website/docs: add tenants

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-05-29 21:52:30 +02:00
parent a4c28a28b4
commit d2e9683411
9 changed files with 49 additions and 25 deletions

View file

@ -1,5 +1,5 @@
--- ---
title: Duo Authentication Setup stage title: Duo authenticator setup stage
--- ---
This stage configures a Duo authenticator. To get the API Credentials for this stage, open your Duo Admin dashboard. This stage configures a Duo authenticator. To get the API Credentials for this stage, open your Duo Admin dashboard.

View file

@ -1,7 +1,7 @@
--- ---
title: Static Authentication Setup stage title: Static authenticator setup stage
--- ---
This stage configures static OTP Tokens, which can be used as a backup method to time-based OTP tokens. This stage configures static Tokens, which can be used as a backup method to time-based OTP tokens.
You can configure how many tokens are shown to the user. You can configure how many tokens are shown to the user.

View file

@ -1,5 +1,5 @@
--- ---
title: TOTP Authentication Setup stage title: TOTP authenticator setup stage
--- ---
This stage configures a time-based OTP Device, such as Google Authenticator or Authy. This stage configures a time-based OTP Device, such as Google Authenticator or Authy.

View file

@ -4,6 +4,7 @@ title: Authenticator Validation Stage
This stage validates an already configured Authenticator Device. This device has to be configured using any of the other authenticator stages: This stage validates an already configured Authenticator Device. This device has to be configured using any of the other authenticator stages:
- [Duo authenticator stage](../authenticator_duo/index.md)
- [TOTP authenticator stage](../authenticator_totp/index.md) - [TOTP authenticator stage](../authenticator_totp/index.md)
- [Static authenticator stage](../authenticator_static/index.md). - [Static authenticator stage](../authenticator_static/index.md).
- [WebAuth authenticator stage](../authenticator_webauthn/index.md). - [WebAuth authenticator stage](../authenticator_webauthn/index.md).

View file

@ -1,5 +1,5 @@
--- ---
title: WebAuthn Authentication Setup stage title: WebAuthn authenticator setup stage
--- ---
This stage configures a WebAuthn-based Authenticator. This can either be a browser, biometrics or a Security stick like a YubiKey. This stage configures a WebAuthn-based Authenticator. This can either be a browser, biometrics or a Security stick like a YubiKey.

View file

@ -42,3 +42,21 @@ A field placeholder, shown within the input field. This field is also used by th
### `order` ### `order`
The numerical index of the prompt. This applies to all stages which this prompt is a part of. The numerical index of the prompt. This applies to all stages which this prompt is a part of.
# Validation
Further validation of prompts can be done using policies.
To validate that two password fields are identical, create the following expression policy:
```python
if request.context.get('prompt_data').get('password') == request.context.get('prompt_data').get('password_repeat'):
return True
ak_message("Passwords don't match.")
return False
```
This policy expects you to have two password fields with `field_key` set to `password` and `password_repeat`.
Afterwards, bind this policy to the prompt stage you want to validate.

View file

@ -1,19 +0,0 @@
---
title: Prompt stage validation
---
Further validation of prompts can be done using policies.
To validate that two password fields are identical, create the following expression policy:
```python
if request.context.get('prompt_data').get('password') == request.context.get('prompt_data').get('password_repeat'):
return True
ak_message("Passwords don't match.")
return False
```
This policy expects you to have two password fields with `field_key` set to `password` and `password_repeat`.
Afterwards, bind this policy to the prompt stage you want to validate.

21
website/docs/tenants.md Normal file
View file

@ -0,0 +1,21 @@
---
title: Tenants
---
authentik support soft multi-tennancy. This means that you can configure several options depending on domain, but all the objects like applications, providers, etc, are still global. This can be handy to use the same authentik instance, but branded differently for different domains.
The main settings that tenants influence are flows and branding.
## Flows
authentik picks a default flow by picking the flow that is selected in the current tenant, otherwise any flow that
- matches the required designation
- comes first sorted by slug
- is allowed by policies
This means that if you want to select a default flow based on policy, you can just leave the tenant default empty.
## Branding
The tenant can configure the branding title (shown in website document title and several other places), and the sidebar/header logo.

View file

@ -96,7 +96,6 @@ module.exports = {
"flow/stages/invitation/index", "flow/stages/invitation/index",
"flow/stages/password/index", "flow/stages/password/index",
"flow/stages/prompt/index", "flow/stages/prompt/index",
"flow/stages/prompt/validation",
"flow/stages/user_delete", "flow/stages/user_delete",
"flow/stages/user_login", "flow/stages/user_login",
"flow/stages/user_logout", "flow/stages/user_logout",
@ -133,6 +132,10 @@ module.exports = {
"events/transports" "events/transports"
], ],
}, },
{
type: "doc",
id: "tenants",
},
{ {
type: "category", type: "category",
label: "Maintenance", label: "Maintenance",