website/docs: add docs for different flow executors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
de17207c68
commit
a9f095d1d9
11
website/docs/flow/executors/headless.md
Normal file
11
website/docs/flow/executors/headless.md
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
title: Headless
|
||||
---
|
||||
|
||||
The headless flow executor is used by clients which don't have access to the web interface. It is currently used by the LDAP outpost to authenticate users.
|
||||
|
||||
The following stages are supported:
|
||||
|
||||
- [**identification**](../stages/identification/)
|
||||
- [**password**](../stages/password/)
|
||||
- [**authenticator_validate**](../stages/authenticator_validate/) (currently only DUO devices are supported)
|
5
website/docs/flow/executors/if-flow.md
Normal file
5
website/docs/flow/executors/if-flow.md
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Default (Web)
|
||||
---
|
||||
|
||||
This is the default, web-based environment flows are executed in. All stages are compatible with this environment and no limitations are imposed.
|
14
website/docs/flow/executors/user-settings.md
Normal file
14
website/docs/flow/executors/user-settings.md
Normal file
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
title: User settings
|
||||
---
|
||||
|
||||
:::info
|
||||
Requires authentik 2022.3.1
|
||||
:::
|
||||
|
||||
The user interface (`/if/user/`) embeds a downsized flow executor to allow the user to configure their profile using custom stages and prompts.
|
||||
|
||||
This executor only supports [**prompt**](../stages/prompt/) stages. If the configured flow contains another stage, a button will be shown to open the default executor.
|
||||
Because the stages in a flow can change during it execution, this executor will redirect the user to the default interface *if* a non-supported stage is returned.
|
||||
|
||||
To configure which flow is used for this, configure it in the tenant settings.
|
|
@ -18,6 +18,8 @@ To determine which flow is linked, authentik searches all flows with the require
|
|||
|
||||
Flows can have policies assigned to them. These policies determine if the current user is allowed to see and use this flow.
|
||||
|
||||
Keep in mind that in certain circumstances, policies cannot match against users and groups as there is no authenticated user yet.
|
||||
|
||||
## Designation
|
||||
|
||||
Flows are designated for a single purpose. This designation changes when a flow is used. The following designations are available:
|
||||
|
@ -47,6 +49,6 @@ This designates a flow for unenrollment. This flow can contain any amount of ver
|
|||
This designates a flow for recovery. This flow normally contains an [**identification**](stages/identification/) stage to find the user. It can also contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/).
|
||||
Afterwards, use the [**prompt**](stages/prompt/) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password.
|
||||
|
||||
### Setup
|
||||
### Stage configuration
|
||||
|
||||
This designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure Factors, like change a password and setup TOTP.
|
||||
|
|
|
@ -75,7 +75,20 @@ module.exports = {
|
|||
{
|
||||
type: "category",
|
||||
label: "Flows",
|
||||
items: ["flow/index", "flow/inspector", "flow/examples"],
|
||||
items: [
|
||||
"flow/index",
|
||||
"flow/inspector",
|
||||
"flow/examples",
|
||||
{
|
||||
type: "category",
|
||||
label: "Executors",
|
||||
items: [
|
||||
"flow/executors/if-flow",
|
||||
"flow/executors/user-settings",
|
||||
"flow/executors/headless",
|
||||
],
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
type: "category",
|
||||
|
|
Reference in a new issue