diff --git a/website/docs/providers/proxy/forward_auth.mdx b/website/docs/providers/proxy/forward_auth.mdx index 3794db5dc..0ebe032cf 100644 --- a/website/docs/providers/proxy/forward_auth.mdx +++ b/website/docs/providers/proxy/forward_auth.mdx @@ -7,11 +7,19 @@ Using forward auth uses your existing reverse proxy to do the proxying, and only To use forward auth instead of proxying, you have to change a couple of settings. In the Proxy Provider, make sure to use one of the Forward auth modes. -## Single application +## Forward auth modes + +The only configuration difference between single application mode and domain level mode is the host that you specify. + +For single application, you'd use the domain that the application is running on, and only `/outpost.goauthentik.io` is redirected to the outpost. + +For domain level, you'd use the same domain as authentik. + +### Single application Single application mode works for a single application hosted on its dedicated subdomain. This has the advantage that you can still do per-application access policies in authentik. -## Domain level +### Domain level To use forward auth instead of proxying, you have to change a couple of settings. In the Proxy Provider, make sure to use the _Forward auth (domain level)_ mode. @@ -21,10 +29,13 @@ This mode differs from the _Forward auth (single application)_ mode in the follo - You don't have to configure an application in authentik for each domain - Users don't have to authorize multiple times -There are however also some downsides, mainly the fact that you **can't** restrict individual applications to different users. +There are, however, also some downsides, mainly the fact that you **can't** restrict individual applications to different users. -The only configuration difference between single application and domain level is the host you specify. +## Configuration templates -For single application, you'd use the domain which the application is running on, and only `/outpost.goauthentik.io` is redirected to the outpost. +For configuration templates for each web server, refer to the following: -For domain level, you'd use the same domain as authentik. +import DocCardList from "@theme/DocCardList"; +import { useCurrentSidebarCategory } from "@docusaurus/theme-common"; + +