--- title: Synology DSM --- Support level: Community ## What is Synology DSM > Synology Inc. is a Taiwanese corporation that specializes in network-attached storage (NAS) appliances. Synology's line of NAS is known as the DiskStation for desktop models, FlashStation for all-flash models, and RackStation for rack-mount models. Synology's products are distributed worldwide and localized in several languages. > > -- https://www.synology.com/en-global/dsm :::caution This is tested with DSM 7.1 or newer. ::: ## Preparation The following placeholders will be used: - `synology.company` is the FQDN of the Synology DSM server. - `authentik.company` is the FQDN of the authentik install. ### Step 1 Under _Providers_, create an OAuth2/OpenID provider with these settings: - Name: synology - Redirect URI: `https://synology.company/#/signin` (Note the absence of the trailing slash, and the inclusion of the webinterface port) - Signing Key: Select any available key - Subject mode: Based on the Users's Email (Matching on username could work, but not if you have duplicates due to e.g. a LDAP connection) - Take note of the 'Client ID' and 'Client secret' ### Step 2 Create an application which uses this provider. Optionally apply access restrictions to the application. ## Synology DSM setup To configure Synology DSM to utilize Authelia as an OpenID Connect 1.0 Provider: 1. Go to DSM. 2. Go to Control Panel. 3. Go To Domain/LDAP. 4. Go to SSO Client. 5. Check the Enable OpenID Connect SSO service checkbox in the OpenID Connect SSO Service section. 6. Configure the following values: 7. Profile: OIDC 8. Name: Authentik 9. Well Known URL: Copy this from the 'OpenID Configuration URL' in the authentik provider (URL ends with '/.well-known/openid-configuration') 10. Application ID: The 'Client ID' from the authentik provider 11. Application Key: The 'Client secret' from the authentik provider 12. Redirect URL: https://synology.company/#/signin (This should match the 'Redirect URI' in authentik exactly) 13. Authorization Scope: openid profile email 14. Username Claim: preferred_username 15. Save the settings. ## See also: [Synology DSM SSO Client Documentation](https://kb.synology.com/en-af/DSM/help/DSM/AdminCenter/file_directory_service_sso?version=7)