mirror of
https://github.com/goauthentik/authentik.git
synced 2026-06-17 19:09:11 +03:00
website/integrations: remove sp binding field (#22200)
docs/integrations: remove sp binding field
This commit is contained in:
Connor Peshek
GitHub
@@ -57,7 +57,6 @@ To support the integration of Joplin with authentik, you need to create property
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://joplin.company/api/saml`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, select an available **Signing certificate** and ensure **Sign assertions** and **Sign responses** are enabled.
|
||||
- Under **Property mappings**, add the two property mappings created in the previous section.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
@@ -34,7 +34,6 @@ To support the integration of Kimai with authentik, you need to create an applic
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://kimai.company/auth/saml/acs`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Set the **Audience** to `https://kimai.company/auth/saml`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Select an available **Signing certificate**.
|
||||
|
||||
-1
@@ -160,7 +160,6 @@ To support the integration of Mattermost with authentik via SAML, you need to up
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations:
|
||||
- Set the **ACS URL** to `https://mattermost.company/login/sso/saml`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Set the **Signing Certificate** to any available authentik certificate (e.g., the default self-signed certificate).
|
||||
- Enable **Sign assertions**.
|
||||
|
||||
@@ -72,7 +72,6 @@ Because Mautic requires a first name and last name attribute, create two [SAML p
|
||||
- Set the **Name** to `mautic-provider`
|
||||
- Set the **ACS URL** to `https://mautic.company/s/saml/login_check`
|
||||
- Set the **Audience** to `mautic.company`
|
||||
- Set the **Service Provider Binding** to `Post`
|
||||
- Under **Advanced protocol settings**, select an available **Signing certificate**, check **Sign assertions** and **Sign responses**, and add the two **Property Mappings** you created in the previous section.
|
||||
3. Click **Submit** to save the new application and provider.
|
||||
4. Go to **Applications** > **Providers** and click on `mautic-provider`.
|
||||
|
||||
@@ -219,7 +219,6 @@ If you require [server side encryption](https://docs.nextcloud.com/server/latest
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://nextcloud.company/apps/user_saml/saml/acs`.
|
||||
- Set the **Audience** to `https://nextcloud.company/apps/user_saml/saml/metadata`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, set an available **Signing certificate**.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
|
||||
@@ -34,7 +34,6 @@ To support the integration of Placetel with authentik, you need to create an app
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://accounts.webex.placetel.de/users/saml/auth`.
|
||||
- Set the **SLS URL** to `https://accounts.webex.placetel.de/users/saml/idp_sign_out`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, set an available **Signing Certificate** and ensure that **Sign assertions** and **Sign responses** are toggled.
|
||||
- Ensure that **Encryption Certificate** is empty.
|
||||
- Remove all **Property Mappings** except for `authentik default SAML Mapping: Email`.
|
||||
|
||||
@@ -38,7 +38,6 @@ To support the integration of SeaTable with authentik, you need to create an app
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://seatable.company/saml/acs/`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Set the **Audience** to `https://seatable.company/saml/metadata/`.
|
||||
- Under **Advanced protocol settings**, set an available **Signing certificate**.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
@@ -51,7 +51,6 @@ To support the integration of Slack with authentik, you need to create an applic
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://company.slack.com/sso/saml`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, select an available **Signing certificate** and add the two **Property Mappings** you created in the previous section.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
|
||||
@@ -37,7 +37,6 @@ To support the integration of Zoom with authentik, you need to create an applica
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations:
|
||||
- Set the **ACS URL** to `https://company.zoom.us/saml/SSO`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Set the **SLS URL** to `https://company.zoom.us/saml/SingleLogout`.
|
||||
- Set the **SLS Binding** to `Redirect`.
|
||||
- Set the **Logout Method** to `Front-channel (Native)`.
|
||||
|
||||
@@ -34,7 +34,6 @@ To support the integration of Zulip with authentik, you need to create an applic
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://zulip.company/complete/saml/`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Set the **SLS URL** to `https://zulip.company/complete/saml/`.
|
||||
- Set the **SLS Binding** to `Redirect`.
|
||||
- Set the **Logout Method** to `Front-channel (Iframe)`.
|
||||
|
||||
@@ -111,7 +111,6 @@ To support the integration of AWS with authentik via the Classic IAM method, you
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), and configure the following required settings:
|
||||
- Set the **ACS URL** to `https://signin.aws.amazon.com/saml`
|
||||
- Set the **Audience** to `urn:amazon:webservices`
|
||||
- Set **Service Provider Binding** to `Post`
|
||||
- Under **Advanced protocol settings**, select an available **Signing Certificate**, ensure both **Signing Assertions** and **Signing Responses** are enabled, then add, under **Property Mappings**, both property mappings you created in the previous section.
|
||||
- Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
@@ -53,7 +53,6 @@ To support the integration of AWS with authentik using SAML, you need to create
|
||||
- **Choose a Provider type**: select **SAML Provider from metadata** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), and configure the following required settings:
|
||||
- Upload the **Service Provider metadata** file from AWS.
|
||||
- Set **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced Protocol Settings**:
|
||||
- Set an available signing certificate.
|
||||
- Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`.
|
||||
|
||||
@@ -39,7 +39,6 @@ To support the integration of HashiCorp Cloud with authentik, you need to create
|
||||
- **Configure the Provider**:
|
||||
- Set the **ACS URL** to the value of `SSO Sign-On URL` in the **HashiCorp Cloud preparation** section.
|
||||
- Set the **Audience** to the value of `Entity ID` in the **HashiCorp Cloud preparation** section.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, select an available **Signing certificate**.
|
||||
3. Click **Submit** to save the new application and provider.
|
||||
|
||||
|
||||
@@ -31,7 +31,6 @@ To support the integration of OVHcloud with authentik, you need to create an app
|
||||
- `https://www.ovhcloud.com/eu/auth/saml/acs` for EU region.
|
||||
- `https://www.ovhcloud.com/ca/auth/saml/acs` for CA region.
|
||||
- `https://us.ovhcloud.com/auth/` for US region.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, set an available **Signing certificate**.
|
||||
|
||||
- **Configure Bindings** _(optional)_: You can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
@@ -153,7 +153,6 @@ To support the integration of GitHub Enterprise EMU with authentik, you need to
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set **ACS URL** to the ACS URL for your EMU deployment.
|
||||
- Set **Audience** to the audience value for your EMU deployment.
|
||||
- Set **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Add the `GitHub EMU full name` and `GitHub EMU emails` property mappings.
|
||||
- Set **NameID Property Mapping** to `GitHub EMU username`.
|
||||
|
||||
@@ -40,7 +40,6 @@ To support the integration of GitHub Enterprise Cloud with authentik, you need t
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set **ACS URL** to `https://github.com/orgs/foo/saml/consume`.
|
||||
- Set **Audience** to `https://github.com/orgs/foo`.
|
||||
- Set **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, select an available **Signing certificate**. Download this certificate because it is required later.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
|
||||
@@ -36,7 +36,6 @@ To support the integration of GitHub Enterprise Server with authentik, you need
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set **ACS URL** to `https://github.company/saml/consume`.
|
||||
- Set **Audience** to `https://github.company`.
|
||||
- Set **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Select an available **Signing certificate**. Download this certificate because it is required later.
|
||||
- Set **NameID Property Mapping** to `authentik default SAML Mapping: Username`.
|
||||
|
||||
@@ -54,7 +54,6 @@ To support the integration of GitLab with authentik, you need to create an appli
|
||||
- **Configure the Provider**:
|
||||
- Set the **ACS URL** to `https://gitlab.company/users/auth/saml/callback`.
|
||||
- Set the **Audience** to `https://gitlab.company`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, select an available **Signing certificate**.
|
||||
3. Click **Submit** to save the new application and provider.
|
||||
|
||||
|
||||
@@ -73,7 +73,6 @@ To support the integration of Weblate with authentik, you need to create an appl
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://weblate.company/accounts/complete/saml/`.
|
||||
- Set the **Audience** to `https://weblate.company/accounts/metadata/saml/`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, select an available **Signing certificate**. Then, under **Property mappings**, add the ones you just created.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
|
||||
@@ -55,7 +55,6 @@ The workflow to configure authentik as a single sign-on provider for Fleet invol
|
||||
You will also need to configure Fleet with additional settings to enable the EULA. For more information, refer to Fleet's [end user authentication guide](https://fleetdm.com/docs/using-fleet/mdm-macos-setup-experience#end-user-authentication-and-eula).
|
||||
:::
|
||||
|
||||
- **Service Provider Binding**: `Post`
|
||||
- **Audience**: `https://fleet.company`
|
||||
- **Advanced protocol settings**:
|
||||
(Any fields that can be left as their default values are omitted from the list below).
|
||||
|
||||
@@ -46,7 +46,6 @@ To support the integration of AppFlowy with authentik, you need to create a cert
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- **ACS URL**: `https://appflowy.company/gotrue/sso/saml/acs`
|
||||
- **Service Provider Binding**: `Post`
|
||||
- **Audience**: `https://appflowy.company/gotrue/sso/saml/metadata`
|
||||
- Under **Advanced protocol settings**:
|
||||
- **Signing certificate**: select the certificate created earlier
|
||||
|
||||
@@ -88,7 +88,6 @@ To support the integration of BookStack with authentik, you need to create an ap
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later.
|
||||
- Set the **ACS URL** to `https://bookstack.company/saml2/acs`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Set the **Single Logout Service** to `https://bookstack.company/saml2/sls`.
|
||||
- Set the **SLS Binding** to `Redirect`.
|
||||
- Set the **Logout Method** to `Front-channel (Iframe)`.
|
||||
|
||||
@@ -87,7 +87,6 @@ To support the integration of GLPI with authentik, you need to create property m
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to the **AcsURL** value from GLPI.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Set the **SLS URL** to the **sloURL** value from GLPI.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Select any available **Signing Certificate** and enable **Sign assertions**.
|
||||
|
||||
@@ -124,7 +124,6 @@ You must sync your LDAP database with Snipe-IT. Go to People on the sidebar menu
|
||||
Create another application in authentik and note the slug you choose, as this will be used later. In the Admin interface, go to **Applications > Providers**. Create a SAML provider with the following parameters:
|
||||
|
||||
- ACS URL: `https://inventory.company/saml/acs`
|
||||
- Service Provider Binding: `Post`
|
||||
- Audience: `https://inventory.company`
|
||||
- Signing certificate: Select any certificate you have.
|
||||
- Property mappings: Select all Managed mappings.
|
||||
|
||||
@@ -36,7 +36,6 @@ To support the integration of YouTrack with authentik, you need to create an app
|
||||
- Take note of the **slug** value as it will be required later.
|
||||
- Set the **ACS URL** to `https://placeholder.com`. You will replace this after YouTrack provides the real ACS URL.
|
||||
- Set the **Audience** to `https://placeholder.com`. You will replace this after YouTrack provides the real SP entity ID.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, set an available signing key and make sure **Sign assertions** is toggled.
|
||||
- Then, also under **Advanced protocol settings**, make sure **NameID Property Mapping** is set to `authentik default SAML Mapping: username`. Make sure the [Allow users to change username](https://docs.goauthentik.io/docs/sys-mgmt/settings#allow-users-to-change-username) setting is disabled to prevent authentication issues.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
@@ -34,7 +34,6 @@ Create a SAML provider with the following parameters:
|
||||
|
||||
- ACS URL: `https://rancher.company/v1-saml/adfs/saml/acs`
|
||||
- Audience: `https://rancher.company/v1-saml/adfs/saml/metadata`
|
||||
- Service Provider Binding: `Post`
|
||||
- Property mappings: Select all default mappings and the mapping you've created above.
|
||||
- Signing Certificate: Select the authentik self-signed certificate.
|
||||
|
||||
|
||||
@@ -39,7 +39,6 @@ To support the integration of AWX Tower with authentik, you need to create an ap
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://awx.company/sso/complete/saml/`.
|
||||
- Set the **Audience** to `awx`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, select an available **Signing certificate**.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
|
||||
@@ -82,7 +82,6 @@ To support the integration of Keycloak with authentik, you need to create an app
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Note the **slug** value because it will be required later.
|
||||
- Set the **ACS URL** to `https://keycloak.company/realms/<keycloak-realm-name>/broker/saml/endpoint`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Set the **SLS URL** to `https://keycloak.company/realms/<keycloak-realm-name>/broker/saml/endpoint`.
|
||||
- Set the **SLS Binding** to `Post`.
|
||||
- Set the **Logout Method** to `Back-channel (POST)`.
|
||||
|
||||
@@ -45,7 +45,6 @@ To support the integration of Omni with authentik, you need to create a property
|
||||
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- **ACS URL**: `https://omni.company/saml/acs`
|
||||
- **Service Provider Binding**: `Post`
|
||||
- **Audience**: `https://omni.company/saml/metadata`
|
||||
- **Signing Certificate**: select a signing certificate, either the `authentik Self-signed Certificate` or generate a certificate via **System** > **Certificate**
|
||||
- **Sign assertions**: `true`
|
||||
|
||||
@@ -144,7 +144,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S
|
||||
- Authorization flow: `default-provider-authorization-explicit-consent`
|
||||
- Protocol Settings:
|
||||
- ACS URL: https://phpipam.company/saml2/
|
||||
- Service Provider Binding: Post
|
||||
- Audience: https://phpipam.company/
|
||||
- Advanced Protocol Settings:
|
||||
- Signing Certificate: authentik: Self-signed Certificate
|
||||
|
||||
@@ -24,7 +24,6 @@ This documentation lists only the settings that you need to change from their de
|
||||
Create a SAML provider with the following parameters:
|
||||
|
||||
- ACS URL: `https://pdns-admin.company/saml/authorized`
|
||||
- Service Provider Binding: `Post`
|
||||
- Audience: `pdns-admin`
|
||||
- Signing Keypair: Select any certificate you have.
|
||||
- Property mappings: Select all Managed mappings.
|
||||
|
||||
@@ -32,7 +32,6 @@ To support the integration of Terraform with authentik, you need to create an ap
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations:
|
||||
- Set the **ACS URL** to `https://temporary.domain`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Set the **Audience** to `https://temporary.domain`.
|
||||
- Under **Advanced protocol settings**, select an available **Signing Certificate**.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
@@ -68,7 +68,6 @@ To support the integration of TrueCommand with authentik, you need to create an
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://truecommand.company/saml/acs`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, add the three or five **Property Mappings** you created in the previous section, then set the **NameID Property Mapping** to be based on the user's email. Finally, select an available **Signing certificate**.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
|
||||
@@ -42,7 +42,7 @@ To support the integration of Veeam Enterprise Manager with authentik, you need
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Click **Import** and upload the metadata XML downloaded from Veeam Enterprise Manager during pre-configuration.
|
||||
- Confirm the imported **ACS URL**, **Issuer**, and **Service Provider Binding** values match your Veeam Enterprise Manager deployment.
|
||||
- Confirm the imported **ACS URL** and **Issuer** values match your Veeam Enterprise Manager deployment.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
3. Click **Submit** to save the new application and provider.
|
||||
|
||||
@@ -50,7 +50,6 @@ To support the integration of Zammad with authentik, you need to create an appli
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://zammad.company/auth/saml/callback`.
|
||||
- Set the **Audience** to `https://zammad.company/auth/saml/metadata`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Set the **SLS URL** to `https://zammad.company/auth/saml/slo`.
|
||||
- Set the **SLS Binding** to `Redirect`.
|
||||
- Set the **Logout Method** to `Front-channel (Iframe)`.
|
||||
|
||||
@@ -87,7 +87,6 @@ To support the integration of Zendesk with authentik, you need to create an appl
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Note the **slug** value because it will be required later.
|
||||
- Set the **ACS URL** to `https://company.zendesk.com/access/saml/`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, set **Signing Certificate** to use any available certificate.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
|
||||
@@ -67,7 +67,6 @@ Ironclad requires both a first and last name for each user, but by default, auth
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Temporarily set the **ACS URL** to `https://temp.temp`
|
||||
- Set **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Set an available **Signing certificate**.
|
||||
- Toggle off **Sign assertions**.
|
||||
|
||||
@@ -47,7 +47,6 @@ To support the integration of Datadog with authentik, you need to create an appl
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://us5.datadoghq.com/account/saml/assertion`.
|
||||
- Set the **Audience** to `https://us5.datadoghq.com/account/saml/metadata.xml`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, set **Signing Certificate** to any available certificate.
|
||||
- Enable **Sign assertions**.
|
||||
- Enable **Sign responses**.
|
||||
|
||||
@@ -64,7 +64,6 @@ To support the integration of OneUptime with authentik, you need an application/
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations:
|
||||
- Set the **ACS URL** to the **Reply URL (Assertion Consumer Service URL)** from OneUptime.
|
||||
- Set the **Audience** to the **Identifier (Entity ID)** from OneUptime.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Set the **Signing Certificate** to the same certificate that you downloaded earlier.
|
||||
- Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`.
|
||||
|
||||
@@ -72,7 +72,6 @@ PostHog requires a permanent ID attribute named `name_id`. PostHog can use the m
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://posthog.company/complete/saml/`.
|
||||
- Set the **Audience** to `https://posthog.company`.
|
||||
- Set the **Service Provider Binding** to `POST`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Set the **Signing Certificate** to any available certificate.
|
||||
- Set **NameID Property Mapping** to `PostHog name_id`.
|
||||
|
||||
@@ -25,7 +25,6 @@ This documentation lists only the settings that you need to change from their de
|
||||
Create an application in authentik. Create a SAML Provider with the following values
|
||||
|
||||
- ACS URL: `https://sentry.company/saml/acs/<sentry organisation name>/`
|
||||
- Service Provider Binding: `Post`
|
||||
- Audience: `https://sentry.company/saml/metadata/<sentry organisation name>/`
|
||||
|
||||
Under _Advanced protocol settings_, set the following:
|
||||
|
||||
@@ -115,7 +115,6 @@ Splunk expects the SAML assertion to include user role, email, and display name
|
||||
- Set the **ACS URL** to `https://splunk.company:8000/saml/acs`.
|
||||
- Set the **Audience** to `https://splunk.company:8000`.
|
||||
- Set the **SLS URL** to `https://splunk.company:8000/saml/logout`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Set **Signing Certificate** to the self-signed certificate that you imported earlier.
|
||||
- Enable **Sign assertions** and **Sign responses**.
|
||||
|
||||
@@ -60,7 +60,6 @@ To support the integration of Wazuh with authentik, you need to create a group,
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- **ACS URL**: `https://wazuh-dashboard.company/_opendistro/_security/saml/acs`
|
||||
- **Audience**: `wazuh-saml`
|
||||
- **Service Provider Binding**: `Post`
|
||||
- Under **Advanced protocol settings**:
|
||||
- **Signing Certificate**: select an existing certificate. If you do not already have one, create it under **System** > **Certificates** before configuring the provider.
|
||||
- **Property Mappings**: add the **Property Mapping** you created in the previous section.
|
||||
|
||||
@@ -37,7 +37,6 @@ To support the integration of Zabbix with authentik, you need to create an appli
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://zabbix.company/index_sso.php?acs`.
|
||||
- Set the **Audience** to `https://zabbix.company/zabbix`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Set the **Single Logout Service** to `https://zabbix.company/index_sso.php?sls`.
|
||||
- Set the **SLS Binding** to `Redirect`.
|
||||
- Set the **Logout Method** to `Front-channel (Iframe)`.
|
||||
|
||||
@@ -48,7 +48,6 @@ To support the integration of Aruba Orchestrator with authentik, you need to cre
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, select an available **Signing certificate**.
|
||||
- Under **Advanced protocol settings**, add the newly created property mapping under **Property Mappings**.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
@@ -45,7 +45,6 @@ To support the integration of FortiGate with authentik, you need to create an ap
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://fgt.company/saml/?acs`.
|
||||
- Set the **Audience** to `https://fgt.company/metadata`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, add the **Property Mapping** you created in the previous section, then select an available **Signing Certificate**.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
|
||||
@@ -34,7 +34,6 @@ To support the integration of FortiManager with authentik, you need to create an
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://fortimanager.company/saml/?acs`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
3. Click **Submit** to save the new application and provider.
|
||||
|
||||
@@ -39,7 +39,6 @@ To support the integration of GlobalProtect with authentik, you need to create a
|
||||
- **Choose a Provider type**: Select **SAML Provider**.
|
||||
- **Configure the Provider**:
|
||||
- Set the **ACS URL** to `https://gp.company:443/SAML20/SP/ACS`. (Note the absence of the trailing slash and the inclusion of the web interface port)
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, select an available **Signing certificate**.
|
||||
3. Click **Submit** to save the new application and provider.
|
||||
|
||||
|
||||
@@ -105,7 +105,6 @@ Omada can't handle a user being in multiple roles. Therefore, ensure that a user
|
||||
- **Audience**:
|
||||
- For Cloud Controllers: `https://omada.tplinkcloud.com/`
|
||||
- For Software and Hardware Controllers: `https://<controller_ip_address>:8043`
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Set an available **Signing certificate**.
|
||||
- Set **NameID Property Mapping** to `authentik default SAML Mapping: UPN`
|
||||
|
||||
@@ -95,7 +95,6 @@ Create SAML property mappings for the attributes that WorkOS expects from the id
|
||||
- **Configure the Provider**: provide a name or accept the auto-provided name, the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to a temporary value. You will replace this after Anthropic provides the real ACS URL.
|
||||
- Set the **Audience** to a temporary value. You will replace this after Anthropic provides the real SP Entity ID.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Select an available **Signing Certificate**.
|
||||
- Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`.
|
||||
|
||||
@@ -45,7 +45,6 @@ To support the integration of Atlassian Cloud with authentik, you need to create
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Temporarily set the **ACS URL** and **Audience** to `https://temp.temp`
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, set an available **Signing certificate**.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
|
||||
@@ -76,7 +76,6 @@ You first need to create property mappings to provide the specific SAML attribut
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to a temporary value (for example, `https://placeholder.invalid/acs`). You will replace this after Elastic Cloud provides the real ACS URL.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Set the **Audience** to a temporary value (for example, `https://placeholder.invalid/sp`). You will replace this after Elastic Cloud provides the real service provider entity ID.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Select an available **Signing Certificate**.
|
||||
|
||||
@@ -113,7 +113,6 @@ If MFA is configured in Microsoft365, then you also need to create a property ma
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://login.microsoftonline.com/login.srf`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Set the **Audience** to `urn:federation:MicrosoftOnline`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Set **Signing Certificate** to use any available certificate.
|
||||
|
||||
@@ -84,7 +84,6 @@ Salesforce JIT provisioning requires specific SAML attributes to automatically c
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://company.my.salesforce.com?so=XXXXXXXXX`, replacing `XXXXXXXXX` with your Salesforce Organization ID.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Select an available **Signing Certificate**.
|
||||
- Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`.
|
||||
|
||||
@@ -60,7 +60,6 @@ To support the integration of Stripe with authentik, you need to create a group,
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://dashboard.stripe.com/login/saml/consume`.
|
||||
- Set the **Audience** to `https://dashboard.stripe.com/saml/metadata`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Set an available **Signing certificate**.
|
||||
- Add the previously created `Stripe Role` property mapping to **Selected User Property Mappings**.
|
||||
|
||||
@@ -52,7 +52,6 @@ You can configure either Admin Portal SSO or User Portal SSO (or both), dependin
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://fortimailadmin.company/sso/SAML2/POST`.
|
||||
- Set the **Audience** to `https://fortimailadmin.company/sp`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Select any available certificate as the **Signing Certificate** and enable **Sign Assertions**.
|
||||
- Ensure that `authentik default SAML Mapping: Username` is selected as a **Selected User Property Mappings**; other mappings are optional and can be removed if not needed.
|
||||
@@ -109,7 +108,6 @@ To support the integration of the FortiMail User Portal with authentik, you need
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://fortimailuser.company/sp2/sso/SAML2/POST`.
|
||||
- Set the **Audience** to `https://fortimailuser.company/sp`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, choose any available certificate as the **Signing Certificate** and enable **Sign Assertions**. Ensure `authentik default SAML Mapping: Email` is selected as a **Selected User Property Mapping**; other mappings are optional and can be removed if not needed.
|
||||
- **Configure Bindings** _(optional)_: create a [binding](/docs/add-secure-apps/bindings-overview/) to control which end users see the FortiMail webmail application on the **My Applications** page.
|
||||
|
||||
|
||||
@@ -77,7 +77,6 @@ This example sets the session duration to 540 minutes. Change the value to match
|
||||
- **Configure Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
**Protocol Settings**:
|
||||
- **ACS URL**: `https://knocknoc.company/api/saml/acs`
|
||||
- **Service Provider Binding**: `Post`
|
||||
- **Audience**: `https://knocknoc.company/api/saml/metadata`
|
||||
- Under **Advanced protocol settings**, add the three **Property Mappings** you created in the previous section, then set the **NameID Property Mapping** to `authentik default SAML Mapping: Username`.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
|
||||
|
||||
@@ -32,7 +32,6 @@ To support the integration of KnowBe4 with authentik, you need to create an appl
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Temporarily set the **ACS URL** to `https://temp.temp`
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**, select any available signing certificate.
|
||||
- **Configure Bindings** _(optional)_: create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to control which users see the KnowBe4 application on the **My Applications** page.
|
||||
|
||||
|
||||
@@ -34,7 +34,6 @@ To support the integration of macmon NAC with authentik, you need to create an a
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Set the **ACS URL** to `https://macmon.company/login/?acs`.
|
||||
- Set the **Audience** to `https://macmon.company/login/?acs`.
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Set an available signing certificate.
|
||||
- Enable both **Sign Assertions** and **Sign Responses**.
|
||||
|
||||
@@ -63,7 +63,6 @@ Push Security requires separate first and last names for each user, but authenti
|
||||
- **Choose a Provider type**: select **SAML Provider** as the provider type.
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
|
||||
- Temporarily set the **ACS URL** and **Audience** to `https://temp.temp`
|
||||
- Set the **Service Provider Binding** to `Post`.
|
||||
- Under **Advanced protocol settings**:
|
||||
- Set an available signing certificate.
|
||||
- **Property mappings**:
|
||||
|
||||
@@ -40,7 +40,6 @@ This documentation lists only the settings that you need to change from their de
|
||||
9. Create a new SAML provider under **Applications** > **Providers** using the following settings:
|
||||
- **ACS URL**: `https://semgrep.dev/api/auth/saml/devcompany/`
|
||||
- **Audience**: `semgrep-dev`
|
||||
- **Service Provider Binding**: `Post`
|
||||
- **Signing Keypair**: Choose the RSA certificate you generated earlier.
|
||||
- **Property mappings**: `semgrep-name` and `semgrep-email`
|
||||
10. Create a new application under **Applications** > **Applications**, pick a name and a slug, and assign the provider that you just created.
|
||||
|
||||
@@ -48,7 +48,6 @@ Note the Audience and ACS URLs that appear. You will use these to configure auth
|
||||
In the authentik admin interface, navigate to **Applications > Providers**. Create a SAML provider with the following parameters:
|
||||
|
||||
- ACS URL: Enter the ACS URL provided by the Skyhigh Dashboard above
|
||||
- Service Provider Binding: `Post`
|
||||
- Audience: Enter the Audience URL provided by the Skyhigh Dashboard above
|
||||
- Signing certificate: Select the certificate you uploaded to Skyhigh above
|
||||
- Property mappings: Select all default mappings.
|
||||
@@ -63,7 +62,6 @@ Create an application linked to this new provider and use the slug name you used
|
||||
In the authentik admin interface, navigate to **Applications > Providers**. Create a SAML provider with the following parameters:
|
||||
|
||||
- ACS URL: `https://login.auth.ui.trellix.com/sso/saml2`
|
||||
- Service Provider Binding: `Post`
|
||||
- Audience: `https://login.auth.ui.trellix.com/sso/saml2`
|
||||
- Signing certificate: Select any certificate
|
||||
- Property mappings: Select all default mappings.
|
||||
|
||||
Reference in New Issue
Block a user