d1d38edb50
* rework mtls stage to be more modular Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sync fleet conditional access CA to authentik Signed-off-by: Jens Langhammer <jens@goauthentik.io> * save host uuid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial stage impl Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add fixtures & tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add lookup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate to parsing mobileconfig Signed-off-by: Jens Langhammer <jens@goauthentik.io> * directly use stage_invalid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * test team mapping Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix endpoint test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Add document for this. Update sidebar. * Doc improvement * Add note about Fleet licensing Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * re-fix tests after mtls traefik encoding change Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Add info about fleet and device config. Add link from fleet connector doc. --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2.7 KiB
title, sidebar_label, tags, authentik_enterprise, authentik_version
| title | sidebar_label | tags | authentik_enterprise | authentik_version | |||||
|---|---|---|---|---|---|---|---|---|---|
| Fleet connector | Fleet connector |
|
true | 2026.2.0 |
Fleet is an open-source device management platform designed to monitor, manage, and secure large fleets of devices.
The Fleet connector reports device information from your Fleet deployment, and optionally auto-assigns users to devices.
Preparation
- Take note of your Fleet Server URL, which is typically the URL used to access your Fleet instance. Alternatively, you can find the URL by logging in to the Fleet admin panel and navigating to Settings > Organization settings > Fleet web address.
- Follow the Fleet documentation for creating an API-only user and take note of its API key.
:::warning No user API keys Do not use an API key from a normal user because these keys expire. :::
Configure the Fleet connector
Follow these instructions to configure the Fleet connector in authentik:
- Log in to authentik as an administrator and open the authentik Admin interface.
- Navigate to Endpoint Devices > Connectors and click New Endpoint Connector.
- Select Fleet Connector as the connector type, click Next, and configure the following settings:
- Connector name: provide a descriptive name for the connector.
- Fleet Server URL: enter your Fleet web address URL.
- Fleet API Token: enter the API key of an API-only user.
- Map users: enable if you want users associated with the device in Fleet to be automatically given access to the device via the authentik Agent.
- Map teams to device access group: enable if you want groups associated with the device in Fleet to be automatically mapped to a device access group and given access to the device via the authentik Agent.
- Click Finish.
:::note The Map teams to device access group setting will not detect changes to a device's groups membership in Fleet. If the device's groups change, you will need to manually configure a device access group. :::
After creating the connector, it can be used in the Endpoint Stage. Refer to Fleet conditional access and Device compliance policy for more information on using device facts from the connector in a flow.