From 3651fb5daf433adda414c109a54b3ad3ce78088d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 27 Jan 2023 15:10:46 +0100 Subject: [PATCH] website/integrations: add notice for google source and username closes #3709 closes #4432 Signed-off-by: Jens Langhammer --- website/integrations/sources/google/index.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/website/integrations/sources/google/index.md b/website/integrations/sources/google/index.md index d9548ae79..d349138ed 100644 --- a/website/integrations/sources/google/index.md +++ b/website/integrations/sources/google/index.md @@ -81,3 +81,22 @@ Save, and you now have Google as a source. :::note For more details on how-to have the new source display on the Login Page see [here](../general#add-sources-to-default-login-page). ::: + +## Username mapping + +Since google does not have the concept of a username, authentik will by default prompt the user for a username when they first enroll through a google source. To change this behaviour and automatically use the email address as username, create an expression policy to set the username to the email, and bind it to the enrollment flow. + +Create an expression policy with this expression: + +```python +email = request.context["prompt_data"]["email"] +# Direct set username to email +request.context["prompt_data"]["username"] = email +# Set username to email without domain +# request.context["prompt_data"]["username"] = email.split("@")[0] +return True +``` + +Afterwards, edit the source's enrollment flow (by default _default-source-enrollment_), expand the policies bound to the first stage (_default-source-enrollment-prompt_), and bind the policy created above. Afterwards, any new logins will automatically have their google email address used as their username. + +This can be combined with disallowing users from changing their usernames, see [Configuration](../../../docs/installation/configuration#authentik_default_user_change_username).