eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-27 18:07:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7fcfb7e67d5df3e8a8a5da170f18fa4c6b98731
authentik/website/docs/endpoint-devices/authentik-agent/index.mdx
Dominic R e056dbdadd website/docs, integrations: fix language (#20338)
2026-02-17 09:03:07 +00:00

54 lines
4.3 KiB
Plaintext
Raw Blame History

---
title: authentik Agent
sidebar_label: authentik Agent
---
import DocCardList from "@theme/DocCardList";
## What is the authentik Agent?
The authentik Agent is a service that can be installed on Linux, macOS, and Windows devices. It provides the following capabilities:
- [Device Compliance](../device-compliance/index.mdx) by reporting information about Endpoint Devices to authentik
- [Local device login](./device-authentication/local-device-login/index.mdx) with authentik credentials
- [Connecting via SSH to Endpoint Devices](./device-authentication/ssh-authentication.mdx) with authentik credentials
- [Authenticating to CLI applications](./device-authentication/cli-app-authentication/index.mdx) such as kubectl and AWS with authentik credentials
## authentik Agent components
The authentik Agent consists of several components:
| Platform | Component | Description | Dependencies |
| ------------------------- | ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- |
| **Linux, macOS, Windows** | `authentik-cli` | Provides CLI commands for interacting with `authentik-agent`. | `authentik-agent` |
| **Linux, macOS, Windows** | `authentik-agent` | Authentication within a users' context, for CLI tools. | `authentik-sysd` |
| **Linux, macOS, Windows** | `authentik-sysd` | Responsible for handling device-level authentication and compliance checks. | None |
| **Linux only** | `libpam-authentik` | PAM Module for token-based and interactive authentication via authentik. Used for [SSH authentication](./device-authentication/ssh-authentication.mdx) and [local device login](./device-authentication/local-device-login/index.mdx). | `authentik-sysd` |
| **Linux only** | `libnss-authentik` | NSS Module that makes Linux aware of authentik users. All authentik users will be visible to Linux - but won't be able to login unless configured via device access groups. Provides a consistent `uid` and `gid` for users on all Endpoint Devices. | `authentik-sysd` |
| **Windows only** | `Windows Credential Provider` (WCP) | Enables logging in to Windows devices using authentik credentials. | `authentik-sysd` |
## Technical information
All authentik Agent components communicate via gRPC and Unix domain sockets/Windows named pipes.
**Linux**: `/var/run/authentik/sys.sock` and `/var/run/authentik/sys-ctrl.sock`
**macOS**: `/var/run/authentik-sysd.sock` and `/var/run/authentik-sysd-ctrl.sock`
**Windows**: `\\.\pipe\authentik\sysd` and `\\.\pipe\authentik\sysd-ctrl`
- `sys.sock`/`*sysd.sock` for general communication
- `*-ctrl.sock` for domain join
## Important considerations
Sentry reporting is currently enabled by default and cannot be disabled. This will be configurable in a future release.
## Reporting issues
Please report issues and bugs via the [authentik Platform GitHub repository](https://github.com/goauthentik/platform).
## More information
For more information, refer to each of the topics below:
<DocCardList />
Reference in New Issue View Git Blame Copy Permalink