This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/integrations/services/immich/index.md

49 lines
1.8 KiB
Markdown
Raw Permalink Normal View History

---
title: Immich
---
<span class="badge badge--secondary">Support level: Community</span>
## What is Immich
> Immich is a self-hosted backup solution for photos and videos on mobile devices.
>
> -- https://immich.app/
## Preparation
The following placeholders will be used:
- `https://immich.company` is the URL used to access the Immich instance.
- `authentik.company` is the FQDN of the authentik install.
## authentik configuration
1. Create a new OAuth2/OpenID Provider using the following settings:
- **Name**: Immich
- **Authentication flow**: default-authentication-flow
- **Authorization flow**: default-provider-authorization-explicit-consent
- **Client type**: Confidential
- **Client ID**: Either create your own Client ID or make a note of the auto-populated one
- **Client Secret**: Either create your own Client Secret or make a note of the auto-populated one
- **Redirect URIs/Origins (RegEx)**:
_Please note that the following URIs are just examples. Be sure to include all of the domains / URLs that you will use to access Immich._
- app.immich:/
- https://immich.company/auth/login
- https://immich.company/user-settings
- **Signing Key**: authentik Self-signed Certificate
- Leave everything else as default
2. Open the new provider you've just created.
3. Make a note of the **OpenID Configuration Issuer**.
## Immich Configuration
Immich documentation can be found here: https://immich.app/docs/administration/oauth
1. In Immich, navigate to **Administration** > **Settings** > **OAuth Authentication**
2. Configure Immich as follows:
- **Issuer URL**: Populate this field with the `OpenID Configuration Issuer`
- **Client ID**: Enter your Client ID from authentik
- **Client Secret**: Enter your Client Secret from authentik
- **Scope**: `openid email profile`