From 14fb34f4925110c282659a4e87c6b832d06f3734 Mon Sep 17 00:00:00 2001 From: Jens L Date: Thu, 14 Dec 2023 20:37:48 +0100 Subject: [PATCH] website/docs: expand Identification stage docs (#7869) * website/docs: expand Identification stage docs Signed-off-by: Jens Langhammer * also (unrelated) add blurb to application docs to hide an application Signed-off-by: Jens Langhammer * Apply suggestions from code review Co-authored-by: Tana M Berry Signed-off-by: Jens L. --------- Signed-off-by: Jens Langhammer Signed-off-by: Jens L. Co-authored-by: Tana M Berry --- website/docs/core/applications.md | 2 ++ .../stages/authenticator_validate/index.md | 2 +- .../docs/flow/stages/identification/index.md | 30 ++++++++++++++++--- 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/website/docs/core/applications.md b/website/docs/core/applications.md index 9908cdfa9..d27d51097 100644 --- a/website/docs/core/applications.md +++ b/website/docs/core/applications.md @@ -27,6 +27,8 @@ The following aspects can be configured: Starting with authentik 2022.2, you can use placeholders in the launch url to build them dynamically based on logged in user. For example, you can set the Launch URL to `https://goauthentik.io/%(username)s`, which will be replaced with the currently logged in user's username. + Only applications whose launch URL starts with `http://` or `https://` or are relative URLs are shown on the users's **My applications** page. This can also be used to hide applications that shouldn't be visible on the **My applications** page but are still accessible by users, by setting the _Launch URL_ to `hidden://`. + - _Icon (URL)_: Optionally configure an Icon for the application If the authentik server does not have a volume mounted under `/media`, you'll get a text input. This accepts absolute URLs. If you've mounted single files into the container, you can reference them using `https://authentik.company/media/my-file.png`. diff --git a/website/docs/flow/stages/authenticator_validate/index.md b/website/docs/flow/stages/authenticator_validate/index.md index b72afa47a..9a7df4e0e 100644 --- a/website/docs/flow/stages/authenticator_validate/index.md +++ b/website/docs/flow/stages/authenticator_validate/index.md @@ -46,7 +46,7 @@ As first stage, add an _Authentication validation_ stage, with the WebAuthn devi After this stage you can bind any additional verification stages. As final stage, bind a _User login_ stage. -Users can either access this flow directly via it's URL, or you can modify any Identification stage to add a direct link to this flow. +Users can either access this flow directly via its URL, or you can modify any Identification stage's _Passwordless flow_ setting to add a direct link to this flow. ### Logging diff --git a/website/docs/flow/stages/identification/index.md b/website/docs/flow/stages/identification/index.md index f2f6cbb98..8bf0e6f49 100644 --- a/website/docs/flow/stages/identification/index.md +++ b/website/docs/flow/stages/identification/index.md @@ -14,10 +14,6 @@ Select which fields the user can use to identify themselves. Multiple fields can UPN will attempt to identify the user based on the `upn` attribute, which can be imported with an [LDAP Source](/integrations/sources/ldap/index) -:::info -Starting with authentik 2023.5, when no user fields are selected and only one source is selected, authentik will automatically redirect the user to that source. -::: - ## Password stage To prompt users for their password on the same step as identifying themselves, a password stage can be selected here. If a password stage is selected in the Identification stage, the password stage should not be bound to the flow. @@ -33,3 +29,29 @@ Requires authentik 2024.1 ::: When enabled, any user identifier will be accepted as valid (as long as they match the correct format, i.e. when [User fields](#user-fields) is set to only allow Emails, then the identifier still needs to be an Email). The stage will succeed and the flow will continue to the next stage. Stages like the [Password stage](../password/index.md) and [Email stage](../email/index.mdx) are aware of this "pretend" user and will behave the same as if the user would exist. + +## Source settings + +Some sources (like the [OAuth Source](../../../../integrations/sources/oauth/) and [SAML Source](../../../../integrations/sources/saml/)) require user interaction. To make these sources available to users, they can be selected in the Identification stage settings, which will show them below the selected [user field](#user-fields). + +By default, sources are only shown with their icon, which can be changed with the _Show sources' labels_ option. + +Furthermore, it is also possible to deselect any [user field option](#user-fields) for an Identification stage, which will result in users only being able to use currently configured sources. + +:::info +Starting with authentik 2023.5, when no user fields are selected and only one source is selected, authentik will automatically redirect the user to that source. This only applies when the **Passwordless flow** option is *not* configured. +::: + +## Flow settings + +### Passwordless flow + +See [Passwordless authentication](../authenticator_validate/index.md#passwordless-authentication). + +### Enrollment flow + +Optionally can be set to a flow with the designation of _Enrollment_, which will allow users to sign up. + +### Recovery flow + +Optionally can be set to a flow with the designation of _Recovery_, which will allow users to recover their credentials.