---
title: Wekan
---

<span class="badge badge--secondary">Support level: Community</span>

## What is Wekan

> Wekan is an open-source kanban board which allows a card-based task and to-do management.
>
> -- https://github.com/wekan/wekan/wiki

## Preparation

The following placeholders will be used:

-   `wekan.company` is the FQDN of the wekan install.
-   `authentik.company` is the FQDN of the authentik install.

Create an application in authentik. Create an OAuth2/OpenID provider with the following parameters:

-   Client Type: `Confidential`
-   Scopes: OpenID, Email and Profile
-   Signing Key: Select any available key
-   Redirect URIs: `https://wekan.company/_oauth/oidc`

Note the Client ID and Client Secret values. Create an application, using the provider you've created above. Note the slug of the application you've created.

## Wekan

import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";

<Tabs
  defaultValue="docker"
  values={[
    {label: 'Docker', value: 'docker'},
    {label: 'Standalone', value: 'standalone'},
  ]}>
  <TabItem value="docker">
If your Wekan is running in docker, add the following environment variables for authentik

```yaml
environment: OAUTH2_ENABLED=true
    OAUTH2_LOGIN_STYLE=redirect
    OAUTH2_CLIENT_ID=<Client ID from above>
    OAUTH2_SERVER_URL=https://authentik.company
    OAUTH2_AUTH_ENDPOINT=/application/o/authorize/
    OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/
    OAUTH2_TOKEN_ENDPOINT=/application/o/token/
    OAUTH2_SECRET=<Client Secret from above>
    OAUTH2_ID_MAP=preferred_username
    OAUTH2_USERNAME_MAP=preferred_username
    OAUTH2_FULLNAME_MAP=given_name
    OAUTH2_EMAIL_MAP=email
```

  </TabItem>
  <TabItem value="standalone">

edit `.env` and add the following:

```ini
     # authentik OAUTH Config
      OAUTH2_ENABLED='true'
      OAUTH2_LOGIN_STYLE='redirect'
      OAUTH2_CLIENT_ID='<Client ID from above>'
      OAUTH2_SERVER_URL='https://authentik.company'
      OAUTH2_AUTH_ENDPOINT='/application/o/authorize/'
      OAUTH2_USERINFO_ENDPOINT='/application/o/userinfo/'
      OAUTH2_TOKEN_ENDPOINT='/application/o/token/'
      OAUTH2_SECRET='<Client Secret from above>'
      OAUTH2_ID_MAP='preferred_username'
      OAUTH2_USERNAME_MAP='preferred_username'
      OAUTH2_FULLNAME_MAP='given_name'
      OAUTH2_EMAIL_MAP='email'
```

  </TabItem>
</Tabs>