@ msgstr ""
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct querying, always returns the latest data, but slower than cached querying."
+#~ msgid "Direct querying, always returns the latest data, but slower than cached querying."
-msgstr ""
+#~ msgstr ""
 #: src/admin/AdminInterface.ts
 msgid "Directory"
@ -1977,9 +2034,13 @@ msgid "Download signing certificate"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
+msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate."
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
 #~ msgstr ""
 #: src/pages/policies/PolicyWizard.ts
 #~ msgid "Dummy"
 #~ msgstr ""
@ -2025,9 +2086,13 @@ msgid "Duration after which events will be deleted from the database."
 msgstr ""
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Each provider has a different issuer, based on the application slug."
+msgid "Each provider has a different issuer, based on the application slug"
 msgstr ""
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "Each provider has a different issuer, based on the application slug."
 #~ msgstr ""
 #: src/admin/applications/ApplicationViewPage.ts
 #: src/admin/applications/ApplicationViewPage.ts
 #: src/admin/flows/FlowViewPage.ts
@ -2140,8 +2205,8 @@ msgstr ""
 #~ msgstr ""
 #: src/admin/flows/FlowForm.ts
-msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
+#~ msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
-msgstr ""
+#~ msgstr ""
 #: src/admin/blueprints/BlueprintForm.ts
 #: src/admin/blueprints/BlueprintListPage.ts
@ -2520,6 +2585,10 @@ msgstr ""
 msgid "Flow inspector"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Flow is executed and session is cached in memory. Flow is executed when session expires"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
@ -3063,6 +3132,10 @@ msgstr ""
 msgid "Include claims in id_token"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Increases compatibility with password managers and mobile devices."
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Integration"
@ -3110,7 +3183,11 @@ msgid ""
 msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "Invalid response action"
+#~ msgid "Invalid response action"
 #~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Invalid response behavior"
 msgstr ""
 #: src/admin/flows/utils.ts
@ -3358,82 +3435,29 @@ msgstr ""
 msgid "Loading"
 msgstr ""
-#: src/admin/applications/ApplicationCheckAccessForm.ts
+#: src/elements/forms/SearchSelect.ts
-#: src/admin/applications/ApplicationForm.ts
+msgid "Loading options..."
-#: src/admin/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgstr ""
-#: src/admin/blueprints/BlueprintForm.ts
+
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/TransportForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/policies/PolicyBindingForm.ts
 #: src/admin/policies/PolicyTestForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderImportForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
 #: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
 #: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
 #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 #: src/admin/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
 #: src/admin/stages/email/EmailStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/invitation/InvitationForm.ts
 #: src/admin/stages/invitation/InvitationListLink.ts
 #: src/admin/stages/password/PasswordStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tokens/TokenForm.ts
 #: src/admin/users/UserForm.ts
 #: src/admin/users/UserResetEmailForm.ts
 #: src/elements/Spinner.ts
 msgid "Loading..."
 msgstr ""
@ -3519,12 +3543,12 @@ msgid "Long-running operations which authentik executes in the background."
 msgstr ""
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE will notify the user the flow isn't applicable."
+#~ msgid "MESSAGE will notify the user the flow isn't applicable."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
+#~ msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
-msgstr ""
+#~ msgstr ""
 #: src/admin/users/UserViewPage.ts
 msgid "MFA Authenticators"
@ -4005,7 +4029,6 @@ msgstr ""
 msgid "Not used by any other object."
 msgstr ""
 #: src/flow/stages/FlowErrorStage.ts
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 #: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
 #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
@ -4548,7 +4571,15 @@ msgid "Post binding"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "Post binding (auto-submit)"
+#~ msgid "Post binding (auto-submit)"
 #~ msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post binding but the request is automatically sent and the user doesn't have to confirm."
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post-auto binding"
 msgstr ""
 #: src/flow/FlowExecutor.ts
@ -4714,16 +4745,16 @@ msgstr ""
 #~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART restarts the flow from the beginning."
+#~ msgid "RESTART restarts the flow from the beginning."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
+#~ msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "RETRY returns the error message and a similar challenge to the executor."
+#~ msgid "RETRY returns the error message and a similar challenge to the executor."
-msgstr ""
+#~ msgstr ""
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "RS256 (Asymmetric Encryption)"
@ -4735,23 +4766,23 @@ msgstr ""
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA1"
+#~ msgid "RSA-SHA1"
-msgstr ""
+#~ msgstr ""
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA256"
+#~ msgid "RSA-SHA256"
-msgstr ""
+#~ msgstr ""
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA384"
+#~ msgid "RSA-SHA384"
-msgstr ""
+#~ msgstr ""
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA512"
+#~ msgid "RSA-SHA512"
-msgstr ""
+#~ msgstr ""
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 msgid "Raw JWKS data."
@ -4913,6 +4944,10 @@ msgstr ""
 msgid "Request"
 msgstr ""
 #: src/flow/stages/FlowErrorStage.ts
 msgid "Request ID"
 msgstr ""
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 msgid "Request has been denied."
 msgstr ""
@ -4962,6 +4997,14 @@ msgstr ""
 #~ msgid "Resources"
 #~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning"
 msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning, while keeping the flow context"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 msgid "Result"
@ -4981,8 +5024,8 @@ msgstr ""
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Return"
+#~ msgid "Return"
-msgstr ""
+#~ msgstr ""
 #: src/elements/router/Router404.ts
 msgid "Return home"
@ -4998,6 +5041,10 @@ msgstr ""
 #~ msgid "Return true if request IP/target username's score is below a certain threshold."
 #~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Returns the error message and a similar challenge to the executor"
 msgstr ""
 #: src/elements/oauth/UserRefreshList.ts
 msgid "Revoked?"
 msgstr ""
@ -5040,29 +5087,37 @@ msgstr ""
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA1"
+#~ msgid "SHA1"
-msgstr ""
+#~ msgstr ""
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA256"
+#~ msgid "SHA256"
-msgstr ""
+#~ msgstr ""
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA384"
+#~ msgid "SHA384"
-msgstr ""
+#~ msgstr ""
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA512"
+#~ msgid "SHA512"
-msgstr ""
+#~ msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceViewPage.ts
 msgid "SLO URL"
 msgstr ""
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Post)"
 msgstr ""
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Redirect)"
 msgstr ""
 #: src/flow/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "SMS"
 msgstr ""
@ -5217,7 +5272,7 @@ msgstr ""
 #~ msgid "Select an identification method."
 #~ msgstr ""
-#: src/elements/SearchSelect.ts
+#: src/elements/forms/SearchSelect.ts
 msgid "Select an object."
 msgstr ""
@ -5492,9 +5547,7 @@ msgstr ""
 msgid "Slug"
 msgstr ""
 #: src/flow/FlowExecutor.ts
 #: src/flow/stages/FlowErrorStage.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
 msgid "Something went wrong! Please try again later."
 msgstr ""
@ -5510,6 +5563,10 @@ msgstr ""
 #~ msgid "Source name"
 #~ msgstr ""
 #: src/admin/stages/identification/IdentificationStageForm.ts
 msgid "Source settings"
 msgstr ""
 #: src/user/user-settings/sources/SourceSettingsOAuth.ts
 #: src/user/user-settings/sources/SourceSettingsPlex.ts
 #~ msgid "Source {0}"
@ -6269,6 +6326,10 @@ msgstr ""
 msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "The outpost holds all users and groups in-memory and will refresh every 5 Minutes"
 msgstr ""
 #: src/pages/policies/reputation/ReputationPolicyForm.ts
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
@ -6377,6 +6438,10 @@ msgstr ""
 msgid "Threshold"
 msgstr ""
 #: src/admin/stages/dummy/DummyStageForm.ts
 msgid "Throw error?"
 msgstr ""
 #: src/admin/stages/email/EmailStageForm.ts
 msgid "Time in minutes the token sent is valid."
 msgstr ""
@ -6668,6 +6733,39 @@ msgstr ""
 msgid "Unknown"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Unknown designation"
 msgstr ""
 #: src/admin/tokens/TokenListPage.ts
 msgid "Unknown intent"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Unknown layout"
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 msgid "Unknown outpost type"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceViewPage.ts
 msgid "Unknown provider type"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Unknown proxy mode"
 msgstr ""
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Unknown type"
 msgstr ""
 #: src/admin/sources/oauth/utils.ts
 msgid "Unknown user matching mode"
 msgstr ""
 #: 
 #~ msgid "Unmanaged"
 #~ msgstr ""
@ -6929,6 +7027,14 @@ msgstr ""
 msgid "Use this tenant for each domain that doesn't have a dedicated tenant."
 msgstr ""
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to access the API programmatically"
 msgstr ""
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to login using a flow executor"
 msgstr ""
 #: src/admin/applications/ApplicationCheckAccessForm.ts
 #: src/admin/events/EventInfo.ts
 #: src/admin/events/EventListPage.ts
@ -7402,7 +7508,19 @@ msgstr ""
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Whoops!"
+#~ msgid "Whoops!"
 #~ msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will either follow the ?next parameter or redirect to the default interface"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will follow the ?next parameter if set, otherwise show a message"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will notify the user the flow isn't applicable"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
--- a/web/src/locales/tr.po
+++ b/web/src/locales/tr.po
@ -121,21 +121,21 @@ msgstr "ACS URL"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ALL, all policies must match to grant access."
+#~ msgid "ALL, all policies must match to grant access."
-msgstr "TÜM, erişim vermek için tüm ilkelerin eşleşmesi gerekir."
+#~ msgstr "TÜM, erişim vermek için tüm ilkelerin eşleşmesi gerekir."
 #: src/admin/flows/StageBindingForm.ts
-msgid "ALL, all policies must match to include this stage access."
+#~ msgid "ALL, all policies must match to include this stage access."
-msgstr "TÜM, bu alanı erişimini içerecek şekilde tüm ilkelerin eşleşmesi gerekir."
+#~ msgstr "TÜM, bu alanı erişimini içerecek şekilde tüm ilkelerin eşleşmesi gerekir."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ANY, any policy must match to grant access."
+#~ msgid "ANY, any policy must match to grant access."
-msgstr "HERHANGİ, erişim izni vermek için herhangi bir ilke eşleşmelidir."
+#~ msgstr "HERHANGİ, erişim izni vermek için herhangi bir ilke eşleşmelidir."
 #: src/admin/flows/StageBindingForm.ts
-msgid "ANY, any policy must match to include this stage access."
+#~ msgid "ANY, any policy must match to include this stage access."
-msgstr "HERHANGİ, bu aşama erişimini içerecek şekilde herhangi bir ilke"
+#~ msgstr "HERHANGİ, bu aşama erişimini içerecek şekilde herhangi bir ilke"
 #: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
 msgid "API"
@ -162,8 +162,12 @@ msgid "API Requests"
 msgstr "API İstekleri"
 #: src/admin/tokens/TokenForm.ts
-msgid "API Token (can be used to access the API programmatically)"
+msgid "API Token"
-msgstr "API Belirteci (API'ye programlı olarak erişmek için kullanılabilir)"
+msgstr ""
 #: src/admin/tokens/TokenForm.ts
 #~ msgid "API Token (can be used to access the API programmatically)"
 #~ msgstr "API Belirteci (API'ye programlı olarak erişmek için kullanılabilir)"
 #: src/admin/stages/captcha/CaptchaStageForm.ts
 msgid "API URL"
@ -360,12 +364,18 @@ msgid "Affected model:"
 msgstr "Etkilenen model:"
 #: src/admin/events/RuleForm.ts
-msgid "Alert"
+#~ msgid "Alert"
-msgstr "Alarm"
+#~ msgstr "Alarm"
 #~ msgid "Algorithm used to sign the JWT Tokens."
 #~ msgstr "JWT Belirteçlerini imzalamak için kullanılan algoritma."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "All policies must match to grant access"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Allow IDP-initiated logins"
 msgstr "IDP tarafından başlatılan oturumlara izin ver"
@ -416,10 +426,18 @@ msgstr ""
 msgid "Alternatively, if your current device has Duo installed, click on this link:"
 msgstr "Alternatif olarak, mevcut cihazınızda Duo yüklüyse, şu bağlantıya tıklayın:"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always execute the configured bind flow to authenticate the user"
 msgstr ""
 #: src/admin/stages/consent/ConsentStageForm.ts
 msgid "Always require consent"
 msgstr "Her zaman rıza gerektirir"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always returns the latest data, but slower than cached querying"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 msgid "An example setup can look like this:"
 msgstr "Bir örnek kurulum şu şekilde görünebilir:"
@ -428,6 +446,12 @@ msgstr "Bir örnek kurulum şu şekilde görünebilir:"
 msgid "Any HTML can be used."
 msgstr "Herhangi bir HTML kullanılabilir."
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "Any policy must match to grant access"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 msgid "App"
@ -438,8 +462,16 @@ msgid "App password"
 msgstr "Uygulama parolası"
 #: src/admin/tokens/TokenForm.ts
-msgid "App password (can be used to login using a flow executor)"
+#~ msgid "App password (can be used to login using a flow executor)"
-msgstr "Uygulama parolası (bir akış yürütücüyle giriş yapmak için kullanılabilir)"
+#~ msgstr "Uygulama parolası (bir akış yürütücüyle giriş yapmak için kullanılabilir)"
 #: src/admin/tokens/TokenForm.ts
 msgid "App password."
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Appearance settings"
 msgstr ""
 #: src/admin/admin-overview/TopApplicationsTable.ts
 #: src/admin/providers/ProviderListPage.ts
@ -777,6 +809,10 @@ msgstr "Basic-Auth"
 msgid "Bearer Token"
 msgstr "Bearer Belirteci"
 #: src/admin/flows/FlowForm.ts
 msgid "Behavior settings"
 msgstr ""
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 msgid "Bind CN"
 msgstr "Bağlama CN"
@ -865,12 +901,16 @@ msgid "CA which the endpoint's Certificate is verified against. Can be left empt
 msgstr "Uç noktanın Sertifikası karşı doğrulanan CA. Doğrulama yapılmadan boş bırakılabilir."
 #: src/admin/flows/FlowForm.ts
-msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
+#~ msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Cached binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+#~ msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
-msgstr ""
+#~ msgstr ""
 #: src/admin/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
@ -881,8 +921,12 @@ msgid "Cached policies"
 msgstr "Önbelleğe alınan ilkeler"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
+msgid "Cached querying"
-msgstr "Önbelleğe alınmış sorgulama, üs tüm kullanıcıları ve grupları bellek içinde tutar ve her 5 Dakikada yenileyecektir."
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
 #~ msgstr "Önbelleğe alınmış sorgulama, üs tüm kullanıcıları ve grupları bellek içinde tutar ve her 5 Dakikada yenileyecektir."
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Caddy (Standalone)"
@ -1153,6 +1197,7 @@ msgstr "İstemci türü"
 #: src/admin/users/UserListPage.ts
 #: src/elements/notifications/NotificationDrawer.ts
 #: src/elements/wizard/Wizard.ts
 #: src/flow/FlowInspector.ts
 msgid "Close"
 msgstr "Kapat"
@ -1226,8 +1271,12 @@ msgid "Configure how the NameID value will be created. When left empty, the Name
 msgstr "NameID değerinin nasıl oluşturulacağını yapılandırın. Boş bırakıldığında, gelen isteğin NameIDPolicy değerine saygı gösterilir."
 #: src/admin/flows/StageBindingForm.ts
-msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgid "Configure how the flow executor should handle an invalid response to a challenge given by this bound stage."
-msgstr "Akış yürütücüsünün bir meydan okuma için geçersiz bir yanıt nasıl işlemesi gerektiğini yapılandırın."
+msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 #~ msgid "Configure how the flow executor should handle an invalid response to a challenge."
 #~ msgstr "Akış yürütücüsünün bir meydan okuma için geçersiz bir yanıt nasıl işlemesi gerektiğini yapılandırın."
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Configure how the issuer field of the ID Token should be filled."
@ -1649,8 +1698,8 @@ msgstr "Özelleştirme"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "DSA-SHA1"
+#~ msgid "DSA-SHA1"
-msgstr "DSA-SHA1"
+#~ msgstr "DSA-SHA1"
 #: src/admin/AdminInterface.ts
 msgid "Dashboards"
@ -1868,15 +1917,23 @@ msgid "Digits"
 msgstr "Rakamlar"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct binding, always execute the configured bind flow to authenticate the user."
+msgid "Direct binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Direct binding, always execute the configured bind flow to authenticate the user."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying"
 msgstr ""
 #~ msgid "Direct querying, always execute the configured bind flow to authenticate the user."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct querying, always returns the latest data, but slower than cached querying."
+#~ msgid "Direct querying, always returns the latest data, but slower than cached querying."
-msgstr "Doğrudan sorgulama, her zaman en son verileri döndürür, ancak önbelleğe alınmış sorgulardan daha yavaş olur."
+#~ msgstr "Doğrudan sorgulama, her zaman en son verileri döndürür, ancak önbelleğe alınmış sorgulardan daha yavaş olur."
 #: src/admin/AdminInterface.ts
 msgid "Directory"
@ -1947,8 +2004,12 @@ msgid "Download signing certificate"
 msgstr "İmzalama sertifikasını indirme"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
+msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate."
-msgstr "Protokol sınırlamaları nedeniyle, bu sertifika yalnızca üssün tek bir sağlayıcısı olduğunda kullanılır."
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
 #~ msgstr "Protokol sınırlamaları nedeniyle, bu sertifika yalnızca üssün tek bir sağlayıcısı olduğunda kullanılır."
 #~ msgid "Dummy"
 #~ msgstr ""
@ -1993,8 +2054,12 @@ msgid "Duration after which events will be deleted from the database."
 msgstr "Olayların veritabanından silineceği süre."
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Each provider has a different issuer, based on the application slug."
+msgid "Each provider has a different issuer, based on the application slug"
-msgstr "Her sağlayıcı, uygulama kısa ismine bağlı farklı bir yayımcıya sahiptir."
+msgstr ""
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "Each provider has a different issuer, based on the application slug."
 #~ msgstr "Her sağlayıcı, uygulama kısa ismine bağlı farklı bir yayımcıya sahiptir."
 #: src/admin/applications/ApplicationViewPage.ts
 #: src/admin/applications/ApplicationViewPage.ts
@ -2102,8 +2167,8 @@ msgstr "StartTLS'yi Etkinleştir"
 #~ msgstr "TOTP etkinleştir"
 #: src/admin/flows/FlowForm.ts
-msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
+#~ msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
-msgstr "Uyumluluk modunu etkinleştirin, mobil cihazlarda parola yöneticileri ile uyumluluğu artırır."
+#~ msgstr "Uyumluluk modunu etkinleştirin, mobil cihazlarda parola yöneticileri ile uyumluluğu artırır."
 #: src/admin/blueprints/BlueprintForm.ts
 #: src/admin/blueprints/BlueprintListPage.ts
@ -2473,6 +2538,10 @@ msgstr "Akış yürütme"
 msgid "Flow inspector"
 msgstr "Akış denetçisi"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Flow is executed and session is cached in memory. Flow is executed when session expires"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
@ -3006,6 +3075,10 @@ msgstr "Userinfo uç noktasına erişmeyen uygulamalar için, id_token'daki kaps
 msgid "Include claims in id_token"
 msgstr "İd_token'a hak taleplerini dahil et"
 #: src/admin/flows/FlowForm.ts
 msgid "Increases compatibility with password managers and mobile devices."
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Integration"
@ -3054,8 +3127,12 @@ msgstr ""
 "oturum açmaya calıştığı kullanıcı adının puanını bir azaltır."
 #: src/admin/flows/StageBindingForm.ts
-msgid "Invalid response action"
+#~ msgid "Invalid response action"
-msgstr "Geçersiz yanıt eylemi"
+#~ msgstr "Geçersiz yanıt eylemi"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Invalid response behavior"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Invalidation"
@ -3297,82 +3374,29 @@ msgstr "Sunucuları yükle"
 msgid "Loading"
 msgstr "Yükleniyor"
-#: src/admin/applications/ApplicationCheckAccessForm.ts
+#: src/elements/forms/SearchSelect.ts
-#: src/admin/applications/ApplicationForm.ts
+msgid "Loading options..."
-#: src/admin/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgstr ""
-#: src/admin/blueprints/BlueprintForm.ts
+
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/TransportForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/policies/PolicyBindingForm.ts
 #: src/admin/policies/PolicyTestForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderImportForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
 #: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
 #: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
 #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 #: src/admin/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
 #: src/admin/stages/email/EmailStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/invitation/InvitationForm.ts
 #: src/admin/stages/invitation/InvitationListLink.ts
 #: src/admin/stages/password/PasswordStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tokens/TokenForm.ts
 #: src/admin/users/UserForm.ts
 #: src/admin/users/UserResetEmailForm.ts
 #: src/elements/Spinner.ts
 msgid "Loading..."
 msgstr "Yükleniyor..."
@ -3457,12 +3481,12 @@ msgid "Long-running operations which authentik executes in the background."
 msgstr "authentik'in arka planda yürüttüğü uzun süreli işlemler."
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE will notify the user the flow isn't applicable."
+#~ msgid "MESSAGE will notify the user the flow isn't applicable."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
+#~ msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
-msgstr ""
+#~ msgstr ""
 #: src/admin/users/UserViewPage.ts
 msgid "MFA Authenticators"
@ -3940,7 +3964,6 @@ msgstr "Henüz senkronize edilmedi."
 msgid "Not used by any other object."
 msgstr "Başka bir nesne tarafından kullanılmaz."
 #: src/flow/stages/FlowErrorStage.ts
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 #: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
 #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
@ -4459,8 +4482,16 @@ msgid "Post binding"
 msgstr "Post ciltleme"
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "Post binding (auto-submit)"
+#~ msgid "Post binding (auto-submit)"
-msgstr "Gönderme sonrası (otomatik gönderme)"
+#~ msgstr "Gönderme sonrası (otomatik gönderme)"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post binding but the request is automatically sent and the user doesn't have to confirm."
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post-auto binding"
 msgstr ""
 #: src/flow/FlowExecutor.ts
 msgid "Powered by authentik"
@ -4622,16 +4653,16 @@ msgstr "Hızlı eylemler"
 #~ msgstr "RESTART, akış bağlamını korurken akışı baştan yeniden başlatır."
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART restarts the flow from the beginning."
+#~ msgid "RESTART restarts the flow from the beginning."
-msgstr "RESTART, akışı baştan yeniden başlatır."
+#~ msgstr "RESTART, akışı baştan yeniden başlatır."
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
+#~ msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "RETRY returns the error message and a similar challenge to the executor."
+#~ msgid "RETRY returns the error message and a similar challenge to the executor."
-msgstr "RETRY hata iletisi ve yürütücünün benzer bir meydan okuma döndürür."
+#~ msgstr "RETRY hata iletisi ve yürütücünün benzer bir meydan okuma döndürür."
 #~ msgid "RS256 (Asymmetric Encryption)"
 #~ msgstr "RS256 (Asimetrik Şifreleme)"
@ -4641,23 +4672,23 @@ msgstr "RETRY hata iletisi ve yürütücünün benzer bir meydan okuma döndür
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA1"
+#~ msgid "RSA-SHA1"
-msgstr "RSA-SHA1"
+#~ msgstr "RSA-SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA256"
+#~ msgid "RSA-SHA256"
-msgstr "RSA-SHA256"
+#~ msgstr "RSA-SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA384"
+#~ msgid "RSA-SHA384"
-msgstr "RSA-SHA384"
+#~ msgstr "RSA-SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA512"
+#~ msgid "RSA-SHA512"
-msgstr "RSA-SHA512"
+#~ msgstr "RSA-SHA512"
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 msgid "Raw JWKS data."
@ -4811,6 +4842,10 @@ msgstr "İtibar puanları"
 msgid "Request"
 msgstr "Talep"
 #: src/flow/stages/FlowErrorStage.ts
 msgid "Request ID"
 msgstr ""
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 msgid "Request has been denied."
 msgstr "İstek reddedildi."
@ -4858,6 +4893,14 @@ msgstr ""
 #~ msgid "Resources"
 #~ msgstr "Kaynaklar"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning"
 msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning, while keeping the flow context"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 msgid "Result"
@ -4876,8 +4919,8 @@ msgstr "Kimlik doğrulamayı yeniden deneyin"
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Return"
+#~ msgid "Return"
-msgstr "İade"
+#~ msgstr "İade"
 #: src/elements/router/Router404.ts
 msgid "Return home"
@ -4892,6 +4935,10 @@ msgstr "Aygıt seçiciye geri dön"
 #~ msgid "Return true if request IP/target username's score is below a certain threshold."
 #~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Returns the error message and a similar challenge to the executor"
 msgstr ""
 #: src/elements/oauth/UserRefreshList.ts
 msgid "Revoked?"
 msgstr "İptal mi edildi?"
@ -4932,29 +4979,37 @@ msgstr ""
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA1"
+#~ msgid "SHA1"
-msgstr "SHA1"
+#~ msgstr "SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA256"
+#~ msgid "SHA256"
-msgstr "SHA256"
+#~ msgstr "SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA384"
+#~ msgid "SHA384"
-msgstr "SHA384"
+#~ msgstr "SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA512"
+#~ msgid "SHA512"
-msgstr "SHA512"
+#~ msgstr "SHA512"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceViewPage.ts
 msgid "SLO URL"
 msgstr "SLO URL"
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Post)"
 msgstr ""
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Redirect)"
 msgstr ""
 #: src/flow/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "SMS"
 msgstr "SMS"
@ -5107,7 +5162,7 @@ msgstr "Bir kayıt akışı seçme"
 #~ msgid "Select an identification method."
 #~ msgstr "Bir tanımlama yöntemi seçin."
-#: src/elements/SearchSelect.ts
+#: src/elements/forms/SearchSelect.ts
 msgid "Select an object."
 msgstr ""
@ -5374,9 +5429,7 @@ msgstr ""
 msgid "Slug"
 msgstr "Kısa İsim"
 #: src/flow/FlowExecutor.ts
 #: src/flow/stages/FlowErrorStage.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
 msgid "Something went wrong! Please try again later."
 msgstr "Bir şeyler ters gitti! Lütfen daha sonra tekrar deneyin."
@ -5390,6 +5443,10 @@ msgstr "Kaynak bağlantılı"
 #~ msgid "Source name"
 #~ msgstr "Kaynak adı"
 #: src/admin/stages/identification/IdentificationStageForm.ts
 msgid "Source settings"
 msgstr ""
 #~ msgid "Source {0}"
 #~ msgstr "Kaynak {0}"
@ -6124,6 +6181,10 @@ msgstr "Aşağıdaki nesneler {objName}"
 msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "The outpost holds all users and groups in-memory and will refresh every 5 Minutes"
 msgstr ""
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@ -6241,6 +6302,10 @@ msgstr ""
 msgid "Threshold"
 msgstr "Eşik"
 #: src/admin/stages/dummy/DummyStageForm.ts
 msgid "Throw error?"
 msgstr ""
 #: src/admin/stages/email/EmailStageForm.ts
 msgid "Time in minutes the token sent is valid."
 msgstr "Gönderilen belirtecin dakika cinsinden geçerlilik süresi."
@ -6526,6 +6591,39 @@ msgstr "Belirteç tarafından başvurulan benzersiz tanımlayıcı."
 msgid "Unknown"
 msgstr "bilinmeyen"
 #: src/admin/flows/utils.ts
 msgid "Unknown designation"
 msgstr ""
 #: src/admin/tokens/TokenListPage.ts
 msgid "Unknown intent"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Unknown layout"
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 msgid "Unknown outpost type"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceViewPage.ts
 msgid "Unknown provider type"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Unknown proxy mode"
 msgstr ""
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Unknown type"
 msgstr ""
 #: src/admin/sources/oauth/utils.ts
 msgid "Unknown user matching mode"
 msgstr ""
 #~ msgid "Unmanaged"
 #~ msgstr "Yönetilmeyen"
@ -6786,6 +6884,14 @@ msgstr "Bu sağlayıcıyı nginx'in auth_request veya traefik'in forwardAuth ile
 msgid "Use this tenant for each domain that doesn't have a dedicated tenant."
 msgstr "Bu sakini, ayrılmış bir sakine sahip olmayan her etki alanı için kullanın."
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to access the API programmatically"
 msgstr ""
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to login using a flow executor"
 msgstr ""
 #: src/admin/applications/ApplicationCheckAccessForm.ts
 #: src/admin/events/EventInfo.ts
 #: src/admin/events/EventListPage.ts
@ -7251,8 +7357,20 @@ msgstr "Proxy veya ileri auth (tek uygulama) modunu kullanırken, istenen URL Yo
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Whoops!"
+#~ msgid "Whoops!"
-msgstr "Hay aksi!"
+#~ msgstr "Hay aksi!"
 #: src/admin/flows/FlowForm.ts
 msgid "Will either follow the ?next parameter or redirect to the default interface"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will follow the ?next parameter if set, otherwise show a message"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will notify the user the flow isn't applicable"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Windows"
--- a/web/src/locales/zh-Hans.po
+++ b/web/src/locales/zh-Hans.po
@ -123,21 +123,21 @@ msgstr "ACS URL"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ALL, all policies must match to grant access."
+#~ msgid "ALL, all policies must match to grant access."
-msgstr "ALL，必须匹配所有策略才能授予访问权限。"
+#~ msgstr "ALL，必须匹配所有策略才能授予访问权限。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "ALL, all policies must match to include this stage access."
+#~ msgid "ALL, all policies must match to include this stage access."
-msgstr "ALL，必须匹配所有策略才能包含此阶段访问权限。"
+#~ msgstr "ALL，必须匹配所有策略才能包含此阶段访问权限。"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ANY, any policy must match to grant access."
+#~ msgid "ANY, any policy must match to grant access."
-msgstr "ANY，必须匹配任意策略才能授予访问权限。"
+#~ msgstr "ANY，必须匹配任意策略才能授予访问权限。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "ANY, any policy must match to include this stage access."
+#~ msgid "ANY, any policy must match to include this stage access."
-msgstr "ANY，必须匹配任意策略才能包含此阶段访问权限。"
+#~ msgstr "ANY，必须匹配任意策略才能包含此阶段访问权限。"
 #: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
 msgid "API"
@ -164,8 +164,12 @@ msgid "API Requests"
 msgstr "API 请求"
 #: src/admin/tokens/TokenForm.ts
-msgid "API Token (can be used to access the API programmatically)"
+msgid "API Token"
-msgstr "API 令牌（可用于以编程方式访问 API）"
+msgstr ""
 #: src/admin/tokens/TokenForm.ts
 #~ msgid "API Token (can be used to access the API programmatically)"
 #~ msgstr "API 令牌（可用于以编程方式访问 API）"
 #: src/admin/stages/captcha/CaptchaStageForm.ts
 msgid "API URL"
@ -366,12 +370,18 @@ msgid "Affected model:"
 msgstr "受影响的模型："
 #: src/admin/events/RuleForm.ts
-msgid "Alert"
+#~ msgid "Alert"
-msgstr "注意"
+#~ msgstr "注意"
 #~ msgid "Algorithm used to sign the JWT Tokens."
 #~ msgstr "用于签名 JWT 令牌的算法。"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "All policies must match to grant access"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Allow IDP-initiated logins"
 msgstr "允许 IDP 发起的登录"
@ -422,10 +432,18 @@ msgstr ""
 msgid "Alternatively, if your current device has Duo installed, click on this link:"
 msgstr "或者，如果您当前的设备已安装 Duo，请点击此链接："
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always execute the configured bind flow to authenticate the user"
 msgstr ""
 #: src/admin/stages/consent/ConsentStageForm.ts
 msgid "Always require consent"
 msgstr "始终需要征得同意授权"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always returns the latest data, but slower than cached querying"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 msgid "An example setup can look like this:"
 msgstr "设置示例如下所示："
@ -434,6 +452,12 @@ msgstr "设置示例如下所示："
 msgid "Any HTML can be used."
 msgstr "可以使用任何 HTML。"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "Any policy must match to grant access"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 msgid "App"
@ -444,8 +468,16 @@ msgid "App password"
 msgstr "应用密码"
 #: src/admin/tokens/TokenForm.ts
-msgid "App password (can be used to login using a flow executor)"
+#~ msgid "App password (can be used to login using a flow executor)"
-msgstr "应用密码（可用于使用流程执行器登录）"
+#~ msgstr "应用密码（可用于使用流程执行器登录）"
 #: src/admin/tokens/TokenForm.ts
 msgid "App password."
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Appearance settings"
 msgstr ""
 #: src/admin/admin-overview/TopApplicationsTable.ts
 #: src/admin/providers/ProviderListPage.ts
@ -783,6 +815,10 @@ msgstr "基本身份验证"
 msgid "Bearer Token"
 msgstr "Bearer 令牌"
 #: src/admin/flows/FlowForm.ts
 msgid "Behavior settings"
 msgstr ""
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 msgid "Bind CN"
 msgstr "Bind CN"
@ -871,12 +907,16 @@ msgid "CA which the endpoint's Certificate is verified against. Can be left empt
 msgstr "验证端点证书所依据的 CA。可以留空，表示不进行验证。"
 #: src/admin/flows/FlowForm.ts
-msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
+#~ msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Cached binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+#~ msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
-msgstr "缓存绑定，流程与会话会在内存中执行与缓存。会话过期时执行流程。"
+#~ msgstr "缓存绑定，流程与会话会在内存中执行与缓存。会话过期时执行流程。"
 #: src/admin/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
@ -887,8 +927,12 @@ msgid "Cached policies"
 msgstr "缓存策略"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
+msgid "Cached querying"
-msgstr "缓存查询，前哨将所有用户和组保存在内存中，并每 5 分钟刷新一次。"
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
 #~ msgstr "缓存查询，前哨将所有用户和组保存在内存中，并每 5 分钟刷新一次。"
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Caddy (Standalone)"
@ -1161,6 +1205,7 @@ msgstr "客户端类型"
 #: src/admin/users/UserListPage.ts
 #: src/elements/notifications/NotificationDrawer.ts
 #: src/elements/wizard/Wizard.ts
 #: src/flow/FlowInspector.ts
 msgid "Close"
 msgstr "关闭"
@ -1234,8 +1279,12 @@ msgid "Configure how the NameID value will be created. When left empty, the Name
 msgstr "配置如何创建 NameID 值。如果留空，将遵守传入请求的 NameIDPolicy。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgid "Configure how the flow executor should handle an invalid response to a challenge given by this bound stage."
-msgstr "配置流程执行器应如何处理对质询的无效响应。"
+msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 #~ msgid "Configure how the flow executor should handle an invalid response to a challenge."
 #~ msgstr "配置流程执行器应如何处理对质询的无效响应。"
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Configure how the issuer field of the ID Token should be filled."
@ -1657,8 +1706,8 @@ msgstr "自定义"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "DSA-SHA1"
+#~ msgid "DSA-SHA1"
-msgstr "DSA-SHA1"
+#~ msgstr "DSA-SHA1"
 #: src/admin/AdminInterface.ts
 msgid "Dashboards"
@ -1876,15 +1925,23 @@ msgid "Digits"
 msgstr "数字"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct binding, always execute the configured bind flow to authenticate the user."
+msgid "Direct binding"
-msgstr "直接绑定，总是执行配置的绑定流程，以验证用户的身份。"
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Direct binding, always execute the configured bind flow to authenticate the user."
 #~ msgstr "直接绑定，总是执行配置的绑定流程，以验证用户的身份。"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying"
 msgstr ""
 #~ msgid "Direct querying, always execute the configured bind flow to authenticate the user."
 #~ msgstr "直接查询，总是执行配置的绑定流程，以验证用户的身份。"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct querying, always returns the latest data, but slower than cached querying."
+#~ msgid "Direct querying, always returns the latest data, but slower than cached querying."
-msgstr "直接查询，总是返回最新数据，但比缓存查询慢。"
+#~ msgstr "直接查询，总是返回最新数据，但比缓存查询慢。"
 #: src/admin/AdminInterface.ts
 msgid "Directory"
@ -1955,8 +2012,12 @@ msgid "Download signing certificate"
 msgstr "下载签名证书"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
+msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate."
-msgstr "由于协议限制，只在前哨有单个提供程序时才使用此证书。"
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
 #~ msgstr "由于协议限制，只在前哨有单个提供程序时才使用此证书。"
 #~ msgid "Dummy"
 #~ msgstr "占位"
@ -2001,8 +2062,12 @@ msgid "Duration after which events will be deleted from the database."
 msgstr "事件从数据库中删除的时间，超过这个时间就会被删除。"
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Each provider has a different issuer, based on the application slug."
+msgid "Each provider has a different issuer, based on the application slug"
-msgstr "根据应用程序 Slug，每个提供程序都有不同的颁发者。"
+msgstr ""
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "Each provider has a different issuer, based on the application slug."
 #~ msgstr "根据应用程序 Slug，每个提供程序都有不同的颁发者。"
 #: src/admin/applications/ApplicationViewPage.ts
 #: src/admin/applications/ApplicationViewPage.ts
@ -2110,8 +2175,8 @@ msgstr "启用 StartTLS"
 #~ msgstr "启用 TOTP"
 #: src/admin/flows/FlowForm.ts
-msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
+#~ msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
-msgstr "启用兼容模式，增强与移动设备上密码管理器的兼容性。"
+#~ msgstr "启用兼容模式，增强与移动设备上密码管理器的兼容性。"
 #: src/admin/blueprints/BlueprintForm.ts
 #: src/admin/blueprints/BlueprintListPage.ts
@ -2481,6 +2546,10 @@ msgstr "流程执行"
 msgid "Flow inspector"
 msgstr "流程检视器"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Flow is executed and session is cached in memory. Flow is executed when session expires"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
@ -3014,6 +3083,10 @@ msgstr "对于不访问 userinfo 端点的应用程序，将来自作用域的
 msgid "Include claims in id_token"
 msgstr "在 id_token 中包含声明"
 #: src/admin/flows/FlowForm.ts
 msgid "Increases compatibility with password managers and mobile devices."
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Integration"
@ -3062,8 +3135,12 @@ msgstr ""
 "及其尝试登录的用户名的分数。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "Invalid response action"
+#~ msgid "Invalid response action"
-msgstr "无效响应操作"
+#~ msgstr "无效响应操作"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Invalid response behavior"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Invalidation"
@ -3305,82 +3382,29 @@ msgstr "加载服务器"
 msgid "Loading"
 msgstr "正在加载"
-#: src/admin/applications/ApplicationCheckAccessForm.ts
+#: src/elements/forms/SearchSelect.ts
-#: src/admin/applications/ApplicationForm.ts
+msgid "Loading options..."
-#: src/admin/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgstr ""
-#: src/admin/blueprints/BlueprintForm.ts
+
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/TransportForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/policies/PolicyBindingForm.ts
 #: src/admin/policies/PolicyTestForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderImportForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
 #: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
 #: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
 #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 #: src/admin/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
 #: src/admin/stages/email/EmailStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/invitation/InvitationForm.ts
 #: src/admin/stages/invitation/InvitationListLink.ts
 #: src/admin/stages/password/PasswordStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tokens/TokenForm.ts
 #: src/admin/users/UserForm.ts
 #: src/admin/users/UserResetEmailForm.ts
 #: src/elements/Spinner.ts
 msgid "Loading..."
 msgstr "正在加载……"
@ -3465,12 +3489,12 @@ msgid "Long-running operations which authentik executes in the background."
 msgstr "authentik 在后台执行的长时间运行的操作。"
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE will notify the user the flow isn't applicable."
+#~ msgid "MESSAGE will notify the user the flow isn't applicable."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
+#~ msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
-msgstr ""
+#~ msgstr ""
 #: src/admin/users/UserViewPage.ts
 msgid "MFA Authenticators"
@ -3948,7 +3972,6 @@ msgstr "尚未同步。"
 msgid "Not used by any other object."
 msgstr "不被任何其他对象使用。"
 #: src/flow/stages/FlowErrorStage.ts
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 #: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
 #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
@ -4467,8 +4490,16 @@ msgid "Post binding"
 msgstr "Post 绑定"
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "Post binding (auto-submit)"
+#~ msgid "Post binding (auto-submit)"
-msgstr "Post 绑定（自动提交）"
+#~ msgstr "Post 绑定（自动提交）"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post binding but the request is automatically sent and the user doesn't have to confirm."
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post-auto binding"
 msgstr ""
 #: src/flow/FlowExecutor.ts
 msgid "Powered by authentik"
@ -4630,16 +4661,16 @@ msgstr "快速操作"
 #~ msgstr "RESTART 从头开始重新启动流程，同时保留流程上下文。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART restarts the flow from the beginning."
+#~ msgid "RESTART restarts the flow from the beginning."
-msgstr "RESTART 从头开始重新启动流程。"
+#~ msgstr "RESTART 从头开始重新启动流程。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
+#~ msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "RETRY returns the error message and a similar challenge to the executor."
+#~ msgid "RETRY returns the error message and a similar challenge to the executor."
-msgstr "RETRY 向执行器返回错误消息和类似的质询。"
+#~ msgstr "RETRY 向执行器返回错误消息和类似的质询。"
 #~ msgid "RS256 (Asymmetric Encryption)"
 #~ msgstr "RS256（非对称加密）"
@ -4649,23 +4680,23 @@ msgstr "RETRY 向执行器返回错误消息和类似的质询。"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA1"
+#~ msgid "RSA-SHA1"
-msgstr "RSA-SHA1"
+#~ msgstr "RSA-SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA256"
+#~ msgid "RSA-SHA256"
-msgstr "RSA-SHA256"
+#~ msgstr "RSA-SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA384"
+#~ msgid "RSA-SHA384"
-msgstr "RSA-SHA384"
+#~ msgstr "RSA-SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA512"
+#~ msgid "RSA-SHA512"
-msgstr "RSA-SHA512"
+#~ msgstr "RSA-SHA512"
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 msgid "Raw JWKS data."
@ -4819,6 +4850,10 @@ msgstr "信誉分数"
 msgid "Request"
 msgstr "请求"
 #: src/flow/stages/FlowErrorStage.ts
 msgid "Request ID"
 msgstr ""
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 msgid "Request has been denied."
 msgstr "请求被拒绝。"
@ -4866,6 +4901,14 @@ msgstr "常驻钥匙要求"
 #~ msgid "Resources"
 #~ msgstr "资源"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning"
 msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning, while keeping the flow context"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 msgid "Result"
@ -4884,8 +4927,8 @@ msgstr "重试身份验证"
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Return"
+#~ msgid "Return"
-msgstr "返回"
+#~ msgstr "返回"
 #: src/elements/router/Router404.ts
 msgid "Return home"
@ -4900,6 +4943,10 @@ msgstr "返回设备选择器"
 #~ msgid "Return true if request IP/target username's score is below a certain threshold."
 #~ msgstr "如果请求 IP/目标用户名的分数低于特定阈值则返回真。 "
 #: src/admin/flows/StageBindingForm.ts
 msgid "Returns the error message and a similar challenge to the executor"
 msgstr ""
 #: src/elements/oauth/UserRefreshList.ts
 msgid "Revoked?"
 msgstr "已吊销？"
@ -4940,29 +4987,37 @@ msgstr "SAML 详情"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA1"
+#~ msgid "SHA1"
-msgstr "SHA1"
+#~ msgstr "SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA256"
+#~ msgid "SHA256"
-msgstr "SHA256"
+#~ msgstr "SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA384"
+#~ msgid "SHA384"
-msgstr "SHA384"
+#~ msgstr "SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA512"
+#~ msgid "SHA512"
-msgstr "SHA512"
+#~ msgstr "SHA512"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceViewPage.ts
 msgid "SLO URL"
 msgstr "SLO URL"
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Post)"
 msgstr ""
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Redirect)"
 msgstr ""
 #: src/flow/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "SMS"
 msgstr "短信"
@ -5115,7 +5170,7 @@ msgstr "选择注册流程"
 #~ msgid "Select an identification method."
 #~ msgstr "选择身份识别方法。"
-#: src/elements/SearchSelect.ts
+#: src/elements/forms/SearchSelect.ts
 msgid "Select an object."
 msgstr "选择一个对象。"
@ -5382,9 +5437,7 @@ msgstr ""
 msgid "Slug"
 msgstr "Slug"
 #: src/flow/FlowExecutor.ts
 #: src/flow/stages/FlowErrorStage.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
 msgid "Something went wrong! Please try again later."
 msgstr "发生了某些错误！请稍后重试。"
@ -5398,6 +5451,10 @@ msgstr "源已链接"
 #~ msgid "Source name"
 #~ msgstr "源名称"
 #: src/admin/stages/identification/IdentificationStageForm.ts
 msgid "Source settings"
 msgstr ""
 #~ msgid "Source {0}"
 #~ msgstr "源 {0}"
@ -6132,6 +6189,10 @@ msgstr "以下对象使用 {objName}"
 msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "The outpost holds all users and groups in-memory and will refresh every 5 Minutes"
 msgstr ""
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@ -6249,6 +6310,10 @@ msgstr ""
 msgid "Threshold"
 msgstr "阈值"
 #: src/admin/stages/dummy/DummyStageForm.ts
 msgid "Throw error?"
 msgstr ""
 #: src/admin/stages/email/EmailStageForm.ts
 msgid "Time in minutes the token sent is valid."
 msgstr "发出令牌的有效时间（单位为分钟）。"
@ -6534,6 +6599,39 @@ msgstr "引用令牌的唯一标识符。"
 msgid "Unknown"
 msgstr "未知"
 #: src/admin/flows/utils.ts
 msgid "Unknown designation"
 msgstr ""
 #: src/admin/tokens/TokenListPage.ts
 msgid "Unknown intent"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Unknown layout"
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 msgid "Unknown outpost type"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceViewPage.ts
 msgid "Unknown provider type"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Unknown proxy mode"
 msgstr ""
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Unknown type"
 msgstr ""
 #: src/admin/sources/oauth/utils.ts
 msgid "Unknown user matching mode"
 msgstr ""
 #~ msgid "Unmanaged"
 #~ msgstr "未托管"
@ -6794,6 +6892,14 @@ msgstr "与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用此
 msgid "Use this tenant for each domain that doesn't have a dedicated tenant."
 msgstr "所有未设置专用租户的域名都将使用此租户。"
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to access the API programmatically"
 msgstr ""
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to login using a flow executor"
 msgstr ""
 #: src/admin/applications/ApplicationCheckAccessForm.ts
 #: src/admin/events/EventInfo.ts
 #: src/admin/events/EventListPage.ts
@ -7261,8 +7367,20 @@ msgstr "使用代理或 Forward Auth（单应用）模式时，将根据正则
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Whoops!"
+#~ msgid "Whoops!"
-msgstr "哎呦！"
+#~ msgstr "哎呦！"
 #: src/admin/flows/FlowForm.ts
 msgid "Will either follow the ?next parameter or redirect to the default interface"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will follow the ?next parameter if set, otherwise show a message"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will notify the user the flow isn't applicable"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Windows"
--- a/web/src/locales/zh-Hant.po
+++ b/web/src/locales/zh-Hant.po
@ -123,21 +123,21 @@ msgstr "ACS URL"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ALL, all policies must match to grant access."
+#~ msgid "ALL, all policies must match to grant access."
-msgstr "ALL，所有策略必须匹配才能授予访问权限。"
+#~ msgstr "ALL，所有策略必须匹配才能授予访问权限。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "ALL, all policies must match to include this stage access."
+#~ msgid "ALL, all policies must match to include this stage access."
-msgstr "ALL，所有策略必须匹配才能包含此阶段访问权限。"
+#~ msgstr "ALL，所有策略必须匹配才能包含此阶段访问权限。"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ANY, any policy must match to grant access."
+#~ msgid "ANY, any policy must match to grant access."
-msgstr "ANY，任何策略都必须匹配才能授予访问权限。"
+#~ msgstr "ANY，任何策略都必须匹配才能授予访问权限。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "ANY, any policy must match to include this stage access."
+#~ msgid "ANY, any policy must match to include this stage access."
-msgstr "ANY，任何策略都必须匹配才能包含此阶段访问权限。"
+#~ msgstr "ANY，任何策略都必须匹配才能包含此阶段访问权限。"
 #: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
 msgid "API"
@ -164,8 +164,12 @@ msgid "API Requests"
 msgstr "API 请求"
 #: src/admin/tokens/TokenForm.ts
-msgid "API Token (can be used to access the API programmatically)"
+msgid "API Token"
-msgstr "API 令牌（可用于以编程方式访问 API）"
+msgstr ""
 #: src/admin/tokens/TokenForm.ts
 #~ msgid "API Token (can be used to access the API programmatically)"
 #~ msgstr "API 令牌（可用于以编程方式访问 API）"
 #: src/admin/stages/captcha/CaptchaStageForm.ts
 msgid "API URL"
@ -366,12 +370,18 @@ msgid "Affected model:"
 msgstr "受影响的模型："
 #: src/admin/events/RuleForm.ts
-msgid "Alert"
+#~ msgid "Alert"
-msgstr "注意"
+#~ msgstr "注意"
 #~ msgid "Algorithm used to sign the JWT Tokens."
 #~ msgstr "用于对JWT令牌进行签名的算法。"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "All policies must match to grant access"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Allow IDP-initiated logins"
 msgstr "允许 IDP 发起的登入"
@ -422,10 +432,18 @@ msgstr ""
 msgid "Alternatively, if your current device has Duo installed, click on this link:"
 msgstr "或者，如果您当前的设备已安装 Duo，请单击此链接："
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always execute the configured bind flow to authenticate the user"
 msgstr ""
 #: src/admin/stages/consent/ConsentStageForm.ts
 msgid "Always require consent"
 msgstr "始终需要征得同意"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always returns the latest data, but slower than cached querying"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 msgid "An example setup can look like this:"
 msgstr "设置示例如下所示："
@ -434,6 +452,12 @@ msgstr "设置示例如下所示："
 msgid "Any HTML can be used."
 msgstr "任何HTML都可以使用。"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "Any policy must match to grant access"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 msgid "App"
@ -444,8 +468,16 @@ msgid "App password"
 msgstr "应用密码"
 #: src/admin/tokens/TokenForm.ts
-msgid "App password (can be used to login using a flow executor)"
+#~ msgid "App password (can be used to login using a flow executor)"
-msgstr "应用程序密码（可用于使用流程执行器登录）"
+#~ msgstr "应用程序密码（可用于使用流程执行器登录）"
 #: src/admin/tokens/TokenForm.ts
 msgid "App password."
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Appearance settings"
 msgstr ""
 #: src/admin/admin-overview/TopApplicationsTable.ts
 #: src/admin/providers/ProviderListPage.ts
@ -783,6 +815,10 @@ msgstr "基本身份验证"
 msgid "Bearer Token"
 msgstr "不记名令牌"
 #: src/admin/flows/FlowForm.ts
 msgid "Behavior settings"
 msgstr ""
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 msgid "Bind CN"
 msgstr "Bind CN"
@ -871,12 +907,16 @@ msgid "CA which the endpoint's Certificate is verified against. Can be left empt
 msgstr "验证终端节点证书所依据的 CA。可以留空以表示不进行验证。"
 #: src/admin/flows/FlowForm.ts
-msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
+#~ msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Cached binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+#~ msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
-msgstr ""
+#~ msgstr ""
 #: src/admin/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
@ -887,8 +927,12 @@ msgid "Cached policies"
 msgstr "缓存策略"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
+msgid "Cached querying"
-msgstr "缓存查询，前哨将所有用户和组保存在内存中，并将每5分钟刷新一次。"
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
 #~ msgstr "缓存查询，前哨将所有用户和组保存在内存中，并将每5分钟刷新一次。"
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Caddy (Standalone)"
@ -1161,6 +1205,7 @@ msgstr "客户机类型"
 #: src/admin/users/UserListPage.ts
 #: src/elements/notifications/NotificationDrawer.ts
 #: src/elements/wizard/Wizard.ts
 #: src/flow/FlowInspector.ts
 msgid "Close"
 msgstr "关闭"
@ -1234,8 +1279,12 @@ msgid "Configure how the NameID value will be created. When left empty, the Name
 msgstr "配置如何创建 NameID 值。如果留空，将遵守传入请求的 NameIdPolicy。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgid "Configure how the flow executor should handle an invalid response to a challenge given by this bound stage."
-msgstr "配置流程执行器应如何处理对质询的无效响应。"
+msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 #~ msgid "Configure how the flow executor should handle an invalid response to a challenge."
 #~ msgstr "配置流程执行器应如何处理对质询的无效响应。"
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Configure how the issuer field of the ID Token should be filled."
@ -1657,8 +1706,8 @@ msgstr "定制"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "DSA-SHA1"
+#~ msgid "DSA-SHA1"
-msgstr "DSA-SHA1"
+#~ msgstr "DSA-SHA1"
 #: src/admin/AdminInterface.ts
 msgid "Dashboards"
@ -1876,15 +1925,23 @@ msgid "Digits"
 msgstr "数字"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct binding, always execute the configured bind flow to authenticate the user."
+msgid "Direct binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Direct binding, always execute the configured bind flow to authenticate the user."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying"
 msgstr ""
 #~ msgid "Direct querying, always execute the configured bind flow to authenticate the user."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct querying, always returns the latest data, but slower than cached querying."
+#~ msgid "Direct querying, always returns the latest data, but slower than cached querying."
-msgstr "直接查询，总是返回最新数据，但比缓存查询慢。"
+#~ msgstr "直接查询，总是返回最新数据，但比缓存查询慢。"
 #: src/admin/AdminInterface.ts
 msgid "Directory"
@ -1955,8 +2012,12 @@ msgid "Download signing certificate"
 msgstr "下载签名证书"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
+msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate."
-msgstr "由于协议限制，只有在 Outpost 有单个提供者时才使用此证书。"
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
 #~ msgstr "由于协议限制，只有在 Outpost 有单个提供者时才使用此证书。"
 #~ msgid "Dummy"
 #~ msgstr "占位"
@ -2001,8 +2062,12 @@ msgid "Duration after which events will be deleted from the database."
 msgstr "事件将从数据库中删除的持续时间。"
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Each provider has a different issuer, based on the application slug."
+msgid "Each provider has a different issuer, based on the application slug"
-msgstr "根据应用程序 slug，每个提供商都有不同的颁发者。"
+msgstr ""
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "Each provider has a different issuer, based on the application slug."
 #~ msgstr "根据应用程序 slug，每个提供商都有不同的颁发者。"
 #: src/admin/applications/ApplicationViewPage.ts
 #: src/admin/applications/ApplicationViewPage.ts
@ -2110,8 +2175,8 @@ msgstr "启用 StartTLS"
 #~ msgstr "启用 TOTP"
 #: src/admin/flows/FlowForm.ts
-msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
+#~ msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
-msgstr "启用兼容模式，增加与移动设备上密码管理器的兼容性。"
+#~ msgstr "启用兼容模式，增加与移动设备上密码管理器的兼容性。"
 #: src/admin/blueprints/BlueprintForm.ts
 #: src/admin/blueprints/BlueprintListPage.ts
@ -2481,6 +2546,10 @@ msgstr "流程执行"
 msgid "Flow inspector"
 msgstr "流程检查器"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Flow is executed and session is cached in memory. Flow is executed when session expires"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
@ -3014,6 +3083,10 @@ msgstr "对于不访问userinfo端点的应用程序，将来自作用域的用
 msgid "Include claims in id_token"
 msgstr "在 id_token 中包含声明"
 #: src/admin/flows/FlowForm.ts
 msgid "Increases compatibility with password managers and mobile devices."
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Integration"
@ -3062,8 +3135,12 @@ msgstr ""
 "他们试图以一个身份登入的用户名。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "Invalid response action"
+#~ msgid "Invalid response action"
-msgstr "响应操作无效"
+#~ msgstr "响应操作无效"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Invalid response behavior"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Invalidation"
@ -3305,82 +3382,29 @@ msgstr "加载服务器"
 msgid "Loading"
 msgstr "正在加载"
-#: src/admin/applications/ApplicationCheckAccessForm.ts
+#: src/elements/forms/SearchSelect.ts
-#: src/admin/applications/ApplicationForm.ts
+msgid "Loading options..."
-#: src/admin/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgstr ""
-#: src/admin/blueprints/BlueprintForm.ts
+
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/TransportForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/policies/PolicyBindingForm.ts
 #: src/admin/policies/PolicyTestForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderImportForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
 #: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
 #: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
 #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 #: src/admin/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
 #: src/admin/stages/email/EmailStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/invitation/InvitationForm.ts
 #: src/admin/stages/invitation/InvitationListLink.ts
 #: src/admin/stages/password/PasswordStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tokens/TokenForm.ts
 #: src/admin/users/UserForm.ts
 #: src/admin/users/UserResetEmailForm.ts
 #: src/elements/Spinner.ts
 msgid "Loading..."
 msgstr "载入中……"
@ -3465,12 +3489,12 @@ msgid "Long-running operations which authentik executes in the background."
 msgstr "authentik 在后台执行的长时间运行的操作。"
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE will notify the user the flow isn't applicable."
+#~ msgid "MESSAGE will notify the user the flow isn't applicable."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
+#~ msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
-msgstr ""
+#~ msgstr ""
 #: src/admin/users/UserViewPage.ts
 msgid "MFA Authenticators"
@ -3948,7 +3972,6 @@ msgstr "尚未同步。"
 msgid "Not used by any other object."
 msgstr "不被任何其他对象使用。"
 #: src/flow/stages/FlowErrorStage.ts
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 #: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
 #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
@ -4467,8 +4490,16 @@ msgid "Post binding"
 msgstr "Post binding"
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "Post binding (auto-submit)"
+#~ msgid "Post binding (auto-submit)"
-msgstr "Post binding（自动提交）"
+#~ msgstr "Post binding（自动提交）"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post binding but the request is automatically sent and the user doesn't have to confirm."
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post-auto binding"
 msgstr ""
 #: src/flow/FlowExecutor.ts
 msgid "Powered by authentik"
@ -4630,16 +4661,16 @@ msgstr "快速行动"
 #~ msgstr "RESTART 从头开始重新启动流程，同时保留流程上下文。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART restarts the flow from the beginning."
+#~ msgid "RESTART restarts the flow from the beginning."
-msgstr "RESTART 从头开始重新启动流程。"
+#~ msgstr "RESTART 从头开始重新启动流程。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
+#~ msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "RETRY returns the error message and a similar challenge to the executor."
+#~ msgid "RETRY returns the error message and a similar challenge to the executor."
-msgstr "RETRY 向执行器返回错误消息和类似的质询。"
+#~ msgstr "RETRY 向执行器返回错误消息和类似的质询。"
 #~ msgid "RS256 (Asymmetric Encryption)"
 #~ msgstr "RS256（非对称加密）"
@ -4649,23 +4680,23 @@ msgstr "RETRY 向执行器返回错误消息和类似的质询。"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA1"
+#~ msgid "RSA-SHA1"
-msgstr "RSA-SHA1"
+#~ msgstr "RSA-SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA256"
+#~ msgid "RSA-SHA256"
-msgstr "RSA-SHA256"
+#~ msgstr "RSA-SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA384"
+#~ msgid "RSA-SHA384"
-msgstr "RSA-SHA384"
+#~ msgstr "RSA-SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA512"
+#~ msgid "RSA-SHA512"
-msgstr "RSA-SHA512"
+#~ msgstr "RSA-SHA512"
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 msgid "Raw JWKS data."
@ -4819,6 +4850,10 @@ msgstr "声誉得分"
 msgid "Request"
 msgstr "请求"
 #: src/flow/stages/FlowErrorStage.ts
 msgid "Request ID"
 msgstr ""
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 msgid "Request has been denied."
 msgstr "请求被拒绝。"
@ -4866,6 +4901,14 @@ msgstr "常驻钥匙要求"
 #~ msgid "Resources"
 #~ msgstr "资源"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning"
 msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning, while keeping the flow context"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 msgid "Result"
@ -4884,8 +4927,8 @@ msgstr "重试身份验证"
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Return"
+#~ msgid "Return"
-msgstr "返回"
+#~ msgstr "返回"
 #: src/elements/router/Router404.ts
 msgid "Return home"
@ -4900,6 +4943,10 @@ msgstr "返回设备选择器"
 #~ msgid "Return true if request IP/target username's score is below a certain threshold."
 #~ msgstr "如果请求 IP/目标用户名的分数低于特定阈值则返回真。 "
 #: src/admin/flows/StageBindingForm.ts
 msgid "Returns the error message and a similar challenge to the executor"
 msgstr ""
 #: src/elements/oauth/UserRefreshList.ts
 msgid "Revoked?"
 msgstr "已吊销？"
@ -4940,29 +4987,37 @@ msgstr "SAML 详情"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA1"
+#~ msgid "SHA1"
-msgstr "SHA1"
+#~ msgstr "SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA256"
+#~ msgid "SHA256"
-msgstr "SHA256"
+#~ msgstr "SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA384"
+#~ msgid "SHA384"
-msgstr "SHA384"
+#~ msgstr "SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA512"
+#~ msgid "SHA512"
-msgstr "SHA512"
+#~ msgstr "SHA512"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceViewPage.ts
 msgid "SLO URL"
 msgstr "SLO URL"
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Post)"
 msgstr ""
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Redirect)"
 msgstr ""
 #: src/flow/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "SMS"
 msgstr "短信"
@ -5115,7 +5170,7 @@ msgstr "选择注册流程"
 #~ msgid "Select an identification method."
 #~ msgstr "选择一种识别方法。"
-#: src/elements/SearchSelect.ts
+#: src/elements/forms/SearchSelect.ts
 msgid "Select an object."
 msgstr "选择一个对象。"
@ -5382,9 +5437,7 @@ msgstr ""
 msgid "Slug"
 msgstr "Slug"
 #: src/flow/FlowExecutor.ts
 #: src/flow/stages/FlowErrorStage.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
 msgid "Something went wrong! Please try again later."
 msgstr "发生错误，请稍后重试。"
@ -5398,6 +5451,10 @@ msgstr "源链接"
 #~ msgid "Source name"
 #~ msgstr "源名称"
 #: src/admin/stages/identification/IdentificationStageForm.ts
 msgid "Source settings"
 msgstr ""
 #~ msgid "Source {0}"
 #~ msgstr "源 {0}"
@ -6132,6 +6189,10 @@ msgstr "以下对象使用 {objName}"
 msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "The outpost holds all users and groups in-memory and will refresh every 5 Minutes"
 msgstr ""
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@ -6249,6 +6310,10 @@ msgstr ""
 msgid "Threshold"
 msgstr "阈值"
 #: src/admin/stages/dummy/DummyStageForm.ts
 msgid "Throw error?"
 msgstr ""
 #: src/admin/stages/email/EmailStageForm.ts
 msgid "Time in minutes the token sent is valid."
 msgstr "发送的令牌的有效时间（以分钟为单位）。"
@ -6534,6 +6599,39 @@ msgstr "引用令牌的唯一标识符。"
 msgid "Unknown"
 msgstr "未知"
 #: src/admin/flows/utils.ts
 msgid "Unknown designation"
 msgstr ""
 #: src/admin/tokens/TokenListPage.ts
 msgid "Unknown intent"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Unknown layout"
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 msgid "Unknown outpost type"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceViewPage.ts
 msgid "Unknown provider type"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Unknown proxy mode"
 msgstr ""
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Unknown type"
 msgstr ""
 #: src/admin/sources/oauth/utils.ts
 msgid "Unknown user matching mode"
 msgstr ""
 #~ msgid "Unmanaged"
 #~ msgstr "非托管"
@ -6794,6 +6892,14 @@ msgstr "将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth
 msgid "Use this tenant for each domain that doesn't have a dedicated tenant."
 msgstr "对于没有专用租户的每个域，请使用此租户。"
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to access the API programmatically"
 msgstr ""
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to login using a flow executor"
 msgstr ""
 #: src/admin/applications/ApplicationCheckAccessForm.ts
 #: src/admin/events/EventInfo.ts
 #: src/admin/events/EventListPage.ts
@ -7261,8 +7367,20 @@ msgstr "使用代理或转发身份验证（单个应用程序）模式时，将
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Whoops!"
+#~ msgid "Whoops!"
-msgstr "噢！"
+#~ msgstr "噢！"
 #: src/admin/flows/FlowForm.ts
 msgid "Will either follow the ?next parameter or redirect to the default interface"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will follow the ?next parameter if set, otherwise show a message"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will notify the user the flow isn't applicable"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Windows"
--- a/web/src/locales/zh_TW.po
+++ b/web/src/locales/zh_TW.po
@ -123,21 +123,21 @@ msgstr "ACS URL"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ALL, all policies must match to grant access."
+#~ msgid "ALL, all policies must match to grant access."
-msgstr "ALL，所有策略必须匹配才能授予访问权限。"
+#~ msgstr "ALL，所有策略必须匹配才能授予访问权限。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "ALL, all policies must match to include this stage access."
+#~ msgid "ALL, all policies must match to include this stage access."
-msgstr "ALL，所有策略必须匹配才能包含此阶段访问权限。"
+#~ msgstr "ALL，所有策略必须匹配才能包含此阶段访问权限。"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
-msgid "ANY, any policy must match to grant access."
+#~ msgid "ANY, any policy must match to grant access."
-msgstr "ANY，任何策略都必须匹配才能授予访问权限。"
+#~ msgstr "ANY，任何策略都必须匹配才能授予访问权限。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "ANY, any policy must match to include this stage access."
+#~ msgid "ANY, any policy must match to include this stage access."
-msgstr "ANY，任何策略都必须匹配才能包含此阶段访问权限。"
+#~ msgstr "ANY，任何策略都必须匹配才能包含此阶段访问权限。"
 #: src/admin/applications/wizard/oauth/TypeOAuthApplicationWizardPage.ts
 msgid "API"
@ -164,8 +164,12 @@ msgid "API Requests"
 msgstr "API 请求"
 #: src/admin/tokens/TokenForm.ts
-msgid "API Token (can be used to access the API programmatically)"
+msgid "API Token"
-msgstr "API 令牌（可用于以编程方式访问 API）"
+msgstr ""
 #: src/admin/tokens/TokenForm.ts
 #~ msgid "API Token (can be used to access the API programmatically)"
 #~ msgstr "API 令牌（可用于以编程方式访问 API）"
 #: src/admin/stages/captcha/CaptchaStageForm.ts
 msgid "API URL"
@ -366,12 +370,18 @@ msgid "Affected model:"
 msgstr "受影响的模型："
 #: src/admin/events/RuleForm.ts
-msgid "Alert"
+#~ msgid "Alert"
-msgstr "注意"
+#~ msgstr "注意"
 #~ msgid "Algorithm used to sign the JWT Tokens."
 #~ msgstr "用于对JWT令牌进行签名的算法。"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "All policies must match to grant access"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Allow IDP-initiated logins"
 msgstr "允许 IDP 发起的登入"
@ -422,10 +432,18 @@ msgstr ""
 msgid "Alternatively, if your current device has Duo installed, click on this link:"
 msgstr "或者，如果您当前的设备已安装 Duo，请单击此链接："
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always execute the configured bind flow to authenticate the user"
 msgstr ""
 #: src/admin/stages/consent/ConsentStageForm.ts
 msgid "Always require consent"
 msgstr "始终需要征得同意"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Always returns the latest data, but slower than cached querying"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 msgid "An example setup can look like this:"
 msgstr "设置示例如下所示："
@ -434,6 +452,12 @@ msgstr "设置示例如下所示："
 msgid "Any HTML can be used."
 msgstr "任何HTML都可以使用。"
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/flows/FlowForm.ts
 #: src/admin/flows/StageBindingForm.ts
 msgid "Any policy must match to grant access"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 msgid "App"
@ -444,8 +468,16 @@ msgid "App password"
 msgstr "应用密码"
 #: src/admin/tokens/TokenForm.ts
-msgid "App password (can be used to login using a flow executor)"
+#~ msgid "App password (can be used to login using a flow executor)"
-msgstr "应用程序密码（可用于使用流程执行器登录）"
+#~ msgstr "应用程序密码（可用于使用流程执行器登录）"
 #: src/admin/tokens/TokenForm.ts
 msgid "App password."
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Appearance settings"
 msgstr ""
 #: src/admin/admin-overview/TopApplicationsTable.ts
 #: src/admin/providers/ProviderListPage.ts
@ -783,6 +815,10 @@ msgstr "基本身份验证"
 msgid "Bearer Token"
 msgstr "不记名令牌"
 #: src/admin/flows/FlowForm.ts
 msgid "Behavior settings"
 msgstr ""
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 msgid "Bind CN"
 msgstr "Bind CN"
@ -871,12 +907,16 @@ msgid "CA which the endpoint's Certificate is verified against. Can be left empt
 msgstr "验证终端节点证书所依据的 CA。可以留空以表示不进行验证。"
 #: src/admin/flows/FlowForm.ts
-msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
+#~ msgid "CONTINUE will either follow the ?next parameter or redirect to the default interface."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Cached binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
+#~ msgid "Cached binding, flow is executed and session is cached in memory. Flow is executed when session expires."
-msgstr ""
+#~ msgstr ""
 #: src/admin/admin-overview/charts/FlowStatusChart.ts
 msgid "Cached flows"
@ -887,8 +927,12 @@ msgid "Cached policies"
 msgstr "缓存策略"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
+msgid "Cached querying"
-msgstr "缓存查询，前哨将所有用户和组保存在内存中，并将每5分钟刷新一次。"
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Cached querying, the outpost holds all users and groups in-memory and will refresh every 5 Minutes."
 #~ msgstr "缓存查询，前哨将所有用户和组保存在内存中，并将每5分钟刷新一次。"
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Caddy (Standalone)"
@ -1161,6 +1205,7 @@ msgstr "客户机类型"
 #: src/admin/users/UserListPage.ts
 #: src/elements/notifications/NotificationDrawer.ts
 #: src/elements/wizard/Wizard.ts
 #: src/flow/FlowInspector.ts
 msgid "Close"
 msgstr "关闭"
@ -1234,8 +1279,12 @@ msgid "Configure how the NameID value will be created. When left empty, the Name
 msgstr "配置如何创建 NameID 值。如果留空，将遵守传入请求的 NameIdPolicy。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgid "Configure how the flow executor should handle an invalid response to a challenge given by this bound stage."
-msgstr "配置流程执行器应如何处理对质询的无效响应。"
+msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 #~ msgid "Configure how the flow executor should handle an invalid response to a challenge."
 #~ msgstr "配置流程执行器应如何处理对质询的无效响应。"
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Configure how the issuer field of the ID Token should be filled."
@ -1657,8 +1706,8 @@ msgstr "定制"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "DSA-SHA1"
+#~ msgid "DSA-SHA1"
-msgstr "DSA-SHA1"
+#~ msgstr "DSA-SHA1"
 #: src/admin/AdminInterface.ts
 msgid "Dashboards"
@ -1876,15 +1925,23 @@ msgid "Digits"
 msgstr "数字"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct binding, always execute the configured bind flow to authenticate the user."
+msgid "Direct binding"
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Direct binding, always execute the configured bind flow to authenticate the user."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Direct querying"
 msgstr ""
 #~ msgid "Direct querying, always execute the configured bind flow to authenticate the user."
 #~ msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Direct querying, always returns the latest data, but slower than cached querying."
+#~ msgid "Direct querying, always returns the latest data, but slower than cached querying."
-msgstr "直接查询，总是返回最新数据，但比缓存查询慢。"
+#~ msgstr "直接查询，总是返回最新数据，但比缓存查询慢。"
 #: src/admin/AdminInterface.ts
 msgid "Directory"
@ -1955,8 +2012,12 @@ msgid "Download signing certificate"
 msgstr "下载签名证书"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
-msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
+msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate."
-msgstr "由于协议限制，只有在 Outpost 有单个提供者时才使用此证书。"
+msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #~ msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider."
 #~ msgstr "由于协议限制，只有在 Outpost 有单个提供者时才使用此证书。"
 #~ msgid "Dummy"
 #~ msgstr "占位"
@ -2001,8 +2062,12 @@ msgid "Duration after which events will be deleted from the database."
 msgstr "事件将从数据库中删除的持续时间。"
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Each provider has a different issuer, based on the application slug."
+msgid "Each provider has a different issuer, based on the application slug"
-msgstr "根据应用程序 slug，每个提供商都有不同的颁发者。"
+msgstr ""
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #~ msgid "Each provider has a different issuer, based on the application slug."
 #~ msgstr "根据应用程序 slug，每个提供商都有不同的颁发者。"
 #: src/admin/applications/ApplicationViewPage.ts
 #: src/admin/applications/ApplicationViewPage.ts
@ -2110,8 +2175,8 @@ msgstr "启用 StartTLS"
 #~ msgstr "启用 TOTP"
 #: src/admin/flows/FlowForm.ts
-msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
+#~ msgid "Enable compatibility mode, increases compatibility with password managers on mobile devices."
-msgstr "启用兼容模式，增加与移动设备上密码管理器的兼容性。"
+#~ msgstr "启用兼容模式，增加与移动设备上密码管理器的兼容性。"
 #: src/admin/blueprints/BlueprintForm.ts
 #: src/admin/blueprints/BlueprintListPage.ts
@ -2481,6 +2546,10 @@ msgstr "流程执行"
 msgid "Flow inspector"
 msgstr "流程检查器"
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "Flow is executed and session is cached in memory. Flow is executed when session expires"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
@ -3014,6 +3083,10 @@ msgstr "对于不访问userinfo端点的应用程序，将来自作用域的用
 msgid "Include claims in id_token"
 msgstr "在 id_token 中包含声明"
 #: src/admin/flows/FlowForm.ts
 msgid "Increases compatibility with password managers and mobile devices."
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Integration"
@ -3062,8 +3135,12 @@ msgstr ""
 "他们试图以一个身份登入的用户名。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "Invalid response action"
+#~ msgid "Invalid response action"
-msgstr "响应操作无效"
+#~ msgstr "响应操作无效"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Invalid response behavior"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Invalidation"
@ -3305,82 +3382,29 @@ msgstr "加载服务器"
 msgid "Loading"
 msgstr "正在加载"
-#: src/admin/applications/ApplicationCheckAccessForm.ts
+#: src/elements/forms/SearchSelect.ts
-#: src/admin/applications/ApplicationForm.ts
+msgid "Loading options..."
-#: src/admin/applications/wizard/oauth/TypeOAuthCodeApplicationWizardPage.ts
+msgstr ""
-#: src/admin/blueprints/BlueprintForm.ts
+
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/RuleForm.ts
 #: src/admin/events/TransportForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/flows/StageBindingForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/groups/GroupForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/OutpostForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/outposts/ServiceConnectionDockerForm.ts
 #: src/admin/policies/PolicyBindingForm.ts
 #: src/admin/policies/PolicyTestForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/providers/saml/SAMLProviderImportForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/ldap/LDAPSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/plex/PlexSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
 #: src/admin/stages/authenticator_duo/DuoDeviceImportForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
 #: src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
 #: src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
 #: src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 #: src/admin/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
 #: src/admin/stages/email/EmailStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/identification/IdentificationStageForm.ts
 #: src/admin/stages/invitation/InvitationForm.ts
 #: src/admin/stages/invitation/InvitationListLink.ts
 #: src/admin/stages/password/PasswordStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/stages/prompt/PromptStageForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tenants/TenantForm.ts
 #: src/admin/tokens/TokenForm.ts
 #: src/admin/users/UserForm.ts
 #: src/admin/users/UserResetEmailForm.ts
 #: src/elements/Spinner.ts
 msgid "Loading..."
 msgstr "载入中……"
@ -3465,12 +3489,12 @@ msgid "Long-running operations which authentik executes in the background."
 msgstr "authentik 在后台执行的长时间运行的操作。"
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE will notify the user the flow isn't applicable."
+#~ msgid "MESSAGE will notify the user the flow isn't applicable."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/FlowForm.ts
-msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
+#~ msgid "MESSAGE_CONTINUE will follow the ?next parameter if set, otherwise show a message."
-msgstr ""
+#~ msgstr ""
 #: src/admin/users/UserViewPage.ts
 msgid "MFA Authenticators"
@ -3948,7 +3972,6 @@ msgstr "尚未同步。"
 msgid "Not used by any other object."
 msgstr "不被任何其他对象使用。"
 #: src/flow/stages/FlowErrorStage.ts
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 #: src/flow/stages/authenticator_duo/AuthenticatorDuoStage.ts
 #: src/flow/stages/authenticator_sms/AuthenticatorSMSStage.ts
@ -4467,8 +4490,16 @@ msgid "Post binding"
 msgstr "Post binding"
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "Post binding (auto-submit)"
+#~ msgid "Post binding (auto-submit)"
-msgstr "Post binding（自动提交）"
+#~ msgstr "Post binding（自动提交）"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post binding but the request is automatically sent and the user doesn't have to confirm."
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Post-auto binding"
 msgstr ""
 #: src/flow/FlowExecutor.ts
 msgid "Powered by authentik"
@ -4630,16 +4661,16 @@ msgstr "快速行动"
 #~ msgstr "RESTART 从头开始重新启动流程，同时保留流程上下文。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART restarts the flow from the beginning."
+#~ msgid "RESTART restarts the flow from the beginning."
-msgstr "RESTART 从头开始重新启动流程。"
+#~ msgstr "RESTART 从头开始重新启动流程。"
 #: src/admin/flows/StageBindingForm.ts
-msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
+#~ msgid "RESTART_WITH_CONTEXT restarts the flow from the beginning, while keeping the flow context."
-msgstr ""
+#~ msgstr ""
 #: src/admin/flows/StageBindingForm.ts
-msgid "RETRY returns the error message and a similar challenge to the executor."
+#~ msgid "RETRY returns the error message and a similar challenge to the executor."
-msgstr "RETRY 向执行器返回错误消息和类似的质询。"
+#~ msgstr "RETRY 向执行器返回错误消息和类似的质询。"
 #~ msgid "RS256 (Asymmetric Encryption)"
 #~ msgstr "RS256（非对称加密）"
@ -4649,23 +4680,23 @@ msgstr "RETRY 向执行器返回错误消息和类似的质询。"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA1"
+#~ msgid "RSA-SHA1"
-msgstr "RSA-SHA1"
+#~ msgstr "RSA-SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA256"
+#~ msgid "RSA-SHA256"
-msgstr "RSA-SHA256"
+#~ msgstr "RSA-SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA384"
+#~ msgid "RSA-SHA384"
-msgstr "RSA-SHA384"
+#~ msgstr "RSA-SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "RSA-SHA512"
+#~ msgid "RSA-SHA512"
-msgstr "RSA-SHA512"
+#~ msgstr "RSA-SHA512"
 #: src/admin/sources/oauth/OAuthSourceForm.ts
 msgid "Raw JWKS data."
@ -4819,6 +4850,10 @@ msgstr "声誉得分"
 msgid "Request"
 msgstr "请求"
 #: src/flow/stages/FlowErrorStage.ts
 msgid "Request ID"
 msgstr ""
 #: src/flow/stages/access_denied/AccessDeniedStage.ts
 msgid "Request has been denied."
 msgstr "请求被拒绝。"
@ -4866,6 +4901,14 @@ msgstr "常驻钥匙要求"
 #~ msgid "Resources"
 #~ msgstr "资源"
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning"
 msgstr ""
 #: src/admin/flows/StageBindingForm.ts
 msgid "Restarts the flow from the beginning, while keeping the flow context"
 msgstr ""
 #: src/admin/events/EventInfo.ts
 #: src/admin/property-mappings/PropertyMappingTestForm.ts
 msgid "Result"
@ -4884,8 +4927,8 @@ msgstr "重试身份验证"
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Return"
+#~ msgid "Return"
-msgstr "返回"
+#~ msgstr "返回"
 #: src/elements/router/Router404.ts
 msgid "Return home"
@ -4900,6 +4943,10 @@ msgstr "返回设备选择器"
 #~ msgid "Return true if request IP/target username's score is below a certain threshold."
 #~ msgstr "如果请求 IP/目标用户名的分数低于特定阈值则返回真。 "
 #: src/admin/flows/StageBindingForm.ts
 msgid "Returns the error message and a similar challenge to the executor"
 msgstr ""
 #: src/elements/oauth/UserRefreshList.ts
 msgid "Revoked?"
 msgstr "已吊销？"
@ -4940,29 +4987,37 @@ msgstr "SAML 详情"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA1"
+#~ msgid "SHA1"
-msgstr "SHA1"
+#~ msgstr "SHA1"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA256"
+#~ msgid "SHA256"
-msgstr "SHA256"
+#~ msgstr "SHA256"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA384"
+#~ msgid "SHA384"
-msgstr "SHA384"
+#~ msgstr "SHA384"
 #: src/admin/providers/saml/SAMLProviderForm.ts
 #: src/admin/sources/saml/SAMLSourceForm.ts
-msgid "SHA512"
+#~ msgid "SHA512"
-msgstr "SHA512"
+#~ msgstr "SHA512"
 #: src/admin/sources/saml/SAMLSourceForm.ts
 #: src/admin/sources/saml/SAMLSourceViewPage.ts
 msgid "SLO URL"
 msgstr "SLO URL"
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Post)"
 msgstr ""
 #: src/admin/providers/saml/SAMLProviderViewPage.ts
 msgid "SLO URL (Redirect)"
 msgstr ""
 #: src/flow/stages/authenticator_validate/AuthenticatorValidateStage.ts
 msgid "SMS"
 msgstr "短信"
@ -5115,7 +5170,7 @@ msgstr "选择注册流程"
 #~ msgid "Select an identification method."
 #~ msgstr "选择一种识别方法。"
-#: src/elements/SearchSelect.ts
+#: src/elements/forms/SearchSelect.ts
 msgid "Select an object."
 msgstr "选择一个对象。"
@ -5382,9 +5437,7 @@ msgstr ""
 msgid "Slug"
 msgstr "Slug"
 #: src/flow/FlowExecutor.ts
 #: src/flow/stages/FlowErrorStage.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
 msgid "Something went wrong! Please try again later."
 msgstr "发生错误，请稍后重试。"
@ -5398,6 +5451,10 @@ msgstr "源链接"
 #~ msgid "Source name"
 #~ msgstr "源名称"
 #: src/admin/stages/identification/IdentificationStageForm.ts
 msgid "Source settings"
 msgstr ""
 #~ msgid "Source {0}"
 #~ msgstr "源 {0}"
@ -6132,6 +6189,10 @@ msgstr "以下对象使用 {objName}"
 msgid "The new application wizard greatly simplifies the steps required to create applications and providers."
 msgstr ""
 #: src/admin/providers/ldap/LDAPProviderForm.ts
 msgid "The outpost holds all users and groups in-memory and will refresh every 5 Minutes"
 msgstr ""
 #~ msgid ""
 #~ "The policy passes when the reputation score is above the threshold, and\n"
 #~ "doesn't pass when either or both of the selected options are equal or less than the\n"
@ -6249,6 +6310,10 @@ msgstr ""
 msgid "Threshold"
 msgstr "阈值"
 #: src/admin/stages/dummy/DummyStageForm.ts
 msgid "Throw error?"
 msgstr ""
 #: src/admin/stages/email/EmailStageForm.ts
 msgid "Time in minutes the token sent is valid."
 msgstr "发送的令牌的有效时间（以分钟为单位）。"
@ -6534,6 +6599,39 @@ msgstr "引用令牌的唯一标识符。"
 msgid "Unknown"
 msgstr "未知"
 #: src/admin/flows/utils.ts
 msgid "Unknown designation"
 msgstr ""
 #: src/admin/tokens/TokenListPage.ts
 msgid "Unknown intent"
 msgstr ""
 #: src/admin/flows/utils.ts
 msgid "Unknown layout"
 msgstr ""
 #: src/admin/outposts/OutpostForm.ts
 msgid "Unknown outpost type"
 msgstr ""
 #: src/admin/sources/oauth/OAuthSourceViewPage.ts
 msgid "Unknown provider type"
 msgstr ""
 #: src/admin/providers/proxy/ProxyProviderForm.ts
 #: src/admin/providers/proxy/ProxyProviderViewPage.ts
 msgid "Unknown proxy mode"
 msgstr ""
 #: src/admin/outposts/OutpostListPage.ts
 msgid "Unknown type"
 msgstr ""
 #: src/admin/sources/oauth/utils.ts
 msgid "Unknown user matching mode"
 msgstr ""
 #~ msgid "Unmanaged"
 #~ msgstr "非托管"
@ -6794,6 +6892,14 @@ msgstr "将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth
 msgid "Use this tenant for each domain that doesn't have a dedicated tenant."
 msgstr "对于没有专用租户的每个域，请使用此租户。"
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to access the API programmatically"
 msgstr ""
 #: src/admin/tokens/TokenForm.ts
 msgid "Used to login using a flow executor"
 msgstr ""
 #: src/admin/applications/ApplicationCheckAccessForm.ts
 #: src/admin/events/EventInfo.ts
 #: src/admin/events/EventListPage.ts
@ -7261,8 +7367,20 @@ msgstr "使用代理或转发身份验证（单个应用程序）模式时，将
 #: src/flow/FlowExecutor.ts
 #: src/user/user-settings/details/UserSettingsFlowExecutor.ts
-msgid "Whoops!"
+#~ msgid "Whoops!"
-msgstr "噢！"
+#~ msgstr "噢！"
 #: src/admin/flows/FlowForm.ts
 msgid "Will either follow the ?next parameter or redirect to the default interface"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will follow the ?next parameter if set, otherwise show a message"
 msgstr ""
 #: src/admin/flows/FlowForm.ts
 msgid "Will notify the user the flow isn't applicable"
 msgstr ""
 #: src/admin/sources/saml/SAMLSourceForm.ts
 msgid "Windows"
--- a/website/docs/providers/saml.md
+++ b/website/docs/providers/saml.md
@ -5,12 +5,14 @@ title: SAML Provider
 This provider allows you to integrate enterprise software using the SAML2 Protocol. It supports signed requests and uses [Property Mappings](../property-mappings/#saml-property-mapping) to determine which fields are exposed and what values they return. This makes it possible to expose vendor-specific fields.
 Default fields are exposed through auto-generated Property Mappings, which are prefixed with "authentik default".
-| Endpoint               | URL                                                          |
+| Endpoint                  | URL                                                          |
-| ---------------------- | ------------------------------------------------------------ |
+| ------------------------- | ------------------------------------------------------------ |
-| SSO (Redirect binding) | `/application/saml/<application slug>/sso/binding/redirect/` |
+| SSO (Redirect binding)    | `/application/saml/<application slug>/sso/binding/redirect/` |
-| SSO (POST binding)     | `/application/saml/<application slug>/sso/binding/post/`     |
+| SSO (POST binding)        | `/application/saml/<application slug>/sso/binding/post/`     |
-| IdP-initiated login    | `/application/saml/<application slug>/sso/binding/init/`     |
+| SSO (IdP-initiated login) | `/application/saml/<application slug>/sso/binding/init/`     |
-| Metadata Download      | `/api/v3/providers/saml/<provider uid>/metadata/?download/`  |
+| SLO (Redirect binding)    | `/application/saml/<application slug>/slo/binding/redirect/` |
 | SLO (POST binding)        | `/application/saml/<application slug>/slo/binding/post/`     |
 | Metadata Download         | `/application/saml/<application slug>/metadata/`             |
 You can download the metadata through the Webinterface, this link might be handy if your software wants to download the metadata directly.
--- a/website/docs/releases/2021/v2021.1.md
+++ b/website/docs/releases/2021/v2021.1.md
@ -1,6 +1,6 @@
 ---
 title: Release 2021.1
-slug: "2021.1"
+slug: "/releases/2021.1"
 ---
 ## Headline Changes
@ -8,13 +8,13 @@ slug: "2021.1"
 -   New versioning schema (year.month.release)
 -   Add global email settings
-    In previous versions, you had to configure email connection details per [Email Stage](../flow/stages/email/). Now, you can (and should) configure global settings.
+    In previous versions, you had to configure email connection details per [Email Stage](../../flow/stages/email/index.mdx). Now, you can (and should) configure global settings.
-    This is documented under the [docker-compose](../installation/docker-compose.md) and [Kubernetes](../installation/kubernetes.md) sections.
+    This is documented under the [docker-compose](../../installation/docker-compose.md) and [Kubernetes](../../installation/kubernetes.md) sections.
 -   New notification system
-    More info can be found under [Notifications](../events/notifications.md) and [Transports](../events/transports.md).
+    More info can be found under [Notifications](../../events/notifications.md) and [Transports](../../events/transports.md).
    During the update, some default rules will be created. These rules notify you about policy exceptions, configuration errors and updates.
--- a/website/docs/releases/2021/v2021.10.md
+++ b/website/docs/releases/2021/v2021.10.md
@ -1,6 +1,6 @@
 ---
 title: Release 2021.10
-slug: "2021.10"
+slug: "/releases/2021.10"
 ---
 ## Headline Changes
--- a/website/docs/releases/2021/v2021.12.md
+++ b/website/docs/releases/2021/v2021.12.md
@ -1,6 +1,6 @@
 ---
 title: Release 2021.12
-slug: "2021.12"
+slug: "/releases/2021.12"
 ---
 ## Headline changes
--- a/website/docs/releases/2021/v2021.2.md
+++ b/website/docs/releases/2021/v2021.2.md
@ -1,6 +1,6 @@
 ---
 title: Release 2021.2
-slug: "2021.2"
+slug: "/releases/2021.2"
 ---
 ## Headline Changes
--- a/website/docs/releases/2021/v2021.3.md
+++ b/website/docs/releases/2021/v2021.3.md
@ -1,6 +1,6 @@
 ---
 title: Release 2021.3
-slug: "2021.3"
+slug: "/releases/2021.3"
 ---
 ## Headline Changes
--- a/website/docs/releases/2021/v2021.4.md
+++ b/website/docs/releases/2021/v2021.4.md
@ -1,6 +1,6 @@
 ---
 title: Release 2021.4
-slug: "2021.4"
+slug: "/releases/2021.4"
 ---
 ## Headline Changes
--- a/website/docs/releases/2021/v2021.5.md
+++ b/website/docs/releases/2021/v2021.5.md
@ -1,6 +1,6 @@
 ---
 title: Release 2021.5
-slug: "2021.5"
+slug: "/releases/2021.5"
 ---
 ## Headline Changes
@ -20,7 +20,7 @@ This feature is still in technical preview, so please report any Bugs you run in
 -   Compatibility with forwardAuth/auth_request
    The authentik proxy is now compatible with forwardAuth (traefik) / auth_request (nginx). All that is required is the latest version of the outpost,
-    and the correct config from [here](../providers/proxy/forward_auth.mdx).
+    and the correct config from [here](../../providers/proxy/forward_auth.mdx).
 -   Docker images for ARM
--- a/website/docs/releases/2021/v2021.6.md
+++ b/website/docs/releases/2021/v2021.6.md
@ -1,6 +1,6 @@
 ---
 title: Release 2021.6
-slug: "2021.6"
+slug: "/releases/2021.6"
 ---
 ## Headline Changes
--- a/website/docs/releases/2021/v2021.7.md
+++ b/website/docs/releases/2021/v2021.7.md
@ -1,6 +1,6 @@
 ---
 title: Release 2021.7
-slug: "2021.7"
+slug: "/releases/2021.7"
 ---
 ## Headline Changes
--- a/website/docs/releases/2021/v2021.8.md
+++ b/website/docs/releases/2021/v2021.8.md
@ -1,6 +1,6 @@
 ---
 title: Release 2021.8
-slug: "2021.8"
+slug: "/releases/2021.8"
 ---
 ## Headline Changes
--- a/website/docs/releases/2021/v2021.9.md
+++ b/website/docs/releases/2021/v2021.9.md
@ -1,6 +1,6 @@
 ---
 title: Release 2021.9
-slug: "2021.9"
+slug: "/releases/2021.9"
 ---
 ## Headline Changes
--- a/website/docs/releases/2022/v2022.1.md
+++ b/website/docs/releases/2022/v2022.1.md
@ -1,6 +1,6 @@
 ---
 title: Release 2022.1
-slug: "2022.1"
+slug: "/releases/2022.1"
 ---
 ## Breaking changes
--- a/website/docs/releases/2022/v2022.10.md
+++ b/website/docs/releases/2022/v2022.10.md
@ -1,6 +1,6 @@
 ---
 title: Release 2022.10
-slug: "2022.10"
+slug: "/releases/2022.10"
 ---
 ## Breaking changes
--- a/website/docs/releases/2022/v2022.11.md
+++ b/website/docs/releases/2022/v2022.11.md
@ -1,6 +1,6 @@
 ---
 title: Release 2022.11
-slug: "2022.11"
+slug: "/releases/2022.11"
 ---
 ## Breaking changes
--- a/website/docs/releases/2022/v2022.12.md
+++ b/website/docs/releases/2022/v2022.12.md
@ -1,6 +1,6 @@
 ---
 title: Release 2022.12
-slug: "2022.12"
+slug: "/releases/2022.12"
 ---
 ## Breaking changes
--- a/website/docs/releases/2022/v2022.2.md
+++ b/website/docs/releases/2022/v2022.2.md
@ -1,6 +1,6 @@
 ---
 title: Release 2022.2
-slug: "2022.2"
+slug: "/releases/2022.2"
 ---
 ## Breaking changes
--- a/website/docs/releases/2022/v2022.3.md
+++ b/website/docs/releases/2022/v2022.3.md
@ -1,6 +1,6 @@
 ---
 title: Release 2022.3
-slug: "2022.3"
+slug: "/releases/2022.3"
 ---
 ## New features
--- a/website/docs/releases/2022/v2022.4.md
+++ b/website/docs/releases/2022/v2022.4.md
@ -1,6 +1,6 @@
 ---
 title: Release 2022.4
-slug: "2022.4"
+slug: "/releases/2022.4"
 ---
 ## Breaking changes
--- a/website/docs/releases/2022/v2022.5.md
+++ b/website/docs/releases/2022/v2022.5.md
@ -1,6 +1,6 @@
 ---
 title: Release 2022.5
-slug: "2022.5"
+slug: "/releases/2022.5"
 ---
 ## Breaking changes
@ -19,12 +19,12 @@ slug: "2022.5"
    Instead of always executing the configured flow when a new Bind request is received, the provider can now be configured to cache the session from the initial flow execution, and directly validate credentials in the outpost. This drastically improves the bind performance.
-    See [LDAP provider](../providers/ldap/index.md#cached-bind)
+    See [LDAP provider](../../providers/ldap/index.md#cached-bind)
 -   OAuth2: Add support for `form_post` response mode
 -   Don't prompt users for MFA when they've authenticated themselves within a time period
-    You can now configure any [Authenticator Validation Stage](../flow/stages/authenticator_validate/index.md) stage to not ask for MFA validation if the user has previously authenticated themselves with an MFA device (of any of the selected classes) in the `Last validation threshold`.
+    You can now configure any [Authenticator Validation Stage](../../flow/stages/authenticator_validate/index.md) stage to not ask for MFA validation if the user has previously authenticated themselves with an MFA device (of any of the selected classes) in the `Last validation threshold`.
 -   Optimise bundling of web assets
--- a/website/docs/releases/2022/v2022.6.md
+++ b/website/docs/releases/2022/v2022.6.md
@ -1,6 +1,6 @@
 ---
 title: Release 2022.6
-slug: "2022.6"
+slug: "/releases/2022.6"
 ---
 ## New features
--- a/website/docs/releases/2022/v2022.7.md
+++ b/website/docs/releases/2022/v2022.7.md
@ -1,6 +1,6 @@
 ---
 title: Release 2022.7
-slug: "2022.7"
+slug: "/releases/2022.7"
 ---
 ## Breaking changes
--- a/website/docs/releases/2022/v2022.8.md
+++ b/website/docs/releases/2022/v2022.8.md
@ -1,6 +1,6 @@
 ---
 title: Release 2022.8
-slug: "2022.8"
+slug: "/releases/2022.8"
 ---
 ## Breaking changes
--- a/website/docs/releases/2022/v2022.9.md
+++ b/website/docs/releases/2022/v2022.9.md
@ -1,6 +1,6 @@
 ---
 title: Release 2022.9
-slug: "2022.9"
+slug: "/releases/2022.9"
 ---
 ## Breaking changes
--- a/website/docs/releases/2023/v2023.1.md
+++ b/website/docs/releases/2023/v2023.1.md
@ -0,0 +1,34 @@
 ---
 title: Release 2023.1
 slug: "/releases/2023.1"
 ---
 ## New features
 -   SLO Support for SAML provider
    authentik now supports SAML SLO (Single logout).
 ## Upgrading
 This release does not introduce any new requirements.
 ### docker-compose
 Download the docker-compose file for 2023.1 from [here](https://goauthentik.io/version/2023.1/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
 ### Kubernetes
 Update your values to use the new images:
 ```yaml
 image:
    repository: ghcr.io/goauthentik/server
    tag: 2023.1.0
 ```
 ## Minor changes/fixes
 ## API Changes
 _Insert output of `make gen-diff` here_
--- a/website/docs/releases/_template.md
+++ b/website/docs/releases/_template.md
@ -1,6 +1,6 @@
 ---
 title: Release xxxx.x
-slug: "xxxx.x"
+slug: "/releases/xxxx.x"
 ---
 ## Breaking changes
--- a/website/docs/releases/old/v0.10.md
+++ b/website/docs/releases/old/v0.10.md
@ -1,6 +1,6 @@
 ---
 title: Release 0.10
-slug: "0.10"
+slug: "/releases/0.10"
 ---
 This update brings a lot of big features, such as:
@ -13,13 +13,13 @@ This update brings a lot of big features, such as:
    Due to this new OAuth2 Provider, the Application Gateway Provider, now simply called "Proxy Provider" has been revamped as well. The new authentik Proxy integrates more tightly with authentik via the new Outposts system. The new proxy also supports multiple applications per proxy instance, can configure TLS based on authentik Keypairs, and more.
-    See [Proxy](../providers/proxy/index.md)
+    See [Proxy](../../providers/proxy/index.md)
 -   Outpost System
    This is a new Object type, currently used only by the Proxy Provider. It manages the creation and permissions of service accounts, which are used by the outposts to communicate with authentik.
-    See [Outposts](../outposts/)
+    See [Outposts](../../outposts/index.mdx)
 -   Flow Import/Export
--- a/website/docs/releases/old/v0.11.md
+++ b/website/docs/releases/old/v0.11.md
@ -1,6 +1,6 @@
 ---
 title: Release 0.11
-slug: "0.11"
+slug: "/releases/0.11"
 ---
 This update brings these headline features:
--- a/website/docs/releases/old/v0.12.md
+++ b/website/docs/releases/old/v0.12.md
@ -1,6 +1,6 @@
 ---
 title: Release 0.12
-slug: "0.12"
+slug: "/releases/0.12"
 ---
 This update brings these headline features:
--- a/website/docs/releases/old/v0.13.md
+++ b/website/docs/releases/old/v0.13.md
@ -1,6 +1,6 @@
 ---
 title: Release 0.13 (passbook -> authentik)
-slug: "0.13"
+slug: "/releases/0.13"
 ---
 After a long back and forth, we've finally switched to a more permanent name. Whilst the upgrade is pretty much seamless, there are some things you have to change before upgrading.
--- a/website/docs/releases/old/v0.14.md
+++ b/website/docs/releases/old/v0.14.md
@ -1,6 +1,6 @@
 ---
 title: Release 0.14
-slug: "0.14"
+slug: "/releases/0.14"
 ---
 ## Headline features
--- a/website/docs/releases/old/v0.9.md
+++ b/website/docs/releases/old/v0.9.md
@ -1,6 +1,6 @@
 ---
 title: Release 0.9
-slug: "0.9"
+slug: "/releases/0.9"
 ---
 Due to some database changes that had to be rather sooner than later, there is no possibility to directly upgrade. You must extract the data before hand and import it again. It is recommended to spin up a second instance of authentik to do this.
--- a/website/integrations/services/kimai/index.md
+++ b/website/integrations/services/kimai/index.md
@ -72,7 +72,7 @@ kimai:
                    binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
                # the "single logout" feature was not yet tested, if you want to help, please let me know!
                singleLogoutService:
-                    url: "https://authentik.company/if/session-end/<application-slug>/"
+                    url: "https://authentik.company/application/saml/<application-slug>/slo/binding/redirect/"
                    binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
                # Signing certificate from *Advanced protocol settings*
                x509cert: "XXXXXXXXXXXXXXXXXXXXXXXXXXX=="
--- a/website/integrations/services/nextcloud/index.md
+++ b/website/integrations/services/nextcloud/index.md
@ -52,7 +52,7 @@ Set the following values:
 -   Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik`
 -   Identifier of the IdP entity (must be a URI): `https://authentik.company`
 -   URL Target of the IdP where the SP will send the Authentication Request Message: `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`
-   URL Location of IdP where the SP will send the SLO Request: `https://authentik.company/if/session-end/<application-slug>/`
+-   URL Location of IdP where the SP will send the SLO Request: `https://authentik.company/application/saml/<application-slug>/slo/binding/redirect`
 -   Public X.509 certificate of the IdP: Copy the PEM of the Selected Signing Certificate
 Under Attribute mapping, set these values:
--- a/website/integrations/services/powerdns-admin/index.md
+++ b/website/integrations/services/powerdns-admin/index.md
@ -39,9 +39,9 @@ Set the following values:
 ```env
 SAML_ENABLED=True
 SAML_PATH=os.path.join(os.path.dirname(file), 'saml')
-SAML_METADATA_URL=https://authentik.company/api/v3/providers/saml/<provider-id>/metadata/?download
+SAML_METADATA_URL=https://authentik.company/application/saml/<application-slug>/metadata/
 SAML_METADATA_CACHE_LIFETIME=1
-SAML_LOGOUT_URL=https://authentik.company/if/session-end/<application-slug>/
+SAML_LOGOUT_URL=https://authentik.company/application/saml/<application-slug>/slo/binding/redirect/
 SAML_SP_ENTITY_ID=pdns-admin
 SAML_SP_CONTACT_NAME=me
 SAML_SP_CONTACT_MAIL=me
--- a/website/sidebars.js
+++ b/website/sidebars.js
@ -218,38 +218,38 @@ module.exports = {
                description: "Release notes for recent authentik versions",
            },
            items: [
-                "releases/v2022.12",
+                "releases/2022/v2022.12",
-                "releases/v2022.11",
+                "releases/2022/v2022.11",
-                "releases/v2022.10",
+                "releases/2022/v2022.10",
                {
                    type: "category",
                    label: "Previous versions",
                    items: [
-                        "releases/v2022.9",
+                        "releases/2022/v2022.9",
-                        "releases/v2022.8",
+                        "releases/2022/v2022.8",
-                        "releases/v2022.7",
+                        "releases/2022/v2022.7",
-                        "releases/v2022.6",
+                        "releases/2022/v2022.6",
-                        "releases/v2022.5",
+                        "releases/2022/v2022.5",
-                        "releases/v2022.4",
+                        "releases/2022/v2022.4",
-                        "releases/v2022.2",
+                        "releases/2022/v2022.2",
-                        "releases/v2022.1",
+                        "releases/2022/v2022.1",
-                        "releases/v2021.12",
+                        "releases/2021/v2021.12",
-                        "releases/v2021.10",
+                        "releases/2021/v2021.10",
-                        "releases/v2021.9",
+                        "releases/2021/v2021.9",
-                        "releases/v2021.8",
+                        "releases/2021/v2021.8",
-                        "releases/v2021.7",
+                        "releases/2021/v2021.7",
-                        "releases/v2021.6",
+                        "releases/2021/v2021.6",
-                        "releases/v2021.5",
+                        "releases/2021/v2021.5",
-                        "releases/v2021.4",
+                        "releases/2021/v2021.4",
-                        "releases/v2021.3",
+                        "releases/2021/v2021.3",
-                        "releases/v2021.2",
+                        "releases/2021/v2021.2",
-                        "releases/v2021.1",
+                        "releases/2021/v2021.1",
-                        "releases/v0.14",
+                        "releases/old/v0.14",
-                        "releases/v0.13",
+                        "releases/old/v0.13",
-                        "releases/v0.12",
+                        "releases/old/v0.12",
-                        "releases/v0.11",
+                        "releases/old/v0.11",
-                        "releases/v0.10",
+                        "releases/old/v0.10",
-                        "releases/v0.9",
+                        "releases/old/v0.9",
                    ],
                },
            ],