website: add Firezone integration (#5945)

* website: Add Firezone integration * website: Add Firezone integration * Apply suggestions from code review Signed-off-by: Jens L. <jens@beryju.org> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens L. <jens@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Darrin Walton <darrinw@obsidian-group.co> Co-authored-by: Jens L <jens@beryju.org> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-06-22 07:26:48 -04:00 · 2023-06-22 07:26:48 -04:00 · 724bb59c0e
parent b163c38cc5
commit 724bb59c0e
2 changed files with 61 additions and 0 deletions
--- a/website/integrations/services/firezone/index.md
+++ b/website/integrations/services/firezone/index.md
@ -0,0 +1,60 @@
+---
+title: Firezone
+---
+
+<span class="badge badge--secondary">Support level: Community</span>
+
+## What is Firezone
+
+From https://www.firezone.dev
+
+:::note
+Firezone is an open-source remote access platform built on WireGuard?, a modern VPN protocol that's 4-6x faster than OpenVPN.
+Deploy on your infrastructure and start onboarding users in minutes.
+:::
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `firezone.company` is the FQDN of the Firezone install.
+-   `authenik` is the unique ID used to generate logins for this provider.
+-   `authentik.company` is the FQDN of the authentik install.
+
+Create an OAuth2/OpenID provider with the following parameters:
+
+-   Client type: `Confidential`
+-   Redirect URIs/Origins: `Redirect URI from Firezone Config`
+-   Signing Key: `<Select your certificate>`
+-   Click: `Finish`
+
+Note the Client ID and Client Secret value. Create an application using the provider you've created above.
+
+## Firezone Config
+
+-   Click _Security_ under Settings
+-   Under _Single Sign-On_, click on _Add OpenID Connect Provider_
+-   Config ID: `authentik`
+-   Label: `Text to display on the Login button`
+-   Scope: `(leave default of "openid email profile")`
+-   Response type: `(leave default of 'code')
+-   Client ID: `Taken from Authentik Provider Config`
+-   Client Secret: `Taken from Authentik Provider Config`
+-   Discovery Document URI: `OpenID Configuration URL from Authentik`
+-   Redirect URI: `https://firezone.company/auth/oidc/<ConfigID>/callback/`
+    :::note
+    You should be able to leave the default Rediret URL
+    :::
+-   Auto-create Users: Enabled in order to automatically provision users when signing in the first time.
+-   Click _Save_,
+
+Although local authentication is quick and easy to get started with, you can limit attack surface by disabling local authentication altogether. For production deployments it's usually a good idea to disable local authentication and enforce MFA through authentik.
+
+:::info
+In case something goes wrong with the configuration, you can temporarily re-enable local authentication via the REST API or by following instructions from https://www.firezone.dev/docs/administer/troubleshoot/#re-enable-local-authentication-via-cli.
+:::
+
+## Additional Resources
+
+-   https://www.firezone.dev/docs/authenticate/oidc/
+-   https://www.firezone.dev/docs/administer/troubleshoot/#re-enable-local-authentication-via-cli
--- a/website/sidebarsIntegrations.js
+++ b/website/sidebarsIntegrations.js
@ -63,6 +63,7 @@ module.exports = {
                        "services/apache-guacamole/index",
                        "services/argocd/index",
                        "services/awx-tower/index",
+                        "services/firezone/index",
                        "services/fortimanager/index",
                        "services/harbor/index",
                        "services/hashicorp-vault/index",