From 97ea93bdcd7e0ca66da07cff51956da6199b3737 Mon Sep 17 00:00:00 2001 From: Connor Peshek Date: Mon, 11 May 2026 00:30:27 -0500 Subject: [PATCH] website/integrations: remove sp binding field (#22200) docs/integrations: remove sp binding field --- .../chat-communication-collaboration/joplin/index.md | 1 - .../chat-communication-collaboration/kimai/index.md | 1 - .../mattermost-team-edition/index.mdx | 1 - .../chat-communication-collaboration/mautic/index.md | 1 - .../chat-communication-collaboration/nextcloud/index.mdx | 1 - .../chat-communication-collaboration/placetel/index.md | 1 - .../chat-communication-collaboration/seatable/index.md | 1 - .../chat-communication-collaboration/slack/index.md | 1 - .../integrations/chat-communication-collaboration/zoom/index.md | 1 - .../chat-communication-collaboration/zulip/index.md | 1 - website/integrations/cloud-providers/aws-classic/index.mdx | 1 - website/integrations/cloud-providers/aws/index.mdx | 1 - website/integrations/cloud-providers/hashicorp-cloud/index.md | 1 - website/integrations/cloud-providers/ovhcloud/index.md | 1 - website/integrations/development/ghec-emu/index.mdx | 1 - website/integrations/development/ghec/index.md | 1 - website/integrations/development/ghes/index.md | 1 - website/integrations/development/gitlab/index.mdx | 1 - website/integrations/development/weblate/index.md | 1 - website/integrations/device-management/fleet/index.md | 1 - website/integrations/documentation/appflowy/index.mdx | 1 - website/integrations/documentation/bookstack/index.mdx | 1 - website/integrations/documentation/glpi/index.md | 1 - website/integrations/documentation/snipe-it/index.md | 1 - website/integrations/documentation/youtrack/index.md | 1 - website/integrations/hypervisors-orchestrators/rancher/index.md | 1 - website/integrations/infrastructure/awx-tower/index.md | 1 - website/integrations/infrastructure/keycloak/index.mdx | 1 - website/integrations/infrastructure/omni/index.md | 1 - website/integrations/infrastructure/phpipam/index.md | 1 - website/integrations/infrastructure/powerdns-admin/index.md | 1 - website/integrations/infrastructure/terraform-cloud/index.md | 1 - website/integrations/infrastructure/truecommand/index.md | 1 - .../infrastructure/veeam-enterprise-manager/index.md | 2 +- website/integrations/infrastructure/zammad/index.md | 1 - website/integrations/infrastructure/zendesk/index.mdx | 1 - website/integrations/media/ironclad/index.mdx | 1 - website/integrations/monitoring/datadog/index.mdx | 1 - website/integrations/monitoring/oneuptime/index.md | 1 - website/integrations/monitoring/posthog/index.md | 1 - website/integrations/monitoring/sentry/index.md | 1 - website/integrations/monitoring/splunk-enterprise/index.mdx | 1 - website/integrations/monitoring/wazuh/index.mdx | 1 - website/integrations/monitoring/zabbix/index.md | 1 - website/integrations/networking/aruba-orchestrator/index.md | 1 - website/integrations/networking/fortigate-admin/index.md | 1 - website/integrations/networking/fortimanager/index.md | 1 - website/integrations/networking/globalprotect/index.md | 1 - website/integrations/networking/omada-controller/index.mdx | 1 - website/integrations/platforms/anthropic/index.mdx | 1 - website/integrations/platforms/atlassian/index.mdx | 1 - website/integrations/platforms/elastic-cloud/index.mdx | 1 - website/integrations/platforms/microsoft/index.md | 1 - website/integrations/platforms/salesforce/index.md | 1 - website/integrations/platforms/stripe/index.mdx | 1 - website/integrations/security/fortimail/index.mdx | 2 -- website/integrations/security/knocknoc/index.md | 1 - website/integrations/security/knowbe4/index.md | 1 - website/integrations/security/macmon-nac/index.md | 1 - website/integrations/security/push-security/index.mdx | 1 - website/integrations/security/semgrep/index.md | 1 - website/integrations/security/skyhigh/index.md | 2 -- 62 files changed, 1 insertion(+), 64 deletions(-) diff --git a/website/integrations/chat-communication-collaboration/joplin/index.md b/website/integrations/chat-communication-collaboration/joplin/index.md index 0668d6b6bb..5265c99dfa 100644 --- a/website/integrations/chat-communication-collaboration/joplin/index.md +++ b/website/integrations/chat-communication-collaboration/joplin/index.md @@ -57,7 +57,6 @@ To support the integration of Joplin with authentik, you need to create property - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://joplin.company/api/saml`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select an available **Signing certificate** and ensure **Sign assertions** and **Sign responses** are enabled. - Under **Property mappings**, add the two property mappings created in the previous section. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/chat-communication-collaboration/kimai/index.md b/website/integrations/chat-communication-collaboration/kimai/index.md index 5faf7d1e36..5664d523ba 100644 --- a/website/integrations/chat-communication-collaboration/kimai/index.md +++ b/website/integrations/chat-communication-collaboration/kimai/index.md @@ -34,7 +34,6 @@ To support the integration of Kimai with authentik, you need to create an applic - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://kimai.company/auth/saml/acs`. - - Set the **Service Provider Binding** to `Post`. - Set the **Audience** to `https://kimai.company/auth/saml`. - Under **Advanced protocol settings**: - Select an available **Signing certificate**. diff --git a/website/integrations/chat-communication-collaboration/mattermost-team-edition/index.mdx b/website/integrations/chat-communication-collaboration/mattermost-team-edition/index.mdx index 1b333177e6..488ab9d08d 100644 --- a/website/integrations/chat-communication-collaboration/mattermost-team-edition/index.mdx +++ b/website/integrations/chat-communication-collaboration/mattermost-team-edition/index.mdx @@ -160,7 +160,6 @@ To support the integration of Mattermost with authentik via SAML, you need to up - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations: - Set the **ACS URL** to `https://mattermost.company/login/sso/saml`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**: - Set the **Signing Certificate** to any available authentik certificate (e.g., the default self-signed certificate). - Enable **Sign assertions**. diff --git a/website/integrations/chat-communication-collaboration/mautic/index.md b/website/integrations/chat-communication-collaboration/mautic/index.md index e8997cf5e4..7dc946d52d 100644 --- a/website/integrations/chat-communication-collaboration/mautic/index.md +++ b/website/integrations/chat-communication-collaboration/mautic/index.md @@ -72,7 +72,6 @@ Because Mautic requires a first name and last name attribute, create two [SAML p - Set the **Name** to `mautic-provider` - Set the **ACS URL** to `https://mautic.company/s/saml/login_check` - Set the **Audience** to `mautic.company` - - Set the **Service Provider Binding** to `Post` - Under **Advanced protocol settings**, select an available **Signing certificate**, check **Sign assertions** and **Sign responses**, and add the two **Property Mappings** you created in the previous section. 3. Click **Submit** to save the new application and provider. 4. Go to **Applications** > **Providers** and click on `mautic-provider`. diff --git a/website/integrations/chat-communication-collaboration/nextcloud/index.mdx b/website/integrations/chat-communication-collaboration/nextcloud/index.mdx index b3c819ec05..f9a9d6300d 100644 --- a/website/integrations/chat-communication-collaboration/nextcloud/index.mdx +++ b/website/integrations/chat-communication-collaboration/nextcloud/index.mdx @@ -219,7 +219,6 @@ If you require [server side encryption](https://docs.nextcloud.com/server/latest - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://nextcloud.company/apps/user_saml/saml/acs`. - Set the **Audience** to `https://nextcloud.company/apps/user_saml/saml/metadata`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, set an available **Signing certificate**. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/chat-communication-collaboration/placetel/index.md b/website/integrations/chat-communication-collaboration/placetel/index.md index f4d9420333..7d1499b1e5 100644 --- a/website/integrations/chat-communication-collaboration/placetel/index.md +++ b/website/integrations/chat-communication-collaboration/placetel/index.md @@ -34,7 +34,6 @@ To support the integration of Placetel with authentik, you need to create an app - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://accounts.webex.placetel.de/users/saml/auth`. - Set the **SLS URL** to `https://accounts.webex.placetel.de/users/saml/idp_sign_out`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, set an available **Signing Certificate** and ensure that **Sign assertions** and **Sign responses** are toggled. - Ensure that **Encryption Certificate** is empty. - Remove all **Property Mappings** except for `authentik default SAML Mapping: Email`. diff --git a/website/integrations/chat-communication-collaboration/seatable/index.md b/website/integrations/chat-communication-collaboration/seatable/index.md index 0b3a6289be..5a459af2e3 100644 --- a/website/integrations/chat-communication-collaboration/seatable/index.md +++ b/website/integrations/chat-communication-collaboration/seatable/index.md @@ -38,7 +38,6 @@ To support the integration of SeaTable with authentik, you need to create an app - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://seatable.company/saml/acs/`. - - Set the **Service Provider Binding** to `Post`. - Set the **Audience** to `https://seatable.company/saml/metadata/`. - Under **Advanced protocol settings**, set an available **Signing certificate**. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/chat-communication-collaboration/slack/index.md b/website/integrations/chat-communication-collaboration/slack/index.md index 55bde89732..b76763eb00 100644 --- a/website/integrations/chat-communication-collaboration/slack/index.md +++ b/website/integrations/chat-communication-collaboration/slack/index.md @@ -51,7 +51,6 @@ To support the integration of Slack with authentik, you need to create an applic - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://company.slack.com/sso/saml`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select an available **Signing certificate** and add the two **Property Mappings** you created in the previous section. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/chat-communication-collaboration/zoom/index.md b/website/integrations/chat-communication-collaboration/zoom/index.md index 5cae13c94b..5395d95fbb 100644 --- a/website/integrations/chat-communication-collaboration/zoom/index.md +++ b/website/integrations/chat-communication-collaboration/zoom/index.md @@ -37,7 +37,6 @@ To support the integration of Zoom with authentik, you need to create an applica - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations: - Set the **ACS URL** to `https://company.zoom.us/saml/SSO`. - - Set the **Service Provider Binding** to `Post`. - Set the **SLS URL** to `https://company.zoom.us/saml/SingleLogout`. - Set the **SLS Binding** to `Redirect`. - Set the **Logout Method** to `Front-channel (Native)`. diff --git a/website/integrations/chat-communication-collaboration/zulip/index.md b/website/integrations/chat-communication-collaboration/zulip/index.md index 797e6cbc55..14eec936bc 100644 --- a/website/integrations/chat-communication-collaboration/zulip/index.md +++ b/website/integrations/chat-communication-collaboration/zulip/index.md @@ -34,7 +34,6 @@ To support the integration of Zulip with authentik, you need to create an applic - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://zulip.company/complete/saml/`. - - Set the **Service Provider Binding** to `Post`. - Set the **SLS URL** to `https://zulip.company/complete/saml/`. - Set the **SLS Binding** to `Redirect`. - Set the **Logout Method** to `Front-channel (Iframe)`. diff --git a/website/integrations/cloud-providers/aws-classic/index.mdx b/website/integrations/cloud-providers/aws-classic/index.mdx index 396e29f6d5..940dab0fb4 100644 --- a/website/integrations/cloud-providers/aws-classic/index.mdx +++ b/website/integrations/cloud-providers/aws-classic/index.mdx @@ -111,7 +111,6 @@ To support the integration of AWS with authentik via the Classic IAM method, you - **Configure the Provider**: provide a name (or accept the auto-provided name), and configure the following required settings: - Set the **ACS URL** to `https://signin.aws.amazon.com/saml` - Set the **Audience** to `urn:amazon:webservices` - - Set **Service Provider Binding** to `Post` - Under **Advanced protocol settings**, select an available **Signing Certificate**, ensure both **Signing Assertions** and **Signing Responses** are enabled, then add, under **Property Mappings**, both property mappings you created in the previous section. - Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/cloud-providers/aws/index.mdx b/website/integrations/cloud-providers/aws/index.mdx index 359ea760b2..c21fba4699 100644 --- a/website/integrations/cloud-providers/aws/index.mdx +++ b/website/integrations/cloud-providers/aws/index.mdx @@ -53,7 +53,6 @@ To support the integration of AWS with authentik using SAML, you need to create - **Choose a Provider type**: select **SAML Provider from metadata** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), and configure the following required settings: - Upload the **Service Provider metadata** file from AWS. - - Set **Service Provider Binding** to `Post`. - Under **Advanced Protocol Settings**: - Set an available signing certificate. - Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`. diff --git a/website/integrations/cloud-providers/hashicorp-cloud/index.md b/website/integrations/cloud-providers/hashicorp-cloud/index.md index a69267a744..74abbf193c 100644 --- a/website/integrations/cloud-providers/hashicorp-cloud/index.md +++ b/website/integrations/cloud-providers/hashicorp-cloud/index.md @@ -39,7 +39,6 @@ To support the integration of HashiCorp Cloud with authentik, you need to create - **Configure the Provider**: - Set the **ACS URL** to the value of `SSO Sign-On URL` in the **HashiCorp Cloud preparation** section. - Set the **Audience** to the value of `Entity ID` in the **HashiCorp Cloud preparation** section. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select an available **Signing certificate**. 3. Click **Submit** to save the new application and provider. diff --git a/website/integrations/cloud-providers/ovhcloud/index.md b/website/integrations/cloud-providers/ovhcloud/index.md index 1fb3603822..05d27960c6 100644 --- a/website/integrations/cloud-providers/ovhcloud/index.md +++ b/website/integrations/cloud-providers/ovhcloud/index.md @@ -31,7 +31,6 @@ To support the integration of OVHcloud with authentik, you need to create an app - `https://www.ovhcloud.com/eu/auth/saml/acs` for EU region. - `https://www.ovhcloud.com/ca/auth/saml/acs` for CA region. - `https://us.ovhcloud.com/auth/` for US region. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, set an available **Signing certificate**. - **Configure Bindings** _(optional)_: You can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/development/ghec-emu/index.mdx b/website/integrations/development/ghec-emu/index.mdx index 312dabd7c6..bfe13d7226 100644 --- a/website/integrations/development/ghec-emu/index.mdx +++ b/website/integrations/development/ghec-emu/index.mdx @@ -153,7 +153,6 @@ To support the integration of GitHub Enterprise EMU with authentik, you need to - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set **ACS URL** to the ACS URL for your EMU deployment. - Set **Audience** to the audience value for your EMU deployment. - - Set **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**: - Add the `GitHub EMU full name` and `GitHub EMU emails` property mappings. - Set **NameID Property Mapping** to `GitHub EMU username`. diff --git a/website/integrations/development/ghec/index.md b/website/integrations/development/ghec/index.md index 6b59bfccd5..c7b31e38c1 100644 --- a/website/integrations/development/ghec/index.md +++ b/website/integrations/development/ghec/index.md @@ -40,7 +40,6 @@ To support the integration of GitHub Enterprise Cloud with authentik, you need t - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set **ACS URL** to `https://github.com/orgs/foo/saml/consume`. - Set **Audience** to `https://github.com/orgs/foo`. - - Set **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select an available **Signing certificate**. Download this certificate because it is required later. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/development/ghes/index.md b/website/integrations/development/ghes/index.md index 31aa96f07a..042160772b 100644 --- a/website/integrations/development/ghes/index.md +++ b/website/integrations/development/ghes/index.md @@ -36,7 +36,6 @@ To support the integration of GitHub Enterprise Server with authentik, you need - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set **ACS URL** to `https://github.company/saml/consume`. - Set **Audience** to `https://github.company`. - - Set **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**: - Select an available **Signing certificate**. Download this certificate because it is required later. - Set **NameID Property Mapping** to `authentik default SAML Mapping: Username`. diff --git a/website/integrations/development/gitlab/index.mdx b/website/integrations/development/gitlab/index.mdx index 03fa3785af..00ba954ad7 100644 --- a/website/integrations/development/gitlab/index.mdx +++ b/website/integrations/development/gitlab/index.mdx @@ -54,7 +54,6 @@ To support the integration of GitLab with authentik, you need to create an appli - **Configure the Provider**: - Set the **ACS URL** to `https://gitlab.company/users/auth/saml/callback`. - Set the **Audience** to `https://gitlab.company`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select an available **Signing certificate**. 3. Click **Submit** to save the new application and provider. diff --git a/website/integrations/development/weblate/index.md b/website/integrations/development/weblate/index.md index 54617ed0ee..09a3dfa79f 100644 --- a/website/integrations/development/weblate/index.md +++ b/website/integrations/development/weblate/index.md @@ -73,7 +73,6 @@ To support the integration of Weblate with authentik, you need to create an appl - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://weblate.company/accounts/complete/saml/`. - Set the **Audience** to `https://weblate.company/accounts/metadata/saml/`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select an available **Signing certificate**. Then, under **Property mappings**, add the ones you just created. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/device-management/fleet/index.md b/website/integrations/device-management/fleet/index.md index 63c47ae1da..caf4b5970c 100644 --- a/website/integrations/device-management/fleet/index.md +++ b/website/integrations/device-management/fleet/index.md @@ -55,7 +55,6 @@ The workflow to configure authentik as a single sign-on provider for Fleet invol You will also need to configure Fleet with additional settings to enable the EULA. For more information, refer to Fleet's [end user authentication guide](https://fleetdm.com/docs/using-fleet/mdm-macos-setup-experience#end-user-authentication-and-eula). ::: - - **Service Provider Binding**: `Post` - **Audience**: `https://fleet.company` - **Advanced protocol settings**: (Any fields that can be left as their default values are omitted from the list below). diff --git a/website/integrations/documentation/appflowy/index.mdx b/website/integrations/documentation/appflowy/index.mdx index 7917947cbb..b399ceab7c 100644 --- a/website/integrations/documentation/appflowy/index.mdx +++ b/website/integrations/documentation/appflowy/index.mdx @@ -46,7 +46,6 @@ To support the integration of AppFlowy with authentik, you need to create a cert - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - **ACS URL**: `https://appflowy.company/gotrue/sso/saml/acs` - - **Service Provider Binding**: `Post` - **Audience**: `https://appflowy.company/gotrue/sso/saml/metadata` - Under **Advanced protocol settings**: - **Signing certificate**: select the certificate created earlier diff --git a/website/integrations/documentation/bookstack/index.mdx b/website/integrations/documentation/bookstack/index.mdx index 01c316e7e9..d709359f21 100644 --- a/website/integrations/documentation/bookstack/index.mdx +++ b/website/integrations/documentation/bookstack/index.mdx @@ -88,7 +88,6 @@ To support the integration of BookStack with authentik, you need to create an ap - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later. - Set the **ACS URL** to `https://bookstack.company/saml2/acs`. - - Set the **Service Provider Binding** to `Post`. - Set the **Single Logout Service** to `https://bookstack.company/saml2/sls`. - Set the **SLS Binding** to `Redirect`. - Set the **Logout Method** to `Front-channel (Iframe)`. diff --git a/website/integrations/documentation/glpi/index.md b/website/integrations/documentation/glpi/index.md index f3d199762d..9c01852c03 100644 --- a/website/integrations/documentation/glpi/index.md +++ b/website/integrations/documentation/glpi/index.md @@ -87,7 +87,6 @@ To support the integration of GLPI with authentik, you need to create property m - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to the **AcsURL** value from GLPI. - - Set the **Service Provider Binding** to `Post`. - Set the **SLS URL** to the **sloURL** value from GLPI. - Under **Advanced protocol settings**: - Select any available **Signing Certificate** and enable **Sign assertions**. diff --git a/website/integrations/documentation/snipe-it/index.md b/website/integrations/documentation/snipe-it/index.md index 9e9770afb7..3d11084a9b 100644 --- a/website/integrations/documentation/snipe-it/index.md +++ b/website/integrations/documentation/snipe-it/index.md @@ -124,7 +124,6 @@ You must sync your LDAP database with Snipe-IT. Go to People on the sidebar menu Create another application in authentik and note the slug you choose, as this will be used later. In the Admin interface, go to **Applications > Providers**. Create a SAML provider with the following parameters: - ACS URL: `https://inventory.company/saml/acs` -- Service Provider Binding: `Post` - Audience: `https://inventory.company` - Signing certificate: Select any certificate you have. - Property mappings: Select all Managed mappings. diff --git a/website/integrations/documentation/youtrack/index.md b/website/integrations/documentation/youtrack/index.md index 094b8912fd..9759d2a2bb 100644 --- a/website/integrations/documentation/youtrack/index.md +++ b/website/integrations/documentation/youtrack/index.md @@ -36,7 +36,6 @@ To support the integration of YouTrack with authentik, you need to create an app - Take note of the **slug** value as it will be required later. - Set the **ACS URL** to `https://placeholder.com`. You will replace this after YouTrack provides the real ACS URL. - Set the **Audience** to `https://placeholder.com`. You will replace this after YouTrack provides the real SP entity ID. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, set an available signing key and make sure **Sign assertions** is toggled. - Then, also under **Advanced protocol settings**, make sure **NameID Property Mapping** is set to `authentik default SAML Mapping: username`. Make sure the [Allow users to change username](https://docs.goauthentik.io/docs/sys-mgmt/settings#allow-users-to-change-username) setting is disabled to prevent authentication issues. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/hypervisors-orchestrators/rancher/index.md b/website/integrations/hypervisors-orchestrators/rancher/index.md index e6ab340ddf..a25ff877ee 100644 --- a/website/integrations/hypervisors-orchestrators/rancher/index.md +++ b/website/integrations/hypervisors-orchestrators/rancher/index.md @@ -34,7 +34,6 @@ Create a SAML provider with the following parameters: - ACS URL: `https://rancher.company/v1-saml/adfs/saml/acs` - Audience: `https://rancher.company/v1-saml/adfs/saml/metadata` -- Service Provider Binding: `Post` - Property mappings: Select all default mappings and the mapping you've created above. - Signing Certificate: Select the authentik self-signed certificate. diff --git a/website/integrations/infrastructure/awx-tower/index.md b/website/integrations/infrastructure/awx-tower/index.md index e51f8b4a87..65af0c0c7c 100644 --- a/website/integrations/infrastructure/awx-tower/index.md +++ b/website/integrations/infrastructure/awx-tower/index.md @@ -39,7 +39,6 @@ To support the integration of AWX Tower with authentik, you need to create an ap - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://awx.company/sso/complete/saml/`. - Set the **Audience** to `awx`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select an available **Signing certificate**. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/infrastructure/keycloak/index.mdx b/website/integrations/infrastructure/keycloak/index.mdx index 9c1934a054..f8750bb5c9 100644 --- a/website/integrations/infrastructure/keycloak/index.mdx +++ b/website/integrations/infrastructure/keycloak/index.mdx @@ -82,7 +82,6 @@ To support the integration of Keycloak with authentik, you need to create an app - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Note the **slug** value because it will be required later. - Set the **ACS URL** to `https://keycloak.company/realms//broker/saml/endpoint`. - - Set the **Service Provider Binding** to `Post`. - Set the **SLS URL** to `https://keycloak.company/realms//broker/saml/endpoint`. - Set the **SLS Binding** to `Post`. - Set the **Logout Method** to `Back-channel (POST)`. diff --git a/website/integrations/infrastructure/omni/index.md b/website/integrations/infrastructure/omni/index.md index 7530dd7505..25b2001614 100644 --- a/website/integrations/infrastructure/omni/index.md +++ b/website/integrations/infrastructure/omni/index.md @@ -45,7 +45,6 @@ To support the integration of Omni with authentik, you need to create a property - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - **ACS URL**: `https://omni.company/saml/acs` - - **Service Provider Binding**: `Post` - **Audience**: `https://omni.company/saml/metadata` - **Signing Certificate**: select a signing certificate, either the `authentik Self-signed Certificate` or generate a certificate via **System** > **Certificate** - **Sign assertions**: `true` diff --git a/website/integrations/infrastructure/phpipam/index.md b/website/integrations/infrastructure/phpipam/index.md index 1fefa4cb21..e8f653d751 100644 --- a/website/integrations/infrastructure/phpipam/index.md +++ b/website/integrations/infrastructure/phpipam/index.md @@ -144,7 +144,6 @@ In order to support automatic user provisioning (JIT) with phpIPAM, additional S - Authorization flow: `default-provider-authorization-explicit-consent` - Protocol Settings: - ACS URL: https://phpipam.company/saml2/ - - Service Provider Binding: Post - Audience: https://phpipam.company/ - Advanced Protocol Settings: - Signing Certificate: authentik: Self-signed Certificate diff --git a/website/integrations/infrastructure/powerdns-admin/index.md b/website/integrations/infrastructure/powerdns-admin/index.md index af8b3c147d..13c1421c31 100644 --- a/website/integrations/infrastructure/powerdns-admin/index.md +++ b/website/integrations/infrastructure/powerdns-admin/index.md @@ -24,7 +24,6 @@ This documentation lists only the settings that you need to change from their de Create a SAML provider with the following parameters: - ACS URL: `https://pdns-admin.company/saml/authorized` -- Service Provider Binding: `Post` - Audience: `pdns-admin` - Signing Keypair: Select any certificate you have. - Property mappings: Select all Managed mappings. diff --git a/website/integrations/infrastructure/terraform-cloud/index.md b/website/integrations/infrastructure/terraform-cloud/index.md index 8167e7656e..12584fe154 100644 --- a/website/integrations/infrastructure/terraform-cloud/index.md +++ b/website/integrations/infrastructure/terraform-cloud/index.md @@ -32,7 +32,6 @@ To support the integration of Terraform with authentik, you need to create an ap - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations: - Set the **ACS URL** to `https://temporary.domain`. - - Set the **Service Provider Binding** to `Post`. - Set the **Audience** to `https://temporary.domain`. - Under **Advanced protocol settings**, select an available **Signing Certificate**. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/infrastructure/truecommand/index.md b/website/integrations/infrastructure/truecommand/index.md index a3f13b89eb..410aaf5fd3 100644 --- a/website/integrations/infrastructure/truecommand/index.md +++ b/website/integrations/infrastructure/truecommand/index.md @@ -68,7 +68,6 @@ To support the integration of TrueCommand with authentik, you need to create an - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://truecommand.company/saml/acs`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, add the three or five **Property Mappings** you created in the previous section, then set the **NameID Property Mapping** to be based on the user's email. Finally, select an available **Signing certificate**. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/infrastructure/veeam-enterprise-manager/index.md b/website/integrations/infrastructure/veeam-enterprise-manager/index.md index b698638dfe..7e8bf92c1e 100644 --- a/website/integrations/infrastructure/veeam-enterprise-manager/index.md +++ b/website/integrations/infrastructure/veeam-enterprise-manager/index.md @@ -42,7 +42,7 @@ To support the integration of Veeam Enterprise Manager with authentik, you need - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Click **Import** and upload the metadata XML downloaded from Veeam Enterprise Manager during pre-configuration. - - Confirm the imported **ACS URL**, **Issuer**, and **Service Provider Binding** values match your Veeam Enterprise Manager deployment. + - Confirm the imported **ACS URL** and **Issuer** values match your Veeam Enterprise Manager deployment. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. 3. Click **Submit** to save the new application and provider. diff --git a/website/integrations/infrastructure/zammad/index.md b/website/integrations/infrastructure/zammad/index.md index 17d3807766..afaed5e7a1 100644 --- a/website/integrations/infrastructure/zammad/index.md +++ b/website/integrations/infrastructure/zammad/index.md @@ -50,7 +50,6 @@ To support the integration of Zammad with authentik, you need to create an appli - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://zammad.company/auth/saml/callback`. - Set the **Audience** to `https://zammad.company/auth/saml/metadata`. - - Set the **Service Provider Binding** to `Post`. - Set the **SLS URL** to `https://zammad.company/auth/saml/slo`. - Set the **SLS Binding** to `Redirect`. - Set the **Logout Method** to `Front-channel (Iframe)`. diff --git a/website/integrations/infrastructure/zendesk/index.mdx b/website/integrations/infrastructure/zendesk/index.mdx index 76b7ff0a20..5dbedc13c5 100644 --- a/website/integrations/infrastructure/zendesk/index.mdx +++ b/website/integrations/infrastructure/zendesk/index.mdx @@ -87,7 +87,6 @@ To support the integration of Zendesk with authentik, you need to create an appl - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Note the **slug** value because it will be required later. - Set the **ACS URL** to `https://company.zendesk.com/access/saml/`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, set **Signing Certificate** to use any available certificate. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/media/ironclad/index.mdx b/website/integrations/media/ironclad/index.mdx index e344c56b9a..26206feec5 100644 --- a/website/integrations/media/ironclad/index.mdx +++ b/website/integrations/media/ironclad/index.mdx @@ -67,7 +67,6 @@ Ironclad requires both a first and last name for each user, but by default, auth - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Temporarily set the **ACS URL** to `https://temp.temp` - - Set **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**: - Set an available **Signing certificate**. - Toggle off **Sign assertions**. diff --git a/website/integrations/monitoring/datadog/index.mdx b/website/integrations/monitoring/datadog/index.mdx index 7d4f06c963..8e5f83878c 100644 --- a/website/integrations/monitoring/datadog/index.mdx +++ b/website/integrations/monitoring/datadog/index.mdx @@ -47,7 +47,6 @@ To support the integration of Datadog with authentik, you need to create an appl - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://us5.datadoghq.com/account/saml/assertion`. - Set the **Audience** to `https://us5.datadoghq.com/account/saml/metadata.xml`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, set **Signing Certificate** to any available certificate. - Enable **Sign assertions**. - Enable **Sign responses**. diff --git a/website/integrations/monitoring/oneuptime/index.md b/website/integrations/monitoring/oneuptime/index.md index 238d0be57a..340fe933fb 100644 --- a/website/integrations/monitoring/oneuptime/index.md +++ b/website/integrations/monitoring/oneuptime/index.md @@ -64,7 +64,6 @@ To support the integration of OneUptime with authentik, you need an application/ - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations: - Set the **ACS URL** to the **Reply URL (Assertion Consumer Service URL)** from OneUptime. - Set the **Audience** to the **Identifier (Entity ID)** from OneUptime. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**: - Set the **Signing Certificate** to the same certificate that you downloaded earlier. - Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`. diff --git a/website/integrations/monitoring/posthog/index.md b/website/integrations/monitoring/posthog/index.md index 94feb513f5..0012c6e6ce 100644 --- a/website/integrations/monitoring/posthog/index.md +++ b/website/integrations/monitoring/posthog/index.md @@ -72,7 +72,6 @@ PostHog requires a permanent ID attribute named `name_id`. PostHog can use the m - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://posthog.company/complete/saml/`. - Set the **Audience** to `https://posthog.company`. - - Set the **Service Provider Binding** to `POST`. - Under **Advanced protocol settings**: - Set the **Signing Certificate** to any available certificate. - Set **NameID Property Mapping** to `PostHog name_id`. diff --git a/website/integrations/monitoring/sentry/index.md b/website/integrations/monitoring/sentry/index.md index bde510a634..1f3162c308 100644 --- a/website/integrations/monitoring/sentry/index.md +++ b/website/integrations/monitoring/sentry/index.md @@ -25,7 +25,6 @@ This documentation lists only the settings that you need to change from their de Create an application in authentik. Create a SAML Provider with the following values - ACS URL: `https://sentry.company/saml/acs//` -- Service Provider Binding: `Post` - Audience: `https://sentry.company/saml/metadata//` Under _Advanced protocol settings_, set the following: diff --git a/website/integrations/monitoring/splunk-enterprise/index.mdx b/website/integrations/monitoring/splunk-enterprise/index.mdx index df5fc07aa2..f27fec5c85 100644 --- a/website/integrations/monitoring/splunk-enterprise/index.mdx +++ b/website/integrations/monitoring/splunk-enterprise/index.mdx @@ -115,7 +115,6 @@ Splunk expects the SAML assertion to include user role, email, and display name - Set the **ACS URL** to `https://splunk.company:8000/saml/acs`. - Set the **Audience** to `https://splunk.company:8000`. - Set the **SLS URL** to `https://splunk.company:8000/saml/logout`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**: - Set **Signing Certificate** to the self-signed certificate that you imported earlier. - Enable **Sign assertions** and **Sign responses**. diff --git a/website/integrations/monitoring/wazuh/index.mdx b/website/integrations/monitoring/wazuh/index.mdx index 5bdd27b893..4799e388e4 100644 --- a/website/integrations/monitoring/wazuh/index.mdx +++ b/website/integrations/monitoring/wazuh/index.mdx @@ -60,7 +60,6 @@ To support the integration of Wazuh with authentik, you need to create a group, - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - **ACS URL**: `https://wazuh-dashboard.company/_opendistro/_security/saml/acs` - **Audience**: `wazuh-saml` - - **Service Provider Binding**: `Post` - Under **Advanced protocol settings**: - **Signing Certificate**: select an existing certificate. If you do not already have one, create it under **System** > **Certificates** before configuring the provider. - **Property Mappings**: add the **Property Mapping** you created in the previous section. diff --git a/website/integrations/monitoring/zabbix/index.md b/website/integrations/monitoring/zabbix/index.md index 798b330afe..720433943d 100644 --- a/website/integrations/monitoring/zabbix/index.md +++ b/website/integrations/monitoring/zabbix/index.md @@ -37,7 +37,6 @@ To support the integration of Zabbix with authentik, you need to create an appli - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://zabbix.company/index_sso.php?acs`. - Set the **Audience** to `https://zabbix.company/zabbix`. - - Set the **Service Provider Binding** to `Post`. - Set the **Single Logout Service** to `https://zabbix.company/index_sso.php?sls`. - Set the **SLS Binding** to `Redirect`. - Set the **Logout Method** to `Front-channel (Iframe)`. diff --git a/website/integrations/networking/aruba-orchestrator/index.md b/website/integrations/networking/aruba-orchestrator/index.md index efbaa6127e..defcb8f1a2 100644 --- a/website/integrations/networking/aruba-orchestrator/index.md +++ b/website/integrations/networking/aruba-orchestrator/index.md @@ -48,7 +48,6 @@ To support the integration of Aruba Orchestrator with authentik, you need to cre - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select an available **Signing certificate**. - Under **Advanced protocol settings**, add the newly created property mapping under **Property Mappings**. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/networking/fortigate-admin/index.md b/website/integrations/networking/fortigate-admin/index.md index ee8813bc6d..15fa92cec1 100644 --- a/website/integrations/networking/fortigate-admin/index.md +++ b/website/integrations/networking/fortigate-admin/index.md @@ -45,7 +45,6 @@ To support the integration of FortiGate with authentik, you need to create an ap - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://fgt.company/saml/?acs`. - Set the **Audience** to `https://fgt.company/metadata`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, add the **Property Mapping** you created in the previous section, then select an available **Signing Certificate**. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/networking/fortimanager/index.md b/website/integrations/networking/fortimanager/index.md index a89db105dd..a28757eefa 100644 --- a/website/integrations/networking/fortimanager/index.md +++ b/website/integrations/networking/fortimanager/index.md @@ -34,7 +34,6 @@ To support the integration of FortiManager with authentik, you need to create an - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://fortimanager.company/saml/?acs`. - - Set the **Service Provider Binding** to `Post`. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. 3. Click **Submit** to save the new application and provider. diff --git a/website/integrations/networking/globalprotect/index.md b/website/integrations/networking/globalprotect/index.md index 1fdd84cb21..b8f5419208 100644 --- a/website/integrations/networking/globalprotect/index.md +++ b/website/integrations/networking/globalprotect/index.md @@ -39,7 +39,6 @@ To support the integration of GlobalProtect with authentik, you need to create a - **Choose a Provider type**: Select **SAML Provider**. - **Configure the Provider**: - Set the **ACS URL** to `https://gp.company:443/SAML20/SP/ACS`. (Note the absence of the trailing slash and the inclusion of the web interface port) - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select an available **Signing certificate**. 3. Click **Submit** to save the new application and provider. diff --git a/website/integrations/networking/omada-controller/index.mdx b/website/integrations/networking/omada-controller/index.mdx index a813db2bc8..d586e98f7f 100644 --- a/website/integrations/networking/omada-controller/index.mdx +++ b/website/integrations/networking/omada-controller/index.mdx @@ -105,7 +105,6 @@ Omada can't handle a user being in multiple roles. Therefore, ensure that a user - **Audience**: - For Cloud Controllers: `https://omada.tplinkcloud.com/` - For Software and Hardware Controllers: `https://:8043` - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**: - Set an available **Signing certificate**. - Set **NameID Property Mapping** to `authentik default SAML Mapping: UPN` diff --git a/website/integrations/platforms/anthropic/index.mdx b/website/integrations/platforms/anthropic/index.mdx index 2c0a955e60..a15d29569c 100644 --- a/website/integrations/platforms/anthropic/index.mdx +++ b/website/integrations/platforms/anthropic/index.mdx @@ -95,7 +95,6 @@ Create SAML property mappings for the attributes that WorkOS expects from the id - **Configure the Provider**: provide a name or accept the auto-provided name, the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to a temporary value. You will replace this after Anthropic provides the real ACS URL. - Set the **Audience** to a temporary value. You will replace this after Anthropic provides the real SP Entity ID. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**: - Select an available **Signing Certificate**. - Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`. diff --git a/website/integrations/platforms/atlassian/index.mdx b/website/integrations/platforms/atlassian/index.mdx index 974e987ee6..852a7260c4 100644 --- a/website/integrations/platforms/atlassian/index.mdx +++ b/website/integrations/platforms/atlassian/index.mdx @@ -45,7 +45,6 @@ To support the integration of Atlassian Cloud with authentik, you need to create - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Temporarily set the **ACS URL** and **Audience** to `https://temp.temp` - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, set an available **Signing certificate**. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/platforms/elastic-cloud/index.mdx b/website/integrations/platforms/elastic-cloud/index.mdx index a4b40dedce..9b051c6547 100644 --- a/website/integrations/platforms/elastic-cloud/index.mdx +++ b/website/integrations/platforms/elastic-cloud/index.mdx @@ -76,7 +76,6 @@ You first need to create property mappings to provide the specific SAML attribut - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to a temporary value (for example, `https://placeholder.invalid/acs`). You will replace this after Elastic Cloud provides the real ACS URL. - - Set the **Service Provider Binding** to `Post`. - Set the **Audience** to a temporary value (for example, `https://placeholder.invalid/sp`). You will replace this after Elastic Cloud provides the real service provider entity ID. - Under **Advanced protocol settings**: - Select an available **Signing Certificate**. diff --git a/website/integrations/platforms/microsoft/index.md b/website/integrations/platforms/microsoft/index.md index ff0a2c04e7..d7fc48e68c 100644 --- a/website/integrations/platforms/microsoft/index.md +++ b/website/integrations/platforms/microsoft/index.md @@ -113,7 +113,6 @@ If MFA is configured in Microsoft365, then you also need to create a property ma - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://login.microsoftonline.com/login.srf`. - - Set the **Service Provider Binding** to `Post`. - Set the **Audience** to `urn:federation:MicrosoftOnline`. - Under **Advanced protocol settings**: - Set **Signing Certificate** to use any available certificate. diff --git a/website/integrations/platforms/salesforce/index.md b/website/integrations/platforms/salesforce/index.md index 2edcabdeef..0dd819afa4 100644 --- a/website/integrations/platforms/salesforce/index.md +++ b/website/integrations/platforms/salesforce/index.md @@ -84,7 +84,6 @@ Salesforce JIT provisioning requires specific SAML attributes to automatically c - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://company.my.salesforce.com?so=XXXXXXXXX`, replacing `XXXXXXXXX` with your Salesforce Organization ID. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**: - Select an available **Signing Certificate**. - Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`. diff --git a/website/integrations/platforms/stripe/index.mdx b/website/integrations/platforms/stripe/index.mdx index 501505711a..4db6933ae5 100644 --- a/website/integrations/platforms/stripe/index.mdx +++ b/website/integrations/platforms/stripe/index.mdx @@ -60,7 +60,6 @@ To support the integration of Stripe with authentik, you need to create a group, - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://dashboard.stripe.com/login/saml/consume`. - Set the **Audience** to `https://dashboard.stripe.com/saml/metadata`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**: - Set an available **Signing certificate**. - Add the previously created `Stripe Role` property mapping to **Selected User Property Mappings**. diff --git a/website/integrations/security/fortimail/index.mdx b/website/integrations/security/fortimail/index.mdx index 21de1eae46..58380d3c93 100644 --- a/website/integrations/security/fortimail/index.mdx +++ b/website/integrations/security/fortimail/index.mdx @@ -52,7 +52,6 @@ You can configure either Admin Portal SSO or User Portal SSO (or both), dependin - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://fortimailadmin.company/sso/SAML2/POST`. - Set the **Audience** to `https://fortimailadmin.company/sp`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**: - Select any available certificate as the **Signing Certificate** and enable **Sign Assertions**. - Ensure that `authentik default SAML Mapping: Username` is selected as a **Selected User Property Mappings**; other mappings are optional and can be removed if not needed. @@ -109,7 +108,6 @@ To support the integration of the FortiMail User Portal with authentik, you need - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://fortimailuser.company/sp2/sso/SAML2/POST`. - Set the **Audience** to `https://fortimailuser.company/sp`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, choose any available certificate as the **Signing Certificate** and enable **Sign Assertions**. Ensure `authentik default SAML Mapping: Email` is selected as a **Selected User Property Mapping**; other mappings are optional and can be removed if not needed. - **Configure Bindings** _(optional)_: create a [binding](/docs/add-secure-apps/bindings-overview/) to control which end users see the FortiMail webmail application on the **My Applications** page. diff --git a/website/integrations/security/knocknoc/index.md b/website/integrations/security/knocknoc/index.md index add57b58d0..043aa2f360 100644 --- a/website/integrations/security/knocknoc/index.md +++ b/website/integrations/security/knocknoc/index.md @@ -77,7 +77,6 @@ This example sets the session duration to 540 minutes. Change the value to match - **Configure Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. **Protocol Settings**: - **ACS URL**: `https://knocknoc.company/api/saml/acs` - - **Service Provider Binding**: `Post` - **Audience**: `https://knocknoc.company/api/saml/metadata` - Under **Advanced protocol settings**, add the three **Property Mappings** you created in the previous section, then set the **NameID Property Mapping** to `authentik default SAML Mapping: Username`. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. diff --git a/website/integrations/security/knowbe4/index.md b/website/integrations/security/knowbe4/index.md index d98be87f6d..ebaf0457c6 100644 --- a/website/integrations/security/knowbe4/index.md +++ b/website/integrations/security/knowbe4/index.md @@ -32,7 +32,6 @@ To support the integration of KnowBe4 with authentik, you need to create an appl - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Temporarily set the **ACS URL** to `https://temp.temp` - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select any available signing certificate. - **Configure Bindings** _(optional)_: create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to control which users see the KnowBe4 application on the **My Applications** page. diff --git a/website/integrations/security/macmon-nac/index.md b/website/integrations/security/macmon-nac/index.md index b0e2a8e53b..03dd5fc707 100644 --- a/website/integrations/security/macmon-nac/index.md +++ b/website/integrations/security/macmon-nac/index.md @@ -34,7 +34,6 @@ To support the integration of macmon NAC with authentik, you need to create an a - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://macmon.company/login/?acs`. - Set the **Audience** to `https://macmon.company/login/?acs`. - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**: - Set an available signing certificate. - Enable both **Sign Assertions** and **Sign Responses**. diff --git a/website/integrations/security/push-security/index.mdx b/website/integrations/security/push-security/index.mdx index 47971aa16b..54ce630107 100644 --- a/website/integrations/security/push-security/index.mdx +++ b/website/integrations/security/push-security/index.mdx @@ -63,7 +63,6 @@ Push Security requires separate first and last names for each user, but authenti - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Temporarily set the **ACS URL** and **Audience** to `https://temp.temp` - - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**: - Set an available signing certificate. - **Property mappings**: diff --git a/website/integrations/security/semgrep/index.md b/website/integrations/security/semgrep/index.md index a06739a00a..7eefd0ab12 100644 --- a/website/integrations/security/semgrep/index.md +++ b/website/integrations/security/semgrep/index.md @@ -40,7 +40,6 @@ This documentation lists only the settings that you need to change from their de 9. Create a new SAML provider under **Applications** > **Providers** using the following settings: - **ACS URL**: `https://semgrep.dev/api/auth/saml/devcompany/` - **Audience**: `semgrep-dev` - - **Service Provider Binding**: `Post` - **Signing Keypair**: Choose the RSA certificate you generated earlier. - **Property mappings**: `semgrep-name` and `semgrep-email` 10. Create a new application under **Applications** > **Applications**, pick a name and a slug, and assign the provider that you just created. diff --git a/website/integrations/security/skyhigh/index.md b/website/integrations/security/skyhigh/index.md index 10f7518615..e44bb51994 100644 --- a/website/integrations/security/skyhigh/index.md +++ b/website/integrations/security/skyhigh/index.md @@ -48,7 +48,6 @@ Note the Audience and ACS URLs that appear. You will use these to configure auth In the authentik admin interface, navigate to **Applications > Providers**. Create a SAML provider with the following parameters: - ACS URL: Enter the ACS URL provided by the Skyhigh Dashboard above -- Service Provider Binding: `Post` - Audience: Enter the Audience URL provided by the Skyhigh Dashboard above - Signing certificate: Select the certificate you uploaded to Skyhigh above - Property mappings: Select all default mappings. @@ -63,7 +62,6 @@ Create an application linked to this new provider and use the slug name you used In the authentik admin interface, navigate to **Applications > Providers**. Create a SAML provider with the following parameters: - ACS URL: `https://login.auth.ui.trellix.com/sso/saml2` -- Service Provider Binding: `Post` - Audience: `https://login.auth.ui.trellix.com/sso/saml2` - Signing certificate: Select any certificate - Property mappings: Select all default mappings.