Release 2024.6
Highlights
- PostgreSQL read replicas: Optimize database query routing by using read replicas to balance the load
- New Enterprise providers: Enterprise Preview Google Workspace and Microsoft Entra ID providers allow for user synchronization with authentik
- Improved CAPTCHA stage: Allows configurable dynamic use of CAPTCHAs
Breaking changes
PostgreSQL minimum supported version upgrade
With this release, authentik now requires PostgreSQL version 14 or later. We recommend upgrading to the latest version if you are running an older version.
The provided Helm chart defaults to PostgreSQL 15. If you are using the Helm chart with the default values, no action is required.
The provided Compose file was updated with PostgreSQL 16. You can follow the procedure here to upgrade.
Group names unicity
With this release, authentik now enforces unique group names. Existing groups with name collisions that were created in earlier versions can still exist, but any new groups you create will need a unique name. If changing attributes, permission-level, or parent on an existing group with a name collision, you need to also change its name to be unique. Note that changing members or roles associated with the group does not require a rename.
GeoIP and ASN context object
The context["geoip"]
and context["asn"]
objects available in expression policies are now dictionaries. Attributes must now be accessed via dictionary accessors. See our policy examples for the updated syntax.
New features
-
Google Workspace Provider Enterprise Preview
With the Google Workspace provider, authentik serves as the single source of truth for all users and groups, when using Google products like Gmail.
For details refer to the Google Workspace Provider documentation
-
Microsoft Entra ID Provider Enterprise Preview
With the Microsoft Entra ID provider, authentik serves as the single source of truth for all users and groups. Configuring Entra ID as a provider allows for auto-discovery of user and group accounts, on-going synchronization of user data such as email address, name, and status, and integrated data mapping of field names and values.
For details refer to the Microsoft Entra ID documentation
-
Read-replica DB support
Multiple read-only databases can be configured to route read-only requests to the non-primary database instance so that the main database can be reserved to write requests.
For details refer to the PostgreSQL configuration
-
Improved CAPTCHA stage
Thresholds can now be configured on the CAPTCHA stage to customize its result. Additionally, the stage can be configured to continue the flow if the CAPTCHA score is outside of those thresholds for further decision making via expression policies.
For details refer to the CAPTCHA stage
-
Optimize sync and property mapping execution
The synchronization process from sources has been optimized to avoid unnecessary operations. Additionally, the Python compilation of property mappings is now cached so that it only happens once per sync.
-
Wizards now use a grid layout
The provider and source creation wizards now use a grid layout showing logos and descriptions of available protocols and services.
Fixes
-
Reworked proxy provider redirect
Following-up on a highly requested issue, we've reworked our Proxy provider to avoid invalid user-facing redirects.
Upgrading
With this release, authentik now requires PostgreSQL version 14 or later. We recommend upgrading to the latest version if needed. Follow the instructions here if you need to upgrade PostgreSQL with docker-compose.
Docker Compose
To upgrade, download the new docker-compose.yml
file and update the Docker stack with the new version, using these commands:
wget -O docker-compose.yml https://goauthentik.io/version/2024.6/docker-compose.yml
docker compose up -d
The -O
flag retains the downloaded file's name, overwriting any existing local file with the same name.
Kubernetes
Upgrade the Helm Chart to the new version, using the following commands:
helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.6
Minor changes/fixes
- admin: system api: do not show FIPS status if no valid license (#10091)
- admin: system api: fix FIPS status schema (#10110)
- core: FIPS (#9683)
- core: add include_users flag to single group retrieval (#9721)
- core: add option to select group for property mapping testing (#9834)
- core: fix auth_method and auth_method_args being overwritten by password stage (#9782)
- core: fix condition in task clean_expiring_models (#9603)
- core: fix error when raising SkipObject in mapping (cherry-pick #10153)
- core: fix logic for token expiration (#9426)
- core: fix source flow_manager not always appending save stage (#9659)
- core: fix source_flow_manager saving user-source connection too early (#9559)
- core: fix task clean_expiring_models removing valid sessions with using database storage (#9598)
- core: groups api: always prefetch users (#9974)
- core: groups: optimize recursive children query (#9931)
- core: include version in built JS files (cherry-pick #9558) (#10148)
- core: only prefetch related objects when required (#9476)
- core: rework base for SkipObject exception to better support control flow exceptions (cherry-pick #10186) (#10187)
- crypto: update fingerprint at same time as certificate (#10036)
- enterprise/audit: fix audit logging with m2m relations (#9571)
- enterprise/providers/google: initial account sync to google workspace (#9384)
- enterprise/providers/google_workspace: ensure no group is created when no property mappings are set (#9783)
- enterprise/providers/microsoft_entra: fix error when updating connection attributes (#10039)
- enterprise/providers/microsoft_entra: initial account sync to microsoft entra (#9632)
- enterprise/providers: import user/group data when manually linking objects (#10089)
- enterprise/stages/source: fix error when creating source stage from blueprint (#9810)
- events: ensure all models' str can be called without any further lookups (#9480)
- events: fix geoip enrich context not converting to json-seriazable data (#9885)
- flows: fix execute API endpoint (#9478)
- lib/providers/sync: improve outgoing sync (#9835)
- lib/providers/sync: multiple minor fixes (#9667)
- lib/sync/outgoing, sources/ldap: fix sync status endpoint (#9855)
- lib/sync: fix json error (#9827)
- lifecycle/migrate: only acquire lock once (#9856)
- lifecycle: always try custom redis URL (#9441)
- lifecycle: close database connection after migrating (#9516)
- lifecycle: fix ak test-all command
- policies/reputation: fix existing reputation update (cherry-pick #10124) (#10125)
- policies/reputation: save to database directly (#10059)
- policies: fix ak_call_policy failing when used in testing (#9853)
- providers/oauth2: don't handle api scope as special scope (#9910)
- providers/proxy: rework redirect mechanism (#8594)
- providers/rac: bump guacd to 1.5.5 (#9514)
- providers/saml: fix ecdsa support (#9537)
- providers/scim, sources/ldap: switch to using postgres advisory locks instead of redis locks (#9511)
- providers/scim: fix SCIM ID incorrectly used as primary key (#9557)
- providers/scim: fix time_limit not set correctly (#9546)
- providers/scim: optimize PropertyMapping fetching and execution (#9689)
- providers/sync: improve v3 (#9966)
- providers/sync: update attributes on update (#10012)
- rbac: filters: fix missing attribute for unauthenticated requests (#10061)
- rbac: fix some rough edges and inconsistencies (#9771)
- root: add configuration option to enable fips (#10088)
- root: add primary-replica db router (#9479)
- root: bump blueprint schema version
- root: docker-compose: remove version top level element (#9631)
- root: handle asgi exception (#10085)
- root: include task_id in events and logs (#9749)
- root: use custom model serializer that saves m2m without bulk (cherry-pick #10139) (#10151)
- security: fix CVE-2024-37905, reported by @m2a2 (cherry-pick #10230) (#10237)
- security: fix CVE-2024-38371, reported by Stefan Zwanenburg (cherry-pick #10229) (#10234)
- sources/oauth: ensure all UI sources return a valid source (#9401)
- sources/oauth: fix OAuth Client sending token request incorrectly (#9474)
- sources/oauth: modernizes discord icon (#9817)
- sources/saml: fix FlowPlanner error due to pickle (#9708)
- sources/scim: fix duplicate groups and invalid schema (#9466)
- sources/scim: fix service account user path (#9463)
- stages/authenticator_validate: fix priority of auth_method being set to auth_webauthn_pwl (#9909)
- stages/authenticator_webauthn: migrate device type import to systemtask and schedule (#9958)
- stages/authenticator_webauthn: optimize device types creation (#9932)
- stages/captcha: rework (#9959)
- stages/email: fix sanitization of email addresses (#9999)
- stages/identification: don't check source component (#9410)
- stages/user_login: fix non-json-serializable being used (#9886)
- tenants: fix scheduled tasks not running on default tenant (#9583)
- web/admin: add link to enterprise docs on license page (#9811)
- web/admin: fix disabled button color with dark theme (#9465)
- web/admin: fix document title for admin interface (#9362)
- web/admin: fix entra provider mapping form (#9767)
- web/admin: fix scim provider user list (#10028)
- web/admin: only show non-backchannel providers in application provider select (#9658)
- web/admin: rework initial wizard pages and add grid layout (#9668)
- web/admin: show user internal service account as disabled (#9464)
- web/admin: use chips to display permissions/scopes (#9912)
- web/common: fix locale detection for user-set locale (#9436)
- web/flows: fix error when enrolling multiple WebAuthn devices consecutively (#9545)
- web/flows: fix error when using consecutive webauthn validator stages (#9629)
- web/flows: fix missing fallback for flow logo (#9487)
- web: Add enterprise / FIPS notification to the AdminOverviewPage (#10090)
- web: Add missing integrity hashes to package-lock.json (#9527)
- web: Add resolved and integrity fields back to package-lock.json (#9419)
- web: clean up some repetitive types (#9241)
- web: clean up the options rendering in PromptForm (#9564)
- web: fix docker build for non-release versions (cherry-pick #10154) (#10155)
- web: fix needed because recent upgrade to task breaks spinner button (cherry-pick #10142) (#10150)
- web: fix value handling inside controlled components (#9648)
- web: markdown: display markdown even when frontmatter is missing (#9404)
Fixed in 2024.6.1
- core: fix migrations missing using db_alias (cherry-pick #10409) (#10410)
- core: fix source flow_manager not resuming flow when linking (cherry-pick #10436) (#10438)
- core: remove transitionary old JS urls (cherry-pick #10317) (#10321)
- core: revert backchannel only filtering (cherry-pick #10455) (#10457)
- providers/saml: fix metadata import error handling (cherry-pick #10349) (#10350)
- providers/scim: Fix exception handling for missing ServiceProviderConfig (cherry-pick #10322) (#10335)
- sources/oauth: fix link not being saved (cherry-pick #10374) (#10376)
- sources/saml: fix pickle error, add saml auth tests (cherry-pick #10348) (#10352)
- stages/authenticator_validate: fix friendly_name being required (cherry-pick #10382) (#10385)
- stages/user_login: fix ?next parameter not carried through broken session binding (cherry-pick #10301) (#10302)
- web: set noopener and noreferrer on all external links (#10304)
- web/admin: fix access token list calling wrong API (cherry-pick #10434) (#10435)
- web/flows: remove background image link (cherry-pick #10318) (#10320)
- web/flows: Simplified flow executor (#10296)
Fixed in 2024.6.2
- core: improve error handling on ASGI level (cherry-pick #10547) (#10552)
- core: remove html language tag for pages that are translated (cherry-pick #10611) (#10613)
- events: associate login_failed events to a user if possible (cherry-pick #10270) (#10676)
- events: fix race condition (cherry-pick #10602) (#10609)
- lib/sync: handle SkipObject in direct triggered tasks (cherry-pick #10590) (#10591)
- lifecycle: only create tenant media root if needed (cherry-pick #10616) (#10617)
- outposts: ensure minimum refresh interval (cherry-pick #10701) (#10702)
- outposts: make refresh interval configurable (cherry-pick #10138) (#10700)
- stages/prompt: fix prompt not editable with invalid expression (cherry-pick #10603) (#10604)
- web: fix dark theme and theme switch (#10667)
- web/admin: fix missing SAML Provider ECDSA options (cherry-pick #10612) (#10618)
- web/admin: show matching user reputation scores in user details (cherry-pick #10276) (#10699)
- web/flows: remove continue button from AutoSubmit stage (cherry-pick #10253) (#10677)
Fixed in 2024.6.3
- enterprise/rac: fix error when listing connection tokens as non-superuser (cherry-pick #10771) (#10773)
- root: remove warnings (#10774)
- sources/scim: fix duplicate service account users and changing token (cherry-pick #10735) (#10737)
- web: fix theme not applying to document correctly (cherry-pick #10721) (#10722)
- web: replace all occurrences of the theme placeholder (cherry-pick #10749) (#10750)
Fixed in 2024.6.4
- security: fix CVE-2024-42490, reported by @m2a2 (cherry-pick #11022) #11025
Fixed in 2024.6.5
- security: fix CVE-2024-47070, reported by @efpi-bot from LogicalTrust (cherry-pick #11536) (#11540)
- security: fix CVE-2024-47077, reported by @quentinmit (cherry-pick #11535) (#11538)
API Changes
What's New
GET
/propertymappings/provider/google_workspace/
POST
/propertymappings/provider/google_workspace/
GET
/propertymappings/provider/google_workspace/{#123;pm_uuid}#125;/
PUT
/propertymappings/provider/google_workspace/{#123;pm_uuid}#125;/
DELETE
/propertymappings/provider/google_workspace/{#123;pm_uuid}#125;/
PATCH
/propertymappings/provider/google_workspace/{#123;pm_uuid}#125;/
GET
/propertymappings/provider/google_workspace/{#123;pm_uuid}#125;/used_by/
GET
/propertymappings/provider/microsoft_entra/
POST
/propertymappings/provider/microsoft_entra/
GET
/propertymappings/provider/microsoft_entra/{#123;pm_uuid}#125;/
PUT
/propertymappings/provider/microsoft_entra/{#123;pm_uuid}#125;/
DELETE
/propertymappings/provider/microsoft_entra/{#123;pm_uuid}#125;/
PATCH
/propertymappings/provider/microsoft_entra/{#123;pm_uuid}#125;/
GET
/propertymappings/provider/microsoft_entra/{#123;pm_uuid}#125;/used_by/
GET
/providers/google_workspace/
POST
/providers/google_workspace/
GET
/providers/google_workspace/{#123;id}#125;/
PUT
/providers/google_workspace/{#123;id}#125;/
DELETE
/providers/google_workspace/{#123;id}#125;/
PATCH
/providers/google_workspace/{#123;id}#125;/
GET
/providers/google_workspace/{#123;id}#125;/sync/status/
GET
/providers/google_workspace/{#123;id}#125;/used_by/
GET
/providers/google_workspace_groups/
POST
/providers/google_workspace_groups/
GET
/providers/google_workspace_groups/{#123;id}#125;/
DELETE
/providers/google_workspace_groups/{#123;id}#125;/
GET
/providers/google_workspace_groups/{#123;id}#125;/used_by/
GET
/providers/google_workspace_users/
POST
/providers/google_workspace_users/
GET
/providers/google_workspace_users/{#123;id}#125;/
DELETE
/providers/google_workspace_users/{#123;id}#125;/
GET
/providers/google_workspace_users/{#123;id}#125;/used_by/
GET
/providers/microsoft_entra/
POST
/providers/microsoft_entra/
GET
/providers/microsoft_entra/{#123;id}#125;/
PUT
/providers/microsoft_entra/{#123;id}#125;/
DELETE
/providers/microsoft_entra/{#123;id}#125;/
PATCH
/providers/microsoft_entra/{#123;id}#125;/
GET
/providers/microsoft_entra/{#123;id}#125;/sync/status/
GET
/providers/microsoft_entra/{#123;id}#125;/used_by/
GET
/providers/microsoft_entra_groups/
POST
/providers/microsoft_entra_groups/
GET
/providers/microsoft_entra_groups/{#123;id}#125;/
DELETE
/providers/microsoft_entra_groups/{#123;id}#125;/
GET
/providers/microsoft_entra_groups/{#123;id}#125;/used_by/
GET
/providers/microsoft_entra_users/
POST
/providers/microsoft_entra_users/
GET
/providers/microsoft_entra_users/{#123;id}#125;/
DELETE
/providers/microsoft_entra_users/{#123;id}#125;/
GET
/providers/microsoft_entra_users/{#123;id}#125;/used_by/
GET
/providers/scim/{#123;id}#125;/sync/status/
GET
/providers/scim_groups/
POST
/providers/scim_groups/
GET
/providers/scim_groups/{#123;id}#125;/
DELETE
/providers/scim_groups/{#123;id}#125;/
GET
/providers/scim_groups/{#123;id}#125;/used_by/
GET
/providers/scim_users/
POST
/providers/scim_users/
GET
/providers/scim_users/{#123;id}#125;/
DELETE
/providers/scim_users/{#123;id}#125;/
GET
/providers/scim_users/{#123;id}#125;/used_by/
GET
/sources/ldap/{#123;slug}#125;/sync/status/
What's Deleted
GET
/providers/scim/{#123;id}#125;/sync_status/
GET
/sources/ldap/{#123;slug}#125;/sync_status/
What's Changed
GET
/admin/system/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
runtime
(object)Get versions
New required properties:
authentik_version
openssl_fips_mode
openssl_version
New optional properties:
-
gunicorn_version
-
Added property
openssl_version
(string) -
Added property
openssl_fips_mode
(boolean) -
Added property
authentik_version
(string) -
Deleted property
gunicorn_version
(string)
-
POST
/admin/system/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
runtime
(object)Get versions
New required properties:
authentik_version
openssl_fips_mode
openssl_version
New optional properties:
-
gunicorn_version
-
Added property
openssl_version
(string) -
Added property
openssl_fips_mode
(boolean) -
Added property
authentik_version
(string) -
Deleted property
gunicorn_version
(string)
-
GET
/events/events/actions/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Types of an object that can be created
- Added property
icon_url
(string)
- Added property
GET
/outposts/instances/{#123;uuid}#125;/health/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Outpost health status
New required properties:
-
fips_enabled
-
golang_version
-
openssl_enabled
-
openssl_version
-
Added property
golang_version
(string) -
Added property
openssl_enabled
(boolean) -
Added property
openssl_version
(string) -
Added property
fips_enabled
(boolean)Get FIPS enabled
-
GET
/outposts/service_connections/all/types/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Types of an object that can be created
- Added property
icon_url
(string)
- Added property
GET
/policies/all/types/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Types of an object that can be created
- Added property
icon_url
(string)
- Added property
GET
/policies/event_matcher/{#123;policy_uuid}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.enterprise.providers.google_workspace
authentik.enterprise.providers.microsoft_entra
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_providers_google_workspace.googleworkspaceprovider
authentik_providers_google_workspace.googleworkspaceprovidermapping
authentik_providers_microsoft_entra.microsoftentraprovider
authentik_providers_microsoft_entra.microsoftentraprovidermapping
-
PUT
/policies/event_matcher/{#123;policy_uuid}#125;/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.enterprise.providers.google_workspace
authentik.enterprise.providers.microsoft_entra
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_providers_google_workspace.googleworkspaceprovider
authentik_providers_google_workspace.googleworkspaceprovidermapping
authentik_providers_microsoft_entra.microsoftentraprovider
authentik_providers_microsoft_entra.microsoftentraprovidermapping
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.enterprise.providers.google_workspace
authentik.enterprise.providers.microsoft_entra
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_providers_google_workspace.googleworkspaceprovider
authentik_providers_google_workspace.googleworkspaceprovidermapping
authentik_providers_microsoft_entra.microsoftentraprovider
authentik_providers_microsoft_entra.microsoftentraprovidermapping
-
PATCH
/policies/event_matcher/{#123;policy_uuid}#125;/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.enterprise.providers.google_workspace
authentik.enterprise.providers.microsoft_entra
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_providers_google_workspace.googleworkspaceprovider
authentik_providers_google_workspace.googleworkspaceprovidermapping
authentik_providers_microsoft_entra.microsoftentraprovider
authentik_providers_microsoft_entra.microsoftentraprovidermapping
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.enterprise.providers.google_workspace
authentik.enterprise.providers.microsoft_entra
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_providers_google_workspace.googleworkspaceprovider
authentik_providers_google_workspace.googleworkspaceprovidermapping
authentik_providers_microsoft_entra.microsoftentraprovider
authentik_providers_microsoft_entra.microsoftentraprovidermapping
-
POST
/propertymappings/all/{#123;pm_uuid}#125;/test/
Request:
Changed content type : application/json
New optional properties:
user
- Added property
group
(string)
GET
/propertymappings/all/types/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Types of an object that can be created
- Added property
icon_url
(string)
- Added property
GET
/providers/all/types/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Types of an object that can be created
- Added property
icon_url
(string)
- Added property
GET
/sources/all/types/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Types of an object that can be created
- Added property
icon_url
(string)
- Added property
GET
/stages/all/types/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Types of an object that can be created
- Added property
icon_url
(string)
- Added property
GET
/stages/email/templates/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Changed items (object): > Types of an object that can be created
- Added property
icon_url
(string)
- Added property
GET
/core/groups/{#123;group_uuid}#125;/
Parameters:
Added: include_users
in query
POST
/policies/event_matcher/
Request:
Changed content type : application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.enterprise.providers.google_workspace
authentik.enterprise.providers.microsoft_entra
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_providers_google_workspace.googleworkspaceprovider
authentik_providers_google_workspace.googleworkspaceprovidermapping
authentik_providers_microsoft_entra.microsoftentraprovider
authentik_providers_microsoft_entra.microsoftentraprovidermapping
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.enterprise.providers.google_workspace
authentik.enterprise.providers.microsoft_entra
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_providers_google_workspace.googleworkspaceprovider
authentik_providers_google_workspace.googleworkspaceprovidermapping
authentik_providers_microsoft_entra.microsoftentraprovider
authentik_providers_microsoft_entra.microsoftentraprovidermapping
-
GET
/policies/event_matcher/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Event Matcher Policy Serializer
-
Changed property
app
(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
authentik.enterprise.providers.google_workspace
authentik.enterprise.providers.microsoft_entra
-
Changed property
model
(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_providers_google_workspace.googleworkspaceprovider
authentik_providers_google_workspace.googleworkspaceprovidermapping
authentik_providers_microsoft_entra.microsoftentraprovider
authentik_providers_microsoft_entra.microsoftentraprovidermapping
-
-
GET
/providers/all/
Parameters:
Added: backchannel
in query
When not set all providers are returned. When set to true, only backchannel providers are returned. When set to false, backchannel providers are excluded
Deleted: backchannel_only
in query
POST
/rbac/permissions/assigned_by_roles/{#123;uuid}#125;/assign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
authentik_providers_google_workspace.googleworkspaceprovider
authentik_providers_google_workspace.googleworkspaceprovidermapping
authentik_providers_microsoft_entra.microsoftentraprovider
authentik_providers_microsoft_entra.microsoftentraprovidermapping
PATCH
/rbac/permissions/assigned_by_roles/{#123;uuid}#125;/unassign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
authentik_providers_google_workspace.googleworkspaceprovider
authentik_providers_google_workspace.googleworkspaceprovidermapping
authentik_providers_microsoft_entra.microsoftentraprovider
authentik_providers_microsoft_entra.microsoftentraprovidermapping
POST
/rbac/permissions/assigned_by_users/{#123;id}#125;/assign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
authentik_providers_google_workspace.googleworkspaceprovider
authentik_providers_google_workspace.googleworkspaceprovidermapping
authentik_providers_microsoft_entra.microsoftentraprovider
authentik_providers_microsoft_entra.microsoftentraprovidermapping
PATCH
/rbac/permissions/assigned_by_users/{#123;id}#125;/unassign/
Request:
Changed content type : application/json
-
Changed property
model
(string)Added enum values:
authentik_providers_google_workspace.googleworkspaceprovider
authentik_providers_google_workspace.googleworkspaceprovidermapping
authentik_providers_microsoft_entra.microsoftentraprovider
authentik_providers_microsoft_entra.microsoftentraprovidermapping
GET
/sources/ldap/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
PUT
/sources/ldap/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
PATCH
/sources/ldap/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
GET
/sources/oauth/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
PUT
/sources/oauth/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
PATCH
/sources/oauth/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
GET
/sources/plex/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
PUT
/sources/plex/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
PATCH
/sources/plex/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
GET
/sources/saml/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
PUT
/sources/saml/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
PATCH
/sources/saml/{#123;slug}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
GET
/events/system_tasks/{#123;uuid}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
expires
(string) -
Added property
expiring
(boolean)
-
GET
/rbac/permissions/assigned_by_roles/
Parameters:
Changed: model
in query
GET
/rbac/permissions/assigned_by_users/
Parameters:
Changed: model
in query
POST
/sources/ldap/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
GET
/sources/ldap/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > LDAP Source Serializer
- Changed property
icon
(string)
- Changed property
-
POST
/sources/oauth/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
GET
/sources/oauth/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > OAuth Source Serializer
- Changed property
icon
(string)
- Changed property
-
POST
/sources/plex/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
GET
/sources/plex/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Plex Source Serializer
- Changed property
icon
(string)
- Changed property
-
POST
/sources/saml/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
- Changed property
icon
(string)
- Changed property
GET
/sources/saml/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > SAMLSource Serializer
- Changed property
icon
(string)
- Changed property
-
GET
/stages/captcha/{#123;stage_uuid}#125;/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
score_min_threshold
(number) -
Added property
score_max_threshold
(number) -
Added property
error_on_invalid_score
(boolean)When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions
-
PUT
/stages/captcha/{#123;stage_uuid}#125;/
Request:
Changed content type : application/json
-
Added property
score_min_threshold
(number) -
Added property
score_max_threshold
(number) -
Added property
error_on_invalid_score
(boolean)When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
score_min_threshold
(number) -
Added property
score_max_threshold
(number) -
Added property
error_on_invalid_score
(boolean)When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions
-
PATCH
/stages/captcha/{#123;stage_uuid}#125;/
Request:
Changed content type : application/json
-
Added property
score_min_threshold
(number) -
Added property
score_max_threshold
(number) -
Added property
error_on_invalid_score
(boolean)When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
score_min_threshold
(number) -
Added property
score_max_threshold
(number) -
Added property
error_on_invalid_score
(boolean)When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions
-
PUT
/core/transactional/applications/
Request:
Changed content type : application/json
-
Changed property
provider_model
(string)Added enum values:
authentik_providers_google_workspace.googleworkspaceprovider
authentik_providers_microsoft_entra.microsoftentraprovider
-
Changed property
provider
(object)Added 'authentik_providers_google_workspace.googleworkspaceprovider' provider_model:
-
Property
name
(string) -
Property
property_mappings
(array)Items (string):
-
Property
property_mappings_group
(array)Property mappings used for group creation/updating.
Items (string):
-
Property
delegated_subject
(string) -
Property
credentials
(object) -
Property
scopes
(string) -
Property
exclude_users_service_account
(boolean) -
Property
filter_group
(string) -
Property
user_delete_action
(string)Enum values:
do_nothing
delete
suspend
-
Property
group_delete_action
(string) -
Property
default_group_email_domain
(string)
Added 'authentik_providers_microsoft_entra.microsoftentraprovider' provider_model:
-
Property
name
(string) -
Property
property_mappings
(array) -
Property
property_mappings_group
(array)Property mappings used for group creation/updating.
-
Property
client_id
(string) -
Property
client_secret
(string) -
Property
tenant_id
(string) -
Property
exclude_users_service_account
(boolean) -
Property
filter_group
(string) -
Property
user_delete_action
(string) -
Property
group_delete_action
(string)
-
GET
/events/system_tasks/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serialize TaskInfo and TaskResult
-
Added property
expires
(string) -
Added property
expiring
(boolean)
-
-
POST
/stages/captcha/
Request:
Changed content type : application/json
-
Added property
score_min_threshold
(number) -
Added property
score_max_threshold
(number) -
Added property
error_on_invalid_score
(boolean)When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Added property
score_min_threshold
(number) -
Added property
score_max_threshold
(number) -
Added property
error_on_invalid_score
(boolean)When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions
-
GET
/stages/captcha/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > CaptchaStage Serializer
-
Added property
score_min_threshold
(number) -
Added property
score_max_threshold
(number) -
Added property
error_on_invalid_score
(boolean)When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions
-
-