diff --git a/web/src/pages/applications/ApplicationForm.ts b/web/src/pages/applications/ApplicationForm.ts index 202b60509..f686cd6d1 100644 --- a/web/src/pages/applications/ApplicationForm.ts +++ b/web/src/pages/applications/ApplicationForm.ts @@ -269,11 +269,6 @@ export class ApplicationForm extends ModelForm { `; }), )} - - - + + + `; diff --git a/website/docs/applications.md b/website/docs/applications.md new file mode 100644 index 000000000..7ec5ed07f --- /dev/null +++ b/website/docs/applications.md @@ -0,0 +1,40 @@ +--- +title: Applications +--- + +Applications in authentik are the counterpart of providers. They exist in a 1-to-1 relationship, each application needs a provider and every provider can be used with one application. + +Applications are used to configure and separate the authorization / access control and the appearance in the Library page. + +## Authorization + +Application access can be configured using (Policy) Bindings. You can use this to grant access to one or multiple users/groups, or dynamically give access using policies. + +By default, all users can access applications when no policies are bound. + +When multiple policies/groups/users are attached, you can configure the *Policy engine mode* to either + + - Require users to pass all bindings/be member of all groups (ALL), or + - Require users to pass either binding/be member of either group (ANY) + +## Appearance + +The following aspects can be configured: + + - *Name*: This is the name shown for the application card + - *Launch URL*: The URL that is opened when a user clicks on the application. When left empty, authentik tries to guess it based on the provider + - *Icon (URL)*: Optionally configure an Icon for the application + - *Publisher*: Text shown below the application + - *Description*: Subtext shown on the application card below the publisher + +Applications are shown to users when + + - The user has access defined via policies (or the application has no policies bound) + - A Valid Launch URL is configured/could be guessed, this consists of URLs starting with http:// and https:// + + +#### Hiding applications + +To hide applications without modifying policy settings and without removing it, you can simply set the *Launch URL* to `blank://blank`, which will hide the application from users. + +Keep in mind, the users still have access, so they can still authorize access when the login process is started from the application. diff --git a/website/sidebars.js b/website/sidebars.js index ebb388b05..516ab0bf6 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -8,11 +8,6 @@ module.exports = { type: "doc", id: "terminology", }, - { - type: "category", - label: "Users & Groups", - items: ["user-group/user", "user-group/group"], - }, { type: "category", label: "Installation", @@ -27,6 +22,10 @@ module.exports = { "installation/air-gapped", ], }, + { + type: "doc", + id: "applications", + }, { type: "category", label: "Providers", @@ -108,6 +107,11 @@ module.exports = { "events/transports", ], }, + { + type: "category", + label: "Users & Groups", + items: ["user-group/user", "user-group/group"], + }, { type: "doc", id: "tenants",