Add user setup config
This commit is contained in:
parent
66f15b49b2
commit
342ff60b70
7 changed files with 230 additions and 18 deletions
|
|
@ -70,7 +70,168 @@ This guide walks through configuring Authentik as the OAuth2/OIDC identity provi
|
|||
|
||||
7. Click **Submit**
|
||||
|
||||
## Step 4: Verify OIDC Endpoints
|
||||
## Step 4: Enable User Registration (Sign Up)
|
||||
|
||||
By default, Authentik only shows a login form. To allow users to sign up, you need to create an enrollment flow and link it.
|
||||
|
||||
### Step 4.1: Create the Enrollment Prompt Stage
|
||||
|
||||
1. Go to **Flows and Stages** > **Stages**
|
||||
|
||||
2. Click **Create**
|
||||
|
||||
3. Select **Prompt Stage** and click **Next**
|
||||
|
||||
4. Configure:
|
||||
| Field | Value |
|
||||
|-------|-------|
|
||||
| Name | `enrollment-prompt` |
|
||||
|
||||
5. In the **Fields** section, move these to the **Selected** side:
|
||||
- `default-source-enrollment-field-username` (username)
|
||||
- `default-user-settings-field-email` (email)
|
||||
- `default-password-change-field-password` (password)
|
||||
- `default-password-change-field-password-repeat` (password_repeat)
|
||||
|
||||
6. (Optional) In **Validation policies**, select `password-complexity` if you created it in Step 4.2
|
||||
|
||||
7. Click **Finish**
|
||||
|
||||
### Step 4.2: (Optional) Create Password Complexity Policy
|
||||
|
||||
1. Go to **Customisation** > **Policies**
|
||||
|
||||
2. Click **Create** and select **Password Policy**
|
||||
|
||||
3. Configure:
|
||||
| Field | Value |
|
||||
|-------|-------|
|
||||
| Name | `password-complexity` |
|
||||
| Password field | `password` |
|
||||
| Minimum length | `8` |
|
||||
| Amount of uppercase characters | `1` |
|
||||
| Amount of lowercase characters | `1` |
|
||||
| Amount of digits | `1` |
|
||||
|
||||
4. Click **Finish**
|
||||
|
||||
You'll add this to the enrollment prompt stage later.
|
||||
|
||||
### Step 4.3: Create a Group for Kaboot Users
|
||||
|
||||
1. Go to **Directory** > **Groups**
|
||||
|
||||
2. Click **Create**
|
||||
|
||||
3. Configure:
|
||||
| Field | Value |
|
||||
|-------|-------|
|
||||
| Name | `kaboot-users` |
|
||||
|
||||
4. Click **Create**
|
||||
|
||||
### Step 4.4: Create the User Write Stage
|
||||
|
||||
1. Go to **Flows and Stages** > **Stages**
|
||||
|
||||
2. Click **Create**
|
||||
|
||||
3. Select **User Write Stage** and click **Next**
|
||||
|
||||
4. Configure:
|
||||
| Field | Value |
|
||||
|-------|-------|
|
||||
| Name | `enrollment-user-write` |
|
||||
| User creation mode | `Create users when required` |
|
||||
| Create users as inactive | Unchecked |
|
||||
| Group | `kaboot-users` |
|
||||
|
||||
5. Click **Finish**
|
||||
|
||||
### Step 4.5: Create the User Login Stage
|
||||
|
||||
1. Go to **Flows and Stages** > **Stages**
|
||||
|
||||
2. Click **Create**
|
||||
|
||||
3. Select **User Login Stage** and click **Next**
|
||||
|
||||
4. Configure:
|
||||
| Field | Value |
|
||||
|-------|-------|
|
||||
| Name | `enrollment-user-login` |
|
||||
| Session duration | `hours=24` |
|
||||
| Stay signed in offset | `days=30` |
|
||||
| Network binding | `No binding` |
|
||||
| GeoIP binding | `No binding` |
|
||||
|
||||
5. Click **Finish**
|
||||
|
||||
### Step 4.6: Create the Enrollment Flow
|
||||
|
||||
1. Go to **Flows and Stages** > **Flows**
|
||||
|
||||
2. Click **Create**
|
||||
|
||||
3. Configure:
|
||||
| Field | Value |
|
||||
|-------|-------|
|
||||
| Name | `Enrollment Flow` |
|
||||
| Title | `Sign Up` |
|
||||
| Slug | `enrollment-flow` |
|
||||
| Designation | `Enrollment` |
|
||||
| Authentication | `No requirement` |
|
||||
|
||||
4. Click **Create**
|
||||
|
||||
5. Click on the newly created `enrollment-flow`
|
||||
|
||||
6. Go to the **Stage Bindings** tab
|
||||
|
||||
7. Click **Bind existing stage** and add stages in this order:
|
||||
| Stage | Order |
|
||||
|-------|-------|
|
||||
| `enrollment-prompt` | 10 |
|
||||
| `enrollment-user-write` | 20 |
|
||||
| `enrollment-user-login` | 30 |
|
||||
|
||||
### Step 4.7: Bind the Group to the Kaboot Application
|
||||
|
||||
1. Go to **Applications** > **Applications** > **Kaboot**
|
||||
|
||||
2. Go to the **Policy / Group / User Bindings** tab
|
||||
|
||||
3. Click **Bind existing group**
|
||||
|
||||
4. Select `kaboot-users`
|
||||
|
||||
5. Click **Bind**
|
||||
|
||||
Now users in the `kaboot-users` group (which includes all users who sign up) will have access to Kaboot.
|
||||
|
||||
### Step 4.8: Link Enrollment Flow to Login
|
||||
|
||||
1. Go to **Flows and Stages** > **Stages**
|
||||
|
||||
2. Find and click on `default-authentication-identification`
|
||||
|
||||
3. Scroll down to **Flow settings**
|
||||
|
||||
4. In the **Enrollment flow** dropdown, select `enrollment-flow`
|
||||
|
||||
5. Click **Update**
|
||||
|
||||
Now when users visit the login page, they'll see a "Need an account? Sign up." link.
|
||||
|
||||
### Optional: Add Password Recovery
|
||||
|
||||
1. In **Flows and Stages** > **Stages** > `default-authentication-identification`
|
||||
|
||||
2. Set **Recovery flow** to `default-recovery-flow` (if it exists)
|
||||
|
||||
3. Click **Update**
|
||||
|
||||
## Step 5: Verify OIDC Endpoints
|
||||
|
||||
After creation, go to **Applications** > **Providers** > **Kaboot OAuth2**
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue