website: tenants -> brands

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
Marc 'risson' Schmitt 2023-11-21 19:09:00 +01:00
parent 59f1ef4ba0
commit 5cd6791739
No known key found for this signature in database
GPG Key ID: 9C3FA22FABF1AA8D
9 changed files with 33 additions and 34 deletions

View File

@ -6,7 +6,6 @@ from rest_framework.test import APITestCase
from authentik.core.models import User from authentik.core.models import User
from authentik.core.tests.utils import create_test_admin_user from authentik.core.tests.utils import create_test_admin_user
from authentik.lib.config import CONFIG
from authentik.tenants.utils import get_current_tenant from authentik.tenants.utils import get_current_tenant

View File

@ -1,22 +1,22 @@
--- ---
title: Tenants title: Brands
slug: /tenants slug: /brands
--- ---
authentik support soft multi-tenancy. This means that you can configure several options depending on domain, but all the objects like applications, providers, etc, are still global. This can be handy to use the same authentik instance, but branded differently for different domains. authentik support soft multi-tenancy. This means that you can configure several options depending on domain, but all the objects like applications, providers, etc, are still global. This can be handy to use the same authentik instance, but branded differently for different domains.
The main settings that tenants influence are flows and branding. The main settings that brands influence are flows and branding.
## Flows ## Flows
authentik picks a default flow by picking the flow that is selected in the current tenant, otherwise any flow that authentik picks a default flow by picking the flow that is selected in the current brand, otherwise any flow that
- matches the required designation - matches the required designation
- comes first sorted by slug - comes first sorted by slug
- is allowed by policies - is allowed by policies
This means that if you want to select a default flow based on policy, you can just leave the tenant default empty. This means that if you want to select a default flow based on policy, you can just leave the brand default empty.
## Branding ## Branding
The tenant can configure the branding title (shown in website document title and several other places), and the sidebar/header logo. The brand can configure the branding title (shown in website document title and several other places), and the sidebar/header logo.

View File

@ -100,6 +100,6 @@ services:
Afterwards, run `docker-compose up -d`, which will start certbot and generate your certificate. Within a few minutes, you'll see the certificate in your authentik interface. (If the certificate does not appear, restart the worker container. This is caused by incompatible permissions set by certbot). Afterwards, run `docker-compose up -d`, which will start certbot and generate your certificate. Within a few minutes, you'll see the certificate in your authentik interface. (If the certificate does not appear, restart the worker container. This is caused by incompatible permissions set by certbot).
Navigate to _System -> Tenants_, edit any tenant and select the certificate of your choice. Navigate to _System -> Brands_, edit any brand and select the certificate of your choice.
Keep in mind this certbot container will only run once, but there are a variety of ways to schedule regular renewals. Keep in mind this certbot container will only run once, but there are a variety of ways to schedule regular renewals.

View File

@ -8,7 +8,7 @@ Certain information is stripped from events, to ensure no passwords or other cre
## Event retention ## Event retention
The event retention is configured on a per-tenant level, with the default being set to 365 days. For events where a related tenant cannot be found, the retention is also set to 365 days. The event retention is configured on a per-brand level, with the default being set to 365 days. For events where a related brand cannot be found, the retention is also set to 365 days.
If you want to forward these events to another application, forward the log output of all authentik containers. Every event creation is logged with the log level "info". For this configuration, it is also recommended to set the internal retention pretty low (for example, `days=1`). If you want to forward these events to another application, forward the log output of all authentik containers. Every event creation is logged with the log level "info". For this configuration, it is also recommended to set the internal retention pretty low (for example, `days=1`).
@ -45,11 +45,11 @@ A user logs in (including the source, if available)
"client_ip": "::1", "client_ip": "::1",
"created": "2023-02-15T15:33:42.771091Z", "created": "2023-02-15T15:33:42.771091Z",
"expires": "2024-02-15T15:33:42.770425Z", "expires": "2024-02-15T15:33:42.770425Z",
"tenant": { "brand": {
"pk": "fcba828076b94dedb2d5a6b4c5556fa1", "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
"app": "authentik_tenants", "app": "authentik_brands",
"name": "Default tenant", "name": "Default brand",
"model_name": "tenant" "model_name": "brand"
} }
} }
``` ```
@ -93,11 +93,11 @@ A failed login attempt
"client_ip": "::1", "client_ip": "::1",
"created": "2023-02-15T15:32:55.319608Z", "created": "2023-02-15T15:32:55.319608Z",
"expires": "2024-02-15T15:32:55.314581Z", "expires": "2024-02-15T15:32:55.314581Z",
"tenant": { "brand": {
"pk": "fcba828076b94dedb2d5a6b4c5556fa1", "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
"app": "authentik_tenants", "app": "authentik_brands",
"name": "Default tenant", "name": "Default brand",
"model_name": "tenant" "model_name": "brand"
} }
} }
``` ```
@ -133,11 +133,11 @@ A user logs out.
"client_ip": "::1", "client_ip": "::1",
"created": "2023-02-15T15:39:55.976243Z", "created": "2023-02-15T15:39:55.976243Z",
"expires": "2024-02-15T15:39:55.975535Z", "expires": "2024-02-15T15:39:55.975535Z",
"tenant": { "brand": {
"pk": "fcba828076b94dedb2d5a6b4c5556fa1", "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
"app": "authentik_tenants", "app": "authentik_brands",
"name": "Default tenant", "name": "Default brand",
"model_name": "tenant" "model_name": "brand"
} }
} }
``` ```
@ -182,11 +182,11 @@ A user is written to during a flow execution.
"client_ip": "::1", "client_ip": "::1",
"created": "2023-02-15T15:41:18.411017Z", "created": "2023-02-15T15:41:18.411017Z",
"expires": "2024-02-15T15:41:18.410276Z", "expires": "2024-02-15T15:41:18.410276Z",
"tenant": { "brand": {
"pk": "fcba828076b94dedb2d5a6b4c5556fa1", "pk": "fcba828076b94dedb2d5a6b4c5556fa1",
"app": "authentik_tenants", "app": "authentik_brands",
"name": "Default tenant", "name": "Default brand",
"model_name": "tenant" "model_name": "brand"
} }
} }
``` ```
@ -257,11 +257,11 @@ A user authorizes an application.
"client_ip": "::1", "client_ip": "::1",
"created": "2023-02-15T10:02:48.615499Z", "created": "2023-02-15T10:02:48.615499Z",
"expires": "2023-04-26T10:02:48.612809Z", "expires": "2023-04-26T10:02:48.612809Z",
"tenant": { "brand": {
"pk": "10800be643d44842ab9d97cb5f898ce9", "pk": "10800be643d44842ab9d97cb5f898ce9",
"app": "authentik_tenants", "app": "authentik_brands",
"name": "Default tenant", "name": "Default brand",
"model_name": "tenant" "model_name": "brand"
} }
} }
``` ```

View File

@ -11,4 +11,4 @@ The user interface (`/if/user/`) embeds a downsized flow executor to allow the u
This executor only supports [**prompt**](../stages/prompt/) stages. If the configured flow contains another stage, a button will be shown to open the default executor. This executor only supports [**prompt**](../stages/prompt/) stages. If the configured flow contains another stage, a button will be shown to open the default executor.
Because the stages in a flow can change during it execution, this executor will redirect the user to the default interface _if_ a non-supported stage is returned. Because the stages in a flow can change during it execution, this executor will redirect the user to the default interface _if_ a non-supported stage is returned.
To configure which flow is used for this, configure it in the tenant settings. To configure which flow is used for this, configure it in the brand settings.

View File

@ -6,4 +6,4 @@ This stage configures a time-based OTP Device, such as Google Authenticator or A
You can configure how many digits should be used for the OTP Token. You can configure how many digits should be used for the OTP Token.
The Config URL's Issuer is set based on the currently active tenant's branding title. The default setup can cause issues if the same username is used on multiple authentik issues within the same authenticator app, so changing the tenant tile is recommended. The Config URL's Issuer is set based on the currently active brand's branding title. The default setup can cause issues if the same username is used on multiple authentik issues within the same authenticator app, so changing the brand title is recommended.

View File

@ -1,6 +1,6 @@
# Customization # Customization
Since flows can be executed authenticated or unauthenticated, the default settings can be set via tenants _attributes_. Since flows can be executed authenticated or unauthenticated, the default settings can be set via brands _attributes_.
### `settings.theme.base` ### `settings.theme.base`

View File

@ -6,7 +6,7 @@ This type of authentication flow is useful for devices with limited input abilit
### Requirements ### Requirements
This device flow is only possible if the active tenant has a device code flow setup. This device code flow is run _after_ the user logs in, and before the user authenticates. This device flow is only possible if the active brand has a device code flow setup. This device code flow is run _after_ the user logs in, and before the user authenticates.
authentik doesn't ship with a default flow for this usecase, so it is recommended to create a new flow for this usecase with the designation of _Stage configuration_ authentik doesn't ship with a default flow for this usecase, so it is recommended to create a new flow for this usecase with the designation of _Stage configuration_

View File

@ -36,7 +36,7 @@ const docsSidebar = {
items: [ items: [
"core/terminology", "core/terminology",
"core/applications", "core/applications",
"core/tenants", "core/brands",
"core/certificates", "core/certificates",
"core/geoip", "core/geoip",
"core/architecture", "core/architecture",