* rough draft
* more content, still drafty
* wow the Consent stage is interesting
* figured out consent policy binding
* more content
* tweak
* add steps to create Consent stage
* add to sidebar, more procedural content
* tested steps, more polish
* fixed mangled section
* work on user interface doc
* tweak to App paassword section
* tweaks about App passwords
* more mfa content
* tweaks
* website/docs/add-secure-apps/flows-stages/stages/consent/index.md
* fix link
* add info about recovery flow, tweaks
* removed/reworded talk of custom flows
* dominic edits
* rest of dominic's edits
* more excellent edits by dominic
* more dominc edits
* another edit
* more edits, restored unwanted files
* tweaks
* tweak to a preposition
* jens edits
* removed unrelated change to cspell file
* Apply suggestion from @BeryJu
Signed-off-by: Jens L. <jens@beryju.org>
* Jens edits
* two missed edits
---------
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens L. <jens@goauthentik.io>
* new first steps docs
* moved email config up to match Docker
* first draft
* moved sections and retitled some
* more content, tweaks
* dewis edits
* added Dewi ideas, more content, tweaks
* more content, green tips, other fixes
* Optimised images with calibre/image-actions
* Optimised images with calibre/image-actions
* Optimised images with calibre/image-actions
* conflicts?
* dominic's eedits, more content
* another fine Dominic edit
* more dewi and dominic edits, links
* a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* tweaks
* thanks Teffen
* new styles, more content
* few more dominic edits, tweaks
* formatting fights on tips
* fix some alignments
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* changes from Jens
* work on bindings docs that was needed for the first steps docs
* links, more tweaks
* more edits, more TODOs done
* add mermaid diagram, more links, more content
* fix sidebar, tweaks
* tweak
* more link fixing
* fix heading size
* more dewi and dominic edits
* more dewi and dominic edits
* teffen enhancements yay and more bindings rearchitecting
* added note about stage bindings being the only type of binding that you can bind to yeehaw
---------
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
* move imports
* core: add digraph group hierarchy
* move to permissions from Group or User to Role
* set group parents on frontend
* do not serialize `GroupParentageNode` directly
* core: enforce unique group name on database level
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use group parents in LDAP provider
* add user-role relationship control to frontend
* move materialized view to be more discoverable
* add guardian to mypy exceptions
* make `Role` a `ManagedModel`
* fixup! make `Role` a `ManagedModel`
* simplify `get_objects_for_user`
* fix flaky unit test
* rename `django-guardian` fork to `ak-guardian`
* add tests around users/groups/roles
* remove unused guardian config variable
* simplify guardian file structure
* clean up frontend
* initial docs
* remove `mode` from `InitialPermissions`
This is no longer needed, since users no longer directly have permissions.
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* clean up docs for managing permissions
* addendums from docs review
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* tweaks
* dewi and tana edits to docs
* tweak
* truly final tweaks, for now
* relabel Role Permissions table
* clarify button label
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* merge migrations
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
* more content
* rearrange, more content
* change link to oauth source
* Update website/docs/add-secure-apps/providers/scim/index.md
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/docs/add-secure-apps/providers/scim/index.md
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* dewi edits
* dewi edit2
* resize image, add examples
* tweak
* Update website/docs/add-secure-apps/providers/scim/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* jens edits
* more content, fix links
* mpre tweaks
* more info about ServiceProviderConfig
* Optimised images with calibre/image-actions
* Optimised images with calibre/image-actions
* Optimised images with calibre/image-actions
* Optimised images with calibre/image-actions
* tweak to bumb build
* Update website/docs/add-secure-apps/providers/scim/index.md
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/docs/add-secure-apps/providers/scim/index.md
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/docs/add-secure-apps/applications/manage_apps.mdx
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/docs/add-secure-apps/providers/index.mdx
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/docs/add-secure-apps/applications/manage_apps.mdx
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Apply suggestion from @BeryJu
Signed-off-by: Jens L. <jens@beryju.org>
* Apply suggestion from @BeryJu
Signed-off-by: Jens L. <jens@beryju.org>
* Apply suggestion from @BeryJu
Signed-off-by: Jens L. <jens@beryju.org>
* Apply suggestion from @BeryJu
Signed-off-by: Jens L. <jens@beryju.org>
* Update website/docs/add-secure-apps/providers/scim/index.md
Signed-off-by: Jens L. <jens@beryju.org>
* add version badge
---------
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Dominic R <dominic@sdko.org>
* docs: misc changes and fixes
* Update website/docs/core/terminology.md
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/core/terminology.md
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/core/terminology.md
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/core/terminology.md
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/core/terminology.md
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/customize/policies/index.md
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/enterprise/get-started.md
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/core/terminology.md
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* missed a spot
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
* First draft docs for policies/unique_password
* simplify documentation
* fix styling
* Add clarification about when this policy takes effect
* change wording in how it works
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>
* Take the user by the hand and tell them where to go
* Improve wording in Configuration options
* add suggestion from PR
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>
* Update website/docs/customize/policies/unique_password.md
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>
* fix linting and wording
* Add instructions for binding
* Remove conf options section, add to sidebar
* Update website/docs/customize/policies/unique_password.md
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
---------
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
* Add Passkeys reference in several parts where WebAuthn is mentioned for better docs UX and SEO)
* Add version badge to Webauthn / passkeys authenticator
* fix linting issues
* Better wording to differenciate concepts
* Revert to css class for version badge because the ak-version tag don't support versions=<2023
* first pass at removing wizard
* missed one
* Replaced the word modal wth the word box or simply rewrote to avoid saying modal.
* typo
---------
Co-authored-by: Tana M Berry <tana@goauthentik.com>
* website/docs: policy for email whitelist: revamp
Updates the documentation to add an expression for source authentication. Then, it fixes the existing expression to work with authentik 2024.12.1 . Finally, the documentation page it-self is cleaned up and touched up.
Signed-off-by: 4d62 <github-user@sdko.org>
* website/docs: policy for email whitelist: lowercase title
Sets the title back to being lowercase, oops
Signed-off-by: 4d62 <github-user@sdko.org>
* website/docs: customize: whatever-title-i-put-before: lint
Lints the code with prettier.
* remind me to not run npx prettier --write website/docs/
* suggestions
* Update website/docs/customize/policies/expression/whitelist_email.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: 4d62 <git@sdko.org>
* Update website/docs/customize/policies/expression/whitelist_email.md
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
---------
Signed-off-by: 4d62 <github-user@sdko.org>
Signed-off-by: 4d62 <git@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
* add password policy to default password change flow
This change complies with the minimal compositional requirements by
NIST SP 800-63 Digital Identity Guidelines. See
https://pages.nist.gov/800-63-4/sp800-63b.html#password
More work is needed to comply with other parts of the Guidelines,
specifically
> If the chosen password is found on the blocklist, the CSP or verifier
> [...] SHALL provide the reason for rejection.
and
> Verifiers SHALL offer guidance to the subscriber to assist the user in
> choosing a strong password. This is particularly important following
> the rejection of a password on the blocklist as it discourages trivial
> modification of listed weak passwords.
* add docs for default Password policy
* remove HIBP from default Password policy
* add zxcvbn to default Password policy
* add fallback password error message to password policy, fix validation policy
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* reword docs
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
* add HIBP caveat
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
* separate policy into separate blueprint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use password policy for oobe flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* kiss
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
