Automatically send logoutResponse via iframe

* Make action field search case insensitive

* fix linting

.github/workflows/release-tag.yml

@@ -35,8 +35,10 @@ jobs:
           echo "major_version=${{ inputs.version }}" | grep -oE "^major_version=[0-9]{4}\.[0-9]{1,2}" >> "$GITHUB_OUTPUT"
       - id: changelog-url
         run: |
-          if [ "${{ inputs.release_reason }}" = "feature" ] || [ "${{ inputs.release_reason }}" = "prerelease" ]; then
+          if [ "${{ inputs.release_reason }}" = "feature" ]; then
             changelog_url="https://docs.goauthentik.io/docs/releases/${{ steps.check.outputs.major_version }}"
+          elif [ "${{ inputs.release_reason }}" = "prerelease" ]; then
+            changelog_url="https://next.goauthentik.io/docs/releases/${{ steps.check.outputs.major_version }}"
           else
             changelog_url="https://docs.goauthentik.io/docs/releases/${{ steps.check.outputs.major_version }}#fixed-in-$(echo -n ${{ inputs.version }} | sed 's/\.//g')"
           fi
@@ -87,7 +89,7 @@ jobs:
           git tag "version/${{ inputs.version }}" HEAD -m "version/${{ inputs.version }}"
           git push --follow-tags
       - name: Create Release
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2
+        uses: goauthentik/action-gh-release@84da137b91a625a58fe8a34f3bd6bdb034a49138
         with:
           token: "${{ steps.app-token.outputs.token }}"
           tag_name: "version/${{ inputs.version }}"

Dockerfile

@@ -76,7 +76,7 @@ RUN --mount=type=secret,id=GEOIPUPDATE_ACCOUNT_ID \
     /bin/sh -c "GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/GEOIPUPDATE_LICENSE_KEY /usr/bin/entry.sh || echo 'Failed to get GeoIP database, disabling'; exit 0"
 
 # Stage 4: Download uv
-FROM ghcr.io/astral-sh/uv:0.9.4 AS uv
+FROM ghcr.io/astral-sh/uv:0.9.5 AS uv
 # Stage 5: Base python image
 FROM ghcr.io/goauthentik/fips-python:3.13.9-slim-trixie-fips AS python-base
 

authentik/__init__.py

@@ -3,7 +3,7 @@
 from functools import lru_cache
 from os import environ
 
-VERSION = "2025.10.0-rc1"
+VERSION = "2025.12.0-rc1"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
 
 

authentik/blueprints/v1/importer.py

@@ -313,6 +313,7 @@ class Importer:
 
         serializer_kwargs = {}
         model_instance = existing_models.first()
+        override_serializer_instance = False
         if (
             not isinstance(model(), BaseMetaModel)
             and model_instance
@@ -341,11 +342,7 @@ class Importer:
                 model=model,
                 **cleanse_dict(updated_identifiers),
             )
-            model_instance = model()
-            # pk needs to be set on the model instance otherwise a new one will be generated
-            if "pk" in updated_identifiers:
-                model_instance.pk = updated_identifiers["pk"]
-            serializer_kwargs["instance"] = model_instance
+            override_serializer_instance = True
         try:
             full_data = self.__update_pks_for_attrs(entry.get_attrs(self._import))
         except ValueError as exc:
@@ -368,6 +365,12 @@ class Importer:
                 entry=entry,
                 serializer=serializer,
             ) from exc
+        if override_serializer_instance:
+            model_instance = model()
+            # pk needs to be set on the model instance otherwise a new one will be generated
+            if "pk" in updated_identifiers:
+                model_instance.pk = updated_identifiers["pk"]
+            serializer.instance = model_instance
         return serializer
 
     def _apply_permissions(self, instance: Model, entry: BlueprintEntry):
@@ -446,7 +449,7 @@ class Importer:
                 self._apply_permissions(instance, entry)
             elif state == BlueprintEntryDesiredState.ABSENT:
                 instance: Model | None = serializer.instance
-                if instance.pk:
+                if instance and instance.pk:
                     instance.delete()
                     self.logger.debug("Deleted model", mode=instance)
                     continue

authentik/enterprise/apps.py

@@ -1,11 +1,21 @@
 """Enterprise app config"""
 
 from django.conf import settings
+from prometheus_client import Gauge
 
 from authentik.blueprints.apps import ManagedAppConfig
 from authentik.lib.utils.time import fqdn_rand
 from authentik.tasks.schedules.common import ScheduleSpec
 
+GAUGE_LICENSE_USAGE = Gauge(
+    "authentik_enterprise_license_usage",
+    "Enterprise license usage (percentage per user type).",
+    ["user_type"],
+)
+GAUGE_LICENSE_EXPIRY = Gauge(
+    "authentik_enterprise_license_expiry_seconds", "Duration until license expires, in seconds."
+)
+
 
 class EnterpriseConfig(ManagedAppConfig):
     """Base app config for all enterprise apps"""

authentik/enterprise/license.py

@@ -217,7 +217,7 @@ class LicenseKey:
     def summary(self) -> LicenseSummary:
         """Summary of license status"""
         status = self.status()
-        latest_valid = datetime.fromtimestamp(self.exp)
+        latest_valid = datetime.fromtimestamp(self.exp).replace(tzinfo=UTC)
         return LicenseSummary(
             latest_valid=latest_valid,
             internal_users=self.internal_users,

authentik/enterprise/providers/google_workspace/api/providers.py

@@ -37,6 +37,8 @@ class GoogleWorkspaceProviderSerializer(EnterpriseRequiredMixin, ProviderSeriali
             "user_delete_action",
             "group_delete_action",
             "default_group_email_domain",
+            "sync_page_size",
+            "sync_page_timeout",
             "dry_run",
         ]
         extra_kwargs = {}

authentik/enterprise/providers/google_workspace/migrations/0005_googleworkspaceprovider_sync_page_size_and_more.py

@@ -0,0 +1,33 @@
+# Generated by Django 5.2.7 on 2025-10-21 12:35
+
+import authentik.lib.utils.time
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_providers_google_workspace", "0004_googleworkspaceprovider_dry_run"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="googleworkspaceprovider",
+            name="sync_page_size",
+            field=models.PositiveIntegerField(
+                default=100,
+                help_text="Controls the number of objects synced in a single task",
+                validators=[django.core.validators.MinValueValidator(1)],
+            ),
+        ),
+        migrations.AddField(
+            model_name="googleworkspaceprovider",
+            name="sync_page_timeout",
+            field=models.TextField(
+                default="minutes=30",
+                help_text="Timeout for synchronization of a single page",
+                validators=[authentik.lib.utils.time.timedelta_string_validator],
+            ),
+        ),
+    ]

authentik/enterprise/providers/microsoft_entra/api/providers.py

@@ -36,6 +36,8 @@ class MicrosoftEntraProviderSerializer(EnterpriseRequiredMixin, ProviderSerializ
             "filter_group",
             "user_delete_action",
             "group_delete_action",
+            "sync_page_size",
+            "sync_page_timeout",
             "dry_run",
         ]
         extra_kwargs = {}

authentik/enterprise/providers/microsoft_entra/migrations/0004_microsoftentraprovider_sync_page_size_and_more.py

@@ -0,0 +1,33 @@
+# Generated by Django 5.2.7 on 2025-10-21 12:35
+
+import authentik.lib.utils.time
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_providers_microsoft_entra", "0003_microsoftentraprovider_dry_run"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="microsoftentraprovider",
+            name="sync_page_size",
+            field=models.PositiveIntegerField(
+                default=100,
+                help_text="Controls the number of objects synced in a single task",
+                validators=[django.core.validators.MinValueValidator(1)],
+            ),
+        ),
+        migrations.AddField(
+            model_name="microsoftentraprovider",
+            name="sync_page_timeout",
+            field=models.TextField(
+                default="minutes=30",
+                help_text="Timeout for synchronization of a single page",
+                validators=[authentik.lib.utils.time.timedelta_string_validator],
+            ),
+        ),
+    ]

authentik/enterprise/signals.py

@@ -5,14 +5,37 @@ from datetime import datetime
 from django.core.cache import cache
 from django.db.models.signals import post_delete, post_save, pre_save
 from django.dispatch import receiver
-from django.utils.timezone import get_current_timezone
+from django.utils.timezone import get_current_timezone, now
 
-from authentik.enterprise.license import CACHE_KEY_ENTERPRISE_LICENSE
-from authentik.enterprise.models import License
+from authentik.enterprise.apps import GAUGE_LICENSE_EXPIRY, GAUGE_LICENSE_USAGE
+from authentik.enterprise.license import CACHE_KEY_ENTERPRISE_LICENSE, LicenseKey
+from authentik.enterprise.models import License, LicenseUsageStatus
 from authentik.enterprise.tasks import enterprise_update_usage
+from authentik.root.monitoring import monitoring_set
 from authentik.tasks.schedules.models import Schedule
 
 
+@receiver(monitoring_set)
+def monitoring_set_enterprise(sender, **kwargs):
+    """set enterprise gauges"""
+    summary = LicenseKey.cached_summary()
+    if summary.status == LicenseUsageStatus.UNLICENSED:
+        return
+    percentage_internal = (
+        0
+        if summary.internal_users <= 0
+        else LicenseKey.get_internal_user_count() / (summary.internal_users / 100)
+    )
+    percentage_external = (
+        0
+        if summary.external_users <= 0
+        else LicenseKey.get_external_user_count() / (summary.external_users / 100)
+    )
+    GAUGE_LICENSE_USAGE.labels(user_type="internal").set(percentage_internal)
+    GAUGE_LICENSE_USAGE.labels(user_type="external").set(percentage_external)
+    GAUGE_LICENSE_EXPIRY.set((summary.latest_valid - now()).total_seconds())
+
+
 @receiver(pre_save, sender=License)
 def pre_save_license(sender: type[License], instance: License, **_):
     """Extract data from license jwt and save it into model"""

authentik/enterprise/tests/test_metrics.py

@@ -0,0 +1,49 @@
+"""Enterprise metrics tests"""
+
+from unittest.mock import MagicMock, patch
+
+from django.test import TestCase
+from prometheus_client import REGISTRY
+
+from authentik.core.models import User
+from authentik.core.tests.utils import create_test_user
+from authentik.enterprise.license import LicenseKey
+from authentik.enterprise.models import License
+from authentik.enterprise.tests.test_license import expiry_valid
+from authentik.lib.generators import generate_id
+from authentik.root.monitoring import monitoring_set
+
+
+class TestEnterpriseMetrics(TestCase):
+    """Enterprise metrics tests"""
+
+    @patch(
+        "authentik.enterprise.license.LicenseKey.validate",
+        MagicMock(
+            return_value=LicenseKey(
+                aud="",
+                exp=expiry_valid,
+                name=generate_id(),
+                internal_users=100,
+                external_users=100,
+            )
+        ),
+    )
+    def test_usage_empty(self):
+        """Test usage (no users)"""
+        License.objects.create(key=generate_id())
+        User.objects.all().delete()
+        create_test_user()
+        monitoring_set.send_robust(self)
+        self.assertEqual(
+            REGISTRY.get_sample_value(
+                "authentik_enterprise_license_usage", {"user_type": "internal"}
+            ),
+            1.0,
+        )
+        self.assertEqual(
+            REGISTRY.get_sample_value(
+                "authentik_enterprise_license_usage", {"user_type": "external"}
+            ),
+            0,
+        )

authentik/flows/challenge.py

@@ -126,6 +126,10 @@ class SessionEndChallenge(WithUserInfoChallenge):
     invalidation_flow_url = CharField(required=False)
     brand_name = CharField(required=True)
 
+    sls_url = CharField(required=False)
+    sls_binding = CharField(required=False)
+    logout_response = CharField(required=False)
+
 
 class PermissionDict(TypedDict):
     """Consent Permission"""

authentik/flows/stage.py

@@ -33,6 +33,7 @@ from authentik.lib.utils.reflection import class_to_path
 
 if TYPE_CHECKING:
     from authentik.flows.views.executor import FlowExecutorView
+    from authentik.providers.saml.models import SAMLProvider
 
 PLAN_CONTEXT_PENDING_USER_IDENTIFIER = "pending_user_identifier"
 HIST_FLOWS_STAGE_TIME = Histogram(
@@ -292,7 +293,11 @@ class SessionEndStage(ChallengeStageView):
                     "to": reverse("authentik_core:root-redirect"),
                 },
             )
+
         application: Application | None = self.executor.plan.context.get(PLAN_CONTEXT_APPLICATION)
+        provider: SAMLProvider | None = self.executor.plan.context.get("provider")
+        logout_response: str | None = self.executor.plan.context.get("logout_response")
+
         data = {
             "component": "ak-stage-session-end",
             "brand_name": self.request.brand.branding_title,
@@ -300,6 +305,10 @@ class SessionEndStage(ChallengeStageView):
         if application:
             data["application_name"] = application.name
             data["application_launch_url"] = application.get_launch_url(self.get_pending_user())
+        if logout_response:
+            data["logout_response"] = logout_response
+            data["sls_url"] = provider.sls_url
+            data["sls_binding"] = provider.sls_binding
         if self.request.brand.flow_invalidation:
             data["invalidation_flow_url"] = reverse(
                 "authentik_core:if-flow",

authentik/lib/sync/outgoing/__init__.py

@@ -1,7 +1,5 @@
 """Sync constants"""
 
-PAGE_SIZE = 100
-PAGE_TIMEOUT_MS = 60 * 60 * 0.5 * 1000  # Half an hour
 HTTP_CONFLICT = 409
 HTTP_NO_CONTENT = 204
 HTTP_SERVICE_UNAVAILABLE = 503

authentik/lib/sync/outgoing/models.py

@@ -2,15 +2,15 @@ from typing import Any, Self
 
 import pglock
 from django.core.paginator import Paginator
+from django.core.validators import MinValueValidator
 from django.db import connection, models
 from django.db.models import Model, QuerySet, TextChoices
 from django.utils.translation import gettext_lazy as _
 from dramatiq.actor import Actor
 
 from authentik.core.models import Group, User
-from authentik.lib.sync.outgoing import PAGE_SIZE, PAGE_TIMEOUT_MS
 from authentik.lib.sync.outgoing.base import BaseOutgoingSyncClient
-from authentik.lib.utils.time import fqdn_rand
+from authentik.lib.utils.time import fqdn_rand, timedelta_from_string, timedelta_string_validator
 from authentik.tasks.schedules.common import ScheduleSpec
 from authentik.tasks.schedules.models import ScheduledModel
 
@@ -27,6 +27,17 @@ class OutgoingSyncDeleteAction(TextChoices):
 class OutgoingSyncProvider(ScheduledModel, Model):
     """Base abstract models for providers implementing outgoing sync"""
 
+    sync_page_size = models.PositiveIntegerField(
+        help_text=_("Controls the number of objects synced in a single task"),
+        default=100,
+        validators=[MinValueValidator(1)],
+    )
+    sync_page_timeout = models.TextField(
+        help_text=_("Timeout for synchronization of a single page"),
+        default="minutes=30",
+        validators=[timedelta_string_validator],
+    )
+
     dry_run = models.BooleanField(
         default=False,
         help_text=_(
@@ -46,11 +57,12 @@ class OutgoingSyncProvider(ScheduledModel, Model):
         raise NotImplementedError
 
     def get_paginator[T: User | Group](self, type: type[T]) -> Paginator:
-        return Paginator(self.get_object_qs(type), PAGE_SIZE)
+        return Paginator(self.get_object_qs(type), self.sync_page_size)
 
     def get_object_sync_time_limit_ms[T: User | Group](self, type: type[T]) -> int:
         num_pages: int = self.get_paginator(type).num_pages
-        return int(num_pages * PAGE_TIMEOUT_MS * 1.5)
+        page_timeout_ms = timedelta_from_string(self.sync_page_timeout).total_seconds() * 1000
+        return int(num_pages * page_timeout_ms * 1.5)
 
     def get_sync_time_limit_ms(self) -> int:
         return int(

authentik/lib/sync/outgoing/tasks.py

@@ -9,7 +9,6 @@ from structlog.stdlib import BoundLogger, get_logger
 from authentik.core.expression.exceptions import SkipObjectException
 from authentik.core.models import Group, User
 from authentik.events.utils import sanitize_item
-from authentik.lib.sync.outgoing import PAGE_SIZE, PAGE_TIMEOUT_MS
 from authentik.lib.sync.outgoing.base import Direction
 from authentik.lib.sync.outgoing.exceptions import (
     BadRequestSyncException,
@@ -20,6 +19,7 @@ from authentik.lib.sync.outgoing.exceptions import (
 from authentik.lib.sync.outgoing.models import OutgoingSyncProvider
 from authentik.lib.utils.errors import exception_to_dict
 from authentik.lib.utils.reflection import class_to_path, path_to_class
+from authentik.lib.utils.time import timedelta_from_string
 from authentik.tasks.middleware import CurrentTask
 from authentik.tasks.models import Task
 
@@ -44,10 +44,11 @@ class SyncTasks:
         **options,
     ):
         tasks = []
+        time_limit = timedelta_from_string(provider.sync_page_timeout).total_seconds() * 1000
         for page in paginator.page_range:
             page_sync = sync_objects.message_with_options(
                 args=(class_to_path(object_type), page, provider.pk),
-                time_limit=PAGE_TIMEOUT_MS,
+                time_limit=time_limit,
                 # Assign tasks to the same schedule as the current one
                 rel_obj=current_task.rel_obj,
                 uid=f"{provider.name}:{object_type._meta.model_name}:{page}",
@@ -139,7 +140,10 @@ class SyncTasks:
             client = provider.client_for_model(_object_type)
         except TransientSyncException:
             return
-        paginator = Paginator(provider.get_object_qs(_object_type).filter(**filter), PAGE_SIZE)
+        paginator = Paginator(
+            provider.get_object_qs(_object_type).filter(**filter),
+            provider.sync_page_size,
+        )
         if client.can_discover:
             self.logger.debug("starting discover")
             client.discover()

authentik/providers/saml/processors/logout_response_processor.py

@@ -0,0 +1,115 @@
+"""LogoutResponse processor"""
+
+import xmlsec
+from lxml import etree
+from lxml.etree import Element, SubElement
+
+from authentik.providers.saml.models import SAMLProvider
+from authentik.providers.saml.processors.logout_request_parser import LogoutRequest
+from authentik.providers.saml.utils import get_random_id
+from authentik.providers.saml.utils.time import get_time_string
+from authentik.sources.saml.processors.constants import (
+    DIGEST_ALGORITHM_TRANSLATION_MAP,
+    NS_MAP,
+    NS_SAML_ASSERTION,
+    NS_SAML_PROTOCOL,
+    SIGN_ALGORITHM_TRANSFORM_MAP,
+)
+
+
+class LogoutResponseProcessor:
+    """Generate a SAML LogoutResponse"""
+
+    provider: SAMLProvider
+    logout_request: LogoutRequest
+    _issue_instant: str
+    _response_id: str
+
+    def __init__(self, provider: SAMLProvider, logout_request: LogoutRequest):
+        self.provider = provider
+        self.logout_request = logout_request
+        self._issue_instant = get_time_string()
+        self._response_id = get_random_id()
+
+    def get_issuer(self) -> Element:
+        """Get Issuer element"""
+        issuer = Element(f"{{{NS_SAML_ASSERTION}}}Issuer")
+        issuer.text = self.provider.issuer
+        return issuer
+
+    def get_response(self, status: str = "Success", destination: str | None = None) -> Element:
+        """Generate LogoutResponse XML"""
+        response = Element(f"{{{NS_SAML_PROTOCOL}}}LogoutResponse", nsmap=NS_MAP)
+        response.attrib["Version"] = "2.0"
+        response.attrib["IssueInstant"] = self._issue_instant
+        response.attrib["ID"] = self._response_id
+
+        if destination:
+            response.attrib["Destination"] = destination
+
+        if self.logout_request.id:
+            response.attrib["InResponseTo"] = self.logout_request.id
+
+        response.append(self.get_issuer())
+
+        # Add Status element
+        status_element = SubElement(response, f"{{{NS_SAML_PROTOCOL}}}Status")
+        status_code = SubElement(status_element, f"{{{NS_SAML_PROTOCOL}}}StatusCode")
+        status_code.attrib["Value"] = f"urn:oasis:names:tc:SAML:2.0:status:{status}"
+
+        # Add signature if configured
+        if self.provider.signing_kp:
+            self._add_signature(response)
+
+        return response
+
+    def _add_signature(self, element: Element):
+        """Add signature placeholder to element"""
+        sign_algorithm_transform = SIGN_ALGORITHM_TRANSFORM_MAP.get(
+            self.provider.signature_algorithm, xmlsec.constants.TransformRsaSha1
+        )
+        signature = xmlsec.template.create(
+            element,
+            xmlsec.constants.TransformExclC14N,
+            sign_algorithm_transform,
+            ns=xmlsec.constants.DSigNs,
+        )
+        element.insert(1, signature)  # Insert after Issuer
+
+    def build_response(self, status: str = "Success", destination: str | None = None) -> str:
+        """Build and sign the response, return as string"""
+        response = self.get_response(status, destination)
+
+        if self.provider.signing_kp:
+            self._sign_response(response)
+
+        return etree.tostring(response, encoding="unicode", pretty_print=False)
+
+    def _sign_response(self, response: Element):
+        """Sign the response element"""
+        digest_algorithm_transform = DIGEST_ALGORITHM_TRANSLATION_MAP.get(
+            self.provider.digest_algorithm, xmlsec.constants.TransformSha1
+        )
+
+        xmlsec.tree.add_ids(response, ["ID"])
+        signature_node = xmlsec.tree.find_node(response, xmlsec.constants.NodeSignature)
+
+        ref = xmlsec.template.add_reference(
+            signature_node,
+            digest_algorithm_transform,
+            uri="#" + response.attrib["ID"],
+        )
+        xmlsec.template.add_transform(ref, xmlsec.constants.TransformEnveloped)
+        xmlsec.template.add_transform(ref, xmlsec.constants.TransformExclC14N)
+        key_info = xmlsec.template.ensure_key_info(signature_node)
+        xmlsec.template.add_x509_data(key_info)
+
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_memory(
+            self.provider.signing_kp.key_data,  # Use key_data for the private key
+            xmlsec.constants.KeyDataFormatPem,
+        )
+        ctx.key.load_cert_from_memory(
+            self.provider.signing_kp.certificate_data, xmlsec.constants.KeyDataFormatPem
+        )
+        ctx.sign(signature_node)

authentik/providers/saml/tests/test_logout_response_processor.py

@@ -0,0 +1,54 @@
+"""logout response tests"""
+
+from defusedxml import ElementTree
+from django.test import TestCase
+
+from authentik.blueprints.tests import apply_blueprint
+from authentik.core.tests.utils import create_test_cert, create_test_flow
+from authentik.providers.saml.models import SAMLPropertyMapping, SAMLProvider
+from authentik.providers.saml.processors.logout_request_parser import LogoutRequest
+from authentik.providers.saml.processors.logout_response_processor import LogoutResponseProcessor
+from authentik.sources.saml.processors.constants import NS_SAML_ASSERTION, NS_SAML_PROTOCOL
+
+
+class TestLogoutResponse(TestCase):
+    """Test LogoutResponse processor"""
+
+    @apply_blueprint("system/providers-saml.yaml")
+    def setUp(self):
+        cert = create_test_cert()
+        self.provider: SAMLProvider = SAMLProvider.objects.create(
+            authorization_flow=create_test_flow(),
+            acs_url="http://testserver/source/saml/provider/acs/",
+            sls_url="http://testserver/source/saml/provider/sls/",
+            signing_kp=cert,
+            verification_kp=cert,
+        )
+        self.provider.property_mappings.set(SAMLPropertyMapping.objects.all())
+        self.provider.save()
+
+    def test_build_response(self):
+        """Test building a LogoutResponse"""
+        logout_request = LogoutRequest(
+            id="test-request-id",
+            issuer="test-sp",
+            relay_state="test-relay-state",
+        )
+
+        processor = LogoutResponseProcessor(self.provider, logout_request)
+        response_xml = processor.build_response(status="Success", destination=self.provider.sls_url)
+
+        # Parse and verify
+        root = ElementTree.fromstring(response_xml)
+        self.assertEqual(root.tag, f"{{{NS_SAML_PROTOCOL}}}LogoutResponse")
+        self.assertEqual(root.attrib["Version"], "2.0")
+        self.assertEqual(root.attrib["Destination"], self.provider.sls_url)
+        self.assertEqual(root.attrib["InResponseTo"], "test-request-id")
+
+        # Check Issuer
+        issuer = root.find(f"{{{NS_SAML_ASSERTION}}}Issuer")
+        self.assertEqual(issuer.text, self.provider.issuer)
+
+        # Check Status
+        status = root.find(f".//{{{NS_SAML_PROTOCOL}}}StatusCode")
+        self.assertEqual(status.attrib["Value"], "urn:oasis:names:tc:SAML:2.0:status:Success")

authentik/providers/saml/views/sp_slo.py

@@ -16,8 +16,10 @@ from authentik.flows.views.executor import SESSION_KEY_PLAN
 from authentik.lib.views import bad_request_message
 from authentik.policies.views import PolicyAccessView
 from authentik.providers.saml.exceptions import CannotHandleAssertion
-from authentik.providers.saml.models import SAMLProvider, SAMLSession
+from authentik.providers.saml.models import SAMLBindings, SAMLProvider, SAMLSession
 from authentik.providers.saml.processors.logout_request_parser import LogoutRequestParser
+from authentik.providers.saml.processors.logout_response_processor import LogoutResponseProcessor
+from authentik.providers.saml.utils.encoding import deflate_and_base64_encode, nice64
 from authentik.providers.saml.views.flows import (
     PLAN_CONTEXT_SAML_LOGOUT_REQUEST,
     PLAN_CONTEXT_SAML_RELAY_STATE,
@@ -68,6 +70,21 @@ class SPInitiatedSLOView(PolicyAccessView):
                 **self.plan_context,
             },
         )
+        processor = LogoutResponseProcessor(
+            self.provider, self.plan_context.get(PLAN_CONTEXT_SAML_LOGOUT_REQUEST)
+        )
+        response_xml = processor.build_response(status="Success", destination=self.provider.sls_url)
+
+        # Encode the logout response based on binding type
+        if self.provider.sls_binding == SAMLBindings.REDIRECT:
+            # For redirect binding, deflate and base64 encode
+            encoded_response = deflate_and_base64_encode(response_xml)
+        else:
+            # For POST binding, just base64 encode
+            encoded_response = nice64(response_xml)
+
+        plan.context["provider"] = self.provider
+        plan.context["logout_response"] = encoded_response
         plan.append_stage(in_memory_stage(SessionEndStage))
 
         # Remove samlsession from database

authentik/providers/scim/api/providers.py

@@ -38,6 +38,8 @@ class SCIMProviderSerializer(
             "compatibility_mode",
             "exclude_users_service_account",
             "filter_group",
+            "sync_page_size",
+            "sync_page_timeout",
             "dry_run",
         ]
         extra_kwargs = {}

authentik/providers/scim/migrations/0016_scimprovider_sync_page_size_and_more.py

@@ -0,0 +1,33 @@
+# Generated by Django 5.2.7 on 2025-10-21 12:35
+
+import authentik.lib.utils.time
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_providers_scim", "0015_alter_scimprovider_compatibility_mode"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="scimprovider",
+            name="sync_page_size",
+            field=models.PositiveIntegerField(
+                default=100,
+                help_text="Controls the number of objects synced in a single task",
+                validators=[django.core.validators.MinValueValidator(1)],
+            ),
+        ),
+        migrations.AddField(
+            model_name="scimprovider",
+            name="sync_page_timeout",
+            field=models.TextField(
+                default="minutes=30",
+                help_text="Timeout for synchronization of a single page",
+                validators=[authentik.lib.utils.time.timedelta_string_validator],
+            ),
+        ),
+    ]

blueprints/schema.json

@@ -2,7 +2,7 @@
     "$schema": "http://json-schema.org/draft-07/schema",
     "$id": "https://goauthentik.io/blueprints/schema.json",
     "type": "object",
-    "title": "authentik 2025.10.0-rc1 Blueprint schema",
+    "title": "authentik 2025.12.0-rc1 Blueprint schema",
     "required": [
         "version",
         "entries"
@@ -5871,6 +5871,19 @@
                     "minLength": 1,
                     "title": "Default group email domain"
                 },
+                "sync_page_size": {
+                    "type": "integer",
+                    "minimum": 1,
+                    "maximum": 2147483647,
+                    "title": "Sync page size",
+                    "description": "Controls the number of objects synced in a single task"
+                },
+                "sync_page_timeout": {
+                    "type": "string",
+                    "minLength": 1,
+                    "title": "Sync page timeout",
+                    "description": "Timeout for synchronization of a single page"
+                },
                 "dry_run": {
                     "type": "boolean",
                     "title": "Dry run",
@@ -6024,6 +6037,19 @@
                     ],
                     "title": "Group delete action"
                 },
+                "sync_page_size": {
+                    "type": "integer",
+                    "minimum": 1,
+                    "maximum": 2147483647,
+                    "title": "Sync page size",
+                    "description": "Controls the number of objects synced in a single task"
+                },
+                "sync_page_timeout": {
+                    "type": "string",
+                    "minLength": 1,
+                    "title": "Sync page timeout",
+                    "description": "Timeout for synchronization of a single page"
+                },
                 "dry_run": {
                     "type": "boolean",
                     "title": "Dry run",
@@ -9676,6 +9702,19 @@
                     "format": "uuid",
                     "title": "Filter group"
                 },
+                "sync_page_size": {
+                    "type": "integer",
+                    "minimum": 1,
+                    "maximum": 2147483647,
+                    "title": "Sync page size",
+                    "description": "Controls the number of objects synced in a single task"
+                },
+                "sync_page_timeout": {
+                    "type": "string",
+                    "minLength": 1,
+                    "title": "Sync page timeout",
+                    "description": "Timeout for synchronization of a single page"
+                },
                 "dry_run": {
                     "type": "boolean",
                     "title": "Dry run",

docker-compose.yml

@@ -31,7 +31,7 @@ services:
       AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
       AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
       AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.0-rc1}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.12.0-rc1}
     ports:
     - ${COMPOSE_PORT_HTTP:-9000}:9000
     - ${COMPOSE_PORT_HTTPS:-9443}:9443
@@ -52,7 +52,7 @@ services:
       AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
       AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
       AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.0-rc1}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.12.0-rc1}
     restart: unless-stopped
     user: root
     volumes:

go.mod

@@ -9,7 +9,7 @@ require (
 	beryju.io/radius-eap v0.1.0
 	github.com/avast/retry-go/v4 v4.7.0
 	github.com/coreos/go-oidc/v3 v3.16.0
-	github.com/getsentry/sentry-go v0.36.0
+	github.com/getsentry/sentry-go v0.36.1
 	github.com/go-http-utils/etag v0.0.0-20161124023236-513ea8f21eb1
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/go-openapi/runtime v0.29.0
@@ -32,7 +32,7 @@ require (
 	github.com/spf13/cobra v1.10.1
 	github.com/stretchr/testify v1.11.1
 	github.com/wwt/guac v1.3.2
-	goauthentik.io/api/v3 v3.2025100.25
+	goauthentik.io/api/v3 v3.2025120.2
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
 	golang.org/x/oauth2 v0.32.0
 	golang.org/x/sync v0.17.0

go.sum

@@ -22,8 +22,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/getsentry/sentry-go v0.36.0 h1:UkCk0zV28PiGf+2YIONSSYiYhxwlERE5Li3JPpZqEns=
-github.com/getsentry/sentry-go v0.36.0/go.mod h1:p5Im24mJBeruET8Q4bbcMfCQ+F+Iadc4L48tB1apo2c=
+github.com/getsentry/sentry-go v0.36.1 h1:kMJt0WWsxWATUxkvFgVBZdIeHSk/Oiv5P0jZ9e5m/Lw=
+github.com/getsentry/sentry-go v0.36.1/go.mod h1:p5Im24mJBeruET8Q4bbcMfCQ+F+Iadc4L48tB1apo2c=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
@@ -212,8 +212,8 @@ go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
 go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
-goauthentik.io/api/v3 v3.2025100.25 h1:NC82Q8CbmD6T8s1AblPjwJl/lUZBEOmNrKZHBTnxGiY=
-goauthentik.io/api/v3 v3.2025100.25/go.mod h1:82lqAz4jxzl6Cg0YDbhNtvvTG2rm6605ZhdJFnbbsl8=
+goauthentik.io/api/v3 v3.2025120.2 h1:FOUJCEI+qqBXmeB7DfStwfB6SXuoLUQrubX4AXsaf/E=
+goauthentik.io/api/v3 v3.2025120.2/go.mod h1:82lqAz4jxzl6Cg0YDbhNtvvTG2rm6605ZhdJFnbbsl8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=

internal/constants/VERSION

@@ -1 +1 @@
-2025.10.0-rc1
+2025.12.0-rc1

internal/outpost/proxyv2/application/mode_common.go

@@ -14,62 +14,83 @@ import (
 	"goauthentik.io/internal/outpost/proxyv2/types"
 )
 
+func (a *Application) addHeaders(headers http.Header, c *types.Claims) {
+	nh := a.getHeaders(c)
+	for key, val := range nh {
+		headers.Set(key, val)
+	}
+	a.removeDuplicateUnderscoreHeader(headers)
+}
+
+func (a *Application) removeDuplicateUnderscoreHeader(h http.Header) {
+	for key := range h {
+		ush := strings.ReplaceAll(key, "_", "-")
+		if _, ok := h[ush]; !ok {
+			h.Del(key)
+		}
+	}
+}
+
+func (a *Application) getHeaders(c *types.Claims) map[string]string {
+	headers := map[string]string{}
+	// https://docs.goauthentik.io/add-secure-apps/providers/proxy
+	headers["X-authentik-username"] = c.PreferredUsername
+	headers["X-authentik-groups"] = strings.Join(c.Groups, "|")
+	headers["X-authentik-entitlements"] = strings.Join(c.Entitlements, "|")
+	headers["X-authentik-email"] = c.Email
+	headers["X-authentik-name"] = c.Name
+	headers["X-authentik-uid"] = c.Sub
+	headers["X-authentik-jwt"] = c.RawToken
+
+	// System headers
+	headers["X-authentik-meta-jwks"] = a.endpoint.JwksUri
+	headers["X-authentik-meta-outpost"] = a.outpostName
+	headers["X-authentik-meta-provider"] = a.proxyConfig.Name
+	headers["X-authentik-meta-app"] = a.proxyConfig.AssignedApplicationSlug
+	headers["X-authentik-meta-version"] = constants.UserAgentOutpost()
+
+	if c.Proxy == nil {
+		return headers
+	}
+	if authz := a.setAuthorizationHeader(c); authz != "" {
+		headers["Authorization"] = authz
+	}
+	// Check if user has additional headers set that we should sent
+	userAttributes := c.Proxy.UserAttributes
+	if additionalHeaders, ok := userAttributes["additionalHeaders"]; ok {
+		a.log.WithField("headers", additionalHeaders).Trace("setting additional headers")
+		if additionalHeaders == nil {
+			return headers
+		}
+		for key, value := range additionalHeaders.(map[string]interface{}) {
+			headers[key] = toString(value)
+		}
+	}
+	return headers
+}
+
 // Attempt to set basic auth based on user's attributes
-func (a *Application) setAuthorizationHeader(headers http.Header, c *types.Claims) {
+func (a *Application) setAuthorizationHeader(c *types.Claims) string {
 	if !*a.proxyConfig.BasicAuthEnabled {
-		return
+		return ""
 	}
 	userAttributes := c.Proxy.UserAttributes
 	var ok bool
+	var username string
 	var password string
 	if password, ok = userAttributes[*a.proxyConfig.BasicAuthPasswordAttribute].(string); !ok {
 		password = ""
 	}
 	// Check if we should use email or a custom attribute as username
-	var username string
 	if username, ok = userAttributes[*a.proxyConfig.BasicAuthUserAttribute].(string); !ok {
 		username = c.Email
 	}
-	if username == "" && password == "" {
-		return
+	if password == "" {
+		return ""
 	}
 	authVal := base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
 	a.log.WithField("username", username).Trace("setting http basic auth")
-	headers.Set("Authorization", fmt.Sprintf("Basic %s", authVal))
-}
-
-func (a *Application) addHeaders(headers http.Header, c *types.Claims) {
-	// https://docs.goauthentik.io/add-secure-apps/providers/proxy
-	headers.Set("X-authentik-username", c.PreferredUsername)
-	headers.Set("X-authentik-groups", strings.Join(c.Groups, "|"))
-	headers.Set("X-authentik-entitlements", strings.Join(c.Entitlements, "|"))
-	headers.Set("X-authentik-email", c.Email)
-	headers.Set("X-authentik-name", c.Name)
-	headers.Set("X-authentik-uid", c.Sub)
-	headers.Set("X-authentik-jwt", c.RawToken)
-
-	// System headers
-	headers.Set("X-authentik-meta-jwks", a.endpoint.JwksUri)
-	headers.Set("X-authentik-meta-outpost", a.outpostName)
-	headers.Set("X-authentik-meta-provider", a.proxyConfig.Name)
-	headers.Set("X-authentik-meta-app", a.proxyConfig.AssignedApplicationSlug)
-	headers.Set("X-authentik-meta-version", constants.UserAgentOutpost())
-
-	if c.Proxy == nil {
-		return
-	}
-	userAttributes := c.Proxy.UserAttributes
-	a.setAuthorizationHeader(headers, c)
-	// Check if user has additional headers set that we should sent
-	if additionalHeaders, ok := userAttributes["additionalHeaders"]; ok {
-		a.log.WithField("headers", additionalHeaders).Trace("setting additional headers")
-		if additionalHeaders == nil {
-			return
-		}
-		for key, value := range additionalHeaders.(map[string]interface{}) {
-			headers.Set(key, toString(value))
-		}
-	}
+	return fmt.Sprintf("Basic %s", authVal)
 }
 
 // getTraefikForwardUrl See https://doc.traefik.io/traefik/middlewares/forwardauth/

internal/outpost/proxyv2/application/mode_common_test.go

@@ -1,12 +1,15 @@
 package application
 
 import (
+	"net/http"
 	"net/url"
 	"regexp"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 	"goauthentik.io/api/v3"
+	"goauthentik.io/internal/constants"
+	"goauthentik.io/internal/outpost/proxyv2/types"
 )
 
 func urlMustParse(u string) *url.URL {
@@ -48,3 +51,135 @@ func TestIsAllowlisted_Proxy_Domain(t *testing.T) {
 	assert.Equal(t, false, a.IsAllowlisted(urlMustParse("https://health.domain.tld/")))
 	assert.Equal(t, true, a.IsAllowlisted(urlMustParse("https://health.domain.tld/ping/qq")))
 }
+
+func TestAdHeaders_Standard(t *testing.T) {
+	a := newTestApplication()
+	h := http.Header{}
+	a.addHeaders(h, &types.Claims{
+		PreferredUsername: "foo",
+		Groups:            []string{"foo", "bar"},
+		Entitlements:      []string{"bar", "quox"},
+		Email:             "bar@authentik.company",
+		Name:              "foo",
+		Sub:               "bar",
+		RawToken:          "baz",
+	})
+	assert.Equal(t, http.Header{
+		"X-Authentik-Email":         []string{"bar@authentik.company"},
+		"X-Authentik-Entitlements":  []string{"bar|quox"},
+		"X-Authentik-Groups":        []string{"foo|bar"},
+		"X-Authentik-Jwt":           []string{"baz"},
+		"X-Authentik-Meta-App":      []string{""},
+		"X-Authentik-Meta-Jwks":     []string{""},
+		"X-Authentik-Meta-Outpost":  []string{""},
+		"X-Authentik-Meta-Provider": []string{a.proxyConfig.Name},
+		"X-Authentik-Meta-Version":  []string{constants.UserAgentOutpost()},
+		"X-Authentik-Name":          []string{"foo"},
+		"X-Authentik-Uid":           []string{"bar"},
+		"X-Authentik-Username":      []string{"foo"},
+	}, h)
+}
+
+func TestAdHeaders_BasicAuth(t *testing.T) {
+	a := newTestApplication()
+	a.proxyConfig.BasicAuthEnabled = api.PtrBool(true)
+	a.proxyConfig.BasicAuthUserAttribute = api.PtrString("user")
+	a.proxyConfig.BasicAuthPasswordAttribute = api.PtrString("pass")
+	h := http.Header{}
+	a.addHeaders(h, &types.Claims{
+		PreferredUsername: "foo",
+		Groups:            []string{"foo", "bar"},
+		Entitlements:      []string{"bar", "quox"},
+		Email:             "bar@authentik.company",
+		Name:              "foo",
+		Sub:               "bar",
+		RawToken:          "baz",
+		Proxy: &types.ProxyClaims{
+			UserAttributes: map[string]any{
+				"user": "foo",
+				"pass": "baz",
+			},
+		},
+	})
+	assert.Equal(t, http.Header{
+		"Authorization":             []string{"Basic Zm9vOmJheg=="},
+		"X-Authentik-Email":         []string{"bar@authentik.company"},
+		"X-Authentik-Entitlements":  []string{"bar|quox"},
+		"X-Authentik-Groups":        []string{"foo|bar"},
+		"X-Authentik-Jwt":           []string{"baz"},
+		"X-Authentik-Meta-App":      []string{""},
+		"X-Authentik-Meta-Jwks":     []string{""},
+		"X-Authentik-Meta-Outpost":  []string{""},
+		"X-Authentik-Meta-Provider": []string{a.proxyConfig.Name},
+		"X-Authentik-Meta-Version":  []string{constants.UserAgentOutpost()},
+		"X-Authentik-Name":          []string{"foo"},
+		"X-Authentik-Uid":           []string{"bar"},
+		"X-Authentik-Username":      []string{"foo"},
+	}, h)
+}
+
+func TestAdHeaders_Extra(t *testing.T) {
+	a := newTestApplication()
+	h := http.Header{}
+	a.addHeaders(h, &types.Claims{
+		PreferredUsername: "foo",
+		Groups:            []string{"foo", "bar"},
+		Entitlements:      []string{"bar", "quox"},
+		Email:             "bar@authentik.company",
+		Name:              "foo",
+		Sub:               "bar",
+		RawToken:          "baz",
+		Proxy: &types.ProxyClaims{
+			UserAttributes: map[string]any{
+				"additionalHeaders": map[string]any{
+					"foo": "bar",
+				},
+			},
+		},
+	})
+	assert.Equal(t, http.Header{
+		"Foo":                       []string{"bar"},
+		"X-Authentik-Email":         []string{"bar@authentik.company"},
+		"X-Authentik-Entitlements":  []string{"bar|quox"},
+		"X-Authentik-Groups":        []string{"foo|bar"},
+		"X-Authentik-Jwt":           []string{"baz"},
+		"X-Authentik-Meta-App":      []string{""},
+		"X-Authentik-Meta-Jwks":     []string{""},
+		"X-Authentik-Meta-Outpost":  []string{""},
+		"X-Authentik-Meta-Provider": []string{a.proxyConfig.Name},
+		"X-Authentik-Meta-Version":  []string{constants.UserAgentOutpost()},
+		"X-Authentik-Name":          []string{"foo"},
+		"X-Authentik-Uid":           []string{"bar"},
+		"X-Authentik-Username":      []string{"foo"},
+	}, h)
+}
+
+func TestAdHeaders_UnderscoreInitial(t *testing.T) {
+	a := newTestApplication()
+	h := http.Header{}
+	h.Set("X_AUTHENTIK_USERNAME", "another user")
+	h.Set("X-Authentik_username", "another user")
+	a.addHeaders(h, &types.Claims{
+		PreferredUsername: "foo",
+		Groups:            []string{"foo", "bar"},
+		Entitlements:      []string{"bar", "quox"},
+		Email:             "bar@authentik.company",
+		Name:              "foo",
+		Sub:               "bar",
+		RawToken:          "baz",
+	})
+	assert.Equal(t, http.Header{
+		"X-Authentik-Email":         []string{"bar@authentik.company"},
+		"X-Authentik-Entitlements":  []string{"bar|quox"},
+		"X-Authentik-Groups":        []string{"foo|bar"},
+		"X-Authentik-Jwt":           []string{"baz"},
+		"X-Authentik-Meta-App":      []string{""},
+		"X-Authentik-Meta-Jwks":     []string{""},
+		"X-Authentik-Meta-Outpost":  []string{""},
+		"X-Authentik-Meta-Provider": []string{a.proxyConfig.Name},
+		"X-Authentik-Meta-Version":  []string{constants.UserAgentOutpost()},
+		"X-Authentik-Name":          []string{"foo"},
+		"X-Authentik-Uid":           []string{"bar"},
+		"X-Authentik-Username":      []string{"foo"},
+	}, h)
+}

lifecycle/aws/package-lock.json

@@ -9,7 +9,7 @@
             "version": "0.0.0",
             "license": "MIT",
             "devDependencies": {
-                "aws-cdk": "^2.1030.0",
+                "aws-cdk": "^2.1031.0",
                 "cross-env": "^10.1.0"
             },
             "engines": {
@@ -24,9 +24,9 @@
             "license": "MIT"
         },
         "node_modules/aws-cdk": {
-            "version": "2.1030.0",
-            "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1030.0.tgz",
-            "integrity": "sha512-jYgOy1Hqx8cOTWW9On9xpypXLecjOqSZ4X2q5U0Gzd14xI+HLmpaRJV5ILJ8vYrLKVbqjhiog0pdxAC7vwF9uQ==",
+            "version": "2.1031.0",
+            "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1031.0.tgz",
+            "integrity": "sha512-iotbdOIvHoLCz1u7PUVDQbcpGpVqMk8HzAeOP4PGRqD9PoAEsCb3mwGTxHMrNGEGWdJXQxiTOGSaMmlwEvACxA==",
             "dev": true,
             "license": "Apache-2.0",
             "bin": {

lifecycle/aws/package.json

@@ -10,7 +10,7 @@
         "node": ">=20"
     },
     "devDependencies": {
-        "aws-cdk": "^2.1030.0",
+        "aws-cdk": "^2.1031.0",
         "cross-env": "^10.1.0"
     }
 }

lifecycle/aws/template.yaml

@@ -18,7 +18,7 @@ Parameters:
     Description: authentik Docker image
   AuthentikVersion:
     Type: String
-    Default: 2025.10.0-rc1
+    Default: 2025.12.0-rc1
     Description: authentik Docker image tag
   AuthentikServerCPU:
     Type: Number

locale/pt_BR/LC_MESSAGES/django.po

@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-10-15 00:10+0000\n"
+"POT-Creation-Date: 2025-10-20 00:11+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
 "Last-Translator: Wagner Santos, 2025\n"
 "Language-Team: Portuguese (Brazil) (https://app.transifex.com/authentik/teams/119923/pt_BR/)\n"
@@ -2921,6 +2921,18 @@ msgstr "Autenticação HTTP Basic"
 msgid "Include the client ID and secret as request parameters"
 msgstr "Incluir ID do cliente e segredo como parâmetros da requisição"
 
+#: authentik/sources/oauth/models.py
+msgid "No PKCE"
+msgstr "Sem PXCE"
+
+#: authentik/sources/oauth/models.py
+msgid "Plain"
+msgstr "Plain"
+
+#: authentik/sources/oauth/models.py
+msgid "S256"
+msgstr "S256"
+
 #: authentik/sources/oauth/models.py
 msgid "Request Token URL"
 msgstr "URL do token de solicitação"
@@ -2961,6 +2973,10 @@ msgstr "URL usado pelo authentik para obter informações do usuário."
 msgid "Additional Scopes"
 msgstr "Escopos Adicionais"
 
+#: authentik/sources/oauth/models.py
+msgid "PKCE"
+msgstr "PKCE"
+
 #: authentik/sources/oauth/models.py
 msgid ""
 "How to perform authentication during an authorization_code token request "

package-lock.json

@@ -1,12 +1,12 @@
 {
     "name": "@goauthentik/authentik",
-    "version": "2025.10.0-rc1",
+    "version": "2025.12.0-rc1",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "@goauthentik/authentik",
-            "version": "2025.10.0-rc1",
+            "version": "2025.12.0-rc1",
             "dependencies": {
                 "@eslint/js": "^9.31.0",
                 "@typescript-eslint/eslint-plugin": "^8.38.0",

package.json

@@ -1,6 +1,6 @@
 {
     "name": "@goauthentik/authentik",
-    "version": "2025.10.0-rc1",
+    "version": "2025.12.0-rc1",
     "private": true,
     "type": "module",
     "dependencies": {

packages/esbuild-plugin-live-reload/package-lock.json

@@ -912,9 +912,9 @@
             }
         },
         "node_modules/@types/node": {
-            "version": "24.9.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.9.0.tgz",
-            "integrity": "sha512-MKNwXh3seSK8WurXF7erHPJ2AONmMwkI7zAMrXZDPIru8jRqkk6rGDBVbw4mLwfqA+ZZliiDPg05JQ3uW66tKQ==",
+            "version": "24.9.1",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.9.1.tgz",
+            "integrity": "sha512-QoiaXANRkSXK6p0Duvt56W208du4P9Uye9hWLWgGMDTEoKPhuenzNcC4vGUmrNkiOKTlIrBoyNQYNpSwfEZXSg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {

packages/prettier-config/package-lock.json

@@ -388,9 +388,9 @@
             "license": "MIT"
         },
         "node_modules/@types/node": {
-            "version": "24.9.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.9.0.tgz",
-            "integrity": "sha512-MKNwXh3seSK8WurXF7erHPJ2AONmMwkI7zAMrXZDPIru8jRqkk6rGDBVbw4mLwfqA+ZZliiDPg05JQ3uW66tKQ==",
+            "version": "24.9.1",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.9.1.tgz",
+            "integrity": "sha512-QoiaXANRkSXK6p0Duvt56W208du4P9Uye9hWLWgGMDTEoKPhuenzNcC4vGUmrNkiOKTlIrBoyNQYNpSwfEZXSg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "authentik"
-version = "2025.10.0-rc1"
+version = "2025.12.0-rc1"
 description = ""
 authors = [{ name = "authentik Team", email = "hello@goauthentik.io" }]
 requires-python = "==3.13.*"
@@ -28,7 +28,7 @@ dependencies = [
   "django-tenants==3.9.0",
   "djangoql==0.18.1",
   "djangorestframework-guardian==0.4.0",
-  "djangorestframework==3.16.0",
+  "djangorestframework==3.16.1",
   "docker==7.1.0",
   "drf-orjson-renderer==1.7.3",
   "drf-spectacular==0.28.0",
@@ -121,7 +121,6 @@ no-binary-package = [
 ]
 
 [tool.uv.sources]
-djangorestframework = { git = "https://github.com/goauthentik/django-rest-framework", rev = "896722bab969fabc74a08b827da59409cf9f1a4e" }
 django-channels-postgres = { workspace = true }
 django-dramatiq-postgres = { workspace = true }
 django-postgres-cache = { workspace = true }

schema.yml

@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: authentik
-  version: 2025.10.0-rc1
+  version: 2025.12.0-rc1
   description: Making authentication simple.
   contact:
     email: hello@goauthentik.io
@@ -36067,6 +36067,14 @@ components:
           $ref: '#/components/schemas/OutgoingSyncDeleteAction'
         default_group_email_domain:
           type: string
+        sync_page_size:
+          type: integer
+          maximum: 2147483647
+          minimum: 1
+          description: Controls the number of objects synced in a single task
+        sync_page_timeout:
+          type: string
+          description: Timeout for synchronization of a single page
         dry_run:
           type: boolean
           description: When enabled, provider will not modify or create objects in
@@ -36238,6 +36246,15 @@ components:
         default_group_email_domain:
           type: string
           minLength: 1
+        sync_page_size:
+          type: integer
+          maximum: 2147483647
+          minimum: 1
+          description: Controls the number of objects synced in a single task
+        sync_page_timeout:
+          type: string
+          minLength: 1
+          description: Timeout for synchronization of a single page
         dry_run:
           type: boolean
           description: When enabled, provider will not modify or create objects in
@@ -38570,6 +38587,14 @@ components:
           $ref: '#/components/schemas/OutgoingSyncDeleteAction'
         group_delete_action:
           $ref: '#/components/schemas/OutgoingSyncDeleteAction'
+        sync_page_size:
+          type: integer
+          maximum: 2147483647
+          minimum: 1
+          description: Controls the number of objects synced in a single task
+        sync_page_timeout:
+          type: string
+          description: Timeout for synchronization of a single page
         dry_run:
           type: boolean
           description: When enabled, provider will not modify or create objects in
@@ -38736,6 +38761,15 @@ components:
           $ref: '#/components/schemas/OutgoingSyncDeleteAction'
         group_delete_action:
           $ref: '#/components/schemas/OutgoingSyncDeleteAction'
+        sync_page_size:
+          type: integer
+          maximum: 2147483647
+          minimum: 1
+          description: Controls the number of objects synced in a single task
+        sync_page_timeout:
+          type: string
+          minLength: 1
+          description: Timeout for synchronization of a single page
         dry_run:
           type: boolean
           description: When enabled, provider will not modify or create objects in
@@ -43743,6 +43777,15 @@ components:
         default_group_email_domain:
           type: string
           minLength: 1
+        sync_page_size:
+          type: integer
+          maximum: 2147483647
+          minimum: 1
+          description: Controls the number of objects synced in a single task
+        sync_page_timeout:
+          type: string
+          minLength: 1
+          description: Timeout for synchronization of a single page
         dry_run:
           type: boolean
           description: When enabled, provider will not modify or create objects in
@@ -44408,6 +44451,15 @@ components:
           $ref: '#/components/schemas/OutgoingSyncDeleteAction'
         group_delete_action:
           $ref: '#/components/schemas/OutgoingSyncDeleteAction'
+        sync_page_size:
+          type: integer
+          maximum: 2147483647
+          minimum: 1
+          description: Controls the number of objects synced in a single task
+        sync_page_timeout:
+          type: string
+          minLength: 1
+          description: Timeout for synchronization of a single page
         dry_run:
           type: boolean
           description: When enabled, provider will not modify or create objects in
@@ -45693,6 +45745,15 @@ components:
           type: string
           format: uuid
           nullable: true
+        sync_page_size:
+          type: integer
+          maximum: 2147483647
+          minimum: 1
+          description: Controls the number of objects synced in a single task
+        sync_page_timeout:
+          type: string
+          minLength: 1
+          description: Timeout for synchronization of a single page
         dry_run:
           type: boolean
           description: When enabled, provider will not modify or create objects in
@@ -49360,6 +49421,14 @@ components:
           type: string
           format: uuid
           nullable: true
+        sync_page_size:
+          type: integer
+          maximum: 2147483647
+          minimum: 1
+          description: Controls the number of objects synced in a single task
+        sync_page_timeout:
+          type: string
+          description: Timeout for synchronization of a single page
         dry_run:
           type: boolean
           description: When enabled, provider will not modify or create objects in
@@ -49469,6 +49538,15 @@ components:
           type: string
           format: uuid
           nullable: true
+        sync_page_size:
+          type: integer
+          maximum: 2147483647
+          minimum: 1
+          description: Controls the number of objects synced in a single task
+        sync_page_timeout:
+          type: string
+          minLength: 1
+          description: Timeout for synchronization of a single page
         dry_run:
           type: boolean
           description: When enabled, provider will not modify or create objects in
@@ -50194,6 +50272,12 @@ components:
           type: string
         brand_name:
           type: string
+        sls_url:
+          type: string
+        sls_binding:
+          type: string
+        logout_response:
+          type: string
       required:
       - brand_name
       - pending_user

uv.lock

@@ -1,5 +1,5 @@
 version = 1
-revision = 2
+revision = 3
 requires-python = "==3.13.*"
 
 [manifest]
@@ -170,7 +170,7 @@ wheels = [
 
 [[package]]
 name = "authentik"
-version = "2025.10.0rc1"
+version = "2025.12.0rc1"
 source = { editable = "." }
 dependencies = [
     { name = "argon2-cffi" },
@@ -300,7 +300,7 @@ requires-dist = [
     { name = "django-storages", extras = ["s3"], specifier = "==1.14.6" },
     { name = "django-tenants", specifier = "==3.9.0" },
     { name = "djangoql", specifier = "==0.18.1" },
-    { name = "djangorestframework", git = "https://github.com/goauthentik/django-rest-framework?rev=896722bab969fabc74a08b827da59409cf9f1a4e" },
+    { name = "djangorestframework", specifier = "==3.16.1" },
     { name = "djangorestframework-guardian", specifier = "==0.4.0" },
     { name = "docker", specifier = "==7.1.0" },
     { name = "drf-orjson-renderer", specifier = "==1.7.3" },
@@ -1247,11 +1247,15 @@ wheels = [
 
 [[package]]
 name = "djangorestframework"
-version = "3.16.0"
-source = { git = "https://github.com/goauthentik/django-rest-framework?rev=896722bab969fabc74a08b827da59409cf9f1a4e#896722bab969fabc74a08b827da59409cf9f1a4e" }
+version = "3.16.1"
+source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "django" },
 ]
+sdist = { url = "https://files.pythonhosted.org/packages/8a/95/5376fe618646fde6899b3cdc85fd959716bb67542e273a76a80d9f326f27/djangorestframework-3.16.1.tar.gz", hash = "sha256:166809528b1aced0a17dc66c24492af18049f2c9420dbd0be29422029cfc3ff7", size = 1089735, upload-time = "2025-08-06T17:50:53.251Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/b0/ce/bf8b9d3f415be4ac5588545b5fcdbbb841977db1c1d923f7568eeabe1689/djangorestframework-3.16.1-py3-none-any.whl", hash = "sha256:33a59f47fb9c85ede792cbf88bde71893bcda0667bc573f784649521f1102cec", size = 1080442, upload-time = "2025-08-06T17:50:50.667Z" },
+]
 
 [[package]]
 name = "djangorestframework-guardian"

web/package-lock.json

@@ -1,12 +1,12 @@
 {
     "name": "@goauthentik/web",
-    "version": "2025.10.0-rc1",
+    "version": "2025.12.0-rc1",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "@goauthentik/web",
-            "version": "2025.10.0-rc1",
+            "version": "2025.12.0-rc1",
             "license": "MIT",
             "workspaces": [
                 "./packages/*"
@@ -43,8 +43,8 @@
                 "@patternfly/elements": "^4.2.0",
                 "@patternfly/patternfly": "^4.224.2",
                 "@playwright/test": "^1.56.1",
-                "@sentry/browser": "^10.20.0",
-                "@spotlightjs/spotlight": "^4.1.4",
+                "@sentry/browser": "^10.21.0",
+                "@spotlightjs/spotlight": "^4.2.0",
                 "@storybook/addon-docs": "^9.1.13",
                 "@storybook/addon-links": "^9.1.13",
                 "@storybook/web-components": "^9.1.13",
@@ -53,7 +53,7 @@
                 "@types/grecaptcha": "^3.0.9",
                 "@types/guacamole-common-js": "^1.5.4",
                 "@types/mocha": "^10.0.10",
-                "@types/node": "^24.9.0",
+                "@types/node": "^24.9.1",
                 "@types/react": "^19.2.2",
                 "@types/react-dom": "^19.2.2",
                 "@typescript-eslint/eslint-plugin": "^8.38.0",
@@ -64,6 +64,7 @@
                 "change-case": "^5.4.4",
                 "chart.js": "^4.5.1",
                 "chartjs-adapter-date-fns": "^3.0.0",
+                "chromedriver": "^141.0.4",
                 "codemirror": "^6.0.2",
                 "core-js": "^3.46.0",
                 "country-flag-icons": "^1.5.21",
@@ -79,7 +80,7 @@
                 "globals": "^16.4.0",
                 "guacamole-common-js": "^1.5.0",
                 "hastscript": "^9.0.1",
-                "knip": "^5.66.1",
+                "knip": "^5.66.2",
                 "lit": "^3.3.1",
                 "lit-analyzer": "^2.0.3",
                 "md-front-matter": "^1.0.4",
@@ -102,7 +103,7 @@
                 "remark-gfm": "^4.0.1",
                 "remark-mdx-frontmatter": "^5.2.0",
                 "storybook": "^9.0.16",
-                "style-mod": "^4.1.2",
+                "style-mod": "^4.1.3",
                 "trusted-types": "^2.0.0",
                 "ts-pattern": "^5.8.0",
                 "turnstile-types": "^1.2.3",
@@ -110,7 +111,7 @@
                 "typescript": "^5.9.3",
                 "typescript-eslint": "^8.46.2",
                 "unist-util-visit": "^5.0.0",
-                "vite": "^7.1.10",
+                "vite": "^7.1.11",
                 "vitest": "^3.2.4",
                 "webcomponent-qr-code": "^1.3.0",
                 "wireit": "^0.14.12",
@@ -126,7 +127,7 @@
                 "@rollup/rollup-darwin-arm64": "^4.52.5",
                 "@rollup/rollup-linux-arm64-gnu": "^4.52.5",
                 "@rollup/rollup-linux-x64-gnu": "^4.52.5",
-                "chromedriver": "^141.0.3",
+                "chromedriver": "^141.0.4",
                 "p-iteration": "^1.1.8"
             }
         },
@@ -1936,9 +1937,9 @@
             }
         },
         "node_modules/@modelcontextprotocol/sdk": {
-            "version": "1.20.0",
-            "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.20.0.tgz",
-            "integrity": "sha512-kOQ4+fHuT4KbR2iq2IjeV32HiihueuOf1vJkq18z08CLZ1UQrTc8BXJpVfxZkq45+inLLD+D4xx4nBjUelJa4Q==",
+            "version": "1.20.1",
+            "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.20.1.tgz",
+            "integrity": "sha512-j/P+yuxXfgxb+mW7OEoRCM3G47zCTDqUPivJo/VzpjbG8I9csTXtOprCf5FfOfHK4whOJny0aHuBEON+kS7CCA==",
             "license": "MIT",
             "dependencies": {
                 "ajv": "^6.12.6",
@@ -1958,6 +1959,18 @@
                 "node": ">=18"
             }
         },
+        "node_modules/@modelcontextprotocol/sdk/node_modules/eventsource": {
+            "version": "3.0.7",
+            "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-3.0.7.tgz",
+            "integrity": "sha512-CRT1WTyuQoD771GW56XEZFQ/ZoSfWid1alKGDYMmkt2yl8UXrVR4pspqWNEcqKvVIzg6PAltWjxcSSPrboA4iA==",
+            "license": "MIT",
+            "dependencies": {
+                "eventsource-parser": "^3.0.1"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
         "node_modules/@mrmarble/djangoql-completion": {
             "version": "0.8.3",
             "resolved": "https://registry.npmjs.org/@mrmarble/djangoql-completion/-/djangoql-completion-0.8.3.tgz",
@@ -2334,9 +2347,9 @@
             }
         },
         "node_modules/@opentelemetry/context-async-hooks": {
-            "version": "2.1.0",
-            "resolved": "https://registry.npmjs.org/@opentelemetry/context-async-hooks/-/context-async-hooks-2.1.0.tgz",
-            "integrity": "sha512-zOyetmZppnwTyPrt4S7jMfXiSX9yyfF0hxlA8B5oo2TtKl+/RGCy7fi4DrBfIf3lCPrkKsRBWZZD7RFojK7FDg==",
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/@opentelemetry/context-async-hooks/-/context-async-hooks-2.2.0.tgz",
+            "integrity": "sha512-qRkLWiUEZNAmYapZ7KGS5C4OmBLcP/H2foXeOEaowYCR0wi89fHejrfYfbuLVCMLp/dWZXKvQusdbUEZjERfwQ==",
             "license": "Apache-2.0",
             "engines": {
                 "node": "^18.19.0 || >=20.6.0"
@@ -2346,9 +2359,9 @@
             }
         },
         "node_modules/@opentelemetry/core": {
-            "version": "2.1.0",
-            "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-2.1.0.tgz",
-            "integrity": "sha512-RMEtHsxJs/GiHHxYT58IY57UXAQTuUnZVco6ymDEqTNlJKTimM4qPUPVe8InNFyBjhHBEAx4k3Q8LtNayBsbUQ==",
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-2.2.0.tgz",
+            "integrity": "sha512-FuabnnUm8LflnieVxs6eP7Z383hgQU4W1e3KJS6aOG3RxWxcHyBxH8fDMHNgu/gFx/M2jvTOW/4/PHhLz6bjWw==",
             "license": "Apache-2.0",
             "dependencies": {
                 "@opentelemetry/semantic-conventions": "^1.29.0"
@@ -2525,6 +2538,21 @@
                 "@opentelemetry/api": "^1.3.0"
             }
         },
+        "node_modules/@opentelemetry/instrumentation-http/node_modules/@opentelemetry/core": {
+            "version": "2.1.0",
+            "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-2.1.0.tgz",
+            "integrity": "sha512-RMEtHsxJs/GiHHxYT58IY57UXAQTuUnZVco6ymDEqTNlJKTimM4qPUPVe8InNFyBjhHBEAx4k3Q8LtNayBsbUQ==",
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@opentelemetry/semantic-conventions": "^1.29.0"
+            },
+            "engines": {
+                "node": "^18.19.0 || >=20.6.0"
+            },
+            "peerDependencies": {
+                "@opentelemetry/api": ">=1.0.0 <1.10.0"
+            }
+        },
         "node_modules/@opentelemetry/instrumentation-ioredis": {
             "version": "0.52.0",
             "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-ioredis/-/instrumentation-ioredis-0.52.0.tgz",
@@ -2753,12 +2781,12 @@
             }
         },
         "node_modules/@opentelemetry/resources": {
-            "version": "2.1.0",
-            "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-2.1.0.tgz",
-            "integrity": "sha512-1CJjf3LCvoefUOgegxi8h6r4B/wLSzInyhGP2UmIBYNlo4Qk5CZ73e1eEyWmfXvFtm1ybkmfb2DqWvspsYLrWw==",
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-2.2.0.tgz",
+            "integrity": "sha512-1pNQf/JazQTMA0BiO5NINUzH0cbLbbl7mntLa4aJNmCCXSj0q03T5ZXXL0zw4G55TjdL9Tz32cznGClf+8zr5A==",
             "license": "Apache-2.0",
             "dependencies": {
-                "@opentelemetry/core": "2.1.0",
+                "@opentelemetry/core": "2.2.0",
                 "@opentelemetry/semantic-conventions": "^1.29.0"
             },
             "engines": {
@@ -2769,13 +2797,13 @@
             }
         },
         "node_modules/@opentelemetry/sdk-trace-base": {
-            "version": "2.1.0",
-            "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-2.1.0.tgz",
-            "integrity": "sha512-uTX9FBlVQm4S2gVQO1sb5qyBLq/FPjbp+tmGoxu4tIgtYGmBYB44+KX/725RFDe30yBSaA9Ml9fqphe1hbUyLQ==",
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-2.2.0.tgz",
+            "integrity": "sha512-xWQgL0Bmctsalg6PaXExmzdedSp3gyKV8mQBwK/j9VGdCDu2fmXIb2gAehBKbkXCpJ4HPkgv3QfoJWRT4dHWbw==",
             "license": "Apache-2.0",
             "dependencies": {
-                "@opentelemetry/core": "2.1.0",
-                "@opentelemetry/resources": "2.1.0",
+                "@opentelemetry/core": "2.2.0",
+                "@opentelemetry/resources": "2.2.0",
                 "@opentelemetry/semantic-conventions": "^1.29.0"
             },
             "engines": {
@@ -3600,129 +3628,84 @@
             "integrity": "sha512-831qok9r2t8AlxLko40y2ebgSDhenenCatLVeW/uBtnHPyhHOvG0C7TvfgecV+wHzIm5KUICgzmVpWS+IMEAeg=="
         },
         "node_modules/@sentry-internal/browser-utils": {
-            "version": "10.20.0",
-            "resolved": "https://registry.npmjs.org/@sentry-internal/browser-utils/-/browser-utils-10.20.0.tgz",
-            "integrity": "sha512-9+NybrYs+dEM2iW5uRAYEhKkNK0XhDea5jovtDUXEvdSCMJFcdR88uztkftnCur45/hpvbgSULsGPUdHPb5ITw==",
+            "version": "10.21.0",
+            "resolved": "https://registry.npmjs.org/@sentry-internal/browser-utils/-/browser-utils-10.21.0.tgz",
+            "integrity": "sha512-QRHpCBheLd/88Z2m3ABMriV0MweW+pcGKuVsH61/UdziKcQLdoQpOSvGg0/0CuqFm2UjL7237ZzLdZrWaCOlfQ==",
             "license": "MIT",
             "dependencies": {
-                "@sentry/core": "10.20.0"
+                "@sentry/core": "10.21.0"
             },
             "engines": {
                 "node": ">=18"
             }
         },
-        "node_modules/@sentry-internal/browser-utils/node_modules/@sentry/core": {
-            "version": "10.20.0",
-            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.20.0.tgz",
-            "integrity": "sha512-S291KihnOIB8i7mVJIJBVHBMcCfIoY/KDJBHEfBoHY9M56g2An4FVhM9+/xR85+IoMkTySdXN08k9LEyQz4FpQ==",
-            "license": "MIT",
-            "engines": {
-                "node": ">=18"
-            }
-        },
         "node_modules/@sentry-internal/feedback": {
-            "version": "10.20.0",
-            "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-10.20.0.tgz",
-            "integrity": "sha512-R/eGLKl7WDccLKBorEbyTsy5b99w/k4v80SntE8HL2rsO7DCDXma8TGmtHd+iZnw8dUci+EVrw7LbeGSgf3QzA==",
+            "version": "10.21.0",
+            "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-10.21.0.tgz",
+            "integrity": "sha512-6SnRR2FiW6TMwCE0PqbueHkkpeVnjOjz00R+/mX25Dp1U5BU5TzbXHzn9Y4wKnaD3Rzz4+nnzVkpHAOL3SppGw==",
             "license": "MIT",
             "dependencies": {
-                "@sentry/core": "10.20.0"
+                "@sentry/core": "10.21.0"
             },
             "engines": {
                 "node": ">=18"
             }
         },
-        "node_modules/@sentry-internal/feedback/node_modules/@sentry/core": {
-            "version": "10.20.0",
-            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.20.0.tgz",
-            "integrity": "sha512-S291KihnOIB8i7mVJIJBVHBMcCfIoY/KDJBHEfBoHY9M56g2An4FVhM9+/xR85+IoMkTySdXN08k9LEyQz4FpQ==",
-            "license": "MIT",
-            "engines": {
-                "node": ">=18"
-            }
-        },
         "node_modules/@sentry-internal/replay": {
-            "version": "10.20.0",
-            "resolved": "https://registry.npmjs.org/@sentry-internal/replay/-/replay-10.20.0.tgz",
-            "integrity": "sha512-+XPYp0CuJnf+c36/c+hHrY6wAPHCdnqllZeyU7+9LAiKsdhN8Oo4eF1v5zd097qDZBg1NrKhU44ScJIzz+vygw==",
+            "version": "10.21.0",
+            "resolved": "https://registry.npmjs.org/@sentry-internal/replay/-/replay-10.21.0.tgz",
+            "integrity": "sha512-5tfiKZJzZf9+Xk8SyvoC4ZEVLNmjBZZEaKhVyNo53CLWUWfWOqDc3DB9fj85i/yHFQ0ImdRnaPBc0CIeN00CcA==",
             "license": "MIT",
             "dependencies": {
-                "@sentry-internal/browser-utils": "10.20.0",
-                "@sentry/core": "10.20.0"
+                "@sentry-internal/browser-utils": "10.21.0",
+                "@sentry/core": "10.21.0"
             },
             "engines": {
                 "node": ">=18"
             }
         },
         "node_modules/@sentry-internal/replay-canvas": {
-            "version": "10.20.0",
-            "resolved": "https://registry.npmjs.org/@sentry-internal/replay-canvas/-/replay-canvas-10.20.0.tgz",
-            "integrity": "sha512-8DBawFi4F4e2Cu2ToiitCnYsK8idrDOv66Vq+N6c8e3qFitTTuoPQwOihb2+HY4CB06ABPW3WvfZntJJmsf91w==",
+            "version": "10.21.0",
+            "resolved": "https://registry.npmjs.org/@sentry-internal/replay-canvas/-/replay-canvas-10.21.0.tgz",
+            "integrity": "sha512-TOLo5mAjJSOuJId8Po44d1hwJ5bIZDtRSoupWpYWqLw1tuUh1tc4vqID11ZXsw9pBzjVIK653BPDX/z/9+Um+Q==",
             "license": "MIT",
             "dependencies": {
-                "@sentry-internal/replay": "10.20.0",
-                "@sentry/core": "10.20.0"
+                "@sentry-internal/replay": "10.21.0",
+                "@sentry/core": "10.21.0"
             },
             "engines": {
                 "node": ">=18"
             }
         },
-        "node_modules/@sentry-internal/replay-canvas/node_modules/@sentry/core": {
-            "version": "10.20.0",
-            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.20.0.tgz",
-            "integrity": "sha512-S291KihnOIB8i7mVJIJBVHBMcCfIoY/KDJBHEfBoHY9M56g2An4FVhM9+/xR85+IoMkTySdXN08k9LEyQz4FpQ==",
-            "license": "MIT",
-            "engines": {
-                "node": ">=18"
-            }
-        },
-        "node_modules/@sentry-internal/replay/node_modules/@sentry/core": {
-            "version": "10.20.0",
-            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.20.0.tgz",
-            "integrity": "sha512-S291KihnOIB8i7mVJIJBVHBMcCfIoY/KDJBHEfBoHY9M56g2An4FVhM9+/xR85+IoMkTySdXN08k9LEyQz4FpQ==",
-            "license": "MIT",
-            "engines": {
-                "node": ">=18"
-            }
-        },
         "node_modules/@sentry/browser": {
-            "version": "10.20.0",
-            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-10.20.0.tgz",
-            "integrity": "sha512-zcf8HwFiRbzjZL9KbLev44eEOf+yl+3svQbs2BlR2KAYGaB10swV5abij0UTTGO7ClnqUZdcGpwiyyfPS6mjHg==",
+            "version": "10.21.0",
+            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-10.21.0.tgz",
+            "integrity": "sha512-z/63bUFBQkTfJ5ElhWTYvomz+gZ1GsoH16v4/RGoPY5qZgYxcVO3fkp0opnu3gcbXS0ZW7TLRiHpqhvipDdP6g==",
             "license": "MIT",
             "dependencies": {
-                "@sentry-internal/browser-utils": "10.20.0",
-                "@sentry-internal/feedback": "10.20.0",
-                "@sentry-internal/replay": "10.20.0",
-                "@sentry-internal/replay-canvas": "10.20.0",
-                "@sentry/core": "10.20.0"
+                "@sentry-internal/browser-utils": "10.21.0",
+                "@sentry-internal/feedback": "10.21.0",
+                "@sentry-internal/replay": "10.21.0",
+                "@sentry-internal/replay-canvas": "10.21.0",
+                "@sentry/core": "10.21.0"
             },
             "engines": {
                 "node": ">=18"
             }
         },
-        "node_modules/@sentry/browser/node_modules/@sentry/core": {
-            "version": "10.20.0",
-            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.20.0.tgz",
-            "integrity": "sha512-S291KihnOIB8i7mVJIJBVHBMcCfIoY/KDJBHEfBoHY9M56g2An4FVhM9+/xR85+IoMkTySdXN08k9LEyQz4FpQ==",
-            "license": "MIT",
-            "engines": {
-                "node": ">=18"
-            }
-        },
         "node_modules/@sentry/core": {
-            "version": "10.19.0",
-            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.19.0.tgz",
-            "integrity": "sha512-OqZjYDYsK6ZmBG5UzML0uKiKq//G6mMwPcszfuCsFgPt+pg5giUCrCUbt5VIVkHdN1qEEBk321JO2haU5n2Eig==",
+            "version": "10.21.0",
+            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.21.0.tgz",
+            "integrity": "sha512-/+gpOOb2Wr1UbW59WKqNAVVIqFz9FjtUJuPtVh4UanxGCfavMPaKpFzSlaEKJSKDkiCQgANP4O2y8Y5Bh3tvEA==",
             "license": "MIT",
             "engines": {
                 "node": ">=18"
             }
         },
         "node_modules/@sentry/node": {
-            "version": "10.19.0",
-            "resolved": "https://registry.npmjs.org/@sentry/node/-/node-10.19.0.tgz",
-            "integrity": "sha512-GUN/UVRsqnXd4O8GCxR8F682nyYemeO4mr0Yc5JPz0CxT2gYkemuifT29bFOont8V5o055WJv32NrQnZcm/nyg==",
+            "version": "10.21.0",
+            "resolved": "https://registry.npmjs.org/@sentry/node/-/node-10.21.0.tgz",
+            "integrity": "sha512-z7g+rZIHOSzISGCYbpy8b6UxYd7kl0bjdTTjDC4rJCoofhO71By5tZum1HhcmYEWWDj7qc/Mbfmfv6rXoimT6A==",
             "license": "MIT",
             "dependencies": {
                 "@opentelemetry/api": "^1.9.0",
@@ -3755,9 +3738,9 @@
                 "@opentelemetry/sdk-trace-base": "^2.1.0",
                 "@opentelemetry/semantic-conventions": "^1.37.0",
                 "@prisma/instrumentation": "6.15.0",
-                "@sentry/core": "10.19.0",
-                "@sentry/node-core": "10.19.0",
-                "@sentry/opentelemetry": "10.19.0",
+                "@sentry/core": "10.21.0",
+                "@sentry/node-core": "10.21.0",
+                "@sentry/opentelemetry": "10.21.0",
                 "import-in-the-middle": "^1.14.2",
                 "minimatch": "^9.0.0"
             },
@@ -3766,14 +3749,14 @@
             }
         },
         "node_modules/@sentry/node-core": {
-            "version": "10.19.0",
-            "resolved": "https://registry.npmjs.org/@sentry/node-core/-/node-core-10.19.0.tgz",
-            "integrity": "sha512-m3xTaIDSh1V88K+e1zaGwKKuhDUAHMX1nncJmsGm8Hwg7FLK2fdr7wm9IJaIF0S1E4R38oHC4kZdL+ebrUghDg==",
+            "version": "10.21.0",
+            "resolved": "https://registry.npmjs.org/@sentry/node-core/-/node-core-10.21.0.tgz",
+            "integrity": "sha512-vPn9sYMl2IB14lp6HP3nyJVM2VDDpclf7yvNWe/9yDY+ad1T/+8x5j501LjUaZDRR+7APM1Mb1S9YMAL3gTiwA==",
             "license": "MIT",
             "dependencies": {
                 "@apm-js-collab/tracing-hooks": "^0.3.1",
-                "@sentry/core": "10.19.0",
-                "@sentry/opentelemetry": "10.19.0",
+                "@sentry/core": "10.21.0",
+                "@sentry/opentelemetry": "10.21.0",
                 "import-in-the-middle": "^1.14.2"
             },
             "engines": {
@@ -3790,12 +3773,12 @@
             }
         },
         "node_modules/@sentry/opentelemetry": {
-            "version": "10.19.0",
-            "resolved": "https://registry.npmjs.org/@sentry/opentelemetry/-/opentelemetry-10.19.0.tgz",
-            "integrity": "sha512-o1NWDWXM4flBIqqBECcaZ+y0TS44UxQh5BtTTPJzkU0FsWOytn9lp9ccVi7qBMb7Zrl3rw3Q0BRNETKVG5Ag/w==",
+            "version": "10.21.0",
+            "resolved": "https://registry.npmjs.org/@sentry/opentelemetry/-/opentelemetry-10.21.0.tgz",
+            "integrity": "sha512-Yr4imXxkSLhJt2WHVXh31NpIe9ZgcnJTVVvzq/g6Ox40bj5+cdpFh6RTsLcsw5hvDC8a1KUvmdIhUTKAkEsqgA==",
             "license": "MIT",
             "dependencies": {
-                "@sentry/core": "10.19.0"
+                "@sentry/core": "10.21.0"
             },
             "engines": {
                 "node": ">=18"
@@ -3827,9 +3810,9 @@
             "license": "Apache-2.0"
         },
         "node_modules/@spotlightjs/sidecar": {
-            "version": "2.1.3",
-            "resolved": "https://registry.npmjs.org/@spotlightjs/sidecar/-/sidecar-2.1.3.tgz",
-            "integrity": "sha512-jFBl9hOdrJUNNmbgbnd5QX+iRChlHLqRvlMtRML6rdtQGQIt5HPx51X7A3ehdVVH5Km33hysgS1hEzEzic904g==",
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/@spotlightjs/sidecar/-/sidecar-2.2.0.tgz",
+            "integrity": "sha512-GFNW0gMLG6p5W89OMg6BoBuvWbDIjV3yrx6Y3I87U7QSZh5+bFwA6tHSkDQ3jwpUopK700ztkoFrJ+XeDH3FhA==",
             "license": "Apache-2.0",
             "dependencies": {
                 "@hono/mcp": "^0.1.1",
@@ -3838,7 +3821,8 @@
                 "@modelcontextprotocol/sdk": "^1.16.0",
                 "@sentry/core": "^10",
                 "@sentry/node": "^10",
-                "hono": "^4.9.7",
+                "eventsource": "^4.0.0",
+                "hono": "^4.10.2",
                 "launch-editor": "^2.9.1",
                 "mcp-proxy": "^5.6.0",
                 "uuidv7": "^1.0.2",
@@ -3852,14 +3836,14 @@
             }
         },
         "node_modules/@spotlightjs/spotlight": {
-            "version": "4.1.4",
-            "resolved": "https://registry.npmjs.org/@spotlightjs/spotlight/-/spotlight-4.1.4.tgz",
-            "integrity": "sha512-dLm6vOK3pTIu3yW4/Rjn2/0hmcb8zIeKhBw2zplu7cowd+yqBbJ+JC50y8B4Yz3mUwhmGr67eAxUD8AtQihYxw==",
+            "version": "4.2.0",
+            "resolved": "https://registry.npmjs.org/@spotlightjs/spotlight/-/spotlight-4.2.0.tgz",
+            "integrity": "sha512-4f2zDbdnBrJx2XDSEBWzKokpexGgjHWflggKGEPWUMvVcGn8Lux/FJMY2Tl2er/IixhU+sPnoMCKW9dJutOmEA==",
             "license": "Apache-2.0",
             "dependencies": {
                 "@sentry/node": "^10",
                 "@spotlightjs/overlay": "4.3.0",
-                "@spotlightjs/sidecar": "2.1.3",
+                "@spotlightjs/sidecar": "2.2.0",
                 "import-meta-resolve": "^4.1.0"
             },
             "bin": {
@@ -5477,9 +5461,9 @@
             }
         },
         "node_modules/@types/node": {
-            "version": "24.9.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.9.0.tgz",
-            "integrity": "sha512-MKNwXh3seSK8WurXF7erHPJ2AONmMwkI7zAMrXZDPIru8jRqkk6rGDBVbw4mLwfqA+ZZliiDPg05JQ3uW66tKQ==",
+            "version": "24.9.1",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.9.1.tgz",
+            "integrity": "sha512-QoiaXANRkSXK6p0Duvt56W208du4P9Uye9hWLWgGMDTEoKPhuenzNcC4vGUmrNkiOKTlIrBoyNQYNpSwfEZXSg==",
             "license": "MIT",
             "dependencies": {
                 "undici-types": "~7.16.0"
@@ -7445,9 +7429,9 @@
             }
         },
         "node_modules/chromedriver": {
-            "version": "141.0.3",
-            "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-141.0.3.tgz",
-            "integrity": "sha512-YnB6cK5OIKJvz056A97RxTMlQVj/zzDf9YnJj4jUQwc61Ixk4/cis0rguS8kzHTOLR7IkJZRUOWWGKuBYMjo0Q==",
+            "version": "141.0.4",
+            "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-141.0.4.tgz",
+            "integrity": "sha512-pUpriiZRn+JXkBud54eTnhFwp2hRc9B7szSk7smN7swsqQq8aK9Q6WGeV8RcTpYqaZ+4/gMIUaZAUqe1Ds4W1w==",
             "hasInstallScript": true,
             "license": "Apache-2.0",
             "optional": true,
@@ -9815,15 +9799,15 @@
             }
         },
         "node_modules/eventsource": {
-            "version": "3.0.7",
-            "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-3.0.7.tgz",
-            "integrity": "sha512-CRT1WTyuQoD771GW56XEZFQ/ZoSfWid1alKGDYMmkt2yl8UXrVR4pspqWNEcqKvVIzg6PAltWjxcSSPrboA4iA==",
+            "version": "4.0.0",
+            "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-4.0.0.tgz",
+            "integrity": "sha512-fvIkb9qZzdMxgZrEQDyll+9oJsyaVvY92I2Re+qK0qEJ+w5s0X3dtz+M0VAPOjP1gtU3iqWyjQ0G3nvd5CLZ2g==",
             "license": "MIT",
             "dependencies": {
                 "eventsource-parser": "^3.0.1"
             },
             "engines": {
-                "node": ">=18.0.0"
+                "node": ">=20.0.0"
             }
         },
         "node_modules/eventsource-parser": {
@@ -11146,9 +11130,9 @@
             }
         },
         "node_modules/hono": {
-            "version": "4.9.12",
-            "resolved": "https://registry.npmjs.org/hono/-/hono-4.9.12.tgz",
-            "integrity": "sha512-SrTC0YxqPwnN7yKa8gg/giLyQ2pILCKoideIHbYbFQlWZjYt68D2A4Ae1hehO/aDQ6RmTcpqOV/O2yBtMzx/VQ==",
+            "version": "4.10.2",
+            "resolved": "https://registry.npmjs.org/hono/-/hono-4.10.2.tgz",
+            "integrity": "sha512-p6fyzl+mQo6uhESLxbF5WlBOAJMDh36PljwlKtP5V1v09NxlqGru3ShK+4wKhSuhuYf8qxMmrivHOa/M7q0sMg==",
             "license": "MIT",
             "engines": {
                 "node": ">=16.9.0"
@@ -12177,9 +12161,9 @@
             }
         },
         "node_modules/knip": {
-            "version": "5.66.1",
-            "resolved": "https://registry.npmjs.org/knip/-/knip-5.66.1.tgz",
-            "integrity": "sha512-Ad3VUPIk9GZYovKuwKtGMheupek7IoPGaDEBAvnCYLKJXnwmqNLyXqMp+l5r3OOpFVjF7DdkFIZFVrXESDNylQ==",
+            "version": "5.66.2",
+            "resolved": "https://registry.npmjs.org/knip/-/knip-5.66.2.tgz",
+            "integrity": "sha512-5wvsdc17C5bMxjuGfN9KVS/tW5KIvzP1RClfpTMdLYm8IXIsfWsiHlFkTvZIca9skwoVDyTyXmbRq4w1Poim+A==",
             "funding": [
                 {
                     "type": "github",
@@ -17429,9 +17413,10 @@
             }
         },
         "node_modules/style-mod": {
-            "version": "4.1.2",
-            "resolved": "https://registry.npmjs.org/style-mod/-/style-mod-4.1.2.tgz",
-            "integrity": "sha512-wnD1HyVqpJUI2+eKZ+eo1UwghftP6yuFheBqqe+bWCotBjC2K1YnteJILRMs3SM4V/0dLEW1SC27MWP5y+mwmw=="
+            "version": "4.1.3",
+            "resolved": "https://registry.npmjs.org/style-mod/-/style-mod-4.1.3.tgz",
+            "integrity": "sha512-i/n8VsZydrugj3Iuzll8+x/00GH2vnYsk1eomD8QiRrSAeW6ItbCQDtfXCeJHd0iwiNagqjQkvpvREEPtW3IoQ==",
+            "license": "MIT"
         },
         "node_modules/style-to-object": {
             "version": "1.0.8",
@@ -18350,9 +18335,9 @@
             }
         },
         "node_modules/vite": {
-            "version": "7.1.10",
-            "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.10.tgz",
-            "integrity": "sha512-CmuvUBzVJ/e3HGxhg6cYk88NGgTnBoOo7ogtfJJ0fefUWAxN/WDSUa50o+oVBxuIhO8FoEZW0j2eW7sfjs5EtA==",
+            "version": "7.1.11",
+            "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.11.tgz",
+            "integrity": "sha512-uzcxnSDVjAopEUjljkWh8EIrg6tlzrjFUfMcR1EVsRDGwf/ccef0qQPRyOrROwhrTDaApueq+ja+KLPlzR/zdg==",
             "license": "MIT",
             "dependencies": {
                 "esbuild": "^0.25.0",
@@ -19199,7 +19184,7 @@
             "dependencies": {
                 "@goauthentik/prettier-config": "^3.1.0",
                 "@goauthentik/tsconfig": "^1.0.4",
-                "@types/node": "^24.9.0",
+                "@types/node": "^24.9.1",
                 "@types/semver": "^7.7.1",
                 "prettier": "^3.6.2",
                 "semver": "^7.7.3",

web/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@goauthentik/web",
-    "version": "2025.10.0-rc1",
+    "version": "2025.12.0-rc1",
     "license": "MIT",
     "private": true,
     "scripts": {
@@ -115,8 +115,8 @@
         "@patternfly/elements": "^4.2.0",
         "@patternfly/patternfly": "^4.224.2",
         "@playwright/test": "^1.56.1",
-        "@sentry/browser": "^10.20.0",
-        "@spotlightjs/spotlight": "^4.1.4",
+        "@sentry/browser": "^10.21.0",
+        "@spotlightjs/spotlight": "^4.2.0",
         "@storybook/addon-docs": "^9.1.13",
         "@storybook/addon-links": "^9.1.13",
         "@storybook/web-components": "^9.1.13",
@@ -125,7 +125,7 @@
         "@types/grecaptcha": "^3.0.9",
         "@types/guacamole-common-js": "^1.5.4",
         "@types/mocha": "^10.0.10",
-        "@types/node": "^24.9.0",
+        "@types/node": "^24.9.1",
         "@types/react": "^19.2.2",
         "@types/react-dom": "^19.2.2",
         "@typescript-eslint/eslint-plugin": "^8.38.0",
@@ -151,7 +151,7 @@
         "globals": "^16.4.0",
         "guacamole-common-js": "^1.5.0",
         "hastscript": "^9.0.1",
-        "knip": "^5.66.1",
+        "knip": "^5.66.2",
         "lit": "^3.3.1",
         "lit-analyzer": "^2.0.3",
         "md-front-matter": "^1.0.4",
@@ -174,7 +174,7 @@
         "remark-gfm": "^4.0.1",
         "remark-mdx-frontmatter": "^5.2.0",
         "storybook": "^9.0.16",
-        "style-mod": "^4.1.2",
+        "style-mod": "^4.1.3",
         "trusted-types": "^2.0.0",
         "ts-pattern": "^5.8.0",
         "turnstile-types": "^1.2.3",
@@ -182,7 +182,7 @@
         "typescript": "^5.9.3",
         "typescript-eslint": "^8.46.2",
         "unist-util-visit": "^5.0.0",
-        "vite": "^7.1.10",
+        "vite": "^7.1.11",
         "vitest": "^3.2.4",
         "webcomponent-qr-code": "^1.3.0",
         "wireit": "^0.14.12",
@@ -195,7 +195,7 @@
         "@rollup/rollup-darwin-arm64": "^4.52.5",
         "@rollup/rollup-linux-arm64-gnu": "^4.52.5",
         "@rollup/rollup-linux-x64-gnu": "^4.52.5",
-        "chromedriver": "^141.0.3",
+        "chromedriver": "^141.0.4",
         "p-iteration": "^1.1.8"
     },
     "wireit": {

web/packages/core/package.json

@@ -47,7 +47,7 @@
     "dependencies": {
         "@goauthentik/prettier-config": "^3.1.0",
         "@goauthentik/tsconfig": "^1.0.4",
-        "@types/node": "^24.9.0",
+        "@types/node": "^24.9.1",
         "@types/semver": "^7.7.1",
         "prettier": "^3.6.2",
         "semver": "^7.7.3",

web/src/admin/outposts/ServiceConnectionWizard.ts

@@ -63,7 +63,7 @@ export class ServiceConnectionWizard extends AKElement {
                     return html`
                         <ak-wizard-page-form
                             slot=${`type-${type.component}-${type.modelName}`}
-                            .sidebarLabel=${() => msg(str`Create ${type.name}`)}
+                            label=${msg(str`Create ${type.name}`)}
                         >
                             <ak-proxy-form type=${type.component}></ak-proxy-form>
                         </ak-wizard-page-form>

web/src/admin/policies/PolicyWizard.ts

@@ -87,7 +87,7 @@ export class PolicyWizard extends AKElement {
                     return html`
                         <ak-wizard-page-form
                             slot=${`type-${type.component}-${type.modelName}`}
-                            .sidebarLabel=${() => msg(str`Create ${type.name}`)}
+                            label=${msg(str`Create ${type.name}`)}
                         >
                             <ak-proxy-form type=${type.component}></ak-proxy-form>
                         </ak-wizard-page-form>
@@ -96,7 +96,7 @@ export class PolicyWizard extends AKElement {
                 ${this.showBindingPage
                     ? html`<ak-wizard-page-form
                           slot="create-binding"
-                          .sidebarLabel=${() => msg("Create Binding")}
+                          label=${msg("Create Binding")}
                           .activePageCallback=${async (context: FormWizardPage) => {
                               const createSlot = context.host.steps[1];
                               const bindingForm =

web/src/admin/policies/event_matcher/EventMatcherPolicyForm.ts

@@ -87,7 +87,9 @@ export class EventMatcherPolicyForm extends BasePolicyForm<EventMatcherPolicy> {
                                     DEFAULT_CONFIG,
                                 ).eventsEventsActionsList();
                                 return items.filter((item) =>
-                                    query ? item.name.includes(query) : true,
+                                    query
+                                        ? item.name.toLowerCase().includes(query.toLowerCase())
+                                        : true,
                                 );
                             }}
                             .renderElement=${(item: TypeCreate): string => {

web/src/admin/property-mappings/PropertyMappingWizard.ts

@@ -74,7 +74,7 @@ export class PropertyMappingWizard extends AKElement {
                     return html`
                         <ak-wizard-page-form
                             slot=${`type-${type.component}-${type.modelName}`}
-                            .sidebarLabel=${() => msg(str`Create ${type.name}`)}
+                            label=${msg(str`Create ${type.name}`)}
                         >
                             <ak-proxy-form type=${type.component}></ak-proxy-form>
                         </ak-wizard-page-form>

web/src/admin/providers/ProviderWizard.ts

@@ -72,7 +72,7 @@ export class ProviderWizard extends AKElement {
                     return html`
                         <ak-wizard-page-form
                             slot=${`type-${type.component}`}
-                            .sidebarLabel=${() => msg(str`Create ${type.name}`)}
+                            label=${msg(str`Create ${type.name}`)}
                         >
                             <ak-proxy-form type=${type.component}></ak-proxy-form>
                         </ak-wizard-page-form>

web/src/admin/providers/google_workspace/GoogleWorkspaceProviderForm.ts

@@ -1,4 +1,7 @@
 import "#elements/CodeMirror";
+import "#components/ak-number-input";
+import "#elements/utils/TimeDeltaHelp";
+import "#components/ak-text-input";
 import "#elements/ak-dual-select/ak-dual-select-dynamic-selected-provider";
 import "#elements/ak-dual-select/ak-dual-select-provider";
 import "#elements/forms/FormGroup";
@@ -272,6 +275,29 @@ export class GoogleWorkspaceProviderFormPage extends BaseProviderForm<GoogleWork
                         </p>
                     </ak-form-element-horizontal>
                 </div>
+            </ak-form-group>
+            <ak-form-group label="${msg("Sync settings")}">
+                <div class="pf-c-form">
+                    <ak-number-input
+                        label=${msg("Page size")}
+                        required
+                        name="pageSize"
+                        value="${this.instance?.syncPageSize ?? 100}"
+                        help=${msg("Controls the number of objects synced in a single task.")}
+                    ></ak-number-input>
+                    <ak-text-input
+                        name="syncPageTimeout"
+                        label=${msg("Page timeout")}
+                        input-hint="code"
+                        required
+                        value="${ifDefined(this.instance?.syncPageTimeout ?? "minutes=30")}"
+                        .bighelp=${html`<p class="pf-c-form__helper-text">
+                                ${msg("Timeout for synchronization of a single page.")}
+                            </p>
+                            <ak-utils-time-delta-help></ak-utils-time-delta-help>`}
+                    >
+                    </ak-text-input>
+                </div>
             </ak-form-group>`;
     }
 }

web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderForm.ts

@@ -1,4 +1,7 @@
 import "#components/ak-hidden-text-input";
+import "#components/ak-number-input";
+import "#elements/utils/TimeDeltaHelp";
+import "#components/ak-text-input";
 import "#elements/ak-dual-select/ak-dual-select-dynamic-selected-provider";
 import "#elements/ak-dual-select/ak-dual-select-provider";
 import "#elements/forms/FormGroup";
@@ -248,6 +251,29 @@ export class MicrosoftEntraProviderFormPage extends BaseProviderForm<MicrosoftEn
                         </p>
                     </ak-form-element-horizontal>
                 </div>
+            </ak-form-group>
+            <ak-form-group label="${msg("Sync settings")}">
+                <div class="pf-c-form">
+                    <ak-number-input
+                        label=${msg("Page size")}
+                        required
+                        name="pageSize"
+                        value="${this.instance?.syncPageSize ?? 100}"
+                        help=${msg("Controls the number of objects synced in a single task.")}
+                    ></ak-number-input>
+                    <ak-text-input
+                        name="syncPageTimeout"
+                        label=${msg("Page timeout")}
+                        input-hint="code"
+                        required
+                        value="${ifDefined(this.instance?.syncPageTimeout ?? "minutes=30")}"
+                        .bighelp=${html`<p class="pf-c-form__helper-text">
+                                ${msg("Timeout for synchronization of a single page.")}
+                            </p>
+                            <ak-utils-time-delta-help></ak-utils-time-delta-help>`}
+                    >
+                    </ak-text-input>
+                </div>
             </ak-form-group>`;
     }
 }

web/src/admin/providers/scim/SCIMProviderFormForm.ts

@@ -7,6 +7,9 @@ import "#elements/forms/Radio";
 import "#elements/forms/SearchSelect/index";
 import "#elements/CodeMirror";
 import "#admin/common/ak-license-notice";
+import "#components/ak-number-input";
+import "#elements/utils/TimeDeltaHelp";
+import "#components/ak-text-input";
 
 import { propertyMappingsProvider, propertyMappingsSelector } from "./SCIMProviderFormHelpers.js";
 
@@ -301,5 +304,29 @@ export function renderForm({ provider = {}, errors = {}, update }: SCIMProviderF
                 </ak-form-element-horizontal>
             </div>
         </ak-form-group>
+
+        <ak-form-group label="${msg("Sync settings")}">
+            <div class="pf-c-form">
+                <ak-number-input
+                    label=${msg("Page size")}
+                    required
+                    name="pageSize"
+                    value="${provider.syncPageSize ?? 100}"
+                    help=${msg("Controls the number of objects synced in a single task.")}
+                ></ak-number-input>
+                <ak-text-input
+                    name="syncPageTimeout"
+                    label=${msg("Page timeout")}
+                    input-hint="code"
+                    required
+                    value="${provider.syncPageTimeout ?? "minutes=30"}"
+                    .bighelp=${html`<p class="pf-c-form__helper-text">
+                            ${msg("Timeout for synchronization of a single page.")}
+                        </p>
+                        <ak-utils-time-delta-help></ak-utils-time-delta-help>`}
+                >
+                </ak-text-input>
+            </div>
+        </ak-form-group>
     `;
 }

web/src/admin/sources/SourceWizard.ts

@@ -66,7 +66,7 @@ export class SourceWizard extends AKElement {
                     return html`
                         <ak-wizard-page-form
                             slot=${`type-${type.component}-${type.modelName}`}
-                            .sidebarLabel=${() => msg(str`Create ${type.name}`)}
+                            label=${msg(str`Create ${type.name}`)}
                         >
                             <ak-proxy-form
                                 .args=${{

web/src/admin/stages/StageWizard.ts

@@ -101,7 +101,7 @@ export class StageWizard extends AKElement {
                     return html`
                         <ak-wizard-page-form
                             slot=${`type-${type.component}-${type.modelName}`}
-                            .sidebarLabel=${() => msg(str`Create ${type.name}`)}
+                            label=${msg(str`Create ${type.name}`)}
                         >
                             <ak-proxy-form type=${type.component}></ak-proxy-form>
                         </ak-wizard-page-form>
@@ -110,7 +110,7 @@ export class StageWizard extends AKElement {
                 ${this.showBindingPage
                     ? html`<ak-wizard-page-form
                           slot="create-binding"
-                          .sidebarLabel=${() => msg("Create Binding")}
+                          label=${msg("Create Binding")}
                           .activePageCallback=${async (context: FormWizardPage) => {
                               const createSlot = context.host.steps[1];
                               const bindingForm =

web/src/elements/table/Table.ts

@@ -30,6 +30,7 @@ import { property, state } from "lit/decorators.js";
 import { classMap } from "lit/directives/class-map.js";
 import { ifDefined } from "lit/directives/if-defined.js";
 import { createRef, ref } from "lit/directives/ref.js";
+import { repeat } from "lit/directives/repeat.js";
 
 import PFButton from "@patternfly/patternfly/components/Button/button.css";
 import PFDropdown from "@patternfly/patternfly/components/Dropdown/dropdown.css";
@@ -309,9 +310,6 @@ export abstract class Table<T extends object>
     @property({ type: Boolean })
     public clickable = false;
 
-    @property({ attribute: false })
-    public clickHandler: (item: T) => void = () => {};
-
     @property({ type: Boolean })
     public radioSelect = false;
 
@@ -459,7 +457,17 @@ export abstract class Table<T extends object>
                 this.expandedElements = nextExpanded;
 
                 if (this.clearOnRefresh) {
-                    this.#selectedElements.clear();
+                    if (this.#selectedElements.size) {
+                        this.#selectedElements.clear();
+
+                        const selectAllCheckbox = this.#selectAllCheckboxRef.value;
+
+                        if (selectAllCheckbox) {
+                            selectAllCheckbox.checked = false;
+                            selectAllCheckbox.indeterminate = false;
+                        }
+                    }
+
                     this.requestUpdate();
                 }
             })
@@ -526,6 +534,26 @@ export abstract class Table<T extends object>
 
     //#region Rows
 
+    /**
+     * An overridable event listener when a row is clicked.
+     *
+     * @bound
+     * @abstract
+     */
+    protected rowClickListener(item: T, event?: InputEvent | PointerEvent): void {
+        if (event?.defaultPrevented) {
+            return;
+        }
+
+        if (this.expandable) {
+            const itemKey = this.#itemKeys.get(item);
+
+            return this.#toggleExpansion(itemKey, event);
+        }
+
+        this.#selectItemListener(item, event);
+    }
+
     /**
      * Render a row for a given item.
      *
@@ -557,40 +585,52 @@ export abstract class Table<T extends object>
 
             if (!groupKey) {
                 return html`<tbody>
-                    ${groupItems.map((item, itemIndex) =>
-                        this.#renderRowGroupItem(item, itemIndex, groupItems, 0, groups),
+                    ${repeat(
+                        groupItems,
+                        (item, itemIndex) => this.#itemKeys.get(item) ?? itemIndex,
+                        (item, itemIndex) =>
+                            this.#renderRowGroupItem(item, itemIndex, groupItems, 0, groups),
                     )}
                 </tbody>`;
             }
         }
 
-        return groups.map(([group, items], groupIndex) => {
-            const groupHeaderID = `table-group-${groupIndex}`;
+        return repeat(
+            groups,
+            ([group]) => group,
+            ([group, items], groupIndex) => {
+                const groupHeaderID = `table-group-${groupIndex}`;
 
-            return html`<thead>
-                    <tr>
-                        <th id=${groupHeaderID} scope="colgroup" colspan=${this.#columnCount}>
-                            ${group}
-                        </th>
-                    </tr>
-                </thead>
-                <tbody>
-                    ${items.map((item, itemIndex) =>
-                        this.#renderRowGroupItem(item, itemIndex, items, groupIndex, groups),
-                    )}
-                </tbody>`;
-        });
+                return html`<thead>
+                        <tr>
+                            <th id=${groupHeaderID} scope="colgroup" colspan=${this.#columnCount}>
+                                ${group}
+                            </th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        ${repeat(
+                            items,
+                            (item, itemIndex) => this.#itemKeys.get(item) ?? itemIndex,
+                            (item, itemIndex) =>
+                                this.#renderRowGroupItem(
+                                    item,
+                                    itemIndex,
+                                    items,
+                                    groupIndex,
+                                    groups,
+                                ),
+                        )}
+                    </tbody>`;
+            },
+        ) as SlottedTemplateResult[];
     }
 
-    //#region Grouping
-
-    protected groupBy(items: T[]): GroupResult<T>[] {
-        return [["", items]];
-    }
+    //#region Expansion
 
     protected renderExpanded?(item: T): SlottedTemplateResult;
 
-    #toggleExpansion = (itemKey?: string | number, event?: PointerEvent) => {
+    #toggleExpansion = (itemKey?: string | number, event?: PointerEvent | InputEvent) => {
         // An unlikely scenario but possible if items shift between fetches
         if (typeof itemKey === "undefined") return;
 
@@ -614,12 +654,8 @@ export abstract class Table<T extends object>
         this.requestUpdate("expandedElements");
     };
 
-    #selectItemListener(item: T, event: InputEvent | PointerEvent) {
-        const target = event.target as HTMLElement;
-
-        if (event instanceof PointerEvent && target.classList.contains("ignore-click")) {
-            return;
-        }
+    #selectItemListener(item: T, event?: InputEvent | PointerEvent) {
+        const { target, currentTarget } = event ?? {};
 
         const itemKey = this.#itemKeys.get(item);
         const selected = !!(itemKey && this.#selectedElements.has(itemKey));
@@ -635,6 +671,9 @@ export abstract class Table<T extends object>
             return;
         }
 
+        event?.stopPropagation();
+        event?.preventDefault();
+
         if (itemKey) {
             if (checked) {
                 this.#selectedElements.set(itemKey, item);
@@ -655,6 +694,12 @@ export abstract class Table<T extends object>
         this.requestUpdate();
     }
 
+    //#region Grouping
+
+    protected groupBy(items: T[]): GroupResult<T>[] {
+        return [["", items]];
+    }
+
     #renderRowGroupItem(
         item: T,
         rowIndex: number,
@@ -669,34 +714,36 @@ export abstract class Table<T extends object>
         const selected = !!(itemKey && this.#selectedElements.has(itemKey));
 
         const rowLabel = this.rowLabel(item) || `#${rowIndex + 1}`;
+        const rowKey = `row-${groupIndex}-${rowIndex}`;
+
+        const selectItem = this.#selectItemListener.bind(this, item);
 
         const renderCheckbox = () =>
-            html`<td class="pf-c-table__check" role="presentation">
-                <label aria-label="${msg(str`Select "${rowLabel}" row`)}" class="ignore-click"
+            html`<td class="pf-c-table__check" role="presentation" @click=${selectItem}>
+                <label aria-label="${msg(str`Select "${rowLabel}" row`)}"
                     ><input
                         type="checkbox"
-                        class="ignore-click"
                         .checked=${selected}
-                        @input=${this.#selectItemListener.bind(this, item)}
-                        @click=${(ev: PointerEvent) => {
-                            ev.stopPropagation();
-                        }}
+                        @input=${selectItem}
+                        @click=${(event: PointerEvent) => event.stopPropagation()}
                 /></label>
             </td>`;
 
+        const expandItem = this.#toggleExpansion.bind(this, itemKey);
+
         const renderExpansion = () => {
             return html`<td
                 class="pf-c-table__toggle pf-m-pressable"
                 role="presentation"
-                @click=${this.#toggleExpansion.bind(this, itemKey)}
+                @click=${expandItem}
             >
                 <button
                     class="pf-c-button pf-m-plain ${classMap({
                         "pf-m-expanded": expanded,
                     })}"
-                    @click=${this.#toggleExpansion.bind(this, itemKey)}
+                    @click=${expandItem}
                     aria-label=${expanded ? msg("Collapse row") : msg("Expand row")}
-                    aria-expanded=${expanded ? "true" : "false"}
+                    aria-expanded=${expanded.toString()}
                 >
                     <div class="pf-c-table__toggle-icon">
                         &nbsp;<i class="fas fa-angle-down" aria-hidden="true"></i>&nbsp;
@@ -707,7 +754,7 @@ export abstract class Table<T extends object>
 
         let expansionContent: SlottedTemplateResult = nothing;
 
-        if (this.expandable) {
+        if (this.expandable && expanded) {
             if (!this.renderExpanded) {
                 throw new TypeError("Expandable is enabled but renderExpanded is not overridden!");
             }
@@ -728,30 +775,32 @@ export abstract class Table<T extends object>
 
         return html`
             <tr
-                aria-selected=${selected ? "true" : "false"}
+                @click=${this.rowClickListener.bind(this, item)}
+                aria-selected=${selected.toString()}
                 class="${classMap({
                     "pf-m-hoverable": this.checkbox || this.clickable,
                 })}"
-                @click=${this.clickable
-                    ? this.clickHandler.bind(this, item)
-                    : this.#selectItemListener.bind(this, item)}
             >
                 ${this.checkbox ? renderCheckbox() : nothing}
                 ${this.expandable ? renderExpansion() : nothing}
-                ${this.row(item).map((cell, columnIndex) => {
-                    const columnID = this.#columnIDs.get(this.columns[columnIndex]);
+                ${repeat(
+                    this.row(item),
+                    (_cell, columnIndex) => columnIndex,
+                    (cell, columnIndex) => {
+                        const columnID = this.#columnIDs.get(this.columns[columnIndex]);
 
-                    const headers = groupHeaderID
-                        ? `${groupHeaderID} ${columnID}`.trim()
-                        : columnID;
+                        const headers = groupHeaderID
+                            ? `${groupHeaderID} ${columnID}`.trim()
+                            : columnID;
 
-                    return html`<td
-                        class=${ifPresent(!columnID, "presentational")}
-                        headers=${ifPresent(headers)}
-                    >
-                        ${cell}
-                    </td>`;
-                })}
+                        return html`<td
+                            class=${ifPresent(!columnID, "presentational")}
+                            headers=${ifPresent(headers)}
+                        >
+                            ${cell}
+                        </td>`;
+                    },
+                )}
             </tr>
             ${expansionContent}
         `;
@@ -982,19 +1031,23 @@ export abstract class Table<T extends object>
                         <tr class="pf-c-table__header-row">
                             ${this.checkbox ? this.renderAllOnThisPageCheckbox() : nothing}
                             ${this.expandable ? html`<td aria-hidden="true"></td>` : nothing}
-                            ${this.columns.map((column, idx) => {
-                                const [label, orderBy, ariaLabel] = column;
-                                const columnID = this.#columnIDs.get(column) ?? `column-${idx}`;
+                            ${repeat(
+                                this.columns,
+                                ([label], idx) => label ?? idx,
+                                (column, idx) => {
+                                    const [label, orderBy, ariaLabel] = column;
+                                    const columnID = this.#columnIDs.get(column) ?? `column-${idx}`;
 
-                                return renderTableColumn({
-                                    label,
-                                    id: columnID,
-                                    ariaLabel,
-                                    orderBy,
-                                    table: this,
-                                    columnIndex: idx,
-                                });
-                            })}
+                                    return renderTableColumn({
+                                        label,
+                                        id: columnID,
+                                        ariaLabel,
+                                        orderBy,
+                                        table: this,
+                                        columnIndex: idx,
+                                    });
+                                },
+                            )}
                         </tr>
                     </thead>
                     ${this.renderRows()}

web/src/elements/wizard/ActionWizardPage.ts

@@ -58,7 +58,7 @@ export class ActionWizardPage extends WizardPage {
         this.host.isValid = true;
     };
 
-    sidebarLabel = () => msg("Apply changes");
+    public label = msg("Apply changes");
 
     async run(): Promise<void> {
         this.currentStep = this.states[0];

web/src/elements/wizard/TypeCreateWizardPage.ts

@@ -60,7 +60,7 @@ export class TypeCreateWizardPage extends WithLicenseSummary(WizardPage) {
 
     //#endregion
 
-    public sidebarLabel = () => msg("Select type");
+    public override label = msg("Select type");
 
     public reset = () => {
         super.reset();

web/src/elements/wizard/Wizard.ts

@@ -104,19 +104,6 @@ export class Wizard extends ModalButton {
             this.steps.push(ApplyActionsSlot);
         }
 
-        for (const step of this._steps) {
-            const existingStepElement = this.getStepElementByName(step);
-
-            if (existingStepElement) continue;
-
-            const stepElement = document.createElement(step);
-
-            stepElement.slot = step;
-            stepElement.dataset.wizardmanaged = "true";
-
-            this.appendChild(stepElement);
-        }
-
         this.requestUpdate();
     }
 
@@ -314,8 +301,6 @@ export class Wizard extends ModalButton {
 
                                 if (!stepEl) return html`<p>Unexpected missing step: ${step}</p>`;
 
-                                const sidebarLabel = stepEl.sidebarLabel();
-
                                 return html`
                                     <li role="presentation" class="pf-c-wizard__nav-item">
                                         <button
@@ -329,7 +314,7 @@ export class Wizard extends ModalButton {
                                                 this.activeStepElement = stepEl;
                                             }}
                                         >
-                                            ${sidebarLabel}
+                                            ${stepEl.label ?? msg("UNNAMED")}
                                         </button>
                                     </li>
                                 `;

web/src/elements/wizard/WizardPage.ts

@@ -1,8 +1,8 @@
 import { AKElement } from "#elements/Base";
 import { Wizard } from "#elements/wizard/Wizard";
 
-import { CSSResult, html, PropertyDeclaration, TemplateResult } from "lit";
-import { customElement, property } from "lit/decorators.js";
+import { CSSResult, html, LitElement, PropertyDeclaration, TemplateResult } from "lit";
+import { property } from "lit/decorators.js";
 
 import PFBase from "@patternfly/patternfly/patternfly-base.css";
 
@@ -18,22 +18,17 @@ export type WizardPageActiveCallback = () => void | Promise<void>;
  */
 export type WizardPageNextCallback = () => boolean | Promise<boolean>;
 
-@customElement("ak-wizard-page")
-export class WizardPage extends AKElement {
+export abstract class WizardPage extends AKElement {
     static styles: CSSResult[] = [PFBase];
 
     /**
      * The label to display in the sidebar for this page.
      *
-     * Override this to provide a custom label.
-     * @todo: Should this be a getter or static property?
      */
-    @property()
-    sidebarLabel = (): string => {
-        return "UNNAMED";
-    };
+    @property({ type: String })
+    public label: string | null = null;
 
-    get host(): Wizard {
+    public get host(): Wizard {
         return this.parentElement as Wizard;
     }
 
@@ -49,7 +44,7 @@ export class WizardPage extends AKElement {
     /**
      * Called when this is the page brought into view.
      */
-    activeCallback: WizardPageActiveCallback = () => {
+    public activeCallback: WizardPageActiveCallback = () => {
         this.host.isValid = false;
     };
 
@@ -60,20 +55,21 @@ export class WizardPage extends AKElement {
      *
      * @returns `true` if the wizard can proceed to the next page, `false` otherwise.
      */
-    nextCallback: WizardPageNextCallback = () => {
+    public nextCallback: WizardPageNextCallback = () => {
         return Promise.resolve(true);
     };
 
-    requestUpdate(
+    public override requestUpdate(
         name?: PropertyKey,
         oldValue?: unknown,
         options?: PropertyDeclaration<unknown, unknown>,
     ): void {
-        this.querySelectorAll("*").forEach((el) => {
-            if ("requestUpdate" in el) {
-                (el as AKElement).requestUpdate();
+        for (const element of this.querySelectorAll("*")) {
+            if (element instanceof LitElement) {
+                element.requestUpdate();
             }
-        });
+        }
+
         return super.requestUpdate(name, oldValue, options);
     }
 

web/src/flow/providers/SessionEnd.ts

@@ -8,7 +8,7 @@ import { BaseStage } from "#flow/stages/base";
 import { SessionEndChallenge } from "@goauthentik/api";
 
 import { msg, str } from "@lit/localize";
-import { CSSResult, html, nothing, TemplateResult } from "lit";
+import { CSSResult, html, nothing, PropertyValues, TemplateResult } from "lit";
 import { customElement } from "lit/decorators.js";
 import { ifDefined } from "lit/directives/if-defined.js";
 
@@ -23,6 +23,47 @@ import PFBase from "@patternfly/patternfly/patternfly-base.css";
 export class SessionEnd extends BaseStage<SessionEndChallenge, unknown> {
     static styles: CSSResult[] = [PFBase, PFLogin, PFForm, PFFormControl, PFTitle, PFButton];
 
+    firstUpdated(changedProperties: PropertyValues) {
+        super.firstUpdated(changedProperties);
+        this.sendLogoutResponse();
+    }
+
+    protected sendLogoutResponse(): void {
+        if (!this.challenge.slsUrl || !this.challenge.logoutResponse) {
+            return;
+        }
+
+        const slsUrl = this.challenge.slsUrl;
+        const logoutResponse = this.challenge.logoutResponse;
+
+        const iframe = document.createElement("iframe");
+        iframe.style.display = "none";
+        iframe.name = "saml-logout-response";
+        document.body.appendChild(iframe);
+
+        if (this.challenge.slsBinding === "redirect") {
+            const params = new URLSearchParams();
+            params.set("SAMLResponse", logoutResponse);
+            iframe.src = `${slsUrl}?${params.toString()}`;
+        } else {
+            // For POST binding, create form that targets the iframe
+            const form = document.createElement("form");
+            form.method = "POST";
+            form.action = slsUrl;
+            form.target = iframe.name;
+
+            const samlInput = document.createElement("input");
+            samlInput.type = "hidden";
+            samlInput.name = "SAMLResponse";
+            samlInput.value = logoutResponse;
+            form.appendChild(samlInput);
+
+            document.body.appendChild(form);
+            form.submit();
+            form.remove();
+        }
+    }
+
     render(): TemplateResult {
         return html`<ak-flow-card .challenge=${this.challenge}>
             <form class="pf-c-form">

web/src/user/LibraryApplication/RACLaunchEndpointModal.ts

@@ -15,16 +15,15 @@ export class RACLaunchEndpointModal extends TableModal<Endpoint> {
     clickable = true;
     protected override searchEnabled = true;
 
-    clickHandler = (item: Endpoint) => {
+    protected override rowClickListener(item: Endpoint, event?: InputEvent | PointerEvent) {
         if (!item.launchUrl) {
-            return;
+            return super.rowClickListener(item, event);
         }
-        if (this.app?.openInNewTab) {
-            window.open(item.launchUrl);
-        } else {
-            window.location.assign(item.launchUrl);
-        }
-    };
+
+        const target = this.app?.openInNewTab ? `ak-rac-endpoint-${item.name}` : "_self";
+
+        window.open(item.launchUrl, target);
+    }
 
     @property({ attribute: false })
     app?: Application;
@@ -35,7 +34,7 @@ export class RACLaunchEndpointModal extends TableModal<Endpoint> {
             provider: this.app?.provider || 0,
         });
         if (this.open && endpoints.pagination.count === 1) {
-            this.clickHandler(endpoints.results[0]);
+            this.rowClickListener(endpoints.results[0]);
             this.open = false;
         }
         return endpoints;

web/xliff/de.xlf

@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="de" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>Die URL &quot;
-<x id="0" equiv-text="${this.url}"/>&quot; wurde nicht gefunden.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>Die URL "
+<x id="0" equiv-text="${this.url}"/>" wurde nicht gefunden.</target>
         
       </trans-unit>
       <trans-unit id="s58cd9c2fe836d9c6">
@@ -1662,8 +1662,8 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>Geben Sie entweder eine vollständige URL oder einen relativen Pfad ein oder geben Sie 'fa://fa-test' ein, um das Font Awesome-Icon &quot;fa-test&quot; zu verwenden</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>Geben Sie entweder eine vollständige URL oder einen relativen Pfad ein oder geben Sie 'fa://fa-test' ein, um das Font Awesome-Icon "fa-test" zu verwenden</target>
         
       </trans-unit>
       <trans-unit id="s0410779cb47de312">
@@ -3649,10 +3649,10 @@ Hier können nur Policies verwendet werden, da der Zugriff geprüft wird, bevor
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
         <target>Bist du sicher, dass du
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot;aktualisieren möchtest?</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>"aktualisieren möchtest?</target>
         
       </trans-unit>
       <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4681,8 +4681,8 @@ Beim Erstellen eines festen Auswahlfelds aktiviere „Als Ausdruck interpretiere
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
-        <target>Ein &quot;Roaming&quot;-Authentifikator, wie ein YubiKey</target>
+        <source>A "roaming" authenticator, like a YubiKey</source>
+        <target>Ein "Roaming"-Authentifikator, wie ein YubiKey</target>
         
       </trans-unit>
       <trans-unit id="sfffba7b23d8fb40c">
@@ -5040,7 +5040,7 @@ Beim Erstellen eines festen Auswahlfelds aktiviere „Als Ausdruck interpretiere
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
         <target>Wenn auf eine Dauer größer als 0 gesetzt, hat der Benutzer die Option „Angemeldet bleiben“, wodurch seine Sitzung um die hier angegebene Zeit verlängert wird.</target>
         
       </trans-unit>
@@ -7201,7 +7201,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <target>Benutzer erfolgreich erstellt und zu Gruppe <x id="0" equiv-text="${this.group.name}"/> hinzugefügt.</target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
   <target>Dieser Benutzer wird der Gruppe &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot; hinzugefügt.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8450,7 +8450,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <target>Gruppe synchronisieren</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
   <target><x id="0" equiv-text="${p.name}"/> (&amp;quot;<x id="1" equiv-text="${p.fieldKey}"/>&amp;quot;, vom typ <x id="2" equiv-text="${p.type}"/>)</target>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
@@ -8698,8 +8698,8 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <target>Gültige Redirect-URIs nach einem erfolgreichen Autorisierungsflow. Gib hier auch alle Origins für Implicit-Flows an.</target>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-  <target>Um jede Redirect-URI zu erlauben, setze den Modus auf Regex und den Wert auf &quot;.*&quot;. Beachte die möglichen Sicherheitsimplikationen.</target>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
+  <target>Um jede Redirect-URI zu erlauben, setze den Modus auf Regex und den Wert auf ".*". Beachte die möglichen Sicherheitsimplikationen.</target>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
   <source>Federated OIDC Sources</source>
@@ -9436,7 +9436,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <target>Wie die Authentifizierung während eines Authorization-Code-Token-Anforderungsflows durchgeführt wird</target>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
+  <source>Enable "Remember me on this device"</source>
   <target>„Angemeldet bleiben auf diesem Gerät“ aktivieren</target>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
@@ -9841,7 +9841,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <target>z.B. Collaboration, Communication, Intern usw.</target>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
   <target>Fehler beim Abrufen der Applikation &amp;quot;<x id="0" equiv-text="${this.applicationSlug}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
@@ -9969,11 +9969,11 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <target><x id="0" equiv-text="${this.label || &quot;&quot;}"/> Tabellen-Paginierung</target>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
   <target>Sortieren nach &amp;quot;<x id="0" equiv-text="${label}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
   <target>Zeile &amp;quot;<x id="0" equiv-text="${rowLabel}"/>&amp;quot; auswählen</target>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
@@ -10057,7 +10057,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <target>Provider ist keiner Anwendung zugewiesen.</target>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
   <target>Provider &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot; bearbeiten</target>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
@@ -10065,19 +10065,19 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <target>Anwendungsdokumentation</target>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
   <target>Anwendungssymbol für  &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
   <target>&amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot; bearbeiten</target>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
   <target>&amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot; ausführen</target>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
   <target>&amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot; exportieren</target>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
@@ -10085,11 +10085,11 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <target>Gerät bearbeiten</target>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
   <target>&amp;quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&amp;quot; Berechtigungen aktualisieren</target>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
   <target>&amp;quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&amp;quot; Berechtigungsdialog öffnen</target>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
@@ -10111,11 +10111,11 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <target>OCI Support</target>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
   <target>Blueprint &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot; bearbeiten</target>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
   <target>Blueprint &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot; anwenden</target>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
@@ -10233,7 +10233,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
   <source>Verify Assertion Signature</source>
@@ -10281,16 +10281,16 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
   <source>API drawer</source>
@@ -10413,7 +10413,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
   <source>New Group</source>
@@ -10440,16 +10440,16 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
   <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
   <source>Use inspector</source>
@@ -10638,7 +10638,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
   <source>SAML Provider</source>
@@ -10665,7 +10665,7 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
   <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
   <source>Edit application...</source>
@@ -10694,4 +10694,4 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
 </trans-unit>
     </body>
   </file>
-</xliff>
+</xliff>

web/xliff/es.xlf

@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="es" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>El URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot; no fue encontrado.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>El URL "
+        <x id="0" equiv-text="${this.url}"/>" no fue encontrado.</target>
         
       </trans-unit>
       <trans-unit id="s58cd9c2fe836d9c6">
@@ -1662,7 +1662,7 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
         <target>Ingrese una URL completa, una ruta relativa o use 'fa: //fa-test' para usar el ícono Font Awesome «fa-test».</target>
         
       </trans-unit>
@@ -3651,10 +3651,10 @@ no se aprueba cuando una o ambas de las opciones seleccionadas son iguales o sup
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
         <target>¿Estás seguro de que deseas actualizar
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot;?</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>"?</target>
         
       </trans-unit>
       <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4684,8 +4684,8 @@ no se aprueba cuando una o ambas de las opciones seleccionadas son iguales o sup
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
-        <target>Un autenticador &quot;roaming&quot;, como una YubiKey</target>
+        <source>A "roaming" authenticator, like a YubiKey</source>
+        <target>Un autenticador "roaming", como una YubiKey</target>
         
       </trans-unit>
       <trans-unit id="sfffba7b23d8fb40c">
@@ -5043,8 +5043,8 @@ no se aprueba cuando una o ambas de las opciones seleccionadas son iguales o sup
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
-        <target>Si se establece en una duración mayor a 0, el usuario tendrá la opción de &quot;mantener la sesión iniciada&quot;, lo que extenderá su sesión por el tiempo especificado aquí.</target>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
+        <target>Si se establece en una duración mayor a 0, el usuario tendrá la opción de "mantener la sesión iniciada", lo que extenderá su sesión por el tiempo especificado aquí.</target>
         
       </trans-unit>
       <trans-unit id="s542a71bb8f41e057">
@@ -7205,7 +7205,7 @@ Las vinculaciones a grupos/usuarios se verifican en función del usuario del eve
   <target>Usuario creado correctamente y agregado al grupo <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
   <target>Este usuario se agregará al grupo. &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8455,7 +8455,7 @@ Las vinculaciones a grupos/usuarios se verifican en función del usuario del eve
   <target>Sincronizar Grupo</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
   <target><x id="0" equiv-text="${p.name}"/> (&amp;quot;<x id="1" equiv-text="${p.fieldKey}"/>&amp;quot;, of type <x id="2" equiv-text="${p.type}"/>)</target>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
@@ -8703,8 +8703,8 @@ Las vinculaciones a grupos/usuarios se verifican en función del usuario del eve
   <target>URI de redirección válidas tras un flujo de autorización exitoso. Especifique también aquí los orígenes de los flujos implícitos.</target>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-  <target>Para permitir cualquier URI de redirección, configure el modo en Expresión Regular y el valor en &quot;.*&quot;. Tenga en cuenta las posibles implicaciones de seguridad que esto puede tener.</target>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
+  <target>Para permitir cualquier URI de redirección, configure el modo en Expresión Regular y el valor en ".*". Tenga en cuenta las posibles implicaciones de seguridad que esto puede tener.</target>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
   <source>Federated OIDC Sources</source>
@@ -9442,8 +9442,8 @@ Si se deja vacío, AuthnContextClassRef se establecerá según los métodos de a
   <target>Cómo realizar la autenticación durante un flujo de solicitud de token de código de autorización</target>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
-  <target>Habilita &quot;Recordarme en este dispositivo&quot;</target>
+  <source>Enable "Remember me on this device"</source>
+  <target>Habilita "Recordarme en este dispositivo"</target>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
   <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9842,7 +9842,7 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
   <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
   <source>Account Recovery Max Attempts</source>
@@ -9939,10 +9939,10 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
   <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
   <source>Collapse row</source>
@@ -10005,31 +10005,31 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
   <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
   <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
   <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
   <source>OCI URL</source>
@@ -10045,10 +10045,10 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
   <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
   <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -10150,7 +10150,7 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
   <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
   <source>Verify Assertion Signature</source>
@@ -10198,16 +10198,16 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
   <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
   <source>API drawer</source>
@@ -10330,7 +10330,7 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
   <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
   <source>New Group</source>
@@ -10357,16 +10357,16 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
   <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
   <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
   <source>Use inspector</source>
@@ -10555,7 +10555,7 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
   <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
   <source>SAML Provider</source>
@@ -10582,7 +10582,7 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
   <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
   <source>Edit application...</source>
@@ -10611,4 +10611,4 @@ El valor de este campo se compara con el atributo de pertenencia del usuario.</t
 </trans-unit>
     </body>
   </file>
-</xliff>
+</xliff>

web/xliff/fr.xlf

@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="fr" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>L'URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot; n'a pas été trouvée.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>L'URL "
+        <x id="0" equiv-text="${this.url}"/>" n'a pas été trouvée.</target>
         
       </trans-unit>
       <trans-unit id="s58cd9c2fe836d9c6">
@@ -1662,8 +1662,8 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>Entrez une URL complète, un chemin relatif ou utilisez 'fa://fa-test' pour utiliser l'icône Font Awesome &quot;fa-test&quot;.</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>Entrez une URL complète, un chemin relatif ou utilisez 'fa://fa-test' pour utiliser l'icône Font Awesome "fa-test".</target>
         
       </trans-unit>
       <trans-unit id="s0410779cb47de312">
@@ -2681,7 +2681,7 @@ doesn't pass when either or both of the selected options are equal or above the
       </trans-unit>
       <trans-unit id="s33683c3b1dbaf264">
         <source>To use SSL instead, use 'ldaps://' and disable this option.</source>
-        <target>Pour utiliser SSL à la base, utilisez &quot;ldaps://&quot; et désactviez cette option.</target>
+        <target>Pour utiliser SSL à la base, utilisez "ldaps://" et désactviez cette option.</target>
         
       </trans-unit>
       <trans-unit id="s2221fef80f4753a2">
@@ -3041,7 +3041,7 @@ doesn't pass when either or both of the selected options are equal or above the
       </trans-unit>
       <trans-unit id="s3198c384c2f68b08">
         <source>Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually.</source>
-        <target>Moment où les utilisateurs temporaires doivent être supprimés. Cela ne s'applique que si votre IDP utilise le format NameID &quot;transient&quot; et que l'utilisateur ne se déconnecte pas manuellement.</target>
+        <target>Moment où les utilisateurs temporaires doivent être supprimés. Cela ne s'applique que si votre IDP utilise le format NameID "transient" et que l'utilisateur ne se déconnecte pas manuellement.</target>
         
       </trans-unit>
       <trans-unit id="sb32e9c1faa0b8673">
@@ -3178,7 +3178,7 @@ doesn't pass when either or both of the selected options are equal or above the
       </trans-unit>
       <trans-unit id="s9f8aac89fe318acc">
         <source>Optionally set the 'FriendlyName' value of the Assertion attribute.</source>
-        <target>Indiquer la valeur &quot;FriendlyName&quot; de l'attribut d'assertion (optionnel)</target>
+        <target>Indiquer la valeur "FriendlyName" de l'attribut d'assertion (optionnel)</target>
         
       </trans-unit>
       <trans-unit id="s851c108679653d2a">
@@ -3649,10 +3649,10 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
         <target>Êtes-vous sûr de vouloir mettre à jour
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot;?</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>"?</target>
         
       </trans-unit>
       <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4682,8 +4682,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
-        <target>Un authentificateur &quot;itinérant&quot;, comme une YubiKey</target>
+        <source>A "roaming" authenticator, like a YubiKey</source>
+        <target>Un authentificateur "itinérant", comme une YubiKey</target>
         
       </trans-unit>
       <trans-unit id="sfffba7b23d8fb40c">
@@ -4988,7 +4988,7 @@ doesn't pass when either or both of the selected options are equal or above the
       </trans-unit>
       <trans-unit id="s5170f9ef331949c0">
         <source>Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable.</source>
-        <target>Afficher des champs de saisie arbitraires à l'utilisateur, par exemple pendant l'inscription. Les données sont enregistrées dans le contexte du flux sous la variable &quot;prompt_data&quot;.</target>
+        <target>Afficher des champs de saisie arbitraires à l'utilisateur, par exemple pendant l'inscription. Les données sont enregistrées dans le contexte du flux sous la variable "prompt_data".</target>
         
       </trans-unit>
       <trans-unit id="s36cb242ac90353bc">
@@ -5041,8 +5041,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
-        <target>Si défini à une durée supérieure à 0, l'utilisateur aura la possibilité de choisir de &quot;rester connecté&quot;, ce qui prolongera sa session jusqu'à la durée spécifiée ici.</target>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
+        <target>Si défini à une durée supérieure à 0, l'utilisateur aura la possibilité de choisir de "rester connecté", ce qui prolongera sa session jusqu'à la durée spécifiée ici.</target>
         
       </trans-unit>
       <trans-unit id="s542a71bb8f41e057">
@@ -6922,7 +6922,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="sff0ac1ace2d90709">
   <source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).</source>
-  <target>Utilisez ce fournisseur avec l'option &quot;auth_request&quot; de Nginx ou &quot;forwardAuth&quot; de Traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, &quot;/outpost.goauthentik.io&quot; doit être routé vers le poste avancé (lorsque vous utilisez un poste avancé géré, cela est fait pour vous).</target>
+  <target>Utilisez ce fournisseur avec l'option "auth_request" de Nginx ou "forwardAuth" de Traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, "/outpost.goauthentik.io" doit être routé vers le poste avancé (lorsque vous utilisez un poste avancé géré, cela est fait pour vous).</target>
 </trans-unit>
 <trans-unit id="scb58b8a60cad8762">
   <source>Default relay state</source>
@@ -7206,7 +7206,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>Utilisateur créé et ajouté au groupe <x id="0" equiv-text="${this.group.name}"/> avec succès</target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
   <target>Cet utilisateur sera ajouté au groupe &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8456,7 +8456,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>Synchroniser le groupe</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
   <target><x id="0" equiv-text="${p.name}"/> (&amp;quot;<x id="1" equiv-text="${p.fieldKey}"/>&amp;quot;, de type <x id="2" equiv-text="${p.type}"/>)</target>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
@@ -8704,8 +8704,8 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>URLs de redirection autorisées après un flux d'autorisation réussi. Indiquez également toute origine ici pour les flux implicites.</target>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-  <target>Pour permettre n'importe quelle URI de redirection, définissez cette valeur sur &quot;.*&quot;. Soyez conscient des possibles implications de sécurité que cela peut avoir.</target>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
+  <target>Pour permettre n'importe quelle URI de redirection, définissez cette valeur sur ".*". Soyez conscient des possibles implications de sécurité que cela peut avoir.</target>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
   <source>Federated OIDC Sources</source>
@@ -9442,8 +9442,8 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>Comment effectuer l'authentification lors d'une demande de jeton pour le flux authorization_code</target>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
-  <target>Activer &quot;Se souvenir de moi sur cet appareil&quot;</target>
+  <source>Enable "Remember me on this device"</source>
+  <target>Activer "Se souvenir de moi sur cet appareil"</target>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
   <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9587,7 +9587,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="se630f2ccd39bf9e6">
   <source>If no group is selected and 'Send notification to event user' is disabled the rule is disabled. </source>
-  <target>Si aucun groupe n'est sélectionné et &quot;Envoyer la notification à l'utilisateur associé à l'évènement&quot; est désactivé, cette règle est désactivée.</target>
+  <target>Si aucun groupe n'est sélectionné et "Envoyer la notification à l'utilisateur associé à l'évènement" est désactivé, cette règle est désactivée.</target>
 </trans-unit>
 <trans-unit id="s47966b2a708694e2">
   <source>Send notification to event user</source>
@@ -9595,7 +9595,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="sd30f00ff2135589c">
   <source>When enabled, notification will be sent to the user that triggered the event in addition to any users in the group above. The event user will always be the first user, to send a notification only to the event user enabled 'Send once' in the notification transport.</source>
-  <target>Lorsque cette option est activée, une notification sera envoyée à l'utilisateur qui a déclenché l'événement en plus des utilisateurs du groupe ci-dessus. L'utilisateur associé à l'événement sera toujours le premier utilisateur. Pour envoyer une notification uniquement à l'utilisateur de l'événement, activez l'option &quot;Envoyer une seule fois&quot; dans le transport de notification.</target>
+  <target>Lorsque cette option est activée, une notification sera envoyée à l'utilisateur qui a déclenché l'événement en plus des utilisateurs du groupe ci-dessus. L'utilisateur associé à l'événement sera toujours le premier utilisateur. Pour envoyer une notification uniquement à l'utilisateur de l'événement, activez l'option "Envoyer une seule fois" dans le transport de notification.</target>
 </trans-unit>
 <trans-unit id="sbd65aeeb8a3b9bbc">
   <source>Maximum registration attempts</source>
@@ -9651,7 +9651,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="sf1a3d030efd11f28">
   <source>Open about dialog</source>
-  <target>Ouvrir la boîte de dialogue &quot;À propos&quot;</target>
+  <target>Ouvrir la boîte de dialogue "À propos"</target>
 </trans-unit>
 <trans-unit id="s95b96d7ead27527f">
   <source>Product name</source>
@@ -9846,7 +9846,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>par ex. Collaboration, Communication, Interne, etc.</target>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
   <target>Erreur lors de la récupération de l'application &amp;quot;<x id="0" equiv-text="${this.applicationSlug}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
@@ -9974,11 +9974,11 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target><x id="0" equiv-text="${this.label || &quot;&quot;}"/> pagination du tableau</target>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
   <target>Trier par &amp;quot;<x id="0" equiv-text="${label}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
   <target>Sélectionner la ligne &amp;quot;<x id="0" equiv-text="${rowLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
@@ -10062,7 +10062,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>Le fournisseur n'est assigné à aucune application.</target>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
   <target>Éditer le fournisseur &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
@@ -10070,19 +10070,19 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>Documentation des applications</target>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
   <target>Icône d'application pour &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
   <target>Éditer &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
   <target>Éxecuter &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
   <target>Exporter &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
@@ -10090,11 +10090,11 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>Éditer l'appareil</target>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
   <target>Mettre à jour les permissions &amp;quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
   <target>Ouvrir le modal des permissions &amp;quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
@@ -10116,11 +10116,11 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>le support OCI</target>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
   <target>Éditer le plan &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
   <target>Appliquer le plan &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
@@ -10256,7 +10256,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>Les chemins ne peuvent pas commencer ou se terminer par une barre oblique, mais ils peuvent contenir n'importe quel autre caractère comme segments de chemin. Les chemins sont actuellement purement utilisés pour l'organisation, cela n'affecte pas leurs permissions, leurs appartenances à des groupes, ou quoi que ce soit d'autre.</target>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
   <target>Ouvrir &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
@@ -10320,19 +10320,19 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>Sans nom</target>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
   <target>Réduire &amp;quot;<x id="0" equiv-text="${itemLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
   <target>Développer &amp;quot;<x id="0" equiv-text="${itemLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
   <target>Sélectionner &amp;quot;<x id="0" equiv-text="${itemLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
   <target>Éléments de &amp;quot;<x id="0" equiv-text="${itemLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
@@ -10496,7 +10496,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>Recherche de groupe</target>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
   <target>Afficher les détails du groupe &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
@@ -10532,11 +10532,11 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>Nouveau compte de service...</target>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
   <target>Exécuter &amp;quot;<x id="0" equiv-text="${this.flow.name}"/>&amp;quot; normalement</target>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
   <target>Exécuter &amp;quot;<x id="0" equiv-text="${this.flow.name}"/>&amp;quot; en tant que l'utilisateur actuel</target>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
@@ -10544,7 +10544,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>Utilisateur actuel</target>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
   <target>Exécuter &amp;quot;<x id="0" equiv-text="${this.flow.name}"/>&amp;quot; avec l'inspecteur</target>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
@@ -10796,7 +10796,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>URL facultative de Single Logout Service à laquelle envoyer les réponses de déconnexion. Si elle n'est pas définie, aucune réponse de déconnexion ne sera envoyée.</target>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
   <source>SAML Provider</source>
@@ -10831,7 +10831,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
   <target>Le nom d'affichage de l'utilisateur.</target>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
   <target>Actions pour &amp;quot;<x id="0" equiv-text="${application.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
@@ -10845,7 +10845,7 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="s8b0e21adf383c8ba">
   <source>.yaml files, which can be found in the Example Flows documentation</source>
-  <target>Fichiers .yaml, qui peuvent être trouvés dans la documentation &quot;Example Flows&quot;</target>
+  <target>Fichiers .yaml, qui peuvent être trouvés dans la documentation "Example Flows"</target>
 </trans-unit>
 <trans-unit id="s139200afa0695967">
   <source>Plain</source>
@@ -10869,4 +10869,4 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
     </body>
   </file>
-</xliff>
+</xliff>

web/xliff/it.xlf

@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="it" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>La URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot; non è stata trovata.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>La URL "
+        <x id="0" equiv-text="${this.url}"/>" non è stata trovata.</target>
         
       </trans-unit>
       <trans-unit id="s58cd9c2fe836d9c6">
@@ -1068,7 +1068,7 @@
       </trans-unit>
       <trans-unit id="sde949d0ef44572eb">
         <source>Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains.</source>
-        <target>Richiede che l'utente abbia un attributo &quot;upn&quot; impostato e ricorre all'ID utente con hash. Utilizza questa modalità solo se disponi di domini UPN e di posta diversi.</target>
+        <target>Richiede che l'utente abbia un attributo "upn" impostato e ricorre all'ID utente con hash. Utilizza questa modalità solo se disponi di domini UPN e di posta diversi.</target>
         
       </trans-unit>
       <trans-unit id="s9f23ed1799b4d49a">
@@ -1228,7 +1228,7 @@
       </trans-unit>
       <trans-unit id="s211b75e868072162">
         <source>Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'.</source>
-        <target>Impostalo sul dominio per il quale desideri che l'autenticazione sia valida. Deve essere un dominio principale dell'URL riportato sopra. Se esegui applicazioni come app1.domain.tld, app2.domain.tld, impostalo su &quot;domain.tld&quot;.</target>
+        <target>Impostalo sul dominio per il quale desideri che l'autenticazione sia valida. Deve essere un dominio principale dell'URL riportato sopra. Se esegui applicazioni come app1.domain.tld, app2.domain.tld, impostalo su "domain.tld".</target>
         
       </trans-unit>
       <trans-unit id="s2345170f7e272668">
@@ -1662,8 +1662,8 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>Inserisci un URL completo, un percorso relativo oppure utilizza &quot;fa://fa-test&quot; per utilizzare l'icona &quot;fa-test&quot; di Font Awesome.</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>Inserisci un URL completo, un percorso relativo oppure utilizza "fa://fa-test" per utilizzare l'icona "fa-test" di Font Awesome.</target>
         
       </trans-unit>
       <trans-unit id="s0410779cb47de312">
@@ -3042,7 +3042,7 @@ doesn't pass when either or both of the selected options are equal or above the
       </trans-unit>
       <trans-unit id="s3198c384c2f68b08">
         <source>Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually.</source>
-        <target>Tempo da attendere quando gli utenti temporanei devono essere eliminati. Questo vale solo se l'IDP utilizza il formato NameID &quot;Transient&quot; e l'utente non si disconnette manualmente.</target>
+        <target>Tempo da attendere quando gli utenti temporanei devono essere eliminati. Questo vale solo se l'IDP utilizza il formato NameID "Transient" e l'utente non si disconnette manualmente.</target>
         
       </trans-unit>
       <trans-unit id="sb32e9c1faa0b8673">
@@ -3179,7 +3179,7 @@ doesn't pass when either or both of the selected options are equal or above the
       </trans-unit>
       <trans-unit id="s9f8aac89fe318acc">
         <source>Optionally set the 'FriendlyName' value of the Assertion attribute.</source>
-        <target>Opzionale: imposta il valore &quot;friendlyname&quot; dell'attributo di asserzione.</target>
+        <target>Opzionale: imposta il valore "friendlyname" dell'attributo di asserzione.</target>
         
       </trans-unit>
       <trans-unit id="s851c108679653d2a">
@@ -3650,10 +3650,10 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
         <target>Sei sicuro di voler aggiornare
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot;?</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>"?</target>
         
       </trans-unit>
       <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4001,7 +4001,7 @@ doesn't pass when either or both of the selected options are equal or above the
       </trans-unit>
       <trans-unit id="s7520286c8419a266">
         <source>Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON.</source>
-        <target>Dati facoltativi che vengono caricati nella variabile di contesto &quot;prompt_data&quot; del flusso. YAML o JSON.</target>
+        <target>Dati facoltativi che vengono caricati nella variabile di contesto "prompt_data" del flusso. YAML o JSON.</target>
         
       </trans-unit>
       <trans-unit id="sb8795b799c70776a">
@@ -4683,8 +4683,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
-        <target>Un autenticatore &quot;roaming&quot;, come un YubiKey</target>
+        <source>A "roaming" authenticator, like a YubiKey</source>
+        <target>Un autenticatore "roaming", come un YubiKey</target>
         
       </trans-unit>
       <trans-unit id="sfffba7b23d8fb40c">
@@ -4989,7 +4989,7 @@ doesn't pass when either or both of the selected options are equal or above the
       </trans-unit>
       <trans-unit id="s5170f9ef331949c0">
         <source>Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable.</source>
-        <target>Mostra campi di input arbitrari all'utente, ad esempio durante l'iscrizione. I dati vengono salvati nel contesto di flusso nell'ambito della variabile &quot;prompt_data&quot;.</target>
+        <target>Mostra campi di input arbitrari all'utente, ad esempio durante l'iscrizione. I dati vengono salvati nel contesto di flusso nell'ambito della variabile "prompt_data".</target>
         
       </trans-unit>
       <trans-unit id="s36cb242ac90353bc">
@@ -5042,8 +5042,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
-        <target>Se impostato su una durata superiore a 0, l'utente avrà la possibilità di scegliere di &quot;rimanere firmato&quot;, che estenderà la sessione entro il momento specificato qui.</target>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
+        <target>Se impostato su una durata superiore a 0, l'utente avrà la possibilità di scegliere di "rimanere firmato", che estenderà la sessione entro il momento specificato qui.</target>
         
       </trans-unit>
       <trans-unit id="s542a71bb8f41e057">
@@ -5064,7 +5064,7 @@ doesn't pass when either or both of the selected options are equal or above the
       <trans-unit id="s927398c400970760">
         <source>Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user
         is pending, a new user is created, and data is written to them.</source>
-        <target>Scrivi qualsiasi dati dal contesto del flusso &quot;prompt_data&quot; all'utente attualmente in sospeso. Se nessun utente
+        <target>Scrivi qualsiasi dati dal contesto del flusso "prompt_data" all'utente attualmente in sospeso. Se nessun utente
  è in sospeso, viene creato un nuovo utente e vengono scritti dati.</target>
       </trans-unit>
       <trans-unit id="sb379d861cbed0b47">
@@ -7097,7 +7097,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s070fdfb03034ca9b">
   <source>One hint, 'New Application Wizard', is currently hidden</source>
-  <target>Un suggerimento, &quot;New Application Wizard&quot;, è attualmente nascosto</target>
+  <target>Un suggerimento, "New Application Wizard", è attualmente nascosto</target>
 </trans-unit>
 <trans-unit id="s1cc306d8e28c4464">
   <source>Deny message</source>
@@ -7204,7 +7204,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>Utente creato con successo e aggiunto al gruppo <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
   <target>Questo utente sarà aggiunto al gruppo &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8323,7 +8323,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s9dda0789d278f5c5">
   <source>Provide users with a 'show password' button.</source>
-  <target>Fornisci agli utenti un pulsante &quot;Mostra password&quot;.</target>
+  <target>Fornisci agli utenti un pulsante "Mostra password".</target>
 </trans-unit>
 <trans-unit id="s2f7f35f6a5b733f5">
   <source>Show password</source>
@@ -8454,7 +8454,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>Gruppo di sincronizzazione</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
   <target><x id="0" equiv-text="${p.name}"/> (&amp;quot;<x id="1" equiv-text="${p.fieldKey}"/>&amp;quot;, del tipo <x id="2" equiv-text="${p.type}"/>)</target>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
@@ -8702,8 +8702,8 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>URI di reindirizzamento validi dopo un flusso di autorizzazione riuscito. Specificare anche eventuali origini per i flussi impliciti.</target>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-  <target>Per consentire qualsiasi URI di reindirizzamento, imposta la modalità su Regex e il valore su &quot;.*&quot;. Tieni presente le possibili implicazioni per la sicurezza.</target>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
+  <target>Per consentire qualsiasi URI di reindirizzamento, imposta la modalità su Regex e il valore su ".*". Tieni presente le possibili implicazioni per la sicurezza.</target>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
   <source>Federated OIDC Sources</source>
@@ -9357,7 +9357,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s17359123e1f24504">
   <source>Field which contains DNs of groups the user is a member of. This field is used to lookup groups from users, e.g. 'memberOf'. To lookup nested groups in an Active Directory environment use 'memberOf:1.2.840.113556.1.4.1941:'.</source>
-  <target>Campo che contiene i ND dei gruppi di cui l'utente è membro. Questo campo viene utilizzato per cercare i gruppi degli utenti, ad esempio &quot;memberOf&quot;. Per cercare gruppi nidificati in un ambiente Active Directory, utilizzare &quot;memberOf:1.2.840.113556.1.4.1941:&quot;.</target>
+  <target>Campo che contiene i ND dei gruppi di cui l'utente è membro. Questo campo viene utilizzato per cercare i gruppi degli utenti, ad esempio "memberOf". Per cercare gruppi nidificati in un ambiente Active Directory, utilizzare "memberOf:1.2.840.113556.1.4.1941:".</target>
 </trans-unit>
 <trans-unit id="s891cd64acabf23bf">
   <source>Initial Permissions</source>
@@ -9440,8 +9440,8 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>Come eseguire l'autenticazione durante un flusso di richiesta del token authorization_code</target>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
-  <target>Abilita &quot;Ricordami su questo dispositivo&quot;</target>
+  <source>Enable "Remember me on this device"</source>
+  <target>Abilita "Ricordami su questo dispositivo"</target>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
   <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9585,7 +9585,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="se630f2ccd39bf9e6">
   <source>If no group is selected and 'Send notification to event user' is disabled the rule is disabled. </source>
-  <target>Se non viene selezionato alcun gruppo e l'opzione &quot;Invia notifica all'utente dell'evento&quot; è disabilitata, la regola è disabilitata.</target>
+  <target>Se non viene selezionato alcun gruppo e l'opzione "Invia notifica all'utente dell'evento" è disabilitata, la regola è disabilitata.</target>
 </trans-unit>
 <trans-unit id="s47966b2a708694e2">
   <source>Send notification to event user</source>
@@ -9593,7 +9593,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="sd30f00ff2135589c">
   <source>When enabled, notification will be sent to the user that triggered the event in addition to any users in the group above. The event user will always be the first user, to send a notification only to the event user enabled 'Send once' in the notification transport.</source>
-  <target>Se abilitata, la notifica verrà inviata all'utente che ha attivato l'evento, oltre a tutti gli utenti del gruppo sopra indicato. L'utente dell'evento sarà sempre il primo a inviare una notifica solo all'utente dell'evento che ha abilitato &quot;Invia una volta&quot; nel trasporto delle notifiche.</target>
+  <target>Se abilitata, la notifica verrà inviata all'utente che ha attivato l'evento, oltre a tutti gli utenti del gruppo sopra indicato. L'utente dell'evento sarà sempre il primo a inviare una notifica solo all'utente dell'evento che ha abilitato "Invia una volta" nel trasporto delle notifiche.</target>
 </trans-unit>
 <trans-unit id="sbd65aeeb8a3b9bbc">
   <source>Maximum registration attempts</source>
@@ -9791,7 +9791,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
   <source>Account Recovery Max Attempts</source>
@@ -9887,10 +9887,10 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
   <source>Collapse row</source>
@@ -9953,31 +9953,31 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
   <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
   <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
   <source>OCI URL</source>
@@ -9993,10 +9993,10 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
   <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -10098,7 +10098,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
   <source>Verify Assertion Signature</source>
@@ -10146,16 +10146,16 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
   <source>API drawer</source>
@@ -10278,7 +10278,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
   <source>New Group</source>
@@ -10305,16 +10305,16 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
   <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
   <source>Use inspector</source>
@@ -10503,7 +10503,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
   <source>SAML Provider</source>
@@ -10530,7 +10530,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
   <source>Edit application...</source>
@@ -10559,4 +10559,4 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
     </body>
   </file>
-</xliff>
+</xliff>

web/xliff/ko.xlf

@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="ko" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -574,9 +574,9 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>URL&quot;
-        <x id="0" equiv-text="${this.url}"/>&quot; 을(를) 찾을 수 없습니다.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>URL"
+        <x id="0" equiv-text="${this.url}"/>" 을(를) 찾을 수 없습니다.</target>
         
       </trans-unit>
       <trans-unit id="s58cd9c2fe836d9c6">
@@ -1647,8 +1647,8 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>전체 URL, 상대 경로를 입력하거나, 또는 'fa://fa-test'를 사용하여 Font Awesome 아이콘 &quot;fa-test&quot;를 사용합니다.</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>전체 URL, 상대 경로를 입력하거나, 또는 'fa://fa-test'를 사용하여 Font Awesome 아이콘 "fa-test"를 사용합니다.</target>
         
       </trans-unit>
       <trans-unit id="s0410779cb47de312">
@@ -3623,7 +3623,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
         
       </trans-unit>
       <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4647,8 +4647,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
-        <target>YubiKey 같은 &quot;로밍&quot; 인증기</target>
+        <source>A "roaming" authenticator, like a YubiKey</source>
+        <target>YubiKey 같은 "로밍" 인증기</target>
         
       </trans-unit>
       <trans-unit id="sfffba7b23d8fb40c">
@@ -5006,7 +5006,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
         <target>기간을 0 이상으로 설정하면, 사용자에게 '로그인 상태 유지'를 선택할 수 있는 옵션이 제공되며, 이 경우 세션이 여기에 지정된 시간만큼 연장됩니다.</target>
         
       </trans-unit>
@@ -7147,8 +7147,8 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>사용자 생성과 <x id="0" equiv-text="${this.group.name}"/> 그룹 추가에 성공했습니다.</target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
-  <target>이 사용자는 &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot; 그룹에 추가됩니다.</target>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
+  <target>이 사용자는 "<x id="0" equiv-text="${this.targetGroup.name}"/>" 그룹에 추가됩니다.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
   <source>Pretend user exists</source>
@@ -8261,7 +8261,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Sync Group</source>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
   <source>Parent Group</source>
@@ -8456,7 +8456,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Valid redirect URIs after a successful authorization flow. Also specify any origins here for Implicit flows.</source>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
   <source>Federated OIDC Sources</source>
@@ -9065,8 +9065,8 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>How to perform authentication during an authorization_code token request flow</source>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
-  <target>&quot;이 기기에서 계정 기억하기&quot; 활성화</target>
+  <source>Enable "Remember me on this device"</source>
+  <target>"이 기기에서 계정 기억하기" 활성화</target>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
   <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9393,7 +9393,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
   <source>Account Recovery Max Attempts</source>
@@ -9491,10 +9491,10 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
   <source>Collapse row</source>
@@ -9557,31 +9557,31 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
   <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
   <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
   <source>OCI URL</source>
@@ -9597,10 +9597,10 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
   <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -9702,7 +9702,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
   <source>Verify Assertion Signature</source>
@@ -9750,16 +9750,16 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
   <source>API drawer</source>
@@ -9882,7 +9882,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
   <source>New Group</source>
@@ -9909,16 +9909,16 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
   <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
   <source>Use inspector</source>
@@ -10107,7 +10107,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
   <source>SAML Provider</source>
@@ -10134,7 +10134,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
   <source>Edit application...</source>
@@ -10163,4 +10163,4 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
     </body>
   </file>
-</xliff>
+</xliff>

web/xliff/pl.xlf

@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="pl" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>Nie znaleziono &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot; adresu URL.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>Nie znaleziono "
+        <x id="0" equiv-text="${this.url}"/>" adresu URL.</target>
         
       </trans-unit>
       <trans-unit id="s58cd9c2fe836d9c6">
@@ -1662,7 +1662,7 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
         <target>Wprowadź pełny adres URL, ścieżkę względną lub użyj „fa://fa-test”, aby użyć ikony Font Awesome „fa-test”.</target>
         
       </trans-unit>
@@ -3651,9 +3651,9 @@ Można tu używać tylko zasad, ponieważ dostęp jest sprawdzany przed uwierzyt
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
         <target>Czy na pewno chcesz zaktualizować 
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot; 
+        <x id="0" equiv-text="${this.objectLabel}"/>" 
         <x id="1" equiv-text="${this.obj?.name}"/>”?</target>
         
       </trans-unit>
@@ -4684,7 +4684,7 @@ Można tu używać tylko zasad, ponieważ dostęp jest sprawdzany przed uwierzyt
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
         <target>„Mobilne” uwierzytelniacz, taki jak YubiKey</target>
         
       </trans-unit>
@@ -5043,7 +5043,7 @@ Można tu używać tylko zasad, ponieważ dostęp jest sprawdzany przed uwierzyt
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
         <target>W przypadku ustawienia czasu trwania powyżej 0, użytkownik będzie mógł wybrać opcję „pozostania zalogowanym”, co spowoduje przedłużenie jego sesji o określony tutaj czas.</target>
         
       </trans-unit>
@@ -7205,7 +7205,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <target>Pomyślnie utworzono użytkownika i dodano go do grupy <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
   <target>Ten użytkownik zostanie dodany do grupy &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8294,7 +8294,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
 </trans-unit>
 <trans-unit id="s9dda0789d278f5c5">
   <source>Provide users with a 'show password' button.</source>
-  <target>Udostępnij użytkownikom przycisk &quot;pokaż hasło&quot;.</target>
+  <target>Udostępnij użytkownikom przycisk "pokaż hasło".</target>
 </trans-unit>
 <trans-unit id="s2f7f35f6a5b733f5">
   <source>Show password</source>
@@ -8396,7 +8396,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <source>Sync Group</source>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
   <source>Parent Group</source>
@@ -8582,7 +8582,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <source>Valid redirect URIs after a successful authorization flow. Also specify any origins here for Implicit flows.</source>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
   <source>Federated OIDC Sources</source>
@@ -9135,7 +9135,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <source>How to perform authentication during an authorization_code token request flow</source>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
+  <source>Enable "Remember me on this device"</source>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
   <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9438,7 +9438,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
   <source>Account Recovery Max Attempts</source>
@@ -9534,10 +9534,10 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
   <source>Collapse row</source>
@@ -9600,31 +9600,31 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
   <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
   <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
   <source>OCI URL</source>
@@ -9640,10 +9640,10 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
   <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -9745,7 +9745,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
   <source>Verify Assertion Signature</source>
@@ -9793,16 +9793,16 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
   <source>API drawer</source>
@@ -9925,7 +9925,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
   <source>New Group</source>
@@ -9952,16 +9952,16 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
   <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
   <source>Use inspector</source>
@@ -10150,7 +10150,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
   <source>SAML Provider</source>
@@ -10177,7 +10177,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
   <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
   <source>Edit application...</source>
@@ -10206,4 +10206,4 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
 </trans-unit>
     </body>
   </file>
-</xliff>
+</xliff>

web/xliff/pt_BR.xlf

@@ -10308,415 +10308,551 @@ por exemplo: <x id="0" equiv-text="&lt;code&gt;"/>oci://registry.domain.tld/path
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
   <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <target>Retrair &amp;quot;<x id="0" equiv-text="${itemLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
   <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <target>Expandir &amp;quot;<x id="0" equiv-text="${itemLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
   <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <target>Selecionar &amp;quot;<x id="0" equiv-text="${itemLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
   <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <target>Itens de &amp;quot;<x id="0" equiv-text="${itemLabel}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
   <source>API drawer</source>
+  <target>Painel da API</target>
 </trans-unit>
 <trans-unit id="sf3b5b13c6b55eb4c">
   <source>Close API drawer</source>
+  <target>Fechad painel da API</target>
 </trans-unit>
 <trans-unit id="sfa991acd65f738bf">
   <source>View details for <x id="0" equiv-text="${label}"/></source>
+  <target>Ver detalhes de <x id="0" equiv-text="${label}"/></target>
 </trans-unit>
 <trans-unit id="s5bb4026da28b7914">
   <source>Mark as read</source>
+  <target>Marcar como lido</target>
 </trans-unit>
 <trans-unit id="sc0064c91ad2aa90b">
   <source>Notification drawer</source>
+  <target>Painel de notificações</target>
 </trans-unit>
 <trans-unit id="s3ef09dfdd0568b6e">
   <source>Search by username, email, etc...</source>
+  <target>BuscF por nome de usuário, email, etc...</target>
 </trans-unit>
 <trans-unit id="sd65f96914ccbeb76">
   <source>User Search</source>
+  <target>Busca de usuário</target>
 </trans-unit>
 <trans-unit id="s7c6c86d9a97ed706">
   <source>Show deactivated users</source>
+  <target>Mostrar usuários ativos</target>
 </trans-unit>
 <trans-unit id="s462975174949cfc0">
   <source>New User</source>
+  <target>Novo Usuário</target>
 </trans-unit>
 <trans-unit id="s7d620371caea15e1">
   <source>Create Service Account</source>
+  <target>Criar Conta de Serviço</target>
 </trans-unit>
 <trans-unit id="sc47c8364ef524c1d">
   <source>New Service Account</source>
+  <target>Nova Conta de Serviço</target>
 </trans-unit>
 <trans-unit id="s441f155311f1748a">
   <source>User paths</source>
+  <target>Caminhos de usuário</target>
 </trans-unit>
 <trans-unit id="sd5d9adfcbd8abdfe">
   <source>Bot username</source>
+  <target>Usuário do bot</target>
 </trans-unit>
 <trans-unit id="saf5316edc3679fef">
   <source>Bot token</source>
+  <target>Token do bot</target>
 </trans-unit>
 <trans-unit id="s64b935d223a99731">
   <source>Request access to send messages from your bot</source>
+  <target>Solicitar acesso para enviar mensagens do seu bot</target>
 </trans-unit>
 <trans-unit id="s500a041b1fab7aac">
   <source>Telegram Attribute mapping</source>
+  <target>Mapeamento de atributos do Telegram</target>
 </trans-unit>
 <trans-unit id="s463491b90193d86b">
   <source>Telegram bot</source>
+  <target>Bot do Telegram</target>
 </trans-unit>
 <trans-unit id="s4014853299a8bb20">
   <source>Update Telegram Source</source>
+  <target>Atualizar Origem do Telegram</target>
 </trans-unit>
 <trans-unit id="sf376ae7e9ef41c1a">
   <source>Authenticating with Telegram...</source>
+  <target>Autenticando com Telegram...</target>
 </trans-unit>
 <trans-unit id="s76ea993fdc8503d8">
   <source>Click the button below to start.</source>
+  <target>Clique no botão abaixo para iniciar.</target>
 </trans-unit>
 <trans-unit id="sd2fa988f1774cfde">
   <source>System Status</source>
+  <target>Status do Sistema</target>
 </trans-unit>
 <trans-unit id="s66f26fdcbe2101eb">
   <source>Chart</source>
+  <target>Gráfico</target>
 </trans-unit>
 <trans-unit id="s7b58d033cc5112ab">
   <source>Event volume chart</source>
+  <target>Gráfico de volume de eventos</target>
 </trans-unit>
 <trans-unit id="s0914f91b3f985f0f">
   <source>Synchronization status chart</source>
+  <target>Gráfico de status de sincronização</target>
 </trans-unit>
 <trans-unit id="s3f01dbc864d2a8b9">
   <source>Outpost status chart</source>
+  <target>Gráfico de status de Outpost</target>
 </trans-unit>
 <trans-unit id="s7f073c746d0f6324">
   <source>Form actions</source>
+  <target>Ações do formulário</target>
 </trans-unit>
 <trans-unit id="sfd81bd296e2f7585">
   <source>Submit action</source>
+  <target>Ação de envio</target>
 </trans-unit>
 <trans-unit id="s5baec8151f4a4433">
   <source>Cancel action</source>
+  <target>Açao de cancelamento</target>
 </trans-unit>
 <trans-unit id="s1ec022562e3d515b">
   <source>Search for users by username or display name...</source>
+  <target>Pesquisar usuários por nome de usuário ou nome de exibição...</target>
 </trans-unit>
 <trans-unit id="s65f6a2f5e2b848e1">
   <source>Search Users</source>
+  <target>Pesquisar Usuários</target>
 </trans-unit>
 <trans-unit id="sd416adae573583d5">
   <source>Select Users</source>
+  <target>Selecionar Usuários</target>
 </trans-unit>
 <trans-unit id="s93d69514c94ad635">
   <source>Select users</source>
+  <target>Selecionar usuários</target>
 </trans-unit>
 <trans-unit id="sb85774dc5d18ff0f">
   <source>Confirm</source>
+  <target>Confirmar</target>
 </trans-unit>
 <trans-unit id="s9436f1bf4400f6a6">
   <source>Type a group name...</source>
+  <target>Digite um nome de grupo</target>
 </trans-unit>
 <trans-unit id="s2d9356347ff7c77f">
   <source>Group Name</source>
+  <target>Nome de Grupo</target>
 </trans-unit>
 <trans-unit id="sf45dac7c571f18bd">
   <source>Superuser Privileges</source>
+  <target>Privilégios de Superusuário</target>
 </trans-unit>
 <trans-unit id="sbf8a7af4eafa87f8">
   <source>Whether users added to this group will have superuser privileges.</source>
+  <target>Indica se os usuários adicionados a este grupo terão privilégios de superusuário.</target>
 </trans-unit>
 <trans-unit id="sb05313d80a8b531f">
   <source>Select an optional parent group...</source>
+  <target>Selecionar um grupo pai opcional...</target>
 </trans-unit>
 <trans-unit id="sf0d94539428a0900">
   <source>Search for a group by name…</source>
+  <target>Pesquisar grupo por nome...</target>
 </trans-unit>
 <trans-unit id="s77ec9e27e9ae81b8">
   <source>Group Search</source>
+  <target>Busca de Grupo</target>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
   <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <target>Ver detslhes do grupo &amp;quot;<x id="0" equiv-text="${item.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
   <source>New Group</source>
+  <target>Novo Grupo</target>
 </trans-unit>
 <trans-unit id="s3d0a5ad9bdb617e2">
   <source>Open user selection dialog</source>
+  <target>Abrir janela de seleção de usuário</target>
 </trans-unit>
 <trans-unit id="s362bf0ff6d7db6c9">
   <source>Group User Search</source>
+  <target>Busca de Usuário do Grupo</target>
 </trans-unit>
 <trans-unit id="se040a9c3444c727c">
   <source>Group Users</source>
+  <target>Usuários do Grupo</target>
 </trans-unit>
 <trans-unit id="sac6c67e92bd30229">
   <source>Assign Additional Users</source>
+  <target>Atribuir Usuários Adicionais</target>
 </trans-unit>
 <trans-unit id="sf6aec5a09661fe61">
   <source>Add new user</source>
+  <target>Adicionar novo usuário</target>
 </trans-unit>
 <trans-unit id="s0051b0d8e6decea6">
   <source>New user...</source>
+  <target>Novo usuário...</target>
 </trans-unit>
 <trans-unit id="s384699f614f39071">
   <source>New service account...</source>
+  <target>Nova conta de serviço...</target>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
   <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <target>Executar &amp;quot;<x id="0" equiv-text="${this.flow.name}"/>&amp;quot; normalmente</target>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
   <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <target>Executar &amp;quot;<x id="0" equiv-text="${this.flow.name}"/>&amp;quot; como o usuário atual</target>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
   <source>Current user</source>
+  <target>Usuário atual</target>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
   <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <target>Executar &amp;quot;<x id="0" equiv-text="${this.flow.name}"/>&amp;quot; com inspecionador</target>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
   <source>Use inspector</source>
+  <target>Usar inspecionador</target>
 </trans-unit>
 <trans-unit id="s482bc55a78891ef7">
   <source>A code has been sent to your address: <x id="0" equiv-text="${email}"/></source>
+  <target>Um código foi enviado para seu email: <x id="0" equiv-text="${email}"/></target>
 </trans-unit>
 <trans-unit id="s5afa3fc77ce8d94d">
   <source>A code has been sent to your email address.</source>
+  <target>Um código foi enviado para seu endereço de email.</target>
 </trans-unit>
 <trans-unit id="s37f47fa981493c3b">
   <source>A one-time use code has been sent to you via SMS text message.</source>
+  <target>Um código de uso único foi enviado a você via mensagem SMS.</target>
 </trans-unit>
 <trans-unit id="sc92a7248dba5f388">
   <source>Open your authenticator app to retrieve a one-time use code.</source>
+  <target>Abra seu aplicativo de autenticação para obter um código de uso único.</target>
 </trans-unit>
 <trans-unit id="s775f81ca91aa2d0c">
   <source>Policy actions</source>
+  <target>Ações da política</target>
 </trans-unit>
 <trans-unit id="sa4be93eb7f4e51e3">
   <source>Site links</source>
+  <target>Links do site</target>
 </trans-unit>
 <trans-unit id="s15d6fabebb4ef2d8">
   <source>User information</source>
+  <target>Informações do usuário</target>
 </trans-unit>
 <trans-unit id="s4607a8246d0d6265">
   <source>Avatar for <x id="0" equiv-text="${this.user}"/></source>
+  <target>Avatar de <x id="0" equiv-text="${this.user}"/></target>
 </trans-unit>
 <trans-unit id="sb0dbcf3bb1127907">
   <source>User avatar</source>
+  <target>Avatar do usuário</target>
 </trans-unit>
 <trans-unit id="s8d6236ad153d42c0">
   <source>CAPTCHA challenge</source>
+  <target>Desafio de CAPTCHA</target>
 </trans-unit>
 <trans-unit id="sc091f75b942ec081">
   <source>QR-Code to setup a time-based one-time password</source>
+  <target>QR-Code para configurar uma senha de uso único baseada em tempo</target>
 </trans-unit>
 <trans-unit id="s6db67c7681b8be6e">
   <source>Copy time-based one-time password configuration</source>
+  <target>Copiar configuração de senha de uso único baseada em tempo</target>
 </trans-unit>
 <trans-unit id="s43e859bf711e3599">
   <source>Copy TOTP Config</source>
+  <target>Copiar configuração TOTP</target>
 </trans-unit>
 <trans-unit id="sa5562e0115ffbccd">
   <source>Time-based one-time password</source>
+  <target>Senha de uso único baseada em tempo</target>
 </trans-unit>
 <trans-unit id="s40f44c0d88807fd5">
   <source>TOTP Code</source>
+  <target>Código TOTP</target>
 </trans-unit>
 <trans-unit id="s95474cc8c73dd9c0">
   <source>Type your TOTP code...</source>
+  <target>Digite seu código TOTP...</target>
 </trans-unit>
 <trans-unit id="s168d0c138b63286d">
   <source>Type your time-based one-time password code.</source>
+  <target>Digite seu código de senha de uso único baseada em tempo.</target>
 </trans-unit>
 <trans-unit id="s14e8ac4d377a1a99">
   <source>Type an authentication code...</source>
+  <target>Digite um código de autenticação...</target>
 </trans-unit>
 <trans-unit id="s8bb0a1b672b52954">
   <source>In case you lose access to your primary authenticators.</source>
+  <target>Caso você perca acesso ao seu método de autenticação principal.</target>
 </trans-unit>
 <trans-unit id="s76d21e163887ddd1">
   <source>Unknown device</source>
+  <target>Dispositivo desconhecido</target>
 </trans-unit>
 <trans-unit id="sf0ceaf3116e31fd4">
   <source>An unknown device class was provided.</source>
+  <target>Uma classe de dispositivo não reconhecida foi fornecida.</target>
 </trans-unit>
 <trans-unit id="s610fced3957d0471">
   <source>Select an authentication method</source>
+  <target>Selecione um método de autenticação</target>
 </trans-unit>
 <trans-unit id="s1213df84313e1937">
   <source>No authentication methods available.</source>
+  <target>Nenhum método de autenticação disponível.</target>
 </trans-unit>
 <trans-unit id="s958cedec1cb3fc52">
   <source>Select a configuration stage</source>
+  <target>Selecione um estágio de configuração</target>
 </trans-unit>
 <trans-unit id="sb69e43f2f6bd1b54">
   <source>Close flow inspector</source>
+  <target>Fechar inspecionador de fluxo</target>
 </trans-unit>
 <trans-unit id="s857cf5aa8955cf5c">
   <source>Flow inspector loading</source>
+  <target>Inspecionador de fluxo carregando</target>
 </trans-unit>
 <trans-unit id="sa17ce23517e56461">
   <source>Authentication form</source>
+  <target>Formulário de autenticação</target>
 </trans-unit>
 <trans-unit id="sdd2ea73c24b40d5d">
   <source>Site footer</source>
+  <target>Footer do site</target>
 </trans-unit>
 <trans-unit id="s2f06038e5cfd09df">
   <source>Consumed</source>
+  <target>Consumido</target>
 </trans-unit>
 <trans-unit id="s556a7cc7c0c9f032">
   <source>Pre-processing</source>
+  <target>Pré processamento</target>
 </trans-unit>
 <trans-unit id="sb37a630168e1e0e5">
   <source>Post-processing</source>
+  <target>Pós processamento</target>
 </trans-unit>
 <trans-unit id="s94f08f46277af7d6">
   <source>Running tasks</source>
+  <target>Tarefas em andamento</target>
 </trans-unit>
 <trans-unit id="s8b551364b894d1ee">
   <source>Queued tasks</source>
+  <target>Tarefas enfileiradas</target>
 </trans-unit>
 <trans-unit id="s2139d19009989a19">
   <source>Successful tasks</source>
+  <target>Tarefas bem-sucedidas</target>
 </trans-unit>
 <trans-unit id="s0787cd9eab5aa6e3">
   <source>Error tasks</source>
+  <target>Tarefas com erro</target>
 </trans-unit>
 <trans-unit id="s531571491deb239a">
   <source>Approximately</source>
+  <target>Aproximadamente</target>
 </trans-unit>
 <trans-unit id="sc62e587718608e85">
   <source>No expiry</source>
+  <target>Sem expiração</target>
 </trans-unit>
 <trans-unit id="s84fb675fb17d4455">
   <source>Retries</source>
+  <target>Tentativas</target>
 </trans-unit>
 <trans-unit id="s1d300a2f13c19ab4">
   <source>Planned execution time</source>
+  <target>Tempo de execução planejado</target>
 </trans-unit>
 <trans-unit id="s3736936aac1adc2e">
   <source>Open flow inspector</source>
+  <target>Abrir inspecionador de fluxo</target>
 </trans-unit>
 <trans-unit id="s1ff2128af96d843f">
   <source>Available applications</source>
+  <target>Aplicações disponíveis</target>
 </trans-unit>
 <trans-unit id="sda842e40ed1d9a2f">
   <source>Application search</source>
+  <target>Busca por aplicação</target>
 </trans-unit>
 <trans-unit id="s65b433c52c2ad8eb">
   <source>Search for an application by name...</source>
+  <target>Busque uma aplicação por nome...</target>
 </trans-unit>
 <trans-unit id="sa3056b3252b4b52c">
   <source>Back-channel</source>
+  <target>Back-channel</target>
 </trans-unit>
 <trans-unit id="saa3d821fc889a636">
   <source>Server-to-server logout notifications</source>
+  <target>Notificações de logout servidor-a-servidor</target>
 </trans-unit>
 <trans-unit id="s9f448d01a0354e8e">
   <source>Front-channel</source>
+  <target>Front-channel</target>
 </trans-unit>
 <trans-unit id="s83ba71823baf9a51">
   <source>Browser iframe logout notifications</source>
+  <target>Notificações de logout de iframe de navegador</target>
 </trans-unit>
 <trans-unit id="s145480489b87a109">
   <source>Logout URI</source>
+  <target>URI de logout</target>
 </trans-unit>
 <trans-unit id="s37018999e29f65b3">
   <source>URI to send logout notifications to when users log out. Required for OpenID Connect Logout functionality.</source>
+  <target>URI para enviar notificações de logoout quando usuários realizam logout. Obrigatório para a funcionalidade OpenID Connect Logout.</target>
 </trans-unit>
 <trans-unit id="s2dcb6d1fd145b834">
   <source>Logout Method</source>
+  <target>Método de Logout</target>
 </trans-unit>
 <trans-unit id="s2e527acc2a73da87">
   <source>The logout method determines how the logout URI is called — back-channel (server-to-server) or front-channel (browser iframe).</source>
+  <target>O método de logout determina como o URI de logout é chamado — back-channel (servidor-a-servidor) ou front-channel (iframe do navegador).</target>
 </trans-unit>
 <trans-unit id="sa4bd902fbc432ab8">
   <source>Sign logout requests</source>
+  <target>Assinar solicitações de logout</target>
 </trans-unit>
 <trans-unit id="sb1e6dc6d91ce352e">
   <source>When enabled, SAML logout requests will be signed.</source>
+  <target>Quando habilitado, solicitações de logout SAML serão assinadas.</target>
 </trans-unit>
 <trans-unit id="sd1ab93a011b2f1f5">
   <source>Front-channel (Iframe)</source>
+  <target>Front-channel (iframe)</target>
 </trans-unit>
 <trans-unit id="s885ea9abccda30d8">
   <source>Front-channel (Native)</source>
+  <target>Front-channel (Nativo)</target>
 </trans-unit>
 <trans-unit id="s34cd8ae3ee828045">
   <source>Back-channel (POST)</source>
+  <target>Back-channel (POST)</target>
 </trans-unit>
 <trans-unit id="s7f7be294b1bef506">
   <source>SLS Binding</source>
+  <target>Vínculo SLS</target>
 </trans-unit>
 <trans-unit id="s9104cd1063aa6a4a">
   <source>Determines how authentik sends the logout response back to the Service Provider.</source>
+  <target>Determina como Authentik envia a resposta de logout de volta ao Service Provider.</target>
 </trans-unit>
 <trans-unit id="sd1fba3c745c016a8">
   <source>Method to use for logout when SLS URL is configured.</source>
+  <target>Método de logout a ser usado quando o URL SLS é configurado.</target>
 </trans-unit>
 <trans-unit id="sc71892084574cf32">
   <source>SLS URL</source>
+  <target>URL SLS</target>
 </trans-unit>
 <trans-unit id="s21658078c6fdf964">
   <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
+  <target>Service Logout URL opcional usado para enviar respostas de logout. Se não for definido, nenhuma resposta de logout será enviada.</target>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
   <source/>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
   <source>SAML Provider</source>
+  <target>Provedor SAML</target>
 </trans-unit>
 <trans-unit id="sca83a1f9227f74b9">
   <source>SAML logout complete</source>
+  <target>Logout SAML finalizado</target>
 </trans-unit>
 <trans-unit id="s7b90eab7969ae056">
   <source>Redirecting to SAML provider: <x id="0" equiv-text="${providerName}"/></source>
+  <target>Redirecionando ao provedor SAML: <x id="0" equiv-text="${providerName}"/></target>
 </trans-unit>
 <trans-unit id="s3e6174b645d96835">
   <source>Posting logout request to SAML provider: <x id="0" equiv-text="${providerName}"/></source>
+  <target>Enviando requisição de logout ao provedor SAML: <x id="0" equiv-text="${providerName}"/></target>
 </trans-unit>
 <trans-unit id="s0b1ffff8bedd6b8a">
   <source>Unknown Provider</source>
+  <target>Provedor Desconhecido</target>
 </trans-unit>
 <trans-unit id="s777e86d562523c85">
   <source>Logging out of providers...</source>
+  <target>Saindo dos provedores...</target>
 </trans-unit>
 <trans-unit id="s4980379bf8461c2d">
   <source>Single Logout</source>
+  <target>Logout Único</target>
 </trans-unit>
 <trans-unit id="sc82cf82ad6cb26cc">
   <source>The user's display name.</source>
+  <target>O nome de exibição do usuário.</target>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
   <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <target>Ações para &amp;quot;<x id="0" equiv-text="${application.name}"/>&amp;quot;</target>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
   <source>Edit application...</source>
+  <target>Editar aplicação...</target>
 </trans-unit>
 <trans-unit id="ellipsis">
   <source>...</source>
+  <target>...</target>
   <note from="lit-localize">Truncation ellipsis</note>
 </trans-unit>
 <trans-unit id="s8b0e21adf383c8ba">
   <source>.yaml files, which can be found in the Example Flows documentation</source>
+  <target>Arquivos .yaml, que podem ser encontrados na documentação &quot;Example Flows&quot;</target>
 </trans-unit>
 <trans-unit id="s139200afa0695967">
   <source>Plain</source>
+  <target>Plain</target>
 </trans-unit>
 <trans-unit id="s7a316723c6bb33eb">
   <source>S256</source>
+  <target>S256</target>
 </trans-unit>
 <trans-unit id="s311c22ee852736e9">
   <source>PKCE Method</source>
+  <target>Método PKCE</target>
 </trans-unit>
 <trans-unit id="sa9afb0f84a3c380d">
   <source>Configure Proof Key for Code Exchange for this source.</source>
+  <target>Configurar Proof Key for Code Exchange para esta origem.</target>
 </trans-unit>
 <trans-unit id="s2e6c714bb95c18a3">
   <source>User settings</source>
+  <target>Configurações de usuário</target>
 </trans-unit>
     </body>
   </file>

web/xliff/ru.xlf

@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="ru" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot; не найден.</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>URL "
+        <x id="0" equiv-text="${this.url}"/>" не найден.</target>
         
       </trans-unit>
       <trans-unit id="s58cd9c2fe836d9c6">
@@ -1662,8 +1662,8 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>Введите полный URL-адрес, относительный путь или используйте 'fa://fa-test', чтобы использовать иконку Font Awesome &quot;fa-test&quot;.</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>Введите полный URL-адрес, относительный путь или используйте 'fa://fa-test', чтобы использовать иконку Font Awesome "fa-test".</target>
         
       </trans-unit>
       <trans-unit id="s0410779cb47de312">
@@ -3614,7 +3614,7 @@ doesn't pass when either or both of the selected options are equal or above the
       </trans-unit>
       <trans-unit id="s6b6e6eb037aef7da">
         <source>Use the username and password below to authenticate. The password can be retrieved later on the Tokens page.</source>
-        <target>Для аутентификации используйте указанные ниже имя пользователя и пароль. Пароль можно получить позже на странице &quot;Токены&quot;.</target>
+        <target>Для аутентификации используйте указанные ниже имя пользователя и пароль. Пароль можно получить позже на странице "Токены".</target>
         
       </trans-unit>
       <trans-unit id="sf6e1665c7022a1f8">
@@ -3650,10 +3650,10 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
         <target>Вы уверены, что хотите обновить
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot;?</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>"?</target>
         
       </trans-unit>
       <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4683,7 +4683,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
         <target>Переносной аутентификатор, например YubiKey</target>
         
       </trans-unit>
@@ -5038,12 +5038,12 @@ doesn't pass when either or both of the selected options are equal or above the
       </trans-unit>
       <trans-unit id="s2512334108f06a5a">
         <source>Stay signed in offset</source>
-        <target>Смещение &quot;Оставаться в системе&quot;</target>
+        <target>Смещение "Оставаться в системе"</target>
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
-        <target>Если значение продолжительности больше 0, у пользователя будет возможность выбрать опцию &quot;оставаться в системе&quot;, что продлит его сеанс на указанное здесь время.</target>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
+        <target>Если значение продолжительности больше 0, у пользователя будет возможность выбрать опцию "оставаться в системе", что продлит его сеанс на указанное здесь время.</target>
         
       </trans-unit>
       <trans-unit id="s542a71bb8f41e057">
@@ -7097,7 +7097,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s070fdfb03034ca9b">
   <source>One hint, 'New Application Wizard', is currently hidden</source>
-  <target>Одна подсказка, &quot;Мастер создания нового приложения&quot;, в настоящее время скрыта</target>
+  <target>Одна подсказка, "Мастер создания нового приложения", в настоящее время скрыта</target>
 </trans-unit>
 <trans-unit id="s1cc306d8e28c4464">
   <source>Deny message</source>
@@ -7204,7 +7204,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>Пользователь успешно создан и добавлен в группу <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
   <target>Этот пользователь будет добавлен в группу &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8295,7 +8295,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="sd8a5f7269b7ac7a3">
   <source>Caution: This authentik instance has entered read-only mode due to expired/exceeded licenses.</source>
-  <target>Внимание: Этот экземпляр authentik перешел в режим &quot;только чтение&quot; из-за истекших/превышенных лицензий.</target>
+  <target>Внимание: Этот экземпляр authentik перешел в режим "только чтение" из-за истекших/превышенных лицензий.</target>
 </trans-unit>
 <trans-unit id="se8c58e65674b6847">
   <source>This authentik instance uses a Trial license.</source>
@@ -8323,7 +8323,7 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s9dda0789d278f5c5">
   <source>Provide users with a 'show password' button.</source>
-  <target>Предоставить пользователям кнопку &quot;показать пароль&quot;.</target>
+  <target>Предоставить пользователям кнопку "показать пароль".</target>
 </trans-unit>
 <trans-unit id="s2f7f35f6a5b733f5">
   <source>Show password</source>
@@ -8434,7 +8434,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>Группа синхронизации </target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
   <source>Parent Group</source>
@@ -8631,7 +8631,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Valid redirect URIs after a successful authorization flow. Also specify any origins here for Implicit flows.</source>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
   <source>Federated OIDC Sources</source>
@@ -9225,7 +9225,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>How to perform authentication during an authorization_code token request flow</source>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
+  <source>Enable "Remember me on this device"</source>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
   <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9528,7 +9528,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
   <source>Account Recovery Max Attempts</source>
@@ -9624,10 +9624,10 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
   <source>Collapse row</source>
@@ -9690,31 +9690,31 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
   <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
   <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
   <source>OCI URL</source>
@@ -9730,10 +9730,10 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
   <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -9835,7 +9835,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
   <source>Verify Assertion Signature</source>
@@ -9883,16 +9883,16 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
   <source>API drawer</source>
@@ -10015,7 +10015,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
   <source>New Group</source>
@@ -10042,16 +10042,16 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
   <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
   <source>Use inspector</source>
@@ -10240,7 +10240,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
   <source>SAML Provider</source>
@@ -10267,7 +10267,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
   <source>Edit application...</source>
@@ -10296,4 +10296,4 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
     </body>
   </file>
-</xliff>
+</xliff>

web/xliff/tr.xlf

@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="tr" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -577,7 +577,7 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
         <target><x id="0" equiv-text="${this.url}"/> URL adresi bulunamadı.</target>
         
       </trans-unit>
@@ -1645,7 +1645,7 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
         <target>Ya tam bir URL, göreli bir yol girin ya da 'fa://fa-test' Yazı Tipi Awesome simgesini “fa-test” kullanmak için kullanın.</target>
         
       </trans-unit>
@@ -3626,8 +3626,8 @@ Belirlenen seçeneklerden biri veya her ikisi de eşiğe eşit veya eşiğin üz
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
-        <target><x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot; Güncellemek istediğinizden emin misiniz?</target>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
+        <target><x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>" Güncellemek istediğinizden emin misiniz?</target>
         
       </trans-unit>
       <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4654,8 +4654,8 @@ Belirlenen seçeneklerden biri veya her ikisi de eşiğe eşit veya eşiğin üz
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
-        <target>YubiKey gibi bir &quot;dolaşımda&quot; kimlik doğrulayıcı</target>
+        <source>A "roaming" authenticator, like a YubiKey</source>
+        <target>YubiKey gibi bir "dolaşımda" kimlik doğrulayıcı</target>
         
       </trans-unit>
       <trans-unit id="sfffba7b23d8fb40c">
@@ -5013,8 +5013,8 @@ Belirlenen seçeneklerden biri veya her ikisi de eşiğe eşit veya eşiğin üz
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
-        <target>0'ın üzerinde bir süreye ayarlanırsa, kullanıcı &quot;oturumu açık kalsın&quot; seçeneğini seçebilir ve bu da oturumunu burada belirtilen süre kadar uzatır.</target>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
+        <target>0'ın üzerinde bir süreye ayarlanırsa, kullanıcı "oturumu açık kalsın" seçeneğini seçebilir ve bu da oturumunu burada belirtilen süre kadar uzatır.</target>
         
       </trans-unit>
       <trans-unit id="s542a71bb8f41e057">
@@ -7164,8 +7164,8 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <target>Kullanıcı başarıyla oluşturuldu ve <x id="0" equiv-text="${this.group.name}"/> grubuna eklendi.</target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
-  <target>Bu kullanıcı &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot; grubuna eklenecek.</target>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
+  <target>Bu kullanıcı "<x id="0" equiv-text="${this.targetGroup.name}"/>" grubuna eklenecek.</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
   <source>Pretend user exists</source>
@@ -8413,7 +8413,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <target>Grubu Eşitle</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
   <source>Parent Group</source>
@@ -8533,7 +8533,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
 </trans-unit>
 <trans-unit id="s95722900b0c9026f">
   <source>Credentials cache used to authenticate to the KDC for syncing. Optional if Sync password or Sync keytab is provided. Must be in the form TYPE:residual.</source>
-  <target>Eşitleme için KDC'de kimlik doğrulaması yapmak için kullanılan kimlik bilgileri önbelleği. Senkronizasyon şifresi veya Senkronizasyon tuşu sekmesi sağlanmışsa isteğe bağlıdır. TYPE:residual&quot; şeklinde olmalıdır.</target>
+  <target>Eşitleme için KDC'de kimlik doğrulaması yapmak için kullanılan kimlik bilgileri önbelleği. Senkronizasyon şifresi veya Senkronizasyon tuşu sekmesi sağlanmışsa isteğe bağlıdır. TYPE:residual" şeklinde olmalıdır.</target>
 </trans-unit>
 <trans-unit id="sf9c055db98d7994a">
   <source>SPNEGO settings</source>
@@ -8561,7 +8561,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
 </trans-unit>
 <trans-unit id="sd9757c345e4062f8">
   <source>Credentials cache used for SPNEGO. Optional if SPNEGO keytab is provided. Must be in the form TYPE:residual.</source>
-  <target>SPNEGO için kullanılan kimlik bilgileri önbelleği. SPNEGO tuş sekmesi sağlanmışsa isteğe bağlıdır. TYPE:residual&quot; şeklinde olmalıdır.</target>
+  <target>SPNEGO için kullanılan kimlik bilgileri önbelleği. SPNEGO tuş sekmesi sağlanmışsa isteğe bağlıdır. TYPE:residual" şeklinde olmalıdır.</target>
 </trans-unit>
 <trans-unit id="s734ab8fbcae0b69e">
   <source>Kerberos Attribute mapping</source>
@@ -8646,7 +8646,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <source>Valid redirect URIs after a successful authorization flow. Also specify any origins here for Implicit flows.</source>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
   <source>Federated OIDC Sources</source>
@@ -9199,7 +9199,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <source>How to perform authentication during an authorization_code token request flow</source>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
+  <source>Enable "Remember me on this device"</source>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
   <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9502,7 +9502,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
   <source>Account Recovery Max Attempts</source>
@@ -9598,10 +9598,10 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
   <source>Collapse row</source>
@@ -9664,31 +9664,31 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
   <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
   <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
   <source>OCI URL</source>
@@ -9704,10 +9704,10 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
   <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -9809,7 +9809,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
   <source>Verify Assertion Signature</source>
@@ -9857,16 +9857,16 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
   <source>API drawer</source>
@@ -9989,7 +9989,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
   <source>New Group</source>
@@ -10016,16 +10016,16 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
   <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
   <source>Use inspector</source>
@@ -10214,7 +10214,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
   <source>SAML Provider</source>
@@ -10241,7 +10241,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
   <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
   <source>Edit application...</source>
@@ -10270,4 +10270,4 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
 </trans-unit>
     </body>
   </file>
-</xliff>
+</xliff>

web/xliff/zh-Hans.xlf

@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="zh-Hans" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -586,9 +586,9 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>未找到 URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot;。</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>未找到 URL "
+        <x id="0" equiv-text="${this.url}"/>"。</target>
         
       </trans-unit>
       <trans-unit id="s58cd9c2fe836d9c6">
@@ -1662,8 +1662,8 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 &quot;fa-test&quot;。</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。</target>
         
       </trans-unit>
       <trans-unit id="s0410779cb47de312">
@@ -3650,10 +3650,10 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
         <target>您确定要更新
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot; 吗？</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>" 吗？</target>
         
       </trans-unit>
       <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4683,7 +4683,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
         <target>像 YubiKey 这样的“漫游”身份验证器</target>
         
       </trans-unit>
@@ -5042,7 +5042,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
         <target>如果设置时长大于 0，用户可以选择“保持登录”选项，这将使用户的会话延长此处设置的时间。</target>
         
       </trans-unit>
@@ -7204,7 +7204,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>成功创建用户并添加到组 <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
   <target>此用户将会被添加到组 &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;。</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8454,7 +8454,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>同步组</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
   <target><x id="0" equiv-text="${p.name}"/>（&amp;quot;<x id="1" equiv-text="${p.fieldKey}"/>&amp;quot;，类型为 <x id="2" equiv-text="${p.type}"/>）</target>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
@@ -8702,8 +8702,8 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>授权流程成功后有效的重定向 URI。还可以在此处为隐式流程指定任何来源。</target>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-  <target>要允许任何重定向 URI，请设置模式为正则表达式，并将此值设置为 &quot;.*&quot;。请注意这可能带来的安全影响。</target>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
+  <target>要允许任何重定向 URI，请设置模式为正则表达式，并将此值设置为 ".*"。请注意这可能带来的安全影响。</target>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
   <source>Federated OIDC Sources</source>
@@ -9440,7 +9440,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>在 authorization_code 令牌请求流程期间，如何执行身份验证</target>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
+  <source>Enable "Remember me on this device"</source>
   <target>启用“在此设备上记住我”</target>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
@@ -9792,7 +9792,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
   <source>Account Recovery Max Attempts</source>
@@ -9888,10 +9888,10 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
   <source>Collapse row</source>
@@ -9954,31 +9954,31 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
   <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
   <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
   <source>OCI URL</source>
@@ -9994,10 +9994,10 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
   <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -10099,7 +10099,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
   <source>Verify Assertion Signature</source>
@@ -10147,16 +10147,16 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
   <source>API drawer</source>
@@ -10279,7 +10279,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
   <source>New Group</source>
@@ -10306,16 +10306,16 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
   <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
   <source>Use inspector</source>
@@ -10504,7 +10504,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
   <source>SAML Provider</source>
@@ -10531,7 +10531,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
   <source>Edit application...</source>
@@ -10560,4 +10560,4 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
     </body>
   </file>
-</xliff>
+</xliff>

web/xliff/zh_TW.xlf

@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="zh-TW" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -572,7 +572,7 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
         
       </trans-unit>
       <trans-unit id="s58cd9c2fe836d9c6">
@@ -1634,7 +1634,7 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
         <target>輸入完整網址、相對路徑，或者使用 'fa://fa-test' 來使用 Font Awesome 圖示 「fa-test」。</target>
         
       </trans-unit>
@@ -3605,7 +3605,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
         
       </trans-unit>
       <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4625,7 +4625,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
         <target>外接式的身分認證器，例如 YubiKey</target>
         
       </trans-unit>
@@ -4984,7 +4984,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
         <target>如果持續時間大於零，使用者介面上將會有「保持登入」選項。這將會依照設定的時間延長會談。</target>
         
       </trans-unit>
@@ -7121,7 +7121,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>成功建立使用者並加入到群組 <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
   <target>這個使用者將會被加入到「<x id="0" equiv-text="${this.targetGroup.name}"/>」群組。</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -8059,7 +8059,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Sync Group</source>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${p.name}"/> (&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${p.type}"/>)</source>
+  <source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
 </trans-unit>
 <trans-unit id="s25bacc19d98b444e">
   <source>Parent Group</source>
@@ -8245,7 +8245,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Valid redirect URIs after a successful authorization flow. Also specify any origins here for Implicit flows.</source>
 </trans-unit>
 <trans-unit id="s4c49d27de60a532b">
-  <source>To allow any redirect URI, set the mode to Regex and the value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
+  <source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
 </trans-unit>
 <trans-unit id="sa52bf79fe1ccb13e">
   <source>Federated OIDC Sources</source>
@@ -8798,7 +8798,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>How to perform authentication during an authorization_code token request flow</source>
 </trans-unit>
 <trans-unit id="s844baf19a6c4a9b4">
-  <source>Enable &quot;Remember me on this device&quot;</source>
+  <source>Enable "Remember me on this device"</source>
 </trans-unit>
 <trans-unit id="sfa72bca733f40692">
   <source>When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password.</source>
@@ -9101,7 +9101,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>e.g. Collaboration, Communication, Internal, etc.</source>
 </trans-unit>
 <trans-unit id="sb6fcdabf769208a1">
-  <source>Failed to fetch application &quot;<x id="0" equiv-text="${this.applicationSlug}"/>&quot;.</source>
+  <source>Failed to fetch application "<x id="0" equiv-text="${this.applicationSlug}"/>".</source>
 </trans-unit>
 <trans-unit id="s32fc592c4a264edd">
   <source>Account Recovery Max Attempts</source>
@@ -9197,10 +9197,10 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source><x id="0" equiv-text="${this.label || &quot;&quot;}"/> table pagination</source>
 </trans-unit>
 <trans-unit id="sd9b15395dd103f80">
-  <source>Sort by &quot;<x id="0" equiv-text="${label}"/>&quot;</source>
+  <source>Sort by "<x id="0" equiv-text="${label}"/>"</source>
 </trans-unit>
 <trans-unit id="s7dd64bb0c1fa8e87">
-  <source>Select &quot;<x id="0" equiv-text="${rowLabel}"/>&quot; row</source>
+  <source>Select "<x id="0" equiv-text="${rowLabel}"/>" row</source>
 </trans-unit>
 <trans-unit id="sd26f670ca5d5b0c6">
   <source>Collapse row</source>
@@ -9263,31 +9263,31 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Provider not assigned to any application.</source>
 </trans-unit>
 <trans-unit id="sfbb87c9ced1fde54">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; provider</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" provider</source>
 </trans-unit>
 <trans-unit id="s0a3fdba3a68a2730">
   <source>Applications Documentation</source>
 </trans-unit>
 <trans-unit id="sf07bfbe5316e7cc7">
-  <source>Application icon for &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Application icon for "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s037f22187581bf8f">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s5d90aeadfcb34286">
-  <source>Execute &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Execute "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="saa25eac2952d918d">
-  <source>Export &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Export "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s64de9eceb8172269">
   <source>Edit device</source>
 </trans-unit>
 <trans-unit id="sc08c153234510246">
-  <source>Update &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; Permissions</source>
+  <source>Update "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" Permissions</source>
 </trans-unit>
 <trans-unit id="s6d25eef21a9e76ba">
-  <source>Open &quot;<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>&quot; permissions modal</source>
+  <source>Open "<x id="0" equiv-text="${this.label || &quot;object&quot;}"/>" permissions modal</source>
 </trans-unit>
 <trans-unit id="sa556d7b744364dcf">
   <source>OCI URL</source>
@@ -9303,10 +9303,10 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>OCI Support</source>
 </trans-unit>
 <trans-unit id="s08d24327ec788e78">
-  <source>Edit &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Edit "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s6f8d15b5494ac41a">
-  <source>Apply &quot;<x id="0" equiv-text="${item.name}"/>&quot; blueprint</source>
+  <source>Apply "<x id="0" equiv-text="${item.name}"/>" blueprint</source>
 </trans-unit>
 <trans-unit id="s85a488cacb57688b">
   <source>Welcome, <x id="0" equiv-text="${username}"/></source>
@@ -9408,7 +9408,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.</source>
 </trans-unit>
 <trans-unit id="sdb3b903354fbfb17">
-  <source>Open &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>Open "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s2e7448caf3df574a">
   <source>Verify Assertion Signature</source>
@@ -9456,16 +9456,16 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Unnamed</source>
 </trans-unit>
 <trans-unit id="s326ee20bba2564a0">
-  <source>Collapse &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Collapse "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="s27df1f36ba8e269f">
-  <source>Expand &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Expand "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf2b5d3236e6f1ab3">
-  <source>Select &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Select "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sb7c2715df863a6ce">
-  <source>Items of &quot;<x id="0" equiv-text="${itemLabel}"/>&quot;</source>
+  <source>Items of "<x id="0" equiv-text="${itemLabel}"/>"</source>
 </trans-unit>
 <trans-unit id="sf6707428adeba590">
   <source>API drawer</source>
@@ -9588,7 +9588,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Group Search</source>
 </trans-unit>
 <trans-unit id="s79683026e49e4866">
-  <source>View details of group &quot;<x id="0" equiv-text="${item.name}"/>&quot;</source>
+  <source>View details of group "<x id="0" equiv-text="${item.name}"/>"</source>
 </trans-unit>
 <trans-unit id="s62dfa9c45cb3025a">
   <source>New Group</source>
@@ -9615,16 +9615,16 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>New service account...</source>
 </trans-unit>
 <trans-unit id="s61e5043203e94d0a">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; normally</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" normally</source>
 </trans-unit>
 <trans-unit id="s02eb960c270a837e">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; as current user</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" as current user</source>
 </trans-unit>
 <trans-unit id="saf579a36a54c92e1">
   <source>Current user</source>
 </trans-unit>
 <trans-unit id="sd149e44e50455923">
-  <source>Execute &quot;<x id="0" equiv-text="${this.flow.name}"/>&quot; with inspector</source>
+  <source>Execute "<x id="0" equiv-text="${this.flow.name}"/>" with inspector</source>
 </trans-unit>
 <trans-unit id="s45c530a48bcf74ad">
   <source>Use inspector</source>
@@ -9813,7 +9813,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>Optional Single Logout Service URL to send logout responses to. If not set, no logout response will be sent.</source>
 </trans-unit>
 <trans-unit id="scbf29ce484222325">
-  <source/>
+  <source></source>
 </trans-unit>
 <trans-unit id="s78869b8b2bc26d0d">
   <source>SAML Provider</source>
@@ -9840,7 +9840,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <source>The user's display name.</source>
 </trans-unit>
 <trans-unit id="s33b2f30214a2e99d">
-  <source>Actions for &quot;<x id="0" equiv-text="${application.name}"/>&quot;</source>
+  <source>Actions for "<x id="0" equiv-text="${application.name}"/>"</source>
 </trans-unit>
 <trans-unit id="sfa660d9e563c346f">
   <source>Edit application...</source>
@@ -9869,4 +9869,4 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
     </body>
   </file>
-</xliff>
+</xliff>

website/docs/releases/2025/v2025.10.md

@@ -85,7 +85,10 @@ An integration is how authentik connects to third-party applications, directorie
 - [Digital Ocean](https://integrations.goauthentik.io/cloud-providers/digitalocean/)
 - [Entra ID SCIM](../../users-sources/sources/social-logins/entra-id/scim/index.mdx)
 - [osTicket](https://integrations.goauthentik.io/infrastructure/osticket/)
+- [Terraform Cloud](https://integrations.goauthentik.io/infrastructure/terraform-cloud/)
 - [Termix](https://integrations.goauthentik.io/infrastructure/termix/)
+- [Zendesk](https://integrations.goauthentik.io/infrastructure/zendesk/)
+- [Zoom](https://integrations.goauthentik.io/chat-communication-collaboration/zoom/)
 
 ## Upgrading
 

website/docs/sys-mgmt/certificates.md

@@ -28,6 +28,10 @@ To download a certificate for SAML configuration:
 2. Navigate to **Applications** > **Providers** and click on the name of the provider.
 3. Click the **Download** button found under **Download signing certificate**. The contents of this certificate will be required when configuring the service provider.
 
+## Certificate recommendations
+
+It is generally not recommended to use short-lived certificates for SAML/OIDC signing operations as the main priority is that the signature is valid. Frequently changing certificates can be problematic as it requires updating configuration in authentik and potentially in connected applications.
+
 ## External certificates
 
 To use externally managed certificates (e.g., from Certbot or HashiCorp Vault), you can use the discovery feature.

website/docs/users-sources/user/invitations.md

@@ -47,3 +47,7 @@ Click **Save** to save the new invitation and close the box and return to the **
 **Step 3. Email the invitation**
 
 On the **Invitations** page, click the chevron beside your new invitation, to expand the details. The **Link to use the invitation** displays with the URL. Copy the URL and send it in an email to the people you want to invite to enroll.
+
+:::info Invitation links validity
+Be aware that when an authentik administrator or any other user creates an invitation link, that link remains valid even if the administrator is deactivated or has permissionss revoked. However, if the user who created the link is deleted and removed from the authentik system, the link is also deleted.
+:::

website/docusaurus-theme/theme/DocSidebarItems/styles.css

@@ -90,4 +90,8 @@
     .theme-doc-sidebar-item-category:has(> .menu__list-item-collapsible:hover) .menu__list {
         --ak-menu-item-border-color: var(--ak-menu-item-color-hover);
     }
+
+    .menu__link.menu__link--active {
+        background-color: transparent;
+    }
 }

website/integrations/chat-communication-collaboration/espo-crm/index.md

@@ -38,9 +38,9 @@ To support the integration of EspoCRM with authentik, you need to create an appl
 - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
 - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
     - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later.
-    - Set a `Strict` redirect URI to <kbd>https://<em>espocrm.company</em>/oauth-callback.php</kbd>.
+    - Set a `Strict` redirect URI to `https://espocrm.company/oauth-callback.php`.
     - Select any available signing key.
-    - Under **Advanced Protocol Settings**, set **Subject mode** to be `Based on the Users's username`.
+    - Under **Advanced protocol settings**, set **Subject mode** to be `Based on the Users's username`.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 
 3. Click **Submit** to save the new application and provider.

website/integrations/chat-communication-collaboration/kimai/index.md

@@ -38,7 +38,7 @@ To support the integration of Kimai with authentik, you need to create an applic
     - Set the **Issuer** to `https://authentik.company`.
     - Set the **Service Provider Binding** to `Post`.
     - Set the **Audience** to `https://kimai.company/auth/saml`.
-    - Under **Advanced protocol settings**, select an available signing certificate.
+    - Under **Advanced protocol settings**, select an available **Signing certificate**.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 
 3. Click **Submit** to save the new application and provider.

website/integrations/chat-communication-collaboration/mautic/index.md

@@ -73,8 +73,7 @@ Because Mautic requires a first name and last name attribute, create two [SAML p
         - Set the **ACS URL** to `https://mautic.company/s/saml/login_check`
         - Set the **Issuer** to `mautic.company`
         - Set the **Service Provider Binding** to `Post`
-        - Under **Advanced protocol settings** set the **Signing Certificate** to `authentik Self-signed Certificate` and check **Sign assertions** and **Sign responses**
-        - Under **Advanced protocol settings** add the newly created property mappings `SAML-FirstName-from-Name` and `SAML-LastName-from-Name` under **Property Mappings**. **Property Mappings**.
+        - Under **Advanced protocol settings**, select an available **Signing certificate**, check **Sign assertions** and **Sign responses**, and add the two **Property Mappings** you created in the previous section.
 3. Click **Submit** to save the new application and provider.
 4. Go to **Applications** > **Providers** and click on `mautic-provider`.
     - Under **Metadata** click on **Download** to save the file as `mautic-provider\_authentik_meta.xml`.

website/integrations/chat-communication-collaboration/nextcloud/index.mdx

@@ -122,7 +122,7 @@ To connect to an existing Nextcloud user, set the `nextcloud_user_id` attribute
         - Note the **Client ID** and **slug** values because they will be required later.
         - Set a `Strict` redirect URI to `https://nextcloud.company/apps/user_oidc/code`.
         - Select any available signing key.
-        - Under **Advanced Protocol Settings**:
+        - Under **Advanced protocol settings**:
             - _(optional)_ If you created the `Nextcloud Profile` scope mapping, add it to **Selected Scopes**.
             - **Subject Mode**: `Based on the User's UUID`
     - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
@@ -210,7 +210,7 @@ If you require [server side encryption](https://docs.nextcloud.com/server/latest
         - Set the **Issuer** to `https://authentik.company`.
         - Set the **Audience** to `https://nextcloud.company/apps/user_saml/saml/metadata`.
         - Set the **Service Provider Binding** to `Post`.
-        - Under **Advanced protocol settings**, set an available signing certificate.
+        - Under **Advanced protocol settings**, set an available **Signing certificate**.
     - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 
 3. Click **Submit** to save the new application and provider.

website/integrations/chat-communication-collaboration/slack/index.md

@@ -51,7 +51,7 @@ To support the integration of Slack with authentik, you need to create an applic
     - Set the **ACS URL** to `https://company.slack.com/sso/saml`.
     - Set the **Issuer** to `https://slack.com`.
     - Set the **Service Provider Binding** to `Post`.
-    - Under **Advanced protocol settings**, add the two **Property Mappings** you created in the previous section, then select a **Signing Certificate**.
+    - Under **Advanced protocol settings**, select an available **Signing certificate** and add the two **Property Mappings** you created in the previous section.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 
 3. Click **Submit** to save the new application and provider.

website/integrations/chat-communication-collaboration/zoom/index.md

@@ -6,7 +6,7 @@ support_level: community
 
 ## What is Zoom
 
-> Zoom is a video conferencing and collaboration platform. It allows users to hold online meetings, webinars, chats, and calls over the internet
+> Zoom is a video conferencing and collaboration platform. It allows users to hold online meetings, webinars, chats, and calls over the internet.
 >
 > -- https://zoom.com/
 

website/integrations/chat-communication-collaboration/zulip/index.md

@@ -36,7 +36,7 @@ To support the integration of Zulip with authentik, you need to create an applic
     - Set the **ACS URL** to `https://zulip.company/complete/saml/`.
     - Set the **Issuer** to `https://authentik.company`.
     - Set the **Service Provider Binding** to `Post`.
-    - Under **Advanced protocol settings**, select an available signing certificate.
+    - Under **Advanced protocol settings**, select an available **Signing certificate**.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 
 3. Click **Submit** to save the new application and provider.

website/integrations/cloud-providers/aws/index.mdx

@@ -126,7 +126,7 @@ To support the integration of AWS with authentik using IAM Identity Center, you
 - **Configure the Provider**: provide a name (or accept the auto-provided name), and configure the following required settings:
     - Upload the metadata file from AWS (obtained in AWS Configuration steps)
     - Copy the **Issuer URL** to the **Audience** field
-    - Under **Advanced Protocol Settings**, set your **Signing Certificate**
+    - Under **Advanced protocol settings**, select an available **Signing certificate**.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 
 3. Click **Submit** to save the new application and provider.

website/integrations/cloud-providers/hashicorp-cloud/index.md

@@ -40,7 +40,7 @@ To support the integration of HashiCorp Cloud with authentik, you need to create
         - Set the **ACS URL** to the value of `SSO Sign-On URL` in the **HashiCorp Cloud preparation** section.
         - Set the **Issuer** and **Audience** to the value of `Entity ID` in the **HashiCorp Cloud preparation** section.
         - Set the **Service Provider Binding** to `Post`.
-        - Under **Advanced protocol settings**, select an available signing certificate.
+        - Under **Advanced protocol settings**, select an available **Signing certificate**.
 3. Click **Submit** to save the new application and provider.
 
 ## HashiCorp Cloud configuration

website/integrations/cloud-providers/ovhcloud/index.md

@@ -32,7 +32,7 @@ To support the integration of OVHcloud with authentik, you need to create an app
             - `https://www.ovhcloud.com/ca/auth/saml/acs` for CA region.
             - `https://us.ovhcloud.com/auth/` for US region.
         - Set the **Service Provider Binding** to `Post`.
-        - Under **Advanced protocol settings**, set an available signing certificate.
+        - Under **Advanced protocol settings**, set an available **Signing certificate**.
 
     - **Configure Bindings** _(optional)_: You can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 

website/integrations/development/engomo/index.mdx

@@ -48,7 +48,7 @@ To support the integration of Engomo with authentik, you need to create an appli
     - Set the **Client type** to `Public`.
     - Add two `Strict` redirect URIs and set them to `https://engomo.company/auth` and `com.engomo.engomo://callback/`.
     - Select any available signing key.
-    - Under **Advanced Protocol Settings**, add the scope you just created to the list of available scopes.
+    - Under **Advanced protocol settings**, add the scope you just created to the list of available scopes.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 
 3. Click **Submit** to save the new application and provider.

website/integrations/development/frappe/index.md

@@ -41,7 +41,7 @@ To support the integration of Frappe with authentik, you need to create an appli
     - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later.
     - Set a `Strict` redirect URI to `https://frappe.company/api/method/frappe.integrations.oauth2_logins.custom/provider`.
     - Select any available signing key.
-    - Under **Advanced Protocol Settings**, set **Subject mode** to be `Based on the Users's username`.
+    - Under **Advanced protocol settings**, set **Subject mode** to be `Based on the Users's username`.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 
 3. Click **Submit** to save the new application and provider.

website/integrations/development/github-enterprise-cloud/index.md

@@ -41,7 +41,7 @@ To support the integration of GitHub Enterprise Cloud with authentik, you need t
     - Set the **Audience** to `https://github.com/enterprises/foo`.
     - Set the **Issuer** to `https://github.com/enterprises/foo`.
     - Set the **Service Provider Binding** to `Post`.
-    - Under **Advanced protocol settings**, select an available signing certificate. It is advised to download this certificate as it will be required later. It can be found under **System** > **Certificates** in the Admin Interface.
+    - Under **Advanced protocol settings**, select an available **Signing certificate**. It is advised to download this certificate as it will be required later. It can be found under **System** > **Certificates** in the Admin Interface.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 
 3. Click **Submit** to save the new application and provider.

website/integrations/development/github-enterprise-emu/index.md

@@ -53,7 +53,7 @@ GitHub will create usenames for your EMU users based on the SAML `NameID` proper
     - Set the **Audience** to `https://github.com/enterprises/foo`.
     - Set the **Issuer** to `https://github.com/enterprises/foo`.
     - Set the **Service Provider Binding** to `Post`.
-    - Under **Advanced protocol settings**, select an available signing certificate. It is advised to download this certificate as it will be required later. It can be found under **System** > **Certificates** in the Admin Interface.
+    - Under **Advanced protocol settings**, select an available **Signing certificate**. It is advised to download this certificate as it will be required later. It can be found under **System** > **Certificates** in the Admin Interface.
     - Under **NameID Property Mapping**, set **NameID Property Mapping** to be based on the `Email` field.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 

website/integrations/development/github-enterprise-server/index.md

@@ -42,7 +42,7 @@ In order to use GitHub Enterprise Server, SCIM must also be set up.
     - Set the **ACS URL** to `https://github.company/saml/consume`.
     - Set the **Audience** and **Issuer** to `https://github.company`.
     - Set the **Service Provider Binding** to `Post`.
-    - Under **Advanced protocol settings**, select an available signing certificate. It is advised to download this certificate as it will be required later. It can be found under **System** > **Certificates** in the Admin Interface.
+    - Under **Advanced protocol settings**, select an available **Signing certificate**. It is advised to download this certificate as it will be required later. It can be found under **System** > **Certificates** in the Admin Interface.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 
 3. Click **Submit** to save the new application and provider.

website/integrations/development/github-organization/index.md

@@ -37,7 +37,7 @@ To support the integration of AWX Tower with authentik, you need to create an ap
     - Set the **Audience** to `https://github.com/orgs/foo`.
     - Set the **Issuer** to `https://github.com/orgs/foo`.
     - Set the **Service Provider Binding** to `Post`.
-    - Under **Advanced protocol settings**, select an available signing certificate. It is advised to download this certificate as it will be required later. It can be found under **System** > **Certificates** in the Admin Interface.
+    - Under **Advanced protocol settings**, select an available **Signing certificate**. It is advised to download this certificate as it will be required later. It can be found under **System** > **Certificates** in the Admin Interface.
 - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
 
 3. Click **Submit** to save the new application and provider.