From d2e9683411fccecc28d03e21e25c270c21431131 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 29 May 2021 21:52:30 +0200 Subject: [PATCH] website/docs: add tenants Signed-off-by: Jens Langhammer --- .../flow/stages/authenticator_duo/index.md | 2 +- .../flow/stages/authenticator_static/index.md | 4 ++-- .../flow/stages/authenticator_totp/index.md | 2 +- .../stages/authenticator_validate/index.md | 1 + .../stages/authenticator_webauthn/index.md | 2 +- website/docs/flow/stages/prompt/index.md | 18 ++++++++++++++++ website/docs/flow/stages/prompt/validation.md | 19 ----------------- website/docs/tenants.md | 21 +++++++++++++++++++ website/sidebars.js | 5 ++++- 9 files changed, 49 insertions(+), 25 deletions(-) delete mode 100644 website/docs/flow/stages/prompt/validation.md create mode 100644 website/docs/tenants.md diff --git a/website/docs/flow/stages/authenticator_duo/index.md b/website/docs/flow/stages/authenticator_duo/index.md index cbdefed70..457df3ad1 100644 --- a/website/docs/flow/stages/authenticator_duo/index.md +++ b/website/docs/flow/stages/authenticator_duo/index.md @@ -1,5 +1,5 @@ --- -title: Duo Authentication Setup stage +title: Duo authenticator setup stage --- This stage configures a Duo authenticator. To get the API Credentials for this stage, open your Duo Admin dashboard. diff --git a/website/docs/flow/stages/authenticator_static/index.md b/website/docs/flow/stages/authenticator_static/index.md index 03d8fd8ef..d0d39e692 100644 --- a/website/docs/flow/stages/authenticator_static/index.md +++ b/website/docs/flow/stages/authenticator_static/index.md @@ -1,7 +1,7 @@ --- -title: Static Authentication Setup stage +title: Static authenticator setup stage --- -This stage configures static OTP Tokens, which can be used as a backup method to time-based OTP tokens. +This stage configures static Tokens, which can be used as a backup method to time-based OTP tokens. You can configure how many tokens are shown to the user. diff --git a/website/docs/flow/stages/authenticator_totp/index.md b/website/docs/flow/stages/authenticator_totp/index.md index 03410e013..37445b09d 100644 --- a/website/docs/flow/stages/authenticator_totp/index.md +++ b/website/docs/flow/stages/authenticator_totp/index.md @@ -1,5 +1,5 @@ --- -title: TOTP Authentication Setup stage +title: TOTP authenticator setup stage --- This stage configures a time-based OTP Device, such as Google Authenticator or Authy. diff --git a/website/docs/flow/stages/authenticator_validate/index.md b/website/docs/flow/stages/authenticator_validate/index.md index 05b714b9c..d0313b9bd 100644 --- a/website/docs/flow/stages/authenticator_validate/index.md +++ b/website/docs/flow/stages/authenticator_validate/index.md @@ -4,6 +4,7 @@ title: Authenticator Validation Stage This stage validates an already configured Authenticator Device. This device has to be configured using any of the other authenticator stages: +- [Duo authenticator stage](../authenticator_duo/index.md) - [TOTP authenticator stage](../authenticator_totp/index.md) - [Static authenticator stage](../authenticator_static/index.md). - [WebAuth authenticator stage](../authenticator_webauthn/index.md). diff --git a/website/docs/flow/stages/authenticator_webauthn/index.md b/website/docs/flow/stages/authenticator_webauthn/index.md index 15369cfbe..a08bd3a1f 100644 --- a/website/docs/flow/stages/authenticator_webauthn/index.md +++ b/website/docs/flow/stages/authenticator_webauthn/index.md @@ -1,5 +1,5 @@ --- -title: WebAuthn Authentication Setup stage +title: WebAuthn authenticator setup stage --- This stage configures a WebAuthn-based Authenticator. This can either be a browser, biometrics or a Security stick like a YubiKey. diff --git a/website/docs/flow/stages/prompt/index.md b/website/docs/flow/stages/prompt/index.md index e5eb72879..09775196b 100644 --- a/website/docs/flow/stages/prompt/index.md +++ b/website/docs/flow/stages/prompt/index.md @@ -42,3 +42,21 @@ A field placeholder, shown within the input field. This field is also used by th ### `order` The numerical index of the prompt. This applies to all stages which this prompt is a part of. + +# Validation + +Further validation of prompts can be done using policies. + +To validate that two password fields are identical, create the following expression policy: + +```python +if request.context.get('prompt_data').get('password') == request.context.get('prompt_data').get('password_repeat'): + return True + +ak_message("Passwords don't match.") +return False +``` + +This policy expects you to have two password fields with `field_key` set to `password` and `password_repeat`. + +Afterwards, bind this policy to the prompt stage you want to validate. diff --git a/website/docs/flow/stages/prompt/validation.md b/website/docs/flow/stages/prompt/validation.md deleted file mode 100644 index c4476732c..000000000 --- a/website/docs/flow/stages/prompt/validation.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Prompt stage validation ---- - -Further validation of prompts can be done using policies. - -To validate that two password fields are identical, create the following expression policy: - -```python -if request.context.get('prompt_data').get('password') == request.context.get('prompt_data').get('password_repeat'): - return True - -ak_message("Passwords don't match.") -return False -``` - -This policy expects you to have two password fields with `field_key` set to `password` and `password_repeat`. - -Afterwards, bind this policy to the prompt stage you want to validate. diff --git a/website/docs/tenants.md b/website/docs/tenants.md new file mode 100644 index 000000000..fe36e8373 --- /dev/null +++ b/website/docs/tenants.md @@ -0,0 +1,21 @@ +--- +title: Tenants +--- + +authentik support soft multi-tennancy. This means that you can configure several options depending on domain, but all the objects like applications, providers, etc, are still global. This can be handy to use the same authentik instance, but branded differently for different domains. + +The main settings that tenants influence are flows and branding. + +## Flows + +authentik picks a default flow by picking the flow that is selected in the current tenant, otherwise any flow that + + - matches the required designation + - comes first sorted by slug + - is allowed by policies + +This means that if you want to select a default flow based on policy, you can just leave the tenant default empty. + +## Branding + +The tenant can configure the branding title (shown in website document title and several other places), and the sidebar/header logo. diff --git a/website/sidebars.js b/website/sidebars.js index de458d234..c6bbf8264 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -96,7 +96,6 @@ module.exports = { "flow/stages/invitation/index", "flow/stages/password/index", "flow/stages/prompt/index", - "flow/stages/prompt/validation", "flow/stages/user_delete", "flow/stages/user_login", "flow/stages/user_logout", @@ -133,6 +132,10 @@ module.exports = { "events/transports" ], }, + { + type: "doc", + id: "tenants", + }, { type: "category", label: "Maintenance",