2 ай бұрын
3 ай бұрын
4 ай бұрын
5 ай бұрын
6 ай бұрын
6 ай бұрын
9 ай бұрын
9 ай бұрын
11 ай бұрын
11 ай бұрын
Жыл бұрын
Жыл бұрын
Жыл бұрын
Пікірлер
@fragdq 4 күн бұрын
I came here because other methods had that issue with being able to login with 2FA codes only. But this one here doesnt work at all on Firefox/Linux and also not on Android. It doesnt even give an option to use the key with NFC, only USB, on the phone. And Firefox doesnt even show the buttonf or security key. Works only in chromium based browsers. Which is a big bummer.(the other methods work though, android and Firefox, but have the issue with 2FA code login only without any password.) Thanks for the video tho!
@eikeimnetz 6 күн бұрын
well explained! I just had to watch it and do it afterwards, fantastic
@cooptonian 5 күн бұрын
Thanks!
@IroaEdit 7 күн бұрын
I will try this :) I am scare as hell about this . But now it looks so easy . What about security ? Any known issuess or exploits how to bypass authentik ? I would be super careful about this . But as the first layer of security , this is great
@cooptonian 7 күн бұрын
It's pretty robust and the dev team put out updates whenever major CVEs arise. That said NOTHING is 100% but authentik is definitely good. Essentially, if none of your services are exposed with an alternate external URL and only reachable through authentik you should be golden...if authentik goes offline, either you're doing maintenance or some weird crash, your protected services are near impossible to reach unless you have some other vulnerability in firewall rules or something.
@marcelinoartstudio6083 8 күн бұрын
Create Video, the only person giving complete information on the APP and getting around the "ALL COVER Mode". Thank you!
@cooptonian 7 күн бұрын
You're welcome! Glad it was helpful!
@upuldi 8 күн бұрын
great stuff.
@cooptonian 7 күн бұрын
Thanks!
@nightmarenova6748 9 күн бұрын
To those having a problem with the nginx custom config, here is the fix that i found on github : Create http_top.conf in data/nginx/custom (create custom folder in data/nginx/ if it doesn't exist) Add following code to the file: map $http_upgrade $connection_upgrade { default upgrade; '' close; } restart nginx remove the lines from top of authentik Nginx template that have this code # Upgrade WebSocket if requested, otherwise use keepalive map $http_upgrade $connection_upgrade_keepalive { default upgrade; '' ''; } Update the line: proxy_set_header Connection $connection_upgrade_keepalive; To proxy_set_header Connection $connection_upgrade;
@jaygreentree4394 9 күн бұрын
For nginx proxy manager do you point all subdomains to that ip? When I tried this route it does not work partly due to using DSL. However if I use cloudflared for all the subdomains and skip npm it works.
@cooptonian 7 күн бұрын
Well in Cloudflare I have my A record pointing to my public IP. All my CNAMEs (subdomains) I have pointing to my A record. The public IP is allowed through my gateway to pass onto the host running NPM which then routes traffic to the correct services. But yes, in Cloudflare all subdomains essentially point to the same (public) IP...in NPM all subdomains point to their respective internal host IPs/Ports. When you say DSL, you mean your ISP is DSL? In any case, for public IPs that change often I use the cloudflareddns to automatically update the A record IP at Cloudflare.
@dougbeard7624 11 күн бұрын
Here's another spot I find disappointing. Rather than requiring leveraging Authentik's IP address, shouldn't Authentik be capable of sniffing the client's IP address for a local determination? Private IP = Local. I'm puzzled by some of these choices.
@radhiyahwilliams829 15 күн бұрын
Hi, I was wondering is it possible to have a custom template that overrides the default login? Example i was to change the layout and have custom content on that login screen. If i have a custom template how does it override the default view?
@cooptonian 15 күн бұрын
...it sounds like you want to customize far more than what authentik allows for via their menus... For this, you will have to use Cascading Style Sheets (CSSC... There are a few people in the discord that have done this, however, I have not so have limited knowledge on it... That, or since it is open-source, fork the repo edit the html and rebuild it for your case...
@radhiyahwilliams829 14 күн бұрын
@@cooptonian Thank you for your response, appreciate it. Would it possible in this case instead of forking the repo and edit the HTML can i not create the login in HTML and use the API's to either login/create user?
@cooptonian 14 күн бұрын
@@radhiyahwilliams829 yes, that is viable as well!
@jaygreentree4394 18 күн бұрын
You can get a free portainer business license for 3 or 5 instances. Mine was 5 instances because I have had mine since they began the offer.
@wowyijiu 19 күн бұрын
Open the admin interface is see the Authentik logo flash before the custom logo。Have you ever encountered this problem?
@cooptonian 18 күн бұрын
No I haven't...is it possibly cached? Try a different browser or private mode...different device...see if the behavior is the same across the board
@LucasRey1972 20 күн бұрын
Thank you very much for your video, they are superb, especially because you always point to the original documentation where we can go into details just in case something will be different (e.g. new app version with different features). You have a new subscriber :)
@cooptonian 20 күн бұрын
Glad you like them!
@scottgorsuch629 28 күн бұрын
When I added the nginx-proxy-manager snippet into the advanced section it immediately makes my application "offline." Have you seen this behavior? I'm on 2024.6.1 and there are some subtle differences, but I can't seem to figure out why that snippet takes the application offline?
@cooptonian 27 күн бұрын
Yup, I sure have...I made a post about it in the discord that I pasted below: "It might just be me, however, in case this can help anyone else... Do you use Nginx Proxy Manager? Did you just upgrade to authentik v2024.4.x from v2024.2.3 or older? Did you create a new app and provider in your recently upgraded authentik instance? Do you find that when you copy, paste, and adjust the proxy_pass NPM code from your provider in authentik into the advance tab of your proxy host in NPM it instantly goes offline? Well, I found that if you copy/paste the older code block from authentik 2024.2.3 (or any of your existing proxy host that are working) you should be good. I think most won't notice an issue with their current setups (because of their pre-existing/older code block already in NPM) when they upgrade authentik; it's only when you create a new proxy host in NPM will you notice this issue when copying the newer code block."
@scottgorsuch629 26 күн бұрын
@@cooptonian Thanks, tried that snippet but still no luck.
@scottgorsuch629 26 күн бұрын
Fixed it... couldn't use the dns name for authentik in proxy pass, had to do ip:port.
@cooptonian 25 күн бұрын
great you figured it out!
@slimygaming7712 22 күн бұрын
@@cooptonian I can't thank you enough, 2024.2.3 worked perfectly. I was searching in around for hours wondering why the code it provides kept turning everything offline. You're a life saver.
@Sunny13700 29 күн бұрын
password policy with static rule seems to not work as expected. I cannot change the password. Any idea ?
@painy3248 29 күн бұрын
Would you be able to force MFA only for admin users?
@cooptonian 28 күн бұрын
Yes, you can do this with a policy
@popers83 Ай бұрын
Thanks for the guide! Works perfectly! This is what I've been looking for all morning :)
@cooptonian Ай бұрын
You're welcome!
@eric4903 Ай бұрын
Neat to see an update and official collaboration. Been running Authentik for over a year and would have been lost without your (videos) help.
@cooptonian Ай бұрын
Thanks, glad you find the videos a benefit!
@ChrisDePasqualeNJ Ай бұрын
You were the first to do Authentik on KZfaq and are still the best at providing step by step tutorials. Can you maybe look into doing a video on back up and restore - like Disaster Recovery? Just a thought. Thank you,
@jakekosmala Ай бұрын
its just moves the leaves around, dont see sucking any of them
@cooptonian Ай бұрын
It may seem like it, however, a full clean cycle gets the job done.
@skinwalker_ Ай бұрын
I think this saved me 30 grey hairs and a day of stress... You are a legend for posting this. Thank you
@sandromar111 Ай бұрын
Hello, is it possible to use telegram instead? Thank you so much
@nykmlee11 Ай бұрын
Aiper is world's top least reliable pool robot. I bought 3kinds($850, $380, $350), but they are no working after one year. Aiper robot life is one year. So I bought seauto one month ago. This price is just 30% than Aiper and much nicer!!!
@basdfgwe Ай бұрын
I think I must be doing something wrong, when I paste the information into the NPM (advanced) the proxy host goes offline. I tried having a closer look at your screen and it looks like the script that is provided by authentic is different for me. Nginx complains that map, or unknown "connection_upgrade_keepalive" - looking at google there are posts suggesting to edit the nginx conf files which I'm not sure is the right path..
@cooptonian Ай бұрын
I'm not sure if you're in the discord channel, however, I posted a workaround for this linked here: discord.com/channels/809154715984199690/809154716507963434/1237846892138856559 In short, copy the code from older version of authentik or if you already have an existing service working on latest version, copy that code and edit the proxy_pass as needed...
@AliIftikhar-ul1rw Ай бұрын
sdfds
@AliIftikhar-ul1rw Ай бұрын
good explaination. But my use case is i have 2 application running on 2 port e.g. 3000 and 3001. these are my react front end. and they are both using the same backend service host at 1337. they willl the api for these. i want to implement the sso so that if the user login into any of these front end app and then reload on other it will show it login no need to login seperatelly. and then using the token they can access the backend service. can you help me with that plzzzz.
@user-gd6ye8kq2i Ай бұрын
Do I have to remove my pool ladder?
@cooptonian Ай бұрын
...no, however, for best results I would recommend it seeing as this particular robot doesn't have any kind of smart navigation technology...
@DerTim Ай бұрын
Is there a way to sync an authentik configuration? Maybe even have a configuration as code or something?
@jasonskory3688 Ай бұрын
I tried this with radar and sonarr and keep getting a ssl handshake error 525. I’ve tried everything combination of ip/host and still shows offline. If I remove the code it immediately goes online so it’s something in the code, but no idea what. Immich went perfectly though!
@cooptonian Ай бұрын
...are you in the discord? If not, I mentioned that the later versions of authentik changed the code for nginx reverse proxy manager where your app will go immediately offline if not setup prior to the update. The workaround that I have found is to copy the snippet of code from an older version of authentik OR if you already have an app up and running, copy that code from NPM and just adjust your proxy_pass as needed for whatever app you're trying to set up...
@hispeedflow Ай бұрын
YOUU ARE SUCH A FUCKING LIFESAVER YOU JUST MADE MY DAY WHENEVER YOU FEEL SAD OR DEPRESSED OR WHATEVER VALID FEELINGS JUST REMEMBER YOU MADE MANY MANY PEOPLE HAPPY THANK YOU ARIFUCKINGATOU
@quokka_yt Ай бұрын
Is it possible to have a different logo for light and dark mode? My wordmark is in white text, but in light mode you can't see it against the white background.
@cooptonian Ай бұрын
...as a workaround, you can maybe use customization (docs.goauthentik.io/docs/interfaces/user/customization#settingsthemebase) to force dark or light mode and stick to the logo that works best...otherwise, probably best to ask the dev in discord...
@quokka_yt Ай бұрын
This isn't working for me, which is weird since the login alerts work... Maybe I set it up incorrectly?
@David-gh8jm Ай бұрын
so does netdata have a login and its passing credentials somehow? I've been trying to pass credentials without any success.
@cooptonian Ай бұрын
...a login if you sign up and do the cloud thing for all those extra features... I am self-hosting and just need the most basic monitoring, so I have basic auth through my reverse proxy and this is what I pass in authentik...
@OleensEmbroidery Ай бұрын
The key to crystal clear water is keeping the organics OUT! These little units are worth their weight in gold, especially after the lawn is mowed. I would be scooping for 30 minuets and it still wouldn't be as clean.
@AmarNavi-td3cf Ай бұрын
smtplib.SMTPDataError: (554, b'5.0.0 Error: transaction failed: cannot upload attachment: [2001] Invalid input') Not working
@Darcon85 Ай бұрын
Great tutorial, especially kubernetes part. What would be great is to add section how to add SSL cert. Been struggling with that and finally gave up using IP address to access Authentic
@edungdivinefavour6977 Ай бұрын
I am using the API to create the users myself however, I want to generate a link they can click on to verify their email. How can i do this?
@xsniper001 Ай бұрын
@Cooptonian, could you do a JellyFin LDAP guide? It would be great... I am struggling to get authentik on jellyfin...
@cameronhill2true 9 күн бұрын
What are the issues that you're having? I just set up the SSO Plugin over the weekend after weeks of tinkering and figuring out how to properly configure everything. I might be able to point you in the right direction.
@xsniper001 7 күн бұрын
@@cameronhill2true I just didn`t manage to make it work. If you can create a guide how to do it I would greatly appreciate mate. Thank you.
@cameronhill2true 4 күн бұрын
@@xsniper001 I've never really done guides for this type of stuff, but it just so happens that I accidentally wiped my whole media services VM a few days ago. I'll have to reconfigure everything, so I'll have to run the process again...shame on me for not completing a proper backup. I was planning on setting it up again this weekend, so I'll try to put something together when I get to the authentication piece.
@nome3429 2 ай бұрын
Is it possible to add custom css to the flows or the user interface?
@cooptonian 2 ай бұрын
Yes you can...see these documents: docs.goauthentik.io/docs/interfaces/flow/customization#custom-css docs.goauthentik.io/docs/interfaces/user/customization#settingsthemebackground
@jonathandoe7490 2 ай бұрын
Cant seem to login to the mobile app getting API error for android have tried the following unauthenticated paths ^/api/.* ^/api2/.* ^/identity/.* ^/triggers/.* ^/meshagents.* ^/meshsettings.* ^/agent.* ^/control.* ^/meshrelay.* ^/ui.*
@cooptonian 2 ай бұрын
...double checked you are doing this for the respective provider? Not sure if it will help, but also maybe try escaping the '/' with '\/'...IF not that, just try adding $ to the end of each of those lines, for example: ^/identity/.*$
@hanley-development 2 ай бұрын
May need a refresher on MFA/Duo setup since the flows have changed. Great work!
@itzteajay 2 ай бұрын
So today I finally got webhooks working going to my ntfy instance so that's been awesome! I'm currently trying to work out how to fire a notification when a user is created through enrollment so I can assign groups based on what they need.
@boriss282 2 ай бұрын
i got qrcode to scan from windows, used android chrome for setup webauth
@rguifa 2 ай бұрын
I wish I had seen this video before!
@LeonRohr-xc4re 2 ай бұрын
Hey great vids! Unfortunatley I'm getting "Request has been denied" (Unknown error). " when using the invitation method. Link is valid and I've follwed every step in the video. Even multiple times.
@cooptonian 2 ай бұрын
...if you tried and followed every step exactly, maybe you have a caching issue. Test in either incognito mode, another browser, or from different device and/or network.
@cessna917 2 ай бұрын
This works when using an IP address, but if using a reverse proxy (swag in my case), it still prompts for MFA. Is there a way to bypass MFA if on a specific network? I tried return ak_client_ip in ip_network('192.168.0.0/24') for my LAN but it didn't work.
@richgarodnick8554 2 ай бұрын
EDIT: Looks like it works on my phone, and strangely...in Edge...but not Firefox? Firefox always prompts for 2FA.
@SuitFellow 2 ай бұрын
I just upgraded from my Ender 3 Max Neo to the X1 Carbon as well, I love it. So much easier, and what used to take 4-5 hours now takes 1-2. It's an amazing printer! You made the right call.
@cooptonian 2 ай бұрын
We both did! 😁
@marybethmacnary2899 2 ай бұрын
The ONE thing I wanted to see was HOW to connect it to the app and turn itOn floor mode only, I can NOT get mine to connect to the app
@cooptonian 2 ай бұрын
...at the time of the video Seauto didn't even have the app to even try to connect. Since your comment, I checked and now see that the app is available. I didn't run through the whole process but I went all the way to the point where the app see's the cleaner where I can tap it and connect... are you having issue after this point?
@Charlot0620 2 ай бұрын
What is the name of the app you're using?
@cooptonian 2 ай бұрын
It is the Seauto Unlock app: On Google Play: play.google.com/store/search?q=seauto%20unlock&c=apps On Apple's App Store: apps.apple.com/us/app/unlock-seauto-robot/id6502671905
@semaphoreui 2 ай бұрын
The best tutorial for Athentik LDAP. Thank you!
@cooptonian 2 ай бұрын
Glad you think so!
@andrewkyllo3170 2 ай бұрын
What a fantastic guide for people new to configuring this technology like myself. Do you have any plans in the future to make a video about enrollment with OAuth by chance?
@hamzarahabi7375 2 ай бұрын
great stuff, i want to ask, i have openvpn server on my pfsense and i want to inmpliment authentik synced with active directory, is it possible to authenticate openvpn against authentik so i can benefit from active directory and webauthn fingerprint for more hardening?