English 英语

French 法语

Turkish 土耳其语

Spanish 西班牙的

Polish 波兰语

Taiwanese Mandarin Taiwanese Mandarin

Chinese (simplified) 简体中文

Chinese (traditional) 繁体中文

German 德语

Loading... 载入中……

Application 应用程序

Logins 登入

Show less 显示更少

Show more 显示更多

UID UID

Name 姓名

App App

Model Name 型号名称

Message 信息

Subject Subject

From 来自

To To

Context 上下文

User 用户

Affected model: 受影响的模型：

Authorized application: 授权应用程序：

Using flow 使用 Flow

Email info: 电子邮件信息：

Secret: Secret:

Open issue on GitHub... 在 GitHub 上打开问题...

Exception 例外

Expression 表情

Binding 绑定

Request 请求

Object 对象

Result 结果

Passing 通过

Messages 信息

Using source 使用源

Attempted to log in as 已尝试以身份登入

No additional data available. 没有其他可用数据。

Click to change value 单击以更改值

Select an object. 选择一个对象。

Loading options...

Connection error, reconnecting... 连接错误，正在重新连接...

Failed login 登入失败

Logout 退出

User was written to 用户被写入

Suspicious request 可疑请求

Password set 密码已设置

Secret was viewed 已查看 Secret

Secret was rotated 秘密被轮换了

Invitation used 已使用邀请

Application authorized 应用程序已授权

Source linked 源链接

Impersonation started 模拟已开始

Impersonation ended 模拟已结束

Flow execution 流程执行

Policy execution 策略执行

Policy exception 策略例外

Property Mapping exception 属性映射异常

System task execution 系统任务执行

System task exception 系统任务异常

General system exception 一般系统异常

Configuration error 配置错误

Model created 模型已创建

Model updated 模型已更新

Model deleted 模型已删除

Email sent 电子邮件已发送

Update available 更新可用

Unknown severity

Alert 注意

Notice 注意

Warning 警告

no tabs defined 未定义选项卡

- of - of

Go to previous page 转到上一页

Go to next page 转到下一页

Search... 搜索...

Loading 正在加载

No objects found. 未找到任何对象。

Failed to fetch objects.

Refresh 刷新

Select all rows 选择所有行

Action 操作

Creation Date 创建日期

Client IP 客户端 IP

Recent events

On behalf of 代表

- -

No Events found. 未找到任何事件。

No matching events could be found. 找不到匹配的事件。

Embedded outpost is not configured correctly. 嵌入式 outpost 配置不正确。

Check outposts. 检查 outposts.

HTTPS is not detected correctly 未正确检测到 HTTPS

Server and client are further than 5 seconds apart. 服务器和客户端之间的距离超过5秒。

OK OK

Everything is ok. 一切正常。

System status 系统状态

Based on

is available! 可用！

Up-to-date! 最新！

Version 版本

Workers Workers

No workers connected. Background tasks will not run. 没有 workers 连接。后台任务将无法运行。

hour(s) ago

day(s) ago

Authorizations 授权

Failed Logins 登入失败

Successful Logins 成功登入

: :

Cancel 取消

LDAP Source LDAP 源

SCIM Provider

Healthy

Healthy outposts 健康的 Outposts

Admin 管理员

Not found 未找到

The URL "" was not found. 找不到网址 “ ”。

Return home 返回主页

General system status 常规系统状态

Welcome, . 欢迎，。

Quick actions 快速行动

Create a new application 创建新应用程序

Check the logs 检查日志

Explore integrations 探索集成

Manage users

Outpost status Outpost 状态

Sync status 同步状态

Logins and authorizations over the last week (per 8 hours)

Apps with most usage 使用率最高的应用

days ago 天前

Objects created 已创建对象

Users created per day in the last month 上个月每天创建的用户

Logins per day in the last month 上个月每天的登入次数

Failed Logins per day in the last month 上个月每天的失败登入次数

Clear search

System Tasks 系统任务

Long-running operations which authentik executes in the background. authentik 在后台执行的长时间运行的操作。

Identifier 标识符

Description 描述

Last run 上次运行

Status 状态

Actions 操作

Successful 成功

Error 错误

Unknown 未知

Duration

seconds

Authentication 身份验证

Authorization 授权

Enrollment 注册

Invalidation 失效

Recovery 恢复

Stage Configuration 阶段配置

Unenrollment 取消注册

Unknown designation

Stacked

Content left

Content right

Sidebar left

Sidebar right

Unknown layout

Successfully updated provider. 已成功更新提供程序。

Successfully created provider. 已成功创建提供商。

Bind flow Bind 流程

Flow used for users to authenticate.

Search group 搜索组

Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. 所选组中的用户可以执行搜索查询。如果未选择任何组，则不允许 LDAP 搜索。

Bind mode

Cached binding

Flow is executed and session is cached in memory. Flow is executed when session expires

Direct binding

Always execute the configured bind flow to authenticate the user

Configure how the outpost authenticates requests.

Search mode 搜索模式

Cached querying

The outpost holds all users and groups in-memory and will refresh every 5 Minutes

Direct querying

Always returns the latest data, but slower than cached querying

Configure how the outpost queries the core authentik server's users. 配置前哨如何查询核心 authentik 服务器的用户。

Protocol settings 协议设置

Base DN Base DN

LDAP DN under which bind requests and search requests can be made. 可以发出绑定请求和搜索请求的 LDAP DN。

Certificate 证书

UID start number UID 起始编号

The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber 对于UIDNumbers来说，这个数字被添加到User.pk中，以确保对于POSIX用户来说，这个数字不会太低。默认值为 2000，以确保我们不会与本地用户 uidNumber 发生冲突

GID start number GID 起始编号

The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber 对于 GIDNumbers 来说，这个数字被添加到从 group.pk 生成的数字中，以确保对于 POSIX 组来说，这个数字不会太低。默认值为 4000，以确保我们不会与本地组或用户主组 GIDNumber 发生冲突

(Format: hours=-1;minutes=-2;seconds=-3). (格式： hours=-1;minutes=-2;seconds=-3).

(Format: hours=1;minutes=2;seconds=3). (格式： hours=1;minutes=2;seconds=3).

The following keywords are supported:

Authentication flow 身份验证流程

Flow used when a user access this provider and is not authenticated.

Authorization flow 授权流程

Flow used when authorizing this provider. 授权此请求发起端时使用的Flow。

Client type 客户机类型

Confidential 机密

Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets

Public 公开

Public clients are incapable of maintaining the confidentiality and should use methods like PKCE.

Client ID 客户端 ID

Client Secret 客户端密钥

Redirect URIs/Origins (RegEx)

Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. 授权流成功后有效的重定向 URL。还可以在此处为隐式流指定任何来源。

If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. 如果未指定显式重定向 URI，则将保存第一个成功使用的重定向 URI。

To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have.

Signing Key 签名密钥

Key used to sign the tokens. 用于对令牌进行签名的密钥。

Advanced protocol settings 高级协议设置

Access code validity 访问代码有效性

Configure how long access codes are valid for. 配置访问代码的有效期限。

Access Token validity

Configure how long access tokens are valid for. 配置访问令牌的有效时间。

Refresh Token validity

Configure how long refresh tokens are valid for.

Scopes 范围

Select which scopes can be used by the client. The client still has to specify the scope to access the data. 选择客户端可以使用哪些作用域。客户端仍然需要指定访问数据的范围。

Hold control/command to select multiple items. 按住 ctrl/command 键可选择多个项目。

Subject mode Subject 模式

Based on the User's hashed ID

Based on the User's ID

Based on the User's UUID

Based on the User's username

Based on the User's Email

This is recommended over the UPN mode.

Based on the User's UPN

Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains.

Configure what data should be used as unique User Identifier. For most cases, the default should be fine. 配置应将哪些数据用作唯一用户标识符。在大多数情况下，默认值应该没问题。

Include claims in id_token 在 id_token 中包含声明

Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. 对于不访问userinfo端点的应用程序，将来自作用域的用户声明包含在id_token中。

Issuer mode Issuer mode

Each provider has a different issuer, based on the application slug

Same identifier is used for all providers 所有提供商都使用相同的标识符

Configure how the issuer field of the ID Token should be filled. 配置如何填写 ID 令牌的颁发者字段。

Machine-to-Machine authentication settings

Trusted OIDC Sources

JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider.

HTTP-Basic Username Key HTTP-Basic 用户名密钥

User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. 用于 HTTP-Basic 标头用户部分的用户/组属性。如果未设置，则使用用户的电子邮件地址。

HTTP-Basic Password Key HTTP-Basic 密码密钥

User/Group Attribute used for the password part of the HTTP-Basic Header. 用于 HTTP-Basic 标头的密码部分的用户/组属性。

Proxy 代理

Forward auth (single application) 转发身份验证（单个应用程序）

Forward auth (domain level) 转发身份验证（域级别）

This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. 除了请求必须经过身份验证外，此提供程序的行为类似于透明的反向代理。如果您的上游应用程序使用 HTTPS，请确保也使用 HTTPS 连接到 Outpost。

External host 外部主机

The external URL you'll access the application at. Include any non-standard port. 您将通过其访问应用程序的外部 URL。包括任何非标准端口。

Internal host 内部主机

Upstream host that the requests are forwarded to. 请求被转发到的上游主机。

Internal host SSL Validation 内部主机 SSL 验证

Validate SSL Certificates of upstream servers. 验证上游服务器的 SSL 证书。

Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. 将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用。每个根域只需要一个提供程序。您无法执行每个应用程序的授权，但不必为每个应用程序创建提供程序。

An example setup can look like this: 设置示例如下所示：

authentik running on auth.example.com auth.example.com 上运行的 authentik

app1 running on app1.example.com app1 在 app1.example.com 上运行

In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. 在这种情况下，您需要将身份验证网址设置为 auth.example.com，将 Cookie 域设置为 example.com。

Authentication URL 身份验证 URL

The external URL you'll authenticate at. The authentik core server should be reachable under this URL. 您将在其中进行身份验证的外部 URL。在此 URL 下应该可以访问身份验证核心服务器。

Cookie domain Cookie 域名

Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. 将此设置为您希望身份验证有效的域。必须是上述 URL 的父域名。如果你以 app1.domain.tld、app2.domain.tld 的身份运行应用程序，请将其设置为 “domain.tld”。

Unknown proxy mode

Token validity 令牌有效性

Configure how long tokens are valid for. 配置令牌的有效期限。

Additional scopes

Additional scope mappings, which are passed to the proxy. 传递给代理的其他作用域映射。

Unauthenticated URLs 未经身份验证的 URL

Unauthenticated Paths 未经身份验证的路径

Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. 不需要身份验证的正则表达式。每个新行都被解释为一个新表达式。

When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. 使用代理或转发身份验证（单个应用程序）模式时，将根据正则表达式检查请求的 URL 路径。使用前向身份验证（域模式）时，请求的完整 URL（包括 scheme 和 host）将与正则表达式进行匹配。

Authentication settings

Intercept header authentication

When enabled, authentik will intercept the Authorization header to authenticate the request.

Send HTTP-Basic Authentication

Send a custom HTTP-Basic Authentication header based on values from authentik.

ACS URL ACS URL

Issuer Issuer

Also known as EntityID.

Service Provider Binding 服务提供商绑定

Redirect 重定向

Post Post

Determines how authentik sends the response back to the Service Provider. 确定 authentik 如何将响应发送回服务提供商。

Audience Audience

Signing Certificate 签名证书

Certificate used to sign outgoing Responses going to the Service Provider. 用于签署发送给服务提供商的外发响应的证书。

Verification Certificate 验证证书

When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. 选中后，传入声明的签名将根据此证书进行验证。要允许未签名的请求，请保留默认值。

Property mappings 属性映射

NameID Property Mapping nameID 属性映射

Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. 配置如何创建 NameID 值。如果留空，将遵守传入请求的 NameIdPolicy。

Assertion valid not before 断言之前无效

Configure the maximum allowed time drift for an assertion. 为断言配置允许的最大时间漂移。

Assertion valid not on or after 断言不在当天或之后有效

Assertion not valid on or after current time + this value.

Session valid not on or after 会话不在当天或之后有效

Session not valid on or after current time + this value.

Digest algorithm 摘要算法

Signature algorithm 签名算法

Successfully imported provider. 已成功导入提供程序。

Metadata 元数据

Apply changes

Close 关闭

Finish 完成

Back 返回

No form found 找不到表格

Form didn't return a promise for submitting 表单未返回提交承诺

Select type 选择类型

Try the new application wizard

The new application wizard greatly simplifies the steps required to create applications and providers.

Try it now

Create 创建

New provider 新建提供程序

Create a new provider. 创建一个新提供程序

Create 创建

Shared secret

Client Networks

List of CIDRs (comma-seperated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped.

URL

SCIM base url, usually ends in /v2.

Token 令牌

Token to authenticate with. Currently only bearer authentication is supported.

User filtering

Exclude service accounts

Group 组

Only sync users within the selected group.

Attribute mapping

User Property Mappings 用户属性映射

Property mappings used to user mapping.

Group Property Mappings 组属性映射

Property mappings used to group creation. 用于组创建的属性映射。

Not used by any other object. 不被任何其他对象使用。

object will be DELETED 对象将被删除

connection will be deleted 连接将被删除

reference will be reset to default value 引用将被重置为默认值

reference will be set to an empty value 引用将被设置为空值

() ( )

ID ID

Successfully deleted

Failed to delete : 无法删除 :

Delete 删除

Are you sure you want to delete ?

Delete 删除

Providers 提供商

Provide support for protocols like SAML and OAuth to assigned applications. 为分配的应用程序提供对 SAML 和 OAuth 等协议的支持。

Type 类型

Provider(s) 提供商

Assigned to application 分配给应用程序

Assigned to application (backchannel)

Warning: Provider not assigned to any application. 警告：提供程序未分配给任何应用程序。

Update 更新

Select providers to add to application

Add 添加

Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". 输入完整的网址、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 “fa-test”。

Path template for users created. Use placeholders like `%(slug)s` to insert the source slug.

Successfully updated application. 已成功更新应用程序。

Successfully created application. 已成功创建应用程序。

Application's display Name. 应用的显示名称。

Slug Slug

Optionally enter a group name. Applications with identical groups are shown grouped together. 输入可选的分组名称。分组相同的应用程序会显示在一起。

Provider 提供商

Select a provider that this application should use.

Select backchannel providers which augment the functionality of the main provider.

Policy engine mode 策略引擎模式

Any policy must match to grant access

All policies must match to grant access

UI settings 用户界面设置

Launch URL 启动 URL

If left empty, authentik will try to extract the launch URL based on the selected provider. 如果留空，authentik 将尝试根据选定的提供商提取启动网址。

Open in new tab

If checked, the launch URL will open in a new browser tab or window from the user's application library.

Icon 图标

Currently set to: 当前设置为：

Clear icon 清除图标

Publisher 发行人

Create Application 创建应用程序

Overview 概述

Changelog 更新日志

Warning: Provider is not used by any Outpost. 警告：提供者未被任何 Outpos 使用。

Assigned to application 分配给应用程序

Update LDAP Provider 更新 LDAP 提供程序

Edit 编辑

How to connect 如何连接

Connect to the LDAP Server on port 389: 通过端口 389 连接到 LDAP 服务器：

Check the IP of the Kubernetes service, or 检查 Kubernetes 服务的 IP，或者

The Host IP of the docker host docker 主机的主机 IP

Bind DN Bind DN

Bind Password Bind 密码

Search base 搜索基础

Preview

Warning: Provider is not used by an Application. 警告：应用程序不使用提供程序。

Redirect URIs 重定向 URI

Update OAuth2 Provider 更新 OAuth2 提供程序

OpenID Configuration URL OpenID 配置网址

OpenID Configuration Issuer OpenID 配置发行者

Authorize URL 授权 URL

Token URL 令牌网址

Userinfo URL 用户信息网址

Logout URL 退出 URL

JWKS URL

Example JWT payload (for currently authenticated user)

Forward auth (domain-level) 转发身份验证（域级）

Nginx (Ingress) Nginx (Ingress)

Nginx (Proxy Manager) Nginx（代理管理器）

Nginx (standalone) Nginx (standalone)

Traefik (Ingress) Traefik (Ingress)

Traefik (Compose) Traefik (Compose)

Traefik (Standalone) Traefik (Standalone)

Caddy (Standalone)

Internal Host 内部主机

External Host 外部主机

Basic-Auth 基本身份验证

Yes Yes

Mode 模式

Update Proxy Provider 更新代理提供程序

Protocol Settings 协议设置

Allowed Redirect URIs 允许的重定向 URI

Setup 设置

No additional setup is required. 无需进行其他设置。

Update Radius Provider

Download 下載

Copy download URL 复制下载 URL

Download signing certificate 下载签名证书

Related objects 相关对象

Update SAML Provider 更新 SAML 提供程序

SAML Configuration

EntityID/Issuer

SSO URL (Post)

SSO URL (Redirect)

SSO URL (IdP-initiated Login)

SLO URL (Post)

SLO URL (Redirect)

SAML Metadata SAML 元数据

Example SAML attributes

NameID attribute

Warning: Provider is not assigned to an application as backchannel provider.

Update SCIM Provider

Run sync again 再次运行同步

Modern applications, APIs and Single-page applications.

LDAP LDAP

Provide an LDAP interface for applications and users to authenticate against.

New application

Applications 应用程序

Provider Type 提供商类型

Application(s) 应用程序

Application Icon 应用程序图标

Update Application 更新应用程序

Successfully sent test-request. 已成功发送测试请求。

Log messages 日志消息

No log messages. 没有日志消息。

Active 激活

Last login 上次登录

Select users to add 选择要添加的用户

Successfully updated group. 已成功更新组。

Successfully created group. 已成功创建组。

Is superuser 是超级用户

Users added to this group will be superusers. 添加到该组的用户均为超级用户。

Parent 家长

Attributes 属性

Set custom attributes using YAML or JSON. 使用 YAML 或 JSON 设置自定义属性。

Successfully updated binding. 已成功更新绑定。

Successfully created binding. 成功创建绑定。

Policy 策略

Group mappings can only be checked if a user is already logged in when trying to access this source. 组绑定仅会在已登录用户访问此源时检查。

User mappings can only be checked if a user is already logged in when trying to access this source. 用户绑定仅会在已登录用户访问此源时检查。

Enabled 已启用

Negate result 否定结果

Negates the outcome of the binding. Messages are unaffected. 否定绑定的结果。消息不受影响。

Order 订购

Timeout 超时

Successfully updated policy. 已成功更新策略。

Successfully created policy. 已成功创建策略。

A policy used for testing. Always returns the same result as specified below after waiting a random duration. 用于测试的策略。等待随机持续时间后，始终返回与下面指定的结果相同的结果。

Execution logging 执行日志记录

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. 启用此选项后，将记录此策略的所有执行。默认情况下，只记录执行错误。

Policy-specific settings 特定于策略的设置

Pass policy? 通行证政策？

Wait (min) 等待 (最短)

The policy takes a random time to execute. This controls the minimum time it will take. 策略需要一段随机时间才能执行。这将控制所需的最短时间。

Wait (max) 等待 (最多)

Matches an event against a set of criteria. If any of the configured values match, the policy passes. 根据一组条件匹配事件。如果任何配置的值匹配，则策略将通过。

Match created events with this action type. When left empty, all action types will be matched. 将创建的事件与此操作类型匹配。留空时，所有操作类型都将匹配。

Matches Event's Client IP (strict matching, for network matching use an Expression Policy. 匹配事件的客户端 IP（严格匹配），对于网络匹配，请使用表达式策略。

Match events created by selected application. When left empty, all applications are matched. 匹配选定应用程序创建的事件。如果留空，则匹配所有应用程序。

Checks if the request's user's password has been changed in the last x days, and denys based on settings. 检查过去 x 天内请求的用户密码是否已更改，并根据设置拒绝。

Maximum age (in days) 最长使用期限（以天为单位）

Only fail the policy, don't invalidate user's password

Executes the python snippet to determine whether to allow or deny a request. 执行 python 代码段以确定是允许还是拒绝请求。

Expression using Python. 使用 Python 的表达式。

See documentation for a list of all variables. 有关所有变量的列表，请参阅文档。

Static rules

Minimum length 最小长度

Minimum amount of Uppercase Characters 大写字符的最小数量

Minimum amount of Lowercase Characters 小写字符的最小数量

Minimum amount of Digits 最低位数

Minimum amount of Symbols Characters 符号字符的最小数量

Error message 错误消息

Symbol charset 符号字符集

Characters which are considered as symbols. 被视为符号的字符。

HaveIBeenPwned settings

Allowed count 允许计数

Allow up to N occurrences in the HIBP database. HIBP 数据库中最多允许 N 次出现。

zxcvbn settings

Score threshold

If the password's score is less than or equal this value, the policy will fail.

Checks the value from the policy request against several rules, mostly used to ensure password strength. 根据多条规则检查策略请求中的值，这些规则主要用于确保密码强度。

Password field “密码” 字段

Field key to check, field keys defined in Prompt stages are available. 要检查的字段键，提示阶段中定义的字段键可用。

Check static rules

Check haveibeenpwned.com

For more info see:

Check zxcvbn

Password strength estimator created by Dropbox, see:

Allows/denys requests based on the users and/or the IPs reputation. 根据用户和/或 IP 信誉允许/拒绝请求。

Invalid login attempts will decrease the score for the client's IP, and the username they are attempting to login as, by one.

The policy passes when the reputation score is below the threshold, and doesn't pass when either or both of the selected options are equal or above the threshold.

Check IP 检查 IP

Check Username 检查用户名

Threshold 阈值

New policy 新建策略

Create a new policy. 创建一个新策略。

Create Binding 创建绑定

Superuser 超级用户

Members 成员

Select groups to add user to 选择要向其添加用户的组

Warning: Adding the user to the selected group(s) will give them superuser permissions.

Successfully updated user. 已成功更新用户。

Successfully created user. 已成功创建用户。

Username 用户名

User's primary identifier. 150 characters or fewer.

User's display name. 用户的显示名称。

Email 电子邮箱

Is active 处于激活状态

Designates whether this user should be treated as active. Unselect this instead of deleting accounts. 指定是否应将此用户视为活动用户。取消选择此选项，而不是删除帐户。

Path

Policy / User / Group 策略/用户/组

Policy 策略

Group 组

User 用户

Edit Policy 编辑策略

Update Group 更新组

Edit Group 编辑组

Update User 更新用户

Edit User 编辑用户

Policy binding(s) 策略绑定

Update Binding 更新绑定

Edit Binding 编辑绑定

No Policies bound. 没有策略约束。

No policies are currently bound to this object. 当前没有策略绑定到此对象。

Bind existing policy

Warning: Application is not used by any Outpost. 警告：应用程序未被任何 Outpost 使用。

Related 相关

Backchannel Providers

Check access 检查访问权限

Check 查看

Check Application access 检查应用程序访问权限

Test 测试

Launch 启动

Logins over the last week (per 8 hours)

Policy / Group / User Bindings 策略/组/用户绑定

These policies control which users can access this application. 这些策略控制哪些用户可以访问此应用程序。

Successfully updated source. 已成功更新源。

Successfully created source. 已成功创建源。

Sync users 同步用户

User password writeback 用户密码写回

Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. 登入密码会自动从 LDAP 同步到 authentik。启用此选项可将 authentik 中的密码更改回写至 LDAP。

Sync groups 同步组

Connection settings 连接设置

Server URI 服务器 URI

Specify multiple server URIs by separating them with a comma. 通过用逗号分隔多个服务器 URI 来指定它们。

Enable StartTLS 启用 StartTLS

To use SSL instead, use 'ldaps://' and disable this option. 要改用 SSL，请使用 'ldaps: //' 并禁用此选项。

TLS Verification Certificate TLS 验证证书

When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. 使用 TLS 连接到 LDAP 服务器时，默认情况下不检查证书。指定密钥对以验证远程证书。

Bind CN Bind CN

LDAP Attribute mapping LDAP 属性映射

Property mappings used to user creation. 用于创建用户的属性映射。

Additional settings 其他设置

Parent group for all the groups imported from LDAP. 从 LDAP 导入的所有组的父组。

User path

Addition User DN 额外的用户 DN

Additional user DN, prepended to the Base DN. 额外的User DN，优先于Base DN。

Addition Group DN 额外的 Group DN

Additional group DN, prepended to the Base DN. 额外的Group DN，优先于Base DN。

User object filter 用户对象筛选器

Consider Objects matching this filter to be Users. 将与此筛选器匹配的对象视为用户。

Group object filter 分组对象过滤器

Consider Objects matching this filter to be Groups. 将与此过滤器匹配的对象视为组。

Group membership field 组成员资格字段

Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' 包含组成员的字段。请注意，如果使用 “memberUID” 字段，则假定该值包含相对可分辨名称。例如，'memberUID=some-user' 而不是 'memberuid=cn=some-user、ou=groups、... '

Object uniqueness field 对象唯一性字段

Field which contains a unique Identifier. 包含唯一标识符的字段。

Link users on unique identifier 使用唯一标识符链接用户

Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses 链接到具有相同电子邮件地址的用户。当源不验证电子邮件地址时，可能会产生安全隐患

Use the user's email address, but deny enrollment when the email address already exists

Link to a user with identical username. Can have security implications when a username is used with another source

Use the user's username, but deny enrollment when the username already exists

Unknown user matching mode

URL settings URL 设置

Authorization URL 授权网址

URL the user is redirect to to consent the authorization. 用户被重定向到以同意授权的 URL。

Access token URL 访问令牌 URL

URL used by authentik to retrieve tokens. authentik 用来检索令牌的 URL。

Profile URL 个人资料网址

URL used by authentik to get user information. authentik 用来获取用户信息的 URL。

Request token URL 请求令牌 URL

URL used to request the initial token. This URL is only required for OAuth 1. 用于请求初始令牌的 URL。只有 OAuth 1 才需要此网址。

OIDC Well-known URL

OIDC well-known configuration URL. Can be used to automatically configure the URLs above.

OIDC JWKS URL

JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source.

OIDC JWKS

Raw JWKS data.

User matching mode 用户匹配模式

Delete currently set icon. 删除当前设置的图标。

Consumer key 消费者密钥

Consumer secret 消费者机密

Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *.

Flow settings 流程设置

Flow to use when authenticating existing users. 认证已存在用户时所使用的流程。

Enrollment flow 注册流程

Flow to use when enrolling new users. 新用户注册时所使用的流程。

Load servers 加载服务器

Re-authenticate with plex 使用 plex 重新进行身份验证

Allow friends to authenticate via Plex, even if you don't share any servers 允许好友通过Plex进行身份验证，即使您不共享任何服务器

Allowed servers 允许的服务器

Select which server a user has to be a member of to be allowed to authenticate. 选择用户必须是哪个服务器的成员才能进行身份验证。

SSO URL SSO 网址

URL that the initial Login request is sent to. 初始登录请求发送到的URL。

SLO URL SLO URL

Optional URL if the IDP supports Single-Logout. 如果 IDP 支持单点注销，则为可选 URL。

Also known as Entity ID. Defaults the Metadata URL. 也称为实体 ID。默认为 Metadata URL。

Binding Type 绑定类型

Redirect binding 重定向绑定

Post-auto binding

Post binding but the request is automatically sent and the user doesn't have to confirm.

Post binding Post binding

Signing keypair 签名密钥对

Keypair which is used to sign outgoing requests. Leave empty to disable signing. 用于签署传出请求的密钥对。留空则禁用签名。

Allow IDP-initiated logins 允许 IDP 发起的登入

Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. 允许由 IdP 启动的身份验证流。这可能存在安全风险，因为未对请求 ID 进行验证。

NameID Policy NameID 政策

Persistent 持久

Email address 邮箱地址

Windows Windows

X509 Subject X509 Subject

Transient 暂时的

Delete temporary users after 之后删除临时用户

Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually.

Pre-authentication flow 身份验证前流程

Flow used before authentication. 身份验证之前使用的流程。

New source 新建身份来源

Create a new source. 创建一个新身份来源。

Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. 身份来源，既可以同步到authentik的数据库中，也可以被用户用来进行身份验证和注册。

Source(s) 源

Disabled 已禁用

Built-in 内置

Update LDAP Source 更新 LDAP 源

Not synced yet. 尚未同步。

Task finished with warnings 任务已完成，但出现警告

Task finished with errors 任务已完成，但出现错误

Last sync: 上次同步：

OAuth Source

Generic OpenID Connect 通用 OpenID 连接

Unknown provider type

Details

Callback URL 回调 URL

Access Key 访问密钥

Update OAuth Source 更新 OAuth 源

Diagram 示意图

Policy Bindings 策略绑定

These bindings control which users can access this source. You can only use policies here as access is checked before the user is authenticated.

Update Plex Source 更新 Plex 源

Update SAML Source 更新 SAML 源

Successfully updated mapping. 已成功更新映射。

Successfully created mapping. 已成功创建映射。

Object field 对象字段

Field of the user object this value is written to. 写入此值的用户对象的字段。

SAML Attribute Name SAML 属性名称

Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. 用于 SAML 断言的属性名称。可以是 URN OID，模式引用或任何其他字符串。如果此属性映射用于 NameID 属性，则会丢弃此字段。

Friendly Name 友好显示名称

Optionally set the 'FriendlyName' value of the Assertion attribute. （可选）设置 “断言” 属性的'友好名称'值。

Scope name 作用域名称

Scope which the client can specify to access these properties. 客户端可以指定的访问这些属性的范围。

Description shown to the user when consenting. If left empty, the user won't be informed. 同意时向用户显示的描述。如果留空，则不会通知用户。

Example context data

Active Directory User

Active Directory Group

New property mapping 新建属性映射

Create a new property mapping. 创建一个新属性映射。

Property Mappings 属性映射

Control how authentik exposes and interprets information. 控制 authentik 如何公开和解释信息。

Property Mapping(s) 属性映射

Test Property Mapping 测试属性映射

Hide managed mappings 隐藏托管映射

Successfully updated token. 已成功更新令牌。

Successfully created token. 已成功创建令牌。

Unique identifier the token is referenced by. 引用令牌的唯一标识符。

Intent 意图

API Token

Used to access the API programmatically

App password.

Used to login using a flow executor

Expiring 即将到期

If this is selected, the token will expire. Upon expiration, the token will be rotated. 如果选择此选项，令牌将过期。到期后，令牌将被轮换。

Expires on 过期时间

API Access API 访问权限

App password 应用密码

Verification 验证

Unknown intent

Tokens 令牌

Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. 令牌在整个authentik中用于电子邮件验证阶段、恢复密钥和API访问。

Expires? 过期？

Expiry date 到期日

Token(s) 令牌

Create Token 创建令牌

Token is managed by authentik. 令牌由 authentik 管理。

Update Token 更新令牌

Domain 域

Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. 匹配是根据域名后缀完成的，因此，如果您输入 domain.tld，foo.domain.tld 仍将匹配。

Default 默认

Branding settings 品牌设置

Title 标题

Branding shown in page title and several other places. 品牌信息显示在页面标题和其他几个地方。

Logo Logo

Icon shown in sidebar/header and flow executor. 在侧边栏/标题和流程执行器中显示的图标。

Favicon 网站图标

Icon shown in the browser tab. 浏览器选项卡中显示的图标。

Default flows 默认流程

Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. 用于对用户进行身份验证的流程。如果留空，则使用按辅助信息块排序的第一个适用流程。

Invalidation flow 失效流程

Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. 用于注销的流程。如果留空，则使用按辅助信息块排序的第一个适用流程。

Recovery flow 恢复流程

Recovery flow. If left empty, the first applicable flow sorted by the slug is used. 恢复流程。如果留空，则使用按辅助信息块排序的第一个适用流程。

Unenrollment flow 取消注册流程

If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. 如果已设置，则用户可以使用此流程自行取消注册。如果未设置流量，则不显示选项。

User settings flow 用户设置流程

If set, users are able to configure details of their profile. 设置后，用户可以配置他们个人资料的详细信息。

Device code flow

If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code.

Other global settings 其他全局设置

Web Certificate 网络证书

Event retention 事件保留

Duration after which events will be deleted from the database. 事件将从数据库中删除的持续时间。

When using an external logging solution for archiving, this can be set to "minutes=5". 使用外部日志记录解决方案进行存档时，可以将其设置为 “minutes=5”。

This setting only affects new Events, as the expiration is saved per-event. 此设置仅影响新事件，因为过期时间是按事件保存的。

Configure visual settings and defaults for different domains. 配置不同域的可视化设置和默认值。

Default? 默认？

Policies 策略

Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. 允许用户根据属性使用应用程序、强制使用密码标准以及有选择地应用阶段。

Assigned to object(s). 已分配给个对象。

Warning: Policy is not assigned. 警告：策略未分配。

Test Policy 测试策略

Policy / Policies 政策/策略

Successfully cleared policy cache 已成功清除策略缓存

Failed to delete policy cache 未能删除策略缓存

Clear cache 清除缓存

Clear Policy cache 清除策略缓存

Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage.

Reputation scores 声誉得分

Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. IP 和用户标识符的声誉。每次登入失败的分数都会降低，每次成功登入的分数都会增加。

IP IP

Score 得分

Updated 已更新

Reputation 声誉

Groups 组

Group users together and give them permissions based on the membership. 将用户分组在一起，并根据成员资格为他们授予权限。

Superuser privileges? 超级用户权限？

Group(s) 组

Create Group 创建组

Create group 创建组

Enabling this toggle will create a group named after the user, with the user as member. 启用此开关将创建一个以用户命名的组，用户为成员。

Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. 使用下面的用户名和密码进行身份验证。稍后可以在令牌页面上检索密码。

Password 密码

Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. 有效期为360天，之后密码将自动轮换。您可以从令牌列表中复制密码。

The following objects use 以下对象使用

connecting object will be deleted 连接对象将被删除

Successfully updated

Failed to update : 更新失败：

Are you sure you want to update ""? 你确定要更新 " " 吗？

Successfully updated password. 已成功更新密码。

Successfully sent email. 已成功发送电子邮件。

Email stage 电子邮件阶段

Successfully added user(s).

Users to add

User(s) 用户

Remove Users(s)

Are you sure you want to remove the selected users from the group ?

Remove

Impersonate 模仿

User status 用户状态

Change status 更改状态

Deactivate 停用

Update password 更新密码

Set password 设置密码

Successfully generated recovery link 成功生成恢复链接

No recovery flow is configured. 未配置任何恢复流程。

Copy recovery link 复制恢复链接

Send link 发送链接

Send recovery link to user 向用户发送恢复链接

Email recovery link 电子邮件恢复链接

Recovery link cannot be emailed, user has no email address saved. 无法通过电子邮件发送恢复链接，用户没有保存电子邮件地址。

Add User

Warning: This group is configured with superuser access. Added users will have superuser access.

Add existing user

Create user

Create User 创建用户

Create Service account 创建服务账户

Hide service-accounts 隐藏服务账户

Group Info 组信息

Notes

Edit the notes attribute of this group to add notes here.

Users 用户

Root

Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. 警告：你即将删除登录的用户 ( )。继续，风险自负。

Hide deactivated user

User folders

Successfully added user to group(s).

Groups to add

Remove from Group(s)

Are you sure you want to remove user from the following groups?

Add Group

Add to existing group

Add new group

Application authorizations 应用程序授权

Revoked? 已吊销？

Expires 过期

ID Token ID 令牌

Refresh Tokens(s)

Last IP 最后的 IP

Session(s) 会话

Expiry 到期

(Current session)

Permissions

Consent(s) 同意

Successfully updated device. 已成功更新设备。

Static tokens 静态令牌

TOTP Device TOTP 设备

Enroll 注册

Device(s) 设备

Update Device 更新设备

Confirmed

User Info 用户信息

Actions over the last week (per 8 hours)

Edit the notes attribute of this user to add notes here.

Sessions 会话

User events 用户事件

Explicit Consent 明确同意

OAuth Refresh Tokens

MFA Authenticators

Successfully updated invitation. 已成功更新邀请。

Successfully created invitation. 已成功创建邀请。

Flow 流程

When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages.

Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. 加载到流程的 “prompt_data” 上下文变量中的可选数据。YAML 或 JSON。

Single use 一次性使用

When enabled, the invitation will be deleted after usage. 启用后，邀请将在使用后被删除。

Select an enrollment flow 选择注册流程

Link to use the invitation. 使用邀请的链接。

Invitations 邀请

Create Invitation Links to enroll Users, and optionally force specific attributes of their account. 创建邀请链接以注册用户，并可选择强制使用其帐户的特定属性。

Created by 由... 创建

Invitation(s) 邀请

Invitation not limited to any flow, and can be used with any enrollment flow.

Update Invitation 更新邀请

Create Invitation 创建邀请

Warning: No invitation stage is bound to any flow. Invitations will not work as expected. 警告：没有邀请阶段绑定到任何流程。邀请将无法按预期工作。

Auto-detect (based on your browser) 自动检测（基于您的浏览器）

Required. 必需。

Continue 继续

Successfully updated prompt. 已成功更新提示。

Successfully created prompt. 已成功创建提示。

Text: Simple Text input 文本：简单文本输入

Text Area: Multiline text input

Text (read-only): Simple Text input, but cannot be edited. 文本（只读）：简单文本输入，但无法编辑。

Text Area (read-only): Multiline text input, but cannot be edited.

Username: Same as Text input, but checks for and prevents duplicate usernames. 用户名：与文本输入相同，但检查并防止用户名重复。

Email: Text field with Email type. 电子邮件：具有电子邮件类型的文本字段。

Password: Masked input, multiple inputs of this type on the same prompt need to be identical.

Number 编号

Checkbox 复选框

Radio Button Group (fixed choice)

Dropdown (fixed choice)

Date 日期

Date Time 日期时间

File

Separator: Static Separator Line 分隔符：静态分隔线

Hidden: Hidden field, can be used to insert data into form. 隐藏：隐藏字段，可用于将数据插入表单。

Static: Static value, displayed as-is. 静态：静态值，按原样显示。

authentik: Locale: Displays a list of locales authentik supports. authentik：语言：显示 authentik 支持的语言设置。

Preview errors

Data preview

Unique name of this field, used for selecting fields in prompt stages.

Field Key 字段键

Name of the form field, also used to store the value. 表单域的名称，也用于存储值。

When used in conjunction with a User Write stage, use attributes.foo to write attributes. 当与用户写入阶段结合使用时，请使用 attributes.foo 来编写属性。

Label 标签

Label shown next to/above the prompt. 标签显示在提示符旁边/上方。

Required 必需

Interpret placeholder as expression 将占位符解释为表达式

When checked, the placeholder will be evaluated in the same way a property mapping is. If the evaluation fails, the placeholder itself is returned.

Placeholder 占位符

Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices.

Interpret initial value as expression

When checked, the initial value will be evaluated in the same way a property mapping is. If the evaluation fails, the initial value itself is returned.

Initial value

Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices.

Help text 帮助文本

Any HTML can be used. 任何HTML都可以使用。

Prompts 提示

Single Prompts that can be used for Prompt Stages. 可用于提示阶段的单个提示符。

Field 字段

Stages 阶段

Prompt(s) 提示

Update Prompt 更新提示

Create Prompt 创建提示

Target 目标

Stage 阶段

Evaluate when flow is planned

Evaluate policies during the Flow planning process.

Evaluate when stage is run

Evaluate policies before the Stage is present to the user. 在阶段呈现给用户之前评估策略。

Invalid response behavior

Returns the error message and a similar challenge to the executor

Restarts the flow from the beginning

Restarts the flow from the beginning, while keeping the flow context

Configure how the flow executor should handle an invalid response to a challenge given by this bound stage.

Successfully updated stage. 已成功更新阶段。

Successfully created stage. 已成功创建阶段。

Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. Stage 用于配置基于二重奏的身份验证器。此阶段应该用于配置流程。

Authenticator type name

Display name of this authenticator, used by users when they enroll an authenticator.

API Hostname API 主机名

Duo Auth API

Integration key 集成密钥

Secret key 密钥

Duo Admin API (optional)

When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. This will allow authentik to import devices automatically.

Stage-specific settings 阶段特定的设置

Configuration flow 配置流程

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. 经过身份验证的用户用来配置此阶段的流程。如果为空，用户将无法配置此阶段。

Twilio Account SID Twilio 账户 SID

Get this value from https://console.twilio.com 从 https://console.twilio.com 获取此值

Twilio Auth Token Twilio 身份验证令牌

Authentication Type 身份验证类型

Basic Auth 基本身份验证

Bearer Token 不记名令牌

External API URL 外部 API 网址

This is the full endpoint to send POST requests to. 这是向其发送 POST 请求的完整终端节点。

API Auth Username API 身份验证用户名

This is the username to be used with basic auth or the token when used with bearer token 这是用于基本身份验证的用户名，或者与不记名令牌一起使用时的令牌

API Auth password API 身份验证密码

This is the password to be used with basic auth 这是用于基本身份验证的密码

Mapping

Modify the payload sent to the custom provider.

Stage used to configure an SMS-based TOTP authenticator. 用于配置基于短信的 TOTP 身份验证器的阶段。

Twilio Twilio

Generic 通用的

From number 发件人号码

Number the SMS will be sent from. 发送短信的来源号码。

Hash phone number

If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage.

Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. Stage 用于配置静态身份验证器（即静态令牌）。此阶段应该用于配置流程。

Token count Token count

Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). 用于配置 TOTP 身份验证器（即 Auth/Google 身份验证器）的阶段。

Digits 数字

6 digits, widely compatible 6位数字，广泛兼容

8 digits, not compatible with apps like Google Authenticator 8位数字，与谷歌身份验证器等应用不兼容

Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. Stage 用于验证任何身份验证器。此阶段应在身份验证或授权流程中使用。

Device classes 设备类别

Static Tokens 静态令牌

TOTP Authenticators TOTP 身份验证器

WebAuthn Authenticators WebAuthn 身份验证器

Duo Authenticators Duo 身份验证器

SMS-based Authenticators 基于短信的身份验证器

Device classes which can be used to authenticate. 可用于进行身份验证的设备类别。

Last validation threshold

If any of the devices user of the types selected above have been used within this duration, this stage will be skipped.

Not configured action 未配置操作

Force the user to configure an authenticator 强制用户配置身份验证器

Deny the user access 拒绝用户访问

WebAuthn User verification

User verification must occur. 必须进行用户验证。

User verification is preferred if available, but not required. 如果可用，则首选用户验证，但不是必需的。

User verification should not occur. 不应进行用户验证。

Configuration stages 配置阶段

Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. 当用户没有任何兼容的设备时，用来配置身份验证器的阶段。此阶段通过后，将不再请求此用户。

When multiple stages are selected, the user can choose which one they want to enroll. 选中多个阶段时，用户可以选择要注册哪个。

User verification 用户验证

Resident key requirement 常驻钥匙要求

Authenticator Attachment 身份验证器附件

No preference is sent 不发送首选项

A non-removable authenticator, like TouchID or Windows Hello 不可移除的身份验证器，例如 TouchID 或 Windows Hello

A "roaming" authenticator, like a YubiKey 像 YubiKey 这样的 “漫游” 身份验证器

This stage checks the user's current session against the Google reCaptcha (or compatible) service.

Public Key 公钥

Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. 公钥，从 https://www.google.com/recaptcha/intro/v3.html 获取。

Private Key 私钥

Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. 私钥，从 https://www.google.com/recaptcha/intro/v3.html 获取。

Advanced settings 高级设置

JS URL

URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative.

API URL

URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative.

Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. 提示用户同意。同意可以是永久性的，也可以在规定的时间内过期。

Always require consent 始终需要征得同意

Consent given last indefinitely 无限期地给予同意

Consent expires. 同意过期。

Consent expires in 同意到期时间

Offset after which consent expires.

Dummy stage used for testing. Shows a simple continue button and always passes. 用于测试的虚拟阶段。显示一个简单的 “继续” 按钮，并且始终通过。

Throw error?

SMTP Host SMTP 主机

SMTP Port SMTP 端口

SMTP Username SMTP 用户名

SMTP Password SMTP 密码

Use TLS 使用 TLS

Use SSL 使用 SSL

From address 发件人地址

Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. 通过向用户发送一次性链接来验证用户的电子邮件地址。也可用于恢复，以验证用户的真实性。

Activate pending user on success 成功时启用待处理用户

When a user returns from the email successfully, their account will be activated. 当用户成功从电子邮件中返回时，其帐户将被激活。

Use global settings 使用全局设置

When enabled, global Email connection settings will be used and connection settings below will be ignored. 启用后，将使用全局电子邮件连接设置，而下面的连接设置将被忽略。

Token expiry 令牌到期

Time in minutes the token sent is valid. 发送的令牌的有效时间（以分钟为单位）。

Template “模板”

Let the user identify themselves with their username or Email address. 让用户使用其用户名或电子邮件地址来标识自己。

User fields 用户字段

UPN UPN

Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. 用户可以用来标识自己的字段。如果未选择任何字段，则用户将只能使用源。

Password stage 密码阶段

When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. 选中后，密码字段将显示在同一页面上，而不是单独的页面上。这样可以防止用户名枚举攻击。

Case insensitive matching 不区分大小写的匹配

When enabled, user fields are matched regardless of their casing. 启用后，无论用户字段大小写如何，都将匹配用户字段。

Show matched user 显示匹配的用户

When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. 如果输入了有效的用户名/电子邮件，并且启用了此选项，则会显示用户的用户名和头像。否则，将显示用户输入的文本。

Source settings

Sources 源

Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. 应显示选择的源以供用户进行身份验证。这只会影响基于 Web 的源，而不影响 LDAP。

Show sources' labels 显示源的标签

By default, only icons are shown for sources. Enable this to show their full names. 默认情况下，只为源显示图标。启用此选项可显示他们的全名。

Passwordless flow 无密码流

Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. 可选的无密码流程，链接在页面底部。配置后，用户可以使用此流程向 WebAuthn 身份验证器进行身份验证，而无需输入任何详细信息。

Optional enrollment flow, which is linked at the bottom of the page. 可选注册流程，链接在页面底部。

Optional recovery flow, which is linked at the bottom of the page. 可选的恢复流程，链接在页面底部。

This stage can be included in enrollment flows to accept invitations. 此阶段可以包含在注册流程中以接受邀请。

Continue flow without invitation 在没有邀请的情况下继续流动

If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. 如果设置了此标志，则当没有发出邀请时，此舞台将跳转到下一个阶段。默认情况下，当没有发出邀请时，此阶段将取消流程。

Validate the user's password against the selected backend(s). 根据选定的后端验证用户的密码。

Backends 后端

User database + standard password 用户数据库+标准密码

User database + app passwords 用户数据库+应用程序密码

User database + LDAP password 用户数据库 + LDAP 密码

Selection of backends to test the password against. 选择用于测试密码的后端。

Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. 经过身份验证的用户用来配置其密码的流程。如果为空，用户将无法配置更改其密码。

Failed attempts before cancel 取消前尝试失败

How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. 在取消流程之前，用户有多少次尝试。要锁定用户，请使用信誉策略和 user_write 阶段。

Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. 向用户显示任意输入字段，例如在注册期间。数据保存在流程上下文中的 “prompt_data” 变量下。

Fields 字段

("", of type ) (“ ”, 类型为 )

Validation Policies 验证策略

Selected policies are executed when the stage is submitted to validate the data. 在提交阶段以验证数据时，将执行选定的策略。

Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions.

Log the currently pending user in. 将当前待处理的用户登录。

Session duration 会话持续时间

Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. 确定会话持续多长时间。默认为 0 秒意味着会话持续到浏览器关闭为止。

Different browsers handle session cookies differently, and might not remove them even when the browser is closed.

See here.

Stay signed in offset

If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.

Terminate other sessions

When enabled, all previous sessions of the user will be terminated.

Remove the user from the current session. 从当前会话中移除用户。

Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user is pending, a new user is created, and data is written to them.

Never create users

When no user is present in the flow context, the stage will fail.

Create users when required

When no user is present in the the flow context, a new user is created.

Always create new users

Create a new user even if a user is in the flow context.

Create users as inactive 将用户创建为非活动用户

Mark newly created users as inactive. 将新创建的用户标记为非活动用户。

User path template

Path new users will be created under. If left blank, the default path will be used.

Newly created users are added to this group, if a group is selected. 如果选择了组，则会将新创建的用户添加到该组。

New stage 新建阶段

Create a new stage. 创建一个新阶段。

Successfully imported device.

The user in authentik this device will be assigned to.

Duo User ID

The user ID in Duo, can be found in the URL after clicking on a user.

Automatic import

Successfully imported devices.

Start automatic import

Or manually import

Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. 阶段是引导用户完成的流程的单个步骤。阶段只能在流程内部执行。

Flows 流程

Stage(s) 阶段

Import 导入

Import Duo device

Successfully updated flow. 已成功更新流程。

Successfully created flow. 已成功创建流程。

Shown as the Title in Flow pages. 显示为 “Flow” 页面中的标题。

Visible in the URL. 在 URL 中可见。

Designation 指定

Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. 决定此 Flow 的用途。例如，当未经身份验证的用户访问 authentik 时，身份验证流程将重定向到。

No requirement

Require authentication

Require no authentication.

Require superuser.

Required authentication level for this flow.

Behavior settings

Compatibility mode 兼容模式

Increases compatibility with password managers and mobile devices.

Denied action

Will follow the ?next parameter if set, otherwise show a message

Will either follow the ?next parameter or redirect to the default interface

Will notify the user the flow isn't applicable

Decides the response when a policy denies access to this flow for a user.

Appearance settings

Layout

Background 背景

Background shown during execution. 执行过程中显示背景。

Clear background

Delete currently set background image. 删除当前设置的背景图片。

Successfully imported flow. 已成功导入流程。

.yaml files, which can be found on goauthentik.io and can be exported by authentik. .yaml 文件，这些文件可以在 goauthentik.io 上找到，也可以通过 authentik 导出。

Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. 流程描述了一系列用于对用户进行身份验证、注册或恢复的阶段。阶段是根据应用于它们的策略来选择的。

Flow(s) 流程

Update Flow 更新流程

Create Flow 创建流程

Import Flow 导入流程

Successfully cleared flow cache 已成功清除流程缓存

Failed to delete flow cache 无法删除流程缓存

Clear Flow cache 清除流程缓存

Are you sure you want to clear the flow cache? This will cause all flows to be re-evaluated on their next usage.

Stage binding(s) 阶段绑定

Stage type 阶段类型

Edit Stage 编辑 Stage

Update Stage binding 更新阶段绑定

These bindings control if this stage will be applied to the flow. 这些绑定控制是否将此阶段应用于流程。

No Stages bound 没有阶段绑定

No stages are currently bound to this flow. 目前没有阶段绑定到此流程。

Create Stage binding 创建 Stage 绑定

Bind stage Bind 阶段

Bind existing stage

Flow Overview 流程概述

Related actions

Execute flow 执行流程

Normal 正常

with current user 以当前用户

with inspector 和检查员一起

Export flow 出口流程

Export 出口

Stage Bindings 阶段绑定

These bindings control which users can access this flow. 这些绑定控制哪些用户可以访问此流程。

Event Log 事件日志

Event 事件

Event info 事件信息

Created

Successfully updated transport. 已成功更新传输。

Successfully created transport. 已成功创建传输。

Local (notifications will be created within authentik)

Webhook (generic) Webhook (generic)

Webhook (Slack/Discord) Webhook（Slack/Discord）

Webhook URL Webhook URL

Webhook Mapping Webhook 映射

Send once 发送一次

Only send notification once, for example when sending a webhook into a chat channel. 仅发送一次通知，例如在向聊天频道发送 Webhook 时。

Notification Transports 通知传输

Define how notifications are sent to users, like Email or Webhook. 定义如何向用户发送通知，例如电子邮件或 Webhook。

Notification transport(s) 通知传输

Update Notification Transport 更新通知传输

Create Notification Transport 创建通知传输

Successfully updated rule. 已成功更新规则。

Successfully created rule. 已成功创建规则。

Select the group of users which the alerts are sent to. If no group is selected the rule is disabled.

Transports 传输

Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. 选择应使用哪些传输来通知用户。如果未选择任何内容，则通知将仅显示在 authentik UI 中。

Severity 严重程度

Notification Rules 通知规则

Send notifications whenever a specific Event is created and matched by policies. 每当策略创建并匹配特定事件时，都会发送通知。

Sent to group 已发送到组

Notification rule(s) 通知规则

None (rule disabled) 无（规则已禁用）

Update Notification Rule 更新通知规则

Create Notification Rule 创建通知规则

These bindings control upon which events this rule triggers. Bindings to groups/users are checked against the user of the event.

Outpost Deployment Info Outpost 部署信息

View deployment documentation 查看部署文档

Click to copy token 点击复制令牌

If your authentik Instance is using a self-signed certificate, set this value. 如果您的 authentik 实例正在使用自签名证书，请设置此值。

If your authentik_host setting does not match the URL you want to login with, add this setting. 如果您的 authentik_host 设置与您要登录时使用的网址不匹配，请添加此设置。

Successfully updated outpost. 已成功更新 Outpost。

Successfully created outpost. 已成功创建 Outpost。

Radius

Integration 整合

Selecting an integration enables the management of the outpost by authentik. 选择集成可以使authentik对 Outpost 进行管理。

You can only select providers that match the type of the outpost. 您只能选择与 Outpost 类型匹配的提供商。

Configuration 配置

See more here:

Documentation

Last seen

, should be ，应该是

Hostname

Not available 不可用

Last seen: 最后显示：

Unknown type

Outposts Outposts

Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. Outpost 是对 authentik 组件的部署，以支持不同的环境和协议，例如反向代理。

Health and Version 运行状况和版本

Warning: authentik Domain is not configured, authentication will not work. 警告：未配置 authentik 域，身份验证将不起作用。

Logging in via . 通过登录。

No integration active 没有激活的集成

Update Outpost 更新 Outpost

View Deployment Info 查看部署信息

Detailed health (one instance per column, data is cached so may be out of date)

Outpost(s) Outpost(s)

Create Outpost 创建 Outpost

Successfully updated integration. 已成功更新集成。

Successfully created integration. 已成功创建集成。

Local 本地

If enabled, use the local connection. Required Docker socket/Kubernetes Integration. 如果启用，请使用本地连接。需要的 Docker Socket/Kubernetes 集成。

Docker URL Docker URL

Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. 连接到本地 docker 守护进程时可以采用 'unix: //' 的格式，通过 SSH 连接时使用 'ssh: //'，或者在连接到远程系统时使用 'https://:2376' 的格式。

CA which the endpoint's Certificate is verified against. Can be left empty for no validation. 验证终端节点证书所依据的 CA。可以留空以表示不进行验证。

TLS Authentication Certificate/SSH Keypair TLS 身份验证证书/SSH 密钥对

Certificate/Key used for authentication. Can be left empty for no authentication. 用于身份验证的证书/密钥。可以留空，留空表示不进行身份验证。

When connecting via SSH, this keypair is used for authentication. 通过 SSH 连接时，此密钥对用于身份验证。

Kubeconfig Kubeconfig

Verify Kubernetes API SSL Certificate

New outpost integration 新前哨集成

Create a new outpost integration. 创建一个新前哨集成。

State 州

Unhealthy 不健康

Outpost integration(s) Outpost 集成

Successfully generated certificate-key pair. 成功生成证书密钥对。

Common Name 常用名

Subject-alt name 替代名称

Optional, comma-separated SubjectAlt Names. 可选，逗号分隔的 subjectAlt 名称。

Validity days 有效天数

Successfully updated certificate-key pair. 已成功更新证书密钥对。

Successfully created certificate-key pair. 已成功创建证书密钥对。

PEM-encoded Certificate data. PEM 编码的证书数据。

Optional Private Key. If this is set, you can use this keypair for encryption. 可选私钥。如果设置了此设置，则可以使用此密钥对进行加密。

Certificate-Key Pairs 证书密钥对

Import certificates of external providers or create certificates to sign requests with. 导入外部提供商的证书或创建用于签署请求的证书。

Private key available? 私钥可用吗？

Certificate-Key Pair(s) 证书密钥对

Managed by authentik 由 authentik 管理

Managed by authentik (Discovered) 由 authentik 管理（已发现）

Yes () Yes ( )

No No

Update Certificate-Key Pair 更新证书密钥对

Certificate Fingerprint (SHA1) 证书指纹 (SHA1)

Certificate Fingerprint (SHA256) 证书指纹 (SHA256)

Certificate Subject 证书主题

Download Certificate 下载证书

Download Private key 下载私钥

Create Certificate-Key Pair 创建证书密钥对

Generate 生成

Generate Certificate-Key Pair 生成证书密钥对

Successfully updated instance.

Successfully created instance.

Disabled blueprints are never applied.

Local path

OCI Registry

Internal

OCI URL, in the format of oci://registry.domain.tld/path/to/manifest.

See more about OCI support here:

Blueprint

Configure the blueprint context, used for templating.

Orphaned

Blueprints

Automate and template configuration within authentik.

Last applied

Blueprint(s)

Update Blueprint

Create Blueprint Instance

API Requests API 请求

Open API Browser 打开 API 浏览器

Notifications 通知

unread 未读

Successfully cleared notifications 已成功清除通知

Clear all 全部清除

A newer version of the frontend is available. 有较新版本的前端可用。

You're currently impersonating . Click to stop. 你目前正在模拟。单击停止。

User interface 用户界面

Dashboards 仪表板

Events 事件

Logs 日志

Customisation 定制

Directory 目录

System 系统

Certificates 证书

Outpost Integrations Outpost 集成

API request failed API 请求失败

User's avatar 用户的头像

Something went wrong! Please try again later. 发生错误，请稍后重试。

Request ID

You may close this page now.

You're about to be redirect to the following URL. 您将被重定向到以下 URL。

Follow redirect 跟随重定向

Request has been denied. 请求被拒绝。

Not you? 不是你？

Need an account? 需要一个账户？

Forgot username or password? 忘记用户名或密码？

Select one of the sources below to login. 选择以下源之一进行登入。

Use a security key 使用安全密钥

Please enter your password 请输入你的密码

Forgot password? 忘记密码了吗？

Application requires following permissions: 应用程序需要以下权限：

Application already has access to the following permissions:

Application requires following new permissions:

Check your Inbox for a verification email. 检查您的收件箱是否有验证电子邮件。

Send Email again. 再次发送电子邮件。

Successfully copied TOTP Config. 成功复制 TOTP 配置。

Copy 复制

Code 代码

Please enter your TOTP Code 请输入您的 TOTP 代码

Duo activation QR code

Alternatively, if your current device has Duo installed, click on this link: 或者，如果您当前的设备已安装 Duo，请单击此链接：

Duo activation Duo 激活

Check status 检查状态

Make sure to keep these tokens in a safe place. 确保将这些令牌保存在安全的地方。

Phone number 电话号码

Please enter your Phone number. 请输入您的电话号码。

Please enter the code you received via SMS

A code has been sent to you via SMS. 验证码已通过短信发送给您。

Open your two-factor authenticator app to view your authentication code.

Static token 静态令牌

Authentication code

Please enter your code

Return to device picker 返回设备选择器

Sending Duo push notification

Assertions is empty 断言为空

Error when creating credential: 创建凭证时出错：

Error when validating assertion on server: 在服务器上验证断言时出错：

Retry authentication 重试身份验证

Duo push-notifications 二重奏推送通知

Receive a push notification on your device. 在您的设备上接收推送通知。

Authenticator 身份验证器

Use a security key to prove your identity. 使用安全密钥证明您的身份。

Traditional authenticator 传统身份验证器

Use a code-based authenticator. 使用基于代码的身份验证器。

Recovery keys 恢复密钥

In case you can't access any other method. 万一你无法访问任何其他方法。

SMS 短信

Tokens sent via SMS. 通过短信发送的令牌。

Select an authentication method. 选择一种身份验证方法。

Stay signed in?

Select Yes to reduce the number of times you're asked to sign in.

Authenticating with Plex... 正在使用 Plex 进行身份验证...

Waiting for authentication...

If no Plex popup opens, click the button below.

Open login

Authenticating with Apple... 正在使用Apple进行身份验证...

Retry 重试

Enter the code shown on your device.

Please enter your Code 请输入您的验证码

You've successfully authenticated your device.

Flow inspector 流程检查器

Next stage 下一阶段

Stage name 阶段名

Stage kind 阶段种类

Stage object 阶段对象

This flow is completed. 此流程已完成。

Plan history 计划历史记录

Current plan context 当前计划上下文

Session ID 会话 ID

Background image 背景图片

Error creating credential: 创建凭证时出错：

Server validation of credential failed: 服务器验证凭据失败：

Refer to documentation

No Applications available. 没有可用的应用程序。

Either no applications are defined, or you don’t have access to any.

My Applications 我的应用

My applications 我的应用

Change your password 更改你的密码

Change password 修改密码

Save 保存

Delete account 删除账户

Successfully updated details 已成功更新详情

Open settings 打开设置

No settings flow configured. 未配置设置流程

Update details 更新详情

Successfully disconnected source

Failed to disconnected source:

Disconnect 断开连接

Connect 连接

Error: unsupported source settings: 错误：不支持的源设置：

Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. 将您的用户帐户连接到下面列出的服务，以允许您使用该服务而不是传统凭据登录。

No services available. 没有可用的服务。

Create App password 创建应用程序密码

User details 用户详细信息

Consent 同意

MFA Devices MFA 设备

Connected services 连接服务

Tokens and App passwords 令牌和应用程序密码

Unread notifications 未读通知

Admin interface 管理员界面

Stop impersonation 停止模拟

Avatar image Avatar image

Failed

Unsynced / N/A

Outdated outposts 过时的 Outposts

Unhealthy outposts 不健康的 Outposts

Next 下一步

Inactive 不活跃

Regular user 普通用户

Activate 启用

Use Server URI for SNI verification

Required for servers using TLS 1.3+

Client certificate keypair to authenticate against the LDAP Server's Certificate.

The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.

TLS Server name

DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.

TLS Client authentication certificate

Model

Match events created by selected model. When left empty, all models are matched.

Code-based MFA Support

When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

User type

Successfully updated license.

Successfully created license.

Install ID

License key

Licenses

License(s)

Enterprise is in preview.

Cumulative license expiry

Update License

Warning: The current user count has exceeded the configured licenses.

Click here for more info.

Enterprise

Manage enterprise licenses

No licenses found.

Send us feedback!

Get a license

Go to Customer Portal

Forecast internal users

Estimated user count one year from now based on current internal users and forecasted internal users.

Forecast external users

Estimated user count one year from now based on current external users and forecasted external users.

Install

Install License

Internal users might be users such as company employees, which will get access to the full Enterprise feature set.

External users might be external consultants or B2C customers. These users don't get access to enterprise features.

Service accounts should be used for machine-to-machine authentication or other automations.

Less details

More details

Remove item

Open API drawer

Open Notification drawer

Restart task

Add provider

Open

Copy token

Add users

Add group

Import devices

Execute

Show details

Apply

Settings

Sign out

The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device.

Token length

The length of the individual generated tokens. Can be increased to improve security.

Internal:

External:

Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.

Create and bind Policy

Federation and Social login

Create and bind Stage

Flows and Stages

New version available

Failure result

Pass

Don't pass

Result used when policy execution fails.

Required: User verification must occur.

Preferred: User verification is preferred if available, but not required.

Discouraged: User verification should not occur.

Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur

Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too

Discouraged: The authenticator should not create a dedicated credential

Lock the user out of this system

Allow the user to log in and use this system

Temporarily assume the identity of this user

Enter a new password for this user

Create a link for this user to reset their password

WebAuthn requires this page to be accessed via HTTPS.

WebAuthn not supported by browser.

Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).

Default relay state

When using IDP-initiated logins, the relay state will be set to this value.

Flow Info

Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). <<<<<<< HEAD Internal application name used in URLs.

Submit

UI Settings

Transparent Reverse Proxy

For transparent reverse proxies with required authentication

Configure SAML provider manually

Configure RADIUS provider manually

Configure SCIM provider manually

Saving Application...

Authentik was unable to save this application:

Your application has been saved

Method's display Name.

Custom attributes

Don't show this message again.

Failed to fetch

Failed to fetch data.

Successfully assigned permission.

Role

Assign

Assign permission to role

Assign to new role

Directly assigned

Assign permission to user

Assign to new user

User Object Permissions

Role Object Permissions

Roles

Select roles to grant this groups' users' permissions from the selected roles.

Update Permissions

Editing is disabled for managed tokens

Select permissions to grant

Permissions to add

Select permissions

Assign permission

Permission(s)

Permission

User doesn't have view permission so description cannot be retrieved.

Assigned permissions

Assigned global permissions

Assigned object permissions

Successfully updated role.

Successfully created role.

Manage roles which grant permissions to objects within authentik.

Role(s)

Update Role

Create Role

Role doesn't have view permission so description cannot be retrieved.

Role

Role Info

Pseudolocale (for testing)

Create With Wizard

One hint, 'New Application Wizard', is currently hidden

External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access.

Deny message

Message shown when this stage is run.

Open Wizard

Demo Wizard

Run the demo wizard

OAuth2/OIDC (Open Authorization/OpenID Connect)

LDAP (Lightweight Directory Access Protocol)

Forward Auth (Single Application)

Forward Auth (Domain Level)

SAML (Security Assertion Markup Language)

RADIUS (Remote Authentication Dial-In User Service)

SCIM (System for Cross-domain Identity Management)

The token has been copied to your clipboard

The token was displayed because authentik does not have permission to write to the clipboard

A copy of this recovery link has been placed in your clipboard

Create recovery link

Create Recovery Link

External

Service account

Service account (internal)

Check the release notes

User Statistics

For nginx's auth_request or traefik's forwardAuth

For nginx's auth_request or traefik's forwardAuth per root domain

RBAC is in preview.

User type used for newly created users.

Users created

Failed logins

Also known as Client ID.

Also known as Client Secret.

Global status

Vendor

No sync status.

Sync currently running.

Connectivity

0: Too guessable: risky password. (guesses < 10^3)

1: Very guessable: protection from throttled online attacks. (guesses < 10^6)

2: Somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)

3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)

4: Very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)

Successfully created user and added to group

This user will be added to the group "".

Pretend user exists

When enabled, the stage will always accept the given user identifier and continue.

There was an error in the application.

Review the application.

There was an error in the provider.

Review the provider.

There was an error

There was an error creating the application, but no error message was sent. Please review the server logs.

Configure LDAP Provider

Configure OAuth2/OpenId Provider

Configure Proxy Provider

AdditionalScopes

Configure Radius Provider

Configure SAML Provider

Property mappings used for user mapping.

Configure SCIM Provider

Property mappings used for group creation.

Event volume

Require Outpost (flow can only be executed from an outpost).

Connection settings.

Successfully updated endpoint.

Successfully created endpoint.

Protocol

RDP

SSH

VNC

Host

Hostname/IP to connect to.

Endpoint(s)

Update Endpoint

These bindings control which users will have access to this endpoint. Users must also have access to the application.

Create Endpoint

RAC is in preview.

Update RAC Provider

Endpoints

General settings

RDP settings

Ignore server certificate

Enable wallpaper

Enable font-smoothing

Enable full window dragging

Network binding

No binding

Bind ASN

Bind ASN and Network

Bind ASN, Network and IP

Configure if sessions created by this stage should be bound to the Networks they were created in.

GeoIP binding

Bind Continent

Bind Continent and Country

Bind Continent, Country and City

Configure if sessions created by this stage should be bound to their GeoIP-based location

RAC

Connection failed after attempts.

Re-connecting in second(s).

Connecting...

Select endpoint to connect to

Connection expiry

Determines how long a session lasts before being disconnected and requiring re-authorization.

Provider require enterprise.

Learn more

Maximum concurrent connections

Maximum concurrent allowed connections to this endpoint. Can be set to -1 to disable the limit.

Brand

Successfully updated brand.

Successfully created brand.

Use this brand for each domain that doesn't have a dedicated brand.

Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand.

Brands

Brand(s)

Update Brand

Create Brand

To let a user directly reset a their password, configure a recovery flow on the currently active brand.

Korean

Dutch

The current brand must have a recovery flow configured to use a recovery link

Successfully updated settings.

Avatars

Configure how authentik should show avatars for users. The following values can be set:

Disables per-user avatars and just shows a 1x1 pixel transparent picture

Uses gravatar with the user's email address

Generated avatars based on the user's name

Any URL: If you want to use images hosted on another server, you can set any URL. Additionally, these placeholders can be used:

The user's username

The email address, md5 hashed

The user's UPN, if set (otherwise an empty string)

An attribute path like attributes.something.avatar, which can be used in combination with the file field to allow users to upload custom avatars for themselves.

Multiple values can be set, comma-separated, and authentik will fallback to the next mode when no avatar could be found.

For example, setting this to gravatar,initials will attempt to get an avatar from Gravatar, and if the user has not configured on there, it will fallback to a generated avatar.

Default user change name

Enable the ability for users to change their name.

Default user change email

Enable the ability for users to change their email.

Default user change username

Enable the ability for users to change their username.

Footer links

This option configures the footer links on the flow executor pages. It must be a valid JSON list and can be used as follows:

GDPR compliance

When enabled, all the events caused by a user will be deleted upon the user's deletion.

Impersonation

Globally enable/disable impersonation.

System settings