eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-27 09:57:31 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7fcfb7e67d5df3e8a8a5da170f18fa4c6b98731
authentik/website/docs/add-secure-apps/providers/rac/rac_credentials_prompt.md
Teffen Ellis 6ed5cb5249 website/docs: Modal and wizard button labels (#21549) 
* website/integrations: rename "Create with Provider" to "New Application"

The application list page now uses a split-button labeled
"New Application" instead of the old "Create with Provider" dropdown.
Update all 113 integration guides to match.

* website/docs: update flow, stage, and policy button labels

- "Create" → "New Flow", "New Stage", "New Policy" for trigger buttons
- "Finish" → "Create Flow", "Create Stage", "Create Policy" for submit
- "Create and bind stage" → "New Stage" / "Bind Existing Stage"
- "Create" (binding submit) → "Create Stage Binding"

* website/docs: update provider button labels

- "Create" → "New Provider" for trigger buttons
- "Create with Provider" → "New Application" in RAC docs
- "Create" → "New Property Mapping", "New RAC Endpoint", "New Prompt"
  for related entity creation

* website/docs: update directory button labels

- "Create" → "New Source" for federation/social login pages
- "Create" → "New Role", submit → "Create Role"
- "Create" → "New Invitation"
- Policy binding submit → "Create Policy Binding"

* website/docs: update endpoint device and system management button labels

- "Create" → "New Endpoint Connector", "New Enrollment Token",
  "New Device Access Group", "New Flow"
- Submit → "Create Device Access Group"
- "Create" → "New Notification Rule", "New Notification Transport"
- Binding submit → "Create Policy Binding"

* Reorganize policy documentation

* website/docs: address policy docs review feedback

* post-rebase

* website/docs: Reorganize policy documentation -- Revisions (#21601)

* apply suggestions

* Fix escaped.

* Fix whitespace.

* Update button label.

* Fix phrasing.

* Fix phrasing.

* Clean up stragglers.

* Format.

---------

Co-authored-by: Dominic R <dominic@sdko.org>
2026-04-16 17:35:38 +00:00

5.2 KiB
Raw Blame History

title
title
RAC Credentials Prompt

About the RAC credentials prompt

You can configure the RAC provider to prompt users for their credentials when connecting to RAC endpoints. This is particularly useful for establishing RDP connections to modern Windows systems that often require credentials to establish a connection.

After implementing this configuration, when connecting to an RAC endpoint users are prompted to enter their credentials which are then passed to the RAC endpoint. This means that static credentials do not need to be set in the RAC provider, property mapping, or endpoint.

This configurations requires:

  1. Creating an authorization flow.
  2. Creating two prompts.
  3. Creating and binding a prompt stage.
  4. Updating the RAC provider.

Create a new authorization flow

  1. Log in to authentik as an administrator and open the authentik Admin interface.
  2. Navigate to Flows and Stages > Flows, click New Flow, and enter the following required settings:
    • Name: Enter a descriptive name for the flow.
    • Title: Enter a title for the flow. This will be displayed to users when they're prompted for their credentials.
    • Slug: Enter a slug for the flow. This will be displayed in the flow URL.
    • Designation: Authorization
    • Authentication: Require authentication
  3. Click Create.

Create prompts

  1. Log in to authentik as an administrator and open the authentik Admin interface.
  2. Navigate to Flows and Stages > Prompts, click New Prompt, and enter the following required settings:
    • Name: Enter a descriptive name for the prompt (e.g. username).
    • Field Key: connection_settings.username
    • Label: Enter a label for the field which will be displayed above it.
    • Type: Text
    • Required: Toggled on.
    • Order: 0
  3. Click Create Prompt to save the prompt.
  4. On the Prompts page, click New Prompt again, and enter the following required settings:
    • Name: Enter a descriptive name for the prompt (e.g. password).
    • Field Key: connection_settings.password
    • Label: Enter a label for the field which will be displayed above it.
    • Type: Password
    • Required: Toggled.
    • Order: 1
  5. Click Create to save the prompt.

:::info You can optionally add other prompt fields such as domain (e.g. connection_settings.domain), which can be useful for Windows based RDP. There is also the option of adding a Text (read-only) type prompt field that includes explanatory text for the user (e.g. please enter your RDP credentials). :::

Create and bind a prompt stage

  1. Log in to authentik as an administrator and open the authentik Admin interface.
  2. Navigate to Flows and Stages > Flows.
  3. Click the name of the newly created authorization flow.
  4. Click on Stage bindings, click New Stage, and enter the following required settings:
    • Select Type: Select Prompt stage as the prompt type.
    • Create Prompt Stage:
      • Name: Enter a name for the prompt stage.
      • Under Fields:
        • Click the x icon to remove all selected fields.
        • Add the two newly created prompt fields (e.g.username and password) to selected fields.
      • Under Validation Policies:
        • Click the x icon to remove all selected validation policies.
    • Create binding:
      • Click Finish.

Update the RAC provider

  1. Log in to authentik as an administrator and open the authentik Admin interface.
  2. Navigate to Applications > Providers.
  3. Click the Edit icon of the RAC provider that you wish to add a credentials prompt to.
  4. Change Authorization flow to the newly created authorization flow.
  5. Click Update to save the change.

Update the RAC endpoint (sometimes required)

Depending on the configuration of the RDP server that's being connected to, it is sometimes necessary to set the security type that's used for the connection. For many modern windows RDP servers, this often needs to be set to tls.

  1. Log in to authentik as an administrator and open the authentik Admin interface.
  2. Navigate to Applications > Providers and click the name of the RAC provider that you're using.
  3. Under Endpoints, click the Edit icon of the endpoint that you're using.
  4. Under Advanced Settings in the Settings box, enter security: tls
  5. Click Update to save the change.

:::info Other options for the connection security type are: any, nla, nla-ext, vmconnect, and rdp. For more information see the Guacamole RDP Authentication and Security Documentation. :::

Configuration verification

Log in to authentik with a user account that has the required privileges to access the RAC application. Open the User interface, and on the My applications page click the RAC application. You should then be redirected to the prompt stage and prompted for a username and password. Enter the credentials for the RAC endpoint and if the credentials are valid the RDP/SSH/VNC connection should be established.

Reference in New Issue View Git Blame Copy Permalink