website/integrations: update opnsense integration guidance (#2808)
* website/docs: update opnsense integration guidance * website/docs: remove `-user` opnsense integration
This commit is contained in:
parent
110bc762a1
commit
f00657f217
|
@ -11,7 +11,7 @@ OPNsense is a free and Open-Source FreeBSD-based firewall and routing software.
|
||||||
:::
|
:::
|
||||||
|
|
||||||
:::note
|
:::note
|
||||||
This is based on authentik 2021.10.3 and OPNsense 21.7.4-amd64 installed using https://docs.opnsense.org/manual/install.html. Instructions may differ between versions.
|
This is based on authentik 2022.4.1 and OPNsense 22.1.6-amd64 installed using https://docs.opnsense.org/manual/install.html. Instructions may differ between versions.
|
||||||
:::
|
:::
|
||||||
|
|
||||||
## Preparation
|
## Preparation
|
||||||
|
@ -19,14 +19,13 @@ This is based on authentik 2021.10.3 and OPNsense 21.7.4-amd64 installed using h
|
||||||
The following placeholders will be used:
|
The following placeholders will be used:
|
||||||
|
|
||||||
- `authentik.company` is the FQDN of authentik.
|
- `authentik.company` is the FQDN of authentik.
|
||||||
- `opnsense-user` is the name of the authentik Service account we'll create.
|
- `opnsense` is the name of the authentik Service account we'll create.
|
||||||
- `DC=ldap,DC=goauthentik,DC=io` is the Base DN of the LDAP Provider (default)
|
- `DC=ldap,DC=goauthentik,DC=io` is the Base DN of the LDAP Provider (default)
|
||||||
|
|
||||||
### Step 1
|
### Step 1
|
||||||
|
|
||||||
In authentik, create a service account (under _Identity & Cryptography/Users_) for OPNsense to use as the LDAP Binder.
|
In authentik, go and 'Create Service account' (under _Directory/Users_) for OPNsense to use as the LDAP Binder, leaving 'Create group' ticked as we'll need that group for the provider.
|
||||||
|
In this example, we'll use `opnsense` as the Service account's username
|
||||||
In this example, we'll use `opnsense-user` as the Service account's username
|
|
||||||
|
|
||||||
:::note
|
:::note
|
||||||
Take note of the password for this user as you'll need to give it to OPNsense in _Step 4_.
|
Take note of the password for this user as you'll need to give it to OPNsense in _Step 4_.
|
||||||
|
@ -34,7 +33,7 @@ Take note of the password for this user as you'll need to give it to OPNsense in
|
||||||
|
|
||||||
### Step 2
|
### Step 2
|
||||||
|
|
||||||
In authentik, create an _LDAP Provider_ (under _Resources/Providers_) with these settings:
|
In authentik, create an _LDAP Provider_ (under _Applications/Providers_) with these settings:
|
||||||
|
|
||||||
:::note
|
:::note
|
||||||
Only settings that have been modified from default have been listed.
|
Only settings that have been modified from default have been listed.
|
||||||
|
@ -42,11 +41,12 @@ Only settings that have been modified from default have been listed.
|
||||||
|
|
||||||
**Protocol Settings**
|
**Protocol Settings**
|
||||||
- Name: LDAP
|
- Name: LDAP
|
||||||
|
- Search group: opnsense
|
||||||
- Certificate: authentik Self-signed certificate
|
- Certificate: authentik Self-signed certificate
|
||||||
|
|
||||||
### Step 3
|
### Step 3
|
||||||
|
|
||||||
In authentik, create an application (under _Resources/Applications_) which uses this provider. Optionally apply access restrictions to the application using policy bindings.
|
In authentik, create an application (under _Applications/Applications_) which uses this provider. Optionally apply access restrictions to the application using policy bindings.
|
||||||
|
|
||||||
:::note
|
:::note
|
||||||
Only settings that have been modified from default have been listed.
|
Only settings that have been modified from default have been listed.
|
||||||
|
@ -58,7 +58,7 @@ Only settings that have been modified from default have been listed.
|
||||||
|
|
||||||
### Step 4
|
### Step 4
|
||||||
|
|
||||||
In authentik, create an outpost (under _Outposts/Outposts_) of type `LDAP` that uses the LDAP Application you created in _Step 2_.
|
In authentik, create an outpost (under _Applications/Outposts_) of type `LDAP` that uses the LDAP Application you created in _Step 2_.
|
||||||
|
|
||||||
:::note
|
:::note
|
||||||
Only settings that have been modified from default have been listed.
|
Only settings that have been modified from default have been listed.
|
||||||
|
|
Reference in a new issue