eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-28 02:18:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7fcfb7e67d5df3e8a8a5da170f18fa4c6b98731
authentik/website/docs/customize/blueprints/v1/models.mdx
Teffen Ellis 6ed5cb5249 website/docs: Modal and wizard button labels (#21549) 
* website/integrations: rename "Create with Provider" to "New Application"

The application list page now uses a split-button labeled
"New Application" instead of the old "Create with Provider" dropdown.
Update all 113 integration guides to match.

* website/docs: update flow, stage, and policy button labels

- "Create" → "New Flow", "New Stage", "New Policy" for trigger buttons
- "Finish" → "Create Flow", "Create Stage", "Create Policy" for submit
- "Create and bind stage" → "New Stage" / "Bind Existing Stage"
- "Create" (binding submit) → "Create Stage Binding"

* website/docs: update provider button labels

- "Create" → "New Provider" for trigger buttons
- "Create with Provider" → "New Application" in RAC docs
- "Create" → "New Property Mapping", "New RAC Endpoint", "New Prompt"
  for related entity creation

* website/docs: update directory button labels

- "Create" → "New Source" for federation/social login pages
- "Create" → "New Role", submit → "Create Role"
- "Create" → "New Invitation"
- Policy binding submit → "Create Policy Binding"

* website/docs: update endpoint device and system management button labels

- "Create" → "New Endpoint Connector", "New Enrollment Token",
  "New Device Access Group", "New Flow"
- Submit → "Create Device Access Group"
- "Create" → "New Notification Rule", "New Notification Transport"
- Binding submit → "Create Policy Binding"

* Reorganize policy documentation

* website/docs: address policy docs review feedback

* post-rebase

* website/docs: Reorganize policy documentation -- Revisions (#21601)

* apply suggestions

* Fix escaped.

* Fix whitespace.

* Update button label.

* Fix phrasing.

* Fix phrasing.

* Clean up stragglers.

* Format.

---------

Co-authored-by: Dominic R <dominic@sdko.org>
2026-04-16 17:35:38 +00:00

205 lines
5.1 KiB
Plaintext
Raw Blame History

# Models
Some models behave differently and allow for access to different API fields when created via blueprint.
## `authentik_core.token`
### `key`
Via the standard API, a token's key cannot be changed, it can only be rotated. This is to ensure a high entropy in its key, and to prevent insecure data from being used. However, when provisioning tokens via a blueprint, it may be required to set a token to an existing value.
With blueprints, the field `key` can be set, to set the token's key to any value.
For example:
```yaml
# [...]
- model: authentik_core.token
state: present
identifiers:
identifier: my-token
attrs:
key: this-should-be-a-long-value
user: !KeyOf my-user
intent: api
```
## `authentik_core.user`
### `password`
Via the standard API, a user's password can only be set via the separate `/api/v3/core/users/<id>/set_password/` endpoint. In blueprints, the password of a user can be set using the `password` field.
Keep in mind that if an LDAP Source is configured and the user maps to an LDAP user, this password change will be propagated to the LDAP server.
For example:
```yaml
# [...]
- model: authentik_core.user
state: present
identifiers:
username: test-user
attrs:
name: test user
password: this-should-be-a-long-value
```
### `permissions`
The `permissions` field can be used to set global permissions for a user. A full list of possible permissions is included in the JSON schema for blueprints.
For example:
```yaml
# [...]
- model: authentik_core.user
identifiers:
username: test-user
attrs:
permissions:
- authentik_blueprints.view_blueprintinstance
```
## `authentik_core.application`
### `icon`
Application icons can be directly set to URLs with the `icon` field.
For example:
```yaml
# [...]
- model: authentik_core.application
identifiers:
slug: my-app
attrs:
name: My App
icon: https://goauthentik.io/img/icon.png
```
## `authentik_sources_oauth.oauthsource`, `authentik_sources_saml.samlsource`, `authentik_sources_plex.plexsource`
### `icon`
Source icons can be directly set to URLs with the `icon` field.
For example:
```yaml
# [...]
- model: authentik_sources_oauth.oauthsource
identifiers:
slug: my-source
attrs:
name: My source
icon: https://goauthentik.io/img/icon.png
```
## `authentik_flows.flow`
### `icon`
Flow backgrounds can be directly set to URLs with the `background` field.
For example:
```yaml
# [...]
- model: authentik_flows.flow
identifiers:
slug: my-flow
attrs:
name: my-flow
title: My flow
designation: authentication
background: https://goauthentik.io/img/icon.png
```
## `authentik_rbac.role`
### `permissions`
The `permissions` field can be used to set global permissions for a role. A full list of possible permissions is included in the JSON schema for blueprints.
For example:
```yaml
# [...]
- model: authentik_rbac.role
identifiers:
name: test-role
attrs:
permissions:
- authentik_blueprints.view_blueprintinstance
```
## `authentik_stages_invitation.invitation`:ak-version[2025.12]
The `created_by` field can be set to a user. If no value is given, the internal hidden anonymous user is used.
For example:
```yaml
# [...]
- model: authentik_stages_invitation.invitation
identifiers:
name: test-invitation
attrs:
created_by: !Find [authentik_core.user, [username, "my-admin-user"]]
```
## `authentik_policies.policybinding`
### Required fields
Each PolicyBinding entry must have **exactly one** of the following set in `attrs`:
- `policy`: Reference to a Policy object
- `group`: Reference to a Group object
- `user`: Reference to a User object
Setting none or multiple in a single binding will cause validation errors. However, you can create multiple separate bindings to the same target with different `order` values.
Example with multiple bindings to the same application:
```yaml
# Bind a policy
- model: authentik_policies.policybinding
identifiers:
target: !Find [authentik_core.application, [slug, my-app]]
order: 0
attrs:
policy: !Find [authentik_policies.expression.expressionpolicy, [name, my-policy]]
# Bind a group to the same application
- model: authentik_policies.policybinding
identifiers:
target: !Find [authentik_core.application, [slug, my-app]]
order: 1
attrs:
group: !Find [authentik_core.group, [name, admins]]
```
## `authentik_endpoints_connectors_agent.enrollmenttoken`
### `key`
Via the standard API, a token's key cannot be changed, it can only be rotated. This is to ensure a high entropy in its key, and to prevent insecure data from being used. However, when provisioning enrollment tokens via a blueprint, it may be required to set a token to an existing value.
With blueprints, the field `key` can be set, to set the enrollment token's key to any value.
For example:
```yaml
# [...]
- model: authentik_endpoints_connectors_agent.enrollmenttoken
state: present
identifiers:
name: my-token
attrs:
key: this-should-be-a-long-value
connector: !KeyOf connector
```
Reference in New Issue View Git Blame Copy Permalink