web: Fix alignment, rendering on high contrast.

web: Apply footer resize. web: Fix application of global styles in style roots. web: Fix missing layout attribute. web: Normalize background alignment. web: Fix layout issues, color overrides. web: Fix alignment, colors, jank. web: Separate method into function. web: Clean up alignment, reflow. web: Fix colors, compatibility mode. web: Add content left/right support. web: Fix colors, compatibility mode overrides.
web: Separate global styles from element roots.
2026-05-08 08:02:26 +02:00 · 2025-10-20 16:53:50 +02:00 · 2025-10-20 16:53:49 +02:00
121 changed files with 3843 additions and 10475 deletions
--- a/.github/actions/comment-pr-instructions/action.yml
+++ b/.github/actions/comment-pr-instructions/action.yml
@@ -10,14 +10,14 @@ runs:
  using: "composite"
  steps:
    - name: Find Comment
-      uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v2
+      uses: peter-evans/find-comment@a54c31d7fa095754bfef525c0c8e5e5674c4b4b1 # v2
      id: fc
      with:
        issue-number: ${{ github.event.pull_request.number }}
        comment-author: "github-actions[bot]"
        body-includes: authentik PR Installation instructions
    - name: Create or update comment
-      uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v2
+      uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2
      with:
        comment-id: ${{ steps.fc.outputs.comment-id }}
        issue-number: ${{ github.event.pull_request.number }}
--- a/.github/actions/setup/action.yml
+++ b/.github/actions/setup/action.yml
@@ -21,12 +21,12 @@ runs:
        sudo apt-get install --no-install-recommends -y libpq-dev openssl libxmlsec1-dev pkg-config gettext libkrb5-dev krb5-kdc krb5-user krb5-admin-server
    - name: Install uv
      if: ${{ contains(inputs.dependencies, 'python') }}
-      uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v5
+      uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
      with:
        enable-cache: true
    - name: Setup python
      if: ${{ contains(inputs.dependencies, 'python') }}
-      uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v5
+      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
      with:
        python-version-file: "pyproject.toml"
    - name: Install Python deps
@@ -35,7 +35,7 @@ runs:
      run: uv sync --all-extras --dev --frozen
    - name: Setup node
      if: ${{ contains(inputs.dependencies, 'node') }}
-      uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v4
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
      with:
        node-version-file: web/package.json
        cache: "npm"
@@ -43,7 +43,7 @@ runs:
        registry-url: 'https://registry.npmjs.org'
    - name: Setup go
      if: ${{ contains(inputs.dependencies, 'go') }}
-      uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v5
+      uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
      with:
        go-version-file: "go.mod"
    - name: Setup docker cache
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,15 +1,7 @@
 version: 2
 updates:
  - package-ecosystem: "github-actions"
-    directories:
-      - /
-      # Required to update composite actions
-      # https://github.com/dependabot/dependabot-core/issues/6704
-      - /.github/actions/cherry-pick
-      - /.github/actions/setup
-      - /.github/actions/docker-push-variables
-      - /.github/actions/comment-pr-instructions
-      - /.github/actions/test-results
+    directory: "/"
    schedule:
      interval: daily
      time: "04:00"
--- a/2
+++ b/2
@@ -78,7 +78,7 @@ RUN --mount=type=secret,id=GEOIPUPDATE_ACCOUNT_ID \
 # Stage 4: Download uv
 FROM ghcr.io/astral-sh/uv:0.9.4 AS uv
 # Stage 5: Base python image
-FROM ghcr.io/goauthentik/fips-python:3.13.9-slim-trixie-fips AS python-base
+FROM ghcr.io/goauthentik/fips-python:3.13.7-slim-trixie-fips AS python-base

 ENV VENV_PATH="/ak-root/.venv" \
    PATH="/lifecycle:/ak-root/.venv/bin:$PATH" \
--- a/authentik/init.py
+++ b/authentik/init.py
@@ -3,7 +3,7 @@
 from functools import lru_cache
 from os import environ

-VERSION = "2025.10.0-rc2"
+VERSION = "2025.10.0-rc1"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"


--- a/authentik/core/templates/base/skeleton.html
+++ b/authentik/core/templates/base/skeleton.html
@@ -18,8 +18,6 @@

        {% include "base/theme.html" %}

-        <link rel="stylesheet" type="text/css" href="{% static 'dist/authentik.css' %}">
-
        <style>{{ brand_css }}</style>
        <script src="{% versioned_script 'dist/poly-%v.js' %}" type="module"></script>
        <script src="{% versioned_script 'dist/standalone/loading/index-%v.js' %}" type="module"></script>
--- a/authentik/core/templates/base/theme.html
+++ b/authentik/core/templates/base/theme.html
@@ -1,6 +1,13 @@
+{% load static %}
+
+<link rel="stylesheet" type="text/css" href="{% static 'dist/layers/global.css' %}">
+<link rel="stylesheet" type="text/css" href="{% static 'dist/authentik.css' %}">
+
 {% if ui_theme == "dark" %}
  <meta name="color-scheme" content="dark" />
  <meta name="theme-color" content="#18191a">
+  <link rel="stylesheet" type="text/css" href="{% static 'dist/layers/global.dark.css' %}">
+  <link rel="stylesheet" type="text/css" href="{% static 'dist/theme-dark.css' %}">
 {% elif ui_theme == "light" %}
  <meta name="color-scheme" content="light" />
  <meta name="theme-color" content="#ffffff">
@@ -8,4 +15,7 @@
  <meta name="color-scheme" content="light dark" />
  <meta name="theme-color" content="#ffffff" media="(prefers-color-scheme: light)">
  <meta name="theme-color" content="#18191a" media="(prefers-color-scheme: dark)">
+
+  <link rel="stylesheet" type="text/css" href="{% static 'dist/layers/global.dark.css' %}" media="(prefers-color-scheme: dark)">
+  <link rel="stylesheet" type="text/css" href="{% static 'dist/theme-dark.css' %}" media="(prefers-color-scheme: dark)">
 {% endif %}
--- a/authentik/core/templates/login/base_full.html
+++ b/authentik/core/templates/login/base_full.html
@@ -6,20 +6,16 @@
 {% block head_before %}
 <link rel="prefetch" href="{{ request.brand.branding_default_flow_background_url }}" />
 <link rel="stylesheet" type="text/css" href="{% static 'dist/patternfly.min.css' %}">
-<link rel="stylesheet" type="text/css" href="{% static 'dist/theme-dark.css' %}" media="(prefers-color-scheme: dark)">
 {% include "base/header_js.html" %}
 {% endblock %}

 {% block head %}
 <style>
-:root {
-    --ak-flow-background: url("{{ request.brand.branding_default_flow_background_url }}");
-    --pf-c-background-image--BackgroundImage: var(--ak-flow-background);
-    --pf-c-background-image--BackgroundImage-2x: var(--ak-flow-background);
-    --pf-c-background-image--BackgroundImage--sm: var(--ak-flow-background);
-    --pf-c-background-image--BackgroundImage--sm-2x: var(--ak-flow-background);
-    --pf-c-background-image--BackgroundImage--lg: var(--ak-flow-background);
-}
+  :root {
+      --ak-global--background-color: var(--pf-global--BackgroundColor--150);
+      --ak-global--background-image: url("{{ request.brand.branding_default_flow_background_url }}");
+  }
+
 /* Form with user */
 .form-control-static {
    margin-top: var(--pf-global--spacer--sm);
@@ -43,41 +39,37 @@
 {% endblock %}

 {% block body %}
-<div class="pf-c-background-image">
-</div>
 <ak-skip-to-content></ak-skip-to-content>
 <ak-message-container></ak-message-container>
-<div class="pf-c-login stacked">
-    <div class="ak-login-container">
-        <main class="pf-c-login__main">
-            <div class="pf-c-login__main-header pf-c-brand ak-brand">
-                <img src="{{ brand.branding_logo_url }}" alt="authentik Logo" />
-            </div>
-            <header class="pf-c-login__main-header">
-                <h1 class="pf-c-title pf-m-3xl">
-                    {% block card_title %}
-                    {% endblock %}
-                </h1>
-            </header>
-            <div class="pf-c-login__main-body">
-                {% block card %}
+<div class="pf-c-login">
+    <main class="pf-c-login__main">
+        <div part="branding" class="pf-c-login__main-header pf-c-brand">
+            <img part="branding-logo" src="{{ brand.branding_logo_url }}" alt="authentik Logo" />
+        </div>
+        <header class="pf-c-login__main-header">
+            <h1 class="pf-c-title pf-m-3xl">
+                {% block card_title %}
                {% endblock %}
-            </div>
-        </main>
-        <footer class="pf-c-login__footer">
-            <ul class="pf-c-list pf-m-inline">
-                {% for link in footer_links %}
-                <li>
-                    <a href="{{ link.href }}">{{ link.name }}</a>
-                </li>
-                {% endfor %}
-                <li>
-                    <span>
-                        {% trans 'Powered by authentik' %}
-                    </span>
-                </li>
-            </ul>
-        </footer>
-    </div>
+            </h1>
+        </header>
+        <div class="pf-c-login__main-body">
+            {% block card %}
+            {% endblock %}
+        </div>
+    </main>
+    <footer class="pf-c-login__footer pf-m-dark">
+        <ul class="pf-c-list pf-m-inline">
+            {% for link in footer_links %}
+            <li>
+                <a href="{{ link.href }}">{{ link.name }}</a>
+            </li>
+            {% endfor %}
+            <li>
+                <span>
+                    {% trans 'Powered by authentik' %}
+                </span>
+            </li>
+        </ul>
+    </footer>
 </div>
 {% endblock %}
--- a/authentik/flows/templates/if/flow.html
+++ b/authentik/flows/templates/if/flow.html
@@ -20,9 +20,10 @@ window.authentik.flow = {
 {% block head %}
 <script src="{% versioned_script 'dist/flow/FlowInterface-%v.js' %}" type="module"></script>
 <style>
-:root {
-    --ak-flow-background: url("{{ flow_background_url }}");
-}
+  :root {
+      --ak-global--background-color: var(--pf-global--BackgroundColor--150);
+      --ak-global--background-image: url("{{ flow_background_url }}");
+  }
 </style>
 {% endblock %}

--- a/authentik/lib/sync/outgoing/api.py
+++ b/authentik/lib/sync/outgoing/api.py
@@ -1,3 +1,5 @@
+from typing import Protocol
+
 from django.db.models import Model
 from dramatiq.actor import Actor
 from dramatiq.results.errors import ResultFailure
@@ -36,7 +38,11 @@ class SyncObjectResultSerializer(PassiveSerializer):
    messages = LogEventSerializer(many=True, read_only=True)


-class OutgoingSyncProviderStatusMixin:
+class GetObjectDependency(Protocol):
+    def get_object(self) -> OutgoingSyncProvider: ...
+
+
+class OutgoingSyncProviderStatusMixin(GetObjectDependency):
    """Common API Endpoints for Outgoing sync providers"""

    sync_task: Actor
@@ -52,7 +58,7 @@ class OutgoingSyncProviderStatusMixin:
    )
    def sync_status(self, request: Request, pk: int) -> Response:
        """Get provider's sync status"""
-        provider: OutgoingSyncProvider = self.get_object()
+        provider = self.get_object()

        status = {}

--- a/blueprints/schema.json
+++ b/blueprints/schema.json
@@ -2,7 +2,7 @@
    "$schema": "http://json-schema.org/draft-07/schema",
    "$id": "https://goauthentik.io/blueprints/schema.json",
    "type": "object",
-    "title": "authentik 2025.10.0-rc2 Blueprint schema",
+    "title": "authentik 2025.10.0-rc1 Blueprint schema",
    "required": [
        "version",
        "entries"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -31,7 +31,7 @@ services:
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.0-rc2}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.0-rc1}
    ports:
    - ${COMPOSE_PORT_HTTP:-9000}:9000
    - ${COMPOSE_PORT_HTTPS:-9443}:9443
@@ -52,7 +52,7 @@ services:
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.0-rc2}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.0-rc1}
    restart: unless-stopped
    user: root
    volumes:
--- a/go.mod
+++ b/go.mod
@@ -32,7 +32,7 @@ require (
 	github.com/spf13/cobra v1.10.1
 	github.com/stretchr/testify v1.11.1
 	github.com/wwt/guac v1.3.2
-	goauthentik.io/api/v3 v3.2025100.25
+	goauthentik.io/api/v3 v3.2025100.24
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
 	golang.org/x/oauth2 v0.32.0
 	golang.org/x/sync v0.17.0
--- a/go.sum
+++ b/go.sum
@@ -212,8 +212,8 @@ go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
 go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
-goauthentik.io/api/v3 v3.2025100.25 h1:NC82Q8CbmD6T8s1AblPjwJl/lUZBEOmNrKZHBTnxGiY=
-goauthentik.io/api/v3 v3.2025100.25/go.mod h1:82lqAz4jxzl6Cg0YDbhNtvvTG2rm6605ZhdJFnbbsl8=
+goauthentik.io/api/v3 v3.2025100.24 h1:MRVHydt5h1vtzYcXJo5IosvtnSC9AnItytfekOhD8U0=
+goauthentik.io/api/v3 v3.2025100.24/go.mod h1:82lqAz4jxzl6Cg0YDbhNtvvTG2rm6605ZhdJFnbbsl8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
--- a/internal/constants/VERSION
+++ b/internal/constants/VERSION
@@ -1 +1 @@
-2025.10.0-rc2
+2025.10.0-rc1
--- a/internal/outpost/proxyv2/postgresstore/postgresstore.go
+++ b/internal/outpost/proxyv2/postgresstore/postgresstore.go
@@ -15,7 +15,6 @@ import (
 	_ "github.com/jackc/pgx/v5/stdlib"
 	"github.com/mitchellh/mapstructure"
 	log "github.com/sirupsen/logrus"
-	_ "gorm.io/driver/postgres"
 	"gorm.io/gorm"
 	"gorm.io/gorm/clause"
 	"gorm.io/gorm/logger"
--- a/internal/outpost/proxyv2/templates/error.html
+++ b/internal/outpost/proxyv2/templates/error.html
@@ -6,54 +6,51 @@
        <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
        <title>{{.Title}}</title>
        <link rel="shortcut icon" type="image/png" href="/outpost.goauthentik.io/static/dist/assets/icons/icon.png">
+
        <link rel="stylesheet" type="text/css" href="/outpost.goauthentik.io/static/dist/patternfly.min.css">
+
+        <link rel="stylesheet" type="text/css" href="/outpost.goauthentik.io/static/dist/layers/global.css">
+
        <link rel="stylesheet" type="text/css" href="/outpost.goauthentik.io/static/dist/authentik.css">
+
+        <link rel="stylesheet" type="text/css" href="/outpost.goauthentik.io/static/layers/global.dark.css" media="(prefers-color-scheme: dark)">
+        <link rel="stylesheet" type="text/css" href="/outpost.goauthentik.io/static/theme-dark.css" media="(prefers-color-scheme: dark)">
+
        <link rel="prefetch" href="/outpost.goauthentik.io/static/dist/assets/images/flow_background.jpg" />
        <style>
-            .pf-c-background-image::before {
-                --ak-flow-background: url("/outpost.goauthentik.io/static/dist/assets/images/flow_background.jpg");
-            }
            :root {
-                --ak-flow-background: url("/outpost.goauthentik.io/static/dist/assets/images/flow_background.jpg");
-                --pf-c-background-image--BackgroundImage: var(--ak-flow-background);
-                --pf-c-background-image--BackgroundImage-2x: var(--ak-flow-background);
-                --pf-c-background-image--BackgroundImage--sm: var(--ak-flow-background);
-                --pf-c-background-image--BackgroundImage--sm-2x: var(--ak-flow-background);
-                --pf-c-background-image--BackgroundImage--lg: var(--ak-flow-background);
+                --ak-global--background-color: var(--pf-global--BackgroundColor--150);
+                --ak-global--background-image: url("/outpost.goauthentik.io/static/dist/assets/images/flow_background.jpg");
            }
        </style>
    </head>
    <body>
-        <div class="pf-c-background-image">
-        </div>
-        <div class="pf-c-login stacked">
-            <div class="ak-login-container">
-                <main class="pf-c-login__main">
-                    <div class="pf-c-login__main-header pf-c-brand ak-brand">
-                        <img src="/outpost.goauthentik.io/static/dist/assets/icons/icon_left_brand.svg" alt="authentik Logo" />
-                    </div>
-                    <header class="pf-c-login__main-header">
-                        <h1 class="pf-c-title pf-m-3xl">
-                            {{ .Title }}
-                        </h1>
-                    </header>
-                    <div class="pf-c-login__main-body">
-                        {{ .Message }}
-                    </div>
-                    <div class="pf-c-login__main-body">
-                        <a href="/" class="pf-c-button pf-m-primary pf-m-block">Go to home</a>
-                    </div>
-                </main>
-                <footer class="pf-c-login__footer">
-                    <ul class="pf-c-list pf-m-inline">
-                        <li>
-                            <span>
-                                Powered by authentik
-                            </span>
-                        </li>
-                    </ul>
-                </footer>
-            </div>
+        <div class="pf-c-login">
+            <main class="pf-c-login__main">
+                <div part="branding" class="pf-c-login__main-header pf-c-brand">
+                    <img part="branding-logo" src="/outpost.goauthentik.io/static/dist/assets/icons/icon_left_brand.svg" alt="authentik Logo" />
+                </div>
+                <header class="pf-c-login__main-header">
+                    <h1 class="pf-c-title pf-m-3xl">
+                        {{ .Title }}
+                    </h1>
+                </header>
+                <div class="pf-c-login__main-body">
+                    {{ .Message }}
+                </div>
+                <div class="pf-c-login__main-body">
+                    <a href="/" class="pf-c-button pf-m-primary pf-m-block">Go to home</a>
+                </div>
+            </main>
+            <footer class="pf-c-login__footer pf-m-dark">
+                <ul class="pf-c-list pf-m-inline">
+                    <li>
+                        <span>
+                            Powered by authentik
+                        </span>
+                    </li>
+                </ul>
+            </footer>
        </div>
    </body>
 </html>
--- a/lifecycle/aws/template.yaml
+++ b/lifecycle/aws/template.yaml
@@ -18,7 +18,7 @@ Parameters:
    Description: authentik Docker image
  AuthentikVersion:
    Type: String
-    Default: 2025.10.0-rc2
+    Default: 2025.10.0-rc1
    Description: authentik Docker image tag
  AuthentikServerCPU:
    Type: Number
--- a/locale/de/LC_MESSAGES/django.po
+++ b/locale/de/LC_MESSAGES/django.po
@@ -14,6 +14,7 @@
 # L Petersen <lpetersen@gmx.net>, 2023
 # Marcel Patzsch, 2023
 # 8d4895d1a97955a09df504bfbc4402b0_584b927, 2023
+# Benjamin Böhmke, 2023
 # Sven S <transifex@versvendet.de>, 2023
 # Dirk R, 2023
 # Paul Frey, 2024
@@ -33,16 +34,15 @@
 # Alexander Mnich, 2025
 # Ben, 2025
 # datenschmutz, 2025
-# Benjamin Böhmke, 2025
 # 
 #, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-10-20 00:11+0000\n"
+"POT-Creation-Date: 2025-09-26 00:10+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
-"Last-Translator: Benjamin Böhmke, 2025\n"
+"Last-Translator: datenschmutz, 2025\n"
 "Language-Team: German (https://app.transifex.com/authentik/teams/119923/de/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -63,27 +63,11 @@ msgstr "Versionsinfo aktualisieren."
 msgid "New version {version} available!"
 msgstr "Neue Version {version} verfügbar!"

-#: authentik/api/v3/schema/query.py
-msgid "Which field to use when ordering the results."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A page number within the paginated result set."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "Number of results to return per page."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A search term."
-msgstr ""
-
-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Generic API Error"
 msgstr "Allgemeiner API Fehler"

-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Validation Error"
 msgstr "Validierungsfehler"

@@ -221,18 +205,6 @@ msgstr "Es sind keine führenden oder abschließenden Schrägstriche erlaubt."
 msgid "No empty segments in user path allowed."
 msgstr "Im Benutzerpfad sind keine leeren Segmente erlaubt."

-#: authentik/core/api/users.py
-msgid "A user/group with these details already exists"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unable to create user"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unknown error occurred"
-msgstr ""
-
 #: authentik/core/api/users.py
 msgid "This field is required."
 msgstr "Dieses Feld ist erforderlich."
@@ -274,7 +246,7 @@ msgid "User's display name."
 msgstr "Anzeigename"

 #: authentik/core/models.py authentik/providers/oauth2/models.py
-#: authentik/providers/saml/models.py authentik/rbac/models.py
+#: authentik/rbac/models.py
 msgid "User"
 msgstr "Benutzer"

@@ -1800,14 +1772,6 @@ msgstr "Strikter URL-Vergleich"
 msgid "Regular Expression URL matching"
 msgstr "Regex-URL-Vergleich"

-#: authentik/providers/oauth2/models.py
-msgid "Back-channel"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Front-channel"
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid "code (Authorization Code Flow)"
 msgstr "Code (Authorization-Code-Flow)"
@@ -1897,18 +1861,8 @@ msgid "Redirect URIs"
 msgstr "URIs weiterleiten"

 #: authentik/providers/oauth2/models.py
-msgid "Logout URI"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Logout Method"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid ""
-"Backchannel logs out with server to server calls. Frontchannel uses iframes "
-"in your browser"
-msgstr ""
+msgid "Back-Channel Logout URI"
+msgstr "Back-Channel Logout URI"

 #: authentik/providers/oauth2/models.py
 msgid "Include claims in id_token"
@@ -1938,13 +1892,6 @@ msgstr ""
 "Tokens laufen ab nach dieser Zeitspanne (Format: "
 "hours=1;minutes=2;seconds=3)."

-#: authentik/providers/oauth2/models.py
-msgid ""
-"When refreshing a token, if the refresh token is valid for less than this "
-"duration, it will be renewed. When set to seconds=0, token will always be "
-"renewed. (Format: hours=1;minutes=2;seconds=3)."
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid ""
 "Configure what data should be used as unique User Identifier. For most "
@@ -2091,14 +2038,6 @@ msgid "Internal host cannot be empty when forward auth is disabled."
 msgstr ""
 "Interner Host muss angegeben werden, wenn Forward Auth deaktiviert ist."

-#: authentik/providers/proxy/models.py
-msgid "Proxy Session"
-msgstr ""
-
-#: authentik/providers/proxy/models.py
-msgid "Proxy Sessions"
-msgstr ""
-
 #: authentik/providers/proxy/models.py
 msgid "Validate SSL Certificates of upstream servers"
 msgstr "SSL-Zertifikate von Upstream-Servern validieren"
@@ -2309,33 +2248,6 @@ msgstr ""
 "Damit wird festgelegt, wie Authentik die Antwort an den Dienstanbieter "
 "zurücksendet."

-#: authentik/providers/saml/models.py
-msgid "SLS URL"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "Single Logout Service URL where the logout response should be sent."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SLS Binding"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"This determines how authentik sends the logout response back to the Service "
-"Provider."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"Method to use for logout. Front-channel iframe loads all logout URLs "
-"simultaneously in hidden iframes. Front-channel native uses your active "
-"browser tab to send post requests and redirect to providers. Back-channel "
-"sends logout requests directly from the server without user interaction "
-"(requires POST SLS binding)."
-msgstr ""
-
 #: authentik/providers/saml/models.py
 msgid "NameID Property Mapping"
 msgstr "Name ID Eigenschaft"
@@ -2503,30 +2415,6 @@ msgstr "SAML Anbieter aus Metadaten"
 msgid "SAML Providers from Metadata"
 msgstr "SAML Provider aus Metadaten"

-#: authentik/providers/saml/models.py
-msgid "Link to the user's authenticated session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML SessionIndex for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID value for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID format"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Sessions"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "OAuth"
 msgstr "OAuth"
@@ -2986,18 +2874,6 @@ msgstr "HTTP Basic Authentifizierung"
 msgid "Include the client ID and secret as request parameters"
 msgstr "Füge die Client-ID und das Client-Secret als Anfrageparameter hinzu"

-#: authentik/sources/oauth/models.py
-msgid "No PKCE"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "Plain"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "S256"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid "Request Token URL"
 msgstr "Token-URL anfordern"
@@ -3039,10 +2915,6 @@ msgstr ""
 msgid "Additional Scopes"
 msgstr "zusätzliche Scopes"

-#: authentik/sources/oauth/models.py
-msgid "PKCE"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid ""
 "How to perform authentication during an authorization_code token request "
@@ -3274,12 +3146,6 @@ msgstr "Plex Gruppen Quellverbindungen"
 msgid "Check the validity of a Plex source."
 msgstr "Gültigkeit einer Plex-Source prüfen."

-#: authentik/sources/saml/api/source.py
-msgid ""
-"With a Verification Certificate selected, at least one of 'Verify Assertion "
-"Signature' or 'Verify Response Signature' must be selected."
-msgstr ""
-
 #: authentik/sources/saml/models.py
 msgid "Redirect Binding"
 msgstr "Umleitungs-Zuordnung"
@@ -3292,7 +3158,7 @@ msgstr "POST zuordnung"
 msgid "POST Binding with auto-confirmation"
 msgstr "POST zuordnung mit automatischer Bestätigung"

-#: authentik/sources/saml/models.py authentik/sources/telegram/models.py
+#: authentik/sources/saml/models.py
 msgid "Flow used before authentication."
 msgstr "Flow der vor Authorisierung verwendet wird"

@@ -3411,58 +3277,6 @@ msgstr "SCIM Quelle Eigenschafts-Zuordnung"
 msgid "SCIM Source Property Mappings"
 msgstr "SCIM Quelle Eigenschafts-Zuordnungen"

-#: authentik/sources/telegram/models.py authentik/sources/telegram/stage.py
-msgid "Telegram bot username"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram bot token"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Request access to send messages from your bot."
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Sources"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mapping"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mappings"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Authentication date is too old"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Invalid hash"
-msgstr ""
-
 #: authentik/stages/authenticator_duo/models.py
 msgid "Duo Authenticator Setup Stage"
 msgstr "Duo-Authenticator Einrichtungs Stage"
@@ -4488,14 +4302,6 @@ msgstr "Tenant, zu dem dieser Task gehört"
 msgid "Retry failed task"
 msgstr "Fehlgeschlagenen Task erneut ausführen"

-#: authentik/tasks/models.py
-msgid "Task log"
-msgstr ""
-
-#: authentik/tasks/models.py
-msgid "Task logs"
-msgstr ""
-
 #: authentik/tasks/models.py
 msgid "Worker status"
 msgstr "Worker Status"
@@ -4613,22 +4419,6 @@ msgstr "Domain"
 msgid "Domains"
 msgstr "Domains"

-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channel"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channels"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Message"
-msgstr "Nachricht"
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Messages"
-msgstr "Nachrichten"
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Queue name"
 msgstr "Queue Name"
@@ -4649,14 +4439,6 @@ msgstr "Task Status"
 msgid "Task last modified time"
 msgstr "Zeitpunkt der letzten Änderung des Tasks"

-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Number of retries"
-msgstr ""
-
-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Planned execution time"
-msgstr ""
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Task result"
 msgstr "Task-Ergebnis"
--- a/locale/es/LC_MESSAGES/django.po
+++ b/locale/es/LC_MESSAGES/django.po
--- a/locale/fi/LC_MESSAGES/django.po
+++ b/locale/fi/LC_MESSAGES/django.po
@@ -5,19 +5,19 @@
 # 
 # Translators:
 # Skyler Mäntysaari, 2024
+# Jani Hast, 2024
 # MarkoTukiainen, 2025
 # Marc Schmitt, 2025
 # Ville Ranki, 2025
-# Jani Hast, 2025
 # 
 #, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-10-20 00:11+0000\n"
+"POT-Creation-Date: 2025-08-11 00:12+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
-"Last-Translator: Jani Hast, 2025\n"
+"Last-Translator: Ville Ranki, 2025\n"
 "Language-Team: Finnish (https://app.transifex.com/authentik/teams/119923/fi/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -38,27 +38,11 @@ msgstr ""
 msgid "New version {version} available!"
 msgstr "Uusi versio {version} saatavilla!"

-#: authentik/api/v3/schema/query.py
-msgid "Which field to use when ordering the results."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A page number within the paginated result set."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "Number of results to return per page."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A search term."
-msgstr ""
-
-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Generic API Error"
 msgstr "Yleinen rajapintavirhe"

-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Validation Error"
 msgstr "Vahvistusvirhe"

@@ -185,22 +169,6 @@ msgstr "Alkuun tai loppuun tulevia kauttaviivoja ei sallita."
 msgid "No empty segments in user path allowed."
 msgstr "Tyhjiä segmenttejä käyttäjäpolussa ei sallita."

-#: authentik/core/api/users.py
-msgid "A user/group with these details already exists"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unable to create user"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unknown error occurred"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "This field is required."
-msgstr ""
-
 #: authentik/core/models.py
 msgid "name"
 msgstr "nimi"
@@ -238,7 +206,7 @@ msgid "User's display name."
 msgstr "Käyttäjän näytettävä nimi"

 #: authentik/core/models.py authentik/providers/oauth2/models.py
-#: authentik/providers/saml/models.py authentik/rbac/models.py
+#: authentik/rbac/models.py
 msgid "User"
 msgstr "Käyttäjä"

@@ -255,11 +223,11 @@ msgstr "Nollaa salasana"
 msgid "Can impersonate other users"
 msgstr "Voi esiintyä toisina käyttäjinä"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can assign permissions to users"
 msgstr "Voi antaa käyttöoikeuksia toisille käyttäjille"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can unassign permissions from users"
 msgstr "Voi poistaa käyttöoikeuksia toisilta käyttäjiltä"

@@ -404,7 +372,7 @@ msgstr ""
 "Kuinka lähde määrittää, käytetäänkö olemassa olevaa ryhmää vai luodaanko "
 "uusi."

-#: authentik/core/models.py authentik/providers/scim/models.py
+#: authentik/core/models.py
 msgid "Token"
 msgstr "Tunniste"

@@ -731,14 +699,6 @@ msgid ""
 "providers."
 msgstr ""

-#: authentik/enterprise/providers/radius/api.py
-msgid "Enterprise is required to use EAP-TLS."
-msgstr ""
-
-#: authentik/enterprise/providers/scim/api.py
-msgid "Enterprise is required to use the OAuth mode."
-msgstr ""
-
 #: authentik/enterprise/providers/ssf/models.py
 #: authentik/providers/oauth2/models.py
 msgid "Signing Key"
@@ -876,14 +836,6 @@ msgstr "Slack-webhook (Slack/Discord)"
 msgid "Email"
 msgstr "Sähköposti"

-#: authentik/events/models.py
-msgid ""
-"Only send notification once, for example when sending a webhook into a chat "
-"channel."
-msgstr ""
-"Lähetä notifikaatio vain kerran, esimerkiksi kun lähetetään webhook-"
-"tapahtuma pikaviestinkanavalle."
-
 #: authentik/events/models.py
 msgid ""
 "Customize the body of the request. Mapping should return data that is JSON-"
@@ -896,6 +848,14 @@ msgid ""
 "of key-value pairs"
 msgstr ""

+#: authentik/events/models.py
+msgid ""
+"Only send notification once, for example when sending a webhook into a chat "
+"channel."
+msgstr ""
+"Lähetä notifikaatio vain kerran, esimerkiksi kun lähetetään webhook-"
+"tapahtuma pikaviestinkanavalle."
+
 #: authentik/events/models.py
 msgid "Severity"
 msgstr "Vakavuus"
@@ -978,6 +938,14 @@ msgstr "Webhook-kytkentä"
 msgid "Webhook Mappings"
 msgstr "Webhook-kytkennät"

+#: authentik/events/models.py
+msgid "System Task"
+msgstr "Järjestelmän tehtävä"
+
+#: authentik/events/models.py
+msgid "System Tasks"
+msgstr "Järjestelmän tehtävät"
+
 #: authentik/events/tasks.py
 msgid "Dispatch new event notifications."
 msgstr ""
@@ -1703,14 +1671,6 @@ msgstr "Tiukka URL-vertailu"
 msgid "Regular Expression URL matching"
 msgstr "Regular Expression -pohjainen URL-vertailu"

-#: authentik/providers/oauth2/models.py
-msgid "Back-channel"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Front-channel"
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid "code (Authorization Code Flow)"
 msgstr "code (valtuutuskoodiprosessi)"
@@ -1800,17 +1760,7 @@ msgid "Redirect URIs"
 msgstr "Uudelleenohjaus-URIt"

 #: authentik/providers/oauth2/models.py
-msgid "Logout URI"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Logout Method"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid ""
-"Backchannel logs out with server to server calls. Frontchannel uses iframes "
-"in your browser"
+msgid "Back-Channel Logout URI"
 msgstr ""

 #: authentik/providers/oauth2/models.py
@@ -1841,13 +1791,6 @@ msgstr ""
 "Tunnisteet eivät ole voimassa luontihetkestä lisättynä tällä arvolla (Muoto:"
 " hours=1;minutes=2;seconds=3)."

-#: authentik/providers/oauth2/models.py
-msgid ""
-"When refreshing a token, if the refresh token is valid for less than this "
-"duration, it will be renewed. When set to seconds=0, token will always be "
-"renewed. (Format: hours=1;minutes=2;seconds=3)."
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid ""
 "Configure what data should be used as unique User Identifier. For most "
@@ -1988,14 +1931,6 @@ msgid "Internal host cannot be empty when forward auth is disabled."
 msgstr ""
 "Sisäinen osoite ei voi olla tyhjä kun forward auth on poistettu käytöstä."

-#: authentik/providers/proxy/models.py
-msgid "Proxy Session"
-msgstr ""
-
-#: authentik/providers/proxy/models.py
-msgid "Proxy Sessions"
-msgstr ""
-
 #: authentik/providers/proxy/models.py
 msgid "Validate SSL Certificates of upstream servers"
 msgstr "Varmenna ylemmän tason palvelinten SSL-sertifikaatit"
@@ -2207,33 +2142,6 @@ msgstr ""
 "Tämä määrittää, kuinka authentik lähettää vastauksen takaisin "
 "palveluntarjoajalle."

-#: authentik/providers/saml/models.py
-msgid "SLS URL"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "Single Logout Service URL where the logout response should be sent."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SLS Binding"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"This determines how authentik sends the logout response back to the Service "
-"Provider."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"Method to use for logout. Front-channel iframe loads all logout URLs "
-"simultaneously in hidden iframes. Front-channel native uses your active "
-"browser tab to send post requests and redirect to providers. Back-channel "
-"sends logout requests directly from the server without user interaction "
-"(requires POST SLS binding)."
-msgstr ""
-
 #: authentik/providers/saml/models.py
 msgid "NameID Property Mapping"
 msgstr "NameID-ominaisuuden kytkentä"
@@ -2399,34 +2307,6 @@ msgstr "SAML-palveluntarjoaja metatiedoista"
 msgid "SAML Providers from Metadata"
 msgstr "SAML-palveluntarjoajat metatiedoista"

-#: authentik/providers/saml/models.py
-msgid "Link to the user's authenticated session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML SessionIndex for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID value for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID format"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Sessions"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "OAuth"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Default"
 msgstr "Oletus"
@@ -2439,10 +2319,6 @@ msgstr ""
 msgid "Slack"
 msgstr ""

-#: authentik/providers/scim/models.py
-msgid "Salesforce"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Base URL to SCIM requests, usually ends in /v2"
 msgstr "URL-osoitteen perusosa SCIM-pyyntöjä varten, päättyy yleensä /v2"
@@ -2451,14 +2327,6 @@ msgstr "URL-osoitteen perusosa SCIM-pyyntöjä varten, päättyy yleensä /v2"
 msgid "Authentication token"
 msgstr "Todennustunniste"

-#: authentik/providers/scim/models.py
-msgid "OAuth Source used for authentication"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "Additional OAuth parameters, such as grant_type"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "SCIM Compatibility Mode"
 msgstr ""
@@ -2515,14 +2383,6 @@ msgstr "Rooli"
 msgid "Roles"
 msgstr "Roolit"

-#: authentik/rbac/models.py
-msgid "Can assign permissions to roles"
-msgstr ""
-
-#: authentik/rbac/models.py
-msgid "Can unassign permissions from roles"
-msgstr ""
-
 #: authentik/rbac/models.py
 msgid "Initial Permissions"
 msgstr ""
@@ -2859,18 +2719,6 @@ msgstr ""
 msgid "Include the client ID and secret as request parameters"
 msgstr ""

-#: authentik/sources/oauth/models.py
-msgid "No PKCE"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "Plain"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "S256"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid "Request Token URL"
 msgstr "Pyyntötunnisteen URL"
@@ -2911,10 +2759,6 @@ msgstr "URL, jota authentik käyttää käyttäjätiedon hakemiseksi."
 msgid "Additional Scopes"
 msgstr "Lisäkäyttöalueet"

-#: authentik/sources/oauth/models.py
-msgid "PKCE"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid ""
 "How to perform authentication during an authorization_code token request "
@@ -3142,12 +2986,6 @@ msgstr "Ryhmän Plex-lähteen yhteydet"
 msgid "Check the validity of a Plex source."
 msgstr ""

-#: authentik/sources/saml/api/source.py
-msgid ""
-"With a Verification Certificate selected, at least one of 'Verify Assertion "
-"Signature' or 'Verify Response Signature' must be selected."
-msgstr ""
-
 #: authentik/sources/saml/models.py
 msgid "Redirect Binding"
 msgstr "Uudelleenohjauksen liitos"
@@ -3160,7 +2998,7 @@ msgstr "POST-liitos"
 msgid "POST Binding with auto-confirmation"
 msgstr "POST-liitos automaattisella vahvistuksella"

-#: authentik/sources/saml/models.py authentik/sources/telegram/models.py
+#: authentik/sources/saml/models.py
 msgid "Flow used before authentication."
 msgstr "Prosessi, jota käytetään ennen tunnistautumista."

@@ -3280,58 +3118,6 @@ msgstr "SCIM-lähteen ominaisuuskytkentä"
 msgid "SCIM Source Property Mappings"
 msgstr "SCIM-lähteen ominaisuuskytkennät"

-#: authentik/sources/telegram/models.py authentik/sources/telegram/stage.py
-msgid "Telegram bot username"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram bot token"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Request access to send messages from your bot."
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Sources"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mapping"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mappings"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Authentication date is too old"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Invalid hash"
-msgstr ""
-
 #: authentik/stages/authenticator_duo/models.py
 msgid "Duo Authenticator Setup Stage"
 msgstr "Duo-todentajan asetusvaihe"
@@ -3348,6 +3134,10 @@ msgstr "Duo-laite"
 msgid "Duo Devices"
 msgstr "Duo-laitteet"

+#: authentik/stages/authenticator_email/models.py
+msgid "Email OTP"
+msgstr ""
+
 #: authentik/stages/authenticator_email/models.py
 #: authentik/stages/email/models.py
 msgid ""
@@ -3394,10 +3184,6 @@ msgstr "Koodi ei täsmää"
 msgid "Invalid email"
 msgstr ""

-#: authentik/stages/authenticator_email/stage.py
-msgid "The user already has an email address registered for MFA."
-msgstr ""
-
 #: authentik/stages/authenticator_email/templates/email/email_otp.html
 #: authentik/stages/email/templates/email/password_reset.html
 #, python-format
@@ -3736,14 +3522,6 @@ msgstr "Salasanan nollaus"
 msgid "Account Confirmation"
 msgstr "Tunnuksen vahvistus"

-#: authentik/stages/email/models.py
-msgid "Email OTP"
-msgstr ""
-
-#: authentik/stages/email/models.py
-msgid "Event Notification"
-msgstr ""
-
 #: authentik/stages/email/models.py
 msgid ""
 "The time window used to count recent account recovery attempts. If the "
@@ -3986,10 +3764,6 @@ msgstr "Tunnistautumisvaihe"
 msgid "Identification Stages"
 msgstr "Tunnistautumisvaiheet"

-#: authentik/stages/identification/stage.py
-msgid "Failed to authenticate."
-msgstr ""
-
 #: authentik/stages/identification/stage.py
 msgid "Log in"
 msgstr "Kirjaudu sisään"
@@ -4320,14 +4094,6 @@ msgstr ""
 msgid "Retry failed task"
 msgstr ""

-#: authentik/tasks/models.py
-msgid "Task log"
-msgstr ""
-
-#: authentik/tasks/models.py
-msgid "Task logs"
-msgstr ""
-
 #: authentik/tasks/models.py
 msgid "Worker status"
 msgstr ""
@@ -4444,22 +4210,6 @@ msgstr "Verkkotunnus"
 msgid "Domains"
 msgstr "Verkkotunnukset"

-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channel"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channels"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Message"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Messages"
-msgstr "Viestit"
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Queue name"
 msgstr ""
@@ -4480,14 +4230,6 @@ msgstr ""
 msgid "Task last modified time"
 msgstr ""

-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Number of retries"
-msgstr ""
-
-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Planned execution time"
-msgstr ""
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Task result"
 msgstr ""
--- a/locale/fr/LC_MESSAGES/django.po
+++ b/locale/fr/LC_MESSAGES/django.po
@@ -19,7 +19,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-10-20 00:11+0000\n"
+"POT-Creation-Date: 2025-10-15 00:10+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
 "Last-Translator: Marc Schmitt, 2025\n"
 "Language-Team: French (https://app.transifex.com/authentik/teams/119923/fr/)\n"
@@ -2969,18 +2969,6 @@ msgstr "Authentification HTTP Basic"
 msgid "Include the client ID and secret as request parameters"
 msgstr "Inclure le client ID et secret comme paramètres de la requête"

-#: authentik/sources/oauth/models.py
-msgid "No PKCE"
-msgstr "Pas de PKCE"
-
-#: authentik/sources/oauth/models.py
-msgid "Plain"
-msgstr "En clair"
-
-#: authentik/sources/oauth/models.py
-msgid "S256"
-msgstr "S256"
-
 #: authentik/sources/oauth/models.py
 msgid "Request Token URL"
 msgstr "URL du jeton de requête"
@@ -3022,10 +3010,6 @@ msgstr ""
 msgid "Additional Scopes"
 msgstr "Portées additionnelles"

-#: authentik/sources/oauth/models.py
-msgid "PKCE"
-msgstr "PKCE"
-
 #: authentik/sources/oauth/models.py
 msgid ""
 "How to perform authentication during an authorization_code token request "
--- a/locale/it/LC_MESSAGES/django.po
+++ b/locale/it/LC_MESSAGES/django.po
@@ -11,18 +11,18 @@
 # Nicola Mersi, 2024
 # tmassimi, 2024
 # Marc Schmitt, 2024
-# Kowalski Dragon (kowalski7cc) <kowalski.7cc@gmail.com>, 2025
 # Matteo Piccina <altermatte@gmail.com>, 2025
 # albanobattistella <albanobattistella@gmail.com>, 2025
+# Kowalski Dragon (kowalski7cc) <kowalski.7cc@gmail.com>, 2025
 # 
 #, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-10-20 00:11+0000\n"
+"POT-Creation-Date: 2025-08-11 00:12+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
-"Last-Translator: albanobattistella <albanobattistella@gmail.com>, 2025\n"
+"Last-Translator: Kowalski Dragon (kowalski7cc) <kowalski.7cc@gmail.com>, 2025\n"
 "Language-Team: Italian (https://app.transifex.com/authentik/teams/119923/it/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -36,34 +36,18 @@ msgstr "Cronologia delle versioni"

 #: authentik/admin/tasks.py
 msgid "Update latest version info."
-msgstr "Aggiorna le informazioni sulla versione più recente."
+msgstr ""

 #: authentik/admin/tasks.py
 #, python-brace-format
 msgid "New version {version} available!"
 msgstr "Nuova versione {version} disponibile!"

-#: authentik/api/v3/schema/query.py
-msgid "Which field to use when ordering the results."
-msgstr "Quale campo utilizzare per ordinare i risultati."
-
-#: authentik/api/v3/schema/query.py
-msgid "A page number within the paginated result set."
-msgstr "Un numero di pagina all'interno del set di risultati paginati."
-
-#: authentik/api/v3/schema/query.py
-msgid "Number of results to return per page."
-msgstr "Numero di risultati da restituire per pagina."
-
-#: authentik/api/v3/schema/query.py
-msgid "A search term."
-msgstr "Un termine di ricerca."
-
-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Generic API Error"
 msgstr "Errore API generico"

-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Validation Error"
 msgstr "Errore di validazione"

@@ -193,22 +177,6 @@ msgstr "Non sono consentite barre oblique iniziali o finali."
 msgid "No empty segments in user path allowed."
 msgstr "Non sono consentiti segmenti vuoti nel percorso utente."

-#: authentik/core/api/users.py
-msgid "A user/group with these details already exists"
-msgstr "Esiste già un utente/gruppo con questi dettagli"
-
-#: authentik/core/api/users.py
-msgid "Unable to create user"
-msgstr "Impossibile creare l'utente"
-
-#: authentik/core/api/users.py
-msgid "Unknown error occurred"
-msgstr "Si è verificato un errore sconosciuto"
-
-#: authentik/core/api/users.py
-msgid "This field is required."
-msgstr "Questo campo è obbligatorio."
-
 #: authentik/core/models.py
 msgid "name"
 msgstr "nome"
@@ -246,7 +214,7 @@ msgid "User's display name."
 msgstr "Nome visualizzato dell'utente."

 #: authentik/core/models.py authentik/providers/oauth2/models.py
-#: authentik/providers/saml/models.py authentik/rbac/models.py
+#: authentik/rbac/models.py
 msgid "User"
 msgstr "Utente"

@@ -263,11 +231,11 @@ msgstr "Reimposta Password"
 msgid "Can impersonate other users"
 msgstr "Può impersonare altri utenti"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can assign permissions to users"
 msgstr "Può assegnare permessi a utenti"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can unassign permissions from users"
 msgstr "Può rimuovere permessi da utenti"

@@ -413,7 +381,7 @@ msgstr ""
 "In che modo la fonte determina se utilizzare un gruppo esistente o crearne "
 "uno nuovo."

-#: authentik/core/models.py authentik/providers/scim/models.py
+#: authentik/core/models.py
 msgid "Token"
 msgstr "Token"

@@ -486,11 +454,11 @@ msgstr "La sorgente non è configurata per la registrazione."

 #: authentik/core/tasks.py
 msgid "Remove expired objects."
-msgstr "Rimuovi oggetti scaduti."
+msgstr ""

 #: authentik/core/tasks.py
 msgid "Remove temporary users created by SAML Sources."
-msgstr "Rimuovi gli utenti temporanei creati da SAML Sources."
+msgstr ""

 #: authentik/core/templates/if/error.html
 msgid "Go home"
@@ -546,7 +514,7 @@ msgstr "Coppie certificato-chiave"

 #: authentik/crypto/tasks.py
 msgid "Discover, import and update certificates from the filesystem."
-msgstr "Scopri, importa e aggiorna i certificati dal file system."
+msgstr ""

 #: authentik/enterprise/api.py
 msgid "Enterprise is required to create/update this object."
@@ -606,12 +574,10 @@ msgid ""
 "Check if any UniquePasswordPolicy exists, and if not, purge the password "
 "history table."
 msgstr ""
-"Controllare se esiste una UniquePasswordPolicy e, in caso contrario, "
-"cancellare la tabella della cronologia delle password."

 #: authentik/enterprise/policies/unique_password/tasks.py
 msgid "Remove user password history that are too old."
-msgstr "Rimuovi la cronologia delle password utente troppo vecchie."
+msgstr ""

 #: authentik/enterprise/policy.py
 msgid "Enterprise required to access this feature."
@@ -663,39 +629,31 @@ msgstr "Mappature Google Workspace Provider"

 #: authentik/enterprise/providers/google_workspace/tasks.py
 msgid "Sync Google Workspace provider objects."
-msgstr "Sincronizza gli oggetti del provider Google Workspace."
+msgstr ""

 #: authentik/enterprise/providers/google_workspace/tasks.py
 msgid "Full sync for Google Workspace provider."
-msgstr "Sincronizzazione completa per il provider Google Workspace."
+msgstr ""

 #: authentik/enterprise/providers/google_workspace/tasks.py
 msgid "Sync a direct object (user, group) for Google Workspace provider."
 msgstr ""
-"Sincronizza un oggetto diretto (utente, gruppo) per il provider Google "
-"Workspace."

 #: authentik/enterprise/providers/google_workspace/tasks.py
 msgid ""
 "Dispatch syncs for a direct object (user, group) for Google Workspace "
 "providers."
 msgstr ""
-"Dispatch esegue la sincronizzazione per un oggetto diretto (utente, gruppo) "
-"per i provider di Google Workspace."

 #: authentik/enterprise/providers/google_workspace/tasks.py
 msgid "Sync a related object (memberships) for Google Workspace provider."
 msgstr ""
-"Sincronizza un oggetto correlato (appartenenze) per il provider Google "
-"Workspace."

 #: authentik/enterprise/providers/google_workspace/tasks.py
 msgid ""
 "Dispatch syncs for a related object (memberships) for Google Workspace "
 "providers."
 msgstr ""
-"Dispatch esegue la sincronizzazione per un oggetto correlato (appartenenze) "
-"per i provider di Google Workspace."

 #: authentik/enterprise/providers/microsoft_entra/models.py
 msgid "Microsoft Entra Provider User"
@@ -727,47 +685,31 @@ msgstr "Mappature Microsoft Entra Provider"

 #: authentik/enterprise/providers/microsoft_entra/tasks.py
 msgid "Sync Microsoft Entra provider objects."
-msgstr "Sincronizza gli oggetti del provider Microsoft Entra."
+msgstr ""

 #: authentik/enterprise/providers/microsoft_entra/tasks.py
 msgid "Full sync for Microsoft Entra provider."
-msgstr "Sincronizzazione completa per il provider Microsoft Entra."
+msgstr ""

 #: authentik/enterprise/providers/microsoft_entra/tasks.py
 msgid "Sync a direct object (user, group) for Microsoft Entra provider."
 msgstr ""
-"Sincronizza un oggetto diretto (utente, gruppo) per il provider Microsoft "
-"Entra."

 #: authentik/enterprise/providers/microsoft_entra/tasks.py
 msgid ""
 "Dispatch syncs for a direct object (user, group) for Microsoft Entra "
 "providers."
 msgstr ""
-"Sincronizzazione di invio per un oggetto diretto (utente, gruppo) per i "
-"provider Microsoft Entra."

 #: authentik/enterprise/providers/microsoft_entra/tasks.py
 msgid "Sync a related object (memberships) for Microsoft Entra provider."
 msgstr ""
-"Sincronizza un oggetto correlato (appartenenze) per il provider Microsoft "
-"Entra."

 #: authentik/enterprise/providers/microsoft_entra/tasks.py
 msgid ""
 "Dispatch syncs for a related object (memberships) for Microsoft Entra "
 "providers."
 msgstr ""
-"Sincronizzazione delle spedizioni per un oggetto correlato (appartenenze) "
-"per i provider Microsoft Entra."
-
-#: authentik/enterprise/providers/radius/api.py
-msgid "Enterprise is required to use EAP-TLS."
-msgstr "Per Enterprise è tenuta a utilizzare EAP-TLS."
-
-#: authentik/enterprise/providers/scim/api.py
-msgid "Enterprise is required to use the OAuth mode."
-msgstr "Per Enterprise è obbligatorio utilizzare la modalità OAuth."

 #: authentik/enterprise/providers/ssf/models.py
 #: authentik/providers/oauth2/models.py
@@ -812,7 +754,7 @@ msgstr ""

 #: authentik/enterprise/providers/ssf/tasks.py
 msgid "Send an SSF event."
-msgstr "Invia un evento SSF."
+msgstr ""

 #: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
 msgid "Endpoint Authenticator Google Device Trust Connector Stage"
@@ -884,7 +826,7 @@ msgstr "Fasi Sorgenti"

 #: authentik/enterprise/tasks.py
 msgid "Update enterprise license status."
-msgstr "Aggiorna lo stato della licenza enterprise."
+msgstr ""

 #: authentik/events/models.py
 msgid "Event"
@@ -911,14 +853,6 @@ msgstr "Slack Webhook (Slack/Discord)"
 msgid "Email"
 msgstr "Email"

-#: authentik/events/models.py
-msgid ""
-"Only send notification once, for example when sending a webhook into a chat "
-"channel."
-msgstr ""
-"Invia una notifica solo una volta, ad esempio quando invii un webhook in un "
-"canale di chat."
-
 #: authentik/events/models.py
 msgid ""
 "Customize the body of the request. Mapping should return data that is JSON-"
@@ -935,6 +869,14 @@ msgstr ""
 "Configurare le intestazioni aggiuntive da inviare. Il mapping dovrebbe "
 "restituire un dizionario di coppie chiave-valore."

+#: authentik/events/models.py
+msgid ""
+"Only send notification once, for example when sending a webhook into a chat "
+"channel."
+msgstr ""
+"Invia una notifica solo una volta, ad esempio quando invii un webhook in un "
+"canale di chat."
+
 #: authentik/events/models.py
 msgid "Severity"
 msgstr "Gravità"
@@ -1020,6 +962,14 @@ msgstr "Mappatura Webhook"
 msgid "Webhook Mappings"
 msgstr "Mappature Webhook"

+#: authentik/events/models.py
+msgid "System Task"
+msgstr "Attività di sistema"
+
+#: authentik/events/models.py
+msgid "System Tasks"
+msgstr "Attività di sistema"
+
 #: authentik/events/tasks.py
 msgid "Dispatch new event notifications."
 msgstr ""
@@ -1029,21 +979,18 @@ msgid ""
 "Check if policies attached to NotificationRule match event and dispatch "
 "notification tasks."
 msgstr ""
-"Verificare se le policy associate a NotificationRule corrispondono alle "
-"attività di notifica degli eventi e di invio."

 #: authentik/events/tasks.py
 msgid "Send notification."
-msgstr "Invia notifica."
+msgstr ""

 #: authentik/events/tasks.py
 msgid "Cleanup events for GDPR compliance."
-msgstr "Pulizia eventi per la conformità al GDPR."
+msgstr ""

 #: authentik/events/tasks.py
 msgid "Cleanup seen notifications and notifications whose event expired."
 msgstr ""
-"Elimina le notifiche visualizzate e le notifiche il cui evento è scaduto."

 #: authentik/flows/api/flows.py
 #, python-brace-format
@@ -1332,7 +1279,6 @@ msgstr "Outposts"
 #: authentik/outposts/tasks.py
 msgid "Update cached state of service connection."
 msgstr ""
-"Aggiorna lo stato memorizzato nella cache della connessione al servizio."

 #: authentik/outposts/tasks.py
 msgid "Create/update/monitor/delete the deployment of an Outpost."
@@ -1348,7 +1294,7 @@ msgstr ""

 #: authentik/outposts/tasks.py
 msgid "Checks the local environment and create Service connections."
-msgstr "Controlla l'ambiente locale e crea connessioni di servizio."
+msgstr ""

 #: authentik/outposts/tasks.py
 msgid "Terminate session on all outposts."
@@ -1752,14 +1698,6 @@ msgstr "Confronto URL rigoroso"
 msgid "Regular Expression URL matching"
 msgstr "Corrispondenza URL espressione regolare"

-#: authentik/providers/oauth2/models.py
-msgid "Back-channel"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Front-channel"
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid "code (Authorization Code Flow)"
 msgstr "code (Flusso di autorizzazione del codice)"
@@ -1849,17 +1787,7 @@ msgid "Redirect URIs"
 msgstr "URL di reindirizzamento"

 #: authentik/providers/oauth2/models.py
-msgid "Logout URI"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Logout Method"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid ""
-"Backchannel logs out with server to server calls. Frontchannel uses iframes "
-"in your browser"
+msgid "Back-Channel Logout URI"
 msgstr ""

 #: authentik/providers/oauth2/models.py
@@ -1890,16 +1818,6 @@ msgstr ""
 "Tokens non validi a partire dall'ora corrente + questo valore (Format: "
 "hours=1;minutes=2;seconds=3)."

-#: authentik/providers/oauth2/models.py
-msgid ""
-"When refreshing a token, if the refresh token is valid for less than this "
-"duration, it will be renewed. When set to seconds=0, token will always be "
-"renewed. (Format: hours=1;minutes=2;seconds=3)."
-msgstr ""
-"Quando si aggiorna un token, se la sua validità è inferiore a questa durata,"
-" verrà rinnovato. Se impostato su secondi=0, il token verrà sempre "
-"rinnovato. (Formato: ore=1; minuti=2; secondi=3)."
-
 #: authentik/providers/oauth2/models.py
 msgid ""
 "Configure what data should be used as unique User Identifier. For most "
@@ -2005,7 +1923,6 @@ msgstr "Token Dispositivi"
 #: authentik/providers/oauth2/tasks.py
 msgid "Send a back-channel logout request to the registered client"
 msgstr ""
-"Invia una richiesta di disconnessione dal back-channel al client registrato"

 #: authentik/providers/oauth2/tasks.py
 msgid "Handle backchannel logout notifications dispatched via signal"
@@ -2045,14 +1962,6 @@ msgstr ""
 "L'host interno non può essere vuoto quando l'autenticazione inoltrata è "
 "disabilitata."

-#: authentik/providers/proxy/models.py
-msgid "Proxy Session"
-msgstr ""
-
-#: authentik/providers/proxy/models.py
-msgid "Proxy Sessions"
-msgstr ""
-
 #: authentik/providers/proxy/models.py
 msgid "Validate SSL Certificates of upstream servers"
 msgstr "Convalida dei certificati SSL dei server upstream"
@@ -2262,35 +2171,6 @@ msgstr ""
 "Ciò determina il modo in cui authentik invia la risposta al fornitore di "
 "servizi."

-#: authentik/providers/saml/models.py
-msgid "SLS URL"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "Single Logout Service URL where the logout response should be sent."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SLS Binding"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"This determines how authentik sends the logout response back to the Service "
-"Provider."
-msgstr ""
-"Ciò determina il modo in cui authentik invia la risposta di disconnessione "
-"al Provider del servizio."
-
-#: authentik/providers/saml/models.py
-msgid ""
-"Method to use for logout. Front-channel iframe loads all logout URLs "
-"simultaneously in hidden iframes. Front-channel native uses your active "
-"browser tab to send post requests and redirect to providers. Back-channel "
-"sends logout requests directly from the server without user interaction "
-"(requires POST SLS binding)."
-msgstr ""
-
 #: authentik/providers/saml/models.py
 msgid "NameID Property Mapping"
 msgstr "Mappatura proprietà NameID"
@@ -2458,34 +2338,6 @@ msgstr "Provider SAML dai Metadati"
 msgid "SAML Providers from Metadata"
 msgstr "Providers SAML dai Metadati"

-#: authentik/providers/saml/models.py
-msgid "Link to the user's authenticated session"
-msgstr "Link alla sessione autenticata dell'utente"
-
-#: authentik/providers/saml/models.py
-msgid "SAML SessionIndex for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID value for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID format"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Session"
-msgstr "Sessione SAML "
-
-#: authentik/providers/saml/models.py
-msgid "SAML Sessions"
-msgstr "Sessioni SAML "
-
-#: authentik/providers/scim/models.py
-msgid "OAuth"
-msgstr "OAuth"
-
 #: authentik/providers/scim/models.py
 msgid "Default"
 msgstr "Predefinito"
@@ -2498,10 +2350,6 @@ msgstr "AWS"
 msgid "Slack"
 msgstr "Slack"

-#: authentik/providers/scim/models.py
-msgid "Salesforce"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Base URL to SCIM requests, usually ends in /v2"
 msgstr "URL di base per le richieste SCIM, di solito termina con /v2"
@@ -2510,14 +2358,6 @@ msgstr "URL di base per le richieste SCIM, di solito termina con /v2"
 msgid "Authentication token"
 msgstr "Token di autenticazione"

-#: authentik/providers/scim/models.py
-msgid "OAuth Source used for authentication"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "Additional OAuth parameters, such as grant_type"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "SCIM Compatibility Mode"
 msgstr "SCIM Modalità di Compatibilità"
@@ -2576,14 +2416,6 @@ msgstr "Ruolo"
 msgid "Roles"
 msgstr "Ruoli"

-#: authentik/rbac/models.py
-msgid "Can assign permissions to roles"
-msgstr "Può assegnare autorizzazioni ai ruoli"
-
-#: authentik/rbac/models.py
-msgid "Can unassign permissions from roles"
-msgstr "Può annullare l'assegnazione delle autorizzazioni ai ruoli"
-
 #: authentik/rbac/models.py
 msgid "Initial Permissions"
 msgstr "Permessi Iniziali"
@@ -2734,11 +2566,11 @@ msgstr "Connessioni alle sorgenti del gruppo kerberos"

 #: authentik/sources/kerberos/tasks.py
 msgid "Check connectivity for Kerberos sources."
-msgstr "Controlla la connettività per sorgente Kerberos."
+msgstr ""

 #: authentik/sources/kerberos/tasks.py
 msgid "Sync Kerberos source."
-msgstr "Sincronizza la sorgente Kerberos."
+msgstr ""

 #: authentik/sources/kerberos/views.py
 msgid "SPNEGO authentication required"
@@ -2910,15 +2742,15 @@ msgstr "La password non soddisfa la complessità Active Directory."

 #: authentik/sources/ldap/tasks.py
 msgid "Check connectivity for LDAP source."
-msgstr "Verifica la connettività per la sorgente LDAP."
+msgstr ""

 #: authentik/sources/ldap/tasks.py
 msgid "Sync LDAP source."
-msgstr "Sincronizza la sorgente LDAP."
+msgstr ""

 #: authentik/sources/ldap/tasks.py
 msgid "Sync page for LDAP source."
-msgstr "Pagina di sincronizzazione per la sorgente LDAP."
+msgstr ""

 #: authentik/sources/oauth/clients/oauth2.py
 msgid "No token received."
@@ -2932,18 +2764,6 @@ msgstr "HTTP Basic Authentication"
 msgid "Include the client ID and secret as request parameters"
 msgstr "Includi il client ID e il segreto come parametri di richiesta"

-#: authentik/sources/oauth/models.py
-msgid "No PKCE"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "Plain"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "S256"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid "Request Token URL"
 msgstr "URL di Richiesta Token"
@@ -2984,10 +2804,6 @@ msgstr "URL utilizzato da authentik per ottenere le informazioni dell'utente."
 msgid "Additional Scopes"
 msgstr "Ambiti aggiuntivi"

-#: authentik/sources/oauth/models.py
-msgid "PKCE"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid ""
 "How to perform authentication during an authorization_code token request "
@@ -3216,12 +3032,6 @@ msgstr "Connessioni sorgente Plex di gruppo"
 msgid "Check the validity of a Plex source."
 msgstr ""

-#: authentik/sources/saml/api/source.py
-msgid ""
-"With a Verification Certificate selected, at least one of 'Verify Assertion "
-"Signature' or 'Verify Response Signature' must be selected."
-msgstr ""
-
 #: authentik/sources/saml/models.py
 msgid "Redirect Binding"
 msgstr "Associazione reindirizzamento"
@@ -3234,7 +3044,7 @@ msgstr "Associazione POST"
 msgid "POST Binding with auto-confirmation"
 msgstr "Associazione POST con auto-conferma"

-#: authentik/sources/saml/models.py authentik/sources/telegram/models.py
+#: authentik/sources/saml/models.py
 msgid "Flow used before authentication."
 msgstr "Flusso da usare prima dell'autenticazione."

@@ -3354,58 +3164,6 @@ msgstr "Mappatura delle proprietà della sorgente SCIM"
 msgid "SCIM Source Property Mappings"
 msgstr "Mappature delle proprietà sorgente SCIM"

-#: authentik/sources/telegram/models.py authentik/sources/telegram/stage.py
-msgid "Telegram bot username"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram bot token"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Request access to send messages from your bot."
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Sources"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mapping"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mappings"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Authentication date is too old"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Invalid hash"
-msgstr ""
-
 #: authentik/stages/authenticator_duo/models.py
 msgid "Duo Authenticator Setup Stage"
 msgstr "Fase di configurazione dell'autenticatore Duo"
@@ -3422,6 +3180,10 @@ msgstr "Dispositivo Duo"
 msgid "Duo Devices"
 msgstr "Dispositivi Duo"

+#: authentik/stages/authenticator_email/models.py
+msgid "Email OTP"
+msgstr "Email OTP"
+
 #: authentik/stages/authenticator_email/models.py
 #: authentik/stages/email/models.py
 msgid ""
@@ -3473,10 +3235,6 @@ msgstr "Il codice non corrisponde"
 msgid "Invalid email"
 msgstr "Email non valida"

-#: authentik/stages/authenticator_email/stage.py
-msgid "The user already has an email address registered for MFA."
-msgstr ""
-
 #: authentik/stages/authenticator_email/templates/email/email_otp.html
 #: authentik/stages/email/templates/email/password_reset.html
 #, python-format
@@ -3828,24 +3586,12 @@ msgstr "Ripristino password"
 msgid "Account Confirmation"
 msgstr "Conferma dell'account"

-#: authentik/stages/email/models.py
-msgid "Email OTP"
-msgstr "Email OTP"
-
-#: authentik/stages/email/models.py
-msgid "Event Notification"
-msgstr "Notifica evento"
-
 #: authentik/stages/email/models.py
 msgid ""
 "The time window used to count recent account recovery attempts. If the "
 "number of attempts exceed recovery_max_attempts within this period, further "
 "attempts will be rate-limited. (Format: hours=1;minutes=2;seconds=3)."
 msgstr ""
-"Intervallo di tempo utilizzato per conteggiare i recenti tentativi di "
-"recupero dell'account. Se il numero di tentativi supera "
-"recovery_max_attempts entro questo periodo, la frequenza dei tentativi "
-"successivi sarà limitata. (Formato: ore=1; minuti=2; secondi=3)."

 #: authentik/stages/email/models.py
 msgid "Activate users upon completion of stage."
@@ -3877,7 +3623,6 @@ msgid ""
 "Too many account verification attempts. Please try again after {minutes} "
 "minutes."
 msgstr ""
-"Troppi tentativi di verifica dell'account. Riprova tra {minutes} minuti."

 #: authentik/stages/email/stage.py
 msgid "Email Successfully sent."
@@ -3885,7 +3630,7 @@ msgstr "Email inviata con successo."

 #: authentik/stages/email/tasks.py
 msgid "Send email."
-msgstr "Invia email."
+msgstr ""

 #: authentik/stages/email/templates/email/account_confirmation.html
 #: authentik/stages/email/templates/email/account_confirmation.txt
@@ -4087,10 +3832,6 @@ msgstr "Fase di identificazione"
 msgid "Identification Stages"
 msgstr "Fasi di identificazione"

-#: authentik/stages/identification/stage.py
-msgid "Failed to authenticate."
-msgstr ""
-
 #: authentik/stages/identification/stage.py
 msgid "Log in"
 msgstr "Accedi"
@@ -4425,44 +4166,36 @@ msgstr ""

 #: authentik/tasks/models.py
 msgid "Retry failed task"
-msgstr "Riprova l'attività non riuscita"
-
-#: authentik/tasks/models.py
-msgid "Task log"
-msgstr ""
-
-#: authentik/tasks/models.py
-msgid "Task logs"
 msgstr ""

 #: authentik/tasks/models.py
 msgid "Worker status"
-msgstr "Stato del lavoratore"
+msgstr ""

 #: authentik/tasks/models.py
 msgid "Worker statuses"
-msgstr "Stati dei lavoratori"
+msgstr ""

 #: authentik/tasks/schedules/models.py
 msgid "Unique schedule identifier"
-msgstr "Identificatore univoco della pianificazione"
+msgstr ""

 #: authentik/tasks/schedules/models.py
 msgid "User schedule identifier"
-msgstr "Identificatore della pianificazione utente"
+msgstr ""

 #: authentik/tasks/schedules/models.py
 msgid "Manually trigger a schedule"
-msgstr "Attiva manualmente una pianificazione"
+msgstr ""

 #: authentik/tasks/tasks.py
 msgid "Remove old worker statuses."
-msgstr "Rimuovi i vecchi stati dei lavoratori."
+msgstr ""

 #: authentik/tenants/api/settings.py
 #, python-brace-format
 msgid "Value for flag {flag_key} needs to be of type {type}."
-msgstr "Il valore per il flag {flag_key} deve essere di tipo {type}."
+msgstr ""

 #: authentik/tenants/models.py
 msgid ""
@@ -4557,70 +4290,46 @@ msgstr "Dominio"
 msgid "Domains"
 msgstr "Domini"

-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channel"
-msgstr "Canale di gruppo"
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channels"
-msgstr "Canali di gruppo"
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Message"
-msgstr "Messaggio"
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Messages"
-msgstr "Messaggi"
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Queue name"
-msgstr "Nome della coda"
+msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Dramatiq actor name"
-msgstr "Nome dell'attore drammatico"
+msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Message body"
-msgstr "Corpo del messaggio"
+msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Task status"
-msgstr "Stato dell'attività"
+msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Task last modified time"
-msgstr "Ora dell'ultima modifica dell'attività"
-
-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Number of retries"
-msgstr "Numero di tentativi"
-
-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Planned execution time"
-msgstr "Tempo di esecuzione pianificato"
+msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Task result"
-msgstr "Risultato dell'attività"
+msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Result expiry time"
-msgstr "Tempo di scadenza del risultato"
+msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Task"
-msgstr "Attività"
+msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Tasks"
-msgstr "Attività"
+msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 #, python-format
 msgid "%(value)s is not a valid crontab"
-msgstr "%(value)s non è un crontab valido"
+msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Dramatiq actor to call"
@@ -4640,16 +4349,16 @@ msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "When to schedule tasks"
-msgstr "Quando pianificare le attività"
+msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Pause this schedule"
-msgstr "Metti in pausa questa pianificazione"
+msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Schedule"
-msgstr "Pianificazione"
+msgstr ""

 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Schedules"
-msgstr "Pianificazioni"
+msgstr ""
--- a/locale/ko/LC_MESSAGES/django.po
+++ b/locale/ko/LC_MESSAGES/django.po
--- a/locale/nl/LC_MESSAGES/django.po
+++ b/locale/nl/LC_MESSAGES/django.po
@@ -7,11 +7,11 @@
 # Melvin Snijders <mail@melvinsnijders.nl>, 2023
 # Michel Heusschen, 2023
 # ServusNL, 2023
+# Alex Kruidenberg <alexkruidenberg@hotmail.com>, 2024
 # Wilmer, 2024
 # Sjors Wortelboer, 2024
 # Marc Schmitt, 2025
 # Taeke <transifex.net@taeke.eu>, 2025
-# Alex Kruidenberg <alexkruidenberg@hotmail.com>, 2025
 # Dany Sluijk, 2025
 # 
 #, fuzzy
@@ -19,7 +19,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-10-20 00:11+0000\n"
+"POT-Creation-Date: 2025-08-11 00:12+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
 "Last-Translator: Dany Sluijk, 2025\n"
 "Language-Team: Dutch (https://app.transifex.com/authentik/teams/119923/nl/)\n"
@@ -42,27 +42,11 @@ msgstr ""
 msgid "New version {version} available!"
 msgstr "Nieuwe versie {version} beschikbaar!"

-#: authentik/api/v3/schema/query.py
-msgid "Which field to use when ordering the results."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A page number within the paginated result set."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "Number of results to return per page."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A search term."
-msgstr ""
-
-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Generic API Error"
 msgstr "Algemene API-fout"

-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Validation Error"
 msgstr "Validatiefout"

@@ -189,22 +173,6 @@ msgstr "Geen voor- of achtervoegsels toegestaan."
 msgid "No empty segments in user path allowed."
 msgstr "Geen lege segmenten in het gebruikerspad toegestaan."

-#: authentik/core/api/users.py
-msgid "A user/group with these details already exists"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unable to create user"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unknown error occurred"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "This field is required."
-msgstr ""
-
 #: authentik/core/models.py
 msgid "name"
 msgstr "naam"
@@ -243,7 +211,7 @@ msgid "User's display name."
 msgstr "Weergavenaam van de gebruiker."

 #: authentik/core/models.py authentik/providers/oauth2/models.py
-#: authentik/providers/saml/models.py authentik/rbac/models.py
+#: authentik/rbac/models.py
 msgid "User"
 msgstr "Gebruiker"

@@ -260,11 +228,11 @@ msgstr "Wachtwoord herstellen"
 msgid "Can impersonate other users"
 msgstr "Kan andere gebruikers imiteren"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can assign permissions to users"
 msgstr "Kan rechten toevoegen aan gebruikers"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can unassign permissions from users"
 msgstr "Kan rechten verwijderen van gebruikers"

@@ -412,7 +380,7 @@ msgstr ""
 "Hoe de bron wordt bepaald als een bestaande groep moet worden gebruikt of "
 "een nieuwe groep wordt aangemaakt."

-#: authentik/core/models.py authentik/providers/scim/models.py
+#: authentik/core/models.py
 msgid "Token"
 msgstr "Token"

@@ -740,14 +708,6 @@ msgid ""
 "providers."
 msgstr ""

-#: authentik/enterprise/providers/radius/api.py
-msgid "Enterprise is required to use EAP-TLS."
-msgstr ""
-
-#: authentik/enterprise/providers/scim/api.py
-msgid "Enterprise is required to use the OAuth mode."
-msgstr ""
-
 #: authentik/enterprise/providers/ssf/models.py
 #: authentik/providers/oauth2/models.py
 msgid "Signing Key"
@@ -885,14 +845,6 @@ msgstr "Slack Webhook (Slack/Discord)"
 msgid "Email"
 msgstr "E-mail"

-#: authentik/events/models.py
-msgid ""
-"Only send notification once, for example when sending a webhook into a chat "
-"channel."
-msgstr ""
-"Stuur de melding slechts eenmaal, bijvoorbeeld bij het verzenden van een "
-"webhook naar een chatkanaal."
-
 #: authentik/events/models.py
 msgid ""
 "Customize the body of the request. Mapping should return data that is JSON-"
@@ -905,6 +857,14 @@ msgid ""
 "of key-value pairs"
 msgstr ""

+#: authentik/events/models.py
+msgid ""
+"Only send notification once, for example when sending a webhook into a chat "
+"channel."
+msgstr ""
+"Stuur de melding slechts eenmaal, bijvoorbeeld bij het verzenden van een "
+"webhook naar een chatkanaal."
+
 #: authentik/events/models.py
 msgid "Severity"
 msgstr "Ernst"
@@ -988,6 +948,14 @@ msgstr "Webhook-toewijzing"
 msgid "Webhook Mappings"
 msgstr "Webhook-toewijzingen"

+#: authentik/events/models.py
+msgid "System Task"
+msgstr "Systeem Taak"
+
+#: authentik/events/models.py
+msgid "System Tasks"
+msgstr "Systeem Taken"
+
 #: authentik/events/tasks.py
 msgid "Dispatch new event notifications."
 msgstr ""
@@ -1716,14 +1684,6 @@ msgstr ""
 msgid "Regular Expression URL matching"
 msgstr ""

-#: authentik/providers/oauth2/models.py
-msgid "Back-channel"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Front-channel"
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid "code (Authorization Code Flow)"
 msgstr "code (Autorisatiecode-flow)"
@@ -1813,17 +1773,7 @@ msgid "Redirect URIs"
 msgstr "Omleidings-URI's"

 #: authentik/providers/oauth2/models.py
-msgid "Logout URI"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Logout Method"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid ""
-"Backchannel logs out with server to server calls. Frontchannel uses iframes "
-"in your browser"
+msgid "Back-Channel Logout URI"
 msgstr ""

 #: authentik/providers/oauth2/models.py
@@ -1854,13 +1804,6 @@ msgstr ""
 "Tokens zijn niet geldig op of na de huidige tijd + deze waarde (Formaat: "
 "uren=1;minuten=2;seconden=3)."

-#: authentik/providers/oauth2/models.py
-msgid ""
-"When refreshing a token, if the refresh token is valid for less than this "
-"duration, it will be renewed. When set to seconds=0, token will always be "
-"renewed. (Format: hours=1;minutes=2;seconds=3)."
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid ""
 "Configure what data should be used as unique User Identifier. For most "
@@ -2003,14 +1946,6 @@ msgstr ""
 "Interne host kan niet leeg zijn wanneer doorsturen van verificatie is "
 "uitgeschakeld."

-#: authentik/providers/proxy/models.py
-msgid "Proxy Session"
-msgstr ""
-
-#: authentik/providers/proxy/models.py
-msgid "Proxy Sessions"
-msgstr ""
-
 #: authentik/providers/proxy/models.py
 msgid "Validate SSL Certificates of upstream servers"
 msgstr "Valideer SSL-certificaten van upstream-servers"
@@ -2216,33 +2151,6 @@ msgid ""
 msgstr ""
 "Dit bepaalt hoe authentik de reactie terugstuurt naar de serviceprovider."

-#: authentik/providers/saml/models.py
-msgid "SLS URL"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "Single Logout Service URL where the logout response should be sent."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SLS Binding"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"This determines how authentik sends the logout response back to the Service "
-"Provider."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"Method to use for logout. Front-channel iframe loads all logout URLs "
-"simultaneously in hidden iframes. Front-channel native uses your active "
-"browser tab to send post requests and redirect to providers. Back-channel "
-"sends logout requests directly from the server without user interaction "
-"(requires POST SLS binding)."
-msgstr ""
-
 #: authentik/providers/saml/models.py
 msgid "NameID Property Mapping"
 msgstr "Naam-ID-eigenschapsafbeelding"
@@ -2404,34 +2312,6 @@ msgstr "SAML-provider uit metagegevens"
 msgid "SAML Providers from Metadata"
 msgstr ""

-#: authentik/providers/saml/models.py
-msgid "Link to the user's authenticated session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML SessionIndex for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID value for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID format"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Sessions"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "OAuth"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Default"
 msgstr "Standaard"
@@ -2444,10 +2324,6 @@ msgstr ""
 msgid "Slack"
 msgstr ""

-#: authentik/providers/scim/models.py
-msgid "Salesforce"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Base URL to SCIM requests, usually ends in /v2"
 msgstr "Basis-URL voor SCIM-verzoeken, eindigt meestal op /v2"
@@ -2456,14 +2332,6 @@ msgstr "Basis-URL voor SCIM-verzoeken, eindigt meestal op /v2"
 msgid "Authentication token"
 msgstr "Verificatietoken"

-#: authentik/providers/scim/models.py
-msgid "OAuth Source used for authentication"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "Additional OAuth parameters, such as grant_type"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "SCIM Compatibility Mode"
 msgstr ""
@@ -2520,14 +2388,6 @@ msgstr ""
 msgid "Roles"
 msgstr ""

-#: authentik/rbac/models.py
-msgid "Can assign permissions to roles"
-msgstr ""
-
-#: authentik/rbac/models.py
-msgid "Can unassign permissions from roles"
-msgstr ""
-
 #: authentik/rbac/models.py
 msgid "Initial Permissions"
 msgstr ""
@@ -2848,18 +2708,6 @@ msgstr ""
 msgid "Include the client ID and secret as request parameters"
 msgstr ""

-#: authentik/sources/oauth/models.py
-msgid "No PKCE"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "Plain"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "S256"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid "Request Token URL"
 msgstr "URL voor aanvragen van token"
@@ -2901,10 +2749,6 @@ msgstr ""
 msgid "Additional Scopes"
 msgstr "Aanvullende scopes"

-#: authentik/sources/oauth/models.py
-msgid "PKCE"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid ""
 "How to perform authentication during an authorization_code token request "
@@ -3130,12 +2974,6 @@ msgstr ""
 msgid "Check the validity of a Plex source."
 msgstr ""

-#: authentik/sources/saml/api/source.py
-msgid ""
-"With a Verification Certificate selected, at least one of 'Verify Assertion "
-"Signature' or 'Verify Response Signature' must be selected."
-msgstr ""
-
 #: authentik/sources/saml/models.py
 msgid "Redirect Binding"
 msgstr "Doorverwijzing Binding"
@@ -3148,7 +2986,7 @@ msgstr "POST Binding"
 msgid "POST Binding with auto-confirmation"
 msgstr "POST Binding met automatische bevestiging"

-#: authentik/sources/saml/models.py authentik/sources/telegram/models.py
+#: authentik/sources/saml/models.py
 msgid "Flow used before authentication."
 msgstr "Flow gebruikt vóór authenticatie."

@@ -3267,58 +3105,6 @@ msgstr ""
 msgid "SCIM Source Property Mappings"
 msgstr ""

-#: authentik/sources/telegram/models.py authentik/sources/telegram/stage.py
-msgid "Telegram bot username"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram bot token"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Request access to send messages from your bot."
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Sources"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mapping"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mappings"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Authentication date is too old"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Invalid hash"
-msgstr ""
-
 #: authentik/stages/authenticator_duo/models.py
 msgid "Duo Authenticator Setup Stage"
 msgstr "Duo Authenticator Installatiestadium"
@@ -3335,6 +3121,10 @@ msgstr "Duo-apparaat"
 msgid "Duo Devices"
 msgstr "Duo-apparaten"

+#: authentik/stages/authenticator_email/models.py
+msgid "Email OTP"
+msgstr ""
+
 #: authentik/stages/authenticator_email/models.py
 #: authentik/stages/email/models.py
 msgid ""
@@ -3381,10 +3171,6 @@ msgstr "Code komt niet overeen"
 msgid "Invalid email"
 msgstr ""

-#: authentik/stages/authenticator_email/stage.py
-msgid "The user already has an email address registered for MFA."
-msgstr ""
-
 #: authentik/stages/authenticator_email/templates/email/email_otp.html
 #: authentik/stages/email/templates/email/password_reset.html
 #, python-format
@@ -3717,14 +3503,6 @@ msgstr "Wachtwoordherstel"
 msgid "Account Confirmation"
 msgstr "Accountbevestiging"

-#: authentik/stages/email/models.py
-msgid "Email OTP"
-msgstr ""
-
-#: authentik/stages/email/models.py
-msgid "Event Notification"
-msgstr ""
-
 #: authentik/stages/email/models.py
 msgid ""
 "The time window used to count recent account recovery attempts. If the "
@@ -3964,10 +3742,6 @@ msgstr "Identificatiestadium"
 msgid "Identification Stages"
 msgstr "Identificatiestadia"

-#: authentik/stages/identification/stage.py
-msgid "Failed to authenticate."
-msgstr ""
-
 #: authentik/stages/identification/stage.py
 msgid "Log in"
 msgstr "Inloggen"
@@ -4305,14 +4079,6 @@ msgstr ""
 msgid "Retry failed task"
 msgstr ""

-#: authentik/tasks/models.py
-msgid "Task log"
-msgstr ""
-
-#: authentik/tasks/models.py
-msgid "Task logs"
-msgstr ""
-
 #: authentik/tasks/models.py
 msgid "Worker status"
 msgstr ""
@@ -4431,22 +4197,6 @@ msgstr "Domein"
 msgid "Domains"
 msgstr "Domeinen"

-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channel"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channels"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Message"
-msgstr "Bericht"
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Messages"
-msgstr "Berichten"
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Queue name"
 msgstr ""
@@ -4467,14 +4217,6 @@ msgstr ""
 msgid "Task last modified time"
 msgstr ""

-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Number of retries"
-msgstr ""
-
-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Planned execution time"
-msgstr ""
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Task result"
 msgstr ""
--- a/locale/pl/LC_MESSAGES/django.po
+++ b/locale/pl/LC_MESSAGES/django.po
@@ -8,18 +8,18 @@
 # Michał Jastrzębski, 2024
 # Tomci 12 <drizztes@gmail.com>, 2024
 # Marc Schmitt, 2025
+# Jens L. <jens@goauthentik.io>, 2025
 # Bartosz Ostafin, 2025
 # Darek “NeroPcStation” NeroPcStation <dareknowacki2001@gmail.com>, 2025
-# Jens L. <jens@goauthentik.io>, 2025
 # 
 #, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-10-20 00:11+0000\n"
+"POT-Creation-Date: 2025-08-11 00:12+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
-"Last-Translator: Jens L. <jens@goauthentik.io>, 2025\n"
+"Last-Translator: Darek “NeroPcStation” NeroPcStation <dareknowacki2001@gmail.com>, 2025\n"
 "Language-Team: Polish (https://app.transifex.com/authentik/teams/119923/pl/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -40,27 +40,11 @@ msgstr "Zaktualizuj informacje o najnowszej wersji."
 msgid "New version {version} available!"
 msgstr "Nowa wersja {version} dostępna!"

-#: authentik/api/v3/schema/query.py
-msgid "Which field to use when ordering the results."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A page number within the paginated result set."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "Number of results to return per page."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A search term."
-msgstr ""
-
-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Generic API Error"
 msgstr "Ogólny błąd API"

-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Validation Error"
 msgstr "Błąd walidacji"

@@ -189,22 +173,6 @@ msgstr "Niedozwolone są początkowe lub końcowe ukośniki."
 msgid "No empty segments in user path allowed."
 msgstr "Żadne puste segmenty w ścieżce użytkownika nie są dozwolone."

-#: authentik/core/api/users.py
-msgid "A user/group with these details already exists"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unable to create user"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unknown error occurred"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "This field is required."
-msgstr ""
-
 #: authentik/core/models.py
 msgid "name"
 msgstr "nazwa"
@@ -242,7 +210,7 @@ msgid "User's display name."
 msgstr "Wyświetlana nazwa użytkownika."

 #: authentik/core/models.py authentik/providers/oauth2/models.py
-#: authentik/providers/saml/models.py authentik/rbac/models.py
+#: authentik/rbac/models.py
 msgid "User"
 msgstr "Użytkownik"

@@ -259,11 +227,11 @@ msgstr "Zresetuj hasło"
 msgid "Can impersonate other users"
 msgstr "Może podszywać się pod innych użytkowników"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can assign permissions to users"
 msgstr "Może nadawać uprawnienia użytkownikom"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can unassign permissions from users"
 msgstr "Może odebrać uprawnienia użytkownikom"

@@ -405,7 +373,7 @@ msgid ""
 " created."
 msgstr ""

-#: authentik/core/models.py authentik/providers/scim/models.py
+#: authentik/core/models.py
 msgid "Token"
 msgstr "Token"

@@ -733,14 +701,6 @@ msgid ""
 "providers."
 msgstr ""

-#: authentik/enterprise/providers/radius/api.py
-msgid "Enterprise is required to use EAP-TLS."
-msgstr ""
-
-#: authentik/enterprise/providers/scim/api.py
-msgid "Enterprise is required to use the OAuth mode."
-msgstr ""
-
 #: authentik/enterprise/providers/ssf/models.py
 #: authentik/providers/oauth2/models.py
 msgid "Signing Key"
@@ -878,14 +838,6 @@ msgstr "Slack Webhook (Slack/Discord)"
 msgid "Email"
 msgstr "E-mail"

-#: authentik/events/models.py
-msgid ""
-"Only send notification once, for example when sending a webhook into a chat "
-"channel."
-msgstr ""
-"Wyślij powiadomienie tylko raz, na przykład podczas wysyłania webhooka na "
-"kanał czatu."
-
 #: authentik/events/models.py
 msgid ""
 "Customize the body of the request. Mapping should return data that is JSON-"
@@ -898,6 +850,14 @@ msgid ""
 "of key-value pairs"
 msgstr ""

+#: authentik/events/models.py
+msgid ""
+"Only send notification once, for example when sending a webhook into a chat "
+"channel."
+msgstr ""
+"Wyślij powiadomienie tylko raz, na przykład podczas wysyłania webhooka na "
+"kanał czatu."
+
 #: authentik/events/models.py
 msgid "Severity"
 msgstr "Poziom błędu"
@@ -981,6 +941,14 @@ msgstr "Mapowanie webhooka"
 msgid "Webhook Mappings"
 msgstr "Mapowania webhooka"

+#: authentik/events/models.py
+msgid "System Task"
+msgstr "Zadanie systemowe"
+
+#: authentik/events/models.py
+msgid "System Tasks"
+msgstr "Zadania systemowe"
+
 #: authentik/events/tasks.py
 msgid "Dispatch new event notifications."
 msgstr ""
@@ -1706,14 +1674,6 @@ msgstr ""
 msgid "Regular Expression URL matching"
 msgstr ""

-#: authentik/providers/oauth2/models.py
-msgid "Back-channel"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Front-channel"
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid "code (Authorization Code Flow)"
 msgstr "code (Authorization Code Flow)"
@@ -1803,17 +1763,7 @@ msgid "Redirect URIs"
 msgstr "URI przekierowania"

 #: authentik/providers/oauth2/models.py
-msgid "Logout URI"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Logout Method"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid ""
-"Backchannel logs out with server to server calls. Frontchannel uses iframes "
-"in your browser"
+msgid "Back-Channel Logout URI"
 msgstr ""

 #: authentik/providers/oauth2/models.py
@@ -1844,13 +1794,6 @@ msgstr ""
 "Tokeny nieważne w bieżącym czasie lub później + ta wartość (Format: "
 "hours=1;minutes=2;seconds=3)."

-#: authentik/providers/oauth2/models.py
-msgid ""
-"When refreshing a token, if the refresh token is valid for less than this "
-"duration, it will be renewed. When set to seconds=0, token will always be "
-"renewed. (Format: hours=1;minutes=2;seconds=3)."
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid ""
 "Configure what data should be used as unique User Identifier. For most "
@@ -1989,14 +1932,6 @@ msgstr ""
 msgid "Internal host cannot be empty when forward auth is disabled."
 msgstr "Host wewnętrzny nie może być pusty, gdy forward auth jest wyłączony."

-#: authentik/providers/proxy/models.py
-msgid "Proxy Session"
-msgstr ""
-
-#: authentik/providers/proxy/models.py
-msgid "Proxy Sessions"
-msgstr ""
-
 #: authentik/providers/proxy/models.py
 msgid "Validate SSL Certificates of upstream servers"
 msgstr "Weryfikuj certyfikaty SSL serwerów nadrzędnych"
@@ -2200,33 +2135,6 @@ msgid ""
 msgstr ""
 "Określa sposób, w jaki authentik wysyła odpowiedź z powrotem do dostawcy."

-#: authentik/providers/saml/models.py
-msgid "SLS URL"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "Single Logout Service URL where the logout response should be sent."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SLS Binding"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"This determines how authentik sends the logout response back to the Service "
-"Provider."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"Method to use for logout. Front-channel iframe loads all logout URLs "
-"simultaneously in hidden iframes. Front-channel native uses your active "
-"browser tab to send post requests and redirect to providers. Back-channel "
-"sends logout requests directly from the server without user interaction "
-"(requires POST SLS binding)."
-msgstr ""
-
 #: authentik/providers/saml/models.py
 msgid "NameID Property Mapping"
 msgstr "Mapowanie właściwości NameID"
@@ -2386,34 +2294,6 @@ msgstr "Dostawca SAML z metadanych"
 msgid "SAML Providers from Metadata"
 msgstr "Dostawcy SAML z metadanych"

-#: authentik/providers/saml/models.py
-msgid "Link to the user's authenticated session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML SessionIndex for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID value for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID format"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Sessions"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "OAuth"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Default"
 msgstr "Domyślny"
@@ -2426,10 +2306,6 @@ msgstr "AWS"
 msgid "Slack"
 msgstr "Slack"

-#: authentik/providers/scim/models.py
-msgid "Salesforce"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Base URL to SCIM requests, usually ends in /v2"
 msgstr "Podstawowy adres URL dla żądań SCIM, zwykle kończy się na /v2"
@@ -2438,14 +2314,6 @@ msgstr "Podstawowy adres URL dla żądań SCIM, zwykle kończy się na /v2"
 msgid "Authentication token"
 msgstr "Token uwierzytelnienia"

-#: authentik/providers/scim/models.py
-msgid "OAuth Source used for authentication"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "Additional OAuth parameters, such as grant_type"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "SCIM Compatibility Mode"
 msgstr ""
@@ -2502,14 +2370,6 @@ msgstr "Rola"
 msgid "Roles"
 msgstr "Role"

-#: authentik/rbac/models.py
-msgid "Can assign permissions to roles"
-msgstr ""
-
-#: authentik/rbac/models.py
-msgid "Can unassign permissions from roles"
-msgstr ""
-
 #: authentik/rbac/models.py
 msgid "Initial Permissions"
 msgstr ""
@@ -2830,18 +2690,6 @@ msgstr ""
 msgid "Include the client ID and secret as request parameters"
 msgstr ""

-#: authentik/sources/oauth/models.py
-msgid "No PKCE"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "Plain"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "S256"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid "Request Token URL"
 msgstr "URL żądania tokena"
@@ -2884,10 +2732,6 @@ msgstr "URL używany przez authentik do uzyskania informacji o użytkowniku."
 msgid "Additional Scopes"
 msgstr "Dodatkowe zakresy"

-#: authentik/sources/oauth/models.py
-msgid "PKCE"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid ""
 "How to perform authentication during an authorization_code token request "
@@ -3114,12 +2958,6 @@ msgstr ""
 msgid "Check the validity of a Plex source."
 msgstr ""

-#: authentik/sources/saml/api/source.py
-msgid ""
-"With a Verification Certificate selected, at least one of 'Verify Assertion "
-"Signature' or 'Verify Response Signature' must be selected."
-msgstr ""
-
 #: authentik/sources/saml/models.py
 msgid "Redirect Binding"
 msgstr "Powiązanie przekierowania"
@@ -3132,7 +2970,7 @@ msgstr "Wiązanie POST"
 msgid "POST Binding with auto-confirmation"
 msgstr "Wiązanie POST z automatycznym potwierdzeniem"

-#: authentik/sources/saml/models.py authentik/sources/telegram/models.py
+#: authentik/sources/saml/models.py
 msgid "Flow used before authentication."
 msgstr "Przepływ używany przed uwierzytelnieniem."

@@ -3253,58 +3091,6 @@ msgstr ""
 msgid "SCIM Source Property Mappings"
 msgstr ""

-#: authentik/sources/telegram/models.py authentik/sources/telegram/stage.py
-msgid "Telegram bot username"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram bot token"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Request access to send messages from your bot."
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Sources"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mapping"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mappings"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Authentication date is too old"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Invalid hash"
-msgstr ""
-
 #: authentik/stages/authenticator_duo/models.py
 msgid "Duo Authenticator Setup Stage"
 msgstr "Etap konfiguracji uwierzytelniacza Duo"
@@ -3321,6 +3107,10 @@ msgstr "Urządzenie Duo"
 msgid "Duo Devices"
 msgstr "Urządzenia Duo"

+#: authentik/stages/authenticator_email/models.py
+msgid "Email OTP"
+msgstr ""
+
 #: authentik/stages/authenticator_email/models.py
 #: authentik/stages/email/models.py
 msgid ""
@@ -3367,10 +3157,6 @@ msgstr "Kod jest niezgodny"
 msgid "Invalid email"
 msgstr "Nieprawidłowy email"

-#: authentik/stages/authenticator_email/stage.py
-msgid "The user already has an email address registered for MFA."
-msgstr ""
-
 #: authentik/stages/authenticator_email/templates/email/email_otp.html
 #: authentik/stages/email/templates/email/password_reset.html
 #, python-format
@@ -3708,14 +3494,6 @@ msgstr "Resetowania hasła"
 msgid "Account Confirmation"
 msgstr "Potwierdzenie konta"

-#: authentik/stages/email/models.py
-msgid "Email OTP"
-msgstr ""
-
-#: authentik/stages/email/models.py
-msgid "Event Notification"
-msgstr ""
-
 #: authentik/stages/email/models.py
 msgid ""
 "The time window used to count recent account recovery attempts. If the "
@@ -3959,10 +3737,6 @@ msgstr "Etap identyfikacji"
 msgid "Identification Stages"
 msgstr "Etapy identyfikacji"

-#: authentik/stages/identification/stage.py
-msgid "Failed to authenticate."
-msgstr ""
-
 #: authentik/stages/identification/stage.py
 msgid "Log in"
 msgstr "Zaloguj się"
@@ -4295,14 +4069,6 @@ msgstr ""
 msgid "Retry failed task"
 msgstr ""

-#: authentik/tasks/models.py
-msgid "Task log"
-msgstr ""
-
-#: authentik/tasks/models.py
-msgid "Task logs"
-msgstr ""
-
 #: authentik/tasks/models.py
 msgid "Worker status"
 msgstr ""
@@ -4418,22 +4184,6 @@ msgstr "Domena"
 msgid "Domains"
 msgstr "Domeny"

-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channel"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channels"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Message"
-msgstr "Wiadomość"
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Messages"
-msgstr "Wiadomości"
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Queue name"
 msgstr "Nazwa kolejki"
@@ -4454,14 +4204,6 @@ msgstr "Status zadania"
 msgid "Task last modified time"
 msgstr "Czas ostatniej modyfikacji zadania"

-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Number of retries"
-msgstr ""
-
-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Planned execution time"
-msgstr ""
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Task result"
 msgstr "Wynik zadania"
--- a/locale/pt/LC_MESSAGES/django.po
+++ b/locale/pt/LC_MESSAGES/django.po
@@ -5,16 +5,15 @@
 # 
 # Translators:
 # Hugo Bicho, 2025
-# Roux Sang, 2025
 # 
 #, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-10-20 00:11+0000\n"
+"POT-Creation-Date: 2025-08-11 00:12+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
-"Last-Translator: Roux Sang, 2025\n"
+"Last-Translator: Hugo Bicho, 2025\n"
 "Language-Team: Portuguese (https://app.transifex.com/authentik/teams/119923/pt/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -35,27 +34,11 @@ msgstr ""
 msgid "New version {version} available!"
 msgstr "Nova versão {version} disponível!"

-#: authentik/api/v3/schema/query.py
-msgid "Which field to use when ordering the results."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A page number within the paginated result set."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "Number of results to return per page."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A search term."
-msgstr ""
-
-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Generic API Error"
 msgstr "Erro genérico da API"

-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Validation Error"
 msgstr "Erro de validação"

@@ -139,7 +122,7 @@ msgstr "Certificado Web usado pelo servidor web authentik Core."

 #: authentik/brands/models.py
 msgid "Certificates used for client authentication."
-msgstr "Certificados utilizados para autenticação do cliente."
+msgstr ""

 #: authentik/brands/models.py
 msgid "Brand"
@@ -185,22 +168,6 @@ msgstr "Não são permitidas barras à esquerda ou à direita."
 msgid "No empty segments in user path allowed."
 msgstr "Não são permitidos segmentos vazios no caminho do utilizador."

-#: authentik/core/api/users.py
-msgid "A user/group with these details already exists"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unable to create user"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unknown error occurred"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "This field is required."
-msgstr "Este campo é necessário."
-
 #: authentik/core/models.py
 msgid "name"
 msgstr "nome"
@@ -238,7 +205,7 @@ msgid "User's display name."
 msgstr "Nome de exibição do utilizador."

 #: authentik/core/models.py authentik/providers/oauth2/models.py
-#: authentik/providers/saml/models.py authentik/rbac/models.py
+#: authentik/rbac/models.py
 msgid "User"
 msgstr "Utilizador"

@@ -255,11 +222,11 @@ msgstr "Redefinir palavra-passe"
 msgid "Can impersonate other users"
 msgstr "Pode assumir a identidade de outros utilizadores"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can assign permissions to users"
 msgstr "Pode atribuir permissões a utilizadores"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can unassign permissions from users"
 msgstr "Pode remover permissões a utilizadores"

@@ -404,7 +371,7 @@ msgstr ""
 "A forma como a fonte determina se um grupo existente deve ser utilizado ou "
 "se deve ser criado um novo grupo."

-#: authentik/core/models.py authentik/providers/scim/models.py
+#: authentik/core/models.py
 msgid "Token"
 msgstr "Token"

@@ -537,7 +504,7 @@ msgstr "Pares de chaves de certificados"

 #: authentik/crypto/tasks.py
 msgid "Discover, import and update certificates from the filesystem."
-msgstr "Descobrir, importar e atualizar certificados do sistema de arquivos."
+msgstr ""

 #: authentik/enterprise/api.py
 msgid "Enterprise is required to create/update this object."
@@ -601,7 +568,7 @@ msgstr ""

 #: authentik/enterprise/policies/unique_password/tasks.py
 msgid "Remove user password history that are too old."
-msgstr "Remover histórico de senhas antigas do usuário."
+msgstr ""

 #: authentik/enterprise/policy.py
 msgid "Enterprise required to access this feature."
@@ -734,14 +701,6 @@ msgid ""
 "providers."
 msgstr ""

-#: authentik/enterprise/providers/radius/api.py
-msgid "Enterprise is required to use EAP-TLS."
-msgstr ""
-
-#: authentik/enterprise/providers/scim/api.py
-msgid "Enterprise is required to use the OAuth mode."
-msgstr ""
-
 #: authentik/enterprise/providers/ssf/models.py
 #: authentik/providers/oauth2/models.py
 msgid "Signing Key"
@@ -881,14 +840,6 @@ msgstr "Slack Webhook (Slack/Discord)"
 msgid "Email"
 msgstr "E-mail"

-#: authentik/events/models.py
-msgid ""
-"Only send notification once, for example when sending a webhook into a chat "
-"channel."
-msgstr ""
-"Enviar a notificação apenas uma vez, por exemplo, ao enviar um webhook para "
-"um canal de chat."
-
 #: authentik/events/models.py
 msgid ""
 "Customize the body of the request. Mapping should return data that is JSON-"
@@ -905,6 +856,14 @@ msgstr ""
 "Configurar cabeçalhos adicionais a serem enviados. O mapeamento deve "
 "retornar um dicionário de pares chave-valor"

+#: authentik/events/models.py
+msgid ""
+"Only send notification once, for example when sending a webhook into a chat "
+"channel."
+msgstr ""
+"Enviar a notificação apenas uma vez, por exemplo, ao enviar um webhook para "
+"um canal de chat."
+
 #: authentik/events/models.py
 msgid "Severity"
 msgstr "Gravidade"
@@ -989,6 +948,14 @@ msgstr "Mapeamento de webhook"
 msgid "Webhook Mappings"
 msgstr "Mapeamentos de webhook"

+#: authentik/events/models.py
+msgid "System Task"
+msgstr "Tarefa do sistema"
+
+#: authentik/events/models.py
+msgid "System Tasks"
+msgstr "Tarefas do sistema"
+
 #: authentik/events/tasks.py
 msgid "Dispatch new event notifications."
 msgstr ""
@@ -1714,14 +1681,6 @@ msgstr "Comparação rigorosa de URL"
 msgid "Regular Expression URL matching"
 msgstr "Correspondência de URL com expressões regulares"

-#: authentik/providers/oauth2/models.py
-msgid "Back-channel"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Front-channel"
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid "code (Authorization Code Flow)"
 msgstr "código (Fluxo do Código de Autorização)"
@@ -1811,17 +1770,7 @@ msgid "Redirect URIs"
 msgstr "URIs de redirecionamento"

 #: authentik/providers/oauth2/models.py
-msgid "Logout URI"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Logout Method"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid ""
-"Backchannel logs out with server to server calls. Frontchannel uses iframes "
-"in your browser"
+msgid "Back-Channel Logout URI"
 msgstr ""

 #: authentik/providers/oauth2/models.py
@@ -1852,13 +1801,6 @@ msgstr ""
 "Tokens não válidos em ou após a hora atual + este valor (Formato: "
 "hours=1;minutes=2;seconds=3)."

-#: authentik/providers/oauth2/models.py
-msgid ""
-"When refreshing a token, if the refresh token is valid for less than this "
-"duration, it will be renewed. When set to seconds=0, token will always be "
-"renewed. (Format: hours=1;minutes=2;seconds=3)."
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid ""
 "Configure what data should be used as unique User Identifier. For most "
@@ -2003,14 +1945,6 @@ msgstr ""
 "O host interno não pode estar vazio quando a autenticação por encaminhamento"
 " está desativada."

-#: authentik/providers/proxy/models.py
-msgid "Proxy Session"
-msgstr ""
-
-#: authentik/providers/proxy/models.py
-msgid "Proxy Sessions"
-msgstr ""
-
 #: authentik/providers/proxy/models.py
 msgid "Validate SSL Certificates of upstream servers"
 msgstr "Validar os certificados SSL dos servidores de upstream"
@@ -2223,33 +2157,6 @@ msgstr ""
 "Determina a forma como o authentik envia a resposta de volta para o provedor"
 " de serviços."

-#: authentik/providers/saml/models.py
-msgid "SLS URL"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "Single Logout Service URL where the logout response should be sent."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SLS Binding"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"This determines how authentik sends the logout response back to the Service "
-"Provider."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"Method to use for logout. Front-channel iframe loads all logout URLs "
-"simultaneously in hidden iframes. Front-channel native uses your active "
-"browser tab to send post requests and redirect to providers. Back-channel "
-"sends logout requests directly from the server without user interaction "
-"(requires POST SLS binding)."
-msgstr ""
-
 #: authentik/providers/saml/models.py
 msgid "NameID Property Mapping"
 msgstr "Mapeamento da propriedade NameID"
@@ -2418,34 +2325,6 @@ msgstr "Provedor SAML a partir de metadados"
 msgid "SAML Providers from Metadata"
 msgstr "Provedores SAML a partir de metadados"

-#: authentik/providers/saml/models.py
-msgid "Link to the user's authenticated session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML SessionIndex for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID value for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID format"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Sessions"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "OAuth"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Default"
 msgstr "Predefinição"
@@ -2458,10 +2337,6 @@ msgstr "AWS"
 msgid "Slack"
 msgstr "Slack"

-#: authentik/providers/scim/models.py
-msgid "Salesforce"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Base URL to SCIM requests, usually ends in /v2"
 msgstr "URL base para os pedidos SCIM, normalmente termina em /v2"
@@ -2470,14 +2345,6 @@ msgstr "URL base para os pedidos SCIM, normalmente termina em /v2"
 msgid "Authentication token"
 msgstr "Token de autenticação"

-#: authentik/providers/scim/models.py
-msgid "OAuth Source used for authentication"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "Additional OAuth parameters, such as grant_type"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "SCIM Compatibility Mode"
 msgstr "Modo de compatibilidade SCIM"
@@ -2536,14 +2403,6 @@ msgstr "Função"
 msgid "Roles"
 msgstr "Funções"

-#: authentik/rbac/models.py
-msgid "Can assign permissions to roles"
-msgstr ""
-
-#: authentik/rbac/models.py
-msgid "Can unassign permissions from roles"
-msgstr ""
-
 #: authentik/rbac/models.py
 msgid "Initial Permissions"
 msgstr "Permissões iniciais"
@@ -2887,18 +2746,6 @@ msgstr "HTTP Basic Authentication"
 msgid "Include the client ID and secret as request parameters"
 msgstr "Incluir o ID do cliente e o segredo como parâmetros do pedido"

-#: authentik/sources/oauth/models.py
-msgid "No PKCE"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "Plain"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "S256"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid "Request Token URL"
 msgstr "URL de Pedido de Token"
@@ -2940,10 +2787,6 @@ msgstr ""
 msgid "Additional Scopes"
 msgstr "Âmbitos adicionais"

-#: authentik/sources/oauth/models.py
-msgid "PKCE"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid ""
 "How to perform authentication during an authorization_code token request "
@@ -3172,12 +3015,6 @@ msgstr "Ligações à fonte Plex de Grupo"
 msgid "Check the validity of a Plex source."
 msgstr ""

-#: authentik/sources/saml/api/source.py
-msgid ""
-"With a Verification Certificate selected, at least one of 'Verify Assertion "
-"Signature' or 'Verify Response Signature' must be selected."
-msgstr ""
-
 #: authentik/sources/saml/models.py
 msgid "Redirect Binding"
 msgstr "Associação de Reencaminhamento"
@@ -3190,7 +3027,7 @@ msgstr "Associação POST"
 msgid "POST Binding with auto-confirmation"
 msgstr "Associação POST com autoconfirmação"

-#: authentik/sources/saml/models.py authentik/sources/telegram/models.py
+#: authentik/sources/saml/models.py
 msgid "Flow used before authentication."
 msgstr "Fluxo utilizado antes da autenticação"

@@ -3309,58 +3146,6 @@ msgstr "Mapeamento de propriedades do provedor de SCIM"
 msgid "SCIM Source Property Mappings"
 msgstr "Mapeamentos de propriedades do provedor de SCIM"

-#: authentik/sources/telegram/models.py authentik/sources/telegram/stage.py
-msgid "Telegram bot username"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram bot token"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Request access to send messages from your bot."
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Sources"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mapping"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mappings"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Authentication date is too old"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Invalid hash"
-msgstr ""
-
 #: authentik/stages/authenticator_duo/models.py
 msgid "Duo Authenticator Setup Stage"
 msgstr "Etapa de configuração do autenticador Duo"
@@ -3377,6 +3162,10 @@ msgstr "Dispositivo Duo"
 msgid "Duo Devices"
 msgstr "Dispositivos Duo"

+#: authentik/stages/authenticator_email/models.py
+msgid "Email OTP"
+msgstr "OTP E-mail"
+
 #: authentik/stages/authenticator_email/models.py
 #: authentik/stages/email/models.py
 msgid ""
@@ -3425,10 +3214,6 @@ msgstr "O código não corresponde"
 msgid "Invalid email"
 msgstr "E-mail inválido."

-#: authentik/stages/authenticator_email/stage.py
-msgid "The user already has an email address registered for MFA."
-msgstr ""
-
 #: authentik/stages/authenticator_email/templates/email/email_otp.html
 #: authentik/stages/email/templates/email/password_reset.html
 #, python-format
@@ -3762,11 +3547,11 @@ msgstr "Etapas fictícias"

 #: authentik/stages/email/flow.py
 msgid "Continue to confirm this email address."
-msgstr "Prossiga para confirmar esse endereço de email."
+msgstr ""

 #: authentik/stages/email/flow.py
 msgid "Link was already used, please request a new link."
-msgstr "Link já usado, por favor peça um novo link."
+msgstr ""

 #: authentik/stages/email/models.py
 msgid "Password Reset"
@@ -3776,14 +3561,6 @@ msgstr "Redefinição de Palavra-Passe"
 msgid "Account Confirmation"
 msgstr "Confirmação de Conta"

-#: authentik/stages/email/models.py
-msgid "Email OTP"
-msgstr "OTP E-mail"
-
-#: authentik/stages/email/models.py
-msgid "Event Notification"
-msgstr "Notificação de Evento"
-
 #: authentik/stages/email/models.py
 msgid ""
 "The time window used to count recent account recovery attempts. If the "
@@ -4035,10 +3812,6 @@ msgstr "Etapa de identificação"
 msgid "Identification Stages"
 msgstr "Etapas de identificação"

-#: authentik/stages/identification/stage.py
-msgid "Failed to authenticate."
-msgstr ""
-
 #: authentik/stages/identification/stage.py
 msgid "Log in"
 msgstr "Iniciar sessão"
@@ -4373,14 +4146,6 @@ msgstr ""
 msgid "Retry failed task"
 msgstr ""

-#: authentik/tasks/models.py
-msgid "Task log"
-msgstr ""
-
-#: authentik/tasks/models.py
-msgid "Task logs"
-msgstr ""
-
 #: authentik/tasks/models.py
 msgid "Worker status"
 msgstr ""
@@ -4498,22 +4263,6 @@ msgstr "Domínio"
 msgid "Domains"
 msgstr "Domínios"

-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channel"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channels"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Message"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Messages"
-msgstr ""
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Queue name"
 msgstr ""
@@ -4534,14 +4283,6 @@ msgstr ""
 msgid "Task last modified time"
 msgstr ""

-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Number of retries"
-msgstr ""
-
-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Planned execution time"
-msgstr ""
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Task result"
 msgstr ""
--- a/locale/ru/LC_MESSAGES/django.po
+++ b/locale/ru/LC_MESSAGES/django.po
@@ -18,7 +18,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-10-20 00:11+0000\n"
+"POT-Creation-Date: 2025-08-11 00:12+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
 "Last-Translator: Marc Schmitt, 2025\n"
 "Language-Team: Russian (https://app.transifex.com/authentik/teams/119923/ru/)\n"
@@ -41,27 +41,11 @@ msgstr ""
 msgid "New version {version} available!"
 msgstr "Новая версия доступна {version}"

-#: authentik/api/v3/schema/query.py
-msgid "Which field to use when ordering the results."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A page number within the paginated result set."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "Number of results to return per page."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A search term."
-msgstr ""
-
-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Generic API Error"
 msgstr "Общая ошибка API"

-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Validation Error"
 msgstr "Ошибка валидации"

@@ -190,22 +174,6 @@ msgstr "Не допускается использование ведущих и
 msgid "No empty segments in user path allowed."
 msgstr "Пустые сегменты в пользовательском пути не допускаются."

-#: authentik/core/api/users.py
-msgid "A user/group with these details already exists"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unable to create user"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unknown error occurred"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "This field is required."
-msgstr ""
-
 #: authentik/core/models.py
 msgid "name"
 msgstr "имя"
@@ -243,7 +211,7 @@ msgid "User's display name."
 msgstr "Отображаемое имя пользователя."

 #: authentik/core/models.py authentik/providers/oauth2/models.py
-#: authentik/providers/saml/models.py authentik/rbac/models.py
+#: authentik/rbac/models.py
 msgid "User"
 msgstr "Пользователь"

@@ -260,11 +228,11 @@ msgstr "Сбросить пароль"
 msgid "Can impersonate other users"
 msgstr "Может имитировать других пользователей"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can assign permissions to users"
 msgstr "Может назначать разрешения пользователям"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can unassign permissions from users"
 msgstr "Может убирать разрешения у пользователей"

@@ -412,7 +380,7 @@ msgstr ""
 "Как источник определяет, следует ли использовать существующую группу или "
 "создать новую."

-#: authentik/core/models.py authentik/providers/scim/models.py
+#: authentik/core/models.py
 msgid "Token"
 msgstr "Токен"

@@ -739,14 +707,6 @@ msgid ""
 "providers."
 msgstr ""

-#: authentik/enterprise/providers/radius/api.py
-msgid "Enterprise is required to use EAP-TLS."
-msgstr ""
-
-#: authentik/enterprise/providers/scim/api.py
-msgid "Enterprise is required to use the OAuth mode."
-msgstr ""
-
 #: authentik/enterprise/providers/ssf/models.py
 #: authentik/providers/oauth2/models.py
 msgid "Signing Key"
@@ -887,14 +847,6 @@ msgstr "Slack Вебхук (Slack/Discord)"
 msgid "Email"
 msgstr "Email"

-#: authentik/events/models.py
-msgid ""
-"Only send notification once, for example when sending a webhook into a chat "
-"channel."
-msgstr ""
-"Отправлять уведомление только один раз, например, при отправке вебхука в "
-"чат-канал."
-
 #: authentik/events/models.py
 msgid ""
 "Customize the body of the request. Mapping should return data that is JSON-"
@@ -907,6 +859,14 @@ msgid ""
 "of key-value pairs"
 msgstr ""

+#: authentik/events/models.py
+msgid ""
+"Only send notification once, for example when sending a webhook into a chat "
+"channel."
+msgstr ""
+"Отправлять уведомление только один раз, например, при отправке вебхука в "
+"чат-канал."
+
 #: authentik/events/models.py
 msgid "Severity"
 msgstr "Серьезность"
@@ -990,6 +950,14 @@ msgstr "Сопоставление вебхуков"
 msgid "Webhook Mappings"
 msgstr "Сопоставления вебхуков"

+#: authentik/events/models.py
+msgid "System Task"
+msgstr "Системная задача"
+
+#: authentik/events/models.py
+msgid "System Tasks"
+msgstr "Системные задачи"
+
 #: authentik/events/tasks.py
 msgid "Dispatch new event notifications."
 msgstr ""
@@ -1716,14 +1684,6 @@ msgstr ""
 msgid "Regular Expression URL matching"
 msgstr ""

-#: authentik/providers/oauth2/models.py
-msgid "Back-channel"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Front-channel"
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid "code (Authorization Code Flow)"
 msgstr "code (поток кода авторизации)"
@@ -1813,17 +1773,7 @@ msgid "Redirect URIs"
 msgstr "Ссылка перенаправления"

 #: authentik/providers/oauth2/models.py
-msgid "Logout URI"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Logout Method"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid ""
-"Backchannel logs out with server to server calls. Frontchannel uses iframes "
-"in your browser"
+msgid "Back-Channel Logout URI"
 msgstr ""

 #: authentik/providers/oauth2/models.py
@@ -1854,13 +1804,6 @@ msgstr ""
 "Токены не действительны в текущее время или после него + указанное значение "
 "(Формат: hours=1;minutes=2;seconds=3)."

-#: authentik/providers/oauth2/models.py
-msgid ""
-"When refreshing a token, if the refresh token is valid for less than this "
-"duration, it will be renewed. When set to seconds=0, token will always be "
-"renewed. (Format: hours=1;minutes=2;seconds=3)."
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid ""
 "Configure what data should be used as unique User Identifier. For most "
@@ -2001,14 +1944,6 @@ msgid "Internal host cannot be empty when forward auth is disabled."
 msgstr ""
 "Внутренний хост не может быть пустым, если прямая аутентификация отключена."

-#: authentik/providers/proxy/models.py
-msgid "Proxy Session"
-msgstr ""
-
-#: authentik/providers/proxy/models.py
-msgid "Proxy Sessions"
-msgstr ""
-
 #: authentik/providers/proxy/models.py
 msgid "Validate SSL Certificates of upstream servers"
 msgstr "Проверка SSL-сертификатов вышестоящих серверов"
@@ -2216,33 +2151,6 @@ msgid ""
 msgstr ""
 "Это определяет, как authentik отправляет ответ обратно провайдеру услуг."

-#: authentik/providers/saml/models.py
-msgid "SLS URL"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "Single Logout Service URL where the logout response should be sent."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SLS Binding"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"This determines how authentik sends the logout response back to the Service "
-"Provider."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"Method to use for logout. Front-channel iframe loads all logout URLs "
-"simultaneously in hidden iframes. Front-channel native uses your active "
-"browser tab to send post requests and redirect to providers. Back-channel "
-"sends logout requests directly from the server without user interaction "
-"(requires POST SLS binding)."
-msgstr ""
-
 #: authentik/providers/saml/models.py
 msgid "NameID Property Mapping"
 msgstr "Сопоставление свойства NameID"
@@ -2408,34 +2316,6 @@ msgstr "Провайдер SAML из метаданных"
 msgid "SAML Providers from Metadata"
 msgstr "Провайдеры SAML из метаданных"

-#: authentik/providers/saml/models.py
-msgid "Link to the user's authenticated session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML SessionIndex for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID value for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID format"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Sessions"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "OAuth"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Default"
 msgstr "По умолчанию"
@@ -2448,10 +2328,6 @@ msgstr "AWS"
 msgid "Slack"
 msgstr "Slack"

-#: authentik/providers/scim/models.py
-msgid "Salesforce"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Base URL to SCIM requests, usually ends in /v2"
 msgstr "Базовый URL для запросов SCIM, обычно заканчивается на /v2"
@@ -2460,14 +2336,6 @@ msgstr "Базовый URL для запросов SCIM, обычно закан
 msgid "Authentication token"
 msgstr "Токен аутентификации"

-#: authentik/providers/scim/models.py
-msgid "OAuth Source used for authentication"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "Additional OAuth parameters, such as grant_type"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "SCIM Compatibility Mode"
 msgstr ""
@@ -2524,14 +2392,6 @@ msgstr "Роль"
 msgid "Roles"
 msgstr "Роли"

-#: authentik/rbac/models.py
-msgid "Can assign permissions to roles"
-msgstr ""
-
-#: authentik/rbac/models.py
-msgid "Can unassign permissions from roles"
-msgstr ""
-
 #: authentik/rbac/models.py
 msgid "Initial Permissions"
 msgstr ""
@@ -2860,18 +2720,6 @@ msgstr ""
 msgid "Include the client ID and secret as request parameters"
 msgstr ""

-#: authentik/sources/oauth/models.py
-msgid "No PKCE"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "Plain"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "S256"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid "Request Token URL"
 msgstr "URL-адрес запроса токена"
@@ -2914,10 +2762,6 @@ msgstr ""
 msgid "Additional Scopes"
 msgstr "Дополнительные области"

-#: authentik/sources/oauth/models.py
-msgid "PKCE"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid ""
 "How to perform authentication during an authorization_code token request "
@@ -3144,12 +2988,6 @@ msgstr "Групповые подключения к источнику Plex"
 msgid "Check the validity of a Plex source."
 msgstr ""

-#: authentik/sources/saml/api/source.py
-msgid ""
-"With a Verification Certificate selected, at least one of 'Verify Assertion "
-"Signature' or 'Verify Response Signature' must be selected."
-msgstr ""
-
 #: authentik/sources/saml/models.py
 msgid "Redirect Binding"
 msgstr "Привязка переадресации"
@@ -3162,7 +3000,7 @@ msgstr "Привязка POST"
 msgid "POST Binding with auto-confirmation"
 msgstr "Привязка POST с автоматическим подтверждением"

-#: authentik/sources/saml/models.py authentik/sources/telegram/models.py
+#: authentik/sources/saml/models.py
 msgid "Flow used before authentication."
 msgstr "Поток, используемый перед аутентификацией."

@@ -3285,58 +3123,6 @@ msgstr "Сопоставление свойства SCIM источника"
 msgid "SCIM Source Property Mappings"
 msgstr "Сопоставление свойств SCIM источника"

-#: authentik/sources/telegram/models.py authentik/sources/telegram/stage.py
-msgid "Telegram bot username"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram bot token"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Request access to send messages from your bot."
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Sources"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mapping"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mappings"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Authentication date is too old"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Invalid hash"
-msgstr ""
-
 #: authentik/stages/authenticator_duo/models.py
 msgid "Duo Authenticator Setup Stage"
 msgstr "Этап настройки аутентификатора Duo"
@@ -3353,6 +3139,10 @@ msgstr "Устройство Duo"
 msgid "Duo Devices"
 msgstr "Устройства Duo"

+#: authentik/stages/authenticator_email/models.py
+msgid "Email OTP"
+msgstr ""
+
 #: authentik/stages/authenticator_email/models.py
 #: authentik/stages/email/models.py
 msgid ""
@@ -3400,10 +3190,6 @@ msgstr "Код не соответствует"
 msgid "Invalid email"
 msgstr ""

-#: authentik/stages/authenticator_email/stage.py
-msgid "The user already has an email address registered for MFA."
-msgstr ""
-
 #: authentik/stages/authenticator_email/templates/email/email_otp.html
 #: authentik/stages/email/templates/email/password_reset.html
 #, python-format
@@ -3739,14 +3525,6 @@ msgstr "Сброс пароля"
 msgid "Account Confirmation"
 msgstr "Подтверждение аккаунта"

-#: authentik/stages/email/models.py
-msgid "Email OTP"
-msgstr ""
-
-#: authentik/stages/email/models.py
-msgid "Event Notification"
-msgstr ""
-
 #: authentik/stages/email/models.py
 msgid ""
 "The time window used to count recent account recovery attempts. If the "
@@ -3989,10 +3767,6 @@ msgstr "Этап идентификации"
 msgid "Identification Stages"
 msgstr "Этапы идентификации"

-#: authentik/stages/identification/stage.py
-msgid "Failed to authenticate."
-msgstr ""
-
 #: authentik/stages/identification/stage.py
 msgid "Log in"
 msgstr "Войти"
@@ -4330,14 +4104,6 @@ msgstr ""
 msgid "Retry failed task"
 msgstr ""

-#: authentik/tasks/models.py
-msgid "Task log"
-msgstr ""
-
-#: authentik/tasks/models.py
-msgid "Task logs"
-msgstr ""
-
 #: authentik/tasks/models.py
 msgid "Worker status"
 msgstr ""
@@ -4456,22 +4222,6 @@ msgstr "Домен"
 msgid "Domains"
 msgstr "Домены"

-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channel"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channels"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Message"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Messages"
-msgstr ""
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Queue name"
 msgstr ""
@@ -4492,14 +4242,6 @@ msgstr ""
 msgid "Task last modified time"
 msgstr ""

-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Number of retries"
-msgstr ""
-
-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Planned execution time"
-msgstr ""
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Task result"
 msgstr ""
--- a/locale/tr/LC_MESSAGES/django.po
+++ b/locale/tr/LC_MESSAGES/django.po
@@ -13,7 +13,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-10-20 00:11+0000\n"
+"POT-Creation-Date: 2025-08-11 00:12+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
 "Last-Translator: Jens L. <jens@goauthentik.io>, 2025\n"
 "Language-Team: Turkish (https://app.transifex.com/authentik/teams/119923/tr/)\n"
@@ -36,27 +36,11 @@ msgstr ""
 msgid "New version {version} available!"
 msgstr "Yeni sürüm {version} mevcut!"

-#: authentik/api/v3/schema/query.py
-msgid "Which field to use when ordering the results."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A page number within the paginated result set."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "Number of results to return per page."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A search term."
-msgstr ""
-
-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Generic API Error"
 msgstr "Genel API Hatası"

-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Validation Error"
 msgstr "Doğrulama Hatası"

@@ -186,22 +170,6 @@ msgstr "Başta veya sonda eğik çizgiye (\"/\") izin verilmez."
 msgid "No empty segments in user path allowed."
 msgstr "Kullanıcı yolunda boş bölüme izin verilmez."

-#: authentik/core/api/users.py
-msgid "A user/group with these details already exists"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unable to create user"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unknown error occurred"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "This field is required."
-msgstr ""
-
 #: authentik/core/models.py
 msgid "name"
 msgstr "isim"
@@ -239,7 +207,7 @@ msgid "User's display name."
 msgstr "Kullanıcının görünen adı."

 #: authentik/core/models.py authentik/providers/oauth2/models.py
-#: authentik/providers/saml/models.py authentik/rbac/models.py
+#: authentik/rbac/models.py
 msgid "User"
 msgstr "Kullanıcı"

@@ -256,11 +224,11 @@ msgstr "Parolayı Sıfırla"
 msgid "Can impersonate other users"
 msgstr "Diğer kullanıcıların kimliğine bürünebilir"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can assign permissions to users"
 msgstr "Kullanıcılara izinler atayabilir"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can unassign permissions from users"
 msgstr "Kullanıcılardan izin atamalarını kaldırabilir"

@@ -405,7 +373,7 @@ msgstr ""
 "Kaynağın mevcut bir grubun mu kullanılacağını yoksa yeni bir grup mu "
 "oluşturulacağını nasıl belirlediği."

-#: authentik/core/models.py authentik/providers/scim/models.py
+#: authentik/core/models.py
 msgid "Token"
 msgstr "Jeton"

@@ -732,14 +700,6 @@ msgid ""
 "providers."
 msgstr ""

-#: authentik/enterprise/providers/radius/api.py
-msgid "Enterprise is required to use EAP-TLS."
-msgstr ""
-
-#: authentik/enterprise/providers/scim/api.py
-msgid "Enterprise is required to use the OAuth mode."
-msgstr ""
-
 #: authentik/enterprise/providers/ssf/models.py
 #: authentik/providers/oauth2/models.py
 msgid "Signing Key"
@@ -877,14 +837,6 @@ msgstr "Slack Web kancası (Slack/Discord)"
 msgid "Email"
 msgstr "E-posta"

-#: authentik/events/models.py
-msgid ""
-"Only send notification once, for example when sending a webhook into a chat "
-"channel."
-msgstr ""
-"Örneğin bir sohbet kanalına web kancası gönderirken yalnızca bir kez "
-"bildirim gönderin."
-
 #: authentik/events/models.py
 msgid ""
 "Customize the body of the request. Mapping should return data that is JSON-"
@@ -897,6 +849,14 @@ msgid ""
 "of key-value pairs"
 msgstr ""

+#: authentik/events/models.py
+msgid ""
+"Only send notification once, for example when sending a webhook into a chat "
+"channel."
+msgstr ""
+"Örneğin bir sohbet kanalına web kancası gönderirken yalnızca bir kez "
+"bildirim gönderin."
+
 #: authentik/events/models.py
 msgid "Severity"
 msgstr "Önem derecesi"
@@ -982,6 +942,14 @@ msgstr "Web Kancası Eşlemesi"
 msgid "Webhook Mappings"
 msgstr "Web Kancası Eşlemeleri"

+#: authentik/events/models.py
+msgid "System Task"
+msgstr "Sistem Görevi"
+
+#: authentik/events/models.py
+msgid "System Tasks"
+msgstr "Sistem Görevleri"
+
 #: authentik/events/tasks.py
 msgid "Dispatch new event notifications."
 msgstr ""
@@ -1701,14 +1669,6 @@ msgstr ""
 msgid "Regular Expression URL matching"
 msgstr ""

-#: authentik/providers/oauth2/models.py
-msgid "Back-channel"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Front-channel"
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid "code (Authorization Code Flow)"
 msgstr "kodu (Yetkilendirme Kodu Akışı)"
@@ -1798,17 +1758,7 @@ msgid "Redirect URIs"
 msgstr "URI'leri yeniden yönlendirme"

 #: authentik/providers/oauth2/models.py
-msgid "Logout URI"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Logout Method"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid ""
-"Backchannel logs out with server to server calls. Frontchannel uses iframes "
-"in your browser"
+msgid "Back-Channel Logout URI"
 msgstr ""

 #: authentik/providers/oauth2/models.py
@@ -1839,13 +1789,6 @@ msgstr ""
 "Geçerli saat + bu değer üzerinde veya sonrasında geçerli olmayan jetonlar ( "
 "Format: hours=1;minutes=2;seconds=3)."

-#: authentik/providers/oauth2/models.py
-msgid ""
-"When refreshing a token, if the refresh token is valid for less than this "
-"duration, it will be renewed. When set to seconds=0, token will always be "
-"renewed. (Format: hours=1;minutes=2;seconds=3)."
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid ""
 "Configure what data should be used as unique User Identifier. For most "
@@ -1989,14 +1932,6 @@ msgstr ""
 "İleri kimlik doğrulama devre dışı bırakıldığında dahili ana bilgisayar boş "
 "olamaz."

-#: authentik/providers/proxy/models.py
-msgid "Proxy Session"
-msgstr ""
-
-#: authentik/providers/proxy/models.py
-msgid "Proxy Sessions"
-msgstr ""
-
 #: authentik/providers/proxy/models.py
 msgid "Validate SSL Certificates of upstream servers"
 msgstr "Akış yukarı akış sunucularının SSL Sertifikalarını Doğrula"
@@ -2207,33 +2142,6 @@ msgstr ""
 "Bu, authentik'in yanıtı Servis Sağlayıcıya nasıl geri göndereceğini "
 "belirler."

-#: authentik/providers/saml/models.py
-msgid "SLS URL"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "Single Logout Service URL where the logout response should be sent."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SLS Binding"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"This determines how authentik sends the logout response back to the Service "
-"Provider."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"Method to use for logout. Front-channel iframe loads all logout URLs "
-"simultaneously in hidden iframes. Front-channel native uses your active "
-"browser tab to send post requests and redirect to providers. Back-channel "
-"sends logout requests directly from the server without user interaction "
-"(requires POST SLS binding)."
-msgstr ""
-
 #: authentik/providers/saml/models.py
 msgid "NameID Property Mapping"
 msgstr "NameID Özellik Eşlemesi"
@@ -2399,34 +2307,6 @@ msgstr "Meta Verilerden SAML Sağlayıcısı"
 msgid "SAML Providers from Metadata"
 msgstr "Meta Verilerden SAML Sağlayıcıları"

-#: authentik/providers/saml/models.py
-msgid "Link to the user's authenticated session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML SessionIndex for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID value for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID format"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Sessions"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "OAuth"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Default"
 msgstr "Varsayılan"
@@ -2439,10 +2319,6 @@ msgstr ""
 msgid "Slack"
 msgstr ""

-#: authentik/providers/scim/models.py
-msgid "Salesforce"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Base URL to SCIM requests, usually ends in /v2"
 msgstr "SCIM istekleri için temel URL, genellikle /v2 ile biter"
@@ -2451,14 +2327,6 @@ msgstr "SCIM istekleri için temel URL, genellikle /v2 ile biter"
 msgid "Authentication token"
 msgstr "Kimlik doğrulama jetonu"

-#: authentik/providers/scim/models.py
-msgid "OAuth Source used for authentication"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "Additional OAuth parameters, such as grant_type"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "SCIM Compatibility Mode"
 msgstr ""
@@ -2515,14 +2383,6 @@ msgstr "Rol"
 msgid "Roles"
 msgstr "Roller"

-#: authentik/rbac/models.py
-msgid "Can assign permissions to roles"
-msgstr ""
-
-#: authentik/rbac/models.py
-msgid "Can unassign permissions from roles"
-msgstr ""
-
 #: authentik/rbac/models.py
 msgid "Initial Permissions"
 msgstr ""
@@ -2860,18 +2720,6 @@ msgstr ""
 msgid "Include the client ID and secret as request parameters"
 msgstr ""

-#: authentik/sources/oauth/models.py
-msgid "No PKCE"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "Plain"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "S256"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid "Request Token URL"
 msgstr "Jeton URL'si İste"
@@ -2912,10 +2760,6 @@ msgstr "Kullanıcı bilgilerini almak için authentik tarafından kullanılan UR
 msgid "Additional Scopes"
 msgstr "Ek Kapsamlar"

-#: authentik/sources/oauth/models.py
-msgid "PKCE"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid ""
 "How to perform authentication during an authorization_code token request "
@@ -3143,12 +2987,6 @@ msgstr "Grup Plex Kaynak Bağlantıları"
 msgid "Check the validity of a Plex source."
 msgstr ""

-#: authentik/sources/saml/api/source.py
-msgid ""
-"With a Verification Certificate selected, at least one of 'Verify Assertion "
-"Signature' or 'Verify Response Signature' must be selected."
-msgstr ""
-
 #: authentik/sources/saml/models.py
 msgid "Redirect Binding"
 msgstr "Bağlama Yönlendirme"
@@ -3161,7 +2999,7 @@ msgstr "POST Bağlama"
 msgid "POST Binding with auto-confirmation"
 msgstr "POST Otomatik onay ile bağlama"

-#: authentik/sources/saml/models.py authentik/sources/telegram/models.py
+#: authentik/sources/saml/models.py
 msgid "Flow used before authentication."
 msgstr "Kimlik doğrulamadan önce kullanılan akış."

@@ -3280,58 +3118,6 @@ msgstr "SCIM Kaynak Özellik Eşlemesi"
 msgid "SCIM Source Property Mappings"
 msgstr "SCIM Kaynak Özellik Eşlemeleri"

-#: authentik/sources/telegram/models.py authentik/sources/telegram/stage.py
-msgid "Telegram bot username"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram bot token"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Request access to send messages from your bot."
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Sources"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mapping"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mappings"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Authentication date is too old"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Invalid hash"
-msgstr ""
-
 #: authentik/stages/authenticator_duo/models.py
 msgid "Duo Authenticator Setup Stage"
 msgstr "Duo Authenticator Kurulum Aşaması"
@@ -3348,6 +3134,10 @@ msgstr "Duo Cihazı"
 msgid "Duo Devices"
 msgstr "Duo Cihazları"

+#: authentik/stages/authenticator_email/models.py
+msgid "Email OTP"
+msgstr ""
+
 #: authentik/stages/authenticator_email/models.py
 #: authentik/stages/email/models.py
 msgid ""
@@ -3394,10 +3184,6 @@ msgstr "Kod eşleşmiyor"
 msgid "Invalid email"
 msgstr ""

-#: authentik/stages/authenticator_email/stage.py
-msgid "The user already has an email address registered for MFA."
-msgstr ""
-
 #: authentik/stages/authenticator_email/templates/email/email_otp.html
 #: authentik/stages/email/templates/email/password_reset.html
 #, python-format
@@ -3731,14 +3517,6 @@ msgstr "Parola Sıfırlama"
 msgid "Account Confirmation"
 msgstr "Hesap Onayı"

-#: authentik/stages/email/models.py
-msgid "Email OTP"
-msgstr ""
-
-#: authentik/stages/email/models.py
-msgid "Event Notification"
-msgstr ""
-
 #: authentik/stages/email/models.py
 msgid ""
 "The time window used to count recent account recovery attempts. If the "
@@ -3974,10 +3752,6 @@ msgstr "Tanımlama Aşaması"
 msgid "Identification Stages"
 msgstr "Tanımlama Aşamaları"

-#: authentik/stages/identification/stage.py
-msgid "Failed to authenticate."
-msgstr ""
-
 #: authentik/stages/identification/stage.py
 msgid "Log in"
 msgstr "Oturum aç"
@@ -4306,14 +4080,6 @@ msgstr ""
 msgid "Retry failed task"
 msgstr ""

-#: authentik/tasks/models.py
-msgid "Task log"
-msgstr ""
-
-#: authentik/tasks/models.py
-msgid "Task logs"
-msgstr ""
-
 #: authentik/tasks/models.py
 msgid "Worker status"
 msgstr ""
@@ -4430,22 +4196,6 @@ msgstr "Etki Alanı"
 msgid "Domains"
 msgstr "Etki Alanları"

-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channel"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channels"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Message"
-msgstr "Mesaj"
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Messages"
-msgstr "İletiler"
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Queue name"
 msgstr ""
@@ -4466,14 +4216,6 @@ msgstr ""
 msgid "Task last modified time"
 msgstr ""

-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Number of retries"
-msgstr ""
-
-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Planned execution time"
-msgstr ""
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Task result"
 msgstr ""
--- a/locale/zh-Hans/LC_MESSAGES/django.po
+++ b/locale/zh-Hans/LC_MESSAGES/django.po
@@ -7,17 +7,17 @@
 # Chen Zhikai, 2022
 # 刘松, 2022
 # Tianhao Chai <cth451@gmail.com>, 2024
-# deluxghost, 2025
 # Jens L. <jens@goauthentik.io>, 2025
+# deluxghost, 2025
 # 
 #, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-10-20 00:11+0000\n"
+"POT-Creation-Date: 2025-08-11 00:12+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
-"Last-Translator: Jens L. <jens@goauthentik.io>, 2025\n"
+"Last-Translator: deluxghost, 2025\n"
 "Language-Team: Chinese Simplified (https://app.transifex.com/authentik/teams/119923/zh-Hans/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -38,27 +38,11 @@ msgstr ""
 msgid "New version {version} available!"
 msgstr "新版本 {version} 可用！"

-#: authentik/api/v3/schema/query.py
-msgid "Which field to use when ordering the results."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A page number within the paginated result set."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "Number of results to return per page."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A search term."
-msgstr ""
-
-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Generic API Error"
 msgstr "通用 API 错误"

-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Validation Error"
 msgstr "校验错误"

@@ -178,22 +162,6 @@ msgstr "不允许以斜线开始或结尾。"
 msgid "No empty segments in user path allowed."
 msgstr "不允许用户路径包含空段。"

-#: authentik/core/api/users.py
-msgid "A user/group with these details already exists"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unable to create user"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unknown error occurred"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "This field is required."
-msgstr ""
-
 #: authentik/core/models.py
 msgid "name"
 msgstr "名称"
@@ -231,7 +199,7 @@ msgid "User's display name."
 msgstr "用户的显示名称。"

 #: authentik/core/models.py authentik/providers/oauth2/models.py
-#: authentik/providers/saml/models.py authentik/rbac/models.py
+#: authentik/rbac/models.py
 msgid "User"
 msgstr "用户"

@@ -248,11 +216,11 @@ msgstr "重置密码"
 msgid "Can impersonate other users"
 msgstr "可以模拟其他用户的身份"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can assign permissions to users"
 msgstr "可以为用户分配权限"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can unassign permissions from users"
 msgstr "可以取消分配用户的权限"

@@ -378,7 +346,7 @@ msgid ""
 " created."
 msgstr "源怎样确定应该使用已有组的身份还是创建新组。"

-#: authentik/core/models.py authentik/providers/scim/models.py
+#: authentik/core/models.py
 msgid "Token"
 msgstr "令牌"

@@ -699,14 +667,6 @@ msgid ""
 "providers."
 msgstr ""

-#: authentik/enterprise/providers/radius/api.py
-msgid "Enterprise is required to use EAP-TLS."
-msgstr ""
-
-#: authentik/enterprise/providers/scim/api.py
-msgid "Enterprise is required to use the OAuth mode."
-msgstr ""
-
 #: authentik/enterprise/providers/ssf/models.py
 #: authentik/providers/oauth2/models.py
 msgid "Signing Key"
@@ -842,12 +802,6 @@ msgstr "Slack Webhook（Slack/Discord）"
 msgid "Email"
 msgstr "电子邮箱"

-#: authentik/events/models.py
-msgid ""
-"Only send notification once, for example when sending a webhook into a chat "
-"channel."
-msgstr "仅发送一次通知，例如在向聊天频道发送 Webhook 时。"
-
 #: authentik/events/models.py
 msgid ""
 "Customize the body of the request. Mapping should return data that is JSON-"
@@ -860,6 +814,12 @@ msgid ""
 "of key-value pairs"
 msgstr "配置要发送的额外标头。映射应该返回键值对字典。"

+#: authentik/events/models.py
+msgid ""
+"Only send notification once, for example when sending a webhook into a chat "
+"channel."
+msgstr "仅发送一次通知，例如在向聊天频道发送 Webhook 时。"
+
 #: authentik/events/models.py
 msgid "Severity"
 msgstr "严重程度"
@@ -938,6 +898,14 @@ msgstr "Webhook 映射"
 msgid "Webhook Mappings"
 msgstr "Webhook 映射"

+#: authentik/events/models.py
+msgid "System Task"
+msgstr "系统任务"
+
+#: authentik/events/models.py
+msgid "System Tasks"
+msgstr "系统任务"
+
 #: authentik/events/tasks.py
 msgid "Dispatch new event notifications."
 msgstr ""
@@ -1609,14 +1577,6 @@ msgstr "严格 URL 比较"
 msgid "Regular Expression URL matching"
 msgstr "正则表达式 URL 匹配"

-#: authentik/providers/oauth2/models.py
-msgid "Back-channel"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Front-channel"
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid "code (Authorization Code Flow)"
 msgstr "code（授权码流程）"
@@ -1702,17 +1662,7 @@ msgid "Redirect URIs"
 msgstr "重定向 URI"

 #: authentik/providers/oauth2/models.py
-msgid "Logout URI"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Logout Method"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid ""
-"Backchannel logs out with server to server calls. Frontchannel uses iframes "
-"in your browser"
+msgid "Back-Channel Logout URI"
 msgstr ""

 #: authentik/providers/oauth2/models.py
@@ -1737,13 +1687,6 @@ msgid ""
 "hours=1;minutes=2;seconds=3)."
 msgstr "从当前时间经过多久时或之后，令牌失效（格式：hours=1;minutes=2;seconds=3）。"

-#: authentik/providers/oauth2/models.py
-msgid ""
-"When refreshing a token, if the refresh token is valid for less than this "
-"duration, it will be renewed. When set to seconds=0, token will always be "
-"renewed. (Format: hours=1;minutes=2;seconds=3)."
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid ""
 "Configure what data should be used as unique User Identifier. For most "
@@ -1876,14 +1819,6 @@ msgstr "启用 Basic Auth 时，必须设置用户和密码属性。"
 msgid "Internal host cannot be empty when forward auth is disabled."
 msgstr "禁用 Forward Auth  时，内部主机不能为空。"

-#: authentik/providers/proxy/models.py
-msgid "Proxy Session"
-msgstr ""
-
-#: authentik/providers/proxy/models.py
-msgid "Proxy Sessions"
-msgstr ""
-
 #: authentik/providers/proxy/models.py
 msgid "Validate SSL Certificates of upstream servers"
 msgstr "验证上游服务器的 SSL 证书"
@@ -2067,33 +2002,6 @@ msgid ""
 "Provider."
 msgstr "确定 authentik 如何将响应发送回服务提供程序。"

-#: authentik/providers/saml/models.py
-msgid "SLS URL"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "Single Logout Service URL where the logout response should be sent."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SLS Binding"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"This determines how authentik sends the logout response back to the Service "
-"Provider."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"Method to use for logout. Front-channel iframe loads all logout URLs "
-"simultaneously in hidden iframes. Front-channel native uses your active "
-"browser tab to send post requests and redirect to providers. Back-channel "
-"sends logout requests directly from the server without user interaction "
-"(requires POST SLS binding)."
-msgstr ""
-
 #: authentik/providers/saml/models.py
 msgid "NameID Property Mapping"
 msgstr "NameID 属性映射"
@@ -2243,34 +2151,6 @@ msgstr "来自元数据的 SAML 提供程序"
 msgid "SAML Providers from Metadata"
 msgstr "来自元数据的 SAML 提供程序"

-#: authentik/providers/saml/models.py
-msgid "Link to the user's authenticated session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML SessionIndex for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID value for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID format"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Sessions"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "OAuth"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Default"
 msgstr "默认"
@@ -2283,10 +2163,6 @@ msgstr "AWS"
 msgid "Slack"
 msgstr "Slack"

-#: authentik/providers/scim/models.py
-msgid "Salesforce"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Base URL to SCIM requests, usually ends in /v2"
 msgstr "SCIM 请求的基础 URL，通常以 /v2 结尾"
@@ -2295,14 +2171,6 @@ msgstr "SCIM 请求的基础 URL，通常以 /v2 结尾"
 msgid "Authentication token"
 msgstr "身份验证令牌"

-#: authentik/providers/scim/models.py
-msgid "OAuth Source used for authentication"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "Additional OAuth parameters, such as grant_type"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "SCIM Compatibility Mode"
 msgstr "SCIM 兼容模式"
@@ -2359,14 +2227,6 @@ msgstr "角色"
 msgid "Roles"
 msgstr "角色"

-#: authentik/rbac/models.py
-msgid "Can assign permissions to roles"
-msgstr ""
-
-#: authentik/rbac/models.py
-msgid "Can unassign permissions from roles"
-msgstr ""
-
 #: authentik/rbac/models.py
 msgid "Initial Permissions"
 msgstr "初始权限"
@@ -2684,18 +2544,6 @@ msgstr "HTTP 基本身份验证"
 msgid "Include the client ID and secret as request parameters"
 msgstr "包括客户端 ID 和密钥作为请求参数"

-#: authentik/sources/oauth/models.py
-msgid "No PKCE"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "Plain"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "S256"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid "Request Token URL"
 msgstr "请求令牌 URL"
@@ -2734,10 +2582,6 @@ msgstr "authentik 用来获取用户信息的 URL。"
 msgid "Additional Scopes"
 msgstr "额外的作用域"

-#: authentik/sources/oauth/models.py
-msgid "PKCE"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid ""
 "How to perform authentication during an authorization_code token request "
@@ -2961,12 +2805,6 @@ msgstr "组 Plex 源连接"
 msgid "Check the validity of a Plex source."
 msgstr ""

-#: authentik/sources/saml/api/source.py
-msgid ""
-"With a Verification Certificate selected, at least one of 'Verify Assertion "
-"Signature' or 'Verify Response Signature' must be selected."
-msgstr ""
-
 #: authentik/sources/saml/models.py
 msgid "Redirect Binding"
 msgstr "重定向绑定"
@@ -2979,7 +2817,7 @@ msgstr "POST 绑定"
 msgid "POST Binding with auto-confirmation"
 msgstr "带有自动确认功能的 POST 绑定"

-#: authentik/sources/saml/models.py authentik/sources/telegram/models.py
+#: authentik/sources/saml/models.py
 msgid "Flow used before authentication."
 msgstr "身份验证之前使用的流程。"

@@ -3090,58 +2928,6 @@ msgstr "SCIM 源属性映射"
 msgid "SCIM Source Property Mappings"
 msgstr "SCIM 源属性映射"

-#: authentik/sources/telegram/models.py authentik/sources/telegram/stage.py
-msgid "Telegram bot username"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram bot token"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Request access to send messages from your bot."
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Sources"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mapping"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mappings"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Authentication date is too old"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Invalid hash"
-msgstr ""
-
 #: authentik/stages/authenticator_duo/models.py
 msgid "Duo Authenticator Setup Stage"
 msgstr "Duo 身份验证器设置阶段"
@@ -3158,6 +2944,10 @@ msgstr "Duo 设备"
 msgid "Duo Devices"
 msgstr "Duo 设备"

+#: authentik/stages/authenticator_email/models.py
+msgid "Email OTP"
+msgstr "电子邮件 OTP"
+
 #: authentik/stages/authenticator_email/models.py
 #: authentik/stages/email/models.py
 msgid ""
@@ -3202,10 +2992,6 @@ msgstr "代码不匹配"
 msgid "Invalid email"
 msgstr "无效电子邮件"

-#: authentik/stages/authenticator_email/stage.py
-msgid "The user already has an email address registered for MFA."
-msgstr ""
-
 #: authentik/stages/authenticator_email/templates/email/email_otp.html
 #: authentik/stages/email/templates/email/password_reset.html
 #, python-format
@@ -3533,14 +3319,6 @@ msgstr "密码重置"
 msgid "Account Confirmation"
 msgstr "账户确认"

-#: authentik/stages/email/models.py
-msgid "Email OTP"
-msgstr "电子邮件 OTP"
-
-#: authentik/stages/email/models.py
-msgid "Event Notification"
-msgstr ""
-
 #: authentik/stages/email/models.py
 msgid ""
 "The time window used to count recent account recovery attempts. If the "
@@ -3768,10 +3546,6 @@ msgstr "识别阶段"
 msgid "Identification Stages"
 msgstr "识别阶段"

-#: authentik/stages/identification/stage.py
-msgid "Failed to authenticate."
-msgstr ""
-
 #: authentik/stages/identification/stage.py
 msgid "Log in"
 msgstr "登录"
@@ -4077,14 +3851,6 @@ msgstr ""
 msgid "Retry failed task"
 msgstr ""

-#: authentik/tasks/models.py
-msgid "Task log"
-msgstr ""
-
-#: authentik/tasks/models.py
-msgid "Task logs"
-msgstr ""
-
 #: authentik/tasks/models.py
 msgid "Worker status"
 msgstr ""
@@ -4192,22 +3958,6 @@ msgstr "域名"
 msgid "Domains"
 msgstr "域名"

-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channel"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channels"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Message"
-msgstr "消息"
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Messages"
-msgstr "消息"
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Queue name"
 msgstr ""
@@ -4228,14 +3978,6 @@ msgstr ""
 msgid "Task last modified time"
 msgstr ""

-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Number of retries"
-msgstr ""
-
-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Planned execution time"
-msgstr ""
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Task result"
 msgstr ""
--- a/locale/zh_CN/LC_MESSAGES/django.po
+++ b/locale/zh_CN/LC_MESSAGES/django.po
--- a/locale/zh_TW/LC_MESSAGES/django.po
+++ b/locale/zh_TW/LC_MESSAGES/django.po
@@ -5,7 +5,7 @@
 # 
 # Translators:
 # Chen Zhikai, 2022
-# PasserDreamer, 2023
+# Passerby Dreamer, 2023
 # Phreeman33, 2024
 # 刘松, 2025
 # 
@@ -14,7 +14,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-10-20 00:11+0000\n"
+"POT-Creation-Date: 2025-08-11 00:12+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
 "Last-Translator: 刘松, 2025\n"
 "Language-Team: Chinese (Taiwan) (https://app.transifex.com/authentik/teams/119923/zh_TW/)\n"
@@ -37,27 +37,11 @@ msgstr ""
 msgid "New version {version} available!"
 msgstr ""

-#: authentik/api/v3/schema/query.py
-msgid "Which field to use when ordering the results."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A page number within the paginated result set."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "Number of results to return per page."
-msgstr ""
-
-#: authentik/api/v3/schema/query.py
-msgid "A search term."
-msgstr ""
-
-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Generic API Error"
 msgstr "通用 API 錯誤"

-#: authentik/api/v3/schema/response.py
+#: authentik/api/schema.py
 msgid "Validation Error"
 msgstr "驗證錯誤"

@@ -177,22 +161,6 @@ msgstr "不允許使用前導或尾隨的斜線。"
 msgid "No empty segments in user path allowed."
 msgstr "使用者路徑中不允許有空字串。"

-#: authentik/core/api/users.py
-msgid "A user/group with these details already exists"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unable to create user"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "Unknown error occurred"
-msgstr ""
-
-#: authentik/core/api/users.py
-msgid "This field is required."
-msgstr ""
-
 #: authentik/core/models.py
 msgid "name"
 msgstr "名稱"
@@ -230,7 +198,7 @@ msgid "User's display name."
 msgstr "使用者的顯示名稱。"

 #: authentik/core/models.py authentik/providers/oauth2/models.py
-#: authentik/providers/saml/models.py authentik/rbac/models.py
+#: authentik/rbac/models.py
 msgid "User"
 msgstr "使用者"

@@ -247,11 +215,11 @@ msgstr "重設密碼"
 msgid "Can impersonate other users"
 msgstr "可模擬其他使用者"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can assign permissions to users"
 msgstr "可為使用者分配權限"

-#: authentik/core/models.py
+#: authentik/core/models.py authentik/rbac/models.py
 msgid "Can unassign permissions from users"
 msgstr "可取消分配使用者的權限"

@@ -377,7 +345,7 @@ msgid ""
 " created."
 msgstr ""

-#: authentik/core/models.py authentik/providers/scim/models.py
+#: authentik/core/models.py
 msgid "Token"
 msgstr "權杖"

@@ -698,14 +666,6 @@ msgid ""
 "providers."
 msgstr ""

-#: authentik/enterprise/providers/radius/api.py
-msgid "Enterprise is required to use EAP-TLS."
-msgstr ""
-
-#: authentik/enterprise/providers/scim/api.py
-msgid "Enterprise is required to use the OAuth mode."
-msgstr ""
-
 #: authentik/enterprise/providers/ssf/models.py
 #: authentik/providers/oauth2/models.py
 msgid "Signing Key"
@@ -841,12 +801,6 @@ msgstr "Slack Webhook（Slack/Discord）"
 msgid "Email"
 msgstr "電子郵件"

-#: authentik/events/models.py
-msgid ""
-"Only send notification once, for example when sending a webhook into a chat "
-"channel."
-msgstr "僅發送一次通知，例如在向聊天頻道發送 Webhook 時。"
-
 #: authentik/events/models.py
 msgid ""
 "Customize the body of the request. Mapping should return data that is JSON-"
@@ -859,6 +813,12 @@ msgid ""
 "of key-value pairs"
 msgstr ""

+#: authentik/events/models.py
+msgid ""
+"Only send notification once, for example when sending a webhook into a chat "
+"channel."
+msgstr "僅發送一次通知，例如在向聊天頻道發送 Webhook 時。"
+
 #: authentik/events/models.py
 msgid "Severity"
 msgstr "嚴重程度"
@@ -937,6 +897,14 @@ msgstr "Webhook 對應"
 msgid "Webhook Mappings"
 msgstr "Webhook 對應"

+#: authentik/events/models.py
+msgid "System Task"
+msgstr "系統任務"
+
+#: authentik/events/models.py
+msgid "System Tasks"
+msgstr "系统任务"
+
 #: authentik/events/tasks.py
 msgid "Dispatch new event notifications."
 msgstr ""
@@ -1607,14 +1575,6 @@ msgstr ""
 msgid "Regular Expression URL matching"
 msgstr ""

-#: authentik/providers/oauth2/models.py
-msgid "Back-channel"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Front-channel"
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid "code (Authorization Code Flow)"
 msgstr "code（授權碼流程）"
@@ -1700,17 +1660,7 @@ msgid "Redirect URIs"
 msgstr "重新導向 URI"

 #: authentik/providers/oauth2/models.py
-msgid "Logout URI"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid "Logout Method"
-msgstr ""
-
-#: authentik/providers/oauth2/models.py
-msgid ""
-"Backchannel logs out with server to server calls. Frontchannel uses iframes "
-"in your browser"
+msgid "Back-Channel Logout URI"
 msgstr ""

 #: authentik/providers/oauth2/models.py
@@ -1735,13 +1685,6 @@ msgid ""
 "hours=1;minutes=2;seconds=3)."
 msgstr "權杖在當前時間加上此值後並非有效（格式：hours=1;minutes=2;seconds=3）。"

-#: authentik/providers/oauth2/models.py
-msgid ""
-"When refreshing a token, if the refresh token is valid for less than this "
-"duration, it will be renewed. When set to seconds=0, token will always be "
-"renewed. (Format: hours=1;minutes=2;seconds=3)."
-msgstr ""
-
 #: authentik/providers/oauth2/models.py
 msgid ""
 "Configure what data should be used as unique User Identifier. For most "
@@ -1874,14 +1817,6 @@ msgstr "啟用基本認證時必須設定使用者和密碼特徵項。"
 msgid "Internal host cannot be empty when forward auth is disabled."
 msgstr "當禁用轉發認證時，內部主機不能為空。"

-#: authentik/providers/proxy/models.py
-msgid "Proxy Session"
-msgstr ""
-
-#: authentik/providers/proxy/models.py
-msgid "Proxy Sessions"
-msgstr ""
-
 #: authentik/providers/proxy/models.py
 msgid "Validate SSL Certificates of upstream servers"
 msgstr "驗證上游伺服器的 SSL 憑證"
@@ -2068,33 +2003,6 @@ msgid ""
 "Provider."
 msgstr "這決定了 authentik 如何將回應發送回服務供應商。"

-#: authentik/providers/saml/models.py
-msgid "SLS URL"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "Single Logout Service URL where the logout response should be sent."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SLS Binding"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"This determines how authentik sends the logout response back to the Service "
-"Provider."
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid ""
-"Method to use for logout. Front-channel iframe loads all logout URLs "
-"simultaneously in hidden iframes. Front-channel native uses your active "
-"browser tab to send post requests and redirect to providers. Back-channel "
-"sends logout requests directly from the server without user interaction "
-"(requires POST SLS binding)."
-msgstr ""
-
 #: authentik/providers/saml/models.py
 msgid "NameID Property Mapping"
 msgstr "NameID 屬性對應"
@@ -2243,34 +2151,6 @@ msgstr "從中繼資料取得 SAML 供應商"
 msgid "SAML Providers from Metadata"
 msgstr "來自詮釋資料的 SAML 提供程式"

-#: authentik/providers/saml/models.py
-msgid "Link to the user's authenticated session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML SessionIndex for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID value for this session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML NameID format"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Session"
-msgstr ""
-
-#: authentik/providers/saml/models.py
-msgid "SAML Sessions"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "OAuth"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Default"
 msgstr "默认"
@@ -2283,10 +2163,6 @@ msgstr ""
 msgid "Slack"
 msgstr ""

-#: authentik/providers/scim/models.py
-msgid "Salesforce"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "Base URL to SCIM requests, usually ends in /v2"
 msgstr "SCIM 要求中的基礎網址，通常以 /v2 結尾。"
@@ -2295,14 +2171,6 @@ msgstr "SCIM 要求中的基礎網址，通常以 /v2 結尾。"
 msgid "Authentication token"
 msgstr "認證權杖"

-#: authentik/providers/scim/models.py
-msgid "OAuth Source used for authentication"
-msgstr ""
-
-#: authentik/providers/scim/models.py
-msgid "Additional OAuth parameters, such as grant_type"
-msgstr ""
-
 #: authentik/providers/scim/models.py
 msgid "SCIM Compatibility Mode"
 msgstr ""
@@ -2359,14 +2227,6 @@ msgstr "角色"
 msgid "Roles"
 msgstr "角色"

-#: authentik/rbac/models.py
-msgid "Can assign permissions to roles"
-msgstr ""
-
-#: authentik/rbac/models.py
-msgid "Can unassign permissions from roles"
-msgstr ""
-
 #: authentik/rbac/models.py
 msgid "Initial Permissions"
 msgstr ""
@@ -2679,18 +2539,6 @@ msgstr ""
 msgid "Include the client ID and secret as request parameters"
 msgstr ""

-#: authentik/sources/oauth/models.py
-msgid "No PKCE"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "Plain"
-msgstr ""
-
-#: authentik/sources/oauth/models.py
-msgid "S256"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid "Request Token URL"
 msgstr "請求權杖的網址"
@@ -2729,10 +2577,6 @@ msgstr "authentik 用來擷取使用者資訊的網址。"
 msgid "Additional Scopes"
 msgstr "附加範圍"

-#: authentik/sources/oauth/models.py
-msgid "PKCE"
-msgstr ""
-
 #: authentik/sources/oauth/models.py
 msgid ""
 "How to perform authentication during an authorization_code token request "
@@ -2956,12 +2800,6 @@ msgstr ""
 msgid "Check the validity of a Plex source."
 msgstr ""

-#: authentik/sources/saml/api/source.py
-msgid ""
-"With a Verification Certificate selected, at least one of 'Verify Assertion "
-"Signature' or 'Verify Response Signature' must be selected."
-msgstr ""
-
 #: authentik/sources/saml/models.py
 msgid "Redirect Binding"
 msgstr "重新導向附加"
@@ -2974,7 +2812,7 @@ msgstr "POST 附加"
 msgid "POST Binding with auto-confirmation"
 msgstr "使用自動確認的 POST 附加"

-#: authentik/sources/saml/models.py authentik/sources/telegram/models.py
+#: authentik/sources/saml/models.py
 msgid "Flow used before authentication."
 msgstr "在身分驗證之前所使用的流程。"

@@ -3085,58 +2923,6 @@ msgstr ""
 msgid "SCIM Source Property Mappings"
 msgstr ""

-#: authentik/sources/telegram/models.py authentik/sources/telegram/stage.py
-msgid "Telegram bot username"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram bot token"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Request access to send messages from your bot."
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Sources"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mapping"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Telegram Source Property Mappings"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "User Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connection"
-msgstr ""
-
-#: authentik/sources/telegram/models.py
-msgid "Group Telegram Source Connections"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Authentication date is too old"
-msgstr ""
-
-#: authentik/sources/telegram/stage.py
-msgid "Invalid hash"
-msgstr ""
-
 #: authentik/stages/authenticator_duo/models.py
 msgid "Duo Authenticator Setup Stage"
 msgstr "Duo 身份驗證器設定階段"
@@ -3153,6 +2939,10 @@ msgstr "Duo 設備"
 msgid "Duo Devices"
 msgstr "Duo 設備"

+#: authentik/stages/authenticator_email/models.py
+msgid "Email OTP"
+msgstr ""
+
 #: authentik/stages/authenticator_email/models.py
 #: authentik/stages/email/models.py
 msgid ""
@@ -3197,10 +2987,6 @@ msgstr "授權碼不符"
 msgid "Invalid email"
 msgstr ""

-#: authentik/stages/authenticator_email/stage.py
-msgid "The user already has an email address registered for MFA."
-msgstr ""
-
 #: authentik/stages/authenticator_email/templates/email/email_otp.html
 #: authentik/stages/email/templates/email/password_reset.html
 #, python-format
@@ -3518,14 +3304,6 @@ msgstr "重設密碼"
 msgid "Account Confirmation"
 msgstr "帳戶認證"

-#: authentik/stages/email/models.py
-msgid "Email OTP"
-msgstr ""
-
-#: authentik/stages/email/models.py
-msgid "Event Notification"
-msgstr ""
-
 #: authentik/stages/email/models.py
 msgid ""
 "The time window used to count recent account recovery attempts. If the "
@@ -3744,10 +3522,6 @@ msgstr "識別階段"
 msgid "Identification Stages"
 msgstr "識別階段"

-#: authentik/stages/identification/stage.py
-msgid "Failed to authenticate."
-msgstr ""
-
 #: authentik/stages/identification/stage.py
 msgid "Log in"
 msgstr "登入"
@@ -4051,14 +3825,6 @@ msgstr ""
 msgid "Retry failed task"
 msgstr ""

-#: authentik/tasks/models.py
-msgid "Task log"
-msgstr ""
-
-#: authentik/tasks/models.py
-msgid "Task logs"
-msgstr ""
-
 #: authentik/tasks/models.py
 msgid "Worker status"
 msgstr ""
@@ -4166,22 +3932,6 @@ msgstr "域"
 msgid "Domains"
 msgstr "網域"

-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channel"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Group channels"
-msgstr ""
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Message"
-msgstr "信息"
-
-#: packages/django-channels-postgres/django_channels_postgres/models.py
-msgid "Messages"
-msgstr "信息"
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Queue name"
 msgstr ""
@@ -4202,14 +3952,6 @@ msgstr ""
 msgid "Task last modified time"
 msgstr ""

-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Number of retries"
-msgstr ""
-
-#: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
-msgid "Planned execution time"
-msgstr ""
-
 #: packages/django-dramatiq-postgres/django_dramatiq_postgres/models.py
 msgid "Task result"
 msgstr ""
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
    "name": "@goauthentik/authentik",
-    "version": "2025.10.0-rc2",
+    "version": "2025.10.0-rc1",
    "lockfileVersion": 3,
    "requires": true,
    "packages": {
        "": {
            "name": "@goauthentik/authentik",
-            "version": "2025.10.0-rc2",
+            "version": "2025.10.0-rc1",
            "dependencies": {
                "@eslint/js": "^9.31.0",
                "@typescript-eslint/eslint-plugin": "^8.38.0",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@goauthentik/authentik",
-    "version": "2025.10.0-rc2",
+    "version": "2025.10.0-rc1",
    "private": true,
    "type": "module",
    "dependencies": {
--- a/packages/esbuild-plugin-live-reload/package-lock.json
+++ b/packages/esbuild-plugin-live-reload/package-lock.json
@@ -832,13 +832,6 @@
                "node": ">= 8"
            }
        },
-        "node_modules/@pinojs/redact": {
-            "version": "0.4.0",
-            "resolved": "https://registry.npmjs.org/@pinojs/redact/-/redact-0.4.0.tgz",
-            "integrity": "sha512-k2ENnmBugE/rzQfEcdWHcCY+/FM3VLzH9cYEsbdsoqrvzAKRhUZeRNhAZvB8OitQJ1TBed3yqWtdjzS6wJKBwg==",
-            "dev": true,
-            "license": "MIT"
-        },
        "node_modules/@pkgr/core": {
            "version": "0.2.9",
            "resolved": "https://registry.npmjs.org/@pkgr/core/-/core-0.2.9.tgz",
@@ -912,13 +905,13 @@
            }
        },
        "node_modules/@types/node": {
-            "version": "24.9.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.9.0.tgz",
-            "integrity": "sha512-MKNwXh3seSK8WurXF7erHPJ2AONmMwkI7zAMrXZDPIru8jRqkk6rGDBVbw4mLwfqA+ZZliiDPg05JQ3uW66tKQ==",
+            "version": "24.8.1",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.8.1.tgz",
+            "integrity": "sha512-alv65KGRadQVfVcG69MuB4IzdYVpRwMG/mq8KWOaoOdyY617P5ivaDiMCGOFDWD2sAn5Q0mR3mRtUOgm99hL9Q==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "undici-types": "~7.16.0"
+                "undici-types": "~7.14.0"
            }
        },
        "node_modules/@types/unist": {
@@ -2301,13 +2294,12 @@
            }
        },
        "node_modules/pino": {
-            "version": "10.1.0",
-            "resolved": "https://registry.npmjs.org/pino/-/pino-10.1.0.tgz",
-            "integrity": "sha512-0zZC2ygfdqvqK8zJIr1e+wT1T/L+LF6qvqvbzEQ6tiMAoTqEVK9a1K3YRu8HEUvGEvNqZyPJTtb2sNIoTkB83w==",
+            "version": "10.0.0",
+            "resolved": "https://registry.npmjs.org/pino/-/pino-10.0.0.tgz",
+            "integrity": "sha512-eI9pKwWEix40kfvSzqEP6ldqOoBIN7dwD/o91TY5z8vQI12sAffpR/pOqAD1IVVwIVHDpHjkq0joBPdJD0rafA==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@pinojs/redact": "^0.4.0",
                "atomic-sleep": "^1.0.0",
                "on-exit-leak-free": "^2.1.0",
                "pino-abstract-transport": "^2.0.0",
@@ -2316,6 +2308,7 @@
                "quick-format-unescaped": "^4.0.3",
                "real-require": "^0.2.0",
                "safe-stable-stringify": "^2.3.1",
+                "slow-redact": "^0.3.0",
                "sonic-boom": "^4.0.1",
                "thread-stream": "^3.0.0"
            },
@@ -2611,6 +2604,13 @@
                "node": ">=8"
            }
        },
+        "node_modules/slow-redact": {
+            "version": "0.3.0",
+            "resolved": "https://registry.npmjs.org/slow-redact/-/slow-redact-0.3.0.tgz",
+            "integrity": "sha512-cf723wn9JeRIYP9tdtd86GuqoR5937u64Io+CYjlm2i7jvu7g0H+Cp0l0ShAf/4ZL+ISUTVT+8Qzz7RZmp9FjA==",
+            "dev": true,
+            "license": "MIT"
+        },
        "node_modules/sonic-boom": {
            "version": "4.2.0",
            "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-4.2.0.tgz",
@@ -2904,9 +2904,9 @@
            "license": "MIT"
        },
        "node_modules/undici-types": {
-            "version": "7.16.0",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
-            "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==",
+            "version": "7.14.0",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.14.0.tgz",
+            "integrity": "sha512-QQiYxHuyZ9gQUIrmPo3IA+hUl4KYk8uSA7cHrcKd/l3p1OTpZcM0Tbp9x7FAtXdAYhlasd60ncPpgu6ihG6TOA==",
            "dev": true,
            "license": "MIT"
        },
--- a/packages/eslint-config/package-lock.json
+++ b/packages/eslint-config/package-lock.json
@@ -369,12 +369,11 @@
            }
        },
        "node_modules/@eslint/config-array": {
-            "version": "0.21.1",
-            "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.1.tgz",
-            "integrity": "sha512-aw1gNayWpdI/jSYVgzN5pL0cfzU02GT3NBpeT/DXbx1/1x7ZKxFPd9bwrzygx/qiwIQiJ1sw/zD8qY/kRvlGHA==",
-            "license": "Apache-2.0",
+            "version": "0.21.0",
+            "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.0.tgz",
+            "integrity": "sha512-ENIdc4iLu0d93HeYirvKmrzshzofPw6VkZRKQGe9Nv46ZnWUzcF1xV01dcvEg/1wXUR61OmmlSfyeyO7EvjLxQ==",
            "dependencies": {
-                "@eslint/object-schema": "^2.1.7",
+                "@eslint/object-schema": "^2.1.6",
                "debug": "^4.3.1",
                "minimatch": "^3.1.2"
            },
@@ -383,9 +382,9 @@
            }
        },
        "node_modules/@eslint/config-helpers": {
-            "version": "0.4.1",
-            "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.1.tgz",
-            "integrity": "sha512-csZAzkNhsgwb0I/UAV6/RGFTbiakPCf0ZrGmrIxQpYvGZ00PhTkSnyKNolphgIvmnJeGw6rcGVEXfTzUnFuEvw==",
+            "version": "0.4.0",
+            "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.0.tgz",
+            "integrity": "sha512-WUFvV4WoIwW8Bv0KeKCIIEgdSiFOsulyN0xrMu+7z43q/hkOLXjvb5u7UC9jDxvRzcrbEmuZBX5yJZz1741jog==",
            "license": "Apache-2.0",
            "dependencies": {
                "@eslint/core": "^0.16.0"
@@ -430,9 +429,9 @@
            }
        },
        "node_modules/@eslint/js": {
-            "version": "9.38.0",
-            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.38.0.tgz",
-            "integrity": "sha512-UZ1VpFvXf9J06YG9xQBdnzU+kthors6KjhMAl6f4gH4usHyh31rUf2DLGInT8RFYIReYXNSydgPY0V2LuWgl7A==",
+            "version": "9.37.0",
+            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.37.0.tgz",
+            "integrity": "sha512-jaS+NJ+hximswBG6pjNX0uEJZkrT0zwpVi3BA3vX22aFGjJjmgSTSmPpZCRKmoBL5VY/M6p0xsSJx7rk7sy5gg==",
            "license": "MIT",
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -442,10 +441,9 @@
            }
        },
        "node_modules/@eslint/object-schema": {
-            "version": "2.1.7",
-            "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.7.tgz",
-            "integrity": "sha512-VtAOaymWVfZcmZbp6E2mympDIHvyjXs/12LqWYjVw6qjrfF+VK+fyG33kChz3nnK+SU5/NeHOqrTEHS8sXO3OA==",
-            "license": "Apache-2.0",
+            "version": "2.1.6",
+            "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.6.tgz",
+            "integrity": "sha512-RBMg5FRL0I0gs51M/guSAj5/e14VQ4tpZnQNWwuDT66P14I43ItmPfIZRhO9fUVIPOAQXU47atlywZ/czoqFPA==",
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
            }
@@ -731,17 +729,17 @@
            "license": "MIT"
        },
        "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.46.2.tgz",
-            "integrity": "sha512-ZGBMToy857/NIPaaCucIUQgqueOiq7HeAKkhlvqVV4lm089zUFW6ikRySx2v+cAhKeUCPuWVHeimyk6Dw1iY3w==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.46.1.tgz",
+            "integrity": "sha512-rUsLh8PXmBjdiPY+Emjz9NX2yHvhS11v0SR6xNJkm5GM1MO9ea/1GoDKlHHZGrOJclL/cZ2i/vRUYVtjRhrHVQ==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
                "@eslint-community/regexpp": "^4.10.0",
-                "@typescript-eslint/scope-manager": "8.46.2",
-                "@typescript-eslint/type-utils": "8.46.2",
-                "@typescript-eslint/utils": "8.46.2",
-                "@typescript-eslint/visitor-keys": "8.46.2",
+                "@typescript-eslint/scope-manager": "8.46.1",
+                "@typescript-eslint/type-utils": "8.46.1",
+                "@typescript-eslint/utils": "8.46.1",
+                "@typescript-eslint/visitor-keys": "8.46.1",
                "graphemer": "^1.4.0",
                "ignore": "^7.0.0",
                "natural-compare": "^1.4.0",
@@ -755,7 +753,7 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "@typescript-eslint/parser": "^8.46.2",
+                "@typescript-eslint/parser": "^8.46.1",
                "eslint": "^8.57.0 || ^9.0.0",
                "typescript": ">=4.8.4 <6.0.0"
            }
@@ -771,16 +769,16 @@
            }
        },
        "node_modules/@typescript-eslint/parser": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.2.tgz",
-            "integrity": "sha512-BnOroVl1SgrPLywqxyqdJ4l3S2MsKVLDVxZvjI1Eoe8ev2r3kGDo+PcMihNmDE+6/KjkTubSJnmqGZZjQSBq/g==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.1.tgz",
+            "integrity": "sha512-6JSSaBZmsKvEkbRUkf7Zj7dru/8ZCrJxAqArcLaVMee5907JdtEbKGsZ7zNiIm/UAkpGUkaSMZEXShnN2D1HZA==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/scope-manager": "8.46.2",
-                "@typescript-eslint/types": "8.46.2",
-                "@typescript-eslint/typescript-estree": "8.46.2",
-                "@typescript-eslint/visitor-keys": "8.46.2",
+                "@typescript-eslint/scope-manager": "8.46.1",
+                "@typescript-eslint/types": "8.46.1",
+                "@typescript-eslint/typescript-estree": "8.46.1",
+                "@typescript-eslint/visitor-keys": "8.46.1",
                "debug": "^4.3.4"
            },
            "engines": {
@@ -796,14 +794,14 @@
            }
        },
        "node_modules/@typescript-eslint/project-service": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.46.2.tgz",
-            "integrity": "sha512-PULOLZ9iqwI7hXcmL4fVfIsBi6AN9YxRc0frbvmg8f+4hQAjQ5GYNKK0DIArNo+rOKmR/iBYwkpBmnIwin4wBg==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.46.1.tgz",
+            "integrity": "sha512-FOIaFVMHzRskXr5J4Jp8lFVV0gz5ngv3RHmn+E4HYxSJ3DgDzU7fVI1/M7Ijh1zf6S7HIoaIOtln1H5y8V+9Zg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.46.2",
-                "@typescript-eslint/types": "^8.46.2",
+                "@typescript-eslint/tsconfig-utils": "^8.46.1",
+                "@typescript-eslint/types": "^8.46.1",
                "debug": "^4.3.4"
            },
            "engines": {
@@ -818,14 +816,14 @@
            }
        },
        "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.2.tgz",
-            "integrity": "sha512-LF4b/NmGvdWEHD2H4MsHD8ny6JpiVNDzrSZr3CsckEgCbAGZbYM4Cqxvi9L+WqDMT+51Ozy7lt2M+d0JLEuBqA==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.1.tgz",
+            "integrity": "sha512-weL9Gg3/5F0pVQKiF8eOXFZp8emqWzZsOJuWRUNtHT+UNV2xSJegmpCNQHy37aEQIbToTq7RHKhWvOsmbM680A==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.46.2",
-                "@typescript-eslint/visitor-keys": "8.46.2"
+                "@typescript-eslint/types": "8.46.1",
+                "@typescript-eslint/visitor-keys": "8.46.1"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -836,9 +834,9 @@
            }
        },
        "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.46.2.tgz",
-            "integrity": "sha512-a7QH6fw4S57+F5y2FIxxSDyi5M4UfGF+Jl1bCGd7+L4KsaUY80GsiF/t0UoRFDHAguKlBaACWJRmdrc6Xfkkag==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.46.1.tgz",
+            "integrity": "sha512-X88+J/CwFvlJB+mK09VFqx5FE4H5cXD+H/Bdza2aEWkSb8hnWIQorNcscRl4IEo1Cz9VI/+/r/jnGWkbWPx54g==",
            "dev": true,
            "license": "MIT",
            "engines": {
@@ -853,15 +851,15 @@
            }
        },
        "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.46.2.tgz",
-            "integrity": "sha512-HbPM4LbaAAt/DjxXaG9yiS9brOOz6fabal4uvUmaUYe6l3K1phQDMQKBRUrr06BQkxkvIZVVHttqiybM9nJsLA==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.46.1.tgz",
+            "integrity": "sha512-+BlmiHIiqufBxkVnOtFwjah/vrkF4MtKKvpXrKSPLCkCtAp8H01/VV43sfqA98Od7nJpDcFnkwgyfQbOG0AMvw==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.46.2",
-                "@typescript-eslint/typescript-estree": "8.46.2",
-                "@typescript-eslint/utils": "8.46.2",
+                "@typescript-eslint/types": "8.46.1",
+                "@typescript-eslint/typescript-estree": "8.46.1",
+                "@typescript-eslint/utils": "8.46.1",
                "debug": "^4.3.4",
                "ts-api-utils": "^2.1.0"
            },
@@ -878,9 +876,9 @@
            }
        },
        "node_modules/@typescript-eslint/types": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.2.tgz",
-            "integrity": "sha512-lNCWCbq7rpg7qDsQrd3D6NyWYu+gkTENkG5IKYhUIcxSb59SQC/hEQ+MrG4sTgBVghTonNWq42bA/d4yYumldQ==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.1.tgz",
+            "integrity": "sha512-C+soprGBHwWBdkDpbaRC4paGBrkIXxVlNohadL5o0kfhsXqOC6GYH2S/Obmig+I0HTDl8wMaRySwrfrXVP8/pQ==",
            "dev": true,
            "license": "MIT",
            "engines": {
@@ -892,16 +890,16 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.2.tgz",
-            "integrity": "sha512-f7rW7LJ2b7Uh2EiQ+7sza6RDZnajbNbemn54Ob6fRwQbgcIn+GWfyuHDHRYgRoZu1P4AayVScrRW+YfbTvPQoQ==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.1.tgz",
+            "integrity": "sha512-uIifjT4s8cQKFQ8ZBXXyoUODtRoAd7F7+G8MKmtzj17+1UbdzFl52AzRyZRyKqPHhgzvXunnSckVu36flGy8cg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/project-service": "8.46.2",
-                "@typescript-eslint/tsconfig-utils": "8.46.2",
-                "@typescript-eslint/types": "8.46.2",
-                "@typescript-eslint/visitor-keys": "8.46.2",
+                "@typescript-eslint/project-service": "8.46.1",
+                "@typescript-eslint/tsconfig-utils": "8.46.1",
+                "@typescript-eslint/types": "8.46.1",
+                "@typescript-eslint/visitor-keys": "8.46.1",
                "debug": "^4.3.4",
                "fast-glob": "^3.3.2",
                "is-glob": "^4.0.3",
@@ -960,16 +958,16 @@
            }
        },
        "node_modules/@typescript-eslint/utils": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.2.tgz",
-            "integrity": "sha512-sExxzucx0Tud5tE0XqR0lT0psBQvEpnpiul9XbGUB1QwpWJJAps1O/Z7hJxLGiZLBKMCutjTzDgmd1muEhBnVg==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.1.tgz",
+            "integrity": "sha512-vkYUy6LdZS7q1v/Gxb2Zs7zziuXN0wxqsetJdeZdRe/f5dwJFglmuvZBfTUivCtjH725C1jWCDfpadadD95EDQ==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
                "@eslint-community/eslint-utils": "^4.7.0",
-                "@typescript-eslint/scope-manager": "8.46.2",
-                "@typescript-eslint/types": "8.46.2",
-                "@typescript-eslint/typescript-estree": "8.46.2"
+                "@typescript-eslint/scope-manager": "8.46.1",
+                "@typescript-eslint/types": "8.46.1",
+                "@typescript-eslint/typescript-estree": "8.46.1"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -984,13 +982,13 @@
            }
        },
        "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.2.tgz",
-            "integrity": "sha512-tUFMXI4gxzzMXt4xpGJEsBsTox0XbNQ1y94EwlD/CuZwFcQP79xfQqMhau9HsRc/J0cAPA/HZt1dZPtGn9V/7w==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.1.tgz",
+            "integrity": "sha512-ptkmIf2iDkNUjdeu2bQqhFPV1m6qTnFFjg7PPDjxKWaMaP0Z6I9l30Jr3g5QqbZGdw8YdYvLp+XnqnWWZOg/NA==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.46.2",
+                "@typescript-eslint/types": "8.46.1",
                "eslint-visitor-keys": "^4.2.1"
            },
            "engines": {
@@ -1923,23 +1921,24 @@
            }
        },
        "node_modules/eslint": {
-            "version": "9.38.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.38.0.tgz",
-            "integrity": "sha512-t5aPOpmtJcZcz5UJyY2GbvpDlsK5E8JqRqoKtfiKE3cNh437KIqfJr3A3AKf5k64NPx6d0G3dno6XDY05PqPtw==",
+            "version": "9.37.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.37.0.tgz",
+            "integrity": "sha512-XyLmROnACWqSxiGYArdef1fItQd47weqB7iwtfr9JHwRrqIXZdcFMvvEcL9xHCmL0SNsOvF0c42lWyM1U5dgig==",
            "license": "MIT",
            "dependencies": {
                "@eslint-community/eslint-utils": "^4.8.0",
                "@eslint-community/regexpp": "^4.12.1",
-                "@eslint/config-array": "^0.21.1",
-                "@eslint/config-helpers": "^0.4.1",
+                "@eslint/config-array": "^0.21.0",
+                "@eslint/config-helpers": "^0.4.0",
                "@eslint/core": "^0.16.0",
                "@eslint/eslintrc": "^3.3.1",
-                "@eslint/js": "9.38.0",
+                "@eslint/js": "9.37.0",
                "@eslint/plugin-kit": "^0.4.0",
                "@humanfs/node": "^0.16.6",
                "@humanwhocodes/module-importer": "^1.0.1",
                "@humanwhocodes/retry": "^0.4.2",
                "@types/estree": "^1.0.6",
+                "@types/json-schema": "^7.0.15",
                "ajv": "^6.12.4",
                "chalk": "^4.0.0",
                "cross-spawn": "^7.0.6",
@@ -5077,16 +5076,16 @@
            }
        },
        "node_modules/typescript-eslint": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.46.2.tgz",
-            "integrity": "sha512-vbw8bOmiuYNdzzV3lsiWv6sRwjyuKJMQqWulBOU7M0RrxedXledX8G8kBbQeiOYDnTfiXz0Y4081E1QMNB6iQg==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.46.1.tgz",
+            "integrity": "sha512-VHgijW803JafdSsDO8I761r3SHrgk4T00IdyQ+/UsthtgPRsBWQLqoSxOolxTpxRKi1kGXK0bSz4CoAc9ObqJA==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.46.2",
-                "@typescript-eslint/parser": "8.46.2",
-                "@typescript-eslint/typescript-estree": "8.46.2",
-                "@typescript-eslint/utils": "8.46.2"
+                "@typescript-eslint/eslint-plugin": "8.46.1",
+                "@typescript-eslint/parser": "8.46.1",
+                "@typescript-eslint/typescript-estree": "8.46.1",
+                "@typescript-eslint/utils": "8.46.1"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
--- a/packages/prettier-config/package-lock.json
+++ b/packages/prettier-config/package-lock.json
@@ -146,12 +146,12 @@
            }
        },
        "node_modules/@eslint/config-array": {
-            "version": "0.21.1",
-            "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.1.tgz",
-            "integrity": "sha512-aw1gNayWpdI/jSYVgzN5pL0cfzU02GT3NBpeT/DXbx1/1x7ZKxFPd9bwrzygx/qiwIQiJ1sw/zD8qY/kRvlGHA==",
+            "version": "0.21.0",
+            "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.0.tgz",
+            "integrity": "sha512-ENIdc4iLu0d93HeYirvKmrzshzofPw6VkZRKQGe9Nv46ZnWUzcF1xV01dcvEg/1wXUR61OmmlSfyeyO7EvjLxQ==",
            "license": "Apache-2.0",
            "dependencies": {
-                "@eslint/object-schema": "^2.1.7",
+                "@eslint/object-schema": "^2.1.6",
                "debug": "^4.3.1",
                "minimatch": "^3.1.2"
            },
@@ -172,9 +172,9 @@
            }
        },
        "node_modules/@eslint/config-helpers": {
-            "version": "0.4.1",
-            "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.1.tgz",
-            "integrity": "sha512-csZAzkNhsgwb0I/UAV6/RGFTbiakPCf0ZrGmrIxQpYvGZ00PhTkSnyKNolphgIvmnJeGw6rcGVEXfTzUnFuEvw==",
+            "version": "0.4.0",
+            "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.0.tgz",
+            "integrity": "sha512-WUFvV4WoIwW8Bv0KeKCIIEgdSiFOsulyN0xrMu+7z43q/hkOLXjvb5u7UC9jDxvRzcrbEmuZBX5yJZz1741jog==",
            "license": "Apache-2.0",
            "dependencies": {
                "@eslint/core": "^0.16.0"
@@ -231,9 +231,9 @@
            }
        },
        "node_modules/@eslint/js": {
-            "version": "9.38.0",
-            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.38.0.tgz",
-            "integrity": "sha512-UZ1VpFvXf9J06YG9xQBdnzU+kthors6KjhMAl6f4gH4usHyh31rUf2DLGInT8RFYIReYXNSydgPY0V2LuWgl7A==",
+            "version": "9.37.0",
+            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.37.0.tgz",
+            "integrity": "sha512-jaS+NJ+hximswBG6pjNX0uEJZkrT0zwpVi3BA3vX22aFGjJjmgSTSmPpZCRKmoBL5VY/M6p0xsSJx7rk7sy5gg==",
            "license": "MIT",
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -243,9 +243,9 @@
            }
        },
        "node_modules/@eslint/object-schema": {
-            "version": "2.1.7",
-            "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.7.tgz",
-            "integrity": "sha512-VtAOaymWVfZcmZbp6E2mympDIHvyjXs/12LqWYjVw6qjrfF+VK+fyG33kChz3nnK+SU5/NeHOqrTEHS8sXO3OA==",
+            "version": "2.1.6",
+            "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.6.tgz",
+            "integrity": "sha512-RBMg5FRL0I0gs51M/guSAj5/e14VQ4tpZnQNWwuDT66P14I43ItmPfIZRhO9fUVIPOAQXU47atlywZ/czoqFPA==",
            "license": "Apache-2.0",
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -388,13 +388,13 @@
            "license": "MIT"
        },
        "node_modules/@types/node": {
-            "version": "24.9.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.9.0.tgz",
-            "integrity": "sha512-MKNwXh3seSK8WurXF7erHPJ2AONmMwkI7zAMrXZDPIru8jRqkk6rGDBVbw4mLwfqA+ZZliiDPg05JQ3uW66tKQ==",
+            "version": "24.8.1",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.8.1.tgz",
+            "integrity": "sha512-alv65KGRadQVfVcG69MuB4IzdYVpRwMG/mq8KWOaoOdyY617P5ivaDiMCGOFDWD2sAn5Q0mR3mRtUOgm99hL9Q==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "undici-types": "~7.16.0"
+                "undici-types": "~7.14.0"
            }
        },
        "node_modules/@vue/compiler-core": {
@@ -692,23 +692,24 @@
            }
        },
        "node_modules/eslint": {
-            "version": "9.38.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.38.0.tgz",
-            "integrity": "sha512-t5aPOpmtJcZcz5UJyY2GbvpDlsK5E8JqRqoKtfiKE3cNh437KIqfJr3A3AKf5k64NPx6d0G3dno6XDY05PqPtw==",
+            "version": "9.37.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.37.0.tgz",
+            "integrity": "sha512-XyLmROnACWqSxiGYArdef1fItQd47weqB7iwtfr9JHwRrqIXZdcFMvvEcL9xHCmL0SNsOvF0c42lWyM1U5dgig==",
            "license": "MIT",
            "dependencies": {
                "@eslint-community/eslint-utils": "^4.8.0",
                "@eslint-community/regexpp": "^4.12.1",
-                "@eslint/config-array": "^0.21.1",
-                "@eslint/config-helpers": "^0.4.1",
+                "@eslint/config-array": "^0.21.0",
+                "@eslint/config-helpers": "^0.4.0",
                "@eslint/core": "^0.16.0",
                "@eslint/eslintrc": "^3.3.1",
-                "@eslint/js": "9.38.0",
+                "@eslint/js": "9.37.0",
                "@eslint/plugin-kit": "^0.4.0",
                "@humanfs/node": "^0.16.6",
                "@humanwhocodes/module-importer": "^1.0.1",
                "@humanwhocodes/retry": "^0.4.2",
                "@types/estree": "^1.0.6",
+                "@types/json-schema": "^7.0.15",
                "ajv": "^6.12.4",
                "chalk": "^4.0.0",
                "cross-spawn": "^7.0.6",
@@ -1726,9 +1727,9 @@
            }
        },
        "node_modules/undici-types": {
-            "version": "7.16.0",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
-            "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==",
+            "version": "7.14.0",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.14.0.tgz",
+            "integrity": "sha512-QQiYxHuyZ9gQUIrmPo3IA+hUl4KYk8uSA7cHrcKd/l3p1OTpZcM0Tbp9x7FAtXdAYhlasd60ncPpgu6ihG6TOA==",
            "dev": true,
            "license": "MIT"
        },
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "authentik"
-version = "2025.10.0-rc2"
+version = "2025.10.0-rc1"
 description = ""
 authors = [{ name = "authentik Team", email = "hello@goauthentik.io" }]
 requires-python = "==3.13.*"
--- a/schema.yml
+++ b/schema.yml
@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
  title: authentik
-  version: 2025.10.0-rc2
+  version: 2025.10.0-rc1
  description: Making authentication simple.
  contact:
    email: hello@goauthentik.io
--- a/uv.lock
+++ b/uv.lock
@@ -1,5 +1,5 @@
 version = 1
-revision = 3
+revision = 2
 requires-python = "==3.13.*"

 [manifest]
@@ -170,7 +170,7 @@ wheels = [

 [[package]]
 name = "authentik"
-version = "2025.10.0rc2"
+version = "2025.10.0rc1"
 source = { editable = "." }
 dependencies = [
    { name = "argon2-cffi" },
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -1,12 +1,12 @@
 {
    "name": "@goauthentik/web",
-    "version": "2025.10.0-rc2",
+    "version": "2025.10.0-rc1",
    "lockfileVersion": 3,
    "requires": true,
    "packages": {
        "": {
            "name": "@goauthentik/web",
-            "version": "2025.10.0-rc2",
+            "version": "2025.10.0-rc1",
            "license": "MIT",
            "workspaces": [
                "./packages/*"
@@ -53,7 +53,7 @@
                "@types/grecaptcha": "^3.0.9",
                "@types/guacamole-common-js": "^1.5.4",
                "@types/mocha": "^10.0.10",
-                "@types/node": "^24.9.0",
+                "@types/node": "^24.8.1",
                "@types/react": "^19.2.2",
                "@types/react-dom": "^19.2.2",
                "@typescript-eslint/eslint-plugin": "^8.38.0",
@@ -72,7 +72,7 @@
                "dompurify": "^3.3.0",
                "esbuild": "^0.25.11",
                "esbuild-plugin-copy": "^2.1.1",
-                "eslint": "^9.38.0",
+                "eslint": "^9.37.0",
                "eslint-plugin-lit": "^2.1.1",
                "eslint-plugin-wc": "^3.0.2",
                "fuse.js": "^7.1.0",
@@ -85,7 +85,7 @@
                "md-front-matter": "^1.0.4",
                "mermaid": "^11.12.0",
                "npm-run-all": "^4.1.5",
-                "pino": "^10.1.0",
+                "pino": "^10.0.0",
                "pino-pretty": "^13.1.2",
                "playwright": "^1.55.1",
                "prettier": "^3.6.2",
@@ -108,7 +108,7 @@
                "turnstile-types": "^1.2.3",
                "type-fest": "^5.1.0",
                "typescript": "^5.9.3",
-                "typescript-eslint": "^8.46.2",
+                "typescript-eslint": "^8.46.1",
                "unist-util-visit": "^5.0.0",
                "vite": "^7.1.10",
                "vitest": "^3.2.4",
@@ -123,9 +123,9 @@
                "@esbuild/darwin-arm64": "^0.25.4",
                "@esbuild/linux-arm64": "^0.25.4",
                "@esbuild/linux-x64": "^0.25.4",
-                "@rollup/rollup-darwin-arm64": "^4.52.5",
-                "@rollup/rollup-linux-arm64-gnu": "^4.52.5",
-                "@rollup/rollup-linux-x64-gnu": "^4.52.5",
+                "@rollup/rollup-darwin-arm64": "^4.52.4",
+                "@rollup/rollup-linux-arm64-gnu": "^4.52.4",
+                "@rollup/rollup-linux-x64-gnu": "^4.52.4",
                "chromedriver": "^141.0.3",
                "p-iteration": "^1.1.8"
            }
@@ -1135,12 +1135,11 @@
            }
        },
        "node_modules/@eslint/config-array": {
-            "version": "0.21.1",
-            "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.1.tgz",
-            "integrity": "sha512-aw1gNayWpdI/jSYVgzN5pL0cfzU02GT3NBpeT/DXbx1/1x7ZKxFPd9bwrzygx/qiwIQiJ1sw/zD8qY/kRvlGHA==",
-            "license": "Apache-2.0",
+            "version": "0.21.0",
+            "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.0.tgz",
+            "integrity": "sha512-ENIdc4iLu0d93HeYirvKmrzshzofPw6VkZRKQGe9Nv46ZnWUzcF1xV01dcvEg/1wXUR61OmmlSfyeyO7EvjLxQ==",
            "dependencies": {
-                "@eslint/object-schema": "^2.1.7",
+                "@eslint/object-schema": "^2.1.6",
                "debug": "^4.3.1",
                "minimatch": "^3.1.2"
            },
@@ -1152,7 +1151,6 @@
            "version": "1.1.12",
            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
            "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
-            "license": "MIT",
            "dependencies": {
                "balanced-match": "^1.0.0",
                "concat-map": "0.0.1"
@@ -1162,7 +1160,6 @@
            "version": "3.1.2",
            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
            "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
-            "license": "ISC",
            "dependencies": {
                "brace-expansion": "^1.1.7"
            },
@@ -1171,9 +1168,9 @@
            }
        },
        "node_modules/@eslint/config-helpers": {
-            "version": "0.4.1",
-            "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.1.tgz",
-            "integrity": "sha512-csZAzkNhsgwb0I/UAV6/RGFTbiakPCf0ZrGmrIxQpYvGZ00PhTkSnyKNolphgIvmnJeGw6rcGVEXfTzUnFuEvw==",
+            "version": "0.4.0",
+            "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.0.tgz",
+            "integrity": "sha512-WUFvV4WoIwW8Bv0KeKCIIEgdSiFOsulyN0xrMu+7z43q/hkOLXjvb5u7UC9jDxvRzcrbEmuZBX5yJZz1741jog==",
            "license": "Apache-2.0",
            "dependencies": {
                "@eslint/core": "^0.16.0"
@@ -1252,9 +1249,9 @@
            }
        },
        "node_modules/@eslint/js": {
-            "version": "9.38.0",
-            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.38.0.tgz",
-            "integrity": "sha512-UZ1VpFvXf9J06YG9xQBdnzU+kthors6KjhMAl6f4gH4usHyh31rUf2DLGInT8RFYIReYXNSydgPY0V2LuWgl7A==",
+            "version": "9.37.0",
+            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.37.0.tgz",
+            "integrity": "sha512-jaS+NJ+hximswBG6pjNX0uEJZkrT0zwpVi3BA3vX22aFGjJjmgSTSmPpZCRKmoBL5VY/M6p0xsSJx7rk7sy5gg==",
            "license": "MIT",
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1264,10 +1261,9 @@
            }
        },
        "node_modules/@eslint/object-schema": {
-            "version": "2.1.7",
-            "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.7.tgz",
-            "integrity": "sha512-VtAOaymWVfZcmZbp6E2mympDIHvyjXs/12LqWYjVw6qjrfF+VK+fyG33kChz3nnK+SU5/NeHOqrTEHS8sXO3OA==",
-            "license": "Apache-2.0",
+            "version": "2.1.6",
+            "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.6.tgz",
+            "integrity": "sha512-RBMg5FRL0I0gs51M/guSAj5/e14VQ4tpZnQNWwuDT66P14I43ItmPfIZRhO9fUVIPOAQXU47atlywZ/czoqFPA==",
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
            }
@@ -3115,12 +3111,6 @@
            "integrity": "sha512-VgffxawQde93xKxT3qap3OH+meZf7VaSB5Sqd4Rqc+FP5alWbpOyan/7tRbOAvynjpG3GpdtAuGU/NdhQpmrog==",
            "license": "MIT"
        },
-        "node_modules/@pinojs/redact": {
-            "version": "0.4.0",
-            "resolved": "https://registry.npmjs.org/@pinojs/redact/-/redact-0.4.0.tgz",
-            "integrity": "sha512-k2ENnmBugE/rzQfEcdWHcCY+/FM3VLzH9cYEsbdsoqrvzAKRhUZeRNhAZvB8OitQJ1TBed3yqWtdjzS6wJKBwg==",
-            "license": "MIT"
-        },
        "node_modules/@pkgr/core": {
            "version": "0.2.7",
            "resolved": "https://registry.npmjs.org/@pkgr/core/-/core-0.2.7.tgz",
@@ -3303,9 +3293,9 @@
            }
        },
        "node_modules/@rollup/rollup-android-arm-eabi": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.52.5.tgz",
-            "integrity": "sha512-8c1vW4ocv3UOMp9K+gToY5zL2XiiVw3k7f1ksf4yO1FlDFQ1C2u72iACFnSOceJFsWskc2WZNqeRhFRPzv+wtQ==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.52.4.tgz",
+            "integrity": "sha512-BTm2qKNnWIQ5auf4deoetINJm2JzvihvGb9R6K/ETwKLql/Bb3Eg2H1FBp1gUb4YGbydMA3jcmQTR73q7J+GAA==",
            "cpu": [
                "arm"
            ],
@@ -3316,9 +3306,9 @@
            ]
        },
        "node_modules/@rollup/rollup-android-arm64": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.52.5.tgz",
-            "integrity": "sha512-mQGfsIEFcu21mvqkEKKu2dYmtuSZOBMmAl5CFlPGLY94Vlcm+zWApK7F/eocsNzp8tKmbeBP8yXyAbx0XHsFNA==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.52.4.tgz",
+            "integrity": "sha512-P9LDQiC5vpgGFgz7GSM6dKPCiqR3XYN1WwJKA4/BUVDjHpYsf3iBEmVz62uyq20NGYbiGPR5cNHI7T1HqxNs2w==",
            "cpu": [
                "arm64"
            ],
@@ -3329,9 +3319,9 @@
            ]
        },
        "node_modules/@rollup/rollup-darwin-arm64": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.52.5.tgz",
-            "integrity": "sha512-takF3CR71mCAGA+v794QUZ0b6ZSrgJkArC+gUiG6LB6TQty9T0Mqh3m2ImRBOxS2IeYBo4lKWIieSvnEk2OQWA==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.52.4.tgz",
+            "integrity": "sha512-QRWSW+bVccAvZF6cbNZBJwAehmvG9NwfWHwMy4GbWi/BQIA/laTIktebT2ipVjNncqE6GLPxOok5hsECgAxGZg==",
            "cpu": [
                "arm64"
            ],
@@ -3342,9 +3332,9 @@
            ]
        },
        "node_modules/@rollup/rollup-darwin-x64": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.52.5.tgz",
-            "integrity": "sha512-W901Pla8Ya95WpxDn//VF9K9u2JbocwV/v75TE0YIHNTbhqUTv9w4VuQ9MaWlNOkkEfFwkdNhXgcLqPSmHy0fA==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.52.4.tgz",
+            "integrity": "sha512-hZgP05pResAkRJxL1b+7yxCnXPGsXU0fG9Yfd6dUaoGk+FhdPKCJ5L1Sumyxn8kvw8Qi5PvQ8ulenUbRjzeCTw==",
            "cpu": [
                "x64"
            ],
@@ -3355,9 +3345,9 @@
            ]
        },
        "node_modules/@rollup/rollup-freebsd-arm64": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.52.5.tgz",
-            "integrity": "sha512-QofO7i7JycsYOWxe0GFqhLmF6l1TqBswJMvICnRUjqCx8b47MTo46W8AoeQwiokAx3zVryVnxtBMcGcnX12LvA==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.52.4.tgz",
+            "integrity": "sha512-xmc30VshuBNUd58Xk4TKAEcRZHaXlV+tCxIXELiE9sQuK3kG8ZFgSPi57UBJt8/ogfhAF5Oz4ZSUBN77weM+mQ==",
            "cpu": [
                "arm64"
            ],
@@ -3368,9 +3358,9 @@
            ]
        },
        "node_modules/@rollup/rollup-freebsd-x64": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.52.5.tgz",
-            "integrity": "sha512-jr21b/99ew8ujZubPo9skbrItHEIE50WdV86cdSoRkKtmWa+DDr6fu2c/xyRT0F/WazZpam6kk7IHBerSL7LDQ==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.52.4.tgz",
+            "integrity": "sha512-WdSLpZFjOEqNZGmHflxyifolwAiZmDQzuOzIq9L27ButpCVpD7KzTRtEG1I0wMPFyiyUdOO+4t8GvrnBLQSwpw==",
            "cpu": [
                "x64"
            ],
@@ -3381,9 +3371,9 @@
            ]
        },
        "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.52.5.tgz",
-            "integrity": "sha512-PsNAbcyv9CcecAUagQefwX8fQn9LQ4nZkpDboBOttmyffnInRy8R8dSg6hxxl2Re5QhHBf6FYIDhIj5v982ATQ==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.52.4.tgz",
+            "integrity": "sha512-xRiOu9Of1FZ4SxVbB0iEDXc4ddIcjCv2aj03dmW8UrZIW7aIQ9jVJdLBIhxBI+MaTnGAKyvMwPwQnoOEvP7FgQ==",
            "cpu": [
                "arm"
            ],
@@ -3394,9 +3384,9 @@
            ]
        },
        "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.52.5.tgz",
-            "integrity": "sha512-Fw4tysRutyQc/wwkmcyoqFtJhh0u31K+Q6jYjeicsGJJ7bbEq8LwPWV/w0cnzOqR2m694/Af6hpFayLJZkG2VQ==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.52.4.tgz",
+            "integrity": "sha512-FbhM2p9TJAmEIEhIgzR4soUcsW49e9veAQCziwbR+XWB2zqJ12b4i/+hel9yLiD8pLncDH4fKIPIbt5238341Q==",
            "cpu": [
                "arm"
            ],
@@ -3407,9 +3397,9 @@
            ]
        },
        "node_modules/@rollup/rollup-linux-arm64-gnu": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.52.5.tgz",
-            "integrity": "sha512-a+3wVnAYdQClOTlyapKmyI6BLPAFYs0JM8HRpgYZQO02rMR09ZcV9LbQB+NL6sljzG38869YqThrRnfPMCDtZg==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.52.4.tgz",
+            "integrity": "sha512-4n4gVwhPHR9q/g8lKCyz0yuaD0MvDf7dV4f9tHt0C73Mp8h38UCtSCSE6R9iBlTbXlmA8CjpsZoujhszefqueg==",
            "cpu": [
                "arm64"
            ],
@@ -3420,9 +3410,9 @@
            ]
        },
        "node_modules/@rollup/rollup-linux-arm64-musl": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.52.5.tgz",
-            "integrity": "sha512-AvttBOMwO9Pcuuf7m9PkC1PUIKsfaAJ4AYhy944qeTJgQOqJYJ9oVl2nYgY7Rk0mkbsuOpCAYSs6wLYB2Xiw0Q==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.52.4.tgz",
+            "integrity": "sha512-u0n17nGA0nvi/11gcZKsjkLj1QIpAuPFQbR48Subo7SmZJnGxDpspyw2kbpuoQnyK+9pwf3pAoEXerJs/8Mi9g==",
            "cpu": [
                "arm64"
            ],
@@ -3433,9 +3423,9 @@
            ]
        },
        "node_modules/@rollup/rollup-linux-loong64-gnu": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.52.5.tgz",
-            "integrity": "sha512-DkDk8pmXQV2wVrF6oq5tONK6UHLz/XcEVow4JTTerdeV1uqPeHxwcg7aFsfnSm9L+OO8WJsWotKM2JJPMWrQtA==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.52.4.tgz",
+            "integrity": "sha512-0G2c2lpYtbTuXo8KEJkDkClE/+/2AFPdPAbmaHoE870foRFs4pBrDehilMcrSScrN/fB/1HTaWO4bqw+ewBzMQ==",
            "cpu": [
                "loong64"
            ],
@@ -3446,9 +3436,9 @@
            ]
        },
        "node_modules/@rollup/rollup-linux-ppc64-gnu": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.52.5.tgz",
-            "integrity": "sha512-W/b9ZN/U9+hPQVvlGwjzi+Wy4xdoH2I8EjaCkMvzpI7wJUs8sWJ03Rq96jRnHkSrcHTpQe8h5Tg3ZzUPGauvAw==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.52.4.tgz",
+            "integrity": "sha512-teSACug1GyZHmPDv14VNbvZFX779UqWTsd7KtTM9JIZRDI5NUwYSIS30kzI8m06gOPB//jtpqlhmraQ68b5X2g==",
            "cpu": [
                "ppc64"
            ],
@@ -3459,9 +3449,9 @@
            ]
        },
        "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.52.5.tgz",
-            "integrity": "sha512-sjQLr9BW7R/ZiXnQiWPkErNfLMkkWIoCz7YMn27HldKsADEKa5WYdobaa1hmN6slu9oWQbB6/jFpJ+P2IkVrmw==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.52.4.tgz",
+            "integrity": "sha512-/MOEW3aHjjs1p4Pw1Xk4+3egRevx8Ji9N6HUIA1Ifh8Q+cg9dremvFCUbOX2Zebz80BwJIgCBUemjqhU5XI5Eg==",
            "cpu": [
                "riscv64"
            ],
@@ -3472,9 +3462,9 @@
            ]
        },
        "node_modules/@rollup/rollup-linux-riscv64-musl": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.52.5.tgz",
-            "integrity": "sha512-hq3jU/kGyjXWTvAh2awn8oHroCbrPm8JqM7RUpKjalIRWWXE01CQOf/tUNWNHjmbMHg/hmNCwc/Pz3k1T/j/Lg==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.52.4.tgz",
+            "integrity": "sha512-1HHmsRyh845QDpEWzOFtMCph5Ts+9+yllCrREuBR/vg2RogAQGGBRC8lDPrPOMnrdOJ+mt1WLMOC2Kao/UwcvA==",
            "cpu": [
                "riscv64"
            ],
@@ -3485,9 +3475,9 @@
            ]
        },
        "node_modules/@rollup/rollup-linux-s390x-gnu": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.52.5.tgz",
-            "integrity": "sha512-gn8kHOrku8D4NGHMK1Y7NA7INQTRdVOntt1OCYypZPRt6skGbddska44K8iocdpxHTMMNui5oH4elPH4QOLrFQ==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.52.4.tgz",
+            "integrity": "sha512-seoeZp4L/6D1MUyjWkOMRU6/iLmCU2EjbMTyAG4oIOs1/I82Y5lTeaxW0KBfkUdHAWN7j25bpkt0rjnOgAcQcA==",
            "cpu": [
                "s390x"
            ],
@@ -3498,9 +3488,9 @@
            ]
        },
        "node_modules/@rollup/rollup-linux-x64-gnu": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.52.5.tgz",
-            "integrity": "sha512-hXGLYpdhiNElzN770+H2nlx+jRog8TyynpTVzdlc6bndktjKWyZyiCsuDAlpd+j+W+WNqfcyAWz9HxxIGfZm1Q==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.52.4.tgz",
+            "integrity": "sha512-Wi6AXf0k0L7E2gteNsNHUs7UMwCIhsCTs6+tqQ5GPwVRWMaflqGec4Sd8n6+FNFDw9vGcReqk2KzBDhCa1DLYg==",
            "cpu": [
                "x64"
            ],
@@ -3511,9 +3501,9 @@
            ]
        },
        "node_modules/@rollup/rollup-linux-x64-musl": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.52.5.tgz",
-            "integrity": "sha512-arCGIcuNKjBoKAXD+y7XomR9gY6Mw7HnFBv5Rw7wQRvwYLR7gBAgV7Mb2QTyjXfTveBNFAtPt46/36vV9STLNg==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.52.4.tgz",
+            "integrity": "sha512-dtBZYjDmCQ9hW+WgEkaffvRRCKm767wWhxsFW3Lw86VXz/uJRuD438/XvbZT//B96Vs8oTA8Q4A0AfHbrxP9zw==",
            "cpu": [
                "x64"
            ],
@@ -3524,9 +3514,9 @@
            ]
        },
        "node_modules/@rollup/rollup-openharmony-arm64": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.52.5.tgz",
-            "integrity": "sha512-QoFqB6+/9Rly/RiPjaomPLmR/13cgkIGfA40LHly9zcH1S0bN2HVFYk3a1eAyHQyjs3ZJYlXvIGtcCs5tko9Cw==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.52.4.tgz",
+            "integrity": "sha512-1ox+GqgRWqaB1RnyZXL8PD6E5f7YyRUJYnCqKpNzxzP0TkaUh112NDrR9Tt+C8rJ4x5G9Mk8PQR3o7Ku2RKqKA==",
            "cpu": [
                "arm64"
            ],
@@ -3537,9 +3527,9 @@
            ]
        },
        "node_modules/@rollup/rollup-win32-arm64-msvc": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.52.5.tgz",
-            "integrity": "sha512-w0cDWVR6MlTstla1cIfOGyl8+qb93FlAVutcor14Gf5Md5ap5ySfQ7R9S/NjNaMLSFdUnKGEasmVnu3lCMqB7w==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.52.4.tgz",
+            "integrity": "sha512-8GKr640PdFNXwzIE0IrkMWUNUomILLkfeHjXBi/nUvFlpZP+FA8BKGKpacjW6OUUHaNI6sUURxR2U2g78FOHWQ==",
            "cpu": [
                "arm64"
            ],
@@ -3550,9 +3540,9 @@
            ]
        },
        "node_modules/@rollup/rollup-win32-ia32-msvc": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.52.5.tgz",
-            "integrity": "sha512-Aufdpzp7DpOTULJCuvzqcItSGDH73pF3ko/f+ckJhxQyHtp67rHw3HMNxoIdDMUITJESNE6a8uh4Lo4SLouOUg==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.52.4.tgz",
+            "integrity": "sha512-AIy/jdJ7WtJ/F6EcfOb2GjR9UweO0n43jNObQMb6oGxkYTfLcnN7vYYpG+CN3lLxrQkzWnMOoNSHTW54pgbVxw==",
            "cpu": [
                "ia32"
            ],
@@ -3563,9 +3553,9 @@
            ]
        },
        "node_modules/@rollup/rollup-win32-x64-gnu": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.52.5.tgz",
-            "integrity": "sha512-UGBUGPFp1vkj6p8wCRraqNhqwX/4kNQPS57BCFc8wYh0g94iVIW33wJtQAx3G7vrjjNtRaxiMUylM0ktp/TRSQ==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.52.4.tgz",
+            "integrity": "sha512-UF9KfsH9yEam0UjTwAgdK0anlQ7c8/pWPU2yVjyWcF1I1thABt6WXE47cI71pGiZ8wGvxohBoLnxM04L/wj8mQ==",
            "cpu": [
                "x64"
            ],
@@ -3576,9 +3566,9 @@
            ]
        },
        "node_modules/@rollup/rollup-win32-x64-msvc": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.52.5.tgz",
-            "integrity": "sha512-TAcgQh2sSkykPRWLrdyy2AiceMckNf5loITqXxFI5VuQjS5tSuw3WlwdN8qv8vzjLAUTvYaH/mVjSFpbkFbpTg==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.52.4.tgz",
+            "integrity": "sha512-bf9PtUa0u8IXDVxzRToFQKsNCRz9qLYfR/MpECxl4mRoWYjAeFjgxj1XdZr2M/GNVpT05p+LgQOHopYDlUu6/w==",
            "cpu": [
                "x64"
            ],
@@ -5474,19 +5464,19 @@
            }
        },
        "node_modules/@types/node": {
-            "version": "24.9.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.9.0.tgz",
-            "integrity": "sha512-MKNwXh3seSK8WurXF7erHPJ2AONmMwkI7zAMrXZDPIru8jRqkk6rGDBVbw4mLwfqA+ZZliiDPg05JQ3uW66tKQ==",
+            "version": "24.8.1",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.8.1.tgz",
+            "integrity": "sha512-alv65KGRadQVfVcG69MuB4IzdYVpRwMG/mq8KWOaoOdyY617P5ivaDiMCGOFDWD2sAn5Q0mR3mRtUOgm99hL9Q==",
            "license": "MIT",
            "peer": true,
            "dependencies": {
-                "undici-types": "~7.16.0"
+                "undici-types": "~7.14.0"
            }
        },
        "node_modules/@types/node/node_modules/undici-types": {
-            "version": "7.16.0",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
-            "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==",
+            "version": "7.14.0",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.14.0.tgz",
+            "integrity": "sha512-QQiYxHuyZ9gQUIrmPo3IA+hUl4KYk8uSA7cHrcKd/l3p1OTpZcM0Tbp9x7FAtXdAYhlasd60ncPpgu6ihG6TOA==",
            "license": "MIT"
        },
        "node_modules/@types/pg": {
@@ -5591,16 +5581,16 @@
            }
        },
        "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.46.2.tgz",
-            "integrity": "sha512-ZGBMToy857/NIPaaCucIUQgqueOiq7HeAKkhlvqVV4lm089zUFW6ikRySx2v+cAhKeUCPuWVHeimyk6Dw1iY3w==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.46.1.tgz",
+            "integrity": "sha512-rUsLh8PXmBjdiPY+Emjz9NX2yHvhS11v0SR6xNJkm5GM1MO9ea/1GoDKlHHZGrOJclL/cZ2i/vRUYVtjRhrHVQ==",
            "license": "MIT",
            "dependencies": {
                "@eslint-community/regexpp": "^4.10.0",
-                "@typescript-eslint/scope-manager": "8.46.2",
-                "@typescript-eslint/type-utils": "8.46.2",
-                "@typescript-eslint/utils": "8.46.2",
-                "@typescript-eslint/visitor-keys": "8.46.2",
+                "@typescript-eslint/scope-manager": "8.46.1",
+                "@typescript-eslint/type-utils": "8.46.1",
+                "@typescript-eslint/utils": "8.46.1",
+                "@typescript-eslint/visitor-keys": "8.46.1",
                "graphemer": "^1.4.0",
                "ignore": "^7.0.0",
                "natural-compare": "^1.4.0",
@@ -5614,7 +5604,7 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "@typescript-eslint/parser": "^8.46.2",
+                "@typescript-eslint/parser": "^8.46.1",
                "eslint": "^8.57.0 || ^9.0.0",
                "typescript": ">=4.8.4 <6.0.0"
            }
@@ -5629,16 +5619,16 @@
            }
        },
        "node_modules/@typescript-eslint/parser": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.2.tgz",
-            "integrity": "sha512-BnOroVl1SgrPLywqxyqdJ4l3S2MsKVLDVxZvjI1Eoe8ev2r3kGDo+PcMihNmDE+6/KjkTubSJnmqGZZjQSBq/g==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.1.tgz",
+            "integrity": "sha512-6JSSaBZmsKvEkbRUkf7Zj7dru/8ZCrJxAqArcLaVMee5907JdtEbKGsZ7zNiIm/UAkpGUkaSMZEXShnN2D1HZA==",
            "license": "MIT",
            "peer": true,
            "dependencies": {
-                "@typescript-eslint/scope-manager": "8.46.2",
-                "@typescript-eslint/types": "8.46.2",
-                "@typescript-eslint/typescript-estree": "8.46.2",
-                "@typescript-eslint/visitor-keys": "8.46.2",
+                "@typescript-eslint/scope-manager": "8.46.1",
+                "@typescript-eslint/types": "8.46.1",
+                "@typescript-eslint/typescript-estree": "8.46.1",
+                "@typescript-eslint/visitor-keys": "8.46.1",
                "debug": "^4.3.4"
            },
            "engines": {
@@ -5654,13 +5644,13 @@
            }
        },
        "node_modules/@typescript-eslint/project-service": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.46.2.tgz",
-            "integrity": "sha512-PULOLZ9iqwI7hXcmL4fVfIsBi6AN9YxRc0frbvmg8f+4hQAjQ5GYNKK0DIArNo+rOKmR/iBYwkpBmnIwin4wBg==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.46.1.tgz",
+            "integrity": "sha512-FOIaFVMHzRskXr5J4Jp8lFVV0gz5ngv3RHmn+E4HYxSJ3DgDzU7fVI1/M7Ijh1zf6S7HIoaIOtln1H5y8V+9Zg==",
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.46.2",
-                "@typescript-eslint/types": "^8.46.2",
+                "@typescript-eslint/tsconfig-utils": "^8.46.1",
+                "@typescript-eslint/types": "^8.46.1",
                "debug": "^4.3.4"
            },
            "engines": {
@@ -5675,13 +5665,13 @@
            }
        },
        "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.2.tgz",
-            "integrity": "sha512-LF4b/NmGvdWEHD2H4MsHD8ny6JpiVNDzrSZr3CsckEgCbAGZbYM4Cqxvi9L+WqDMT+51Ozy7lt2M+d0JLEuBqA==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.1.tgz",
+            "integrity": "sha512-weL9Gg3/5F0pVQKiF8eOXFZp8emqWzZsOJuWRUNtHT+UNV2xSJegmpCNQHy37aEQIbToTq7RHKhWvOsmbM680A==",
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.46.2",
-                "@typescript-eslint/visitor-keys": "8.46.2"
+                "@typescript-eslint/types": "8.46.1",
+                "@typescript-eslint/visitor-keys": "8.46.1"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5692,9 +5682,9 @@
            }
        },
        "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.46.2.tgz",
-            "integrity": "sha512-a7QH6fw4S57+F5y2FIxxSDyi5M4UfGF+Jl1bCGd7+L4KsaUY80GsiF/t0UoRFDHAguKlBaACWJRmdrc6Xfkkag==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.46.1.tgz",
+            "integrity": "sha512-X88+J/CwFvlJB+mK09VFqx5FE4H5cXD+H/Bdza2aEWkSb8hnWIQorNcscRl4IEo1Cz9VI/+/r/jnGWkbWPx54g==",
            "license": "MIT",
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5708,14 +5698,14 @@
            }
        },
        "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.46.2.tgz",
-            "integrity": "sha512-HbPM4LbaAAt/DjxXaG9yiS9brOOz6fabal4uvUmaUYe6l3K1phQDMQKBRUrr06BQkxkvIZVVHttqiybM9nJsLA==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.46.1.tgz",
+            "integrity": "sha512-+BlmiHIiqufBxkVnOtFwjah/vrkF4MtKKvpXrKSPLCkCtAp8H01/VV43sfqA98Od7nJpDcFnkwgyfQbOG0AMvw==",
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.46.2",
-                "@typescript-eslint/typescript-estree": "8.46.2",
-                "@typescript-eslint/utils": "8.46.2",
+                "@typescript-eslint/types": "8.46.1",
+                "@typescript-eslint/typescript-estree": "8.46.1",
+                "@typescript-eslint/utils": "8.46.1",
                "debug": "^4.3.4",
                "ts-api-utils": "^2.1.0"
            },
@@ -5732,9 +5722,9 @@
            }
        },
        "node_modules/@typescript-eslint/types": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.2.tgz",
-            "integrity": "sha512-lNCWCbq7rpg7qDsQrd3D6NyWYu+gkTENkG5IKYhUIcxSb59SQC/hEQ+MrG4sTgBVghTonNWq42bA/d4yYumldQ==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.1.tgz",
+            "integrity": "sha512-C+soprGBHwWBdkDpbaRC4paGBrkIXxVlNohadL5o0kfhsXqOC6GYH2S/Obmig+I0HTDl8wMaRySwrfrXVP8/pQ==",
            "license": "MIT",
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5745,15 +5735,15 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.2.tgz",
-            "integrity": "sha512-f7rW7LJ2b7Uh2EiQ+7sza6RDZnajbNbemn54Ob6fRwQbgcIn+GWfyuHDHRYgRoZu1P4AayVScrRW+YfbTvPQoQ==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.1.tgz",
+            "integrity": "sha512-uIifjT4s8cQKFQ8ZBXXyoUODtRoAd7F7+G8MKmtzj17+1UbdzFl52AzRyZRyKqPHhgzvXunnSckVu36flGy8cg==",
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/project-service": "8.46.2",
-                "@typescript-eslint/tsconfig-utils": "8.46.2",
-                "@typescript-eslint/types": "8.46.2",
-                "@typescript-eslint/visitor-keys": "8.46.2",
+                "@typescript-eslint/project-service": "8.46.1",
+                "@typescript-eslint/tsconfig-utils": "8.46.1",
+                "@typescript-eslint/types": "8.46.1",
+                "@typescript-eslint/visitor-keys": "8.46.1",
                "debug": "^4.3.4",
                "fast-glob": "^3.3.2",
                "is-glob": "^4.0.3",
@@ -5773,15 +5763,15 @@
            }
        },
        "node_modules/@typescript-eslint/utils": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.2.tgz",
-            "integrity": "sha512-sExxzucx0Tud5tE0XqR0lT0psBQvEpnpiul9XbGUB1QwpWJJAps1O/Z7hJxLGiZLBKMCutjTzDgmd1muEhBnVg==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.1.tgz",
+            "integrity": "sha512-vkYUy6LdZS7q1v/Gxb2Zs7zziuXN0wxqsetJdeZdRe/f5dwJFglmuvZBfTUivCtjH725C1jWCDfpadadD95EDQ==",
            "license": "MIT",
            "dependencies": {
                "@eslint-community/eslint-utils": "^4.7.0",
-                "@typescript-eslint/scope-manager": "8.46.2",
-                "@typescript-eslint/types": "8.46.2",
-                "@typescript-eslint/typescript-estree": "8.46.2"
+                "@typescript-eslint/scope-manager": "8.46.1",
+                "@typescript-eslint/types": "8.46.1",
+                "@typescript-eslint/typescript-estree": "8.46.1"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5796,12 +5786,12 @@
            }
        },
        "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.2.tgz",
-            "integrity": "sha512-tUFMXI4gxzzMXt4xpGJEsBsTox0XbNQ1y94EwlD/CuZwFcQP79xfQqMhau9HsRc/J0cAPA/HZt1dZPtGn9V/7w==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.1.tgz",
+            "integrity": "sha512-ptkmIf2iDkNUjdeu2bQqhFPV1m6qTnFFjg7PPDjxKWaMaP0Z6I9l30Jr3g5QqbZGdw8YdYvLp+XnqnWWZOg/NA==",
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.46.2",
+                "@typescript-eslint/types": "8.46.1",
                "eslint-visitor-keys": "^4.2.1"
            },
            "engines": {
@@ -9201,24 +9191,25 @@
            }
        },
        "node_modules/eslint": {
-            "version": "9.38.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.38.0.tgz",
-            "integrity": "sha512-t5aPOpmtJcZcz5UJyY2GbvpDlsK5E8JqRqoKtfiKE3cNh437KIqfJr3A3AKf5k64NPx6d0G3dno6XDY05PqPtw==",
+            "version": "9.37.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.37.0.tgz",
+            "integrity": "sha512-XyLmROnACWqSxiGYArdef1fItQd47weqB7iwtfr9JHwRrqIXZdcFMvvEcL9xHCmL0SNsOvF0c42lWyM1U5dgig==",
            "license": "MIT",
            "peer": true,
            "dependencies": {
                "@eslint-community/eslint-utils": "^4.8.0",
                "@eslint-community/regexpp": "^4.12.1",
-                "@eslint/config-array": "^0.21.1",
-                "@eslint/config-helpers": "^0.4.1",
+                "@eslint/config-array": "^0.21.0",
+                "@eslint/config-helpers": "^0.4.0",
                "@eslint/core": "^0.16.0",
                "@eslint/eslintrc": "^3.3.1",
-                "@eslint/js": "9.38.0",
+                "@eslint/js": "9.37.0",
                "@eslint/plugin-kit": "^0.4.0",
                "@humanfs/node": "^0.16.6",
                "@humanwhocodes/module-importer": "^1.0.1",
                "@humanwhocodes/retry": "^0.4.2",
                "@types/estree": "^1.0.6",
+                "@types/json-schema": "^7.0.15",
                "ajv": "^6.12.4",
                "chalk": "^4.0.0",
                "cross-spawn": "^7.0.6",
@@ -14882,12 +14873,11 @@
            }
        },
        "node_modules/pino": {
-            "version": "10.1.0",
-            "resolved": "https://registry.npmjs.org/pino/-/pino-10.1.0.tgz",
-            "integrity": "sha512-0zZC2ygfdqvqK8zJIr1e+wT1T/L+LF6qvqvbzEQ6tiMAoTqEVK9a1K3YRu8HEUvGEvNqZyPJTtb2sNIoTkB83w==",
+            "version": "10.0.0",
+            "resolved": "https://registry.npmjs.org/pino/-/pino-10.0.0.tgz",
+            "integrity": "sha512-eI9pKwWEix40kfvSzqEP6ldqOoBIN7dwD/o91TY5z8vQI12sAffpR/pOqAD1IVVwIVHDpHjkq0joBPdJD0rafA==",
            "license": "MIT",
            "dependencies": {
-                "@pinojs/redact": "^0.4.0",
                "atomic-sleep": "^1.0.0",
                "on-exit-leak-free": "^2.1.0",
                "pino-abstract-transport": "^2.0.0",
@@ -14896,6 +14886,7 @@
                "quick-format-unescaped": "^4.0.3",
                "real-require": "^0.2.0",
                "safe-stable-stringify": "^2.3.1",
+                "slow-redact": "^0.3.0",
                "sonic-boom": "^4.0.1",
                "thread-stream": "^3.0.0"
            },
@@ -16157,9 +16148,9 @@
            "license": "Unlicense"
        },
        "node_modules/rollup": {
-            "version": "4.52.5",
-            "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.52.5.tgz",
-            "integrity": "sha512-3GuObel8h7Kqdjt0gxkEzaifHTqLVW56Y/bjN7PSQtkKr0w3V/QYSdt6QWYtd7A1xUtYQigtdUfgj1RvWVtorw==",
+            "version": "4.52.4",
+            "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.52.4.tgz",
+            "integrity": "sha512-CLEVl+MnPAiKh5pl4dEWSyMTpuflgNQiLGhMv8ezD5W/qP8AKvmYpCOKRRNOh7oRKnauBZ4SyeYkMS+1VSyKwQ==",
            "license": "MIT",
            "peer": true,
            "dependencies": {
@@ -16173,28 +16164,28 @@
                "npm": ">=8.0.0"
            },
            "optionalDependencies": {
-                "@rollup/rollup-android-arm-eabi": "4.52.5",
-                "@rollup/rollup-android-arm64": "4.52.5",
-                "@rollup/rollup-darwin-arm64": "4.52.5",
-                "@rollup/rollup-darwin-x64": "4.52.5",
-                "@rollup/rollup-freebsd-arm64": "4.52.5",
-                "@rollup/rollup-freebsd-x64": "4.52.5",
-                "@rollup/rollup-linux-arm-gnueabihf": "4.52.5",
-                "@rollup/rollup-linux-arm-musleabihf": "4.52.5",
-                "@rollup/rollup-linux-arm64-gnu": "4.52.5",
-                "@rollup/rollup-linux-arm64-musl": "4.52.5",
-                "@rollup/rollup-linux-loong64-gnu": "4.52.5",
-                "@rollup/rollup-linux-ppc64-gnu": "4.52.5",
-                "@rollup/rollup-linux-riscv64-gnu": "4.52.5",
-                "@rollup/rollup-linux-riscv64-musl": "4.52.5",
-                "@rollup/rollup-linux-s390x-gnu": "4.52.5",
-                "@rollup/rollup-linux-x64-gnu": "4.52.5",
-                "@rollup/rollup-linux-x64-musl": "4.52.5",
-                "@rollup/rollup-openharmony-arm64": "4.52.5",
-                "@rollup/rollup-win32-arm64-msvc": "4.52.5",
-                "@rollup/rollup-win32-ia32-msvc": "4.52.5",
-                "@rollup/rollup-win32-x64-gnu": "4.52.5",
-                "@rollup/rollup-win32-x64-msvc": "4.52.5",
+                "@rollup/rollup-android-arm-eabi": "4.52.4",
+                "@rollup/rollup-android-arm64": "4.52.4",
+                "@rollup/rollup-darwin-arm64": "4.52.4",
+                "@rollup/rollup-darwin-x64": "4.52.4",
+                "@rollup/rollup-freebsd-arm64": "4.52.4",
+                "@rollup/rollup-freebsd-x64": "4.52.4",
+                "@rollup/rollup-linux-arm-gnueabihf": "4.52.4",
+                "@rollup/rollup-linux-arm-musleabihf": "4.52.4",
+                "@rollup/rollup-linux-arm64-gnu": "4.52.4",
+                "@rollup/rollup-linux-arm64-musl": "4.52.4",
+                "@rollup/rollup-linux-loong64-gnu": "4.52.4",
+                "@rollup/rollup-linux-ppc64-gnu": "4.52.4",
+                "@rollup/rollup-linux-riscv64-gnu": "4.52.4",
+                "@rollup/rollup-linux-riscv64-musl": "4.52.4",
+                "@rollup/rollup-linux-s390x-gnu": "4.52.4",
+                "@rollup/rollup-linux-x64-gnu": "4.52.4",
+                "@rollup/rollup-linux-x64-musl": "4.52.4",
+                "@rollup/rollup-openharmony-arm64": "4.52.4",
+                "@rollup/rollup-win32-arm64-msvc": "4.52.4",
+                "@rollup/rollup-win32-ia32-msvc": "4.52.4",
+                "@rollup/rollup-win32-x64-gnu": "4.52.4",
+                "@rollup/rollup-win32-x64-msvc": "4.52.4",
                "fsevents": "~2.3.2"
            }
        },
@@ -16785,6 +16776,12 @@
                "node": ">=18"
            }
        },
+        "node_modules/slow-redact": {
+            "version": "0.3.0",
+            "resolved": "https://registry.npmjs.org/slow-redact/-/slow-redact-0.3.0.tgz",
+            "integrity": "sha512-cf723wn9JeRIYP9tdtd86GuqoR5937u64Io+CYjlm2i7jvu7g0H+Cp0l0ShAf/4ZL+ISUTVT+8Qzz7RZmp9FjA==",
+            "license": "MIT"
+        },
        "node_modules/smart-buffer": {
            "version": "4.2.0",
            "resolved": "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz",
@@ -17988,16 +17985,16 @@
            }
        },
        "node_modules/typescript-eslint": {
-            "version": "8.46.2",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.46.2.tgz",
-            "integrity": "sha512-vbw8bOmiuYNdzzV3lsiWv6sRwjyuKJMQqWulBOU7M0RrxedXledX8G8kBbQeiOYDnTfiXz0Y4081E1QMNB6iQg==",
+            "version": "8.46.1",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.46.1.tgz",
+            "integrity": "sha512-VHgijW803JafdSsDO8I761r3SHrgk4T00IdyQ+/UsthtgPRsBWQLqoSxOolxTpxRKi1kGXK0bSz4CoAc9ObqJA==",
            "license": "MIT",
            "peer": true,
            "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.46.2",
-                "@typescript-eslint/parser": "8.46.2",
-                "@typescript-eslint/typescript-estree": "8.46.2",
-                "@typescript-eslint/utils": "8.46.2"
+                "@typescript-eslint/eslint-plugin": "8.46.1",
+                "@typescript-eslint/parser": "8.46.1",
+                "@typescript-eslint/typescript-estree": "8.46.1",
+                "@typescript-eslint/utils": "8.46.1"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -19202,7 +19199,7 @@
            "dependencies": {
                "@goauthentik/prettier-config": "^3.1.0",
                "@goauthentik/tsconfig": "^1.0.4",
-                "@types/node": "^24.9.0",
+                "@types/node": "^24.8.1",
                "@types/semver": "^7.7.1",
                "prettier": "^3.6.2",
                "semver": "^7.7.3",
@@ -19297,7 +19294,7 @@
                "formdata-polyfill": "^4.0.10",
                "jquery": "^3.7.1",
                "prettier": "^3.5.3",
-                "rollup": "^4.52.5",
+                "rollup": "^4.52.4",
                "rollup-plugin-copy": "^3.5.0",
                "weakmap-polyfill": "^2.0.4"
            },
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@goauthentik/web",
-    "version": "2025.10.0-rc2",
+    "version": "2025.10.0-rc1",
    "license": "MIT",
    "private": true,
    "scripts": {
@@ -125,7 +125,7 @@
        "@types/grecaptcha": "^3.0.9",
        "@types/guacamole-common-js": "^1.5.4",
        "@types/mocha": "^10.0.10",
-        "@types/node": "^24.9.0",
+        "@types/node": "^24.8.1",
        "@types/react": "^19.2.2",
        "@types/react-dom": "^19.2.2",
        "@typescript-eslint/eslint-plugin": "^8.38.0",
@@ -144,7 +144,7 @@
        "dompurify": "^3.3.0",
        "esbuild": "^0.25.11",
        "esbuild-plugin-copy": "^2.1.1",
-        "eslint": "^9.38.0",
+        "eslint": "^9.37.0",
        "eslint-plugin-lit": "^2.1.1",
        "eslint-plugin-wc": "^3.0.2",
        "fuse.js": "^7.1.0",
@@ -157,7 +157,7 @@
        "md-front-matter": "^1.0.4",
        "mermaid": "^11.12.0",
        "npm-run-all": "^4.1.5",
-        "pino": "^10.1.0",
+        "pino": "^10.0.0",
        "pino-pretty": "^13.1.2",
        "playwright": "^1.55.1",
        "prettier": "^3.6.2",
@@ -180,7 +180,7 @@
        "turnstile-types": "^1.2.3",
        "type-fest": "^5.1.0",
        "typescript": "^5.9.3",
-        "typescript-eslint": "^8.46.2",
+        "typescript-eslint": "^8.46.1",
        "unist-util-visit": "^5.0.0",
        "vite": "^7.1.10",
        "vitest": "^3.2.4",
@@ -192,9 +192,9 @@
        "@esbuild/darwin-arm64": "^0.25.4",
        "@esbuild/linux-arm64": "^0.25.4",
        "@esbuild/linux-x64": "^0.25.4",
-        "@rollup/rollup-darwin-arm64": "^4.52.5",
-        "@rollup/rollup-linux-arm64-gnu": "^4.52.5",
-        "@rollup/rollup-linux-x64-gnu": "^4.52.5",
+        "@rollup/rollup-darwin-arm64": "^4.52.4",
+        "@rollup/rollup-linux-arm64-gnu": "^4.52.4",
+        "@rollup/rollup-linux-x64-gnu": "^4.52.4",
        "chromedriver": "^141.0.3",
        "p-iteration": "^1.1.8"
    },
--- a/web/packages/core/package.json
+++ b/web/packages/core/package.json
@@ -47,7 +47,7 @@
    "dependencies": {
        "@goauthentik/prettier-config": "^3.1.0",
        "@goauthentik/tsconfig": "^1.0.4",
-        "@types/node": "^24.9.0",
+        "@types/node": "^24.8.1",
        "@types/semver": "^7.7.1",
        "prettier": "^3.6.2",
        "semver": "^7.7.3",
--- a/web/packages/sfe/package.json
+++ b/web/packages/sfe/package.json
@@ -23,7 +23,7 @@
        "formdata-polyfill": "^4.0.10",
        "jquery": "^3.7.1",
        "prettier": "^3.5.3",
-        "rollup": "^4.52.5",
+        "rollup": "^4.52.4",
        "rollup-plugin-copy": "^3.5.0",
        "weakmap-polyfill": "^2.0.4"
    },
--- a/web/src/admin/AdminInterface/index.entrypoint.ts
+++ b/web/src/admin/AdminInterface/index.entrypoint.ts
@@ -99,17 +99,6 @@ export class AdminInterface extends WithCapabilitiesConfig(AuthenticatedInterfac
                display: none;
            }

-            .pf-c-page {
-                background-color: var(--pf-c-page--BackgroundColor) !important;
-            }
-
-            :host([theme="dark"]) {
-                /* Global page background colour */
-                .pf-c-page {
-                    --pf-c-page--BackgroundColor: var(--ak-dark-background);
-                }
-            }
-
            ak-page-navbar {
                grid-area: header;
            }
--- a/web/src/common/styles/authentik.css
+++ b/web/src/common/styles/authentik.css
@@ -7,43 +7,6 @@
    --__AK_UI_BASE__: 1;
 }

-/* #region Global */
-
-:root {
-    --ak-accent: #fd4b2d;
-
-    --ak-dark-foreground: #fafafa;
-    --ak-dark-foreground-darker: #bebebe;
-    --ak-dark-foreground-link: #5a5cb9;
-    --ak-dark-background: #18191a;
-    --ak-dark-background-darker: #000000;
-    --ak-dark-background-light: #1c1e21;
-    --ak-dark-background-light-ish: #212427;
-    --ak-dark-background-lighter: #2b2e33;
-
-    --ak-flow-background-color-contrast: var(--pf-global--Color--100);
-    --ak-flow-footer-color: var(--pf-global--Color--light-100);
-
-    /* PatternFly likes to override global variables for some reason */
-    --ak-global--Color--100: var(--pf-global--Color--100);
-
-    /* Minimum width after which the sidebar becomes automatic */
-    --ak-sidebar--minimum-auto-width: 80rem;
-
-    /**
-     * The height of the navbar and branded sidebar.
-     * @todo This shouldn't be necessary. The sidebar can instead use a grid layout
-     * ensuring they share the same height.
-     */
-    --ak-navbar--height: 7rem;
-
-    --pf-global--disabled-color--100: GrayText;
-    --pf-global--disabled-color--200: color-mix(in srgb, GrayText 100%, CanvasText 75%);
-    --pf-global--disabled-color--300: color-mix(in srgb, GrayText 100%, CanvasText 100%);
-}
-
-/* #endregion */
-
 /* #region Scrollbars */

 /**
@@ -63,6 +26,16 @@
    --ak-scrollbar-thumb-background-color: hsl(0 0% 76%);
 }

+.pf-m-dark {
+    --pf-global--Color--100: var(--pf-global--Color--dark-100);
+    --pf-global--Color--200: var(--pf-global--Color--dark-200);
+    --pf-global--BorderColor--100: var(--pf-global--BorderColor--dark-100);
+    --pf-global--primary-color--100: var(--pf-global--primary-color--dark-100);
+    --pf-global--link--Color: var(--pf-global--link--Color--dark);
+    --pf-global--link--Color--hover: var(--pf-global--link--Color--dark);
+    --pf-global--BackgroundColor--100: var(--pf-global--BackgroundColor--light-100);
+}
+
 /* Applicable to browsers with a WebKit lineage (Chrome, Edge, Safari) */
 ::-webkit-scrollbar {
    background: var(--ak-scrollbar-background-color);
@@ -156,19 +129,6 @@
    color: var(--pf-c-form__label-required--Color);
 }

-html {
-    --pf-c-nav__link--PaddingTop: 0.5rem;
-    --pf-c-nav__link--PaddingRight: 0.5rem;
-    --pf-c-nav__link--PaddingBottom: 0.5rem;
-    --pf-c-nav__link--PaddingLeft: 0.5rem;
-}
-
-html > form > input {
-    position: absolute;
-    top: -2000px;
-    left: -2000px;
-}
-
 /* #endregion */

 /* #region Screen readers */
@@ -334,49 +294,222 @@ ak-tabs[vertical] {

 /* #endregion */

-/* #region Login adjustments */
+/* #region Login */
+
+/* compatibility-mode-fix */
+.pf-c-login.pf-c-login {
+    --ak-login--header-min-height: var(--pf-global--spacer--lg);
+    --ak-login--header-max-height: clamp(0, 45%, 15dvh);
+    --ak-login--max-width: 35rem;
+    --ak-login--main-column-width: minmax(min-content, var(--ak-login--max-width));
+    --pf-c-login__main-footer--PaddingBottom: 0;
+
+    --pf-c-login__main-body--PaddingBottom: clamp(
+        var(--pf-global--spacer--xs),
+        7dvw,
+        var(--pf-global--spacer--3xl)
+    );

-/* Ensure card is displayed on small screens */
-.pf-c-login__main {
-    display: block;
-    position: relative;
-    width: 100%;
    flex: 1 1 auto;
-    place-content: center;
-}

-@media (max-width: 1199px) {
-    .pf-c-login__container {
-        display: flex;
-        flex-direction: column;
+    padding: 0;
+
+    display: grid;
+    justify-content: space-between;
+
+    grid-template-rows:
+        [header] minmax(0, clamp(1rem, 15%, 15dvh))
+        [main] minmax(auto, min-content)
+        [footer] auto;
+
+    grid-template-columns:
+        1fr
+        [main] var(--ak-login--main-column-width)
+        1fr;
+
+    grid-template-areas:
+        "header header header"
+        "  .     main    .   "
+        "footer footer footer";
+
+    &::before {
+        display: block;
+        content: "";
+        background-color: var(--ak-login--background-color-overlay, transparent);
+        z-index: -1;
+        height: 100%;
+        pointer-events: none;
+    }
+
+    &::before,
+    [part="login-overlay"] {
+        grid-row: header / footer;
+        grid-column: header;
+    }
+
+    &::after {
+        display: block;
+        content: "";
+        grid-area: main;
+        z-index: -1;
+        height: 75dvh;
+        pointer-events: none;
    }
 }

-.ak-login-container {
-    max-width: 35rem;
-    width: 100%;
+/* #region Login Main */
+
+.pf-c-login__main {
+    --pf-c-login__container--PaddingLeft: 0 !important;
+    --pf-c-login__container--PaddingRight: 0 !important;
+
+    aspect-ratio: 1.2/ 1;
+    justify-content: space-between;
+    grid-area: main;
+    margin: 0;
+
+    --ak-login--padding-max: 8dvw;
+    --ak-login--padding: clamp(
+        var(--pf-global--spacer--md),
+        var(--pf-global--spacer--2xl),
+        var(--ak-login--padding-max)
+    );
+
+    position: relative;
+    max-width: var(--ak-login--max-width);
+
    display: flex;
-    flex-direction: column;
-    height: calc(100vh - var(--pf-global--spacer--lg) - var(--pf-global--spacer--lg));
+    flex-flow: column;
+
+    .slotted-content {
+        position: relative;
+        flex: 1 1 auto;
+    }
+}
+
+.pf-c-login__main-header {
+    padding-inline: var(--ak-login--padding);
+    padding-block: clamp(var(--pf-global--spacer--xs), 6dvw, var(--pf-global--spacer--lg));
+
+    .pf-c-title {
+        font-size: clamp(1rem, var(--pf-c-title--m-3xl--FontSize), 7dvw);
+    }
+}
+
+.pf-c-login__main-header.pf-c-brand {
+    padding-inline: calc(var(--ak-login--padding) / 4);
+    padding-block-start: clamp(var(--pf-global--spacer--xs), 7dvw, var(--pf-global--spacer--3xl));
+    padding-block-end: calc(var(--ak-login--padding) / 2);
+
+    display: flex;
+    justify-content: center;
+
+    [part="branding-logo"] {
+        display: block;
+        width: clamp(75%, calc(var(--ak-login--max-width) / 2), 90%);
+        min-height: 4rem;
+    }
+}
+
+.pf-c-login__main-body {
+    padding-inline: var(--ak-login--padding);
+}
+
+.pf-c-login__main-footer {
+    display: block;
+}
+
+.pf-c-login__main-footer-band {
+    @media (max-width: 35rem) or (max-height: 17.5rem) {
+        --pf-c-login__main-footer-band--BackgroundColor: transparent !important;
+    }
+}
+
+@media (min-width: 70rem) and (min-height: 17.5rem) {
+    .pf-c-login[data-layout="content_left"],
+    .pf-c-login[data-layout="content_right"] {
+        display: flex;
+        flex-flow: row wrap;
+
+        place-content: space-between;
+        gap: var(--pf-global--spacer--lg);
+
+        .pf-c-login__main,
+        .pf-c-login__footer {
+            align-self: center;
+        }
+    }
+
+    .pf-c-login[data-layout="content_right"] {
+        flex-direction: row-reverse;
+    }
+
+    .pf-c-login[data-layout="sidebar_left"],
+    .pf-c-login[data-layout="sidebar_right"] {
+        --ak-login--max-width: 36rem;
+        --ak-login--background-color-overlay: var(--pf-c-login__main--BackgroundColor);
+        .pf-c-login__main {
+            aspect-ratio: auto;
+
+            height: 100%;
+            justify-content: normal;
+        }
+
+        .pf-c-login__footer {
+            color: inherit;
+            flex: 1 1 auto;
+            justify-content: end;
+            width: 100%;
+        }
+    }
+
+    .pf-c-login[data-layout="sidebar_left"] {
+        grid-template-columns: [main footer] var(--ak-login--main-column-width) repeat(2, 1fr);
+
+        grid-template-areas:
+            "header . ."
+            "main   . ."
+            "footer . .";
+    }
+
+    .pf-c-login[data-layout="sidebar_right"] {
+        grid-template-columns: repeat(2, 1fr) var(--ak-login--main-column-width) [main footer];
+
+        grid-template-areas:
+            ". . header"
+            ". . main  "
+            ". . footer";
+    }
+
+    .pf-c-login__main-footer-band {
+        --pf-c-login__main-footer-band--BackgroundColor: transparent !important;
+    }
+}
+
+/* #endregion */
+
+.pf-c-data-list {
+    padding-inline-start: 0;
 }

 .pf-c-login__footer {
-    color: var(--ak-flow-footer-color);
-    flex: 250 0 auto;
+    --pf-global--Color--100: var(--pf-global--Color--light-100);
+    min-height: var(--pf-global--spacer--2xl);
+    grid-area: footer;
+    flex: 0 0 auto;
    display: flex;
-    justify-content: end;
    flex-direction: column;
-}
+    align-self: end;
+    padding-inline: var(--pf-global--spacer--sm);
+    padding-block: var(--pf-global--spacer--md) !important;

-@media (max-width: 768px) {
-    :root {
-        --ak-flow-footer-color: var(--ak-flow-background-color-contrast);
+    ul.pf-c-list.pf-m-inline {
+        justify-content: center;
    }
-}

-.pf-c-login__footer ul.pf-c-list.pf-m-inline {
-    justify-content: center;
-    padding: 2rem 0;
+    @media (max-width: 35rem) {
+        color: inherit;
+    }
 }

 /* #endregion */
@@ -394,12 +527,6 @@ ak-tabs[vertical] {
    margin-right: var(--pf-global--spacer--sm);
 }

-/* ensure background on non-flow pages match */
-.pf-c-background-image::before {
-    background-image: var(--ak-flow-background);
-    background-position: center;
-}
-
 .pf-m-success {
    color: var(--pf-global--success-color--100) !important;
 }
@@ -448,6 +575,11 @@ fieldset {

    &:has(legend.sr-only) {
        border-width: 0;
+
+        &:not(.pf-c-modal-box__footer) {
+            --ak-legend-padding-inline-base: 0;
+            --ak-legend-margin-inline-base: 0;
+        }
    }

    &.pf-c-form__group {
@@ -464,6 +596,12 @@ fieldset {
        }
    }

+    &.pf-c-login__main-footer-band {
+        & > *:last-child {
+            padding-block-end: var(--pf-c-login__main-footer-band-item--PaddingTop);
+        }
+    }
+
    &.pf-c-modal-box__footer {
        --ak-legend-padding-inline-base: var(--pf-global--spacer--md);
        padding-block: calc(var(--ak-legend-padding-inline-base) / 2);
@@ -571,42 +709,6 @@ fieldset {
    }
 }

-/* Flow-card adjustments for static pages */
-.pf-c-brand {
-    padding-top: calc(
-        var(--pf-c-login__main-footer-links--PaddingTop) +
-            var(--pf-c-login__main-footer-links--PaddingBottom) +
-            var(--pf-c-login__main-body--PaddingBottom)
-    );
-    max-height: 9rem;
-}
-
-.ak-brand {
-    display: flex;
-    justify-content: center;
-    width: 100%;
-}
-
-.ak-brand img {
-    padding: 0 2rem;
-    max-height: inherit;
-}
-
-@media (min-height: 60rem) {
-    .pf-c-login[data-layout="stacked"] .pf-c-login__main {
-        margin-top: 13rem;
-    }
-}
-
-.pf-c-login[data-layout="sidebar_left"],
-.pf-c-login[data-layout="sidebar_right"] {
-    --ak-flow-footer-color: var(--ak-flow-background-color-contrast);
-}
-
-.pf-c-data-list {
-    padding-inline-start: 0;
-}
-
 /* #region Code blocks */

 pre:has(.hljs) {
--- a/web/src/common/styles/layers/global.css
+++ b/web/src/common/styles/layers/global.css
@@ -0,0 +1,83 @@
+/**
+ * @file authentik global layer.
+ */
+
+/* #region Root */
+
+:root {
+    --ak-accent: #fd4b2d;
+
+    --ak-dark-foreground: #fafafa;
+    --ak-dark-foreground-darker: #bebebe;
+    --ak-dark-foreground-link: #5a5cb9;
+    --ak-dark-background: #18191a;
+    --ak-dark-background-darker: #000000;
+    --ak-dark-background-light: #1c1e21;
+    --ak-dark-background-light-ish: #212427;
+    --ak-dark-background-lighter: #2b2e33;
+
+    --ak-global--background-contrast: var(--pf-global--Color--100);
+
+    /* PatternFly likes to override global variables for some reason */
+    --ak-global--Color--100: var(--pf-global--Color--100);
+
+    /* Minimum width after which the sidebar becomes automatic */
+    --ak-sidebar--minimum-auto-width: 80rem;
+
+    /**
+     * The height of the navbar and branded sidebar.
+     * @todo This shouldn't be necessary. The sidebar can instead use a grid layout
+     * ensuring they share the same height.
+     */
+    --ak-navbar--height: 7rem;
+
+    --pf-global--disabled-color--100: GrayText;
+    --pf-global--disabled-color--200: color-mix(in srgb, GrayText 100%, CanvasText 75%);
+    --pf-global--disabled-color--300: color-mix(in srgb, GrayText 100%, CanvasText 100%);
+}
+
+/* #endregion */
+
+/* #region Document */
+
+html,
+body {
+    height: auto;
+    min-height: 100dvh;
+}
+
+body {
+    background-color: var(--ak-global--background-color, var(--pf-global--BackgroundColor--150));
+
+    &::before {
+        content: "";
+        position: fixed;
+        inset: 0;
+        pointer-events: none;
+
+        background-size: cover;
+        background-repeat: no-repeat;
+        background-position: center;
+        background-attachment: local;
+        background-image: none;
+
+        @media (min-width: 35rem) and (min-height: 17.5rem) {
+            background-image: var(--ak-global--background-image, none);
+        }
+    }
+}
+
+/* #endregion */
+
+html {
+    --pf-c-nav__link--PaddingTop: 0.5rem;
+    --pf-c-nav__link--PaddingRight: 0.5rem;
+    --pf-c-nav__link--PaddingBottom: 0.5rem;
+    --pf-c-nav__link--PaddingLeft: 0.5rem;
+}
+
+html > form > input {
+    position: absolute;
+    top: -2000px;
+    left: -2000px;
+}
--- a/web/src/common/styles/layers/global.dark.css
+++ b/web/src/common/styles/layers/global.dark.css
@@ -0,0 +1,29 @@
+/**
+ * @file authentik global dark layer.
+ */
+
+/* #region Global */
+
+:root {
+    /* TODO: We've seemed to have drifted from PF's dark-100 usage. Revisit this after PF 5. */
+    --pf-global--BackgroundColor--100: #1c1e21 !important;
+    --pf-global--BackgroundColor--dark-100: #18191a !important;
+    --pf-global--BackgroundColor--150: var(--pf-global--BackgroundColor--dark-100) !important;
+    --pf-global--BackgroundColor--200: var(--pf-global--BackgroundColor--dark-200) !important;
+    --pf-global--BackgroundColor--300: var(--pf-global--BackgroundColor--dark-300) !important;
+    --pf-global--Color--100: var(--ak-dark-foreground) !important;
+    --ak-global--Color--100: var(--ak-dark-foreground) !important;
+    --pf-global--BorderColor--100: var(--ak-dark-background-lighter) !important;
+    --pf-global--link--Color: var(--pf-global--link--Color--light) !important;
+    --pf-global--link--Color--hover: var(--pf-global--link--Color--light--hover) !important;
+}
+
+/* #endregion */
+
+/* #region Document */
+
+body {
+    color-scheme: dark;
+}
+
+/* #endregion */
--- a/web/src/common/styles/theme-dark.css
+++ b/web/src/common/styles/theme-dark.css
@@ -7,22 +7,6 @@
    --__AK_UI_DARK__: 1;
 }

-/* #region Global */
-
-:root {
-    --pf-global--Color--100: var(--ak-dark-foreground) !important;
-    --ak-global--Color--100: var(--ak-dark-foreground) !important;
-    --pf-c-page__main-section--m-light--BackgroundColor: var(--ak-dark-background-darker);
-    --pf-global--BorderColor--100: var(--ak-dark-background-lighter) !important;
-    --pf-global--link--Color: var(--pf-global--link--Color--light);
-    --pf-global--link--Color--hover: var(--pf-global--link--Color--light--hover);
-}
-
-body {
-    background-color: var(--ak-dark-background) !important;
-    color-scheme: dark;
-}
-
 /* #region Scrollbars */

 :root {
@@ -33,6 +17,27 @@ body {
    --ak-scrollbar-thumb-background-color: hsl(0 0% 42%);
 }

+body:has(ak-flow-executor) {
+    background-color: var(--pf-global--BackgroundColor--150);
+}
+
+/**
+ * Our reversal of Patternfly's light variables requires us to set the colors
+ * back to their defaults when in dark mode.
+ */
+.pf-m-dark {
+    --pf-global--Color--100: var(--pf-global--Color--light-100);
+    --pf-global--Color--200: var(--pf-global--Color--light-200);
+    --pf-global--BorderColor--100: var(--pf-global--BorderColor--light-100);
+    --pf-global--primary-color--100: var(--pf-global--primary-color--light-100);
+    --pf-global--link--Color: var(--pf-global--link--Color--light);
+    --pf-global--link--Color--hover: var(--pf-global--link--Color--light);
+    --pf-global--BackgroundColor--100: var(--pf-global--BackgroundColor--dark-100);
+}
+
+.pf-c-login {
+    --pf-c-login__main--BackgroundColor: var(--pf-global--BackgroundColor--dark-100) !important;
+}
 /* #endregion */

 .pf-c-radio {
@@ -41,15 +46,7 @@ body {

 /* Global page background colour */
 .pf-c-page {
-    --pf-c-page--BackgroundColor: var(--ak-dark-background);
-}
-
-.pf-c-drawer__content {
-    --pf-c-drawer__content--BackgroundColor: var(--ak-dark-background);
-}
-
-.pf-c-title {
-    color: var(--ak-dark-foreground);
+    --pf-c-page--BackgroundColor: var(--pf-global--BackgroundColor--dark-100);
 }

 .pf-u-mb-xl {
@@ -61,7 +58,7 @@ body {
 /* Header sections */

 .pf-c-page__main-section {
-    --pf-c-page__main-section--BackgroundColor: var(--ak-dark-background);
+    --pf-c-page__main-section--BackgroundColor: var(--pf-global--BackgroundColor--dark-100);
 }

 .sidebar-trigger,
@@ -69,26 +66,12 @@ body {
    background-color: transparent !important;
 }

-.pf-c-content {
-    color: var(--ak-dark-foreground);
-}
-
 /* #region Card */

-.pf-c-card {
-    --pf-c-card--BackgroundColor: var(--ak-dark-background-light);
-    color: var(--ak-dark-foreground);
-}
-
 .pf-c-card.pf-m-non-selectable-raised {
    --pf-c-card--BackgroundColor: var(--ak-dark-background-lighter);
 }

-.pf-c-card__title,
-.pf-c-card__body {
-    color: var(--ak-dark-foreground);
-}
-
 /* #endregion */

 /* #region Fields */
@@ -157,8 +140,7 @@ fieldset {
 /* #region Page layout */

 /**
- * Our reversal of the page header on the light theme requires us to set the colors
- * back to their PatternFly defaults.
+ * cf. Color reversal.
 */
 .pf-c-page__header {
    --pf-global--Color--100: var(--pf-global--Color--light-100);
@@ -369,24 +351,15 @@ select.pf-c-form-control {

 /* #region Flows */

-.pf-c-login__main {
-    --pf-c-login__main--BackgroundColor: var(--ak-dark-background);
-}
-
-.pf-c-login__main-body,
-.pf-c-login__main-header,
-.pf-c-login__main-header-desc {
-    color: var(--ak-dark-foreground);
-}
-
-.pf-c-login__main-footer-links-item img,
-.pf-c-login__main-footer-links-item .fas {
-    filter: invert(1);
+@media (min-width: 35rem) and (min-height: 50rem) {
+    .pf-c-login__main-footer-links-item img,
+    .pf-c-login__main-footer-links-item .fas {
+        filter: invert(1);
+    }
 }

 .pf-c-login__main-footer-band {
-    --pf-c-login__main-footer-band--BackgroundColor: var(--ak-dark-background-lighter);
-    color: var(--ak-dark-foreground);
+    --pf-c-login__main-footer-band--BackgroundColor: var(--pf-global--BackgroundColor--dark-300);
 }

 .form-control-static {
--- a/web/src/common/theme.ts
+++ b/web/src/common/theme.ts
@@ -286,6 +286,44 @@ export function applyDocumentTheme(hint: CSSColorSchemeValue | UIThemeHint = "au
    applyStyleSheets(preferredColorScheme);
 }

+/**
+ * A CSS variable representing the global background image.
+ */
+export const AKBackgroundImageProperty = "--ak-global--background-image";
+
+/**
+ * Applies the given background image URL to the document body.
+ *
+ * This method is very defensive to avoid unnecessary DOM repaints.
+ */
+export function applyBackgroundImageProperty(value?: string | null): void {
+    const fallbackOrigin = window.location.origin;
+
+    if (!value || !URL.canParse(value, fallbackOrigin)) {
+        return;
+    }
+
+    const nextBackgroundURL = new URL(value, fallbackOrigin);
+
+    const currentBackgroundImage = getComputedStyle(document.body, "::before").backgroundImage;
+    let currentBackgroundImageURL: URL | null = null;
+
+    if (currentBackgroundImage && currentBackgroundImage !== "none") {
+        // Extract URL from background-image property
+        const [, urlMatch] = currentBackgroundImage.match(/url\(["']?([^"']*)["']?\)/) || [];
+
+        if (URL.canParse(urlMatch)) {
+            currentBackgroundImageURL = new URL(urlMatch, fallbackOrigin);
+        }
+    }
+
+    if (currentBackgroundImageURL && currentBackgroundImageURL.href === nextBackgroundURL.href) {
+        return;
+    }
+
+    document.body.style.setProperty(AKBackgroundImageProperty, `url("${nextBackgroundURL.href}")`);
+}
+
 /**
 * Returns the root interface element of the page.
 *
--- a/web/src/elements/ak-locale-context/ak-locale-context.ts
+++ b/web/src/elements/ak-locale-context/ak-locale-context.ts
@@ -8,7 +8,6 @@ import { EVENT_LOCALE_CHANGE, EVENT_LOCALE_REQUEST } from "#common/constants";
 import { AKElement } from "#elements/Base";
 import { customEvent } from "#elements/utils/customEvents";

-import { html } from "lit";
 import { customElement, property } from "lit/decorators.js";

 /**
@@ -26,6 +25,10 @@ import { customElement, property } from "lit/decorators.js";
 */
@customElement("ak-locale-context")
 export class LocaleContext extends WithBrandConfig(AKElement) {
+    protected createRenderRoot(): HTMLElement | DocumentFragment {
+        return this;
+    }
+
    /// @attribute The text representation of the current locale */
    @property({ attribute: true, type: String })
    locale = DEFAULT_LOCALE;
@@ -90,10 +93,6 @@ export class LocaleContext extends WithBrandConfig(AKElement) {
        // works just fine for almost every use case.
        this.dispatchEvent(customEvent(EVENT_LOCALE_CHANGE));
    }
-
-    render() {
-        return html`<slot></slot>`;
-    }
 }

 export default LocaleContext;
--- a/web/src/flow/FlowExecutor.css
+++ b/web/src/flow/FlowExecutor.css
@@ -0,0 +1,20 @@
+:host {
+    --pf-c-login__main-body--PaddingBottom: var(--pf-global--spacer--2xl);
+    position: relative;
+}
+
+.pf-c-drawer__body {
+    display: flex;
+    flex-flow: column;
+}
+
+.pf-c-drawer__content {
+    --pf-c-drawer__content--BackgroundColor: transparent;
+}
+
+.inspector-toggle {
+    position: absolute;
+    top: 1rem;
+    right: 1rem;
+    z-index: 100;
+}
--- a/web/src/flow/FlowExecutor.ts
+++ b/web/src/flow/FlowExecutor.ts
@@ -9,11 +9,14 @@ import "#flow/stages/FlowErrorStage";
 import "#flow/stages/FlowFrameStage";
 import "#flow/stages/RedirectStage";

+import Styles from "./FlowExecutor.css";
+
 import { DEFAULT_CONFIG } from "#common/api/config";
 import { EVENT_FLOW_ADVANCE, EVENT_FLOW_INSPECTOR_TOGGLE } from "#common/constants";
 import { pluckErrorDetail } from "#common/errors/network";
 import { globalAK } from "#common/global";
 import { configureSentry } from "#common/sentry/index";
+import { applyBackgroundImageProperty } from "#common/theme";
 import { WebsocketClient } from "#common/ws";

 import { Interface } from "#elements/Interface";
@@ -35,7 +38,7 @@ import {
 } from "@goauthentik/api";

 import { msg } from "@lit/localize";
-import { css, CSSResult, html, nothing, PropertyValues, TemplateResult } from "lit";
+import { CSSResult, html, nothing, PropertyValues, TemplateResult } from "lit";
 import { customElement, property, state } from "lit/decorators.js";
 import { unsafeHTML } from "lit/directives/unsafe-html.js";
 import { until } from "lit/directives/until.js";
@@ -48,20 +51,14 @@ import PFLogin from "@patternfly/patternfly/components/Login/login.css";
 import PFTitle from "@patternfly/patternfly/components/Title/title.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";

-const FlowLayoutClasses = {
-    [FlowLayoutEnum.ContentLeft]: "pf-c-login__container",
-    [FlowLayoutEnum.ContentRight]: "pf-c-login__container content-right",
-    [FlowLayoutEnum.SidebarLeft]: "ak-login-container",
-    [FlowLayoutEnum.SidebarRight]: "ak-login-container",
-    [FlowLayoutEnum.Stacked]: "ak-login-container",
-    [FlowLayoutEnum.UnknownDefaultOpenApi]: "ak-login-container",
-} as const satisfies Record<FlowLayoutEnum, string>;
-
@customElement("ak-flow-executor")
 export class FlowExecutor
    extends WithCapabilitiesConfig(WithBrandConfig(Interface))
    implements StageHost
 {
+    static readonly DefaultLayout: FlowLayoutEnum =
+        globalAK()?.flow?.layout || FlowLayoutEnum.Stacked;
+
    //#region Styles

    static styles: CSSResult[] = [
@@ -72,99 +69,7 @@ export class FlowExecutor
        PFTitle,
        PFList,
        PFBackgroundImage,
-        css`
-            :host {
-                --pf-c-login__main-body--PaddingBottom: var(--pf-global--spacer--2xl);
-            }
-            .pf-c-background-image::before {
-                --pf-c-background-image--BackgroundImage: var(--ak-flow-background);
-                --pf-c-background-image--BackgroundImage-2x: var(--ak-flow-background);
-                --pf-c-background-image--BackgroundImage--sm: var(--ak-flow-background);
-                --pf-c-background-image--BackgroundImage--sm-2x: var(--ak-flow-background);
-                --pf-c-background-image--BackgroundImage--lg: var(--ak-flow-background);
-
-                @media (max-width: 768px) {
-                    background: var(--pf-c-login__main--BackgroundColor) !important;
-                }
-            }
-
-            .ak-hidden {
-                display: none;
-            }
-            :host {
-                position: relative;
-            }
-            .pf-c-drawer__content {
-                background-color: transparent;
-            }
-            .pf-c-login {
-                align-items: baseline;
-            }
-            /* layouts */
-            @media (min-height: 60rem) {
-                .pf-c-login[data-layout="stacked"] .pf-c-login__main {
-                    margin-top: 13rem;
-                }
-            }
-            .pf-c-login__container.content-right {
-                grid-template-areas:
-                    "header main"
-                    "footer main"
-                    ". main";
-            }
-            .pf-c-login[data-layout="sidebar_left"] {
-                justify-content: flex-start;
-                padding-top: 0;
-                padding-bottom: 0;
-            }
-            .pf-c-login[data-layout="sidebar_left"] .ak-login-container,
-            .pf-c-login[data-layout="sidebar_right"] .ak-login-container {
-                height: 100%;
-                min-height: 100dvh;
-                background-color: var(--pf-c-login__main--BackgroundColor);
-                padding-inline: var(--pf-global--spacer--lg);
-                padding-block-end: var(--pf-global--spacer--xs);
-            }
-            .pf-c-login[data-layout="sidebar_left"] .pf-c-list,
-            .pf-c-login[data-layout="sidebar_right"] .pf-c-list {
-                color: #000;
-            }
-            .pf-c-login[data-layout="sidebar_right"] {
-                justify-content: flex-end;
-                padding-top: 0;
-                padding-bottom: 0;
-            }
-            :host([theme="dark"]) .pf-c-login[data-layout="sidebar_left"] .ak-login-container,
-            :host([theme="dark"]) .pf-c-login[data-layout="sidebar_right"] .ak-login-container {
-                background-color: var(--ak-dark-background);
-            }
-            :host([theme="dark"]) .pf-c-login[data-layout="sidebar_left"] .pf-c-list,
-            :host([theme="dark"]) .pf-c-login[data-layout="sidebar_right"] .pf-c-list {
-                color: var(--ak-dark-foreground);
-            }
-            .pf-c-brand {
-                padding-top: calc(
-                    var(--pf-c-login__main-footer-links--PaddingTop) +
-                        var(--pf-c-login__main-footer-links--PaddingBottom) +
-                        var(--pf-c-login__main-body--PaddingBottom)
-                );
-                max-height: 9rem;
-            }
-            .ak-brand {
-                display: flex;
-                justify-content: center;
-            }
-            .ak-brand img {
-                padding: 0 2rem;
-                max-height: inherit;
-            }
-            .inspector-toggle {
-                position: absolute;
-                top: 1rem;
-                right: 1rem;
-                z-index: 100;
-            }
-        `,
+        Styles,
    ];

    //#endregion
@@ -204,6 +109,9 @@ export class FlowExecutor
    @state()
    protected inspectorAvailable?: boolean;

+    @state()
+    protected layout: FlowLayoutEnum = FlowExecutor.DefaultLayout;
+
    @state()
    public flowInfo?: ContextualFlowInfo;

@@ -297,8 +205,14 @@ export class FlowExecutor

    // DOM post-processing has to happen after the render.
    public updated(changedProperties: PropertyValues<this>) {
+        super.updated(changedProperties);
+
+        if (changedProperties.has("challenge") && this.challenge?.flowInfo) {
+            this.layout = this.challenge?.flowInfo?.layout || FlowExecutor.DefaultLayout;
+        }
+
        if (changedProperties.has("flowInfo") && this.flowInfo) {
-            this.#setShadowStyles(this.flowInfo);
+            applyBackgroundImageProperty(this.flowInfo.background);
        }
    }

@@ -358,29 +272,10 @@ export class FlowExecutor
            });
    };

-    #setShadowStyles(value: ContextualFlowInfo) {
-        if (!value) return;
-
-        this.shadowRoot
-            ?.querySelectorAll<HTMLDivElement>(".pf-c-background-image")
-            .forEach((bg) => {
-                bg.style.setProperty("--ak-flow-background", `url('${value?.background}')`);
-            });
-    }
-
    //#region Render

-    get layout(): FlowLayoutEnum {
-        return (
-            this.challenge?.flowInfo?.layout || globalAK()?.flow?.layout || FlowLayoutEnum.Stacked
-        );
-    }
-
-    async renderChallenge(): Promise<TemplateResult> {
-        if (!this.challenge) {
-            return html`<ak-flow-card loading></ak-flow-card>`;
-        }
-        switch (this.challenge?.component) {
+    async renderChallenge(component: ChallengeTypes["component"]): Promise<TemplateResult> {
+        switch (component) {
            case "ak-stage-access-denied":
                await import("#flow/stages/access_denied/AccessDeniedStage");
                return html`<ak-stage-access-denied
@@ -569,11 +464,17 @@ export class FlowExecutor
        );
    }

-    render(): TemplateResult {
+    protected renderLoading(): TemplateResult {
+        return html`<div class="slotted-content">
+            <slot></slot>
+        </div>`;
+    }
+
+    public override render(): TemplateResult {
        const { layout } = this;
+        const { component } = this.challenge || {};

        return html`<ak-locale-context>
-            <div class="pf-c-background-image" part="background-image"></div>
            <div class="pf-c-page__drawer" part="page-drawer">
                <div
                    class="pf-c-drawer ${this.inspectorOpen ? "pf-m-expanded" : "pf-m-collapsed"}"
@@ -582,35 +483,44 @@ export class FlowExecutor
                    <div class="pf-c-drawer__main" part="drawer-main">
                        <div class="pf-c-drawer__content" part="drawer-content">
                            <div class="pf-c-drawer__body" part="drawer-body">
-                                <div class="pf-c-login" data-layout=${layout} part="flow">
-                                    <div class=${FlowLayoutClasses[layout]} part="flow-container">
-                                        <main
-                                            class="pf-c-login__main"
-                                            aria-label=${msg("Authentication form")}
-                                            part="flow-main"
+                                <div class="pf-c-login" data-layout=${layout} part="login">
+                                    ${this.loading && this.challenge
+                                        ? html`<ak-loading-overlay
+                                              part="login-overlay"
+                                          ></ak-loading-overlay>`
+                                        : nothing}
+
+                                    <main
+                                        class="pf-c-login__main"
+                                        aria-label=${msg("Authentication form")}
+                                        part="flow-main"
+                                    >
+                                        <div
+                                            class="pf-c-login__main-header pf-c-brand"
+                                            part="branding"
                                        >
-                                            ${this.loading && this.challenge
-                                                ? html`<ak-loading-overlay></ak-loading-overlay>`
-                                                : nothing}
-                                            <div
-                                                class="pf-c-login__main-header pf-c-brand ak-brand"
-                                            >
-                                                <img
-                                                    src="${themeImage(this.brandingLogo)}"
-                                                    alt="${msg("authentik Logo")}"
-                                                    role="presentation"
-                                                />
-                                            </div>
-                                            ${until(this.renderChallenge())}
-                                        </main>
-                                        <ak-brand-links
-                                            part="brand-links"
-                                            role="contentinfo"
-                                            aria-label=${msg("Site footer")}
-                                            class="pf-c-login__footer"
-                                            .links=${this.brandingFooterLinks}
-                                        ></ak-brand-links>
-                                    </div>
+                                            <img
+                                                part="branding-logo"
+                                                src="${themeImage(this.brandingLogo)}"
+                                                alt="${msg("authentik Logo")}"
+                                                role="presentation"
+                                            />
+                                        </div>
+                                        ${component
+                                            ? until(this.renderChallenge(component))
+                                            : this.renderLoading()}
+                                    </main>
+
+                                    <ak-brand-links
+                                        part="brand-links"
+                                        role="contentinfo"
+                                        aria-label=${msg("Site footer")}
+                                        class="pf-c-login__footer ${layout ===
+                                        FlowLayoutEnum.Stacked
+                                            ? "pf-m-dark"
+                                            : ""}"
+                                        .links=${this.brandingFooterLinks}
+                                    ></ak-brand-links>
                                </div>
                            </div>
                        </div>
--- a/web/src/flow/FlowInspector.css
+++ b/web/src/flow/FlowInspector.css
@@ -2,10 +2,6 @@
    height: 100dvh;
 }

-.pf-c-card {
-    --pf-c-card--BackgroundColor: var(--pf-c-notification-drawer--BackgroundColor);
-}
-
 :host {
    background-color: var(--pf-c-notification-drawer--BackgroundColor);
 }
--- a/web/src/flow/components/ak-flow-card.ts
+++ b/web/src/flow/components/ak-flow-card.ts
@@ -1,10 +1,11 @@
 import "#elements/EmptyState";

 import { AKElement } from "#elements/Base";
+import { SlottedTemplateResult } from "#elements/types";

 import { ChallengeTypes } from "@goauthentik/api";

-import { css, CSSResult, html, nothing } from "lit";
+import { CSSResult, html } from "lit";
 import { customElement, property } from "lit/decorators.js";

 import PFLogin from "@patternfly/patternfly/components/Login/login.css";
@@ -30,32 +31,7 @@ export class FlowCard extends AKElement {
    @property({ type: Boolean })
    loading = false;

-    static styles: CSSResult[] = [
-        PFBase,
-        PFLogin,
-        PFTitle,
-        css`
-            .pf-c-login__main-footer {
-                display: block;
-            }
-
-            slot[name="footer-band"] {
-                text-align: center;
-                background-color: var(--pf-c-login__main-footer-band--BackgroundColor);
-                padding: 0;
-                margin-top: 1em;
-            }
-
-            .pf-c-login__main-body {
-                --pf-c-login__main-body--md--PaddingLeft: var(--pf-global--spacer--md);
-                --pf-c-login__main-body--md--PaddingRight: var(--pf-global--spacer--md);
-            }
-
-            .pf-c-login__main-body:last-child {
-                padding-bottom: calc(var(--pf-c-login__main-header--PaddingTop) * 1.2);
-            }
-        `,
-    ];
+    static styles: CSSResult[] = [PFBase, PFLogin, PFTitle];

    render() {
        let inner = html`<slot></slot>`;
@@ -63,25 +39,22 @@ export class FlowCard extends AKElement {
            inner = html`<ak-empty-state loading default-label></ak-empty-state>`;
        }
        // No title if the challenge doesn't provide a title and no custom title is set
-        let title = undefined;
+        let title: null | SlottedTemplateResult = null;
        if (this.hasSlotted("title")) {
            title = html`<h1 class="pf-c-title pf-m-3xl"><slot name="title"></slot></h1>`;
        } else if (this.challenge?.flowInfo?.title) {
            title = html`<h1 class="pf-c-title pf-m-3xl">${this.challenge.flowInfo.title}</h1>`;
        }
-        return html`${title ? html`<div class="pf-c-login__main-header">${title}</div>` : nothing}
+        const footer = this.hasSlotted("footer") ? html`<slot name="footer"></slot>` : null;
+        const footerBand = this.hasSlotted("footer-band")
+            ? html`<slot name="footer-band"></slot>`
+            : null;
+
+        return html`${title ? html`<div class="pf-c-login__main-header">${title}</div>` : null}
            <div class="pf-c-login__main-body">${inner}</div>
-            ${this.hasSlotted("footer") || this.hasSlotted("footer-band")
-                ? html`<footer class="pf-c-login__main-footer">
-                      ${this.hasSlotted("footer") ? html`<slot name="footer"></slot>` : nothing}
-                      ${this.hasSlotted("footer-band")
-                          ? html`<slot
-                                name="footer-band"
-                                class="pf-c-login__main-footer-band"
-                            ></slot>`
-                          : nothing}
-                  </footer>`
-                : nothing}`;
+            ${footer || footerBand
+                ? html`<div class="pf-c-login__main-footer">${footer}${footerBand}</div>`
+                : null}`;
    }
 }

--- a/web/src/flow/stages/authenticator_validate/AuthenticatorValidateStage.css
+++ b/web/src/flow/stages/authenticator_validate/AuthenticatorValidateStage.css
@@ -0,0 +1,22 @@
+.authenticator-button {
+    /* compatibility-mode-fix */
+    & {
+        align-items: center;
+        width: 100%;
+        display: grid;
+        grid-template-columns: minmax(auto, 2rem) minmax(33%, max-content);
+        gap: var(--pf-global--spacer--lg);
+    }
+
+    &:hover {
+        background-color: var(--pf-global--BackgroundColor--200);
+    }
+}
+
+i {
+    font-size: var(--pf-global--icon--FontSize--lg);
+}
+
+.content {
+    text-align: left;
+}
--- a/web/src/flow/stages/authenticator_validate/AuthenticatorValidateStage.ts
+++ b/web/src/flow/stages/authenticator_validate/AuthenticatorValidateStage.ts
@@ -3,6 +3,8 @@ import "#flow/stages/authenticator_validate/AuthenticatorValidateStageCode";
 import "#flow/stages/authenticator_validate/AuthenticatorValidateStageDuo";
 import "#flow/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn";

+import Styles from "./AuthenticatorValidateStage.css";
+
 import { DEFAULT_CONFIG } from "#common/api/config";

 import { BaseStage, StageHost, SubmitOptions } from "#flow/stages/base";
@@ -19,8 +21,9 @@ import {
 } from "@goauthentik/api";

 import { msg } from "@lit/localize";
-import { css, CSSResult, html, nothing, PropertyValues, TemplateResult } from "lit";
+import { CSSResult, html, nothing, PropertyValues, TemplateResult } from "lit";
 import { customElement, state } from "lit/decorators.js";
+import { repeat } from "lit/directives/repeat.js";

 import PFButton from "@patternfly/patternfly/components/Button/button.css";
 import PFForm from "@patternfly/patternfly/components/Form/form.css";
@@ -29,39 +32,6 @@ import PFLogin from "@patternfly/patternfly/components/Login/login.css";
 import PFTitle from "@patternfly/patternfly/components/Title/title.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";

-const customCSS = css`
-    .authenticator-button {
-        /* compatibility-mode-fix */
-        & {
-            align-items: center;
-            width: 100%;
-            display: grid;
-            grid-template-columns: auto 1fr;
-            gap: var(--pf-global--spacer--md);
-        }
-
-        &:hover {
-            background-color: var(--pf-global--Color--light-200);
-        }
-    }
-    :host([theme="dark"]) .authenticator-button {
-        color: var(--ak-dark-foreground) !important;
-
-        &:hover {
-            background-color: var(--pf-global--Color--300);
-        }
-    }
-
-    i {
-        font-size: 1.5rem;
-        padding: 1rem 0;
-        width: 3rem;
-    }
-    .content {
-        text-align: left;
-    }
-`;
-
 interface DevicePickerProps {
    icon?: string;
    label: string;
@@ -121,7 +91,7 @@ export class AuthenticatorValidateStage
        PFFormControl,
        PFTitle,
        PFButton,
-        customCSS,
+        Styles,
    ];

    flowSlug = "";
@@ -227,36 +197,42 @@ export class AuthenticatorValidateStage
            return nothing;
        }

-        const deviceChallengeButtons = this.challenge.deviceChallenges.map((challenges, idx) => {
-            const buttonID = `device-challenge-${idx}`;
-            const labelID = `${buttonID}-label`;
-            const descriptionID = `${buttonID}-description`;
+        const { deviceChallenges } = this.challenge;

-            const { icon, label, description } = DevicePickerPropMap[challenges.deviceClass];
+        const deviceChallengeButtons = repeat(
+            deviceChallenges,
+            (challenges) => challenges.deviceUid,
+            (challenges, idx) => {
+                const buttonID = `device-challenge-${idx}`;
+                const labelID = `${buttonID}-label`;
+                const descriptionID = `${buttonID}-description`;

-            return html`
-                <button
-                    id=${buttonID}
-                    aria-labelledby=${labelID}
-                    aria-describedby=${descriptionID}
-                    class="pf-c-button authenticator-button"
-                    type="button"
-                    @click=${() => {
-                        this.selectedDeviceChallenge = challenges;
-                    }}
-                >
-                    <i class="fas ${icon}" aria-hidden="true"></i>
-                    <div class="content">
-                        <p id=${labelID}>${label}</p>
-                        <small id=${descriptionID}>${description}</small>
-                    </div>
-                </button>
-            `;
-        });
+                const { icon, label, description } = DevicePickerPropMap[challenges.deviceClass];
+
+                return html`
+                    <button
+                        id=${buttonID}
+                        aria-labelledby=${labelID}
+                        aria-describedby=${descriptionID}
+                        class="pf-c-button authenticator-button"
+                        type="button"
+                        @click=${() => {
+                            this.selectedDeviceChallenge = challenges;
+                        }}
+                    >
+                        <i class="fas ${icon}" aria-hidden="true"></i>
+                        <div class="content">
+                            <h1 class="pf-c-title pf-m-sm" id=${labelID}>${label}</h1>
+                            <p class="pf-c-form__helper-text" id=${descriptionID}>${description}</p>
+                        </div>
+                    </button>
+                `;
+            },
+        );

        return html`<fieldset class="pf-c-form__group pf-m-action" name="device-challenges">
            <legend class="pf-c-title">${msg("Select an authentication method")}</legend>
-            ${deviceChallengeButtons.length
+            ${deviceChallenges.length
                ? deviceChallengeButtons
                : msg("No authentication methods available.")}
        </fieldset>`;
@@ -267,23 +243,27 @@ export class AuthenticatorValidateStage
            return nothing;
        }

-        const stageButtons = this.challenge.configurationStages.map((stage) => {
-            return html`<button
-                class="pf-c-button authenticator-button"
-                type="button"
-                @click=${() => {
-                    this.submit({
-                        component: this.challenge.component || "",
-                        selectedStage: stage.pk,
-                    });
-                }}
-            >
-                <div class="content">
-                    <p>${stage.name}</p>
-                    <small>${stage.verboseName}</small>
-                </div>
-            </button>`;
-        });
+        const stageButtons = repeat(
+            this.challenge.configurationStages,
+            (stage) => stage.pk,
+            (stage) => {
+                return html`<button
+                    class="pf-c-button authenticator-button"
+                    type="button"
+                    @click=${() => {
+                        this.submit({
+                            component: this.challenge.component || "",
+                            selectedStage: stage.pk,
+                        });
+                    }}
+                >
+                    <div class="content">
+                        <h1 class="pf-c-title pf-m-sm">${stage.name}</h1>
+                        <p class="pf-c-form__helper-text">${stage.verboseName}</p>
+                    </div>
+                </button>`;
+            },
+        );

        return html`<fieldset class="pf-c-form__group pf-m-action" name="stages">
            <legend class="sr-only">${msg("Select a configuration stage")}</legend>
--- a/web/src/flow/stages/identification/IdentificationStage.ts
+++ b/web/src/flow/stages/identification/IdentificationStage.ts
@@ -24,6 +24,7 @@ import { msg, str } from "@lit/localize";
 import { css, CSSResult, html, nothing, PropertyValues, TemplateResult } from "lit";
 import { customElement, property, state } from "lit/decorators.js";
 import { createRef, ref } from "lit/directives/ref.js";
+import { repeat } from "lit/directives/repeat.js";

 import PFAlert from "@patternfly/patternfly/components/Alert/alert.css";
 import PFButton from "@patternfly/patternfly/components/Button/button.css";
@@ -286,24 +287,33 @@ export class IdentificationStage extends BaseStage<
    }

    renderFooter() {
-        if (!this.challenge?.enrollUrl && !this.challenge?.recoveryUrl) {
+        const { enrollUrl, recoveryUrl } = this.challenge || {};
+
+        const enrollmentItem = enrollUrl
+            ? html`<div class="pf-c-login__main-footer-band-item">
+                  ${msg("Need an account?")}
+                  <a id="enroll" href="${enrollUrl}">${msg("Sign up.")}</a>
+              </div>`
+            : null;
+
+        const recoveryItem = recoveryUrl
+            ? html`<div class="pf-c-login__main-footer-band-item">
+                  <a id="recovery" href="${recoveryUrl}">${msg("Forgot username or password?")}</a>
+              </div>`
+            : null;
+
+        if (!enrollmentItem && !recoveryItem) {
            return nothing;
        }
-        return html`<div slot="footer-band" class="pf-c-login__main-footer-band">
-            ${this.challenge.enrollUrl
-                ? html`<p class="pf-c-login__main-footer-band-item">
-                      ${msg("Need an account?")}
-                      <a id="enroll" href="${this.challenge.enrollUrl}">${msg("Sign up.")}</a>
-                  </p>`
-                : nothing}
-            ${this.challenge.recoveryUrl
-                ? html`<p class="pf-c-login__main-footer-band-item">
-                      <a id="recovery" href="${this.challenge.recoveryUrl}"
-                          >${msg("Forgot username or password?")}</a
-                      >
-                  </p>`
-                : nothing}
-        </div>`;
+
+        return html`<fieldset
+            slot="footer-band"
+            part="additional-actions"
+            class="pf-c-login__main-footer-band"
+        >
+            <legend class="sr-only">${msg("Additional actions")}</legend>
+            ${enrollmentItem} ${recoveryItem}
+        </fieldset>`;
    }

    renderInput(): TemplateResult {
@@ -404,7 +414,7 @@ export class IdentificationStage extends BaseStage<
    }

    render(): TemplateResult {
-        return html`<ak-flow-card .challenge=${this.challenge}>
+        return html`<ak-flow-card .challenge=${this.challenge} part="flow-card">
            <form class="pf-c-form" @submit=${this.submitForm}>
                ${this.challenge.applicationPre
                    ? html`<p>
@@ -425,13 +435,15 @@ export class IdentificationStage extends BaseStage<
                      `
                    : nothing}
            </form>
-            ${(this.challenge.sources || []).length > 0
+            ${this.challenge.sources?.length
                ? html`<ul slot="footer" class="pf-c-login__main-footer-links">
-                      ${(this.challenge.sources || []).map((source) => {
-                          return this.renderSource(source);
-                      })}
+                      ${repeat(
+                          this.challenge.sources,
+                          (source) => source.name,
+                          (source) => this.renderSource(source),
+                      )}
                  </ul> `
-                : nothing}
+                : null}
            ${this.renderFooter()}
        </ak-flow-card>`;
    }
--- a/web/src/flow/stages/password/PasswordStage.ts
+++ b/web/src/flow/stages/password/PasswordStage.ts
@@ -10,7 +10,7 @@ import { PasswordManagerPrefill } from "#flow/stages/identification/Identificati
 import { PasswordChallenge, PasswordChallengeResponseRequest } from "@goauthentik/api";

 import { msg } from "@lit/localize";
-import { CSSResult, html, nothing, TemplateResult } from "lit";
+import { CSSResult, html, TemplateResult } from "lit";
 import { customElement } from "lit/decorators.js";
 import { ifDefined } from "lit/directives/if-defined.js";

@@ -79,12 +79,17 @@ export class PasswordStage extends BaseStage<PasswordChallenge, PasswordChalleng
                </fieldset>
            </form>
            ${this.challenge.recoveryUrl
-                ? html`<div slot="footer-band" class="pf-c-login__main-footer-band">
-                      <p class="pf-c-login__main-footer-band-item">
-                          <a href="${this.challenge.recoveryUrl}"> ${msg("Forgot password?")}</a>
-                      </p>
-                  </div>`
-                : nothing}
+                ? html`<fieldset
+                      slot="footer-band"
+                      part="additional-actions"
+                      class="pf-c-login__main-footer-band"
+                  >
+                      <legend class="sr-only">${msg("Additional actions")}</legend>
+                      <div class="pf-c-login__main-footer-band-item">
+                          <a href="${this.challenge.recoveryUrl}">${msg("Forgot password?")}</a>
+                      </div>
+                  </fieldset>`
+                : null}
        </ak-flow-card>`;
    }
 }
--- a/web/src/standalone/loading/index.entrypoint.ts
+++ b/web/src/standalone/loading/index.entrypoint.ts
@@ -7,8 +7,6 @@ import { msg } from "@lit/localize";
 import { css, html, TemplateResult } from "lit";
 import { customElement } from "lit/decorators.js";

-import PFEmptyState from "@patternfly/patternfly/components/EmptyState/empty-state.css";
-import PFPage from "@patternfly/patternfly/components/Page/page.css";
 import PFSpinner from "@patternfly/patternfly/components/Spinner/spinner.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";

@@ -16,12 +14,23 @@ import PFBase from "@patternfly/patternfly/patternfly-base.css";
 export class Loading extends AKElement {
    static styles = [
        PFBase,
-        PFPage,
        PFSpinner,
-        PFEmptyState,
        css`
-            :host([theme="dark"]) h1 {
-                color: var(--ak-dark-foreground);
+            :host {
+                position: absolute;
+                inset: 0;
+                display: flex;
+                flex-flow: column;
+                place-items: center;
+                justify-content: center;
+                text-align: center;
+                gap: var(--pf-global--spacer--md);
+            }
+
+            label {
+                font-size: var(--pf-global--FontSize--xl);
+                font-weight: var(--pf-global--FontWeight--normal);
+                font-family: var(--pf-global--FontFamily--heading--sans-serif);
            }
        `,
    ];
@@ -38,24 +47,17 @@ export class Loading extends AKElement {
    }

    render(): TemplateResult {
-        return html`<section
-            class="ak-static-page pf-c-page__main-section pf-m-no-padding-mobile pf-m-xl"
-        >
-            <div class="pf-c-empty-state" style="height: 100vh;">
-                <div class="pf-c-empty-state__content">
-                    <span
-                        class="pf-c-spinner pf-m-xl"
-                        role="progressbar"
-                        aria-valuetext="${msg("Loading...")}"
-                    >
-                        <span class="pf-c-spinner__clipper"></span>
-                        <span class="pf-c-spinner__lead-ball"></span>
-                        <span class="pf-c-spinner__tail-ball"></span>
-                    </span>
-                    <h1 class="pf-c-title pf-m-lg">${msg("Loading...")}</h1>
-                </div>
-            </div>
-        </section>`;
+        return html`<span class="pf-c-spinner pf-m-xl" aria-hidden="true">
+                <span class="pf-c-spinner__clipper"></span>
+                <span class="pf-c-spinner__lead-ball"></span>
+                <span class="pf-c-spinner__tail-ball"></span>
+            </span>
+            <label for="progress" class="pf-c-title pf-m-lg">${msg("Loading")}</label>
+            <progress
+                class="sr-only"
+                id="progress"
+                aria-valuetext=${msg("Please wait while the content is loading")}
+            ></progress>`;
    }
 }

--- a/web/src/user/LibraryPage/ak-library-application-list.css
+++ b/web/src/user/LibraryPage/ak-library-application-list.css
@@ -32,7 +32,6 @@

 .pf-c-card {
    --pf-c-card--BoxShadow: var(--pf-global--BoxShadow--md-bottom);
-    --pf-c-card--BackgroundColor: var(--pf-global--BackgroundColor--150);

    transition: box-shadow 150ms ease-in-out;
    border: 0.5px solid var(--pf-global--BorderColor--100);
--- a/web/xliff/cs_CZ.xlf
+++ b/web/xliff/cs_CZ.xlf
--- a/web/xliff/de.xlf
+++ b/web/xliff/de.xlf
@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
  <file target-language="de" source-language="en" original="lit-localize-inputs" datatype="plaintext">
    <body>
      <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
        
      </trans-unit>
      <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>Die URL &quot;
-<x id="0" equiv-text="${this.url}"/>&quot; wurde nicht gefunden.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>Die URL "
+<x id="0" equiv-text="${this.url}"/>" wurde nicht gefunden.</target>
        
      </trans-unit>
      <trans-unit id="s58cd9c2fe836d9c6">
@@ -1662,8 +1662,8 @@
        
      </trans-unit>
      <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>Geben Sie entweder eine vollständige URL oder einen relativen Pfad ein oder geben Sie 'fa://fa-test' ein, um das Font Awesome-Icon &quot;fa-test&quot; zu verwenden</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>Geben Sie entweder eine vollständige URL oder einen relativen Pfad ein oder geben Sie 'fa://fa-test' ein, um das Font Awesome-Icon "fa-test" zu verwenden</target>
        
      </trans-unit>
      <trans-unit id="s0410779cb47de312">
@@ -3649,10 +3649,10 @@ Hier können nur Policies verwendet werden, da der Zugriff geprüft wird, bevor
        
      </trans-unit>
      <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
        <target>Bist du sicher, dass du
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot;aktualisieren möchtest?</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>"aktualisieren möchtest?</target>
        
      </trans-unit>
      <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4681,8 +4681,8 @@ Beim Erstellen eines festen Auswahlfelds aktiviere „Als Ausdruck interpretiere
        
      </trans-unit>
      <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
-        <target>Ein &quot;Roaming&quot;-Authentifikator, wie ein YubiKey</target>
+        <source>A "roaming" authenticator, like a YubiKey</source>
+        <target>Ein "Roaming"-Authentifikator, wie ein YubiKey</target>
        
      </trans-unit>
      <trans-unit id="sfffba7b23d8fb40c">
@@ -5040,7 +5040,7 @@ Beim Erstellen eines festen Auswahlfelds aktiviere „Als Ausdruck interpretiere
        
      </trans-unit>
      <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
        <target>Wenn auf eine Dauer größer als 0 gesetzt, hat der Benutzer die Option „Angemeldet bleiben“, wodurch seine Sitzung um die hier angegebene Zeit verlängert wird.</target>
        
      </trans-unit>
@@ -6719,6 +6719,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
 </trans-unit>
 <trans-unit id="sde9a3f41977ec1f8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${internalUsers}"/> current internal users and <x id="1" equiv-text="${forecastedInternalUsers}"/> forecasted internal users.</source>
+  <target>Geschätzte Nutzerzahl in einem Jahr auf der Grundlage der aktuellen <x id="0" equiv-text="${this.forecast?.internalUsers}"/> internen Nutzer und der <x id="1" equiv-text="${this.forecast?.forecastedInternalUsers}"/>prognostizierten internen Nutzer.</target>
 </trans-unit>
 <trans-unit id="s4557b6b9da258643">
  <source>Forecast external users</source>
@@ -6726,6 +6727,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
 </trans-unit>
 <trans-unit id="sf52479d6daa0a4a8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${externalUsers}"/> current external users and <x id="1" equiv-text="${forecastedExternalUsers}"/> forecasted external users.</source>
+  <target>Geschätzte Nutzerzahl in einem Jahr auf der Grundlage der <x id="0" equiv-text="${this.forecast?.externalUsers}"/> aktuellen externen Nutzer und der <x id="1" equiv-text="${this.forecast?.forecastedExternalUsers}"/>prognostizierten externen Nutzer.</target>
 </trans-unit>
 <trans-unit id="s6196153c4b0c1ea0">
  <source>Install</source>
@@ -7201,7 +7203,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <target>Benutzer erfolgreich erstellt und zu Gruppe <x id="0" equiv-text="${this.group.name}"/> hinzugefügt.</target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
  <target>Dieser Benutzer wird der Gruppe &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot; hinzugefügt.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8450,7 +8452,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <target>Gruppe synchronisieren</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
  <target><x id="0" equiv-text="${p.name}"/> (&amp;quot;<x id="1" equiv-text="${p.fieldKey}"/>&amp;quot;, vom typ <x id="2" equiv-text="${p.type}"/>)</target>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
@@ -8698,8 +8700,8 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <target>Gültige Redirect-URIs nach einem erfolgreichen Autorisierungsflow. Gib hier auch alle Origins für Implicit-Flows an.</target>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-  <target>Um jede Redirect-URI zu erlauben, setze den Modus auf Regex und den Wert auf &quot;.*&quot;. Beachte die möglichen Sicherheitsimplikationen.</target>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
+  <target>Um jede Redirect-URI zu erlauben, setze den Modus auf Regex und den Wert auf ".*". Beachte die möglichen Sicherheitsimplikationen.</target>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
  <source>Federated OIDC Sources</source>
@@ -9436,7 +9438,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <target>Wie die Authentifizierung während eines Authorization-Code-Token-Anforderungsflows durchgeführt wird</target>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
+  <source>Enable "Remember me on this device"</source>
  <target>„Angemeldet bleiben auf diesem Gerät“ aktivieren</target>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
@@ -9841,7 +9843,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <target>z.B. Collaboration, Communication, Intern usw.</target>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
  <target>Fehler beim Abrufen der Applikation &amp;quot;<x id="0" equiv-text="${this.applicationSlug}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
@@ -9969,11 +9971,11 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <target><x id="0" equiv-text="${this.label || &quot;&quot;}"/> Tabellen-Paginierung</target>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
  <target>Sortieren nach &amp;quot;<x id="0" equiv-text="${label}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
  <target>Zeile &amp;quot;<x id="0" equiv-text="${rowLabel}"/>&amp;quot; auswählen</target>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
@@ -10057,7 +10059,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <target>Provider ist keiner Anwendung zugewiesen.</target>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
  <target>Provider &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot; bearbeiten</target>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
@@ -10065,19 +10067,19 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <target>Anwendungsdokumentation</target>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
  <target>Anwendungssymbol für  &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
  <target>&amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot; bearbeiten</target>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
  <target>&amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot; ausführen</target>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
  <target>&amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot; exportieren</target>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
@@ -10085,11 +10087,11 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <target>Gerät bearbeiten</target>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
  <target>&amp;quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&amp;quot; Berechtigungen aktualisieren</target>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
  <target>&amp;quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&amp;quot; Berechtigungsdialog öffnen</target>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
@@ -10111,11 +10113,11 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <target>OCI Support</target>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
  <target>Blueprint &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot; bearbeiten</target>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
  <target>Blueprint &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot; anwenden</target>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
@@ -10233,7 +10235,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
  <source>Verify Assertion Signature</source>
@@ -10281,16 +10283,16 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
  <source>API drawer</source>
@@ -10413,7 +10415,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
  <source>New Group</source>
@@ -10440,16 +10442,16 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
  <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
  <source>Use inspector</source>
@@ -10638,7 +10640,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
  <source>SAML Provider</source>
@@ -10665,7 +10667,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
  <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
  <source>Edit application...</source>
@@ -10694,4 +10696,4 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
 </trans-unit>
    </body>
  </file>
-</xliff>
+</xliff>
--- a/web/xliff/es.xlf
+++ b/web/xliff/es.xlf
@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
  <file target-language="es" source-language="en" original="lit-localize-inputs" datatype="plaintext">
    <body>
      <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
        
      </trans-unit>
      <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>El URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot; no fue encontrado.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>El URL "
+        <x id="0" equiv-text="${this.url}"/>" no fue encontrado.</target>
        
      </trans-unit>
      <trans-unit id="s58cd9c2fe836d9c6">
@@ -1662,7 +1662,7 @@
        
      </trans-unit>
      <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
        <target>Ingrese una URL completa, una ruta relativa o use 'fa: //fa-test' para usar el ícono Font Awesome «fa-test».</target>
        
      </trans-unit>
@@ -3651,10 +3651,10 @@ no se aprueba cuando una o ambas de las opciones seleccionadas son iguales o sup
        
      </trans-unit>
      <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
        <target>¿Estás seguro de que deseas actualizar
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot;?</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>"?</target>
        
      </trans-unit>
      <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4684,8 +4684,8 @@ no se aprueba cuando una o ambas de las opciones seleccionadas son iguales o sup
        
      </trans-unit>
      <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
-        <target>Un autenticador &quot;roaming&quot;, como una YubiKey</target>
+        <source>A "roaming" authenticator, like a YubiKey</source>
+        <target>Un autenticador "roaming", como una YubiKey</target>
        
      </trans-unit>
      <trans-unit id="sfffba7b23d8fb40c">
@@ -5043,8 +5043,8 @@ no se aprueba cuando una o ambas de las opciones seleccionadas son iguales o sup
        
      </trans-unit>
      <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
-        <target>Si se establece en una duración mayor a 0, el usuario tendrá la opción de &quot;mantener la sesión iniciada&quot;, lo que extenderá su sesión por el tiempo especificado aquí.</target>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
+        <target>Si se establece en una duración mayor a 0, el usuario tendrá la opción de "mantener la sesión iniciada", lo que extenderá su sesión por el tiempo especificado aquí.</target>
        
      </trans-unit>
      <trans-unit id="s542a71bb8f41e057">
@@ -6724,6 +6724,7 @@ Las vinculaciones a grupos/usuarios se verifican en función del usuario del eve
 </trans-unit>
 <trans-unit id="sde9a3f41977ec1f8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${internalUsers}"/> current internal users and <x id="1" equiv-text="${forecastedInternalUsers}"/> forecasted internal users.</source>
+  <target>Cantidad estimada de usuarios dentro de un año basada en <x id="0" equiv-text="${this.forecast?.internalUsers}"/> usuarios internos actuales y <x id="1" equiv-text="${this.forecast?.forecastedInternalUsers}"/> usuarios internos pronosticados.</target>
 </trans-unit>
 <trans-unit id="s4557b6b9da258643">
  <source>Forecast external users</source>
@@ -6731,6 +6732,7 @@ Las vinculaciones a grupos/usuarios se verifican en función del usuario del eve
 </trans-unit>
 <trans-unit id="sf52479d6daa0a4a8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${externalUsers}"/> current external users and <x id="1" equiv-text="${forecastedExternalUsers}"/> forecasted external users.</source>
+  <target>Cantidad estimada de usuarios dentro de un año basada en <x id="0" equiv-text="${this.forecast?.externalUsers}"/> usuarios externos actuales y <x id="1" equiv-text="${this.forecast?.forecastedExternalUsers}"/> usuarios externos pronosticados.</target>
 </trans-unit>
 <trans-unit id="s6196153c4b0c1ea0">
  <source>Install</source>
@@ -7087,6 +7089,7 @@ Las vinculaciones a grupos/usuarios se verifican en función del usuario del eve
 </trans-unit>
 <trans-unit id="s7e796fe83982863f">
  <source>Role <x id="0" equiv-text="${this._role.name}"/></source>
+  <target>Role <x id="0" equiv-text="${this._role?.name || &quot;&quot;}"/></target>
 </trans-unit>
 <trans-unit id="s526e2c66bd51ff5f">
  <source>Role Info</source>
@@ -7205,7 +7208,7 @@ Las vinculaciones a grupos/usuarios se verifican en función del usuario del eve
  <target>Usuario creado correctamente y agregado al grupo <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
  <target>Este usuario se agregará al grupo. &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8455,7 +8458,7 @@ Las vinculaciones a grupos/usuarios se verifican en función del usuario del eve
  <target>Sincronizar Grupo</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
  <target><x id="0" equiv-text="${p.name}"/> (&amp;quot;<x id="1" equiv-text="${p.fieldKey}"/>&amp;quot;, of type <x id="2" equiv-text="${p.type}"/>)</target>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
@@ -8703,8 +8706,8 @@ Las vinculaciones a grupos/usuarios se verifican en función del usuario del eve
  <target>URI de redirección válidas tras un flujo de autorización exitoso. Especifique también aquí los orígenes de los flujos implícitos.</target>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-  <target>Para permitir cualquier URI de redirección, configure el modo en Expresión Regular y el valor en &quot;.*&quot;. Tenga en cuenta las posibles implicaciones de seguridad que esto puede tener.</target>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
+  <target>Para permitir cualquier URI de redirección, configure el modo en Expresión Regular y el valor en ".*". Tenga en cuenta las posibles implicaciones de seguridad que esto puede tener.</target>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
  <source>Federated OIDC Sources</source>
@@ -9442,8 +9445,8 @@ Si se deja vacío, AuthnContextClassRef se establecerá según los métodos de a
  <target>Cómo realizar la autenticación durante un flujo de solicitud de token de código de autorización</target>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
-  <target>Habilita &quot;Recordarme en este dispositivo&quot;</target>
+  <source>Enable "Remember me on this device"</source>
+  <target>Habilita "Recordarme en este dispositivo"</target>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
  <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9792,38 +9795,30 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
 </trans-unit>
 <trans-unit id="sac44b0f4dc14c227">
  <source>Current execution logs</source>
-  <target>Registros de ejecución actuales</target>
 </trans-unit>
 <trans-unit id="s5e13dff03b580216">
  <source>Previous executions logs</source>
-  <target>Registros de ejecución anteriores.</target>
 </trans-unit>
 <trans-unit id="s6abb1cd87fe0114e">
  <source>Home</source>
-  <target>Inicio</target>
 </trans-unit>
 <trans-unit id="se58e6ed983bf34b0">
  <source>Collapse navigation</source>
-  <target>Colapsar navegación</target>
 </trans-unit>
 <trans-unit id="sc6ef25894ed00175">
  <source>Expand navigation</source>
-  <target>Expandir navegación</target>
 </trans-unit>
 <trans-unit id="s5d929ff1619ac0c9">
  <source>Search</source>
-  <target>Buscar</target>
 </trans-unit>
 <trans-unit id="sa25b60b4fac481aa">
  <source>Table content</source>
 </trans-unit>
 <trans-unit id="s5eba8fa19126f70a">
  <source>Learn more about the enterprise license.</source>
-  <target>Aprende más sobre la licencia enterprise.</target>
 </trans-unit>
 <trans-unit id="s9db1679f3b234d4e">
  <source>Search for providers…</source>
-  <target>Buscar proveedores</target>
 </trans-unit>
 <trans-unit id="s9839619155ed2cf6">
  <source>Default NameID Policy</source>
@@ -9833,7 +9828,6 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
 </trans-unit>
 <trans-unit id="s6c973fe9014080fc">
  <source>Application name</source>
-  <target>Nombre de la aplicación</target>
 </trans-unit>
 <trans-unit id="s704091f8e3dbd721">
  <source>The name displayed in the application library.</source>
@@ -9842,11 +9836,10 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
  <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
  <source>Account Recovery Max Attempts</source>
-  <target>Intentos máximos de recuperación de cuenta</target>
 </trans-unit>
 <trans-unit id="s8341dba451980abe">
  <source>Account Recovery Cache Timeout</source>
@@ -9939,10 +9932,10 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
  <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
  <source>Collapse row</source>
@@ -10005,31 +9998,31 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
  <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
  <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
  <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
  <source>OCI URL</source>
@@ -10045,10 +10038,10 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
  <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
  <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -10150,7 +10143,7 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
  <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
  <source>Verify Assertion Signature</source>
@@ -10198,16 +10191,16 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
  <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
  <source>API drawer</source>
@@ -10330,7 +10323,7 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
  <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
  <source>New Group</source>
@@ -10357,16 +10350,16 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
  <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
  <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
  <source>Use inspector</source>
@@ -10555,7 +10548,7 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
  <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
  <source>SAML Provider</source>
@@ -10582,7 +10575,7 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
  <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
  <source>Edit application...</source>
@@ -10611,4 +10604,4 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
 </trans-unit>
    </body>
  </file>
-</xliff>
+</xliff>
--- a/web/xliff/fi.xlf
+++ b/web/xliff/fi.xlf
--- a/web/xliff/fr.xlf
+++ b/web/xliff/fr.xlf
@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
  <file target-language="fr" source-language="en" original="lit-localize-inputs" datatype="plaintext">
    <body>
      <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
        
      </trans-unit>
      <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>L'URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot; n'a pas été trouvée.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>L'URL "
+        <x id="0" equiv-text="${this.url}"/>" n'a pas été trouvée.</target>
        
      </trans-unit>
      <trans-unit id="s58cd9c2fe836d9c6">
@@ -1662,8 +1662,8 @@
        
      </trans-unit>
      <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>Entrez une URL complète, un chemin relatif ou utilisez 'fa://fa-test' pour utiliser l'icône Font Awesome &quot;fa-test&quot;.</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>Entrez une URL complète, un chemin relatif ou utilisez 'fa://fa-test' pour utiliser l'icône Font Awesome "fa-test".</target>
        
      </trans-unit>
      <trans-unit id="s0410779cb47de312">
@@ -2681,7 +2681,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s33683c3b1dbaf264">
        <source>To use SSL instead, use 'ldaps://' and disable this option.</source>
-        <target>Pour utiliser SSL à la base, utilisez &quot;ldaps://&quot; et désactviez cette option.</target>
+        <target>Pour utiliser SSL à la base, utilisez "ldaps://" et désactviez cette option.</target>
        
      </trans-unit>
      <trans-unit id="s2221fef80f4753a2">
@@ -3041,7 +3041,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s3198c384c2f68b08">
        <source>Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually.</source>
-        <target>Moment où les utilisateurs temporaires doivent être supprimés. Cela ne s'applique que si votre IDP utilise le format NameID &quot;transient&quot; et que l'utilisateur ne se déconnecte pas manuellement.</target>
+        <target>Moment où les utilisateurs temporaires doivent être supprimés. Cela ne s'applique que si votre IDP utilise le format NameID "transient" et que l'utilisateur ne se déconnecte pas manuellement.</target>
        
      </trans-unit>
      <trans-unit id="sb32e9c1faa0b8673">
@@ -3178,7 +3178,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s9f8aac89fe318acc">
        <source>Optionally set the 'FriendlyName' value of the Assertion attribute.</source>
-        <target>Indiquer la valeur &quot;FriendlyName&quot; de l'attribut d'assertion (optionnel)</target>
+        <target>Indiquer la valeur "FriendlyName" de l'attribut d'assertion (optionnel)</target>
        
      </trans-unit>
      <trans-unit id="s851c108679653d2a">
@@ -3649,10 +3649,10 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
        <target>Êtes-vous sûr de vouloir mettre à jour
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot;?</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>"?</target>
        
      </trans-unit>
      <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4682,8 +4682,8 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
-        <target>Un authentificateur &quot;itinérant&quot;, comme une YubiKey</target>
+        <source>A "roaming" authenticator, like a YubiKey</source>
+        <target>Un authentificateur "itinérant", comme une YubiKey</target>
        
      </trans-unit>
      <trans-unit id="sfffba7b23d8fb40c">
@@ -4988,7 +4988,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s5170f9ef331949c0">
        <source>Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable.</source>
-        <target>Afficher des champs de saisie arbitraires à l'utilisateur, par exemple pendant l'inscription. Les données sont enregistrées dans le contexte du flux sous la variable &quot;prompt_data&quot;.</target>
+        <target>Afficher des champs de saisie arbitraires à l'utilisateur, par exemple pendant l'inscription. Les données sont enregistrées dans le contexte du flux sous la variable "prompt_data".</target>
        
      </trans-unit>
      <trans-unit id="s36cb242ac90353bc">
@@ -5041,8 +5041,8 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
-        <target>Si défini à une durée supérieure à 0, l'utilisateur aura la possibilité de choisir de &quot;rester connecté&quot;, ce qui prolongera sa session jusqu'à la durée spécifiée ici.</target>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
+        <target>Si défini à une durée supérieure à 0, l'utilisateur aura la possibilité de choisir de "rester connecté", ce qui prolongera sa session jusqu'à la durée spécifiée ici.</target>
        
      </trans-unit>
      <trans-unit id="s542a71bb8f41e057">
@@ -6922,7 +6922,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="sff0ac1ace2d90709">
  <source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).</source>
-  <target>Utilisez ce fournisseur avec l'option &quot;auth_request&quot; de Nginx ou &quot;forwardAuth&quot; de Traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, &quot;/outpost.goauthentik.io&quot; doit être routé vers le poste avancé (lorsque vous utilisez un poste avancé géré, cela est fait pour vous).</target>
+  <target>Utilisez ce fournisseur avec l'option "auth_request" de Nginx ou "forwardAuth" de Traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, "/outpost.goauthentik.io" doit être routé vers le poste avancé (lorsque vous utilisez un poste avancé géré, cela est fait pour vous).</target>
 </trans-unit>
 <trans-unit id="scb58b8a60cad8762">
  <source>Default relay state</source>
@@ -7206,7 +7206,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>Utilisateur créé et ajouté au groupe <x id="0" equiv-text="${this.group.name}"/> avec succès</target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
  <target>Cet utilisateur sera ajouté au groupe &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8456,7 +8456,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>Synchroniser le groupe</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
  <target><x id="0" equiv-text="${p.name}"/> (&amp;quot;<x id="1" equiv-text="${p.fieldKey}"/>&amp;quot;, de type <x id="2" equiv-text="${p.type}"/>)</target>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
@@ -8704,8 +8704,8 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>URLs de redirection autorisées après un flux d'autorisation réussi. Indiquez également toute origine ici pour les flux implicites.</target>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-  <target>Pour permettre n'importe quelle URI de redirection, définissez cette valeur sur &quot;.*&quot;. Soyez conscient des possibles implications de sécurité que cela peut avoir.</target>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
+  <target>Pour permettre n'importe quelle URI de redirection, définissez cette valeur sur ".*". Soyez conscient des possibles implications de sécurité que cela peut avoir.</target>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
  <source>Federated OIDC Sources</source>
@@ -9442,8 +9442,8 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>Comment effectuer l'authentification lors d'une demande de jeton pour le flux authorization_code</target>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
-  <target>Activer &quot;Se souvenir de moi sur cet appareil&quot;</target>
+  <source>Enable "Remember me on this device"</source>
+  <target>Activer "Se souvenir de moi sur cet appareil"</target>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
  <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9587,7 +9587,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="se630f2ccd39bf9e6">
  <source>If no group is selected and 'Send notification to event user' is disabled the rule is disabled. </source>
-  <target>Si aucun groupe n'est sélectionné et &quot;Envoyer la notification à l'utilisateur associé à l'évènement&quot; est désactivé, cette règle est désactivée.</target>
+  <target>Si aucun groupe n'est sélectionné et "Envoyer la notification à l'utilisateur associé à l'évènement" est désactivé, cette règle est désactivée.</target>
 </trans-unit>
 <trans-unit id="s47966b2a708694e2">
  <source>Send notification to event user</source>
@@ -9595,7 +9595,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="sd30f00ff2135589c">
  <source>When enabled, notification will be sent to the user that triggered the event in addition to any users in the group above. The event user will always be the first user, to send a notification only to the event user enabled 'Send once' in the notification transport.</source>
-  <target>Lorsque cette option est activée, une notification sera envoyée à l'utilisateur qui a déclenché l'événement en plus des utilisateurs du groupe ci-dessus. L'utilisateur associé à l'événement sera toujours le premier utilisateur. Pour envoyer une notification uniquement à l'utilisateur de l'événement, activez l'option &quot;Envoyer une seule fois&quot; dans le transport de notification.</target>
+  <target>Lorsque cette option est activée, une notification sera envoyée à l'utilisateur qui a déclenché l'événement en plus des utilisateurs du groupe ci-dessus. L'utilisateur associé à l'événement sera toujours le premier utilisateur. Pour envoyer une notification uniquement à l'utilisateur de l'événement, activez l'option "Envoyer une seule fois" dans le transport de notification.</target>
 </trans-unit>
 <trans-unit id="sbd65aeeb8a3b9bbc">
  <source>Maximum registration attempts</source>
@@ -9651,7 +9651,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="sf1a3d030efd11f28">
  <source>Open about dialog</source>
-  <target>Ouvrir la boîte de dialogue &quot;À propos&quot;</target>
+  <target>Ouvrir la boîte de dialogue "À propos"</target>
 </trans-unit>
 <trans-unit id="s95b96d7ead27527f">
  <source>Product name</source>
@@ -9846,7 +9846,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>par ex. Collaboration, Communication, Interne, etc.</target>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
  <target>Erreur lors de la récupération de l'application &amp;quot;<x id="0" equiv-text="${this.applicationSlug}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
@@ -9974,11 +9974,11 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target><x id="0" equiv-text="${this.label || &quot;&quot;}"/> pagination du tableau</target>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
  <target>Trier par &amp;quot;<x id="0" equiv-text="${label}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
  <target>Sélectionner la ligne &amp;quot;<x id="0" equiv-text="${rowLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
@@ -10062,7 +10062,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>Le fournisseur n'est assigné à aucune application.</target>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
  <target>Éditer le fournisseur &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
@@ -10070,19 +10070,19 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>Documentation des applications</target>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
  <target>Icône d'application pour &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
  <target>Éditer &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
  <target>Éxecuter &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
  <target>Exporter &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
@@ -10090,11 +10090,11 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>Éditer l'appareil</target>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
  <target>Mettre à jour les permissions &amp;quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
  <target>Ouvrir le modal des permissions &amp;quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
@@ -10116,11 +10116,11 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>le support OCI</target>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
  <target>Éditer le plan &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
  <target>Appliquer le plan &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
@@ -10256,7 +10256,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>Les chemins ne peuvent pas commencer ou se terminer par une barre oblique, mais ils peuvent contenir n'importe quel autre caractère comme segments de chemin. Les chemins sont actuellement purement utilisés pour l'organisation, cela n'affecte pas leurs permissions, leurs appartenances à des groupes, ou quoi que ce soit d'autre.</target>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
  <target>Ouvrir &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
@@ -10320,19 +10320,19 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>Sans nom</target>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
  <target>Réduire &amp;quot;<x id="0" equiv-text="${itemLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
  <target>Développer &amp;quot;<x id="0" equiv-text="${itemLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
  <target>Sélectionner &amp;quot;<x id="0" equiv-text="${itemLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
  <target>Éléments de &amp;quot;<x id="0" equiv-text="${itemLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
@@ -10496,7 +10496,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>Recherche de groupe</target>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
  <target>Afficher les détails du groupe &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
@@ -10532,11 +10532,11 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>Nouveau compte de service...</target>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
  <target>Exécuter &amp;quot;<x id="0" equiv-text="${this.flow.name}"/>&amp;quot; normalement</target>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
  <target>Exécuter &amp;quot;<x id="0" equiv-text="${this.flow.name}"/>&amp;quot; en tant que l'utilisateur actuel</target>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
@@ -10544,7 +10544,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>Utilisateur actuel</target>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
  <target>Exécuter &amp;quot;<x id="0" equiv-text="${this.flow.name}"/>&amp;quot; avec l'inspecteur</target>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
@@ -10796,7 +10796,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>URL facultative de Single Logout Service à laquelle envoyer les réponses de déconnexion. Si elle n'est pas définie, aucune réponse de déconnexion ne sera envoyée.</target>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
  <source>SAML Provider</source>
@@ -10831,7 +10831,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
  <target>Le nom d'affichage de l'utilisateur.</target>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
  <target>Actions pour &amp;quot;<x id="0" equiv-text="${application.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
@@ -10845,28 +10845,22 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="s8b0e21adf383c8ba">
  <source>.yaml files, which can be found in the Example Flows documentation</source>
-  <target>Fichiers .yaml, qui peuvent être trouvés dans la documentation &quot;Example Flows&quot;</target>
 </trans-unit>
 <trans-unit id="s139200afa0695967">
  <source>Plain</source>
-  <target>En clair</target>
 </trans-unit>
 <trans-unit id="s7a316723c6bb33eb">
  <source>S256</source>
-  <target>S256</target>
 </trans-unit>
 <trans-unit id="s311c22ee852736e9">
  <source>PKCE Method</source>
-  <target>Méthode PKCE</target>
 </trans-unit>
 <trans-unit id="sa9afb0f84a3c380d">
  <source>Configure Proof Key for Code Exchange for this source.</source>
-  <target>Configurer Proof Key for Code Exchange pour cette source.</target>
 </trans-unit>
 <trans-unit id="s2e6c714bb95c18a3">
  <source>User settings</source>
-  <target>Paramètres utilisateur</target>
 </trans-unit>
    </body>
  </file>
-</xliff>
+</xliff>
--- a/web/xliff/it.xlf
+++ b/web/xliff/it.xlf
@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
  <file target-language="it" source-language="en" original="lit-localize-inputs" datatype="plaintext">
    <body>
      <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
        
      </trans-unit>
      <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>La URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot; non è stata trovata.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>La URL "
+        <x id="0" equiv-text="${this.url}"/>" non è stata trovata.</target>
        
      </trans-unit>
      <trans-unit id="s58cd9c2fe836d9c6">
@@ -1068,7 +1068,7 @@
      </trans-unit>
      <trans-unit id="sde949d0ef44572eb">
        <source>Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains.</source>
-        <target>Richiede che l'utente abbia un attributo &quot;upn&quot; impostato e ricorre all'ID utente con hash. Utilizza questa modalità solo se disponi di domini UPN e di posta diversi.</target>
+        <target>Richiede che l'utente abbia un attributo "upn" impostato e ricorre all'ID utente con hash. Utilizza questa modalità solo se disponi di domini UPN e di posta diversi.</target>
        
      </trans-unit>
      <trans-unit id="s9f23ed1799b4d49a">
@@ -1228,7 +1228,7 @@
      </trans-unit>
      <trans-unit id="s211b75e868072162">
        <source>Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'.</source>
-        <target>Impostalo sul dominio per il quale desideri che l'autenticazione sia valida. Deve essere un dominio principale dell'URL riportato sopra. Se esegui applicazioni come app1.domain.tld, app2.domain.tld, impostalo su &quot;domain.tld&quot;.</target>
+        <target>Impostalo sul dominio per il quale desideri che l'autenticazione sia valida. Deve essere un dominio principale dell'URL riportato sopra. Se esegui applicazioni come app1.domain.tld, app2.domain.tld, impostalo su "domain.tld".</target>
        
      </trans-unit>
      <trans-unit id="s2345170f7e272668">
@@ -1662,8 +1662,8 @@
        
      </trans-unit>
      <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>Inserisci un URL completo, un percorso relativo oppure utilizza &quot;fa://fa-test&quot; per utilizzare l'icona &quot;fa-test&quot; di Font Awesome.</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>Inserisci un URL completo, un percorso relativo oppure utilizza "fa://fa-test" per utilizzare l'icona "fa-test" di Font Awesome.</target>
        
      </trans-unit>
      <trans-unit id="s0410779cb47de312">
@@ -3042,7 +3042,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s3198c384c2f68b08">
        <source>Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually.</source>
-        <target>Tempo da attendere quando gli utenti temporanei devono essere eliminati. Questo vale solo se l'IDP utilizza il formato NameID &quot;Transient&quot; e l'utente non si disconnette manualmente.</target>
+        <target>Tempo da attendere quando gli utenti temporanei devono essere eliminati. Questo vale solo se l'IDP utilizza il formato NameID "Transient" e l'utente non si disconnette manualmente.</target>
        
      </trans-unit>
      <trans-unit id="sb32e9c1faa0b8673">
@@ -3179,7 +3179,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s9f8aac89fe318acc">
        <source>Optionally set the 'FriendlyName' value of the Assertion attribute.</source>
-        <target>Opzionale: imposta il valore &quot;friendlyname&quot; dell'attributo di asserzione.</target>
+        <target>Opzionale: imposta il valore "friendlyname" dell'attributo di asserzione.</target>
        
      </trans-unit>
      <trans-unit id="s851c108679653d2a">
@@ -3650,10 +3650,10 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
        <target>Sei sicuro di voler aggiornare
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot;?</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>"?</target>
        
      </trans-unit>
      <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4001,7 +4001,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s7520286c8419a266">
        <source>Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON.</source>
-        <target>Dati facoltativi che vengono caricati nella variabile di contesto &quot;prompt_data&quot; del flusso. YAML o JSON.</target>
+        <target>Dati facoltativi che vengono caricati nella variabile di contesto "prompt_data" del flusso. YAML o JSON.</target>
        
      </trans-unit>
      <trans-unit id="sb8795b799c70776a">
@@ -4683,8 +4683,8 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
-        <target>Un autenticatore &quot;roaming&quot;, come un YubiKey</target>
+        <source>A "roaming" authenticator, like a YubiKey</source>
+        <target>Un autenticatore "roaming", come un YubiKey</target>
        
      </trans-unit>
      <trans-unit id="sfffba7b23d8fb40c">
@@ -4989,7 +4989,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s5170f9ef331949c0">
        <source>Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable.</source>
-        <target>Mostra campi di input arbitrari all'utente, ad esempio durante l'iscrizione. I dati vengono salvati nel contesto di flusso nell'ambito della variabile &quot;prompt_data&quot;.</target>
+        <target>Mostra campi di input arbitrari all'utente, ad esempio durante l'iscrizione. I dati vengono salvati nel contesto di flusso nell'ambito della variabile "prompt_data".</target>
        
      </trans-unit>
      <trans-unit id="s36cb242ac90353bc">
@@ -5042,8 +5042,8 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
-        <target>Se impostato su una durata superiore a 0, l'utente avrà la possibilità di scegliere di &quot;rimanere firmato&quot;, che estenderà la sessione entro il momento specificato qui.</target>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
+        <target>Se impostato su una durata superiore a 0, l'utente avrà la possibilità di scegliere di "rimanere firmato", che estenderà la sessione entro il momento specificato qui.</target>
        
      </trans-unit>
      <trans-unit id="s542a71bb8f41e057">
@@ -5064,7 +5064,7 @@ doesn't pass when either or both of the selected options are equal or above the
      <trans-unit id="s927398c400970760">
        <source>Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user
        is pending, a new user is created, and data is written to them.</source>
-        <target>Scrivi qualsiasi dati dal contesto del flusso &quot;prompt_data&quot; all'utente attualmente in sospeso. Se nessun utente
+        <target>Scrivi qualsiasi dati dal contesto del flusso "prompt_data" all'utente attualmente in sospeso. Se nessun utente
 è in sospeso, viene creato un nuovo utente e vengono scritti dati.</target>
      </trans-unit>
      <trans-unit id="sb379d861cbed0b47">
@@ -6723,6 +6723,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="sde9a3f41977ec1f8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${internalUsers}"/> current internal users and <x id="1" equiv-text="${forecastedInternalUsers}"/> forecasted internal users.</source>
+  <target>Numero stimato di utenti tra un anno in base a <x id="0" equiv-text="${this.forecast?.internalUsers}"/> utenti interni attuali e <x id="1" equiv-text="${this.forecast?.forecastedInternalUsers}"/> utenti interni previsti.</target>
 </trans-unit>
 <trans-unit id="s4557b6b9da258643">
  <source>Forecast external users</source>
@@ -6730,6 +6731,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="sf52479d6daa0a4a8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${externalUsers}"/> current external users and <x id="1" equiv-text="${forecastedExternalUsers}"/> forecasted external users.</source>
+  <target>Numero stimato di utenti tra un anno in base a <x id="0" equiv-text="${this.forecast?.externalUsers}"/> utenti interni attuali e <x id="1" equiv-text="${this.forecast?.forecastedExternalUsers}"/> utenti interni previsti.</target>
 </trans-unit>
 <trans-unit id="s6196153c4b0c1ea0">
  <source>Install</source>
@@ -7086,6 +7088,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s7e796fe83982863f">
  <source>Role <x id="0" equiv-text="${this._role.name}"/></source>
+  <target>Ruolo <x id="0" equiv-text="${this._role?.name || &quot;&quot;}"/></target>
 </trans-unit>
 <trans-unit id="s526e2c66bd51ff5f">
  <source>Role Info</source>
@@ -7097,7 +7100,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s070fdfb03034ca9b">
  <source>One hint, 'New Application Wizard', is currently hidden</source>
-  <target>Un suggerimento, &quot;New Application Wizard&quot;, è attualmente nascosto</target>
+  <target>Un suggerimento, "New Application Wizard", è attualmente nascosto</target>
 </trans-unit>
 <trans-unit id="s1cc306d8e28c4464">
  <source>Deny message</source>
@@ -7204,7 +7207,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>Utente creato con successo e aggiunto al gruppo <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
  <target>Questo utente sarà aggiunto al gruppo &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8323,7 +8326,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s9dda0789d278f5c5">
  <source>Provide users with a 'show password' button.</source>
-  <target>Fornisci agli utenti un pulsante &quot;Mostra password&quot;.</target>
+  <target>Fornisci agli utenti un pulsante "Mostra password".</target>
 </trans-unit>
 <trans-unit id="s2f7f35f6a5b733f5">
  <source>Show password</source>
@@ -8454,7 +8457,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>Gruppo di sincronizzazione</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
  <target><x id="0" equiv-text="${p.name}"/> (&amp;quot;<x id="1" equiv-text="${p.fieldKey}"/>&amp;quot;, del tipo <x id="2" equiv-text="${p.type}"/>)</target>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
@@ -8702,8 +8705,8 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>URI di reindirizzamento validi dopo un flusso di autorizzazione riuscito. Specificare anche eventuali origini per i flussi impliciti.</target>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-  <target>Per consentire qualsiasi URI di reindirizzamento, imposta la modalità su Regex e il valore su &quot;.*&quot;. Tieni presente le possibili implicazioni per la sicurezza.</target>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
+  <target>Per consentire qualsiasi URI di reindirizzamento, imposta la modalità su Regex e il valore su ".*". Tieni presente le possibili implicazioni per la sicurezza.</target>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
  <source>Federated OIDC Sources</source>
@@ -9357,7 +9360,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s17359123e1f24504">
  <source>Field which contains DNs of groups the user is a member of. This field is used to lookup groups from users, e.g. 'memberOf'. To lookup nested groups in an Active Directory environment use 'memberOf:1.2.840.113556.1.4.1941:'.</source>
-  <target>Campo che contiene i ND dei gruppi di cui l'utente è membro. Questo campo viene utilizzato per cercare i gruppi degli utenti, ad esempio &quot;memberOf&quot;. Per cercare gruppi nidificati in un ambiente Active Directory, utilizzare &quot;memberOf:1.2.840.113556.1.4.1941:&quot;.</target>
+  <target>Campo che contiene i ND dei gruppi di cui l'utente è membro. Questo campo viene utilizzato per cercare i gruppi degli utenti, ad esempio "memberOf". Per cercare gruppi nidificati in un ambiente Active Directory, utilizzare "memberOf:1.2.840.113556.1.4.1941:".</target>
 </trans-unit>
 <trans-unit id="s891cd64acabf23bf">
  <source>Initial Permissions</source>
@@ -9440,8 +9443,8 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>Come eseguire l'autenticazione durante un flusso di richiesta del token authorization_code</target>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
-  <target>Abilita &quot;Ricordami su questo dispositivo&quot;</target>
+  <source>Enable "Remember me on this device"</source>
+  <target>Abilita "Ricordami su questo dispositivo"</target>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
  <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9585,7 +9588,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="se630f2ccd39bf9e6">
  <source>If no group is selected and 'Send notification to event user' is disabled the rule is disabled. </source>
-  <target>Se non viene selezionato alcun gruppo e l'opzione &quot;Invia notifica all'utente dell'evento&quot; è disabilitata, la regola è disabilitata.</target>
+  <target>Se non viene selezionato alcun gruppo e l'opzione "Invia notifica all'utente dell'evento" è disabilitata, la regola è disabilitata.</target>
 </trans-unit>
 <trans-unit id="s47966b2a708694e2">
  <source>Send notification to event user</source>
@@ -9593,7 +9596,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="sd30f00ff2135589c">
  <source>When enabled, notification will be sent to the user that triggered the event in addition to any users in the group above. The event user will always be the first user, to send a notification only to the event user enabled 'Send once' in the notification transport.</source>
-  <target>Se abilitata, la notifica verrà inviata all'utente che ha attivato l'evento, oltre a tutti gli utenti del gruppo sopra indicato. L'utente dell'evento sarà sempre il primo a inviare una notifica solo all'utente dell'evento che ha abilitato &quot;Invia una volta&quot; nel trasporto delle notifiche.</target>
+  <target>Se abilitata, la notifica verrà inviata all'utente che ha attivato l'evento, oltre a tutti gli utenti del gruppo sopra indicato. L'utente dell'evento sarà sempre il primo a inviare una notifica solo all'utente dell'evento che ha abilitato "Invia una volta" nel trasporto delle notifiche.</target>
 </trans-unit>
 <trans-unit id="sbd65aeeb8a3b9bbc">
  <source>Maximum registration attempts</source>
@@ -9791,7 +9794,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
  <source>Account Recovery Max Attempts</source>
@@ -9887,10 +9890,10 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
  <source>Collapse row</source>
@@ -9953,31 +9956,31 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
  <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
  <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
  <source>OCI URL</source>
@@ -9993,10 +9996,10 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
  <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -10098,7 +10101,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
  <source>Verify Assertion Signature</source>
@@ -10146,16 +10149,16 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
  <source>API drawer</source>
@@ -10278,7 +10281,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
  <source>New Group</source>
@@ -10305,16 +10308,16 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
  <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
  <source>Use inspector</source>
@@ -10503,7 +10506,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
  <source>SAML Provider</source>
@@ -10530,7 +10533,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
  <source>Edit application...</source>
@@ -10559,4 +10562,4 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
    </body>
  </file>
-</xliff>
+</xliff>
--- a/web/xliff/ko.xlf
+++ b/web/xliff/ko.xlf
--- a/web/xliff/pl.xlf
+++ b/web/xliff/pl.xlf
@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
  <file target-language="pl" source-language="en" original="lit-localize-inputs" datatype="plaintext">
    <body>
      <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
        
      </trans-unit>
      <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>Nie znaleziono &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot; adresu URL.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>Nie znaleziono "
+        <x id="0" equiv-text="${this.url}"/>" adresu URL.</target>
        
      </trans-unit>
      <trans-unit id="s58cd9c2fe836d9c6">
@@ -1662,7 +1662,7 @@
        
      </trans-unit>
      <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
        <target>Wprowadź pełny adres URL, ścieżkę względną lub użyj „fa://fa-test”, aby użyć ikony Font Awesome „fa-test”.</target>
        
      </trans-unit>
@@ -3651,9 +3651,9 @@ Można tu używać tylko zasad, ponieważ dostęp jest sprawdzany przed uwierzyt
        
      </trans-unit>
      <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
        <target>Czy na pewno chcesz zaktualizować 
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot; 
+        <x id="0" equiv-text="${this.objectLabel}"/>" 
        <x id="1" equiv-text="${this.obj?.name}"/>”?</target>
        
      </trans-unit>
@@ -4684,7 +4684,7 @@ Można tu używać tylko zasad, ponieważ dostęp jest sprawdzany przed uwierzyt
        
      </trans-unit>
      <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
        <target>„Mobilne” uwierzytelniacz, taki jak YubiKey</target>
        
      </trans-unit>
@@ -5043,7 +5043,7 @@ Można tu używać tylko zasad, ponieważ dostęp jest sprawdzany przed uwierzyt
        
      </trans-unit>
      <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
        <target>W przypadku ustawienia czasu trwania powyżej 0, użytkownik będzie mógł wybrać opcję „pozostania zalogowanym”, co spowoduje przedłużenie jego sesji o określony tutaj czas.</target>
        
      </trans-unit>
@@ -6724,6 +6724,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
 </trans-unit>
 <trans-unit id="sde9a3f41977ec1f8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${internalUsers}"/> current internal users and <x id="1" equiv-text="${forecastedInternalUsers}"/> forecasted internal users.</source>
+  <target>Szacowana liczba użytkowników za rok na podstawie <x id="0" equiv-text="${this.forecast?.internalUsers}"/> obecnych użytkowników wewnętrznych i <x id="1" equiv-text="${this.forecast?.forecastedInternalUsers}"/> prognozy użytkowników wewnętrznych.</target>
 </trans-unit>
 <trans-unit id="s4557b6b9da258643">
  <source>Forecast external users</source>
@@ -6731,6 +6732,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
 </trans-unit>
 <trans-unit id="sf52479d6daa0a4a8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${externalUsers}"/> current external users and <x id="1" equiv-text="${forecastedExternalUsers}"/> forecasted external users.</source>
+  <target>Szacowana liczba użytkowników za rok na podstawie <x id="0" equiv-text="${this.forecast?.externalUsers}"/> obecnych użytkowników zewnętrznych i <x id="1" equiv-text="${this.forecast?.forecastedExternalUsers}"/> prognozy użytkowników zewnętrznych.</target>
 </trans-unit>
 <trans-unit id="s6196153c4b0c1ea0">
  <source>Install</source>
@@ -7087,6 +7089,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
 </trans-unit>
 <trans-unit id="s7e796fe83982863f">
  <source>Role <x id="0" equiv-text="${this._role.name}"/></source>
+  <target>Rola <x id="0" equiv-text="${this._role?.name || &quot;&quot;}"/></target>
 </trans-unit>
 <trans-unit id="s526e2c66bd51ff5f">
  <source>Role Info</source>
@@ -7205,7 +7208,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <target>Pomyślnie utworzono użytkownika i dodano go do grupy <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
  <target>Ten użytkownik zostanie dodany do grupy &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8294,7 +8297,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
 </trans-unit>
 <trans-unit id="s9dda0789d278f5c5">
  <source>Provide users with a 'show password' button.</source>
-  <target>Udostępnij użytkownikom przycisk &quot;pokaż hasło&quot;.</target>
+  <target>Udostępnij użytkownikom przycisk "pokaż hasło".</target>
 </trans-unit>
 <trans-unit id="s2f7f35f6a5b733f5">
  <source>Show password</source>
@@ -8396,7 +8399,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <source>Sync Group</source>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
  <source>Parent Group</source>
@@ -8582,7 +8585,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <source>Valid redirect URIs after a successful authorization flow. Also specify any origins here for Implicit flows.</source>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
  <source>Federated OIDC Sources</source>
@@ -9135,7 +9138,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <source>How to perform authentication during an authorization_code token request flow</source>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
+  <source>Enable "Remember me on this device"</source>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
  <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9438,7 +9441,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
  <source>Account Recovery Max Attempts</source>
@@ -9534,10 +9537,10 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
  <source>Collapse row</source>
@@ -9600,31 +9603,31 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
  <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
  <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
  <source>OCI URL</source>
@@ -9640,10 +9643,10 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
  <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -9745,7 +9748,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
  <source>Verify Assertion Signature</source>
@@ -9793,16 +9796,16 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
  <source>API drawer</source>
@@ -9925,7 +9928,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
  <source>New Group</source>
@@ -9952,16 +9955,16 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
  <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
  <source>Use inspector</source>
@@ -10150,7 +10153,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
  <source>SAML Provider</source>
@@ -10177,7 +10180,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
  <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
  <source>Edit application...</source>
@@ -10206,4 +10209,4 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
 </trans-unit>
    </body>
  </file>
-</xliff>
+</xliff>
--- a/web/xliff/pt_BR.xlf
+++ b/web/xliff/pt_BR.xlf
@@ -216,6 +216,11 @@
        <source>Select an object.</source>
        <target>Selecione um objeto.</target>
        
+      </trans-unit>
+      <trans-unit id="s04ceadb276bbe149">
+        <source>Loading options...</source>
+        <target>Carregando opções...</target>
+        
      </trans-unit>
      <trans-unit id="sfe629863ba1338c2">
        <source>Connection error, reconnecting...</source>
@@ -378,7 +383,7 @@
        
      </trans-unit>
      <trans-unit id="s04c5a637328c9b67">
-        <source><x id="0" equiv-text="${startIndex}"/> - <x id="1" equiv-text="${endIndex}"/> of <x id="2" equiv-text="${pageCount}"/></source>
+        <source><x id="0" equiv-text="${this.pages?.startIndex}"/> - <x id="1" equiv-text="${this.pages?.endIndex}"/> of <x id="2" equiv-text="${this.pages?.count}"/></source>
        <target>
 <x id="0" equiv-text="${this.pages?.startIndex}"/> -
 <x id="1" equiv-text="${this.pages?.endIndex}"/> de
@@ -496,6 +501,11 @@
        <source>Everything is ok.</source>
        <target>Está tudo correto.</target>
        
+      </trans-unit>
+      <trans-unit id="sea91c57b3d3969fe">
+        <source>System status</source>
+        <target>Status do sistema</target>
+        
      </trans-unit>
      <trans-unit id="scefe482c547fb3f3">
        <source>Based on <x id="0" equiv-text="${value.versionCurrent}"/></source>
@@ -2136,6 +2146,11 @@
        <source>Last login</source>
        <target>Último login</target>
        
+      </trans-unit>
+      <trans-unit id="s3e3bb9e7cb1de4fd">
+        <source>Select users to add</source>
+        <target>Selecionar usuários para adicionar</target>
+        
      </trans-unit>
      <trans-unit id="s75d5ff5dd8d3c6d2">
        <source>Successfully updated group.</source>
@@ -2146,6 +2161,16 @@
        <source>Successfully created group.</source>
        <target>Grupo criado com sucesso.</target>
        
+      </trans-unit>
+      <trans-unit id="s63cb05541b294335">
+        <source>Is superuser</source>
+        <target>É superusuário</target>
+        
+      </trans-unit>
+      <trans-unit id="s29315e374008d0c5">
+        <source>Users added to this group will be superusers.</source>
+        <target>Usuários adicionados a este grupo serão superusuários.</target>
+        
      </trans-unit>
      <trans-unit id="s4eb514ebcb80553d">
        <source>Parent</source>
@@ -2505,11 +2530,31 @@ doesn't pass when either or both of the selected options are equal or above the
        <source>Username</source>
        <target>Usuário</target>
        
+      </trans-unit>
+      <trans-unit id="s5a802e46a033c8af">
+        <source>User's primary identifier. 150 characters or fewer.</source>
+        <target>Identificado primário do usuário, com 150 caracteres ou menos.</target>
+        
+      </trans-unit>
+      <trans-unit id="sd34be0d0fcb39971">
+        <source>User's display name.</source>
+        <target>Nome de exibição do usuário</target>
+        
      </trans-unit>
      <trans-unit id="sd1f44f1a8bc20e67">
        <source>Email</source>
        <target>Email</target>
        
+      </trans-unit>
+      <trans-unit id="sbe3b416a356f1c91">
+        <source>Is active</source>
+        <target>Ativo</target>
+        
+      </trans-unit>
+      <trans-unit id="s35fac2e5677d55cd">
+        <source>Designates whether this user should be treated as active. Unselect this instead of deleting accounts.</source>
+        <target>Designa se este usuário deve ser tratado como ativo. Desmarque esta opção em vez de excluir contas.</target>
+        
      </trans-unit>
      <trans-unit id="s2e532e19ed477a56">
        <source>Path</source>
@@ -3404,6 +3449,11 @@ Você só pode usar políticas aqui, pois o acesso é verificado antes de o usu
        <source>Logo</source>
        <target>Logo</target>
        
+      </trans-unit>
+      <trans-unit id="sd6b8b4156f7df696">
+        <source>Icon shown in sidebar/header and flow executor.</source>
+        <target>Ícone mostrado na barra lateral/cabeçalho e no executor de fluxo.</target>
+        
      </trans-unit>
      <trans-unit id="s3626433940124897">
        <source>Favicon</source>
@@ -3618,6 +3668,11 @@ Você só pode usar políticas aqui, pois o acesso é verificado antes de o usu
        <source>Create group</source>
        <target>Criar grupo</target>
        
+      </trans-unit>
+      <trans-unit id="s2a12e0b5527ff99a">
+        <source>Enabling this toggle will create a group named after the user, with the user as member.</source>
+        <target>Habilitar esta opção criará um grupo com o nome do usuário, tendo o usuário como membro.</target>
+        
      </trans-unit>
      <trans-unit id="s6b6e6eb037aef7da">
        <source>Use the username and password below to authenticate. The password can be retrieved later on the Tokens page.</source>
@@ -3677,6 +3732,11 @@ Você só pode usar políticas aqui, pois o acesso é verificado antes de o usu
        <source>Successfully added user(s).</source>
        <target>Usuário(s) adicionado(s) com sucesso.</target>
        
+      </trans-unit>
+      <trans-unit id="s306a35df5d0d38bb">
+        <source>Users to add</source>
+        <target>Usuários a adicionar</target>
+        
      </trans-unit>
      <trans-unit id="s7d499be3b781a3ca">
        <source>User(s)</source>
@@ -3757,6 +3817,11 @@ Você só pode usar políticas aqui, pois o acesso é verificado antes de o usu
        <source>Recovery link cannot be emailed, user has no email address saved.</source>
        <target>Link de recuperação não pode ser enviado por email, usuário não tem um email salvo.</target>
        
+      </trans-unit>
+      <trans-unit id="s720594461542943f">
+        <source>Add User</source>
+        <target>Adicionar Usuário</target>
+        
      </trans-unit>
      <trans-unit id="s4c41f3f4c23e8eaa">
        <source>Warning: This group is configured with superuser access. Added users will have superuser access.</source>
@@ -3767,11 +3832,21 @@ Você só pode usar políticas aqui, pois o acesso é verificado antes de o usu
        <source>Add existing user</source>
        <target>Adicionar usuário existente</target>
        
+      </trans-unit>
+      <trans-unit id="sd600334ec2c39b74">
+        <source>Create user</source>
+        <target>Criar usuário</target>
+        
      </trans-unit>
      <trans-unit id="s53ad3455d9523b54">
        <source>Create User</source>
        <target>Criar Usuário</target>
        
+      </trans-unit>
+      <trans-unit id="s06c163334767a381">
+        <source>Create Service account</source>
+        <target>Criar conta de serviço</target>
+        
      </trans-unit>
      <trans-unit id="sc744f3691efe310d">
        <source>Hide service-accounts</source>
@@ -3808,6 +3883,11 @@ Você só pode usar políticas aqui, pois o acesso é verificado antes de o usu
        <target>Atenção: você está prestes a excluir o usuário com o qual está conectado(
 <x id="0" equiv-text="${shouldShowWarning.username}"/>). Prossiga por sua conta e risco.</target>
        
+      </trans-unit>
+      <trans-unit id="s510c7add9e24c306">
+        <source>Hide deactivated user</source>
+        <target>Ocultar usuário desativado</target>
+        
      </trans-unit>
      <trans-unit id="s94055b4eb957dc8f">
        <source>User folders</source>
@@ -5316,6 +5396,11 @@ retorne uma lista para fornecer várias opções padrão.</target>
        <source>Successfully imported flow.</source>
        <target>Fluxo importado com sucesso.</target>
        
+      </trans-unit>
+      <trans-unit id="s344c4a2a48997e18">
+        <source>.yaml files, which can be found on goauthentik.io and can be exported by authentik.</source>
+        <target>Arquivos .yaml, que podem ser encontrados em goauthentik.io e podem ser exportados pelo authentik.</target>
+        
      </trans-unit>
      <trans-unit id="sc816360d6f5a1eeb">
        <source>Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them.</source>
@@ -5427,6 +5512,16 @@ retorne uma lista para fornecer várias opções padrão.</target>
        <source>Normal</source>
        <target>Normal</target>
        
+      </trans-unit>
+      <trans-unit id="s6e4c997a101b6abf">
+        <source>with current user</source>
+        <target>com o usuário atual</target>
+        
+      </trans-unit>
+      <trans-unit id="s8ecdbff1a7329b64">
+        <source>with inspector</source>
+        <target>com o inspetor</target>
+        
      </trans-unit>
      <trans-unit id="s3576aead3e68c5c9">
        <source>Export flow</source>
@@ -6088,6 +6183,11 @@ As vinculações a grupos/usuários são verificadas em relação ao usuário do
        <source>API request failed</source>
        <target>A solicitação de API falhou</target>
        
+      </trans-unit>
+      <trans-unit id="sa3599457b9418bc5">
+        <source>User's avatar</source>
+        <target>Avatar do usuário</target>
+        
      </trans-unit>
      <trans-unit id="s9bd9ba84819493d4">
        <source>Something went wrong! Please try again later.</source>
@@ -6193,11 +6293,21 @@ As vinculações a grupos/usuários são verificadas em relação ao usuário do
        <source>Successfully copied TOTP Config.</source>
        <target>Configuração TOTP copiada com sucesso.</target>
        
+      </trans-unit>
+      <trans-unit id="s3687049d1af562c4">
+        <source>Copy</source>
+        <target>Copiar</target>
+        
      </trans-unit>
      <trans-unit id="s3643189d1abbb7f4">
        <source>Code</source>
        <target>Código</target>
        
+      </trans-unit>
+      <trans-unit id="sfe1c86b42ba13376">
+        <source>Please enter your TOTP Code</source>
+        <target>Por favor, insira seu Código TOTP</target>
+        
      </trans-unit>
      <trans-unit id="sc2ec367e3108fe65">
        <source>Duo activation QR code</source>
@@ -6238,6 +6348,16 @@ As vinculações a grupos/usuários são verificadas em relação ao usuário do
        <source>Please enter the code you received via SMS</source>
        <target>Por favor, insira o código que você recebeu por SMS</target>
        
+      </trans-unit>
+      <trans-unit id="s2b7dbba348234a36">
+        <source>A code has been sent to you via SMS.</source>
+        <target>Um código foi enviado para você por SMS.</target>
+        
+      </trans-unit>
+      <trans-unit id="sa84adff85b5e505c">
+        <source>Open your two-factor authenticator app to view your authentication code.</source>
+        <target>Abra seu aplicativo de autenticação de dois fatores para ver seu código de autenticação.</target>
+        
      </trans-unit>
      <trans-unit id="s7abc9d08b0f70fd6">
        <source>Static token</source>
@@ -6293,6 +6413,11 @@ As vinculações a grupos/usuários são verificadas em relação ao usuário do
        <source>Recovery keys</source>
        <target>Chaves de recuperação</target>
        
+      </trans-unit>
+      <trans-unit id="sb17e8c70f9a05c77">
+        <source>In case you can't access any other method.</source>
+        <target>Caso você não consiga acessar nenhum outro método.</target>
+        
      </trans-unit>
      <trans-unit id="s97f2dc19fa556a6a">
        <source>SMS</source>
@@ -6303,6 +6428,11 @@ As vinculações a grupos/usuários são verificadas em relação ao usuário do
        <source>Tokens sent via SMS.</source>
        <target>Tokens enviados via SMS.</target>
        
+      </trans-unit>
+      <trans-unit id="s6ae0d087036e6d6d">
+        <source>Select an authentication method.</source>
+        <target>Selecione um método de autenticação.</target>
+        
      </trans-unit>
      <trans-unit id="sac17f177f884e238">
        <source>Stay signed in?</source>
@@ -6441,6 +6571,12 @@ As vinculações a grupos/usuários são verificadas em relação ao usuário do
        <source>Change password</source>
        <target>Mudar senha</target>
        
+      </trans-unit>
+      <trans-unit id="saf63d34c8601dd41">
+        <source><x id="0" equiv-text="${prompt.label}"/></source>
+        <target>
+              <x id="0" equiv-text="${prompt.label}"/> </target>
+        
      </trans-unit>
      <trans-unit id="s33f85f24c0f5f008">
        <source>Save</source>
@@ -6710,16 +6846,16 @@ As vinculações a grupos/usuários são verificadas em relação ao usuário do
  <target>Previsão de usuários internos</target>
 </trans-unit>
 <trans-unit id="sde9a3f41977ec1f8">
-  <source>Estimated user count one year from now based on <x id="0" equiv-text="${internalUsers}"/> current internal users and <x id="1" equiv-text="${forecastedInternalUsers}"/> forecasted internal users.</source>
-  <target>Número estimado de usuários daqui a um ano com base nos <x id="0" equiv-text="${internalUsers}"/>usuários internos atuais e nos <x id="1" equiv-text="${forecastedInternalUsers}"/> usuários internos projetados.</target>
+  <source>Estimated user count one year from now based on <x id="0" equiv-text="${this.forecast?.internalUsers}"/> current internal users and <x id="1" equiv-text="${this.forecast?.forecastedInternalUsers}"/> forecasted internal users.</source>
+  <target>Contagem estimada de usuários daqui a um ano baseada em <x id="0" equiv-text="${this.forecast?.internalUsers}"/> usuários internos atuais e <x id="1" equiv-text="${this.forecast?.forecastedInternalUsers}"/> usuários internos previstos.</target>
 </trans-unit>
 <trans-unit id="s4557b6b9da258643">
  <source>Forecast external users</source>
  <target>Previsão de usuários externos</target>
 </trans-unit>
 <trans-unit id="sf52479d6daa0a4a8">
-  <source>Estimated user count one year from now based on <x id="0" equiv-text="${externalUsers}"/> current external users and <x id="1" equiv-text="${forecastedExternalUsers}"/> forecasted external users.</source>
-  <target>Número estimado de usuários daqui a um ano com base nos <x id="0" equiv-text="${externalUsers}"/>  usuários externos atuais e nos <x id="1" equiv-text="${forecastedExternalUsers}"/> usuários externos projetados.</target>
+  <source>Estimated user count one year from now based on <x id="0" equiv-text="${this.forecast?.externalUsers}"/> current external users and <x id="1" equiv-text="${this.forecast?.forecastedExternalUsers}"/> forecasted external users.</source>
+  <target>Contagem estimada de usuários daqui a um ano baseada em <x id="0" equiv-text="${this.forecast?.externalUsers}"/> usuários externos atuais e <x id="1" equiv-text="${this.forecast?.forecastedExternalUsers}"/> usuários externos previstos.</target>
 </trans-unit>
 <trans-unit id="s6196153c4b0c1ea0">
  <source>Install</source>
@@ -6741,6 +6877,10 @@ As vinculações a grupos/usuários são verificadas em relação ao usuário do
  <source>Service accounts should be used for machine-to-machine authentication or other automations.</source>
  <target>Contas de serviço devem ser usadas para autenticação máquina-a-máquina ou outras automações.</target>
 </trans-unit>
+<trans-unit id="s8fa26f65aed77c96">
+  <source>More details</source>
+  <target>Mais detalhes</target>
+</trans-unit>
 <trans-unit id="s08df8d0a773a3ea0">
  <source>Remove item</source>
  <target>Remover item</target>
@@ -6946,6 +7086,10 @@ As vinculações a grupos/usuários são verificadas em relação ao usuário do
  <source>Your application has been saved</source>
  <target>Sua aplicação foi salva</target>
 </trans-unit>
+<trans-unit id="s67d858051b34c38b">
+  <source>Method's display Name.</source>
+  <target>Nome de exibição do método.</target>
+</trans-unit>
 <trans-unit id="sd18b18f91b804c3f">
  <source>Custom attributes</source>
  <target>Atributos personalizados</target>
@@ -7903,6 +8047,10 @@ tenha um configurado lá, usará um avatar gerado automaticamente.</target>
  <source>Selected Roles</source>
  <target>Funções Selecionadas</target>
 </trans-unit>
+<trans-unit id="s7bfbf84a8ad5883f">
+  <source>Internal Service accounts are created and managed by authentik and cannot be created manually.</source>
+  <target>As contas de serviço internas são criadas e gerenciadas pelo authentik e não podem ser criadas manualmente.</target>
+</trans-unit>
 <trans-unit id="sb0680e5f8782db1e">
  <source>Private key Algorithm</source>
  <target>Algoritmo da chave privada</target>
@@ -9100,6 +9248,10 @@ definido, por exemplo, como <x id="0" equiv-text="&lt;code&gt;"/>minutes=5<x id=
  <source>Disconnected</source>
  <target>Desconectado</target>
 </trans-unit>
+<trans-unit id="s47b7ce63a543564c">
+  <source>Fewer details</source>
+  <target>Menos detalhes</target>
+</trans-unit>
 <trans-unit id="s140111d464591e6b">
  <source>Create a new application and configure a provider for it.</source>
  <target>Criar um novo aplicativo e configurar um provedor para ele.</target>
@@ -9212,6 +9364,10 @@ definido, por exemplo, como <x id="0" equiv-text="&lt;code&gt;"/>minutes=5<x id=
  <source>Please enter the code you received via email</source>
  <target>Por favor, insira o código que você recebeu por e-mail</target>
 </trans-unit>
+<trans-unit id="s1d64dba9bb8b284d">
+  <source>A code has been sent to you via email<x id="0" equiv-text="${email ? ` ${email}` : &quot;&quot;}"/></source>
+  <target>Um código foi enviado para você por e-mail<x id="0" equiv-text="${email ? ` ${email}` : &quot;&quot;}"/></target>
+</trans-unit>
 <trans-unit id="s833cfe815918c143">
  <source>Tokens sent via email.</source>
  <target>Tokens enviados por e-mail.</target>
@@ -9828,6 +9984,18 @@ definido, por exemplo, como <x id="0" equiv-text="&lt;code&gt;"/>minutes=5<x id=
  <source>The name displayed in the application library.</source>
  <target>O nome exibido na biblioteca de aplicativos.</target>
 </trans-unit>
+<trans-unit id="s418c59028ef6bc2a">
+  <source>URIs to send back-channel logout notifications to when users log out. Required for OpenID Connect Back-Channel Logout functionality.</source>
+  <target>URIs para enviar notificações de logout back-channel quando os usuários fizerem logout. Necessário para a funcionalidade de Logout Back-Channel do OpenID Connect.</target>
+</trans-unit>
+<trans-unit id="sa091b3064afa00f5">
+  <source>These URIs are called server-to-server when a user logs out to notify OAuth2/OpenID clients about the logout event.</source>
+  <target>Esses URIs são chamados de servidor para servidor quando um usuário faz logout para notificar os clientes OAuth2/OpenID sobre o evento de logout.</target>
+</trans-unit>
+<trans-unit id="s6d364031a996b540">
+  <source>Back-Channel Logout URI</source>
+  <target>URI de Logout Back-Channel</target>
+</trans-unit>
 <trans-unit id="sc22c7703fd074f5f">
  <source>e.g. Collaboration, Communication, Internal, etc.</source>
  <target>ex. Colaboração, Comunicação, Interno, etc.</target>
@@ -9952,6 +10120,10 @@ definido, por exemplo, como <x id="0" equiv-text="&lt;code&gt;"/>minutes=5<x id=
  <source>Open the wizard to create a new provider.</source>
  <target>Abrir o assistente para criar um novo provedor.</target>
 </trans-unit>
+<trans-unit id="s700456b0667029f9">
+  <source>Applications library</source>
+  <target>Biblioteca de Aplicativos</target>
+</trans-unit>
 <trans-unit id="s48a0d160d9e0a7be">
  <source>Hostname/IP to connect to. Optionally specify the port.</source>
  <target>Nome do Host/IP para conectar. Opcionalmente, especifique a porta.</target>
@@ -10072,6 +10244,10 @@ definido, por exemplo, como <x id="0" equiv-text="&lt;code&gt;"/>minutes=5<x id=
  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
  <target>Exportar &quot;<x id="0" equiv-text="${item.name}"/>&quot;</target>
 </trans-unit>
+<trans-unit id="s021258b2c04e722f">
+  <source>Search for an application by name</source>
+  <target>Pesquisar um aplicativo pelo nome</target>
+</trans-unit>
 <trans-unit id="s64de9eceb8172269">
  <source>Edit device</source>
  <target>Editar dispositivo</target>
@@ -10169,554 +10345,6 @@ por exemplo: <x id="0" equiv-text="&lt;code&gt;"/>oci://registry.domain.tld/path
 <trans-unit id="s7392b5925a4803af">
  <source>Altered behavior for usage with Salesforce.</source>
  <target>Comportamento alterado para uso com o Salesforce.</target>
-</trans-unit>
-<trans-unit id="sf6e7447df476939f">
-  <source>Query input</source>
-  <target>Entrada da consulta</target>
-</trans-unit>
-<trans-unit id="s76ef34813bff563f">
-  <source>Last refreshed</source>
-  <target>Lista atualizada</target>
-</trans-unit>
-<trans-unit id="s3e80c199c9e45456">
-  <source>Refresh Token threshold</source>
-  <target>Limite do Refresh Token</target>
-</trans-unit>
-<trans-unit id="sdff424992223a264">
-  <source>When renewing a refresh token, if the existing refresh token's expiry is within this threshold, the refresh token will be renewed. Set to seconds=0 to always renew the refresh token.</source>
-  <target>Ao renovar um refresh token, se o vencimento do token existente estiver dentro desse limite, o refresh token será renovado. Defina seconds=0 para sempre renovar o refresh token.</target>
-</trans-unit>
-<trans-unit id="sb3087c7347bed341">
-  <source>Company employees with access to the full enterprise feature set.</source>
-  <target>Funcionários da empresa com acesso ao conjunto completo de recursos enterprise.</target>
-</trans-unit>
-<trans-unit id="sc7266f960c466de6">
-  <source>External consultants or B2C customers without access to enterprise features.</source>
-  <target>Consultores externos ou clientes B2C sem acesso aos recursos enterprise.</target>
-</trans-unit>
-<trans-unit id="sf4ad4d9f8a5c868b">
-  <source>Machine-to-machine authentication or other automations.</source>
-  <target>Autenticação de máquina para máquina ou outras automações.</target>
-</trans-unit>
-<trans-unit id="s67ba000e66cdbd0d">
-  <source>Type a username for the user...</source>
-  <target>Digite um nome de usuário para o usuário...</target>
-</trans-unit>
-<trans-unit id="s7819072445baceee">
-  <source>The user's primary identifier used for authentication. 150 characters or fewer.</source>
-  <target>O identificador principal do usuário usado para autenticação. 150 caracteres ou menos.</target>
-</trans-unit>
-<trans-unit id="s11b2e9ecce28690c">
-  <source>Display Name</source>
-  <target>Nome de Exibição</target>
-</trans-unit>
-<trans-unit id="s237e9858014b1205">
-  <source>Type an optional display name...</source>
-  <target>Digite um nome de exibição opcional</target>
-</trans-unit>
-<trans-unit id="s755bfddac3729eaa">
-  <source>Managed by authentik and cannot be assigned manually.</source>
-  <target>Gerenciado pelo Authentik e não pode ser atribuído manualmente.</target>
-</trans-unit>
-<trans-unit id="s1e2e135dac5ba993">
-  <source>Email Address</source>
-  <target>Endereço de Email</target>
-</trans-unit>
-<trans-unit id="s9fd0516c9193c73e">
-  <source>Type an optional email address...</source>
-  <target>Digite um endereço de email opcional...</target>
-</trans-unit>
-<trans-unit id="s4c5000e84bc2189a">
-  <source>Whether this user is active and allowed to authenticate. Setting this to inactive can be used to temporarily disable a user without deleting their account.</source>
-  <target>Indica se este usuário está ativo e autorizado a autenticar. Definir como inativo pode ser usado para desativar temporariamente um usuário sem excluir sua conta.</target>
-</trans-unit>
-<trans-unit id="s3a15d06c4a39515a">
-  <source>Type a path for the user...</source>
-  <target>Digite um caminho para o usuário...</target>
-</trans-unit>
-<trans-unit id="s1fa5309c30d174b7">
-  <source>Paths can be used to organize users into folders depending on which source created them or organizational structure.</source>
-  <target>Caminhos oodem ser utilizados para organizar usuários em pastas dependendo de qual origem criou eles ou da estrutura organizacional.</target>
-</trans-unit>
-<trans-unit id="s5701b3d3a6678723">
-  <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
-  <target>Os caminhos não podem começar ou terminar com uma barra, mas podem conter qualquer outro caractere como segmentos de caminho. Atualmente, os caminhos são usados apenas para organização e não afetam permissões, associações a grupos ou qualquer outra configuração.</target>
-</trans-unit>
-<trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
-  <target>Abrir &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
-</trans-unit>
-<trans-unit id="s2e7448caf3df574a">
-  <source>Verify Assertion Signature</source>
-  <target>Verificar Assertion Signature</target>
-</trans-unit>
-<trans-unit id="s0069939a0fcc3986">
-  <source>When enabled, authentik will look for a Signature inside of the Assertion element.</source>
-  <target>Quando habilitado, Authentik vai procurar uma Signature dentro do elemento Assertion.</target>
-</trans-unit>
-<trans-unit id="s6bf8b26e6e8a7059">
-  <source>Verify Response Signature</source>
-  <target>Verificar Response Signature</target>
-</trans-unit>
-<trans-unit id="s435805a99af456d3">
-  <source>When enabled, authentik will look for a Signature inside of the Response element.</source>
-  <target>Quando habilitado, Authentik vai procurar uma Signature dentro do elemento Response.</target>
-</trans-unit>
-<trans-unit id="s98d6b06b0fb7da64">
-  <source>Logo shown in sidebar/header and flow executor.</source>
-  <target>Logomarca mostrada na barra lateral/header e executor de fluxo.</target>
-</trans-unit>
-<trans-unit id="s2643b2f95c0c38a0">
-  <source>Select an application...</source>
-  <target>Selecione uma aplicação...</target>
-</trans-unit>
-<trans-unit id="s5d4669050d36a5ab">
-  <source>Select a recovery flow...</source>
-  <target>Selecionar um fluxo de recuperação...</target>
-</trans-unit>
-<trans-unit id="s796ab9d9a9131241">
-  <source>Select an unenrollment flow...</source>
-  <target>Selecionar um fluxo de descadastramento...</target>
-</trans-unit>
-<trans-unit id="s1fe26d2eb791caec">
-  <source>Select a user settings flow...</source>
-  <target>Selecionar um fluxo de configurações de usuário...</target>
-</trans-unit>
-<trans-unit id="s70d02f31fd256eff">
-  <source>Select a device code flow...</source>
-  <target>Selecionar um fluxo de código de dispositivo...</target>
-</trans-unit>
-<trans-unit id="s4270ebcf645b9df5">
-  <source>Search by domain or brand name...</source>
-  <target>Buscar por domínio ou nome de marca...</target>
-</trans-unit>
-<trans-unit id="sb4661b2d2c2b3564">
-  <source>New Brand</source>
-  <target>Niva Marca</target>
-</trans-unit>
-<trans-unit id="s66752390605b7d37">
-  <source>Create and assign a group with the same name as the user.</source>
-  <target>Criar e atribuir um grupo com o mesmo nome do usuário.</target>
-</trans-unit>
-<trans-unit id="s0137933e117f2092">
-  <source>Whether the token will expire. Upon expiration, the token will be rotated.</source>
-  <target>Indica se o token irá expirar. Após a expirado, o token será rotacionado.</target>
-</trans-unit>
-<trans-unit id="sb26035b596566abf">
-  <source>Unnamed</source>
-  <target>Não nomeado</target>
-</trans-unit>
-<trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
-</trans-unit>
-<trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
-</trans-unit>
-<trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
-</trans-unit>
-<trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
-</trans-unit>
-<trans-unit id="sf6707428adeba590">
-  <source>API drawer</source>
-</trans-unit>
-<trans-unit id="sf3b5b13c6b55eb4c">
-  <source>Close API drawer</source>
-</trans-unit>
-<trans-unit id="sfa991acd65f738bf">
-  <source>View details for <x id="0" equiv-text="${label}"/></source>
-</trans-unit>
-<trans-unit id="s5bb4026da28b7914">
-  <source>Mark as read</source>
-</trans-unit>
-<trans-unit id="sc0064c91ad2aa90b">
-  <source>Notification drawer</source>
-</trans-unit>
-<trans-unit id="s3ef09dfdd0568b6e">
-  <source>Search by username, email, etc...</source>
-</trans-unit>
-<trans-unit id="sd65f96914ccbeb76">
-  <source>User Search</source>
-</trans-unit>
-<trans-unit id="s7c6c86d9a97ed706">
-  <source>Show deactivated users</source>
-</trans-unit>
-<trans-unit id="s462975174949cfc0">
-  <source>New User</source>
-</trans-unit>
-<trans-unit id="s7d620371caea15e1">
-  <source>Create Service Account</source>
-</trans-unit>
-<trans-unit id="sc47c8364ef524c1d">
-  <source>New Service Account</source>
-</trans-unit>
-<trans-unit id="s441f155311f1748a">
-  <source>User paths</source>
-</trans-unit>
-<trans-unit id="sd5d9adfcbd8abdfe">
-  <source>Bot username</source>
-</trans-unit>
-<trans-unit id="saf5316edc3679fef">
-  <source>Bot token</source>
-</trans-unit>
-<trans-unit id="s64b935d223a99731">
-  <source>Request access to send messages from your bot</source>
-</trans-unit>
-<trans-unit id="s500a041b1fab7aac">
-  <source>Telegram Attribute mapping</source>
-</trans-unit>
-<trans-unit id="s463491b90193d86b">
-  <source>Telegram bot</source>
-</trans-unit>
-<trans-unit id="s4014853299a8bb20">
-  <source>Update Telegram Source</source>
-</trans-unit>
-<trans-unit id="sf376ae7e9ef41c1a">
-  <source>Authenticating with Telegram...</source>
-</trans-unit>
-<trans-unit id="s76ea993fdc8503d8">
-  <source>Click the button below to start.</source>
-</trans-unit>
-<trans-unit id="sd2fa988f1774cfde">
-  <source>System Status</source>
-</trans-unit>
-<trans-unit id="s66f26fdcbe2101eb">
-  <source>Chart</source>
-</trans-unit>
-<trans-unit id="s7b58d033cc5112ab">
-  <source>Event volume chart</source>
-</trans-unit>
-<trans-unit id="s0914f91b3f985f0f">
-  <source>Synchronization status chart</source>
-</trans-unit>
-<trans-unit id="s3f01dbc864d2a8b9">
-  <source>Outpost status chart</source>
-</trans-unit>
-<trans-unit id="s7f073c746d0f6324">
-  <source>Form actions</source>
-</trans-unit>
-<trans-unit id="sfd81bd296e2f7585">
-  <source>Submit action</source>
-</trans-unit>
-<trans-unit id="s5baec8151f4a4433">
-  <source>Cancel action</source>
-</trans-unit>
-<trans-unit id="s1ec022562e3d515b">
-  <source>Search for users by username or display name...</source>
-</trans-unit>
-<trans-unit id="s65f6a2f5e2b848e1">
-  <source>Search Users</source>
-</trans-unit>
-<trans-unit id="sd416adae573583d5">
-  <source>Select Users</source>
-</trans-unit>
-<trans-unit id="s93d69514c94ad635">
-  <source>Select users</source>
-</trans-unit>
-<trans-unit id="sb85774dc5d18ff0f">
-  <source>Confirm</source>
-</trans-unit>
-<trans-unit id="s9436f1bf4400f6a6">
-  <source>Type a group name...</source>
-</trans-unit>
-<trans-unit id="s2d9356347ff7c77f">
-  <source>Group Name</source>
-</trans-unit>
-<trans-unit id="sf45dac7c571f18bd">
-  <source>Superuser Privileges</source>
-</trans-unit>
-<trans-unit id="sbf8a7af4eafa87f8">
-  <source>Whether users added to this group will have superuser privileges.</source>
-</trans-unit>
-<trans-unit id="sb05313d80a8b531f">
-  <source>Select an optional parent group...</source>
-</trans-unit>
-<trans-unit id="sf0d94539428a0900">
-  <source>Search for a group by name…</source>
-</trans-unit>
-<trans-unit id="s77ec9e27e9ae81b8">
-  <source>Group Search</source>
-</trans-unit>
-<trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
-</trans-unit>
-<trans-unit id="s62dfa9c45cb3025a">
-  <source>New Group</source>
-</trans-unit>
-<trans-unit id="s3d0a5ad9bdb617e2">
-  <source>Open user selection dialog</source>
-</trans-unit>
-<trans-unit id="s362bf0ff6d7db6c9">
-  <source>Group User Search</source>
-</trans-unit>
-<trans-unit id="se040a9c3444c727c">
-  <source>Group Users</source>
-</trans-unit>
-<trans-unit id="sac6c67e92bd30229">
-  <source>Assign Additional Users</source>
-</trans-unit>
-<trans-unit id="sf6aec5a09661fe61">
-  <source>Add new user</source>
-</trans-unit>
-<trans-unit id="s0051b0d8e6decea6">
-  <source>New user...</source>
-</trans-unit>
-<trans-unit id="s384699f614f39071">
-  <source>New service account...</source>
-</trans-unit>
-<trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
-</trans-unit>
-<trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
-</trans-unit>
-<trans-unit id="saf579a36a54c92e1">
-  <source>Current user</source>
-</trans-unit>
-<trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
-</trans-unit>
-<trans-unit id="s45c530a48bcf74ad">
-  <source>Use inspector</source>
-</trans-unit>
-<trans-unit id="s482bc55a78891ef7">
-  <source>A code has been sent to your address: <x id="0" equiv-text="${email}"/></source>
-</trans-unit>
-<trans-unit id="s5afa3fc77ce8d94d">
-  <source>A code has been sent to your email address.</source>
-</trans-unit>
-<trans-unit id="s37f47fa981493c3b">
-  <source>A one-time use code has been sent to you via SMS text message.</source>
-</trans-unit>
-<trans-unit id="sc92a7248dba5f388">
-  <source>Open your authenticator app to retrieve a one-time use code.</source>
-</trans-unit>
-<trans-unit id="s775f81ca91aa2d0c">
-  <source>Policy actions</source>
-</trans-unit>
-<trans-unit id="sa4be93eb7f4e51e3">
-  <source>Site links</source>
-</trans-unit>
-<trans-unit id="s15d6fabebb4ef2d8">
-  <source>User information</source>
-</trans-unit>
-<trans-unit id="s4607a8246d0d6265">
-  <source>Avatar for <x id="0" equiv-text="${this.user}"/></source>
-</trans-unit>
-<trans-unit id="sb0dbcf3bb1127907">
-  <source>User avatar</source>
-</trans-unit>
-<trans-unit id="s8d6236ad153d42c0">
-  <source>CAPTCHA challenge</source>
-</trans-unit>
-<trans-unit id="sc091f75b942ec081">
-  <source>QR-Code to setup a time-based one-time password</source>
-</trans-unit>
-<trans-unit id="s6db67c7681b8be6e">
-  <source>Copy time-based one-time password configuration</source>
-</trans-unit>
-<trans-unit id="s43e859bf711e3599">
-  <source>Copy TOTP Config</source>
-</trans-unit>
-<trans-unit id="sa5562e0115ffbccd">
-  <source>Time-based one-time password</source>
-</trans-unit>
-<trans-unit id="s40f44c0d88807fd5">
-  <source>TOTP Code</source>
-</trans-unit>
-<trans-unit id="s95474cc8c73dd9c0">
-  <source>Type your TOTP code...</source>
-</trans-unit>
-<trans-unit id="s168d0c138b63286d">
-  <source>Type your time-based one-time password code.</source>
-</trans-unit>
-<trans-unit id="s14e8ac4d377a1a99">
-  <source>Type an authentication code...</source>
-</trans-unit>
-<trans-unit id="s8bb0a1b672b52954">
-  <source>In case you lose access to your primary authenticators.</source>
-</trans-unit>
-<trans-unit id="s76d21e163887ddd1">
-  <source>Unknown device</source>
-</trans-unit>
-<trans-unit id="sf0ceaf3116e31fd4">
-  <source>An unknown device class was provided.</source>
-</trans-unit>
-<trans-unit id="s610fced3957d0471">
-  <source>Select an authentication method</source>
-</trans-unit>
-<trans-unit id="s1213df84313e1937">
-  <source>No authentication methods available.</source>
-</trans-unit>
-<trans-unit id="s958cedec1cb3fc52">
-  <source>Select a configuration stage</source>
-</trans-unit>
-<trans-unit id="sb69e43f2f6bd1b54">
-  <source>Close flow inspector</source>
-</trans-unit>
-<trans-unit id="s857cf5aa8955cf5c">
-  <source>Flow inspector loading</source>
-</trans-unit>
-<trans-unit id="sa17ce23517e56461">
-  <source>Authentication form</source>
-</trans-unit>
-<trans-unit id="sdd2ea73c24b40d5d">
-  <source>Site footer</source>
-</trans-unit>
-<trans-unit id="s2f06038e5cfd09df">
-  <source>Consumed</source>
-</trans-unit>
-<trans-unit id="s556a7cc7c0c9f032">
-  <source>Pre-processing</source>
-</trans-unit>
-<trans-unit id="sb37a630168e1e0e5">
-  <source>Post-processing</source>
-</trans-unit>
-<trans-unit id="s94f08f46277af7d6">
-  <source>Running tasks</source>
-</trans-unit>
-<trans-unit id="s8b551364b894d1ee">
-  <source>Queued tasks</source>
-</trans-unit>
-<trans-unit id="s2139d19009989a19">
-  <source>Successful tasks</source>
-</trans-unit>
-<trans-unit id="s0787cd9eab5aa6e3">
-  <source>Error tasks</source>
-</trans-unit>
-<trans-unit id="s531571491deb239a">
-  <source>Approximately</source>
-</trans-unit>
-<trans-unit id="sc62e587718608e85">
-  <source>No expiry</source>
-</trans-unit>
-<trans-unit id="s84fb675fb17d4455">
-  <source>Retries</source>
-</trans-unit>
-<trans-unit id="s1d300a2f13c19ab4">
-  <source>Planned execution time</source>
-</trans-unit>
-<trans-unit id="s3736936aac1adc2e">
-  <source>Open flow inspector</source>
-</trans-unit>
-<trans-unit id="s1ff2128af96d843f">
-  <source>Available applications</source>
-</trans-unit>
-<trans-unit id="sda842e40ed1d9a2f">
-  <source>Application search</source>
-</trans-unit>
-<trans-unit id="s65b433c52c2ad8eb">
-  <source>Search for an application by name...</source>
-</trans-unit>
-<trans-unit id="sa3056b3252b4b52c">
-  <source>Back-channel</source>
-</trans-unit>
-<trans-unit id="saa3d821fc889a636">
-  <source>Server-to-server logout notifications</source>
-</trans-unit>
-<trans-unit id="s9f448d01a0354e8e">
-  <source>Front-channel</source>
-</trans-unit>
-<trans-unit id="s83ba71823baf9a51">
-  <source>Browser iframe logout notifications</source>
-</trans-unit>
-<trans-unit id="s145480489b87a109">
-  <source>Logout URI</source>
-</trans-unit>
-<trans-unit id="s37018999e29f65b3">
-  <source>URI to send logout notifications to when users log out. Required for OpenID Connect Logout functionality.</source>
-</trans-unit>
-<trans-unit id="s2dcb6d1fd145b834">
-  <source>Logout Method</source>
-</trans-unit>
-<trans-unit id="s2e527acc2a73da87">
-  <source>The logout method determines how the logout URI is called — back-channel (server-to-server) or front-channel (browser iframe).</source>
-</trans-unit>
-<trans-unit id="sa4bd902fbc432ab8">
-  <source>Sign logout requests</source>
-</trans-unit>
-<trans-unit id="sb1e6dc6d91ce352e">
-  <source>When enabled, SAML logout requests will be signed.</source>
-</trans-unit>
-<trans-unit id="sd1ab93a011b2f1f5">
-  <source>Front-channel (Iframe)</source>
-</trans-unit>
-<trans-unit id="s885ea9abccda30d8">
-  <source>Front-channel (Native)</source>
-</trans-unit>
-<trans-unit id="s34cd8ae3ee828045">
-  <source>Back-channel (POST)</source>
-</trans-unit>
-<trans-unit id="s7f7be294b1bef506">
-  <source>SLS Binding</source>
-</trans-unit>
-<trans-unit id="s9104cd1063aa6a4a">
-  <source>Determines how authentik sends the logout response back to the Service Provider.</source>
-</trans-unit>
-<trans-unit id="sd1fba3c745c016a8">
-  <source>Method to use for logout when SLS URL is configured.</source>
-</trans-unit>
-<trans-unit id="sc71892084574cf32">
-  <source>SLS URL</source>
-</trans-unit>
-<trans-unit id="s21658078c6fdf964">
-  <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
-</trans-unit>
-<trans-unit id="scbf29ce484222325">
-  <source/>
-</trans-unit>
-<trans-unit id="s78869b8b2bc26d0d">
-  <source>SAML Provider</source>
-</trans-unit>
-<trans-unit id="sca83a1f9227f74b9">
-  <source>SAML logout complete</source>
-</trans-unit>
-<trans-unit id="s7b90eab7969ae056">
-  <source>Redirecting to SAML provider: <x id="0" equiv-text="${providerName}"/></source>
-</trans-unit>
-<trans-unit id="s3e6174b645d96835">
-  <source>Posting logout request to SAML provider: <x id="0" equiv-text="${providerName}"/></source>
-</trans-unit>
-<trans-unit id="s0b1ffff8bedd6b8a">
-  <source>Unknown Provider</source>
-</trans-unit>
-<trans-unit id="s777e86d562523c85">
-  <source>Logging out of providers...</source>
-</trans-unit>
-<trans-unit id="s4980379bf8461c2d">
-  <source>Single Logout</source>
-</trans-unit>
-<trans-unit id="sc82cf82ad6cb26cc">
-  <source>The user's display name.</source>
-</trans-unit>
-<trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
-</trans-unit>
-<trans-unit id="sfa660d9e563c346f">
-  <source>Edit application...</source>
-</trans-unit>
-<trans-unit id="ellipsis">
-  <source>...</source>
-  <note from="lit-localize">Truncation ellipsis</note>
-</trans-unit>
-<trans-unit id="s8b0e21adf383c8ba">
-  <source>.yaml files, which can be found in the Example Flows documentation</source>
-</trans-unit>
-<trans-unit id="s139200afa0695967">
-  <source>Plain</source>
-</trans-unit>
-<trans-unit id="s7a316723c6bb33eb">
-  <source>S256</source>
-</trans-unit>
-<trans-unit id="s311c22ee852736e9">
-  <source>PKCE Method</source>
-</trans-unit>
-<trans-unit id="sa9afb0f84a3c380d">
-  <source>Configure Proof Key for Code Exchange for this source.</source>
-</trans-unit>
-<trans-unit id="s2e6c714bb95c18a3">
-  <source>User settings</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/ru.xlf
+++ b/web/xliff/ru.xlf
@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
  <file target-language="ru" source-language="en" original="lit-localize-inputs" datatype="plaintext">
    <body>
      <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
        
      </trans-unit>
      <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot; не найден.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>URL "
+        <x id="0" equiv-text="${this.url}"/>" не найден.</target>
        
      </trans-unit>
      <trans-unit id="s58cd9c2fe836d9c6">
@@ -1662,8 +1662,8 @@
        
      </trans-unit>
      <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>Введите полный URL-адрес, относительный путь или используйте 'fa://fa-test', чтобы использовать иконку Font Awesome &quot;fa-test&quot;.</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>Введите полный URL-адрес, относительный путь или используйте 'fa://fa-test', чтобы использовать иконку Font Awesome "fa-test".</target>
        
      </trans-unit>
      <trans-unit id="s0410779cb47de312">
@@ -3614,7 +3614,7 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s6b6e6eb037aef7da">
        <source>Use the username and password below to authenticate. The password can be retrieved later on the Tokens page.</source>
-        <target>Для аутентификации используйте указанные ниже имя пользователя и пароль. Пароль можно получить позже на странице &quot;Токены&quot;.</target>
+        <target>Для аутентификации используйте указанные ниже имя пользователя и пароль. Пароль можно получить позже на странице "Токены".</target>
        
      </trans-unit>
      <trans-unit id="sf6e1665c7022a1f8">
@@ -3650,10 +3650,10 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
        <target>Вы уверены, что хотите обновить
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot;?</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>"?</target>
        
      </trans-unit>
      <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4683,7 +4683,7 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
        <target>Переносной аутентификатор, например YubiKey</target>
        
      </trans-unit>
@@ -5038,12 +5038,12 @@ doesn't pass when either or both of the selected options are equal or above the
      </trans-unit>
      <trans-unit id="s2512334108f06a5a">
        <source>Stay signed in offset</source>
-        <target>Смещение &quot;Оставаться в системе&quot;</target>
+        <target>Смещение "Оставаться в системе"</target>
        
      </trans-unit>
      <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
-        <target>Если значение продолжительности больше 0, у пользователя будет возможность выбрать опцию &quot;оставаться в системе&quot;, что продлит его сеанс на указанное здесь время.</target>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
+        <target>Если значение продолжительности больше 0, у пользователя будет возможность выбрать опцию "оставаться в системе", что продлит его сеанс на указанное здесь время.</target>
        
      </trans-unit>
      <trans-unit id="s542a71bb8f41e057">
@@ -6723,6 +6723,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="sde9a3f41977ec1f8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${internalUsers}"/> current internal users and <x id="1" equiv-text="${forecastedInternalUsers}"/> forecasted internal users.</source>
+  <target>Предполагаемое количество пользователей через год на основе <x id="0" equiv-text="${this.forecast?.internalUsers}"/> текущих внутренних пользователей и <x id="1" equiv-text="${this.forecast?.forecastedInternalUsers}"/> прогнозируемых внутренних пользователей.</target>
 </trans-unit>
 <trans-unit id="s4557b6b9da258643">
  <source>Forecast external users</source>
@@ -6730,6 +6731,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="sf52479d6daa0a4a8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${externalUsers}"/> current external users and <x id="1" equiv-text="${forecastedExternalUsers}"/> forecasted external users.</source>
+  <target>Предполагаемое количество пользователей через год на основе <x id="0" equiv-text="${this.forecast?.externalUsers}"/> текущих внешних пользователей и <x id="1" equiv-text="${this.forecast?.forecastedExternalUsers}"/> прогнозируемых внешних пользователей.</target>
 </trans-unit>
 <trans-unit id="s6196153c4b0c1ea0">
  <source>Install</source>
@@ -7086,6 +7088,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s7e796fe83982863f">
  <source>Role <x id="0" equiv-text="${this._role.name}"/></source>
+  <target>Роль <x id="0" equiv-text="${this._role?.name || &quot;&quot;}"/></target>
 </trans-unit>
 <trans-unit id="s526e2c66bd51ff5f">
  <source>Role Info</source>
@@ -7097,7 +7100,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s070fdfb03034ca9b">
  <source>One hint, 'New Application Wizard', is currently hidden</source>
-  <target>Одна подсказка, &quot;Мастер создания нового приложения&quot;, в настоящее время скрыта</target>
+  <target>Одна подсказка, "Мастер создания нового приложения", в настоящее время скрыта</target>
 </trans-unit>
 <trans-unit id="s1cc306d8e28c4464">
  <source>Deny message</source>
@@ -7204,7 +7207,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>Пользователь успешно создан и добавлен в группу <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
  <target>Этот пользователь будет добавлен в группу &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8295,7 +8298,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="sd8a5f7269b7ac7a3">
  <source>Caution: This authentik instance has entered read-only mode due to expired/exceeded licenses.</source>
-  <target>Внимание: Этот экземпляр authentik перешел в режим &quot;только чтение&quot; из-за истекших/превышенных лицензий.</target>
+  <target>Внимание: Этот экземпляр authentik перешел в режим "только чтение" из-за истекших/превышенных лицензий.</target>
 </trans-unit>
 <trans-unit id="se8c58e65674b6847">
  <source>This authentik instance uses a Trial license.</source>
@@ -8323,7 +8326,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s9dda0789d278f5c5">
  <source>Provide users with a 'show password' button.</source>
-  <target>Предоставить пользователям кнопку &quot;показать пароль&quot;.</target>
+  <target>Предоставить пользователям кнопку "показать пароль".</target>
 </trans-unit>
 <trans-unit id="s2f7f35f6a5b733f5">
  <source>Show password</source>
@@ -8434,7 +8437,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>Группа синхронизации </target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
  <source>Parent Group</source>
@@ -8631,7 +8634,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Valid redirect URIs after a successful authorization flow. Also specify any origins here for Implicit flows.</source>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
  <source>Federated OIDC Sources</source>
@@ -9225,7 +9228,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>How to perform authentication during an authorization_code token request flow</source>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
+  <source>Enable "Remember me on this device"</source>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
  <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9528,7 +9531,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
  <source>Account Recovery Max Attempts</source>
@@ -9624,10 +9627,10 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
  <source>Collapse row</source>
@@ -9690,31 +9693,31 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
  <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
  <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
  <source>OCI URL</source>
@@ -9730,10 +9733,10 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
  <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -9835,7 +9838,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
  <source>Verify Assertion Signature</source>
@@ -9883,16 +9886,16 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
  <source>API drawer</source>
@@ -10015,7 +10018,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
  <source>New Group</source>
@@ -10042,16 +10045,16 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
  <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
  <source>Use inspector</source>
@@ -10240,7 +10243,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
  <source>SAML Provider</source>
@@ -10267,7 +10270,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
  <source>Edit application...</source>
@@ -10296,4 +10299,4 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
    </body>
  </file>
-</xliff>
+</xliff>
--- a/web/xliff/tr.xlf
+++ b/web/xliff/tr.xlf
@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
  <file target-language="tr" source-language="en" original="lit-localize-inputs" datatype="plaintext">
    <body>
      <trans-unit id="s4caed5b7a7e5d89b">
@@ -577,7 +577,7 @@
        
      </trans-unit>
      <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
        <target><x id="0" equiv-text="${this.url}"/> URL adresi bulunamadı.</target>
        
      </trans-unit>
@@ -1645,7 +1645,7 @@
        
      </trans-unit>
      <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
        <target>Ya tam bir URL, göreli bir yol girin ya da 'fa://fa-test' Yazı Tipi Awesome simgesini “fa-test” kullanmak için kullanın.</target>
        
      </trans-unit>
@@ -3626,8 +3626,8 @@ Belirlenen seçeneklerden biri veya her ikisi de eşiğe eşit veya eşiğin üz
        
      </trans-unit>
      <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
-        <target><x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot; Güncellemek istediğinizden emin misiniz?</target>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
+        <target><x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>" Güncellemek istediğinizden emin misiniz?</target>
        
      </trans-unit>
      <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4654,8 +4654,8 @@ Belirlenen seçeneklerden biri veya her ikisi de eşiğe eşit veya eşiğin üz
        
      </trans-unit>
      <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
-        <target>YubiKey gibi bir &quot;dolaşımda&quot; kimlik doğrulayıcı</target>
+        <source>A "roaming" authenticator, like a YubiKey</source>
+        <target>YubiKey gibi bir "dolaşımda" kimlik doğrulayıcı</target>
        
      </trans-unit>
      <trans-unit id="sfffba7b23d8fb40c">
@@ -5013,8 +5013,8 @@ Belirlenen seçeneklerden biri veya her ikisi de eşiğe eşit veya eşiğin üz
        
      </trans-unit>
      <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
-        <target>0'ın üzerinde bir süreye ayarlanırsa, kullanıcı &quot;oturumu açık kalsın&quot; seçeneğini seçebilir ve bu da oturumunu burada belirtilen süre kadar uzatır.</target>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
+        <target>0'ın üzerinde bir süreye ayarlanırsa, kullanıcı "oturumu açık kalsın" seçeneğini seçebilir ve bu da oturumunu burada belirtilen süre kadar uzatır.</target>
        
      </trans-unit>
      <trans-unit id="s542a71bb8f41e057">
@@ -6683,6 +6683,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
 </trans-unit>
 <trans-unit id="sde9a3f41977ec1f8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${internalUsers}"/> current internal users and <x id="1" equiv-text="${forecastedInternalUsers}"/> forecasted internal users.</source>
+  <target>Bundan bir yıl sonra <x id="0" equiv-text="${this.forecast?.internalUsers}"/> mevcut dahili kullanıcılar ve <x id="1" equiv-text="${this.forecast?.forecastedInternalUsers}"/> tahmini dahili kullanıcılara dayalı tahmini kullanıcı sayısı.</target>
 </trans-unit>
 <trans-unit id="s4557b6b9da258643">
  <source>Forecast external users</source>
@@ -6690,6 +6691,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
 </trans-unit>
 <trans-unit id="sf52479d6daa0a4a8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${externalUsers}"/> current external users and <x id="1" equiv-text="${forecastedExternalUsers}"/> forecasted external users.</source>
+  <target>Şu andaki <x id="0" equiv-text="${this.forecast?.externalUsers}"/> harici kullanıcılar ve <x id="1" equiv-text="${this.forecast?.forecastedExternalUsers}"/> tahmini harici kullanıcılar temel alınarak bir yıl sonraki tahmini kullanıcı sayısı.</target>
 </trans-unit>
 <trans-unit id="s6196153c4b0c1ea0">
  <source>Install</source>
@@ -7046,6 +7048,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
 </trans-unit>
 <trans-unit id="s7e796fe83982863f">
  <source>Role <x id="0" equiv-text="${this._role.name}"/></source>
+  <target>Rol <x id="0" equiv-text="${this._role?.name || &quot;&quot;}"/></target>
 </trans-unit>
 <trans-unit id="s526e2c66bd51ff5f">
  <source>Role Info</source>
@@ -7164,8 +7167,8 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <target>Kullanıcı başarıyla oluşturuldu ve <x id="0" equiv-text="${this.group.name}"/> grubuna eklendi.</target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
-  <target>Bu kullanıcı &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot; grubuna eklenecek.</target>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
+  <target>Bu kullanıcı "<x id="0" equiv-text="${this.targetGroup.name}"/>" grubuna eklenecek.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
  <source>Pretend user exists</source>
@@ -8413,7 +8416,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <target>Grubu Eşitle</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
  <source>Parent Group</source>
@@ -8533,7 +8536,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
 </trans-unit>
 <trans-unit id="s95722900b0c9026f">
  <source>Credentials cache used to authenticate to the KDC for syncing. Optional if Sync password or Sync keytab is provided. Must be in the form TYPE:residual.</source>
-  <target>Eşitleme için KDC'de kimlik doğrulaması yapmak için kullanılan kimlik bilgileri önbelleği. Senkronizasyon şifresi veya Senkronizasyon tuşu sekmesi sağlanmışsa isteğe bağlıdır. TYPE:residual&quot; şeklinde olmalıdır.</target>
+  <target>Eşitleme için KDC'de kimlik doğrulaması yapmak için kullanılan kimlik bilgileri önbelleği. Senkronizasyon şifresi veya Senkronizasyon tuşu sekmesi sağlanmışsa isteğe bağlıdır. TYPE:residual" şeklinde olmalıdır.</target>
 </trans-unit>
 <trans-unit id="sf9c055db98d7994a">
  <source>SPNEGO settings</source>
@@ -8561,7 +8564,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
 </trans-unit>
 <trans-unit id="sd9757c345e4062f8">
  <source>Credentials cache used for SPNEGO. Optional if SPNEGO keytab is provided. Must be in the form TYPE:residual.</source>
-  <target>SPNEGO için kullanılan kimlik bilgileri önbelleği. SPNEGO tuş sekmesi sağlanmışsa isteğe bağlıdır. TYPE:residual&quot; şeklinde olmalıdır.</target>
+  <target>SPNEGO için kullanılan kimlik bilgileri önbelleği. SPNEGO tuş sekmesi sağlanmışsa isteğe bağlıdır. TYPE:residual" şeklinde olmalıdır.</target>
 </trans-unit>
 <trans-unit id="s734ab8fbcae0b69e">
  <source>Kerberos Attribute mapping</source>
@@ -8646,7 +8649,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <source>Valid redirect URIs after a successful authorization flow. Also specify any origins here for Implicit flows.</source>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
  <source>Federated OIDC Sources</source>
@@ -9199,7 +9202,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <source>How to perform authentication during an authorization_code token request flow</source>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
+  <source>Enable "Remember me on this device"</source>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
  <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9502,7 +9505,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
  <source>Account Recovery Max Attempts</source>
@@ -9598,10 +9601,10 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
  <source>Collapse row</source>
@@ -9664,31 +9667,31 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
  <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
  <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
  <source>OCI URL</source>
@@ -9704,10 +9707,10 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
  <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -9809,7 +9812,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
  <source>Verify Assertion Signature</source>
@@ -9857,16 +9860,16 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
  <source>API drawer</source>
@@ -9989,7 +9992,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
  <source>New Group</source>
@@ -10016,16 +10019,16 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
  <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
  <source>Use inspector</source>
@@ -10214,7 +10217,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
  <source>SAML Provider</source>
@@ -10241,7 +10244,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
  <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
  <source>Edit application...</source>
@@ -10270,4 +10273,4 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
 </trans-unit>
    </body>
  </file>
-</xliff>
+</xliff>
--- a/web/xliff/zh-Hans.xlf
+++ b/web/xliff/zh-Hans.xlf
@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
  <file target-language="zh-Hans" source-language="en" original="lit-localize-inputs" datatype="plaintext">
    <body>
      <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
        
      </trans-unit>
      <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>未找到 URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot;。</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>未找到 URL "
+        <x id="0" equiv-text="${this.url}"/>"。</target>
        
      </trans-unit>
      <trans-unit id="s58cd9c2fe836d9c6">
@@ -1662,8 +1662,8 @@
        
      </trans-unit>
      <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 &quot;fa-test&quot;。</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。</target>
        
      </trans-unit>
      <trans-unit id="s0410779cb47de312">
@@ -3650,10 +3650,10 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
        <target>您确定要更新
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot; 吗？</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>" 吗？</target>
        
      </trans-unit>
      <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4683,7 +4683,7 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
        <target>像 YubiKey 这样的“漫游”身份验证器</target>
        
      </trans-unit>
@@ -5042,7 +5042,7 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
        <target>如果设置时长大于 0，用户可以选择“保持登录”选项，这将使用户的会话延长此处设置的时间。</target>
        
      </trans-unit>
@@ -6723,6 +6723,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="sde9a3f41977ec1f8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${internalUsers}"/> current internal users and <x id="1" equiv-text="${forecastedInternalUsers}"/> forecasted internal users.</source>
+  <target>根据当前 <x id="0" equiv-text="${this.forecast?.internalUsers}"/> 名内部用户和 <x id="1" equiv-text="${this.forecast?.forecastedInternalUsers}"/> 名预测的内部用户，估算从此时起一年后的用户数。</target>
 </trans-unit>
 <trans-unit id="s4557b6b9da258643">
  <source>Forecast external users</source>
@@ -6730,6 +6731,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="sf52479d6daa0a4a8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${externalUsers}"/> current external users and <x id="1" equiv-text="${forecastedExternalUsers}"/> forecasted external users.</source>
+  <target>根据当前 <x id="0" equiv-text="${this.forecast?.externalUsers}"/> 名外部用户和 <x id="1" equiv-text="${this.forecast?.forecastedExternalUsers}"/> 名预测的外部用户，估算从此时起一年后的用户数。</target>
 </trans-unit>
 <trans-unit id="s6196153c4b0c1ea0">
  <source>Install</source>
@@ -7086,6 +7088,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s7e796fe83982863f">
  <source>Role <x id="0" equiv-text="${this._role.name}"/></source>
+  <target>角色 <x id="0" equiv-text="${this._role?.name || &quot;&quot;}"/></target>
 </trans-unit>
 <trans-unit id="s526e2c66bd51ff5f">
  <source>Role Info</source>
@@ -7204,7 +7207,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>成功创建用户并添加到组 <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
  <target>此用户将会被添加到组 &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;。</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8454,7 +8457,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>同步组</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
  <target><x id="0" equiv-text="${p.name}"/>（&amp;quot;<x id="1" equiv-text="${p.fieldKey}"/>&amp;quot;，类型为 <x id="2" equiv-text="${p.type}"/>）</target>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
@@ -8702,8 +8705,8 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>授权流程成功后有效的重定向 URI。还可以在此处为隐式流程指定任何来源。</target>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-  <target>要允许任何重定向 URI，请设置模式为正则表达式，并将此值设置为 &quot;.*&quot;。请注意这可能带来的安全影响。</target>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
+  <target>要允许任何重定向 URI，请设置模式为正则表达式，并将此值设置为 ".*"。请注意这可能带来的安全影响。</target>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
  <source>Federated OIDC Sources</source>
@@ -9440,7 +9443,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>在 authorization_code 令牌请求流程期间，如何执行身份验证</target>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
+  <source>Enable "Remember me on this device"</source>
  <target>启用“在此设备上记住我”</target>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
@@ -9792,7 +9795,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
  <source>Account Recovery Max Attempts</source>
@@ -9888,10 +9891,10 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
  <source>Collapse row</source>
@@ -9954,31 +9957,31 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
  <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
  <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
  <source>OCI URL</source>
@@ -9994,10 +9997,10 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
  <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -10099,7 +10102,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
  <source>Verify Assertion Signature</source>
@@ -10147,16 +10150,16 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
  <source>API drawer</source>
@@ -10279,7 +10282,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
  <source>New Group</source>
@@ -10306,16 +10309,16 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
  <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
  <source>Use inspector</source>
@@ -10504,7 +10507,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
  <source>SAML Provider</source>
@@ -10531,7 +10534,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
  <source>Edit application...</source>
@@ -10560,4 +10563,4 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
    </body>
  </file>
-</xliff>
+</xliff>
--- a/web/xliff/zh_CN.xlf
+++ b/web/xliff/zh_CN.xlf
--- a/web/xliff/zh_TW.xlf
+++ b/web/xliff/zh_TW.xlf
@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
  <file target-language="zh-TW" source-language="en" original="lit-localize-inputs" datatype="plaintext">
    <body>
      <trans-unit id="s4caed5b7a7e5d89b">
@@ -572,7 +572,7 @@
        
      </trans-unit>
      <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
        
      </trans-unit>
      <trans-unit id="s58cd9c2fe836d9c6">
@@ -1634,7 +1634,7 @@
        
      </trans-unit>
      <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
        <target>輸入完整網址、相對路徑，或者使用 'fa://fa-test' 來使用 Font Awesome 圖示 「fa-test」。</target>
        
      </trans-unit>
@@ -3605,7 +3605,7 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
        
      </trans-unit>
      <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4625,7 +4625,7 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
        <target>外接式的身分認證器，例如 YubiKey</target>
        
      </trans-unit>
@@ -4984,7 +4984,7 @@ doesn't pass when either or both of the selected options are equal or above the
        
      </trans-unit>
      <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
        <target>如果持續時間大於零，使用者介面上將會有「保持登入」選項。這將會依照設定的時間延長會談。</target>
        
      </trans-unit>
@@ -6640,6 +6640,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="sde9a3f41977ec1f8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${internalUsers}"/> current internal users and <x id="1" equiv-text="${forecastedInternalUsers}"/> forecasted internal users.</source>
+  <target>基於目前 <x id="0" equiv-text="${this.forecast?.internalUsers}"/> 名內部使用者和預估的 <x id="1" equiv-text="${this.forecast?.forecastedInternalUsers}"/> 名內部使用者來估計一年後的使用者總數。</target>
 </trans-unit>
 <trans-unit id="s4557b6b9da258643">
  <source>Forecast external users</source>
@@ -6647,6 +6648,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="sf52479d6daa0a4a8">
  <source>Estimated user count one year from now based on <x id="0" equiv-text="${externalUsers}"/> current external users and <x id="1" equiv-text="${forecastedExternalUsers}"/> forecasted external users.</source>
+  <target>基於目前 <x id="0" equiv-text="${this.forecast?.externalUsers}"/> 名外部使用者和預估的 <x id="1" equiv-text="${this.forecast?.forecastedExternalUsers}"/> 名外部使用者來估計一年後的使用者總數。</target>
 </trans-unit>
 <trans-unit id="s6196153c4b0c1ea0">
  <source>Install</source>
@@ -7003,6 +7005,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s7e796fe83982863f">
  <source>Role <x id="0" equiv-text="${this._role.name}"/></source>
+  <target>角色 <x id="0" equiv-text="${this._role?.name || &quot;&quot;}"/></target>
 </trans-unit>
 <trans-unit id="s526e2c66bd51ff5f">
  <source>Role Info</source>
@@ -7121,7 +7124,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <target>成功建立使用者並加入到群組 <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
  <target>這個使用者將會被加入到「<x id="0" equiv-text="${this.targetGroup.name}"/>」群組。</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8059,7 +8062,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Sync Group</source>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
  <source>Parent Group</source>
@@ -8245,7 +8248,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Valid redirect URIs after a successful authorization flow. Also specify any origins here for Implicit flows.</source>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
  <source>Federated OIDC Sources</source>
@@ -8798,7 +8801,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>How to perform authentication during an authorization_code token request flow</source>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
+  <source>Enable "Remember me on this device"</source>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
  <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9101,7 +9104,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
  <source>Account Recovery Max Attempts</source>
@@ -9197,10 +9200,10 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
  <source>Collapse row</source>
@@ -9263,31 +9266,31 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
  <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
  <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
  <source>OCI URL</source>
@@ -9303,10 +9306,10 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
  <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -9408,7 +9411,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
  <source>Verify Assertion Signature</source>
@@ -9456,16 +9459,16 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
  <source>API drawer</source>
@@ -9588,7 +9591,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
  <source>New Group</source>
@@ -9615,16 +9618,16 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
  <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
  <source>Use inspector</source>
@@ -9813,7 +9816,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
  <source>SAML Provider</source>
@@ -9840,7 +9843,7 @@ Bindings to groups/users are checked against the user of the event.</source>
  <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
  <source>Edit application...</source>
@@ -9869,4 +9872,4 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
    </body>
  </file>
-</xliff>
+</xliff>
--- a/website/docs/add-secure-apps/providers/oauth2/index.mdx
+++ b/website/docs/add-secure-apps/providers/oauth2/index.mdx
@@ -48,8 +48,6 @@ sequenceDiagram
    rp->>user: User is logged in
 ```

-## OAuth2 endpoints and bindings
-
 | Endpoint             | URL                                                                  |
 | -------------------- | -------------------------------------------------------------------- |
 | Authorization        | `/application/o/authorize/`                                          |
--- a/website/docs/add-secure-apps/providers/saml/create-saml-provider.md
+++ b/website/docs/add-secure-apps/providers/saml/create-saml-provider.md
@@ -1,48 +0,0 @@
---
-title: Create a SAML provider
---
-
-authentik SAML providers can be created either from scratch or by using SAML metadata exported from the Service Provider (SP). Optionally, the metadata of an authentik SAML provider can be exported back to the SP. Note, however, that many SPs do not support exporting their metadata or importing Identity Provider (IdP) metadata.
-
-## Create a SAML provider and application pair
-
-To create a provider along with the corresponding application that uses it for authentication, navigate to **Applications** > **Applications** and click **Create with provider**. We recommend this combined approach for most common use cases. Alternatively, you can use the legacy method to solely create the provider by navigating to **Applications** > **Providers** and clicking **Create**.
-
-1. Log in to authentik as an administrator, and open the authentik Admin interface.
-2. Navigate to **Applications > Applications** and click **Create with provider** to create an application and provider pair.
-3. On the **New application** page, define the application details, and then click **Next**.
-4. Select **SAML Provider** as the **Provider Type**, and then click **Next**.
-5. On the **Configure SAML Provider** page, provide the configuration settings and then click **Submit** to create both the application and the provider.
-
-## Create a SAML provider from SP metadata (import SP metadata)
-
-If you have exported SAML metadata from your SP, you can optionally create the authentik SAML provider by importing this metadata.
-
-1. Log in to authentik as an administrator, and open the authentik Admin interface.
-2. Navigate to **Applications > Providers** and click **Create** to create a provider.
-3. Select **SAML Provider from Metadata** as the **Provider Type**, and then click **Next**.
-4. On the **Create SAML Provider from Metadata** page, provide the configuration settings along with an SP metadata file and then click **Finish** to create the provider.
-5. (Optional) Edit the created SAML provider and configure any further settings.
-
-## Export authentik SAML provider metadata
-
-After an authentik SAML provider has been created via any of the above methods, you can access its metadata in one of two ways:
-
-### Download authentik metadata
-
-To download the metadata of an authentik SAML provider, follow these steps:
-
-1. Log in to authentik as an administrator, and open the authentik Admin interface.
-2. Navigate to **Applications > Providers**.
-3. Click the name of the provider you want metadata from to open its overview tab.
-4. In the **Related objects** section, under **Metadata** click on **Download**. This will download the metadata xml file for that provider.
-
-### Access metadata tab
-
-To view and optionally download the metadata of an authentik SAML provider, follow these steps:
-
-1. Log in to authentik as an administrator, and open the authentik Admin interface.
-2. Navigate to **Applications > Providers**.
-3. Click the name of the provider you want metadata from to open its overview tab.
-4. Navigate to the **Metadata** tab.
-5. The metadata for the provider will be shown in a codebox. You can optionally use the **Download** button to obtain the metadata as a file.
--- a/website/docs/add-secure-apps/providers/saml/index.md
+++ b/website/docs/add-secure-apps/providers/saml/index.md
@@ -2,142 +2,32 @@
 title: SAML Provider
 ---

-The SAML provider allows you to integrate with Service Providers using the SAML2 protocol. It supports [importing and exporting SAML metadata](#saml-metadata), [signed requests](#certificates) and uses [property mappings](../property-mappings/index.md#saml-property-mappings) to align, or "map", Service Provider and authentik attributes.
-
-Refer to our documentation to learn how to [create a SAML provider](./create-saml-provider.md).
-
-## SAML bindings and endpoints
-
-Bindings define how SAML messages are exchanged between an Identity Provider (IdP) and a Service Provider (SP), typically a service or application. Both IdPs and SPs define various endpoints in their metadata, each associated with a specific SAML binding.
-
-A binding defines how SAML messages are transported over network protocols. In authentik, you can select one of two SAML bindings: `HTTP Redirect` or `HTTP POST`.
-
-Endpoint URLs specify where and how the messages are sent according to that binding. The table below shows the supported endpoints for each binding:
+This provider allows you to integrate enterprise software using the SAML2 protocol. It supports signed requests and uses [property mappings](../property-mappings/index.md#saml-property-mappings) to determine which fields are exposed and what values they return. This makes it possible to expose vendor-specific fields.
+Default fields are exposed through auto-generated Property Mappings, which are prefixed with "authentik default".

 | Endpoint                  | URL                                                          |
 | ------------------------- | ------------------------------------------------------------ |
-| SSO (Redirect binding)    | `/application/saml/<application_slug>/sso/binding/redirect/` |
-| SSO (POST binding)        | `/application/saml/<application_slug>/sso/binding/post/`     |
-| SSO (IdP-initiated login) | `/application/saml/<application_slug>/sso/binding/init/`     |
-| SLO (Redirect binding)    | `/application/saml/<application_slug>/slo/binding/redirect/` |
-| SLO (POST binding)        | `/application/saml/<application_slug>/slo/binding/post/`     |
-| Metadata Download         | `/application/saml/<application_slug>/metadata/`             |
+| SSO (Redirect binding)    | `/application/saml/<application slug>/sso/binding/redirect/` |
+| SSO (POST binding)        | `/application/saml/<application slug>/sso/binding/post/`     |
+| SSO (IdP-initiated login) | `/application/saml/<application slug>/sso/binding/init/`     |
+| SLO (Redirect binding)    | `/application/saml/<application slug>/slo/binding/redirect/` |
+| SLO (POST binding)        | `/application/saml/<application slug>/slo/binding/post/`     |
+| Metadata Download         | `/application/saml/<application slug>/metadata/`             |

-## SAML metadata
+You can download the metadata through the Webinterface, this link might be handy if your software wants to download the metadata directly.

-SAML Metadata ensures that SAML single sign-on works reliably by exchanging and maintaining identity and connection information. SAML metadata is an XML document that defines how IdPs and SPs securely interact for authentication. It includes information such as endpoints, bindings, certificates, and unique identifiers.
+The metadata download link can also be copied with a button on the provider overview page.

-### Importing SP SAML metadata
+## Name ID

-You can [import SP SAML metadata](./create-saml-provider.md#create-a-saml-provider-from-sp-metadata-import-sp-metadata) to automatically configure a SAML provider based on the requirements of an SP.
+You can select a custom SAML Property Mapping after which the NameID field will be generated. If left default, the following checks are done:

-### Exporting authentik SAML metadata
+- When the request asks for `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`, the NameID will be set to the hashed user ID.
+- When the request asks for `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName`, the NameID will be set to the user's `distinguishedName` attribute. This attribute is set by the LDAP source by default. If the attribute does not exist, it will fall back the persistent identifier.
+- When the request asks for `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName`, the NameID will be set to the user's UPN. This is also set by the LDAP source, and also falls back to the persistent identifier.
+- When the request asks for `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`, the NameID will be set based on the user's session ID.
+- When the request asks for `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`, the NameID will be set to the user's email address.

-You can [export SAML metadata from an authentik SAML provider](./create-saml-provider.md#export-authentik-saml-provider-metadata) to an SP to automatically provide important endpoint and certificate information to the SP.
-
-## Certificates
-
-Certificates are vital for trust and security during SAML authentication and are used for several purposes.
-
-### Signing certificates
-
-A signing certificate allows authentik to digitally sign SAML assertions and responses. This certificate contains a private key that creates a cryptographic signature, proving the authenticity and integrity of the transmitted data. The SP then uses the corresponding public key from this certificate to verify the signature. Ensuring the response was not tampered with and that it originated from authentik.
-
-#### Signing algorithm
-
-Signing algorithms (such as RSA-SHA256 or ECDSA-SHA256) define the cryptographic method used for creating and validating the signatures.
-
-#### Digest algorithm
-
-A digest algorithm is a cryptographic hash function used to create a fixed-size hash (digest) from the data in the SAML assertion or message. authentik computes a digest value using the chosen algorithm (such as SHA-1 or SHA-256), and it is included as part of the digital signature process. The SP uses the same digest algorithm to independently compare it with the received digest to validate the integrity of the received assertion or message.
-
-### Verification certificates
-
-A verification certificate in authentik acts as the public key used to verify digital signatures on SAML responses and assertions from an SP. When a SAML message is received, authentik validates it by comparing the signature against its configured verification certificate, ensuring that messages originated from the SP.
-
-### Encryption certificates
-
-An encryption certificate is a public key certificate used by authentik to encrypt sensitive data in SAML assertions before sending them to an SP. This ensures that sensitive data within the assertion, such as user attributes and authentication details, remain confidential and can only be decrypted by the SP possessing the corresponding private key.
-
-## SAML property mappings
-
-During a SAML authentication process, communication between the SP and the IdP relies on property mappings to align, or "map", user attributes values between the IdP and SP.
-
-Each SAML property mapping includes the following fields:
-
-    - **Name**: The name of the property mapping that's displayed in the authentik admin interface.
-    - **SAML Attribute Name**: The label that maps IdP user information to SP expectations. Can be a URN OID, a schema reference, or any other string.
-    - **Friendly Name**: A human-friendly identifier for a SAML attribute.
-    - **Expression**: The Python expression that maps an authentik user attribute to a value that an SP is expecting.
-
-### Default SAML property mappings
-
-The following property mappings are automatically added when you create a new SAML provider and can be removed at will.
-
-| Property Mapping Name                                         | SAML Attribute Name                                                          |
-| ------------------------------------------------------------- | ---------------------------------------------------------------------------- |
-| authentik default SAML Mapping: Email                         | `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`         |
-| authentik default SAML Mapping: Groups                        | `http://schemas.xmlsoap.org/claims/Group`                                    |
-| authentik default SAML Mapping: Name                          | `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`                 |
-| authentik default SAML Mapping: UPN                           | `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn`                  |
-| authentik default SAML Mapping: User ID                       | `http://schemas.goauthentik.io/2021/02/saml/uid`                             |
-| authentik default SAML Mapping: Username                      | `http://schemas.goauthentik.io/2021/02/saml/username`                        |
-| authentik default SAML Mapping: WindowsAccountName (Username) | `http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname` |
-
-The default SAML property mappings can be viewed on the **Property Mappings** page of the admin interface by disabling the **Hide managed mappings** toggle.
-
-### Custom SAML property mappings
-
-If there is not already a property mapping that maps the user attributes that your SP requires, you can [create a custom property mapping](../property-mappings/) or edit one of the existing mappings.
-
-For example, some SPs require users' first name (givenname) and last name (surname) attributes to be provided separately. However, the `authentik default SAML Mapping: Name` property mapping returns both attributes as one string. The following custom property mappings can be useful in such cases:
-
-#### `surname`
-
- SAML Attribute Name: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`
- Expression:
-
-    ```python
-    return request.user.name.rsplit(" ", 1)[-1]
-    ```
-
-#### `givenname`
-
- SAML Attribute Name: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`
- Expression:
-
-    ```python
-    return request.user.name.split(" ", 1)[0]
-    ```
-
-## NameID
-
-The NameID attribute acts as a unique identifier for a user. While other attributes might change (givenname, email address, etc) the NameID attribute is persistent and should never change. When the IdP sends a SAML assertion to the SP, the NameID is the unique identifier used to represent a specific user in the assertion. It's not used for authentication itself, only for identification purposes in the assertion.
-
-### NameID property mapping
-
-In authentik, it's possible to configure which property mapping will be used to create the NameID value. The **NameID property mapping** field on a SAML provider can be set to any property mapping that's enabled on a SAML provider. When left empty, the NameID Policy of the incoming SP request will be respected.
-
-### Default NameID policy
-
-In authentik, it's also possible to configure the default SAML NameID policy used for IDP-initiated logins or when an incoming SP assertion doesn't specify a NameID policy (also applies when using a custom NameID Mapping). The following table outlines how NameID policies are handled:
-
-| Default NameID policy                                                            | How authentik will handle the NameID                                                                                                                                                               |
-| -------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Persistent - `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`              | NameID will be set to the user's hashed ID.                                                                                                                                                        |
-| x509 Subject - `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName`       | NameID will be set to the user's `distinguishedName` attribute. This attribute is set by the LDAP source by default. If the attribute does not exist, it will fall back the persistent identifier. |
-| Windows - `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` | NameID will be set to the user's UPN. This is also set by the LDAP source, and also falls back to the persistent identifier.                                                                       |
-| Transient - `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`                | NameID will be set based on the user's session ID.                                                                                                                                                 |
-| Email address - `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`         | NameID will be set to the user's email address.                                                                                                                                                    |
-
-:::warning
-By default, users are free to change their email addresses. Therefore, it is recommended to either: disallow changing email addresses or, if possible, avoid using a user's email address as the NameID attribute.
-:::
-
-## AuthnContextClassRef
-
-The AuthnContextClassRef attribute appears in the SAML assertion and contains a URI that describes the assurance level, such as password, multi-factor, or smartcard authentication. SPs use this information to understand and verify how the user was authenticated by an IdP.
-
-In authentik, it's possible to set the AuthnContextClassRef attribute to any property mapping that's enabled on a SAML provider. This is done via the **AuthnContextClassRef Property Mapping** on a SAML provider.
-
-Alternatively, when the **AuthnContextClassRef Property Mapping** field is left unpopulated on a SAML provider, the AuthnContextClassRef will be set based on the method that the user authenticated with.
+    :::warning
+    Keep in mind that with the default settings, users are free to change their email addresses. As such it is recommended to use `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`, as this cannot be changed.
+    :::
--- a/website/docs/releases/2025/v2025.10.md
+++ b/website/docs/releases/2025/v2025.10.md
@@ -1,128 +0,0 @@
---
-title: Release 2025.10
-slug: "/releases/2025.10"
---
-
-:::info
-2025.10 has not been released yet! We're publishing these release notes as a preview of what's to come, and for our awesome beta testers trying out release candidates.
-
-To try out the release candidate, replace your Docker image tag with the latest release candidate number, such as 2025.10.0-rc1. You can find the latest one in [the latest releases on GitHub](https://github.com/goauthentik/authentik/releases). If you don't find any, it means we haven't released one yet.
-:::
-
-## Highlights
-
- **SAML and OAuth2 provider Single Logout support**: This release adds support for back-channel and front-channel SLO for SAML and front-channel for OAuth2/OIDC.
- **Removed Redis dependency**: authentik no longer uses Redis at all.
- **Telegram source**: Telegram can now be used for social login.
- **SCIM provider OAuth support**: :ak-enterprise SCIM providers can use OAuth providers to authenticate to SCIM endpoints.
- **RADIUS EAP-TLS Support**: :ak-enterprise The RADIUS provider now supports EAP-TLS, which can be used to authenticate WiFi clients.
-
-## Breaking changes
-
-### Redis removal
-
-In previous versions, authentik used Redis for caching, tasks, the embedded proxy outpost's session store, and WebSocket connections. Since [2025.8](./v2025.8.mdx), tasks were migrated to use Postgres. With this release we've also migrated caching, the embedded outpost, and WebSocket to Postgres, fully removing the need for Redis.
-
-As a result of this change, it is expected that authentik will use roughly TODO% more database connections to Postgres. Redis-related settings have also been removed and can be deleted from your configuration.
-
-If your Postgres instance requires a TLS connection, authentik now requires TLS 1.3 or the Extended Master Secret extension to connect to Postgres.
-
-### Default OAuth scope mappings
-
-In previous releases with the default scope mappings, we set the `email_verified` claim to `true`. As we don't have a single source of whether a users' email is verified or not, and claiming that it is verified could lead to security implications, this claim has been corrected to `false`.
-
-Some applications may require this claim to be `true` to successfully authenticate users, in which case you can create a custom `email` scope mapping that returns `email_verified` as `true`.
-
-## New features and improvements
-
-### SCIM provider OAuth support :ak-enterprise
-
-SCIM providers can now use OAuth sources to authenticate to SCIM endpoints. This requires support in the remote system for OAuth authentication. Using an OAuth source provides improved security due to not requiring long-lived static tokens.
-
-This is supported by applications such as Slack and Salesforce.
-
-See [SCIM Provider documentation](../../add-secure-apps/providers/scim/index.md#oauth-authentication-for-a-scim-provider--) for more details.
-
-### RADIUS EAP-TLS support :ak-enterprise
-
-The RADIUS outpost can now support EAP-TLS which allows for client authentication using certificates with the [Mutual TLS stage](../../add-secure-apps/flows-stages/stages/mtls/index.md).
-
-See [RADIUS Provider documentation](../../add-secure-apps/providers/radius/index.mdx).
-
-### SAML and OAuth2 provider Single Logout support
-
-In [2025.8](v2025.8.mdx) we've introduced support for back-channel logout in the OAuth2 Provider. This release adds support for front-channel logout in the OAuth2 Provider and both back- and front-channel logout support in the SAML Provider.
-
-See [OAuth2 Provider documentation](../../add-secure-apps/providers/oauth2/index.mdx) and [SAML Provider documentation](../../add-secure-apps/providers/saml/index.md).
-
-### Telegram source
-
-Being one of the most upvoted GitHub issues, we've finally done it. Telegram can now be used as a federated identity provider in authentik. This allows users to authenticate with their Telegram credentials.
-
-See [Telegram Source documentation](../../users-sources/sources/social-logins/telegram/index.md).
-
-### Refined flow and user library
-
-The flow interface now fits better on mobile devices/small viewports and looks sharper on HiDPi devices. There are also improvements for auto-completion during credential input (thanks to @cjoshmartin!).
-The user library has improved scaling and makes better use of space with a higher density.
-
-### Additional noteworthy improvements
-
- Credential provider: Alpha releases of desktop integrations are now available for testing; reach out to hello@goauthentik.io if you are interested in providing early feedback for any of these:
-    - Windows: a custom credential provider allowing custom authentication flows.
-    - macOS: a Platform SSO integration allowing seamless authentication.
-    - Linux: accessing Linux servers via an authentik identity.
- Add `ak_send_email`: Allow for easier sending of emails in expressions; see [ak_send_email](../../customize/policies/expression.mdx#ak_send_emailaddress-str--liststr-subject-str-body-str--none-stage-emailstage--none-template-str--none-context-dict--none---bool).
- Change recovery token duration: When using `ak create_recovery_key`, the duration is now set in minutes instead of years.
- Add OIDC `ui_locales` support: The OAuth2 provider now accepts `ui_locales` to set the locale of authentik.
- Add support for separate labels and values in prompt choice inputs, see [Prompt stage documentation](../../add-secure-apps/flows-stages/stages/prompt/index.md); thanks to @ErikAhlund!
-
-## New integration guides
-
-An integration is how authentik connects to third-party applications, directories, and other identity providers. The following integration guides were recently added.
-
- [Cloudflare](https://integrations.goauthentik.io/platforms/cloudflare/)
- [Digital Ocean](https://integrations.goauthentik.io/cloud-providers/digitalocean/)
- [Entra ID SCIM](../../users-sources/sources/social-logins/entra-id/scim/index.mdx)
- [osTicket](https://integrations.goauthentik.io/infrastructure/osticket/)
- [Termix](https://integrations.goauthentik.io/infrastructure/termix/)
-
-## Upgrading
-
-Following the upgrade instructions below will remove Redis from your installation. If you use authentik with an externally configured Redis, you can simply remove the Redis configuration from authentik; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../../install-config/upgrade.mdx).
-
-:::warning
-When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance.
-:::
-
-### Docker Compose
-
-To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
-
-```shell
-wget -O docker-compose.yml https://goauthentik.io/version/2025.10/docker-compose.yml
-docker compose up -d --remove-orphans
-```
-
-The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name.
-
-The `--remove-orphans` flag removes the Redis container as its no longer needed.
-
-### Kubernetes
-
-Upgrade the Helm Chart to the new version, using the following commands:
-
-```shell
-helm repo update
-helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.10
-```
-
-If you had persistence for Redis configured, you can delete the PVC and PV after the upgrade.
-
-## Minor changes/fixes
-
-<!-- _Insert the output of `make gen-changelog` here_ -->
-
-## API Changes
-
-<!-- _Insert output of `make gen-diff` here_ -->
--- a/website/docs/sidebar.mjs
+++ b/website/docs/sidebar.mjs
@@ -236,10 +236,7 @@ const items = [
                            type: "doc",
                            id: "add-secure-apps/providers/saml/index",
                        },
-                        items: [
-                            "add-secure-apps/providers/saml/create-saml-provider",
-                            "add-secure-apps/providers/saml/saml_single_logout",
-                        ],
+                        items: ["add-secure-apps/providers/saml/saml_single_logout"],
                    },
                    "add-secure-apps/providers/scim/index",
                    {
--- a/website/docs/users-sources/sources/protocols/saml/index.md
+++ b/website/docs/users-sources/sources/protocols/saml/index.md
@@ -2,7 +2,7 @@
 title: SAML Source
 ---

-This source allows authentik to act as a SAML Service Provider. Just like the [SAML provider](../../../../add-secure-apps/providers/saml/index.md), it supports signed requests. Vendor-specific documentation can be found in the Integrations section.
+This source allows authentik to act as a SAML Service Provider. Just like the SAML Provider, it supports signed requests. Vendor-specific documentation can be found in the Integrations Section.

 ## Terminology

--- a/website/docs/users-sources/sources/social-logins/apple/index.md
+++ b/website/docs/users-sources/sources/social-logins/apple/index.md
@@ -1,83 +1,72 @@
 ---
 title: Apple
-tags:
-    - source
-    - apple
+support_level: authentik
 ---

-Allows users to authenticate using their Apple ID credentials by configuring Apple as a federated identity provider via OAuth2.
+Allows users to authenticate using their Apple ID.

 ## Preparation

+:::caution
+An Apple developer account is required.
+:::
+
+:::caution
+Apple mandates the use of a [registered TLD](https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains), as such this source will not work with .local and other non-public TLDs.
+:::
+
 The following placeholders are used in this guide:

-Apple mandates the use of a [registered top-level domain](https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains), therefore this source will not work with `.local` and other non-public TLDs.
+- `authentik.company` is the FQDN of the authentik install.

-## Apple configuration
+## Apple

-To integrate Apple with authentik, you will need to register two identifiers and a key in the Apple Developer Portal.
-
-### Registering identifiers
-
-1. Log in to the [Apple Developer Portal](https://developer.apple.com/account/), and navigate to **Account** > **Certificates, IDs & Profiles**, then click **Identifiers** in the sidebar.
-2. Register a new identifier with the type of **App IDs**, and the subtype **App**.
-3. Choose a name that users will recognize for the **Description** field (e.g. `authentik`).
-4. For your **Bundle ID**, use the reverse of your authentik domain, for example: `company.authentik`.
+1. Log in to your Apple developer account, and navigate to **Certificates, IDs & Profiles**, then click **Identifiers** in the sidebar.
+2. Register a new Identifier with the type of **App IDs**, and the subtype **App**.
+3. Choose a name that users will recognise for the **Description** field.
+4. For your bundle ID, use the reverse domain of authentik, in this case `company.authentik`.
 5. Scroll down the list of capabilities, and check the box next to **Sign In with Apple**.
 6. At the top, click **Continue** and **Register**.

 ![](./app_id.png)

-7. Register another new identifier with the type of **Services IDs**.
+7. Register another new Identifier with the type of **Services IDs**.
 8. Again, choose the same name as above for your **Description** field.
 9. Use the same identifier as above, but add a suffix like `signin` or `oauth`, as identifiers are unique.
 10. At the top, click **Continue** and **Register**.

 ![](./service_id.png)

-### Configuring identifier
-
-11. Once back at the overview list, click on the just-created identifier.
+11. Once back at the overview list, click on the just-created Identifier.
 12. Enable the checkbox next to **Sign In with Apple**, and click **Configure**
-13. Under **Domains and Subdomains**, enter `authentik.company`.
+13. Under domains, enter `authentik.company`.
 14. Under **Return URLs**, enter `https://authentik.company/source/oauth/callback/apple/`.

 ![](./app_service_config.png)

-### Registering a key
-
-15. Click **Keys** in the sidebar, then register a new key with any name, and select **Sign in with Apple**.
-16. Click **Configure**, then select the App ID that you created.
+15. Click on **Keys** in the sidebar. Register a new Key with any name, and select **Sign in with Apple**.
+16. Click on **Configure**, and select the App ID you've created above.
 17. At the top, click **Save**, **Continue** and **Register**.
 18. Download the Key file and note the **Key ID**.

 ![](./key.png)

-19. Take note of the **Team ID** visible at the top of the page.
+19. Note the Team ID, visible at the top of the page.

-## authentik configuration
+## authentik

-To support the integration of Apple with authentik, you need to create an Apple OAuth source in authentik.
+20. Under **Directory > Federation & Social login** click **Create Apple OAuth Source**

-1. Log in to authentik as an administrator and open the authentik Admin interface.
-2. Navigate to **Directory** > **Federation and Social login**, click **Create**, then configure the following settings:
-    - **Select type**: select **Apple OAuth Source**.
-    - **Create Apple OAuth Source**: provide a name, a slug which must match the slug used in the Apple `Return URL`, and the following required configurations:
-        - Under **Protocol Settings**:
-            - **Consumer key**: The identifier from step 9, then `;`, then your **Team ID** from step 19, then `;`, then the **Key ID** from step 18. (e.g. `company.authentik;JQNH45HN7V;XFBNJ82BV6`).
-            - **Consumer secret**: Paste the contents of the keyfile you've downloaded.
-            - **Scopes** _(optional)_: define any further access scopes.
+21. **Name**: `Apple`
+22. **Slug**: `apple`
+23. **Consumer Key:** The identifier from step 9, then `;`, then your Team ID from step 19, then `;`, then the Key ID from step 18.

-3. Click **Save**.
+    Example: `io.goauthentik.dev-local;JQNH45HN7V;XFBNJ82BV6`

-:::info Display new source on login screen
+24. **Consumer Secret:** Paste the contents of the keyfile you've downloaded
+
+Save, and you now have Apple as a source.
+
+:::info
 For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page).
 :::
-
-:::info Embed new source in flow :ak-enterprise
-For instructions on embedding the new source within a flow, such as an authorization flow, refer to the [Source Stage documentation](../../../../../add-secure-apps/flows-stages/stages/source).
-:::
-
-## Source property mappings
-
-Source property mappings allow you to modify or gather extra information from sources. See the [overview](../../property-mappings/index.md) for more information.
--- a/website/docs/users-sources/sources/social-logins/discord/discord1.png
+++ b/website/docs/users-sources/sources/social-logins/discord/discord1.png
--- a/website/docs/users-sources/sources/social-logins/discord/discord2.png
+++ b/website/docs/users-sources/sources/social-logins/discord/discord2.png
--- a/website/docs/users-sources/sources/social-logins/discord/discord3.png
+++ b/website/docs/users-sources/sources/social-logins/discord/discord3.png
--- a/website/docs/users-sources/sources/social-logins/discord/discord4.png
+++ b/website/docs/users-sources/sources/social-logins/discord/discord4.png
--- a/website/docs/users-sources/sources/social-logins/discord/index.md
+++ b/website/docs/users-sources/sources/social-logins/discord/index.md
@@ -1,11 +1,9 @@
 ---
 title: Discord
-tags:
-    - source
-    - discord
+support_level: authentik
 ---

-Allows users to authenticate using their Discord credentials by configuring Discord as a federated identity provider via OAuth2.
+Allows users to authenticate using their Discord credentials

 ## Preparation

@@ -13,144 +11,64 @@ The following placeholders are used in this guide:

 - `authentik.company` is the FQDN of the authentik installation.

-## Discord configuration
+## Discord

-To integrate Discord with authentik you will need to create an OAuth application in the Discord Developer Portal.
+1. Create an application in the Discord Developer Portal (This is Free) https://discord.com/developers/applications

-1. Log in to the [Discord Developer Portal](https://discord.com/developers/applications).
-2. Navigate to **Applications** and click **New Application**.
-3. Provide a name for the application, accept the terms, and then click **Create**.
-4. Select **OAuth2** in the sidebar.
-5. Under **Client Secret**, click **Reset Secret** and follow the steps.
-6. Take note of the **Client ID** and **Client Secret**. They will be required in the next section.
-7. Click **Add Redirect** and enter `https://authentik.company/source/oauth/callback/discord/`.
+![New Application Button](./discord1.png)

-## authentik configuration
+2. Name the Application

-1. Log in to authentik as an administrator and open the authentik Admin interface.
-2. Navigate to **Directory** > **Federation and Social login**, click **Create**, and then configure the following settings:
-    - **Select type**: select **Discord OAuth Source** as the source type.
-    - **Create Discord OAuth Source**: provide a name, a slug which must match the slug used in the Discord `Redirect URI` (e.g. `discord`), and the following required configurations:
-        - Under **Protocol Settings**:
-            - **Consumer key**: set the Client ID from Discord.
-            - **Consumer secret**: set the Client Secret from Discord.
-            - **Scopes** _(optional)_: if you need authentik to sync guild membership information from Disord, add the `guilds guilds.members.read` scope.
+![Name App](./discord2.png)

-3. Click **Save**.
+3. Select **OAuth2** from the left menu

-:::info Display new source on login screen
-For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page).
-:::
+4. Copy the **Client ID** and _save it for later_

-:::info Embed new source in flow :ak-enterprise
-For instructions on embedding the new source within a flow, such as an authorization flow, refer to the [Source Stage documentation](../../../../../add-secure-apps/flows-stages/stages/source).
-:::
+5. **Click to Reveal** the Client Secret and _save it for later_

-## Optional additional configuration
+6. Click **Add Redirect** and add https://authentik.company/source/oauth/callback/discord/

-### Syncing Discord roles and avatars to authentik
+Here is an example of a completed OAuth2 screen for Discord.

-The following property mapping allows you to synchronize roles from a Discord guild to roles in authentik.
+![](./discord3.png)

-Whenever a user enrolls in authentik via a Discord source, this property mapping will check the user's Discord roles and update the user's authentik groups accordingly.
+## authentik

-:::info Group Attribute
-Any authentik group that you want to sync with a Discord role needs to have a `discord_role_id` attribute set with the ID of the Discord role.
-Example: `discord_role_id: "<ROLE ID>"`
+8. Under **Directory > Federation & Social login** click **Create Discord OAuth Source**

-This group attribute can be set via **Directory** > **Groups** > **Your_Group** > **Attributes**.
-:::
+9. **Name:** Choose a name (For the example I used `Discord`)
+10. **Slug:** discord (You can choose a different slug, if you do you will need to update the Discord redirect URL and point it to the correct slug.)
+11. **Consumer Key:** Client ID from step 4
+12. **Consumer Secret:** Client Secret from step 5

-:::info Required OAuth Scopes
-Ensure that the Discord OAuth source in **Federation & Social login** has the additional `guilds guilds.members.read` scopes added under **Protocol settings** > **Scopes**.
-:::
+Here is an example of a complete authentik Discord OAuth Source

-:::info Avatar Setting
-In order to use the created avatar attribute in authentik you will need to set the [authentik avatar configuration](../../../../sys-mgmt/settings.md#avatars).
-:::
+![](./discord4.png)

-1. Log in to authentik as an administrator and open the authentik Admin interface.
-2. Navigate to **Customization** > **Property Mappings**.
-3. Click **Create**, select **OAuth Source Property Mapping** and then **Next**.
-4. Provide a name for the mapping and set the following expression:
-
-```python
-import base64
-import requests
-from authentik.core.models import Group
-
-# To get the guild ID number for the parameters, open Discord, go to Settings > Advanced and enable developer mode.
-# Right-click on the server/guild title and select "Copy ID" to get the guild ID.
-
-#Set these values
-ACCEPTED_GUILD_ID = "123456789123456789" # Discord server id to fetch roles from
-AVATAR_SIZE = "64" # Valid avatar size values: 16,32,64,128,256,512,1024.
-# Larger values than 64 may cause HTTP error 431 on applications/providers
-# due to headers being too large.
-
-# Generate avatar URL and base64 avatar image
-avatar_url = None
-avatar_base64 = None
-
-if info.get("avatar"):
-    avatar_url = (f"https://cdn.discordapp.com/avatars/{info.get('id')}/"
-                  f"{info.get('avatar')}.png?size={AVATAR_SIZE}")
-    try:
-        response = client.do_request("GET", avatar_url)
-        encoded_image = base64.b64encode(response.content).decode('utf-8')
-        avatar_base64 = f"data:image/png;base64,{encoded_image}"
-    except:
-        avatar_base64 = None
-
-# Get guild membership
-guild_url = f"https://discord.com/api/v10/users/@me/guilds/{ACCEPTED_GUILD_ID}/member"
-guild_response = client.do_request("GET", guild_url, token=token)
-guild_data = guild_response.json()
-
-# Get matching groups
-user_groups = Group.objects.filter(attributes__discord_role_id__in=guild_data["roles"])
-
-# Return user data
-return {
-    "name": info.get("global_name"),
-    "attributes.discord": {
-        "id": info.get("id"),
-        "username": info.get("username"),
-        "discriminator": info.get("discriminator"),
-        "email": info.get("email"),
-        "avatar": info.get("avatar"),
-        "avatar_url": avatar_url
-    },
-    "groups": [group.name for group in user_groups],
-    "attributes.avatar": avatar_base64
-}
-```
-
-5. Click **Finish**.
-6. Navigate to **Directory** > **Federation and Social login** and click the **Edit** icon next to your Discord OAuth Source.
-7. Under **OAuth Attribute mapping** add the newly create property mapping to **Selected User Property Mappings**.
-8. Click **Update**.
-
-### Checking Discord Guild membership
+Save, and you now have Discord as a source.

 :::info
-Ensure that the Discord OAuth source in **Federation & Social login** has the additional `guilds guilds.members.read` scopes added under **Protocol settings** > **Scopes**.
+For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page).
 :::

-1. Log in to authentik as an administrator and open the authentik Admin interface.
-2. Navigate to **Customization** > **Policies**.
-3. Click **Create**, select **Expression Policy** and then **Next**.
-4. Provide a name for the policy and set the following expression:
+### Checking for membership of a Discord Guild
+
+:::info
+Ensure that the Discord OAuth source in **Federation & Social login** has the additional `guilds guilds.members.read` scopes added under **Protocol settings**.
+:::
+
+Create a new **Expression Policy** with the content below, adjusting the variables where required:

 ```python
 # To get the guild ID number for the parameters, open Discord, go to Settings > Advanced and enable developer mode.
 # Right-click on the server/guild title and select "Copy ID" to get the guild ID.

-# Set these values
 ACCEPTED_GUILD_ID = "123456789123456789"
 GUILD_NAME_STRING = "The desired server/guild name in the error message."

-# The following sections should not need to be edited
+# Only change below here if you know what you are doing.
+
 # Ensure flow is only run during OAuth logins via Discord
 if not isinstance(context['source'], OAuthSource) or context['source'].provider_type != "discord":
    return True
@@ -174,39 +92,31 @@ if not user_matched:
 return user_matched
 ```

-5. Click **Finish**. You can now bind this policy to the chosen enrollment and/or authentication flow of the Discord OAuth source.
-6. Navigate to **Flows and Stages** > **Flows** and click the name of the flow in question.
-7. Open the **Policy/Group/User Bindings** tab and click **Bind existing Policy/Group/User**.
-8. Select the policy that you previously created and click **Create**.
-9. Optionally, repeat the process for any other flows that you want the policy applied to.
+Now bind this policy to the chosen enrollment and authentication flows for the Discord OAuth source.

-### Checking Discord Guild role membership
+### Checking for membership of a Discord Guild role

 :::info
-Ensure that the Discord OAuth source in **Federation & Social login** has the additional `guilds guilds.members.read` scopes added under **Protocol settings** > **Scopes**.
+Ensure that the Discord OAuth source in **Federation & Social login** has the additional `guilds guilds.members.read` scopes added under **Protocol settings**.
 :::

-To check if the user is member of a Discord Guild role, you can use the following policy on your flows:
-
-1. Log in to authentik as an administrator and open the authentik Admin interface.
-2. Navigate to **Customization** > **Policies**.
-3. Click **Create**, select **Expression Policy** and then **Next**.
-4. Provide a name for the policy and set the following expression:
+Create a new **Expression Policy** with the content below, adjusting the variables where required:

 ```python
-# To get the guild ID number for the parameters, open Discord, go to Settings > Advanced and enable developer mode.
+# To get the role and guild ID numbers for the parameters, open Discord, go to Settings > Advanced and
+# enable developer mode.
 # Right-click on the server/guild title and select "Copy ID" to get the guild ID.
-# Right-click on the server/guild title and select server settings > roles, right click on the role and click "Copy ID" to get the role ID.
+# Right-click on the server/guild title and select server settings > roles, right click on the role and click
+# "Copy ID" to get the role ID.

-#Set these values
+ACCEPTED_ROLE_ID = "123456789123456789"
 ACCEPTED_GUILD_ID = "123456789123456789"
 GUILD_NAME_STRING = "The desired server/guild name in the error message."
-ACCEPTED_ROLE_ID = "123456789123456789"
 ROLE_NAME_STRING = "The desired role name in the error message."

+# Only change below here if you know what you are doing.
 GUILD_API_URL = f"https://discord.com/api/users/@me/guilds/{ACCEPTED_GUILD_ID}/member"

-# The following sections should not need to be edited
 # Ensure flow is only run during OAuth logins via Discord
 if not isinstance(context['source'], OAuthSource) or context['source'].provider_type != "discord":
    return True
@@ -242,13 +152,235 @@ if not user_matched:
 return user_matched
 ```

-5. Click **Finish**. You can now bind this policy to the chosen enrollment and/or authentication flow of the Discord OAuth source.
-6. Navigate to **Flows and Stages** > **Flows** and click the name of the flow in question.
-7. Open the **Policy/Group/User Bindings** tab and click **Bind existing Policy/Group/User**.
-8. Select the policy that you previously created and click **Create**.
-9. Optionally, repeat the process for any other flows that you want the policy applied to.
+Now bind this policy to the chosen enrollment and authentication flows for the Discord OAuth source.

-## Resources
+### Syncing Discord roles to authentik groups

- [Discord Developer Documentation](https://discord.com/developers/docs/intro)
- [Discord Developer Documentation - OAuth2](https://discord.com/developers/docs/topics/oauth2#oauth2)
+:::info
+Ensure that the Discord OAuth source in **Federation & Social login** has the additional `guilds.members.read` scopes added under **Protocol settings**.
+:::
+
+:::info
+Any authentik role that you want to sync with a Discord role needs to have the **attribute** `discord_role_id` with a value of the Discord role's ID set.
+This setting can be found under `Authentik > Admin Interface > Directory > Groups > YOUR_GROUP > Attributes`
+Example: `discord_role_id: "<ROLE ID>"`
+:::
+
+The following two policies allow you to synchronize roles in a Discord guild with roles in authentik.
+Whenever a user enrolls or signs in to authentik via a Discord source, these policies will check the user's Discord roles and apply the user's authentik roles accordingly.
+All roles with the attribute `discord_role_id` defined will be added or removed depending on whether the user is a member of the defined Discord role.
+
+Create a new **Expression Policy** with the content below, adjusting the variables where required.
+
+#### Sync on enrollment
+
+The following policy will apply the above behaviour when a user enrolls.
+
+```python
+from authentik.core.models import Group
+GUILD_API_URL = "https://discord.com/api/users/@me/guilds/{guild_id}/member"
+
+### CONFIG ###
+guild_id = "<YOUR GUILD ID>"
+##############
+
+# Ensure flow is only run during OAuth logins via Discord
+if not isinstance(context['source'], OAuthSource) or context['source'].provider_type != "discord":
+    return True
+
+# Get the user-source connection object from the context, and get the access token
+connection = context.get("goauthentik.io/sources/connection")
+if not connection:
+    return False
+access_token = connection.access_token
+
+guild_member_request = requests.get(
+    GUILD_API_URL.format(guild_id=guild_id),
+    headers={
+        "Authorization": f"Bearer {access_token}",
+    },
+)
+guild_member_info = guild_member_request.json()
+
+# Ensure we are not being ratelimited
+if guild_member_request.status_code == 429:
+    ak_message(f"Discord is throttling this connection. Retry in {int(guild_member_info['retry_after'])}s")
+    return False
+
+# Ensure user is a member of the guild
+if "code" in guild_member_info:
+    if guild_member_info["code"] == 10004:
+        ak_message("User is not a member of the guild")
+    else:
+        ak_create_event("discord_error", source=context["source"], code=guild_member_info["code"])
+        ak_message("Discord API error, try again later.")
+    return False
+
+# Get all discord_groups
+discord_groups = Group.objects.filter(attributes__discord_role_id__isnull=False)
+
+# Filter matching roles based on guild_member_info['roles']
+user_groups_discord_updated = discord_groups.filter(attributes__discord_role_id__in=guild_member_info["roles"])
+
+# Set matchin_roles in flow context
+request.context["flow_plan"].context["groups"] = user_groups_discord_updated
+
+# Create event with roles added
+ak_create_event(
+    "discord_role_sync",
+    user_discord_roles_added=", ".join(str(group) for group in user_groups_discord_updated),
+)
+
+return True
+
+```
+
+Now bind this policy to the chosen enrollment flows for the Discord OAuth source.
+
+#### Sync on authentication
+
+The following policy will apply the above behaviour when a user logs in.
+
+```python
+from authentik.core.models import Group
+GUILD_API_URL = "https://discord.com/api/users/@me/guilds/{guild_id}/member"
+
+### CONFIG ###
+guild_id = "<YOUR GUILD ID>"
+##############
+
+# Ensure flow is only run during OAuth logins via Discord
+if not isinstance(context['source'], OAuthSource) or context['source'].provider_type != "discord":
+    return True
+
+# Get the user-source connection object from the context, and get the access token
+connection = context.get("goauthentik.io/sources/connection")
+if not connection:
+    return False
+access_token = connection.access_token
+
+guild_member_request = requests.get(
+    GUILD_API_URL.format(guild_id=guild_id),
+    headers={
+        "Authorization": f"Bearer {access_token}"
+    },
+)
+guild_member_info = guild_member_request.json()
+
+# Ensure we are not being ratelimited
+if guild_member_request.status_code == 429:
+    ak_message(f"Discord is throttling this connection. Retry in {int(guild_member_info['retry_after'])}s")
+    return False
+
+# Ensure user is a member of the guild
+if "code" in guild_member_info:
+    if guild_member_info["code"] == 10004:
+        ak_message("User is not a member of the guild")
+    else:
+        ak_create_event("discord_error", source=context["source"], code=guild_member_info["code"])
+        ak_message("Discord API error, try again later.")
+    return False
+
+# Get all discord_groups
+discord_groups = Group.objects.filter(attributes__discord_role_id__isnull=False)
+
+# Split user groups into discord groups and non discord groups
+user_groups_non_discord = request.user.ak_groups.exclude(pk__in=discord_groups.values_list("pk", flat=True))
+user_groups_discord = list(request.user.ak_groups.filter(pk__in=discord_groups.values_list("pk", flat=True)))
+
+# Filter matching roles based on guild_member_info['roles']
+user_groups_discord_updated = discord_groups.filter(attributes__discord_role_id__in=guild_member_info["roles"])
+
+# Combine user_groups_non_discord and matching_roles
+user_groups_updated = user_groups_non_discord.union(user_groups_discord_updated)
+
+# Update user's groups
+request.user.ak_groups.set(user_groups_updated)
+
+# Create event with roles changed
+ak_create_event(
+    "discord_role_sync",
+    user_discord_roles_before=", ".join(str(group) for group in user_groups_discord),
+    user_discord_roles_after=", ".join(str(group) for group in user_groups_discord_updated),
+)
+
+return True
+
+```
+
+Now bind this policy to the chosen authentication flows for the Discord OAuth source.
+
+### Store OAuth info in attribute and create avatar attribute from Discord avatar
+
+:::info
+Ensure that the Discord OAuth source in **Federation & Social login** has the additional `guilds.members.read` scopes added under **Protocol settings**.
+:::
+
+:::info
+In order to use the created attribute in authentik you will have to set authentik configuration arguments found at: https://docs.goauthentik.io/docs/core/settings#avatars
+:::
+
+Create a new **Expression Policy** with the content below, adjusting the variables where required:
+
+```python
+import base64
+import requests
+
+AVATAR_SIZE = "64"  # Valid values: 16,32,64,128,256,512,1024. Larger values may cause HTTP error 431 on applications/providers due to headers being too large.
+
+# Only change below here if you know what you are doing.
+AVATAR_URL = "https://cdn.discordapp.com/avatars/{id}/{avatar}.png?size={avatar_size}"
+AVATAR_STREAM_CONTENT = "data:image/png;base64,{base64_string}"  # Converts base64 image into html syntax usable with authentik's avatar attributes feature
+
+
+def get_as_base64(url):
+    """Returns the base64 content of the url"""
+    return base64.b64encode(requests.get(url).content)
+
+
+def get_avatar_from_avatar_url(url):
+    """Returns an authentik-avatar-attributes-compatible string from an image url"""
+    cut_url = f"{url}"
+    return AVATAR_STREAM_CONTENT.format(
+        base64_string=(get_as_base64(cut_url).decode("utf-8"))
+    )
+
+
+# Ensure flow is only run during OAuth logins via Discord
+if not isinstance(context['source'], OAuthSource) or context['source'].provider_type != "discord":
+    return True
+
+user = request.user
+userinfo = request.context["oauth_userinfo"]
+
+# Assigns the discord attributes to the user
+user.attributes["discord"] = {
+    "id": userinfo["id"],
+    "username": userinfo["username"],
+    "discriminator": userinfo["discriminator"],
+    "email": userinfo["email"],
+    "avatar": userinfo["avatar"],
+    "avatar_url": (
+        AVATAR_URL.format(
+            id=userinfo["id"], avatar=userinfo["avatar"], avatar_size=AVATAR_SIZE
+        )
+        if userinfo["avatar"]
+        else None
+    ),
+}
+
+# If the user has an avatar, assign it to the user
+avatar_url = user.attributes["discord"].get("avatar_url", None)
+if avatar_url is not None:
+    user.attributes["avatar"] = get_avatar_from_avatar_url(avatar_url)
+
+user.save()
+return True
+
+```
+
+Now bind this policy to the chosen enrollment and authentication flows for the Discord OAuth source.
+
+:::info
+For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page).
+:::
--- a/website/docs/users-sources/sources/social-logins/entra-id/index.mdx
+++ b/website/docs/users-sources/sources/social-logins/entra-id/index.mdx
@@ -4,11 +4,12 @@ tags:
    - source
    - entra
    - azure
+    - active-directory
    - scim
    - oauth
 ---

-There are several ways that Entra ID can be integrated with authentik to allow for user and group provisioning and authentication with Entra ID user credentials.
+There are several ways that Entra ID can be integrated with authentik, to allow for provisioning and authenticating with Entra ID user credentials.

 ## OAuth

--- a/website/docs/users-sources/sources/social-logins/entra-id/oauth/index.mdx
+++ b/website/docs/users-sources/sources/social-logins/entra-id/oauth/index.mdx
@@ -6,6 +6,7 @@ tags:
    - source
    - entra
    - azure
+    - active-directory
    - oauth
 ---

--- a/website/docs/users-sources/sources/social-logins/entra-id/scim/index.mdx
+++ b/website/docs/users-sources/sources/social-logins/entra-id/scim/index.mdx
@@ -7,10 +7,11 @@ tags:
    - source
    - entra
    - azure
+    - active-directory
    - scim
 ---

-Allows provisioning users and groups from Entra ID to authentik by configuring Entra ID as a SCIM source.
+Allows provisioning users and groups from Entra ID to authentik using a SCIM source.

 ## Preparation

--- a/website/docs/users-sources/sources/social-logins/facebook/index.md
+++ b/website/docs/users-sources/sources/social-logins/facebook/index.md
@@ -1,74 +1,73 @@
 ---
 title: Facebook
-tags:
-    - source
-    - facebook
-    - meta
+support_level: community
 ---

-Allows users to authenticate using their Facebook credentials by configuring Facebook as a federated identity provider via OAuth2.
+Adding Facebook as a source allows users to authenticate through authentik using their Facebook credentials.

 ## Preparation

-The following placeholders are used in this guide:
+The following placeholders are used:

 - `authentik.company` is the FQDN of the authentik installation.

 ## Facebook configuration

-To integrate Facebook with authentik you will need to create an OAuth application in the Meta for Developers Dashboard.
+To integrate authentik with Facebook and access the user credentials from Facebook, you first need to register with Meta for Developers and create a developers account. Refer to the [Facebook documentation](https://developers.facebook.com/docs/development) for exact steps.

-1. Log in to the [Meta for Developers Dashboard](https://developers.facebook.com/) with your Facebook account.
-2. After logging in, [register as a developer](https://developers.facebook.com/async/registration). Refer to the [Facebook development documentation](https://developers.facebook.com/docs/development) for more information.
+1. Visit https://developers.facebook.com/ and log in to your Facebook account.
+2. After you log in, go to https://developers.facebook.com/async/registration and follow the steps to register as a developer.

-After registering, you need to create an application so that Facebook generates a unique ID for authentik.
+Next, create an app so that Facebook generates a unique ID for your authentik app.

-3. On the [Meta for Developers Dashboard](https://developers.facebook.com/) click **Create**.
-4. Follow the prompts to create the application.
+:::info
+You will need the Facebook **App ID** and **App Secret** values from the Facebook app in order to configure the authentik integration. See Step 11. below for instructions.
+:::

-After creating the application you need to customize its login settings.
+3. On the Meta for Developers Dashboard click **Create**.
+4. Follow the prompts to create the app.

-5. On the [Meta for Developers Dashboard](https://developers.facebook.com/) click **Use Cases** in the left navigation pane.
-6. Under **Authentication and account creation** click **Customize** and then **Go to settings**.
-7. Set the **Valid OAuth redirect URIs** field to `https://authentik.company/source/oauth/callback/facebook/` and then click **Save**.
-8. Navigate to the **Use cases** > **Customize** page.
-9. Under **Permissions** click **Add** for the **email** permission.
+After you create the app you need to customize the login settings.

-Next, you need to obtain the **App ID** and **App Secret** for the Facebook app. These will be required when creating the source in authentik.
+5. Go back to the Dashboard and in the left navigation pane click **Use Cases**.
+6. On the **Use cases** page, click **Customize** under **Authentication and account creation**.
+7. On the **Customize** page, click **Go to settings**.
+8. On the **Facebook Login settings** page set the **Valid OAuth redirect URIs** field to `https://authentik.company/source/oauth/callback/facebook/` and then click **Save**.

-10. Go back to the Dashboard, and in the bottom left of the navigation pane, click **App settings** > **Basic**.
-11. Take note of the **App ID** and the **App secret** values.
+9. Navigate to the **Use cases > Customize** page.
+10. Under **Permissions** click **Add** for the **email** permission.
+
+Next, you need to obtain the App ID and the App Secret for the Facebook app, and enter those into your authentik source configuration.
+
+11. Go back to the Dashboard, and in the bottom left in the navigation pane, click on **App settings > Basic**.
+12. Copy the **App ID** and the **App secret** values and temporarily store them in a safe place until you enter them into authentik.

 Finally, you need to publish the Facebook app.

-12. Go back to the Dashboard, and on the **Create and publish this app** page, follow the prompts to complete the process.
+12. Go back to the Dashboard, and on the **Create and publish this app** page, follow the prompts.

 ## authentik configuration

-To support the integration of Facebook with authentik, you need to create a Facebook OAuth source in authentik.
+1. Log in to authentik as administrator, and then navigate to **Directory > Federation & Social login**.
+2. Click **Create**.
+3. In the **New Source** box, for **Select type** select **Facebook OAuth Source** and then click **Next**.
+4. Define the following fields:
+    - **Name**: provide a descriptive name
+    - **Slug**: leave default value (If you choose a different slug then the default, the URL will need to be updated to reflect the change)
+    - **User matching mode**: leave default option unless other configuration is needed
+    - **User path**: leave default option unless other configuration is needed
+    - **Icon**: optionally you can select a specific icon of logo to display on the login form.
+    - **Protocol settings**
+        - **Consumer Key**: enter the **App ID** from Facebook
+        - **Consumer Secret**: enter the **App Secret** from Facebook
+        - **Scopes**: define any further access scopes
+    - **Flow settings**
+        - **Authentication flow**: leave the default `default-source-authentication` option.
+        - **Enrollment flow**: leave the default `default-source-enrollment` option.
+5. Click **Finish** to save your settings and close the box.

-1. Log in to authentik as an administrator and open the authentik Admin interface.
-2. Navigate to **Directory** > **Federation and Social login**, click **Create**, and then configure the following settings:
-    - **Select type**: select **Facebook OAuth Source** as the source type.
-    - **Create Facebook OAuth Source**: provide a name, a slug which must match the slug used in the Facebook `Valid OAuth redirect URIs` field (e.g. `facebook`), and the following required configurations:
-        - **Protocol settings**
-            - **Consumer Key**: enter the **App ID** from Facebook.
-            - **Consumer Secret**: enter the **App Secret** from Facebook.
-            - **Scopes** _(optional)_: define any further access scopes.
-3. Click **Finish** to save your settings.
+You now have Facebook as a source. Verify by checking that appears on the **Directory > Federation & Social login** page in authentik.

-:::info Display new source on login screen
+:::info
 For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page).
 :::
-
-:::info Embed new source in flow :ak-enterprise
-For instructions on embedding the new source within a flow, such as an authorization flow, refer to the [Source Stage documentation](../../../../../add-secure-apps/flows-stages/stages/source/).
-:::
-
-## Source property mappings
-
-Source property mappings allow you to modify or gather extra information from sources. See the [overview](../../property-mappings/index.md) for more information.
-
-## Resources
-
- [Meta for Developers Documentation - Facebook Login Overview](https://developers.facebook.com/docs/facebook-login/overview)
--- a/website/docs/users-sources/sources/social-logins/github/githubdeveloper1.png
+++ b/website/docs/users-sources/sources/social-logins/github/githubdeveloper1.png
--- a/website/docs/users-sources/sources/social-logins/github/githubdeveloperexample.png
+++ b/website/docs/users-sources/sources/social-logins/github/githubdeveloperexample.png
--- a/website/docs/users-sources/sources/social-logins/github/githubexample2.png
+++ b/website/docs/users-sources/sources/social-logins/github/githubexample2.png
--- a/website/docs/users-sources/sources/social-logins/github/index.mdx
+++ b/website/docs/users-sources/sources/social-logins/github/index.mdx
@@ -1,77 +1,68 @@
 ---
 title: Github
-tags:
-    - source
-    - github
+support_level: authentik
 ---

-Allows users to authenticate using their Github credentials by configuring GitHub as a federated identity provider via OAuth2.
+Allows users to authenticate using their Github credentials

 ## Preparation

 The following placeholders are used in this guide:

 - `authentik.company` is the FQDN of the authentik installation.
- `www.my.company` is the Homepage URL for your site
+- `www.my.company` Homepage URL for your site

-## Github configuration
+## Github

-To integrate GitHub with authentik you will need to create an OAuth application in the Discord Developer Portal.
+1. Create an OAuth app under Developer Settings https://github.com/settings/developers by clicking on the **Register a new application**

-1. Log in to the GitHub and open the [Developer Settings](https://github.com/settings/developers) menu.
-2. Create an OAuth app by clicking on the **Register a new application** button and set the following values:
-    - **Application Name**: `authentik`
-    - **Homepage URL**: `www.my.company`
-    - **Authorization callback URL**: `https://authentik.company/source/oauth/callback/github`
+![Register OAuth App](./githubdeveloper1.png)

-3. Click **Register Application**
-4. Click **Generate a new client secret** and take note of the **Client Secret** and **Client ID**. These values will be required in the next section.
+2. **Application Name:** Choose a name users will recognize ie: authentik
+3. **Homepage URL:** www.my.company
+4. **Authorization callback URL:**: https://authentik.company/source/oauth/callback/github
+5. Click **Register Application**

-## authentik configuration
+Example screenshot

-To support the integration of GitHub with authentik, you need to create an GitHub OAuth source in authentik.
+![](./githubdeveloperexample.png)

-1. Log in to authentik as an administrator and open the authentik Admin interface.
-2. Navigate to **Directory** > **Federation and Social login**, click **Create**, and then configure the following settings:
-    - **Select type**: select **GitHub OAuth Source** as the source type.
-    - **Create Facebook OAuth Source**: provide a name, a slug which must match the slug used in the GitHub `Authorization callback URL` field (e.g. `github`), and set the following required configurations:
-        - **Protocol settings**
-            - **Consumer Key**: `<client_ID>`
-            - **Consumer Secret**: `<client_secret>`
-            - **Scopes** _(optional)_: define any further access scopes.
-3. Click **Finish** to save your settings.
+6. Copy the **Client ID** and _save it for later_
+7. Click **Generate a new client secret** and _save it for later_ You will not be able to see the secret again, so be sure to copy it now.

-:::info Display new source on login screen
-For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page).
-:::
+## authentik

-:::info Embed new source in flow :ak-enterprise
-For instructions on embedding the new source within a flow, such as an authorization flow, refer to the [Source Stage documentation](../../../../../add-secure-apps/flows-stages/stages/source/).
-:::
+8. Under **Directory > Federation & Social login** click **Create Github OAuth Source**.
+9. **Name:** Choose a name (For the example I use Github)
+10. **Slug:** github (If you choose a different slug the URLs will need to be updated to reflect the change)
+11. **Consumer Key:** Client ID from step 6
+12. **Consumer Secret:** Client Secret from step 7

-## Optional additional configuration
+Here is an example of a complete authentik Github OAuth Source

-### Checking for membership of a GitHub Organization
+![](./githubexample2.png)
+
+Save, and you now have Github as a source.

 :::info
-Ensure that the GitHub OAuth source in **Federation & Social login** has the additional `read:org` scope added under **Protocol settings** > **Scopes**.
+For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page).
 :::

-To check if the user is member of an organization, you can use the following policy on your flows.
+### Checking for membership of a GitHub Organisation

-1. Log in to authentik as an administrator and open the authentik Admin interface.
-2. Navigate to **Customization** > **Policies**.
-3. Click **Create**, select **Expression Policy** and then **Next**.
-4. Provide a name for the policy and set the following expression:
+To check if the user is member of an organisation, you can use the following policy on your flows:
+
+:::info
+Make sure to include `read:org` in the sources' _Scopes_ setting.
+:::

 ```python
-# Set this value
-accepted_org = "your_organization"
-
 # Ensure flow is only run during oauth logins via Github
 if not isinstance(context['source'], OAuthSource) or context["source"].provider_type != "github":
    return True

+accepted_org = "foo"
+
 # Get the user-source connection object from the context, and get the access token
 connection = context["goauthentik.io/sources/connection"]
 access_token = connection.access_token
@@ -80,6 +71,7 @@ access_token = connection.access_token
 github_username = context["oauth_userinfo"]

 # Github does not include Organisations in the userinfo endpoint, so we have to call another URL
+
 orgs_response = requests.get(
    "https://api.github.com/user/orgs",
    auth=(github_username["login"], access_token),
@@ -103,18 +95,10 @@ if not user_matched:
 return user_matched
 ```

-5. Click **Finish**. You can now bind this policy to the chosen enrollment and/or authentication flow of the GitHub OAuth source.
-6. Navigate to **Flows and Stages** > **Flows** and click the name of the flow in question.
-7. Open the **Policy/Group/User Bindings** tab and click **Bind existing Policy/Group/User**.
-8. Select the policy that you previously created and click **Create**.
-9. Optionally, repeat the process for any other flows that you want the policy applied to.
-
-If a user is not member of the chosen organization, they will see this message:
+If a user is not member of the chosen organisation, they will see this message

 ![](./github_org_membership.png)

-## Source property mappings
-
-Source property mappings allow you to modify or gather extra information from sources. See the [overview](../../property-mappings/index.md) for more information.
-
-## Resources
+:::info
+For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page).
+:::
--- a/website/docs/users-sources/sources/social-logins/google/cloud/authentiksource.png
+++ b/website/docs/users-sources/sources/social-logins/google/cloud/authentiksource.png
--- a/website/docs/users-sources/sources/social-logins/google/cloud/googledeveloper2.png
+++ b/website/docs/users-sources/sources/social-logins/google/cloud/googledeveloper2.png
--- a/website/docs/users-sources/sources/social-logins/google/cloud/googledeveloper3.png
+++ b/website/docs/users-sources/sources/social-logins/google/cloud/googledeveloper3.png
--- a/website/docs/users-sources/sources/social-logins/google/cloud/googledeveloper4.png
+++ b/website/docs/users-sources/sources/social-logins/google/cloud/googledeveloper4.png
--- a/website/docs/users-sources/sources/social-logins/google/cloud/googledeveloper5.png
+++ b/website/docs/users-sources/sources/social-logins/google/cloud/googledeveloper5.png
--- a/Show More
+++ b/Show More