eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-27 18:07:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7fcfb7e67d5df3e8a8a5da170f18fa4c6b98731
authentik/website/integrations/media/emby/index.md
Teffen Ellis 6ed5cb5249 website/docs: Modal and wizard button labels (#21549) 
* website/integrations: rename "Create with Provider" to "New Application"

The application list page now uses a split-button labeled
"New Application" instead of the old "Create with Provider" dropdown.
Update all 113 integration guides to match.

* website/docs: update flow, stage, and policy button labels

- "Create" → "New Flow", "New Stage", "New Policy" for trigger buttons
- "Finish" → "Create Flow", "Create Stage", "Create Policy" for submit
- "Create and bind stage" → "New Stage" / "Bind Existing Stage"
- "Create" (binding submit) → "Create Stage Binding"

* website/docs: update provider button labels

- "Create" → "New Provider" for trigger buttons
- "Create with Provider" → "New Application" in RAC docs
- "Create" → "New Property Mapping", "New RAC Endpoint", "New Prompt"
  for related entity creation

* website/docs: update directory button labels

- "Create" → "New Source" for federation/social login pages
- "Create" → "New Role", submit → "Create Role"
- "Create" → "New Invitation"
- Policy binding submit → "Create Policy Binding"

* website/docs: update endpoint device and system management button labels

- "Create" → "New Endpoint Connector", "New Enrollment Token",
  "New Device Access Group", "New Flow"
- Submit → "Create Device Access Group"
- "Create" → "New Notification Rule", "New Notification Transport"
- Binding submit → "Create Policy Binding"

* Reorganize policy documentation

* website/docs: address policy docs review feedback

* post-rebase

* website/docs: Reorganize policy documentation -- Revisions (#21601)

* apply suggestions

* Fix escaped.

* Fix whitespace.

* Update button label.

* Fix phrasing.

* Fix phrasing.

* Clean up stragglers.

* Format.

---------

Co-authored-by: Dominic R <dominic@sdko.org>
2026-04-16 17:35:38 +00:00

6.1 KiB
Raw Blame History

title, sidebar_label, support_level
title sidebar_label support_level
Integrate with Emby Emby community

What is Emby

Emby is a media management and streaming platform for movies, TV shows, and music that allows you to organize and stream your personal media collection.

-- https://emby.media/

:::info An Emby Premiere subscription is required for LDAP authentication to work via the official plugin. :::

Preparation

The following placeholders are used in this guide:

  • emby.company is the FQDN of your Emby installation.
  • authentik.company is the FQDN of your authentik installation.
  • ldap.company is the FQDN of your LDAP outpost.
  • dc=company,dc=com is the Base DN of your LDAP provider.
  • ldap_service_account is the name of the Service Account used for LDAP binding.
  • emby_users is the name of the authentik group containing users who should have access to Emby.

:::info This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. :::

authentik configuration

LDAP provider configuration

  1. Log in to authentik as an administrator and open the authentik Admin interface.

  2. Navigate to Applications > Applications and click New Application to open the application wizard.

    • Application: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
    • Choose a Provider type: select LDAP Provider as the provider type.
    • Configure the Provider: provide a name (or accept the auto-provided name) and the authorization flow to use for this provider.
    • Configure Bindings (optional): you can create a binding (policy, group, or user) to manage the listing and access to applications on a user's My applications page.

  3. Click Submit to save the new application and provider.

LDAP outpost setup

Emby requires an LDAP outpost to authenticate users. Follow the LDAP outpost documentation to create and configure an LDAP outpost for your environment.

Add application to outpost

  1. From the authentik Admin interface, navigate to Applications > Outposts and click the Edit icon next to your LDAP outpost.
  2. Then, from the Available Applications list, select your new application/provider pair and click the single right arrow to move it to the selected list.
  3. Click Update.

Service account creation

Create a dedicated service account for Emby LDAP authentication by following the "Creating a service account" documentation. Once created, generate and copy the token for use in the Emby configuration. Create a dedicated service account for Emby LDAP authentication by following the instructions in "Creating a service account" documentation. After the service account is created, generate and copy the token from the account; the token is required for the Emby configuration.

Group creation

  1. Log in to the authentik Admin interface as an administrator and navigate to Directory > Groups.
  2. Click Create to add a new group, then set the Name field to emby_users and click Create.
  3. Then, click on the newly created emby_users group and click Add existing user to assign users who should have access to Emby by navigating to the Users tab.

Emby configuration

  1. Access your Emby server and log in using the administrator account or the currently configured local administrator credentials.

  2. Click the cog icon (settings) located at the top right corner of the screen to access the dashboard settings.

  3. Navigate to the Plugins section and click Catalog at the top of the page.

  4. Find and install the "LDAP Authentication" plugin. Restart Emby if prompted to complete the installation.

  5. After installation, return to the plugins section and click on the "LDAP Authentication" plugin to open its settings.

  6. Configure the LDAP Settings as follows:

    • LDAP server address: ldap.company
    • LDAP server Port number: 636
    • Enable SSL: Checked
    • SSL certificate thumbprint (SHA1): Paste the SHA1 Fingerprint of your LDAP outpost certificate. This can be found in your authentik instance under System > Certificates.
    • Bind DN: cn=ldap_service_account,ou=users,dc=company,dc=com
    • Bind credentials: Enter the token you copied when creating your service account.
    • User search base: The base DN for LDAP queries. To query all users, set this to dc=company,dc=com. You can also specify an Organizational Unit (OU) if you organize your users into different OUs and want to query only a specific one, for example: ou=employees,dc=company,dc=com
    • User Search Filter: This setting determines which users are allowed to log in:
      • Allowing All Users: (&(objectClass=user)(cn={0})) permits all users to log in.
      • Allowing Specific Group Members: (&(objectClass=user)(memberOf=cn=emby_users,ou=groups,dc=company,dc=com)(cn={0})) restricts access to members of the specified group.

  7. Click Save to apply your configuration.

Configuration Verification

Log out of Emby and attempt to log back in using your LDAP credentials from authentik. Logging in with an email address isn't supported, therefore use your username.

Troubleshooting

If you encounter login issues, verify your LDAP search filter configuration and check the Emby server logs for authentication errors. You can also test your LDAP configuration using ldapsearch as described in the authentik LDAP troubleshooting documentation.

Resources

Reference in New Issue View Git Blame Copy Permalink