website/docs: add azure ad docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-01 15:56:24 +01:00 · 2021-11-01 15:56:24 +01:00 · b86251255d
parent ccab41a6ca
commit b86251255d
15 changed files with 65 additions and 15 deletions
--- a/website/docs/flow/flows.md
+++ b/website/docs/flow/flows.md
@ -1,5 +1,5 @@
 ---
-title: Flows
+title: Overview
 ---

 Flows are a method of describing a sequence of stages. A stage represents a single verification or logic step. They are used to authenticate users, enroll them, and more.
--- a/website/docs/integrations/sources/active-directory/index.md
+++ b/website/docs/integrations/sources/active-directory/index.md
@ -9,7 +9,7 @@ The following placeholders will be used:
 - `ad.company` is the Name of the Active Directory domain.
 - `authentik.company` is the FQDN of the authentik install.

-## Active Directory Setup
+## Active Directory setup

 1. Open Active Directory Users and Computers

@ -34,7 +34,8 @@ The following placeholders will be used:
 Additional infos: https://support.microfocus.com/kb/doc.php?id=7023371

 ## authentik Setup
-In authentik, create a new LDAP Source in Administration -> Sources.
+
+In authentik, create a new LDAP Source in Resources -> Sources.

 Use these settings:

--- a/website/docs/integrations/sources/apple/index.md
+++ b/website/docs/integrations/sources/apple/index.md
@ -63,5 +63,5 @@ The following placeholders will be used:
 Save, and you now have Apple as a source.

 :::note
-For more details on how-to have the new source display on the Login Page see the Sources page.
+For more details on how-to have the new source display on the Login Page see [here](../index).
 :::
--- a/website/docs/integrations/sources/azure-ad/aad_01.png
+++ b/website/docs/integrations/sources/azure-ad/aad_01.png
--- a/website/docs/integrations/sources/azure-ad/authentik_01.png
+++ b/website/docs/integrations/sources/azure-ad/authentik_01.png
--- a/website/docs/integrations/sources/azure-ad/index.md
+++ b/website/docs/integrations/sources/azure-ad/index.md
@ -0,0 +1,48 @@
+---
+title: Azure AD
+---
+
+## Preparation
+
+The following placeholders will be used:
+
+- `authentik.company` is the FQDN of the authentik install.
+
+## Azure setup
+
+1. Navigate to [portal.azure.com](https://portal.azure.com), and open the *App registration* service
+2. Register a new application
+
+    Under *Supported account types*, select whichever account type applies to your use-case.
+
+    ![](./aad_01.png)
+3. Take note of the *Application (client) ID* value.
+
+    If you selected *Single tenant* in the *Supported account types* prompt, also note the *Directory (tenant) ID* value.
+4. Navigate to *Certificates & secrets* in the sidebar, and to the *Client secrets* tab.
+5. Add a new secret, with an identifier of your choice, and select any expiration. Currently the secret in authentik has to be rotated manually or via API, so it is recommended to choose at least 12 months.
+6. Note the secret's value in the *Value* column.
+
+## authentik Setup
+
+In authentik, create a new *Azure AD OAuth Source* in Resources -> Sources.
+
+Use the following settings:
+
+- Name: `Azure AD`
+- Slug: `azure-ad` (this must match the URL being used above)
+- Consumer key: `*Application (client) ID* value from above`
+- Consumer secret: `*Value* of the secret from above`
+
+If you kept the default *Supported account types* selection of *Single tenant*, then you must change the URLs below as well:
+
+- Authorization URL: `https://login.microsoftonline.com/*Directory (tenant) ID* from above/oauth2/v2.0/authorize`
+- Access token URL: `https://login.microsoftonline.com/*Directory (tenant) ID* from above/oauth2/v2.0/token`
+
+![](./authentik_01.png)
+
+Save, and you now have Azure AD as a source.
+
+:::note
+For more details on how-to have the new source display on the Login Page see [here](../index).
+:::
--- a/website/docs/integrations/sources/discord/index.md
+++ b/website/docs/integrations/sources/discord/index.md
@ -50,5 +50,5 @@ Here is an example of a complete authentik Discord OAuth Source
 Save, and you now have Discord as a source.

 :::note
-For more details on how-to have the new source display on the Login Page see the Sources page
+For more details on how-to have the new source display on the Login Page see [here](../index).
 :::
--- a/website/docs/integrations/sources/github/index.md
+++ b/website/docs/integrations/sources/github/index.md
@ -56,5 +56,5 @@ Here is an example of a complete authentik Github OAuth Source
 Save, and you now have Github as a source.

 :::note
-For more details on how-to have the new source display on the Login Page see the Sources page
+For more details on how-to have the new source display on the Login Page see [here](../index).
 :::
--- a/website/docs/integrations/sources/google/index.md
+++ b/website/docs/integrations/sources/google/index.md
@ -79,5 +79,5 @@ Here is an example of a complete authentik Google OAuth Source
 Save, and you now have Google as a source.

 :::note
-For more details on how-to have the new source display on the Login Page see the Sources page
+For more details on how-to have the new source display on the Login Page see [here](../index).
 :::
--- a/website/docs/integrations/sources/index.md
+++ b/website/docs/integrations/sources/index.md
@ -1,5 +1,5 @@
 ---
-title: Sources
+title: Overview
 ---

 Sources allow you to connect authentik to an existing user directory. They can also be used for social logins, using external providers such as Facebook, Twitter, etc.
--- a/website/docs/outposts/outposts.md
+++ b/website/docs/outposts/outposts.md
@ -1,5 +1,5 @@
 ---
-title: Outposts
+title: Overview
 ---

 An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, Proxy Provider and LDAP are supported as outposts.
--- a/website/docs/policies/index.md
+++ b/website/docs/policies/index.md
@ -1,5 +1,5 @@
 ---
-title: Policies
+title: Overview
 ---

 ## Event-matcher policy
--- a/website/docs/property-mappings/index.md
+++ b/website/docs/property-mappings/index.md
@ -1,5 +1,5 @@
 ---
-title: Property Mappings
+title: Overview
 ---

 Property Mappings allow you to pass information to external applications. For example, pass the current user's groups as a SAML parameter. Property Mappings are also used to map Source fields to authentik fields, for example when using LDAP.
--- a/website/docs/providers/proxy/proxy.md
+++ b/website/docs/providers/proxy/proxy.md
@ -1,5 +1,5 @@
 ---
-title: Proxy provider
+title: Overview
 ---

 The proxy outpost sets the following headers:
--- a/website/sidebars.js
+++ b/website/sidebars.js
@ -36,7 +36,7 @@ module.exports = {
                "providers/saml",
                {
                    type: "category",
-                    label: "Proxy",
+                    label: "Proxy Provider",
                    items: [
                        "providers/proxy/proxy",
                        "providers/proxy/forward_auth",
@ -71,8 +71,9 @@ module.exports = {
                    label: "as Source",
                    items: [
                        "integrations/sources/index",
-                        "integrations/sources/apple/index",
                        "integrations/sources/active-directory/index",
+                        "integrations/sources/apple/index",
+                        "integrations/sources/azure-ad/index",
                        "integrations/sources/discord/index",
                        "integrations/sources/freeipa/index",
                        "integrations/sources/github/index",