From 95233dd9f8d7af4e72b8f53bc525d6b61b76cf22 Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Thu, 5 Feb 2026 15:38:13 +0000 Subject: [PATCH] website/docs: endpoint devices: update device authentication location (#20049) Update file locations, links, sidebar and redirects --- .../agent-deployment/linux.mdx | 8 +- .../authentik-agent/agent-deployment/macos.md | 6 +- .../agent-deployment/windows.md | 6 +- .../cli-app-authentication/aws.mdx | 4 +- .../cli-app-authentication/index.mdx | 2 +- .../cli-app-authentication/k8s.mdx | 4 +- .../device-access-groups.mdx | 0 .../device-authentication/index.mdx | 2 +- .../local-device-login/authentik-login.png | Bin .../local-device-login/index.mdx | 0 .../local-device-login/linux.md | 4 +- .../local-device-login/windows.md | 2 +- .../ssh-authentication.mdx | 8 +- .../authentik-agent/index.mdx | 8 +- website/docs/endpoint-devices/index.mdx | 26 ++--- .../docs/endpoint-devices/manage-devices.mdx | 2 +- website/docs/releases/2025/v2025.12.md | 6 +- website/docs/sidebar.mjs | 96 +++++++++--------- website/docs/static/_redirects | 4 + 19 files changed, 96 insertions(+), 92 deletions(-) rename website/docs/endpoint-devices/{ => authentik-agent}/device-authentication/cli-app-authentication/aws.mdx (94%) rename website/docs/endpoint-devices/{ => authentik-agent}/device-authentication/cli-app-authentication/index.mdx (73%) rename website/docs/endpoint-devices/{ => authentik-agent}/device-authentication/cli-app-authentication/k8s.mdx (95%) rename website/docs/endpoint-devices/{ => authentik-agent}/device-authentication/device-access-groups.mdx (100%) rename website/docs/endpoint-devices/{ => authentik-agent}/device-authentication/index.mdx (81%) rename website/docs/endpoint-devices/{ => authentik-agent}/device-authentication/local-device-login/authentik-login.png (100%) rename website/docs/endpoint-devices/{ => authentik-agent}/device-authentication/local-device-login/index.mdx (100%) rename website/docs/endpoint-devices/{ => authentik-agent}/device-authentication/local-device-login/linux.md (81%) rename website/docs/endpoint-devices/{ => authentik-agent}/device-authentication/local-device-login/windows.md (95%) rename website/docs/endpoint-devices/{ => authentik-agent}/device-authentication/ssh-authentication.mdx (70%) diff --git a/website/docs/endpoint-devices/authentik-agent/agent-deployment/linux.mdx b/website/docs/endpoint-devices/authentik-agent/agent-deployment/linux.mdx index 4ab11d5cc3..f913fe052a 100644 --- a/website/docs/endpoint-devices/authentik-agent/agent-deployment/linux.mdx +++ b/website/docs/endpoint-devices/authentik-agent/agent-deployment/linux.mdx @@ -10,8 +10,8 @@ import Tabs from "@theme/Tabs"; ## What it can do - Retrieves information about the host and reports it to authentik, see [Device Compliance](../../device-compliance/index.mdx). -- SSH to Linux hosts using authentik credentials, see [SSH authentication](../../device-authentication/ssh-authentication.mdx). -- Authenticate CLI applications using authentik credentials, see [CLI application authentication](../../device-authentication/cli-app-authentication/index.mdx). +- SSH to Linux hosts using authentik credentials, see [SSH authentication](../../authentik-agent/device-authentication/ssh-authentication.mdx). +- Authenticate CLI applications using authentik credentials, see [CLI application authentication](../../authentik-agent/device-authentication/cli-app-authentication/index.mdx). ## Prerequisites @@ -111,7 +111,7 @@ systemctl start --user ak-agent ## Enable device compliance, SSH server authentication, and local device login -To enable [device compliance features](../../device-compliance/index.mdx) and the device [accepting SSH connections](../../device-authentication/ssh-authentication.mdx), you must join the device to an authentik domain. +To enable [device compliance features](../../device-compliance/index.mdx) and the device [accepting SSH connections](../../authentik-agent/device-authentication/ssh-authentication.mdx), you must join the device to an authentik domain. 1. Open a Terminal session and run the following command: @@ -156,7 +156,7 @@ session required pam_authentik.so ## Enable SSH client authentication and CLI application authentication -To enable [initiating SSH connections](../../device-authentication/ssh-authentication.mdx) and [CLI application authentication](../../device-authentication/cli-app-authentication/index.mdx), the device must be connected to an authentik deployment. To do so, follow these steps: +To enable [initiating SSH connections](../../authentik-agent/device-authentication/ssh-authentication.mdx) and [CLI application authentication](../../authentik-agent/device-authentication/cli-app-authentication/index.mdx), the device must be connected to an authentik deployment. To do so, follow these steps: 1. Open a Terminal session and run the following command: diff --git a/website/docs/endpoint-devices/authentik-agent/agent-deployment/macos.md b/website/docs/endpoint-devices/authentik-agent/agent-deployment/macos.md index bd5e1eae18..3c33ea8070 100644 --- a/website/docs/endpoint-devices/authentik-agent/agent-deployment/macos.md +++ b/website/docs/endpoint-devices/authentik-agent/agent-deployment/macos.md @@ -7,8 +7,8 @@ tags: [authentik Agent, mac, macos, deploy] ## What it can do - Retrieves information about the host for use in authentik, see [Device Compliance](../../device-compliance/index.mdx). -- SSH to Linux hosts using authentik credentials, see [SSH authentication](../../device-authentication/ssh-authentication.mdx). -- Authenticate CLI applications using authentik credentials, see [CLI application authentication](../../device-authentication/cli-app-authentication/index.mdx). +- SSH to Linux hosts using authentik credentials, see [SSH authentication](../../authentik-agent/device-authentication/ssh-authentication.mdx). +- Authenticate CLI applications using authentik credentials, see [CLI application authentication](../../authentik-agent/device-authentication/cli-app-authentication/index.mdx). ## Prerequisites @@ -67,7 +67,7 @@ sudo "/Applications/authentik Agent.app/Contents/MacOS/ak-sysd" domains join --authentik-url https://authentik.company ## Enable SSH client authentication and CLI application authentication -To enable [initiating SSH connections](../../device-authentication/ssh-authentication.mdx) and [CLI application authentication](../../device-authentication/cli-app-authentication/index.mdx), the device must be connected to an authentik deployment. To do so, follow these steps: +To enable [initiating SSH connections](../../authentik-agent/device-authentication/ssh-authentication.mdx) and [CLI application authentication](../../authentik-agent/device-authentication/cli-app-authentication/index.mdx), the device must be connected to an authentik deployment. To do so, follow these steps: 1. Open a Terminal session and run the following command: diff --git a/website/docs/endpoint-devices/device-authentication/cli-app-authentication/aws.mdx b/website/docs/endpoint-devices/authentik-agent/device-authentication/cli-app-authentication/aws.mdx similarity index 94% rename from website/docs/endpoint-devices/device-authentication/cli-app-authentication/aws.mdx rename to website/docs/endpoint-devices/authentik-agent/device-authentication/cli-app-authentication/aws.mdx index 786271ca77..ff1a3a2692 100644 --- a/website/docs/endpoint-devices/device-authentication/cli-app-authentication/aws.mdx +++ b/website/docs/endpoint-devices/authentik-agent/device-authentication/cli-app-authentication/aws.mdx @@ -8,7 +8,7 @@ You can use the authentik Agent to authenticate to the AWS CLI with authentik cr ## Prerequisites -- The [authentik Agent deployed on it](../../authentik-agent/agent-deployment/index.mdx) must be deployed on your device. +- The [authentik Agent deployed on it](../../agent-deployment/index.mdx) must be deployed on your device. ## authentik configuration @@ -25,7 +25,7 @@ To support the integration of authentik Agent with AWS CLI, you need to create a - Set the **Client ID** to `authentik-aws-cli`. - Select any available signing key. - Under **Machine-to-Machine authentication settings** add the `authentik-cli` provider as a **Federated OIDC Provider**. - - **Configure Bindings** _(optional)_: you can create a [binding](../../../add-secure-apps/bindings-overview/index.md) (policy, group, or user) to manage access to the application. + - **Configure Bindings** _(optional)_: you can create a [binding](../../../../add-secure-apps/bindings-overview/index.md) (policy, group, or user) to manage access to the application. 3. Click **Submit** to save the new application and provider. diff --git a/website/docs/endpoint-devices/device-authentication/cli-app-authentication/index.mdx b/website/docs/endpoint-devices/authentik-agent/device-authentication/cli-app-authentication/index.mdx similarity index 73% rename from website/docs/endpoint-devices/device-authentication/cli-app-authentication/index.mdx rename to website/docs/endpoint-devices/authentik-agent/device-authentication/cli-app-authentication/index.mdx index 728d8fb02c..a0dd49d89a 100644 --- a/website/docs/endpoint-devices/device-authentication/cli-app-authentication/index.mdx +++ b/website/docs/endpoint-devices/authentik-agent/device-authentication/cli-app-authentication/index.mdx @@ -10,7 +10,7 @@ The authentik Agent can authenticate to CLI applications such as [`aws`](./aws.m ## How CLI authentication works -First, `authentik-agent` and `authentik-cli` request an authentik token from the [authentik-cli OAuth Provider](../../authentik-agent/configuration.md#create-an-application-and-provider-in-authentik-for-cli) and exchange it for a token from the specified Kubernetes or AWS provider. +First, `authentik-agent` and `authentik-cli` request an authentik token from the [authentik-cli OAuth Provider](../../configuration.md#create-an-application-and-provider-in-authentik-for-cli) and exchange it for a token from the specified Kubernetes or AWS provider. This token is cached until expiration. This improves performance by eliminating repeated token requests. diff --git a/website/docs/endpoint-devices/device-authentication/cli-app-authentication/k8s.mdx b/website/docs/endpoint-devices/authentik-agent/device-authentication/cli-app-authentication/k8s.mdx similarity index 95% rename from website/docs/endpoint-devices/device-authentication/cli-app-authentication/k8s.mdx rename to website/docs/endpoint-devices/authentik-agent/device-authentication/cli-app-authentication/k8s.mdx index da0ae95eec..759f067b63 100644 --- a/website/docs/endpoint-devices/device-authentication/cli-app-authentication/k8s.mdx +++ b/website/docs/endpoint-devices/authentik-agent/device-authentication/cli-app-authentication/k8s.mdx @@ -8,7 +8,7 @@ You can use the authentik Agent to authenticate to `kubectl` with authentik cred ## Prerequisites -- The device that you're using must have the [authentik Agent deployed on it](../../authentik-agent/agent-deployment/index.mdx). +- The device that you're using must have the [authentik Agent deployed on it](../../agent-deployment/index.mdx). ## authentik configuration @@ -25,7 +25,7 @@ To support the integration of authentik Agent with `kubectl`, you need to create - Set the **Client ID** to `kubernetes-cluster`. - Select any available signing key. - Under **Machine-to-Machine authentication settings** add the `authentik-cli` provider as a **Federated OIDC Provider**. - - **Configure Bindings** _(optional)_: you can create a [binding](../../../add-secure-apps/bindings-overview/index.md) (policy, group, or user) to manage access to the application. + - **Configure Bindings** _(optional)_: you can create a [binding](../../../../add-secure-apps/bindings-overview/index.md) (policy, group, or user) to manage access to the application. 3. Click **Submit** to save the new application and provider. diff --git a/website/docs/endpoint-devices/device-authentication/device-access-groups.mdx b/website/docs/endpoint-devices/authentik-agent/device-authentication/device-access-groups.mdx similarity index 100% rename from website/docs/endpoint-devices/device-authentication/device-access-groups.mdx rename to website/docs/endpoint-devices/authentik-agent/device-authentication/device-access-groups.mdx diff --git a/website/docs/endpoint-devices/device-authentication/index.mdx b/website/docs/endpoint-devices/authentik-agent/device-authentication/index.mdx similarity index 81% rename from website/docs/endpoint-devices/device-authentication/index.mdx rename to website/docs/endpoint-devices/authentik-agent/device-authentication/index.mdx index 3f298c5970..ecfa9ce2d1 100644 --- a/website/docs/endpoint-devices/device-authentication/index.mdx +++ b/website/docs/endpoint-devices/authentik-agent/device-authentication/index.mdx @@ -5,7 +5,7 @@ sidebar_label: Device authentication import DocCardList from "@theme/DocCardList"; -The [authentik Agent](../authentik-agent/index.mdx) supports multiple types of authentication and authorization using authentik credentials: +The [authentik Agent](../index.mdx) supports multiple types of authentication and authorization using authentik credentials: - [Local device login](./local-device-login/index.mdx) - Log in to Windows endpoint devices. - [SSH authentication](./ssh-authentication.mdx) - Connect from one endpoint device to another via SSH. diff --git a/website/docs/endpoint-devices/device-authentication/local-device-login/authentik-login.png b/website/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/authentik-login.png similarity index 100% rename from website/docs/endpoint-devices/device-authentication/local-device-login/authentik-login.png rename to website/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/authentik-login.png diff --git a/website/docs/endpoint-devices/device-authentication/local-device-login/index.mdx b/website/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/index.mdx similarity index 100% rename from website/docs/endpoint-devices/device-authentication/local-device-login/index.mdx rename to website/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/index.mdx diff --git a/website/docs/endpoint-devices/device-authentication/local-device-login/linux.md b/website/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/linux.md similarity index 81% rename from website/docs/endpoint-devices/device-authentication/local-device-login/linux.md rename to website/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/linux.md index 241683ee9f..1039af9342 100644 --- a/website/docs/endpoint-devices/device-authentication/local-device-login/linux.md +++ b/website/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/linux.md @@ -9,7 +9,7 @@ authentik_enterprise: true ## Prerequisites -You need to have deployed the authentik Agent on the Linux device, see [Deploy the authentik Agent on Linux](../../authentik-agent/agent-deployment/linux.mdx) for more details. +You need to have deployed the authentik Agent on the Linux device, see [Deploy the authentik Agent on Linux](../../agent-deployment/linux.mdx) for more details. ## How it works @@ -29,4 +29,4 @@ When configured correctly, when logging in you should see a prompt for **authent ## Known issues - Only Webauthn MFA is supported. -- On non-Debian Linux distributions, you currently need to [manually configure NSS and PAM](../../authentik-agent/agent-deployment/linux.mdx#local-device-login-on-non-debian-systems). +- On non-Debian Linux distributions, you currently need to [manually configure NSS and PAM](../../agent-deployment/linux.mdx#local-device-login-on-non-debian-systems). diff --git a/website/docs/endpoint-devices/device-authentication/local-device-login/windows.md b/website/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/windows.md similarity index 95% rename from website/docs/endpoint-devices/device-authentication/local-device-login/windows.md rename to website/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/windows.md index bb81d64914..06dcf11463 100644 --- a/website/docs/endpoint-devices/device-authentication/local-device-login/windows.md +++ b/website/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/windows.md @@ -22,7 +22,7 @@ Currently, only local login is supported; RDP login is not yet available and is ## Prerequisites -You need to have deployed the authentik Agent including the WCP component on the Windows device, see [Deploy the authentik Agent on Windows](../../authentik-agent/agent-deployment/windows.md) for more details. +You need to have deployed the authentik Agent including the WCP component on the Windows device, see [Deploy the authentik Agent on Windows](../../agent-deployment/windows.md) for more details. ## How it works diff --git a/website/docs/endpoint-devices/device-authentication/ssh-authentication.mdx b/website/docs/endpoint-devices/authentik-agent/device-authentication/ssh-authentication.mdx similarity index 70% rename from website/docs/endpoint-devices/device-authentication/ssh-authentication.mdx rename to website/docs/endpoint-devices/authentik-agent/device-authentication/ssh-authentication.mdx index dd04f11e60..bc83d7ba6b 100644 --- a/website/docs/endpoint-devices/device-authentication/ssh-authentication.mdx +++ b/website/docs/endpoint-devices/authentik-agent/device-authentication/ssh-authentication.mdx @@ -4,20 +4,20 @@ sidebar_label: SSH authentication tags: [ssh, authentik Agent] --- -You can use the [authentik Agent](../authentik-agent/index.mdx) to authenticate SSH connections between endpoint devices using authentik credentials. +You can use the [authentik Agent](../index.mdx) to authenticate SSH connections between endpoint devices using authentik credentials. -Currently, only [Linux](../authentik-agent/agent-deployment/linux.mdx) devices can serve as SSH endpoints. See [Configure SSH authentication on an endpoint device](#configure-ssh-authentication-on-an-endpoint-device) section for more details. +Currently, only [Linux](../agent-deployment/linux.mdx) devices can serve as SSH endpoints. See [Configure SSH authentication on an endpoint device](#configure-ssh-authentication-on-an-endpoint-device) section for more details. When connected to an endpoint device in this way, sudo authorization can be handled by the authentik agent. ## Prerequisites -- The [authentik Agent must be deployed](../authentik-agent/agent-deployment/index.mdx) on both the source and SSH target devices to use the `ak ssh` command. Alternatively, if you're using the standard SSH client (`ssh user@host`) instead of `ak ssh`, the authentik Agent is not required to be deployed on the source and you'll need to authenticate interactively. +- The [authentik Agent must be deployed](../agent-deployment/index.mdx) on both the source and SSH target devices to use the `ak ssh` command. Alternatively, if you're using the standard SSH client (`ssh user@host`) instead of `ak ssh`, the authentik Agent is not required to be deployed on the source and you'll need to authenticate interactively. - The target device needs to be configured, see the [Configure SSH authentication on an endpoint device](#configure-ssh-authentication-on-an-endpoint-device) section below. ## How to SSH to an endpoint device -To SSH to a configured [Linux host](../authentik-agent/agent-deployment/linux.mdx) using the authentik Agent: +To SSH to a configured [Linux host](../agent-deployment/linux.mdx) using the authentik Agent: 1. Open a Terminal session and run the following command: diff --git a/website/docs/endpoint-devices/authentik-agent/index.mdx b/website/docs/endpoint-devices/authentik-agent/index.mdx index 72107d7cc8..5e6b848893 100644 --- a/website/docs/endpoint-devices/authentik-agent/index.mdx +++ b/website/docs/endpoint-devices/authentik-agent/index.mdx @@ -10,9 +10,9 @@ import DocCardList from "@theme/DocCardList"; The authentik Agent is a service that can be installed on Linux, macOS, and Windows devices. It provides the following capabilities: - [Device Compliance](../device-compliance/index.mdx) by reporting information about Endpoint Devices to authentik -- [Local device login](../device-authentication/local-device-login/index.mdx) with authentik credentials -- [Connecting via SSH to Endpoint Devices](../device-authentication/ssh-authentication.mdx) with authentik credentials -- [Authenticating to CLI applications](../device-authentication/cli-app-authentication/index.mdx) such as kubectl and AWS with authentik credentials +- [Local device login](./device-authentication/local-device-login/index.mdx) with authentik credentials +- [Connecting via SSH to Endpoint Devices](./device-authentication/ssh-authentication.mdx) with authentik credentials +- [Authenticating to CLI applications](./device-authentication/cli-app-authentication/index.mdx) such as kubectl and AWS with authentik credentials ## authentik Agent components @@ -23,7 +23,7 @@ The authentik Agent consists of several components: | **Linux, macOS, Windows** | `authentik-cli` | Provides CLI commands for interacting with `authentik-agent`. | `authentik-agent` | | **Linux, macOS, Windows** | `authentik-agent` | Authentication within a users' context, for CLI tools. | `authentik-sysd` | | **Linux, macOS, Windows** | `authentik-sysd` | Responsible for handling device-level authentication and compliance checks. | None | -| **Linux only** | `libpam-authentik` | PAM Module for token-based and interactive authentication via authentik. Used for [SSH authentication](../device-authentication/ssh-authentication.mdx) and [local device login](../device-authentication/local-device-login/index.mdx). | `authentik-sysd` | +| **Linux only** | `libpam-authentik` | PAM Module for token-based and interactive authentication via authentik. Used for [SSH authentication](./device-authentication/ssh-authentication.mdx) and [local device login](./device-authentication/local-device-login/index.mdx). | `authentik-sysd` | | **Linux only** | `libnss-authentik` | NSS Module that makes Linux aware of authentik users. All authentik users will be visible to Linux - but won't be able to login unless configured via device access groups. Provides a consistent `uid` and `gid` for users on all Endpoint Devices. | `authentik-sysd` | | **Windows only** | `Windows Credential Provider` (WCP) | Enables logging in to Windows devices using authentik credentials. | `authentik-sysd` | diff --git a/website/docs/endpoint-devices/index.mdx b/website/docs/endpoint-devices/index.mdx index bc3175a126..c294721e5f 100644 --- a/website/docs/endpoint-devices/index.mdx +++ b/website/docs/endpoint-devices/index.mdx @@ -23,14 +23,14 @@ During this early preview stage, short trial licenses are available for testers. Endpoint devices are end-user devices or servers that are registered with authentik. -There are two purposes for registration: [Device authentication](./device-authentication/index.mdx) and [Device compliance](./device-compliance/index.mdx). +There are two purposes for registration: [Device authentication](./authentik-agent/device-authentication/index.mdx) and [Device compliance](./device-compliance/index.mdx). Devices can be registered by installing the [authentik Agent](./authentik-agent/index.mdx) which supports: - [Device compliance](./device-compliance/index.mdx) by reporting information about endpoint devices to authentik. -- [Local device login](./device-authentication/local-device-login/index.mdx) with authentik credentials. -- [Connecting via SSH to endpoint devices](./device-authentication/ssh-authentication.mdx) with authentik credentials. -- [Authenticating to CLI applications](./device-authentication/cli-app-authentication/index.mdx) such as kubectl and AWS with authentik credentials. +- [Local device login](./authentik-agent/device-authentication/local-device-login/index.mdx) with authentik credentials. +- [Connecting via SSH to endpoint devices](./authentik-agent/device-authentication/ssh-authentication.mdx) with authentik credentials. +- [Authenticating to CLI applications](./authentik-agent/device-authentication/cli-app-authentication/index.mdx) such as kubectl and AWS with authentik credentials. Alternatively, [Connectors](./device-compliance/connectors.md) allow authentik to be integrated with third party services such as Fleet. This allows for device information to be reported to authentik for [Device compliance](./device-compliance/index.mdx) purposes. @@ -42,15 +42,15 @@ Meanwhile, Device Compliance allows administrators to make informed decisions ab ## Features overview -| Feature | Linux | Windows | macOS | Status | -| ------------------------------------------------------------------------------ | -------------- | -------------- | -------------- | ------------------------------------------------------------- | -| [**Local device login**](./device-authentication/local-device-login/index.mdx) | :ak-enterprise | :ak-enterprise | :ak-enterprise | Available for early preview on Windows and Linux. | -| [**SSH authentication**](./device-authentication/ssh-authentication.mdx) | Open source | Open source | Open source | Available for early preview. Only supports Linux SSH targets. | -| [**Device compliance**](./device-compliance/index.mdx) | Open source | Open source | Open source | Available for early preview. | -| **Advanced device compliance** | :ak-enterprise | :ak-enterprise | :ak-enterprise | In development. | -| [**authentik Agent**](./authentik-agent/index.mdx) | Open source | Open source | Open source | Available for early preview. | -| [**Fleet Connector** ](./device-compliance/connectors/) | :ak-enterprise | :ak-enterprise | :ak-enterprise | Available for early preview. | -| **Other Connectors** (Entra, Intune, Cloudflare WARP etc) | :ak-enterprise | :ak-enterprise | :ak-enterprise | In development. | +| Feature | Linux | Windows | macOS | Status | +| ---------------------------------------------------------------------------------------------- | -------------- | -------------- | -------------- | ------------------------------------------------------------- | +| [**Local device login**](./authentik-agent/device-authentication/local-device-login/index.mdx) | :ak-enterprise | :ak-enterprise | :ak-enterprise | Available for early preview on Windows and Linux. | +| [**SSH authentication**](./authentik-agent/device-authentication/ssh-authentication.mdx) | Open source | Open source | Open source | Available for early preview. Only supports Linux SSH targets. | +| [**Device compliance**](./device-compliance/index.mdx) | Open source | Open source | Open source | Available for early preview. | +| **Advanced device compliance** | :ak-enterprise | :ak-enterprise | :ak-enterprise | In development. | +| [**authentik Agent**](./authentik-agent/index.mdx) | Open source | Open source | Open source | Available for early preview. | +| [**Fleet Connector** ](./device-compliance/connectors/) | :ak-enterprise | :ak-enterprise | :ak-enterprise | Available for early preview. | +| **Other Connectors** (Entra, Intune, Cloudflare WARP etc) | :ak-enterprise | :ak-enterprise | :ak-enterprise | In development. | ## How to provide feedback and report bugs diff --git a/website/docs/endpoint-devices/manage-devices.mdx b/website/docs/endpoint-devices/manage-devices.mdx index 4fd36ced38..176fea36ff 100644 --- a/website/docs/endpoint-devices/manage-devices.mdx +++ b/website/docs/endpoint-devices/manage-devices.mdx @@ -27,7 +27,7 @@ Provides an overview of the endpoint device: - **Device details**: basic facts about the device: name, hostname, serial number, operating system, firewall status and device access group. - **Hardware**: basic hardware facts about the device: manufacturer, model, cpu, memory, disk encryption status, primary disk size, primary disk usage. - **Connections**: shows the current [connectors](./device-compliance/connectors.md) that are enabled for the device and when the last [check-in](./device-compliance/device-reporting.md#device-check-in) occurred. -- **Users/Groups**: shows the users and groups that have access to the device. Controlled via [device access groups](./device-authentication/device-access-groups.mdx). +- **Users/Groups**: shows the users and groups that have access to the device. Controlled via [device access groups](./authentik-agent/device-authentication/device-access-groups.mdx). ### Processes diff --git a/website/docs/releases/2025/v2025.12.md b/website/docs/releases/2025/v2025.12.md index 703ae49bd4..3ae1b07a94 100644 --- a/website/docs/releases/2025/v2025.12.md +++ b/website/docs/releases/2025/v2025.12.md @@ -72,9 +72,9 @@ Endpoint Devices are end-user devices or servers that are integrated with authen Devices can be integrated by installing the [authentik Agent](../../endpoint-devices/authentik-agent/index.mdx) which supports: -- [Local device login](../../endpoint-devices/device-authentication/local-device-login/index.mdx) with authentik credentials -- [Connecting via SSH to Endpoint Devices](../../endpoint-devices/device-authentication/ssh-authentication.mdx) with authentik credentials -- [Authenticating to CLI applications](../../endpoint-devices/device-authentication/cli-app-authentication/index.mdx) such as kubectl and AWS with authentik credentials +- [Local device login](../../endpoint-devices/authentik-agent/device-authentication/local-device-login/index.mdx) with authentik credentials +- [Connecting via SSH to Endpoint Devices](../../endpoint-devices/authentik-agent/device-authentication/ssh-authentication.mdx) with authentik credentials +- [Authenticating to CLI applications](../../endpoint-devices/authentik-agent/device-authentication/cli-app-authentication/index.mdx) such as kubectl and AWS with authentik credentials [Connectors](../../endpoint-devices/device-compliance/connectors.md) allow authentik to fetch device information which enables [Device Compliance](../../endpoint-devices/device-compliance/index.mdx) functionality in authentik flows and policies. For example, you can limit authentication to devices running a specific OS or OS version. diff --git a/website/docs/sidebar.mjs b/website/docs/sidebar.mjs index 5005ba3b7e..e72e834ff7 100644 --- a/website/docs/sidebar.mjs +++ b/website/docs/sidebar.mjs @@ -720,6 +720,54 @@ const items = [ "endpoint-devices/authentik-agent/agent-deployment/windows", ], }, + { + //#endregion + + //#region Device Authentication + type: "category", + label: "Device authentication", + collapsed: true, + link: { + type: "doc", + id: "endpoint-devices/authentik-agent/device-authentication/index", + }, + items: [ + "endpoint-devices/authentik-agent/device-authentication/device-access-groups", + { + //#endregion + + //#region local device login + type: "category", + label: "Local device login", + collapsed: true, + link: { + type: "doc", + id: "endpoint-devices/authentik-agent/device-authentication/local-device-login/index", + }, + items: [ + "endpoint-devices/authentik-agent/device-authentication/local-device-login/linux", + "endpoint-devices/authentik-agent/device-authentication/local-device-login/windows", + ], + }, + "endpoint-devices/authentik-agent/device-authentication/ssh-authentication", + { + //#endregion + + //#region cli app authentication + type: "category", + label: "CLI application authentication", + collapsed: true, + link: { + type: "doc", + id: "endpoint-devices/authentik-agent/device-authentication/cli-app-authentication/index", + }, + items: [ + "endpoint-devices/authentik-agent/device-authentication/cli-app-authentication/aws", + "endpoint-devices/authentik-agent/device-authentication/cli-app-authentication/k8s", + ], + }, + ], + }, "endpoint-devices/authentik-agent/authentik-cli", "endpoint-devices/authentik-agent/development", { @@ -742,54 +790,6 @@ const items = [ { //#endregion - //#region Device Authentication - type: "category", - label: "Device authentication", - collapsed: true, - link: { - type: "doc", - id: "endpoint-devices/device-authentication/index", - }, - items: [ - "endpoint-devices/device-authentication/device-access-groups", - { - //#endregion - - //#region local device login - type: "category", - label: "Local device login", - collapsed: true, - link: { - type: "doc", - id: "endpoint-devices/device-authentication/local-device-login/index", - }, - items: [ - "endpoint-devices/device-authentication/local-device-login/linux", - "endpoint-devices/device-authentication/local-device-login/windows", - ], - }, - "endpoint-devices/device-authentication/ssh-authentication", - { - //#endregion - - //#region cli app authentication - type: "category", - label: "CLI application authentication", - collapsed: true, - link: { - type: "doc", - id: "endpoint-devices/device-authentication/cli-app-authentication/index", - }, - items: [ - "endpoint-devices/device-authentication/cli-app-authentication/aws", - "endpoint-devices/device-authentication/cli-app-authentication/k8s", - ], - }, - ], - }, - { - //#endregion - //#region Device Compliance type: "category", label: "Device compliance", diff --git a/website/docs/static/_redirects b/website/docs/static/_redirects index c6ac99bc87..d41ccfd026 100644 --- a/website/docs/static/_redirects +++ b/website/docs/static/_redirects @@ -47,6 +47,10 @@ /policies/* /customize/policies/:splat 301! #endregion +#region Endpoint Devices +/endpoint-devices/device-authentication/* /endpoint-devices/authentik-agent/device-authentication/:splat 301! +#endregion + #region System Management /core/certificates /sys-mgmt/certificates/ 301! /core/settings /sys-mgmt/settings/ 301!