--- title: authentik Agent sidebar_label: authentik Agent --- import DocCardList from "@theme/DocCardList"; ## What is the authentik Agent? The authentik Agent is a service that can be installed on Linux, macOS, and Windows devices. It provides the following capabilities: - [Device Compliance](../device-compliance/index.mdx) by reporting information about Endpoint Devices to authentik - [Local device login](./device-authentication/local-device-login/index.mdx) with authentik credentials - [Connecting via SSH to Endpoint Devices](./device-authentication/ssh-authentication.mdx) with authentik credentials - [Authenticating to CLI applications](./device-authentication/cli-app-authentication/index.mdx) such as kubectl and AWS with authentik credentials ## authentik Agent components The authentik Agent consists of several components: | Platform | Component | Description | Dependencies | | ------------------------- | ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | | **Linux, macOS, Windows** | `authentik-cli` | Provides CLI commands for interacting with `authentik-agent`. | `authentik-agent` | | **Linux, macOS, Windows** | `authentik-agent` | Authentication within a users' context, for CLI tools. | `authentik-sysd` | | **Linux, macOS, Windows** | `authentik-sysd` | Responsible for handling device-level authentication and compliance checks. | None | | **Linux only** | `libpam-authentik` | PAM Module for token-based and interactive authentication via authentik. Used for [SSH authentication](./device-authentication/ssh-authentication.mdx) and [local device login](./device-authentication/local-device-login/index.mdx). | `authentik-sysd` | | **Linux only** | `libnss-authentik` | NSS Module that makes Linux aware of authentik users. All authentik users will be visible to Linux - but won't be able to login unless configured via device access groups. Provides a consistent `uid` and `gid` for users on all Endpoint Devices. | `authentik-sysd` | | **Windows only** | `Windows Credential Provider` (WCP) | Enables logging in to Windows devices using authentik credentials. | `authentik-sysd` | ## Technical information All authentik Agent components communicate via gRPC and Unix domain sockets/Windows named pipes. **Linux**: `/var/run/authentik/sys.sock` and `/var/run/authentik/sys-ctrl.sock` **macOS**: `/var/run/authentik-sysd.sock` and `/var/run/authentik-sysd-ctrl.sock` **Windows**: `\\.\pipe\authentik\sysd` and `\\.\pipe\authentik\sysd-ctrl` - `sys.sock`/`*sysd.sock` for general communication - `*-ctrl.sock` for domain join ## Important considerations Sentry reporting is currently enabled by default and cannot be disabled. This will be configurable in a future release. ## Reporting issues Please report issues and bugs via the [authentik Platform GitHub repository](https://github.com/goauthentik/platform). ## More information For more information, refer to each of the topics below: