tweak

website/docs/add-secure-apps/flows-stages/stages/user_login/index.md

@@ -39,7 +39,7 @@ When creating or editing this stage in the UI of the Admin interface, you can se
 
     When configured, all sessions authenticated by this stage will be bound to the selected network and/or GeoIP criteria.
 
-    Sessions that break this binding will be terminated on use. The created [`logout`](../../../../sys-mgmt/events/index.md#logout) event will contain additional data related to what caused the binding to be broken:
+    Sessions that break this binding will be terminated on use. The created [`logout`](../../../../sys-mgmt/events/event-actions#logout) event will contain additional data related to what caused the binding to be broken:
 
     ```json
     {

website/docs/sys-mgmt/events/event-actions.md

@@ -0,0 +1,308 @@
+---
+title: Event actions
+---
+
+Whenever any of the following actions occur, an event is created. Actions are used to define [Notification Rules](notifications.md).
+
+### `login`
+
+A user logs in (including the source, if available).
+
+<details>
+<summary>Example</summary>
+
+```json
+{
+    "pk": "f00f54e7-2b38-421f-bc78-e61f950048d6",
+    "user": {
+        "pk": 1,
+        "email": "root@localhost",
+        "username": "akadmin"
+    },
+    "action": "login",
+    "app": "authentik.events.signals",
+    "context": {
+        "auth_method": "password",
+        "http_request": {
+            "args": {
+                "query": "next=%2F"
+            },
+            "path": "/api/v3/flows/executor/default-authentication-flow/",
+            "method": "GET"
+        },
+        "auth_method_args": {}
+    },
+    "client_ip": "::1",
+    "created": "2023-02-15T15:33:42.771091Z",
+    "expires": "2024-02-15T15:33:42.770425Z",
+    "brand": {
+        "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
+        "app": "authentik_brands",
+        "name": "Default brand",
+        "model_name": "brand"
+    }
+}
+```
+
+</details>
+
+### `login_failed`
+
+A failed login attempt.
+
+<details>
+<summary>Example</summary>
+
+```json
+{
+    "pk": "2779b173-eb2a-4c2b-a1a4-8283eda308d7",
+    "user": {
+        "pk": 2,
+        "email": "",
+        "username": "AnonymousUser"
+    },
+    "action": "login_failed",
+    "app": "authentik.events.signals",
+    "context": {
+        "stage": {
+            "pk": "7e88f4a991c442c1a1335d80f0827d7f",
+            "app": "authentik_stages_password",
+            "name": "default-authentication-password",
+            "model_name": "passwordstage"
+        },
+        "password": "********************",
+        "username": "akadmin",
+        "http_request": {
+            "args": {
+                "query": "next=%2F"
+            },
+            "path": "/api/v3/flows/executor/default-authentication-flow/",
+            "method": "POST"
+        }
+    },
+    "client_ip": "::1",
+    "created": "2023-02-15T15:32:55.319608Z",
+    "expires": "2024-02-15T15:32:55.314581Z",
+    "brand": {
+        "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
+        "app": "authentik_brands",
+        "name": "Default brand",
+        "model_name": "brand"
+    }
+}
+```
+
+</details>
+
+### `logout`
+
+A user logs out.
+
+<details>
+<summary>Example</summary>
+
+```json
+{
+    "pk": "474ffb6b-77e3-401c-b681-7d618962440f",
+    "user": {
+        "pk": 1,
+        "email": "root@localhost",
+        "username": "akadmin"
+    },
+    "action": "logout",
+    "app": "authentik.events.signals",
+    "context": {
+        "http_request": {
+            "args": {
+                "query": ""
+            },
+            "path": "/api/v3/flows/executor/default-invalidation-flow/",
+            "method": "GET"
+        }
+    },
+    "client_ip": "::1",
+    "created": "2023-02-15T15:39:55.976243Z",
+    "expires": "2024-02-15T15:39:55.975535Z",
+    "brand": {
+        "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
+        "app": "authentik_brands",
+        "name": "Default brand",
+        "model_name": "brand"
+    }
+}
+```
+
+</details>
+
+### `user_write`
+
+A user is written to during a flow execution.
+
+<details>
+<summary>Example</summary>
+
+```json
+{
+    "pk": "d012e8af-cb94-4fa2-9e92-961e4eebc060",
+    "user": {
+        "pk": 1,
+        "email": "root@localhost",
+        "username": "akadmin"
+    },
+    "action": "user_write",
+    "app": "authentik.events.signals",
+    "context": {
+        "name": "authentik Default Admin",
+        "email": "root@localhost",
+        "created": false,
+        "username": "akadmin",
+        "attributes": {
+            "settings": {
+                "locale": ""
+            }
+        },
+        "http_request": {
+            "args": {
+                "query": ""
+            },
+            "path": "/api/v3/flows/executor/default-user-settings-flow/",
+            "method": "GET"
+        }
+    },
+    "client_ip": "::1",
+    "created": "2023-02-15T15:41:18.411017Z",
+    "expires": "2024-02-15T15:41:18.410276Z",
+    "brand": {
+        "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
+        "app": "authentik_brands",
+        "name": "Default brand",
+        "model_name": "brand"
+    }
+}
+```
+
+</details>
+
+### `suspicious_request`
+
+A suspicious request has been received (for example, a revoked token was used).
+
+### `password_set`
+
+A user sets their password.
+
+### `secret_view`
+
+A user views a token's/certificate's data.
+
+### `secret_rotate`
+
+A token was rotated automatically by authentik.
+
+### `invitation_used`
+
+An invitation is used.
+
+### `authorize_application`
+
+A user authorizes an application.
+
+<details>
+<summary>Example</summary>
+
+```json
+{
+    "pk": "f52f9eb9-dc2a-4f1e-afea-ad5af90bf680",
+    "user": {
+        "pk": 1,
+        "email": "root@localhost",
+        "username": "akadmin"
+    },
+    "action": "authorize_application",
+    "app": "authentik.providers.oauth2.views.authorize",
+    "context": {
+        "asn": {
+            "asn": 6805,
+            "as_org": "Telefonica Germany",
+            "network": "5.4.0.0/14"
+        },
+        "geo": {
+            "lat": 42.0,
+            "city": "placeholder",
+            "long": 42.0,
+            "country": "placeholder",
+            "continent": "placeholder"
+        },
+        "flow": "53287faa8a644b6cb124cb602a84282f",
+        "scopes": "ak_proxy profile openid email",
+        "http_request": {
+            "args": {
+                "query": "[...]"
+            },
+            "path": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/",
+            "method": "GET"
+        },
+        "authorized_application": {
+            "pk": "bed6a2495fdc4b2e8c3f93cb2ed7e021",
+            "app": "authentik_core",
+            "name": "Alertmanager",
+            "model_name": "application"
+        }
+    },
+    "client_ip": "::1",
+    "created": "2023-02-15T10:02:48.615499Z",
+    "expires": "2023-04-26T10:02:48.612809Z",
+    "brand": {
+        "pk": "10800be643d44842ab9d97cb5f898ce9",
+        "app": "authentik_brands",
+        "name": "Default brand",
+        "model_name": "brand"
+    }
+}
+```
+
+</details>
+
+### `source_linked`
+
+A user links a source to their account.
+
+### `impersonation_started` / `impersonation_ended`
+
+A user starts/ends impersonation, including the user that was impersonated.
+
+### `policy_execution`
+
+A policy is executed (when a policy has "Execution Logging" enabled).
+
+### `policy_exception` / `property_mapping_exception`
+
+A policy or property mapping causes an exception.
+
+### `system_task_exception`
+
+An exception occurred in a system task.
+
+### `system_exception`
+
+A general exception in authentik occurred.
+
+### `configuration_error`
+
+A configuration error occurs, for example during the authorization of an application.
+
+### `model_created` / `model_updated` / `model_deleted`
+
+Logged when any model is created/updated/deleted, including the user that sent the request.
+
+:::info
+Starting with authentik 2024.2, when a valid enterprise license is installed, these entries will contain additional audit data, including which fields were changed with this event, their previous values and their new values.
+:::
+
+### `email_sent`
+
+An email has been sent. Included is the email that was sent.
+
+### `update_available`
+
+An update is available.

website/docs/sys-mgmt/events/index.md

@@ -4,319 +4,20 @@ title: Events
 
 Events are authentik's built-in logging system. Every event is logged, whether it is initiated by a user or by authentik.
 
-Events can be used to define [notification rules](notifications.md), with specified [transport options](transports.md) of local (in the authentik UI), email or webhook.
+Certain information is stripped from events to ensure that no passwords or other credentials are saved in the log.
 
-Certain information is stripped from events, to ensure no passwords or other credentials are saved in the log.
+## About notifications
 
-## Event retention
+Events can be used to define [notification rules](notifications.md), with specified [transport options](transports.md) of either local (shown in the authentik UI), email, or webhook.
 
-The event retention is configured in the **System > Settings** area of the Admin interface, with the default being set to 365 days.
+## About logging
 
-If you want to forward these events to another application, forward the log output of all authentik containers. Every event creation is logged with the log level "info". For this configuration, it is also recommended to set the internal retention pretty low (for example, `days=1`).
+Event logging in authentik provides several layers of transparency about user and system actions, from a quick view on the Overview dashboard, to a full, searchable list of all events, with a volume graph to highlight any spikes, in the Admin interface under **Events > Logs**.
 
-## Event actions
+Refer to our [Logging documentation](./logging-events.md) for more information.
 
-Whenever any of the following actions occur, an event is created.
+## Event retention and forwarding
 
-### `login`
+The event retention setting is configured in the **System > Settings** area of the Admin interface, with the default being set to 365 days.
 
-A user logs in (including the source, if available)
-
-<details>
-<summary>Example</summary>
-
-```json
-{
-    "pk": "f00f54e7-2b38-421f-bc78-e61f950048d6",
-    "user": {
-        "pk": 1,
-        "email": "root@localhost",
-        "username": "akadmin"
-    },
-    "action": "login",
-    "app": "authentik.events.signals",
-    "context": {
-        "auth_method": "password",
-        "http_request": {
-            "args": {
-                "query": "next=%2F"
-            },
-            "path": "/api/v3/flows/executor/default-authentication-flow/",
-            "method": "GET"
-        },
-        "auth_method_args": {}
-    },
-    "client_ip": "::1",
-    "created": "2023-02-15T15:33:42.771091Z",
-    "expires": "2024-02-15T15:33:42.770425Z",
-    "brand": {
-        "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
-        "app": "authentik_brands",
-        "name": "Default brand",
-        "model_name": "brand"
-    }
-}
-```
-
-</details>
-
-### `login_failed`
-
-A failed login attempt
-
-<details>
-<summary>Example</summary>
-
-```json
-{
-    "pk": "2779b173-eb2a-4c2b-a1a4-8283eda308d7",
-    "user": {
-        "pk": 2,
-        "email": "",
-        "username": "AnonymousUser"
-    },
-    "action": "login_failed",
-    "app": "authentik.events.signals",
-    "context": {
-        "stage": {
-            "pk": "7e88f4a991c442c1a1335d80f0827d7f",
-            "app": "authentik_stages_password",
-            "name": "default-authentication-password",
-            "model_name": "passwordstage"
-        },
-        "password": "********************",
-        "username": "akadmin",
-        "http_request": {
-            "args": {
-                "query": "next=%2F"
-            },
-            "path": "/api/v3/flows/executor/default-authentication-flow/",
-            "method": "POST"
-        }
-    },
-    "client_ip": "::1",
-    "created": "2023-02-15T15:32:55.319608Z",
-    "expires": "2024-02-15T15:32:55.314581Z",
-    "brand": {
-        "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
-        "app": "authentik_brands",
-        "name": "Default brand",
-        "model_name": "brand"
-    }
-}
-```
-
-</details>
-
-### `logout`
-
-A user logs out.
-
-<details>
-<summary>Example</summary>
-
-```json
-{
-    "pk": "474ffb6b-77e3-401c-b681-7d618962440f",
-    "user": {
-        "pk": 1,
-        "email": "root@localhost",
-        "username": "akadmin"
-    },
-    "action": "logout",
-    "app": "authentik.events.signals",
-    "context": {
-        "http_request": {
-            "args": {
-                "query": ""
-            },
-            "path": "/api/v3/flows/executor/default-invalidation-flow/",
-            "method": "GET"
-        }
-    },
-    "client_ip": "::1",
-    "created": "2023-02-15T15:39:55.976243Z",
-    "expires": "2024-02-15T15:39:55.975535Z",
-    "brand": {
-        "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
-        "app": "authentik_brands",
-        "name": "Default brand",
-        "model_name": "brand"
-    }
-}
-```
-
-</details>
-
-### `user_write`
-
-A user is written to during a flow execution.
-
-<details>
-<summary>Example</summary>
-
-```json
-{
-    "pk": "d012e8af-cb94-4fa2-9e92-961e4eebc060",
-    "user": {
-        "pk": 1,
-        "email": "root@localhost",
-        "username": "akadmin"
-    },
-    "action": "user_write",
-    "app": "authentik.events.signals",
-    "context": {
-        "name": "authentik Default Admin",
-        "email": "root@localhost",
-        "created": false,
-        "username": "akadmin",
-        "attributes": {
-            "settings": {
-                "locale": ""
-            }
-        },
-        "http_request": {
-            "args": {
-                "query": ""
-            },
-            "path": "/api/v3/flows/executor/default-user-settings-flow/",
-            "method": "GET"
-        }
-    },
-    "client_ip": "::1",
-    "created": "2023-02-15T15:41:18.411017Z",
-    "expires": "2024-02-15T15:41:18.410276Z",
-    "brand": {
-        "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
-        "app": "authentik_brands",
-        "name": "Default brand",
-        "model_name": "brand"
-    }
-}
-```
-
-</details>
-
-### `suspicious_request`
-
-A suspicious request has been received (for example, a revoked token was used).
-
-### `password_set`
-
-A user sets their password.
-
-### `secret_view`
-
-A user views a token's/certificate's data.
-
-### `secret_rotate`
-
-A token was rotated automatically by authentik.
-
-### `invitation_used`
-
-An invitation is used.
-
-### `authorize_application`
-
-A user authorizes an application.
-
-<details>
-<summary>Example</summary>
-
-```json
-{
-    "pk": "f52f9eb9-dc2a-4f1e-afea-ad5af90bf680",
-    "user": {
-        "pk": 1,
-        "email": "root@localhost",
-        "username": "akadmin"
-    },
-    "action": "authorize_application",
-    "app": "authentik.providers.oauth2.views.authorize",
-    "context": {
-        "asn": {
-            "asn": 6805,
-            "as_org": "Telefonica Germany",
-            "network": "5.4.0.0/14"
-        },
-        "geo": {
-            "lat": 42.0,
-            "city": "placeholder",
-            "long": 42.0,
-            "country": "placeholder",
-            "continent": "placeholder"
-        },
-        "flow": "53287faa8a644b6cb124cb602a84282f",
-        "scopes": "ak_proxy profile openid email",
-        "http_request": {
-            "args": {
-                "query": "[...]"
-            },
-            "path": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/",
-            "method": "GET"
-        },
-        "authorized_application": {
-            "pk": "bed6a2495fdc4b2e8c3f93cb2ed7e021",
-            "app": "authentik_core",
-            "name": "Alertmanager",
-            "model_name": "application"
-        }
-    },
-    "client_ip": "::1",
-    "created": "2023-02-15T10:02:48.615499Z",
-    "expires": "2023-04-26T10:02:48.612809Z",
-    "brand": {
-        "pk": "10800be643d44842ab9d97cb5f898ce9",
-        "app": "authentik_brands",
-        "name": "Default brand",
-        "model_name": "brand"
-    }
-}
-```
-
-</details>
-
-### `source_linked`
-
-A user links a source to their account
-
-### `impersonation_started` / `impersonation_ended`
-
-A user starts/ends impersonation, including the user that was impersonated
-
-### `policy_execution`
-
-A policy is executed (when a policy has "Execution Logging" enabled).
-
-### `policy_exception` / `property_mapping_exception`
-
-A policy or property mapping causes an exception
-
-### `system_task_exception`
-
-An exception occurred in a system task.
-
-### `system_exception`
-
-A general exception in authentik occurred.
-
-### `configuration_error`
-
-A configuration error occurs, for example during the authorization of an application
-
-### `model_created` / `model_updated` / `model_deleted`
-
-Logged when any model is created/updated/deleted, including the user that sent the request.
-
-:::info
-Starting with authentik 2024.2, when a valid enterprise license is installed, these entries will contain additional audit data, including which fields were changed with this event, their previous values and their new values.
-:::
-
-### `email_sent`
-
-An email has been sent. Included is the email that was sent.
-
-### `update_available`
-
-An update is available
+If you want to forward these events to another application, forward the log output of all authentik containers. Every event creation is logged with the log level "info". For this configuration, it is also recommended to set the internal retention time period to a short time frame (for example, `days=1`).

website/docs/sys-mgmt/events/logging-events.md

@@ -0,0 +1,33 @@
+---
+title: Logging events
+---
+
+Logs are a vital tool for system diagnostics, event auditing, user management, reporting, and more. They capture detailed information about each event including the client's IP address, the user involved, the date and time, and the specific action taken.
+
+Event logging in authentik is highly configurable. You can set the [retention period](./index.md#event-retention-and-forwarding) for storing and displaying events, specify which events should trigger a [notification](./notifications.md), and access low-level details about when and where each event occurred.
+
+### Troubleshooting with event logs
+
+For guidance on troubleshooting with logs, including setting log levels (info, warning, etc.), enabling `trace` mode, viewing historical logs, and streaming logs in real-time, see [Capturing logs in authentik](../../troubleshooting/logs.mdx).
+
+## Enhanced audit logging (Enterprise)
+
+In the enterprise version, two enhancements make reading the logs even easier:
+
+- the Event details page in the user interface presents abstracted and easily accessible information about each event in an easy-to-access table.
+
+- for any event that involves the creation or modification of an object, the corresponding code differences are displayed, allowing for comparison of the previous and new configuration settings or values. For example, if an authentik administrator updates a user's email address, both the old and new email addresses are displayed in the event's detailed view. (In the open source version, event details only show that a change was made and which application and model was involved.)
+
+![](./events-diffs.png)
+
+You can view audit details in the following areas of the authentik Admin interface:
+
+- **Admin interface > Dashboards > Overview**: In the **Recent events** section click an event name to view its details.
+
+- **Admin interface > Events > Logs**: In the event list, click the arrow toggle next to the event you want to view.
+
+## Viewing events in maps and charts (Enterprise)
+
+With the enterprise version, you can view recent events on both a world map view with pinpoints indicating where each event occurred and also a color-coded chart that highlights event types and volume.
+
+![](./event-map-chart.png)

website/docs/sys-mgmt/events/notifications.md

@@ -1,18 +1,37 @@
 ---
-title: Notifications
+title: Notification rules
+sidebar_label: Notification rules
 ---
 
 :::note
-To prevent infinite loops (events created by policies which are attached to a Notification rule), **any events created by a policy which is attached to any Notification Rules do not trigger notifications.**
+To prevent infinite loops of cause and effect (events created by policies which are attached to a notification rule), _any events created by a policy which is attached to any notification rules do not trigger notifications._
 :::
 
-## Filtering Events
+An authentik administrator can create notification rules based on the creation of specified events. Filtering of events is processed by the authentik Policy Engine, using a combination of both 1) a policy and 2) a notification rule.
 
-An authentik administrator can create notification rules based on the creation of specified events. Filtering is done by using the Policy Engine. You can do simple filtering using the "Event Matcher Policy" type.
+## Workflow overview
 
-![](./event_matcher.png)
+To receive notifications about events, follow this workflow:
 
-An event has to match all configured fields, otherwise the rule will not trigger.
+1. Create a notification transport (or use a default notification transport).
+2. Create a policy.
+3. Create a notification rule and bind the policy to the rule.
+
+## 1. Create a notification transport
+
+A notification transport determines the method used to deliver notifications to users. Supported delivery methods are: local notifications displayed in the authentik UI, email, and webhook. Follow these [instructions](./transports.md#create-a-notification-transport) to create a notification transport.
+
+## 2. Create a policy
+
+You will need to create a policy (either the **Event Matcher** policy or a custom Expression policy) that defines which events will trigger a notification.
+
+### Event Matcher policy
+
+For simple event matching you can [create and configure](../../customize/policies/working_with_policies.md) a **Event Matcher** policy to define which events (known as _Actions_ in the policy) will trigger a notification. For example, whenever a user deletes a model object, or whenever any user fails to successfully log in.
+
+Be aware that an event has to match all configured fields in the policy, otherwise the notification rule will not trigger.
+
+### Expression policy for events
 
 To match events with an "Expression Policy", you can write code like so:
 
@@ -23,17 +42,25 @@ if "event" not in request.context:
 return ip_address(request.context["event"].client_ip) in ip_network('192.0.2.0/24')
 ```
 
-## Selecting who gets notified
+## 3. Create a notification rule and bind it to the policy
 
-After you've created the policies to match the events you want, create a "Notification Rule".
+After you've created the policies to match the events you want, create a notification rule.
 
-You have to select which group the generated notification should be sent to. If left empty, the rule will be disabled.
+1. Log in as an administrator, open the authentik Admin interface, and navigate to **Event > Notification Rules**.
+
+2. Click **Create** to add a new notification rule or click the **Edit** icon next to an existing rule to modify it.
+
+3. Define the policy configurations, and then click **Create** or **Update** to save the settings.
+
+- Note that policies are executed regardless of whether a group is selected. However, notifications are only triggered when a group is selected.
+- You also have to select which [notification transport](./transports.md) should be used to send the notification. Two notification transports are created by default:
+    - `default-email-transport`: Delivers notifications via email using the [global email configuration](../../install-config/install/docker-compose.mdx#email-configuration-optional-but-recommended).
+    - `default-local-transport`: Delivers notifications within the authentik UI.
+
+4. In the list of notification rules, click the arrow in the row of the notification rule to expand the details of the rule.
+
+5. Click **Bind existing Policy/Group/User** and in the **Create Binding** modal, select the policy that you created for this notification rule and then click **Create** to finalize the binding.
 
 :::info
-Before authentik 2023.5, when no group is selected, policies bound to the rule are not executed. Starting with authentik 2023.5, policies are executed even when no group is selected.
+Be aware that policies are executed even when no group is selected.
 :::
-
-You also have to select which transports should be used to send the notification.
-A transport with the name "default-email-transport" is created by default. This transport will use the [global email configuration](../../install-config/install/docker-compose.mdx#email-configuration-optional-but-recommended).
-
-Starting with authentik 2022.6, a new default transport will be created. This is because notifications are no longer created by default, they are now a transport method instead. This allows for better customization of the notification before it is created.

website/docs/sys-mgmt/events/transports.md

@@ -1,10 +1,30 @@
 ---
-title: Transports
+title: Transport rules
+sidebar_label: Transport rules
 ---
 
-Notifications can be sent to users via multiple mediums. By default, the [global email configuration](../../install-config/install/docker-compose.mdx#email-configuration-optional-but-recommended) will be used.
+To receive notifications about events you must first [create a notification transport](#create-a-notification-transport), and then define a notification rule with a bound policy. For more information, see the [Workflow overview](./notifications.md#workflow-overview).
 
-## Generic Webhook
+## Notification transport modes
+
+Notifications can be sent to users via multiple mediums, or _transports_:
+
+- Local (in the authentik user interface)
+- Email
+- Webhook (generic)
+- Webhook (Slack/Discord)
+
+### Local
+
+This notification transport will manifest the notification within the authentik user interface (UI).
+
+### Email
+
+Select this transport to send event notifications to an email address. Note that by default the [global email configuration](../../install-config/install/docker-compose.mdx#email-configuration-optional-but-recommended) is used.
+
+To edit an email address, follow the same instructions as above for configuring the global email during the installation process.
+
+### Webhook (generic)
 
 This will send a POST request to the given URL with the following contents:
 
@@ -23,7 +43,7 @@ This will send a POST request to the given URL with the following contents:
 
 The `Content-Type` header is set to `text/json`.
 
-Starting in 2021.9, you can also select a Notification mapping. This allows you to freely configure the request's payload. For example:
+You can also select a Notification mapping. This allows you to freely configure the request's payload. For example:
 
 ```python
 return {
@@ -31,6 +51,14 @@ return {
 }
 ```
 
-## Slack Webhook
+### Webhook (Slack or Discord)
 
 This sends a request using the Slack-specific format. This is also compatible with Discord's webhooks by appending `/slack` to the Discord webhook URL.
+
+## Create a notification transport
+
+1. Log in as an administrator to the authentik Admin interface, and then navigate to **Event > Notification Transports**.
+
+2. Click **Create** to add a new transport or click the **Edit** icon next to an existing notification transport to modify it.
+
+3. Define the **Name** and **Mode** for the notification transport, enter required configuration settings, and then click **Create**.

website/sidebars/docs.mjs

@@ -594,7 +594,12 @@ const items = [
                     type: "doc",
                     id: "sys-mgmt/events/index",
                 },
-                items: ["sys-mgmt/events/notifications", "sys-mgmt/events/transports"],
+                items: [
+                    "sys-mgmt/events/notifications",
+                    "sys-mgmt/events/transports",
+                    "sys-mgmt/events/logging-events",
+                    "sys-mgmt/events/event-actions",
+                ],
             },
             "sys-mgmt/certificates",
             "sys-mgmt/settings",