website/docs: add docs for different flow executors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-03-09 23:36:09 +01:00
parent de17207c68
commit a9f095d1d9
5 changed files with 47 additions and 2 deletions

View file

@ -0,0 +1,11 @@
---
title: Headless
---
The headless flow executor is used by clients which don't have access to the web interface. It is currently used by the LDAP outpost to authenticate users.
The following stages are supported:
- [**identification**](../stages/identification/)
- [**password**](../stages/password/)
- [**authenticator_validate**](../stages/authenticator_validate/) (currently only DUO devices are supported)

View file

@ -0,0 +1,5 @@
---
title: Default (Web)
---
This is the default, web-based environment flows are executed in. All stages are compatible with this environment and no limitations are imposed.

View file

@ -0,0 +1,14 @@
---
title: User settings
---
:::info
Requires authentik 2022.3.1
:::
The user interface (`/if/user/`) embeds a downsized flow executor to allow the user to configure their profile using custom stages and prompts.
This executor only supports [**prompt**](../stages/prompt/) stages. If the configured flow contains another stage, a button will be shown to open the default executor.
Because the stages in a flow can change during it execution, this executor will redirect the user to the default interface *if* a non-supported stage is returned.
To configure which flow is used for this, configure it in the tenant settings.

View file

@ -18,6 +18,8 @@ To determine which flow is linked, authentik searches all flows with the require
Flows can have policies assigned to them. These policies determine if the current user is allowed to see and use this flow.
Keep in mind that in certain circumstances, policies cannot match against users and groups as there is no authenticated user yet.
## Designation
Flows are designated for a single purpose. This designation changes when a flow is used. The following designations are available:
@ -47,6 +49,6 @@ This designates a flow for unenrollment. This flow can contain any amount of ver
This designates a flow for recovery. This flow normally contains an [**identification**](stages/identification/) stage to find the user. It can also contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/).
Afterwards, use the [**prompt**](stages/prompt/) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password.
### Setup
### Stage configuration
This designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure Factors, like change a password and setup TOTP.

View file

@ -75,7 +75,20 @@ module.exports = {
{
type: "category",
label: "Flows",
items: ["flow/index", "flow/inspector", "flow/examples"],
items: [
"flow/index",
"flow/inspector",
"flow/examples",
{
type: "category",
label: "Executors",
items: [
"flow/executors/if-flow",
"flow/executors/user-settings",
"flow/executors/headless",
],
},
],
},
{
type: "category",