From d9b3e307e3fba37f8c5ad90249e52a2c8c11891e Mon Sep 17 00:00:00 2001 From: Jens L Date: Thu, 26 Oct 2023 15:10:17 +0200 Subject: [PATCH] website/docs: add 2023.10 release notes (#7309) Signed-off-by: Jens Langhammer --- website/docs/releases/2023/v2023.10.md | 2891 ++++++++++++++++++++++++ website/sidebars.js | 3 +- 2 files changed, 2893 insertions(+), 1 deletion(-) create mode 100644 website/docs/releases/2023/v2023.10.md diff --git a/website/docs/releases/2023/v2023.10.md b/website/docs/releases/2023/v2023.10.md new file mode 100644 index 000000000..1ae4203e8 --- /dev/null +++ b/website/docs/releases/2023/v2023.10.md @@ -0,0 +1,2891 @@ +--- +title: Release 2023.10 +slug: "/releases/2023.10" +--- + + + +## New features + +- RBAC (preview) + + With this release we're introducing the ability to finely configure permissions within authentik. These permissions can be used to delegate different tasks, such as user management, application creation and more to users without granting them full superuser permissions. With this system, a least-privilege system can also be implemented much more easily. See more info [here](../../user-group-role/access-control/index.mdx) + +- LDAP Provider improvements + + The LDAP Provider now has an expanded schema, increasing the compatibility with clients that use the LDAP schema to parse data and .net applications on Windows. + +- Improved Proxy provider logout + + The proxy provider will now terminate all sessions when a user logs out of authentik or their session expires. + +- LDAP Source structure mirroring + + The LDAP Source has a new default property mapping called `authentik default LDAP Mapping: DN to User Path` which will map the LDAP users' DN to the user path in authentik, keeping the same structure as the directory the source syncs from. + +- OAuth Source OIDC auto-refresh + + OAuth sources that have a _OIDC Well-known URL_ or _OIDC JWKS URL_ set will periodically be updated to use the correct configuration based on the configured URLs. + +## Upgrading + +This release does not introduce any new requirements. + +### docker-compose + +To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands: + +``` +wget -O docker-compose.yml https://goauthentik.io/version/2023.10/docker-compose.yml +docker-compose up -d +``` + +The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name. + +### Kubernetes + +Upgrade the Helm Chart to the new version, using the following commands: + +```shell +helm repo update +helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10 +``` + +## Minor changes/fixes + +- blueprints: fix mismatched user-login stage order (#7030) +- ci: test with postgres 16 +- core/api: add uuid field to core api user http response (#7110) +- core: Initial RBAC (#6806) +- core: Use branding_title in the end session page (#7282) +- core: prevent self-impersonation (#6885) +- core: remove celery's duplicate max_tasks_per_child (#6840) +- events: fix error when storing events with date/time/datetime/etc (#7028) +- flows: remove need for post() wrapper by using dispatch (#6765) +- flows: stage_invalid() makes flow restart depending on invalid_response_action setting (#6780) +- outposts: use channel groups instead of saving channel names (#7183) +- policies/reputation: require either check to be enabled (#6764) +- policies: fix cached policy metric (#7068) +- providers/ldap: add windows adsi support (#7098) +- providers/proxy: improve SLO by backchannel logging out sessions (#7099) +- providers/radius: TOTP MFA support (#7217) +- providers/saml: add default RelayState value for IDP-initiated requests (#7100) +- providers/saml: set WantAuthnRequestsSigned in metadata (#6851) +- providers/scim: check that a provider exists before starting scim task (#6841) +- providers/scim: remove preview banner (#7166) +- root: add option to disable beat when running worker (#6849) +- root: connect to backend via socket (#6720) +- root: disable APPEND_SLASH (#6928) +- root: extended flow and policy metrics (#7067) +- root: handle SIGHUP and SIGUSR2, healthcheck gunicorn (#6630) +- root: make Celery worker concurrency configurable (#6837) +- root: replace boj/redistore with vendored version of rbcervilla/redisstore (#6988) +- sources/ldap: add default property mapping to mirror directory structure (#6990) +- sources/ldap: add lock to sync (#6930) +- sources/ldap: add warning when a property mapping returns None or bytes (#6913) +- sources/ldap: fix FreeIPA nsaccountlock sync (#6745) +- sources/ldap: fix attribute path resolution (#7090) +- sources/ldap: fix inverted interpretation of FreeIPA nsaccountlock (#6877) +- sources/ldap: fix task timeout for ldap_sync_all and ldap_sync_single (#6809) +- sources/oauth: fix oidc well-known parsing (#7248) +- sources/oauth: include default JWKS URLs for OAuth sources (#6992) +- sources/oauth: periodically update OAuth sources' OIDC configuration (#7245) +- stages/authenticator_sms: fix error when phone number from context already exists (#7264) +- stages/authenticator: vendor otp (#6741) +- stages/deny: add custom message (#7144) +- stages/email: Fix query parameters getting lost in Email links (#5376) +- stages/email: rework email templates (#7029) +- stages/invitation: fix mis-matched serializer class for invitation (#7018) +- stages/password: fix failed_attempts_before_cancel allowing one too many (#6763) +- web/admin: add additional Flow info (#7155) +- web/admin: fix application icon size (#6738) +- web/admin: fix flow-search not being able to unset (#6838) +- web/admin: fix not being able to unset certificates (#6767) +- web/admin: fix prompt form and codemirror mode (#7231) +- web/admin: fix webauthn label order, add raw value (#6905) +- web/admin: improve user email button labels (#7233) +- web/admin: invitation stage: default "continue without invitation" to false +- web/admin: use `
` for order field on bound elements (#7031)
+-   web/admin: user details few tooltip buttons (#6899)
+-   web/flows: fix plex login not opening new tab on mobile safari (#7050)
+-   web/user: fix incorrect link to admin interface (#6993)
+-   web/user: fix unenrollment flow not being shown (#6972)
+-   web: change 'Attributes' to 'Custom attributes' on Invitation Field (#7145)
+-   web: the return of pseudolocalization (#7190)
+
+## API Changes
+
+#### What's New
+
+---
+
+##### `PUT` /core/transactional/applications/
+
+##### `GET` /rbac/permissions/
+
+##### `GET` /rbac/permissions/{id}/
+
+##### `GET` /rbac/permissions/assigned_by_roles/
+
+##### `POST` /rbac/permissions/assigned_by_roles/{uuid}/assign/
+
+##### `PATCH` /rbac/permissions/assigned_by_roles/{uuid}/unassign/
+
+##### `GET` /rbac/permissions/assigned_by_users/
+
+##### `POST` /rbac/permissions/assigned_by_users/{id}/assign/
+
+##### `PATCH` /rbac/permissions/assigned_by_users/{id}/unassign/
+
+##### `GET` /rbac/permissions/roles/
+
+##### `GET` /rbac/permissions/users/
+
+##### `GET` /rbac/roles/
+
+##### `POST` /rbac/roles/
+
+##### `GET` /rbac/roles/{uuid}/
+
+##### `PUT` /rbac/roles/{uuid}/
+
+##### `DELETE` /rbac/roles/{uuid}/
+
+##### `PATCH` /rbac/roles/{uuid}/
+
+##### `GET` /rbac/roles/{uuid}/used_by/
+
+#### What's Changed
+
+---
+
+##### `GET` /authenticators/admin/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `PUT` /authenticators/admin/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `DELETE` /authenticators/admin/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `PATCH` /authenticators/admin/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `GET` /authenticators/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `PUT` /authenticators/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `DELETE` /authenticators/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `PATCH` /authenticators/totp/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `POST` /core/groups/{group_uuid}/add_user/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+##### `POST` /core/groups/{group_uuid}/remove_user/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+##### `GET` /enterprise/license/{license_uuid}/
+
+###### Parameters:
+
+Changed: `license_uuid` in `path`
+
+> A UUID string identifying this License.
+
+##### `PUT` /enterprise/license/{license_uuid}/
+
+###### Parameters:
+
+Changed: `license_uuid` in `path`
+
+> A UUID string identifying this License.
+
+##### `DELETE` /enterprise/license/{license_uuid}/
+
+###### Parameters:
+
+Changed: `license_uuid` in `path`
+
+> A UUID string identifying this License.
+
+##### `PATCH` /enterprise/license/{license_uuid}/
+
+###### Parameters:
+
+Changed: `license_uuid` in `path`
+
+> A UUID string identifying this License.
+
+##### `GET` /outposts/instances/{uuid}/health/
+
+###### Parameters:
+
+Changed: `uuid` in `path`
+
+> A UUID string identifying this Outpost.
+
+##### `GET` /outposts/radius/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `mfa_support` (boolean)
+        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `GET` /policies/event_matcher/{policy_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `app` (string)
+
+        > -   `authentik.admin` - authentik Admin
+        > -   `authentik.api` - authentik API
+        > -   `authentik.crypto` - authentik Crypto
+        > -   `authentik.events` - authentik Events
+        > -   `authentik.flows` - authentik Flows
+        > -   `authentik.outposts` - authentik Outpost
+        > -   `authentik.policies.dummy` - authentik Policies.Dummy
+        > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+        > -   `authentik.policies.expiry` - authentik Policies.Expiry
+        > -   `authentik.policies.expression` - authentik Policies.Expression
+        > -   `authentik.policies.password` - authentik Policies.Password
+        > -   `authentik.policies.reputation` - authentik Policies.Reputation
+        > -   `authentik.policies` - authentik Policies
+        > -   `authentik.providers.ldap` - authentik Providers.LDAP
+        > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+        > -   `authentik.providers.proxy` - authentik Providers.Proxy
+        > -   `authentik.providers.radius` - authentik Providers.Radius
+        > -   `authentik.providers.saml` - authentik Providers.SAML
+        > -   `authentik.providers.scim` - authentik Providers.SCIM
+        > -   `authentik.rbac` - authentik RBAC
+        > -   `authentik.recovery` - authentik Recovery
+        > -   `authentik.sources.ldap` - authentik Sources.LDAP
+        > -   `authentik.sources.oauth` - authentik Sources.OAuth
+        > -   `authentik.sources.plex` - authentik Sources.Plex
+        > -   `authentik.sources.saml` - authentik Sources.SAML
+        > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+        > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+        > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+        > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+        > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+        > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+        > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+        > -   `authentik.stages.captcha` - authentik Stages.Captcha
+        > -   `authentik.stages.consent` - authentik Stages.Consent
+        > -   `authentik.stages.deny` - authentik Stages.Deny
+        > -   `authentik.stages.dummy` - authentik Stages.Dummy
+        > -   `authentik.stages.email` - authentik Stages.Email
+        > -   `authentik.stages.identification` - authentik Stages.Identification
+        > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+        > -   `authentik.stages.password` - authentik Stages.Password
+        > -   `authentik.stages.prompt` - authentik Stages.Prompt
+        > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+        > -   `authentik.stages.user_login` - authentik Stages.User Login
+        > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+        > -   `authentik.stages.user_write` - authentik Stages.User Write
+        > -   `authentik.tenants` - authentik Tenants
+        > -   `authentik.blueprints` - authentik Blueprints
+        > -   `authentik.core` - authentik Core
+        > -   `authentik.enterprise` - authentik Enterprise
+
+        Added enum values:
+
+        -   `authentik.rbac`
+        -   `authentik.stages.authenticator`
+
+    -   Changed property `model` (string)
+
+        > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+        > -   `authentik_events.event` - Event
+        > -   `authentik_events.notificationtransport` - Notification Transport
+        > -   `authentik_events.notification` - Notification
+        > -   `authentik_events.notificationrule` - Notification Rule
+        > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+        > -   `authentik_flows.flow` - Flow
+        > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+        > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+        > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+        > -   `authentik_outposts.outpost` - Outpost
+        > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+        > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+        > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+        > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+        > -   `authentik_policies_password.passwordpolicy` - Password Policy
+        > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+        > -   `authentik_policies_reputation.reputation` - Reputation Score
+        > -   `authentik_policies.policybinding` - Policy Binding
+        > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+        > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+        > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+        > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+        > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+        > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+        > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+        > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+        > -   `authentik_providers_saml.samlprovider` - SAML Provider
+        > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+        > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+        > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+        > -   `authentik_rbac.role` - Role
+        > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+        > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+        > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+        > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+        > -   `authentik_sources_plex.plexsource` - Plex Source
+        > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+        > -   `authentik_sources_saml.samlsource` - SAML Source
+        > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+        > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+        > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+        > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+        > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+        > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+        > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+        > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+        > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+        > -   `authentik_stages_consent.consentstage` - Consent Stage
+        > -   `authentik_stages_consent.userconsent` - User Consent
+        > -   `authentik_stages_deny.denystage` - Deny Stage
+        > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+        > -   `authentik_stages_email.emailstage` - Email Stage
+        > -   `authentik_stages_identification.identificationstage` - Identification Stage
+        > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+        > -   `authentik_stages_invitation.invitation` - Invitation
+        > -   `authentik_stages_password.passwordstage` - Password Stage
+        > -   `authentik_stages_prompt.prompt` - Prompt
+        > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+        > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+        > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+        > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+        > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+        > -   `authentik_tenants.tenant` - Tenant
+        > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+        > -   `authentik_core.group` - Group
+        > -   `authentik_core.user` - User
+        > -   `authentik_core.application` - Application
+        > -   `authentik_core.token` - Token
+        > -   `authentik_enterprise.license` - License
+
+        Added enum values:
+
+        -   `authentik_rbac.role`
+        -   `authentik_stages_authenticator_static.staticdevice`
+        -   `authentik_stages_authenticator_totp.totpdevice`
+        -   `authentik_enterprise.license`
+
+##### `PUT` /policies/event_matcher/{policy_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Changed property `app` (string)
+
+    > -   `authentik.admin` - authentik Admin
+    > -   `authentik.api` - authentik API
+    > -   `authentik.crypto` - authentik Crypto
+    > -   `authentik.events` - authentik Events
+    > -   `authentik.flows` - authentik Flows
+    > -   `authentik.outposts` - authentik Outpost
+    > -   `authentik.policies.dummy` - authentik Policies.Dummy
+    > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+    > -   `authentik.policies.expiry` - authentik Policies.Expiry
+    > -   `authentik.policies.expression` - authentik Policies.Expression
+    > -   `authentik.policies.password` - authentik Policies.Password
+    > -   `authentik.policies.reputation` - authentik Policies.Reputation
+    > -   `authentik.policies` - authentik Policies
+    > -   `authentik.providers.ldap` - authentik Providers.LDAP
+    > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+    > -   `authentik.providers.proxy` - authentik Providers.Proxy
+    > -   `authentik.providers.radius` - authentik Providers.Radius
+    > -   `authentik.providers.saml` - authentik Providers.SAML
+    > -   `authentik.providers.scim` - authentik Providers.SCIM
+    > -   `authentik.rbac` - authentik RBAC
+    > -   `authentik.recovery` - authentik Recovery
+    > -   `authentik.sources.ldap` - authentik Sources.LDAP
+    > -   `authentik.sources.oauth` - authentik Sources.OAuth
+    > -   `authentik.sources.plex` - authentik Sources.Plex
+    > -   `authentik.sources.saml` - authentik Sources.SAML
+    > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+    > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+    > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+    > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+    > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+    > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+    > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+    > -   `authentik.stages.captcha` - authentik Stages.Captcha
+    > -   `authentik.stages.consent` - authentik Stages.Consent
+    > -   `authentik.stages.deny` - authentik Stages.Deny
+    > -   `authentik.stages.dummy` - authentik Stages.Dummy
+    > -   `authentik.stages.email` - authentik Stages.Email
+    > -   `authentik.stages.identification` - authentik Stages.Identification
+    > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+    > -   `authentik.stages.password` - authentik Stages.Password
+    > -   `authentik.stages.prompt` - authentik Stages.Prompt
+    > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+    > -   `authentik.stages.user_login` - authentik Stages.User Login
+    > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+    > -   `authentik.stages.user_write` - authentik Stages.User Write
+    > -   `authentik.tenants` - authentik Tenants
+    > -   `authentik.blueprints` - authentik Blueprints
+    > -   `authentik.core` - authentik Core
+    > -   `authentik.enterprise` - authentik Enterprise
+
+    Added enum values:
+
+    -   `authentik.rbac`
+    -   `authentik.stages.authenticator`
+
+-   Changed property `model` (string)
+
+    > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+    > -   `authentik_events.event` - Event
+    > -   `authentik_events.notificationtransport` - Notification Transport
+    > -   `authentik_events.notification` - Notification
+    > -   `authentik_events.notificationrule` - Notification Rule
+    > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+    > -   `authentik_flows.flow` - Flow
+    > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+    > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+    > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+    > -   `authentik_outposts.outpost` - Outpost
+    > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+    > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+    > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+    > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+    > -   `authentik_policies_password.passwordpolicy` - Password Policy
+    > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+    > -   `authentik_policies_reputation.reputation` - Reputation Score
+    > -   `authentik_policies.policybinding` - Policy Binding
+    > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+    > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+    > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+    > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+    > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+    > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+    > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+    > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+    > -   `authentik_providers_saml.samlprovider` - SAML Provider
+    > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+    > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+    > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+    > -   `authentik_rbac.role` - Role
+    > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+    > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+    > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+    > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+    > -   `authentik_sources_plex.plexsource` - Plex Source
+    > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+    > -   `authentik_sources_saml.samlsource` - SAML Source
+    > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+    > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+    > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+    > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+    > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+    > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+    > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+    > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+    > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+    > -   `authentik_stages_consent.consentstage` - Consent Stage
+    > -   `authentik_stages_consent.userconsent` - User Consent
+    > -   `authentik_stages_deny.denystage` - Deny Stage
+    > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+    > -   `authentik_stages_email.emailstage` - Email Stage
+    > -   `authentik_stages_identification.identificationstage` - Identification Stage
+    > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+    > -   `authentik_stages_invitation.invitation` - Invitation
+    > -   `authentik_stages_password.passwordstage` - Password Stage
+    > -   `authentik_stages_prompt.prompt` - Prompt
+    > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+    > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+    > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+    > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+    > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+    > -   `authentik_tenants.tenant` - Tenant
+    > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+    > -   `authentik_core.group` - Group
+    > -   `authentik_core.user` - User
+    > -   `authentik_core.application` - Application
+    > -   `authentik_core.token` - Token
+    > -   `authentik_enterprise.license` - License
+
+    Added enum values:
+
+    -   `authentik_rbac.role`
+    -   `authentik_stages_authenticator_static.staticdevice`
+    -   `authentik_stages_authenticator_totp.totpdevice`
+    -   `authentik_enterprise.license`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `app` (string)
+
+        > -   `authentik.admin` - authentik Admin
+        > -   `authentik.api` - authentik API
+        > -   `authentik.crypto` - authentik Crypto
+        > -   `authentik.events` - authentik Events
+        > -   `authentik.flows` - authentik Flows
+        > -   `authentik.outposts` - authentik Outpost
+        > -   `authentik.policies.dummy` - authentik Policies.Dummy
+        > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+        > -   `authentik.policies.expiry` - authentik Policies.Expiry
+        > -   `authentik.policies.expression` - authentik Policies.Expression
+        > -   `authentik.policies.password` - authentik Policies.Password
+        > -   `authentik.policies.reputation` - authentik Policies.Reputation
+        > -   `authentik.policies` - authentik Policies
+        > -   `authentik.providers.ldap` - authentik Providers.LDAP
+        > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+        > -   `authentik.providers.proxy` - authentik Providers.Proxy
+        > -   `authentik.providers.radius` - authentik Providers.Radius
+        > -   `authentik.providers.saml` - authentik Providers.SAML
+        > -   `authentik.providers.scim` - authentik Providers.SCIM
+        > -   `authentik.rbac` - authentik RBAC
+        > -   `authentik.recovery` - authentik Recovery
+        > -   `authentik.sources.ldap` - authentik Sources.LDAP
+        > -   `authentik.sources.oauth` - authentik Sources.OAuth
+        > -   `authentik.sources.plex` - authentik Sources.Plex
+        > -   `authentik.sources.saml` - authentik Sources.SAML
+        > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+        > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+        > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+        > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+        > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+        > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+        > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+        > -   `authentik.stages.captcha` - authentik Stages.Captcha
+        > -   `authentik.stages.consent` - authentik Stages.Consent
+        > -   `authentik.stages.deny` - authentik Stages.Deny
+        > -   `authentik.stages.dummy` - authentik Stages.Dummy
+        > -   `authentik.stages.email` - authentik Stages.Email
+        > -   `authentik.stages.identification` - authentik Stages.Identification
+        > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+        > -   `authentik.stages.password` - authentik Stages.Password
+        > -   `authentik.stages.prompt` - authentik Stages.Prompt
+        > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+        > -   `authentik.stages.user_login` - authentik Stages.User Login
+        > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+        > -   `authentik.stages.user_write` - authentik Stages.User Write
+        > -   `authentik.tenants` - authentik Tenants
+        > -   `authentik.blueprints` - authentik Blueprints
+        > -   `authentik.core` - authentik Core
+        > -   `authentik.enterprise` - authentik Enterprise
+
+        Added enum values:
+
+        -   `authentik.rbac`
+        -   `authentik.stages.authenticator`
+
+    -   Changed property `model` (string)
+
+        > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+        > -   `authentik_events.event` - Event
+        > -   `authentik_events.notificationtransport` - Notification Transport
+        > -   `authentik_events.notification` - Notification
+        > -   `authentik_events.notificationrule` - Notification Rule
+        > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+        > -   `authentik_flows.flow` - Flow
+        > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+        > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+        > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+        > -   `authentik_outposts.outpost` - Outpost
+        > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+        > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+        > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+        > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+        > -   `authentik_policies_password.passwordpolicy` - Password Policy
+        > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+        > -   `authentik_policies_reputation.reputation` - Reputation Score
+        > -   `authentik_policies.policybinding` - Policy Binding
+        > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+        > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+        > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+        > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+        > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+        > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+        > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+        > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+        > -   `authentik_providers_saml.samlprovider` - SAML Provider
+        > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+        > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+        > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+        > -   `authentik_rbac.role` - Role
+        > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+        > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+        > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+        > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+        > -   `authentik_sources_plex.plexsource` - Plex Source
+        > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+        > -   `authentik_sources_saml.samlsource` - SAML Source
+        > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+        > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+        > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+        > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+        > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+        > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+        > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+        > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+        > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+        > -   `authentik_stages_consent.consentstage` - Consent Stage
+        > -   `authentik_stages_consent.userconsent` - User Consent
+        > -   `authentik_stages_deny.denystage` - Deny Stage
+        > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+        > -   `authentik_stages_email.emailstage` - Email Stage
+        > -   `authentik_stages_identification.identificationstage` - Identification Stage
+        > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+        > -   `authentik_stages_invitation.invitation` - Invitation
+        > -   `authentik_stages_password.passwordstage` - Password Stage
+        > -   `authentik_stages_prompt.prompt` - Prompt
+        > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+        > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+        > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+        > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+        > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+        > -   `authentik_tenants.tenant` - Tenant
+        > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+        > -   `authentik_core.group` - Group
+        > -   `authentik_core.user` - User
+        > -   `authentik_core.application` - Application
+        > -   `authentik_core.token` - Token
+        > -   `authentik_enterprise.license` - License
+
+        Added enum values:
+
+        -   `authentik_rbac.role`
+        -   `authentik_stages_authenticator_static.staticdevice`
+        -   `authentik_stages_authenticator_totp.totpdevice`
+        -   `authentik_enterprise.license`
+
+##### `PATCH` /policies/event_matcher/{policy_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Changed property `app` (string)
+
+    > -   `authentik.admin` - authentik Admin
+    > -   `authentik.api` - authentik API
+    > -   `authentik.crypto` - authentik Crypto
+    > -   `authentik.events` - authentik Events
+    > -   `authentik.flows` - authentik Flows
+    > -   `authentik.outposts` - authentik Outpost
+    > -   `authentik.policies.dummy` - authentik Policies.Dummy
+    > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+    > -   `authentik.policies.expiry` - authentik Policies.Expiry
+    > -   `authentik.policies.expression` - authentik Policies.Expression
+    > -   `authentik.policies.password` - authentik Policies.Password
+    > -   `authentik.policies.reputation` - authentik Policies.Reputation
+    > -   `authentik.policies` - authentik Policies
+    > -   `authentik.providers.ldap` - authentik Providers.LDAP
+    > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+    > -   `authentik.providers.proxy` - authentik Providers.Proxy
+    > -   `authentik.providers.radius` - authentik Providers.Radius
+    > -   `authentik.providers.saml` - authentik Providers.SAML
+    > -   `authentik.providers.scim` - authentik Providers.SCIM
+    > -   `authentik.rbac` - authentik RBAC
+    > -   `authentik.recovery` - authentik Recovery
+    > -   `authentik.sources.ldap` - authentik Sources.LDAP
+    > -   `authentik.sources.oauth` - authentik Sources.OAuth
+    > -   `authentik.sources.plex` - authentik Sources.Plex
+    > -   `authentik.sources.saml` - authentik Sources.SAML
+    > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+    > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+    > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+    > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+    > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+    > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+    > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+    > -   `authentik.stages.captcha` - authentik Stages.Captcha
+    > -   `authentik.stages.consent` - authentik Stages.Consent
+    > -   `authentik.stages.deny` - authentik Stages.Deny
+    > -   `authentik.stages.dummy` - authentik Stages.Dummy
+    > -   `authentik.stages.email` - authentik Stages.Email
+    > -   `authentik.stages.identification` - authentik Stages.Identification
+    > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+    > -   `authentik.stages.password` - authentik Stages.Password
+    > -   `authentik.stages.prompt` - authentik Stages.Prompt
+    > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+    > -   `authentik.stages.user_login` - authentik Stages.User Login
+    > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+    > -   `authentik.stages.user_write` - authentik Stages.User Write
+    > -   `authentik.tenants` - authentik Tenants
+    > -   `authentik.blueprints` - authentik Blueprints
+    > -   `authentik.core` - authentik Core
+    > -   `authentik.enterprise` - authentik Enterprise
+
+    Added enum values:
+
+    -   `authentik.rbac`
+    -   `authentik.stages.authenticator`
+
+-   Changed property `model` (string)
+
+    > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+    > -   `authentik_events.event` - Event
+    > -   `authentik_events.notificationtransport` - Notification Transport
+    > -   `authentik_events.notification` - Notification
+    > -   `authentik_events.notificationrule` - Notification Rule
+    > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+    > -   `authentik_flows.flow` - Flow
+    > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+    > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+    > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+    > -   `authentik_outposts.outpost` - Outpost
+    > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+    > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+    > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+    > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+    > -   `authentik_policies_password.passwordpolicy` - Password Policy
+    > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+    > -   `authentik_policies_reputation.reputation` - Reputation Score
+    > -   `authentik_policies.policybinding` - Policy Binding
+    > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+    > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+    > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+    > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+    > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+    > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+    > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+    > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+    > -   `authentik_providers_saml.samlprovider` - SAML Provider
+    > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+    > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+    > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+    > -   `authentik_rbac.role` - Role
+    > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+    > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+    > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+    > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+    > -   `authentik_sources_plex.plexsource` - Plex Source
+    > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+    > -   `authentik_sources_saml.samlsource` - SAML Source
+    > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+    > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+    > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+    > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+    > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+    > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+    > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+    > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+    > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+    > -   `authentik_stages_consent.consentstage` - Consent Stage
+    > -   `authentik_stages_consent.userconsent` - User Consent
+    > -   `authentik_stages_deny.denystage` - Deny Stage
+    > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+    > -   `authentik_stages_email.emailstage` - Email Stage
+    > -   `authentik_stages_identification.identificationstage` - Identification Stage
+    > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+    > -   `authentik_stages_invitation.invitation` - Invitation
+    > -   `authentik_stages_password.passwordstage` - Password Stage
+    > -   `authentik_stages_prompt.prompt` - Prompt
+    > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+    > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+    > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+    > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+    > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+    > -   `authentik_tenants.tenant` - Tenant
+    > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+    > -   `authentik_core.group` - Group
+    > -   `authentik_core.user` - User
+    > -   `authentik_core.application` - Application
+    > -   `authentik_core.token` - Token
+    > -   `authentik_enterprise.license` - License
+
+    Added enum values:
+
+    -   `authentik_rbac.role`
+    -   `authentik_stages_authenticator_static.staticdevice`
+    -   `authentik_stages_authenticator_totp.totpdevice`
+    -   `authentik_enterprise.license`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `app` (string)
+
+        > -   `authentik.admin` - authentik Admin
+        > -   `authentik.api` - authentik API
+        > -   `authentik.crypto` - authentik Crypto
+        > -   `authentik.events` - authentik Events
+        > -   `authentik.flows` - authentik Flows
+        > -   `authentik.outposts` - authentik Outpost
+        > -   `authentik.policies.dummy` - authentik Policies.Dummy
+        > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+        > -   `authentik.policies.expiry` - authentik Policies.Expiry
+        > -   `authentik.policies.expression` - authentik Policies.Expression
+        > -   `authentik.policies.password` - authentik Policies.Password
+        > -   `authentik.policies.reputation` - authentik Policies.Reputation
+        > -   `authentik.policies` - authentik Policies
+        > -   `authentik.providers.ldap` - authentik Providers.LDAP
+        > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+        > -   `authentik.providers.proxy` - authentik Providers.Proxy
+        > -   `authentik.providers.radius` - authentik Providers.Radius
+        > -   `authentik.providers.saml` - authentik Providers.SAML
+        > -   `authentik.providers.scim` - authentik Providers.SCIM
+        > -   `authentik.rbac` - authentik RBAC
+        > -   `authentik.recovery` - authentik Recovery
+        > -   `authentik.sources.ldap` - authentik Sources.LDAP
+        > -   `authentik.sources.oauth` - authentik Sources.OAuth
+        > -   `authentik.sources.plex` - authentik Sources.Plex
+        > -   `authentik.sources.saml` - authentik Sources.SAML
+        > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+        > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+        > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+        > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+        > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+        > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+        > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+        > -   `authentik.stages.captcha` - authentik Stages.Captcha
+        > -   `authentik.stages.consent` - authentik Stages.Consent
+        > -   `authentik.stages.deny` - authentik Stages.Deny
+        > -   `authentik.stages.dummy` - authentik Stages.Dummy
+        > -   `authentik.stages.email` - authentik Stages.Email
+        > -   `authentik.stages.identification` - authentik Stages.Identification
+        > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+        > -   `authentik.stages.password` - authentik Stages.Password
+        > -   `authentik.stages.prompt` - authentik Stages.Prompt
+        > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+        > -   `authentik.stages.user_login` - authentik Stages.User Login
+        > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+        > -   `authentik.stages.user_write` - authentik Stages.User Write
+        > -   `authentik.tenants` - authentik Tenants
+        > -   `authentik.blueprints` - authentik Blueprints
+        > -   `authentik.core` - authentik Core
+        > -   `authentik.enterprise` - authentik Enterprise
+
+        Added enum values:
+
+        -   `authentik.rbac`
+        -   `authentik.stages.authenticator`
+
+    -   Changed property `model` (string)
+
+        > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+        > -   `authentik_events.event` - Event
+        > -   `authentik_events.notificationtransport` - Notification Transport
+        > -   `authentik_events.notification` - Notification
+        > -   `authentik_events.notificationrule` - Notification Rule
+        > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+        > -   `authentik_flows.flow` - Flow
+        > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+        > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+        > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+        > -   `authentik_outposts.outpost` - Outpost
+        > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+        > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+        > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+        > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+        > -   `authentik_policies_password.passwordpolicy` - Password Policy
+        > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+        > -   `authentik_policies_reputation.reputation` - Reputation Score
+        > -   `authentik_policies.policybinding` - Policy Binding
+        > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+        > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+        > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+        > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+        > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+        > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+        > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+        > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+        > -   `authentik_providers_saml.samlprovider` - SAML Provider
+        > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+        > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+        > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+        > -   `authentik_rbac.role` - Role
+        > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+        > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+        > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+        > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+        > -   `authentik_sources_plex.plexsource` - Plex Source
+        > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+        > -   `authentik_sources_saml.samlsource` - SAML Source
+        > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+        > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+        > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+        > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+        > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+        > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+        > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+        > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+        > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+        > -   `authentik_stages_consent.consentstage` - Consent Stage
+        > -   `authentik_stages_consent.userconsent` - User Consent
+        > -   `authentik_stages_deny.denystage` - Deny Stage
+        > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+        > -   `authentik_stages_email.emailstage` - Email Stage
+        > -   `authentik_stages_identification.identificationstage` - Identification Stage
+        > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+        > -   `authentik_stages_invitation.invitation` - Invitation
+        > -   `authentik_stages_password.passwordstage` - Password Stage
+        > -   `authentik_stages_prompt.prompt` - Prompt
+        > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+        > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+        > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+        > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+        > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+        > -   `authentik_tenants.tenant` - Tenant
+        > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+        > -   `authentik_core.group` - Group
+        > -   `authentik_core.user` - User
+        > -   `authentik_core.application` - Application
+        > -   `authentik_core.token` - Token
+        > -   `authentik_enterprise.license` - License
+
+        Added enum values:
+
+        -   `authentik_rbac.role`
+        -   `authentik_stages_authenticator_static.staticdevice`
+        -   `authentik_stages_authenticator_totp.totpdevice`
+        -   `authentik_enterprise.license`
+
+##### `GET` /providers/radius/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `mfa_support` (boolean)
+        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `PUT` /providers/radius/{id}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `mfa_support` (boolean)
+    > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `mfa_support` (boolean)
+        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `PATCH` /providers/radius/{id}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `mfa_support` (boolean)
+    > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `mfa_support` (boolean)
+        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `GET` /sources/oauth/source_types/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    Changed items (object): > Serializer for SourceType
+
+    New required properties:
+
+    -   `oidc_jwks_url`
+    -   `oidc_well_known_url`
+
+    *   Added property `oidc_well_known_url` (string)
+
+    *   Added property `oidc_jwks_url` (string)
+
+##### `DELETE` /authenticators/admin/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `GET` /authenticators/admin/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `PUT` /authenticators/admin/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `PATCH` /authenticators/admin/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `DELETE` /authenticators/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `GET` /authenticators/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `PUT` /authenticators/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `PATCH` /authenticators/static/{id}/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `GET` /authenticators/static/{id}/used_by/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this Static Device.
+
+##### `GET` /authenticators/totp/{id}/used_by/
+
+###### Parameters:
+
+Changed: `id` in `path`
+
+> A unique integer value identifying this TOTP Device.
+
+##### `DELETE` /core/groups/{group_uuid}/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+##### `GET` /core/groups/{group_uuid}/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `roles_obj`
+
+    *   Added property `roles` (array)
+
+        Items (string):
+
+    *   Added property `roles_obj` (array)
+
+        Items (object): > Role serializer
+
+        -   Property `pk` (string)
+
+        -   Property `name` (string)
+
+##### `PUT` /core/groups/{group_uuid}/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `roles` (array)
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `roles_obj`
+
+    *   Added property `roles` (array)
+
+    *   Added property `roles_obj` (array)
+
+##### `PATCH` /core/groups/{group_uuid}/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `roles` (array)
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `roles_obj`
+
+    *   Added property `roles` (array)
+
+    *   Added property `roles_obj` (array)
+
+##### `GET` /core/groups/{group_uuid}/used_by/
+
+###### Parameters:
+
+Changed: `group_uuid` in `path`
+
+> A UUID string identifying this Group.
+
+##### `GET` /core/tokens/{identifier}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `PUT` /core/tokens/{identifier}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `PATCH` /core/tokens/{identifier}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `GET` /core/users/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `uuid`
+
+    *   Added property `uuid` (string)
+
+##### `PUT` /core/users/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `uuid`
+
+    *   Added property `uuid` (string)
+
+##### `PATCH` /core/users/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `uuid`
+
+    *   Added property `uuid` (string)
+
+##### `GET` /enterprise/license/{license_uuid}/used_by/
+
+###### Parameters:
+
+Changed: `license_uuid` in `path`
+
+> A UUID string identifying this License.
+
+##### `GET` /events/rules/{pbm_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+##### `PUT` /events/rules/{pbm_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+##### `PATCH` /events/rules/{pbm_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+##### `DELETE` /outposts/instances/{uuid}/
+
+###### Parameters:
+
+Changed: `uuid` in `path`
+
+> A UUID string identifying this Outpost.
+
+##### `GET` /outposts/instances/{uuid}/
+
+###### Parameters:
+
+Changed: `uuid` in `path`
+
+> A UUID string identifying this Outpost.
+
+##### `PUT` /outposts/instances/{uuid}/
+
+###### Parameters:
+
+Changed: `uuid` in `path`
+
+> A UUID string identifying this Outpost.
+
+##### `PATCH` /outposts/instances/{uuid}/
+
+###### Parameters:
+
+Changed: `uuid` in `path`
+
+> A UUID string identifying this Outpost.
+
+##### `GET` /outposts/instances/{uuid}/used_by/
+
+###### Parameters:
+
+Changed: `uuid` in `path`
+
+> A UUID string identifying this Outpost.
+
+##### `GET` /outposts/radius/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > RadiusProvider Serializer
+
+        -   Added property `mfa_support` (boolean)
+            > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `GET` /policies/bindings/{policy_binding_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `failure_result` (boolean)
+
+        > Result if the Policy execution fails.
+
+    -   Changed property `timeout` (integer)
+
+        > Timeout after which Policy execution is terminated.
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `PUT` /policies/bindings/{policy_binding_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `failure_result` (boolean)
+
+    > Result if the Policy execution fails.
+
+-   Changed property `timeout` (integer)
+    > Timeout after which Policy execution is terminated.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `failure_result` (boolean)
+
+        > Result if the Policy execution fails.
+
+    -   Changed property `timeout` (integer)
+
+        > Timeout after which Policy execution is terminated.
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `PATCH` /policies/bindings/{policy_binding_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `failure_result` (boolean)
+
+    > Result if the Policy execution fails.
+
+-   Changed property `timeout` (integer)
+    > Timeout after which Policy execution is terminated.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `failure_result` (boolean)
+
+        > Result if the Policy execution fails.
+
+    -   Changed property `timeout` (integer)
+
+        > Timeout after which Policy execution is terminated.
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `POST` /policies/event_matcher/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Changed property `app` (string)
+
+    > -   `authentik.admin` - authentik Admin
+    > -   `authentik.api` - authentik API
+    > -   `authentik.crypto` - authentik Crypto
+    > -   `authentik.events` - authentik Events
+    > -   `authentik.flows` - authentik Flows
+    > -   `authentik.outposts` - authentik Outpost
+    > -   `authentik.policies.dummy` - authentik Policies.Dummy
+    > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+    > -   `authentik.policies.expiry` - authentik Policies.Expiry
+    > -   `authentik.policies.expression` - authentik Policies.Expression
+    > -   `authentik.policies.password` - authentik Policies.Password
+    > -   `authentik.policies.reputation` - authentik Policies.Reputation
+    > -   `authentik.policies` - authentik Policies
+    > -   `authentik.providers.ldap` - authentik Providers.LDAP
+    > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+    > -   `authentik.providers.proxy` - authentik Providers.Proxy
+    > -   `authentik.providers.radius` - authentik Providers.Radius
+    > -   `authentik.providers.saml` - authentik Providers.SAML
+    > -   `authentik.providers.scim` - authentik Providers.SCIM
+    > -   `authentik.rbac` - authentik RBAC
+    > -   `authentik.recovery` - authentik Recovery
+    > -   `authentik.sources.ldap` - authentik Sources.LDAP
+    > -   `authentik.sources.oauth` - authentik Sources.OAuth
+    > -   `authentik.sources.plex` - authentik Sources.Plex
+    > -   `authentik.sources.saml` - authentik Sources.SAML
+    > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+    > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+    > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+    > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+    > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+    > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+    > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+    > -   `authentik.stages.captcha` - authentik Stages.Captcha
+    > -   `authentik.stages.consent` - authentik Stages.Consent
+    > -   `authentik.stages.deny` - authentik Stages.Deny
+    > -   `authentik.stages.dummy` - authentik Stages.Dummy
+    > -   `authentik.stages.email` - authentik Stages.Email
+    > -   `authentik.stages.identification` - authentik Stages.Identification
+    > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+    > -   `authentik.stages.password` - authentik Stages.Password
+    > -   `authentik.stages.prompt` - authentik Stages.Prompt
+    > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+    > -   `authentik.stages.user_login` - authentik Stages.User Login
+    > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+    > -   `authentik.stages.user_write` - authentik Stages.User Write
+    > -   `authentik.tenants` - authentik Tenants
+    > -   `authentik.blueprints` - authentik Blueprints
+    > -   `authentik.core` - authentik Core
+    > -   `authentik.enterprise` - authentik Enterprise
+
+    Added enum values:
+
+    -   `authentik.rbac`
+    -   `authentik.stages.authenticator`
+
+-   Changed property `model` (string)
+
+    > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+    > -   `authentik_events.event` - Event
+    > -   `authentik_events.notificationtransport` - Notification Transport
+    > -   `authentik_events.notification` - Notification
+    > -   `authentik_events.notificationrule` - Notification Rule
+    > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+    > -   `authentik_flows.flow` - Flow
+    > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+    > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+    > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+    > -   `authentik_outposts.outpost` - Outpost
+    > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+    > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+    > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+    > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+    > -   `authentik_policies_password.passwordpolicy` - Password Policy
+    > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+    > -   `authentik_policies_reputation.reputation` - Reputation Score
+    > -   `authentik_policies.policybinding` - Policy Binding
+    > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+    > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+    > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+    > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+    > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+    > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+    > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+    > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+    > -   `authentik_providers_saml.samlprovider` - SAML Provider
+    > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+    > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+    > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+    > -   `authentik_rbac.role` - Role
+    > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+    > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+    > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+    > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+    > -   `authentik_sources_plex.plexsource` - Plex Source
+    > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+    > -   `authentik_sources_saml.samlsource` - SAML Source
+    > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+    > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+    > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+    > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+    > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+    > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+    > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+    > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+    > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+    > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+    > -   `authentik_stages_consent.consentstage` - Consent Stage
+    > -   `authentik_stages_consent.userconsent` - User Consent
+    > -   `authentik_stages_deny.denystage` - Deny Stage
+    > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+    > -   `authentik_stages_email.emailstage` - Email Stage
+    > -   `authentik_stages_identification.identificationstage` - Identification Stage
+    > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+    > -   `authentik_stages_invitation.invitation` - Invitation
+    > -   `authentik_stages_password.passwordstage` - Password Stage
+    > -   `authentik_stages_prompt.prompt` - Prompt
+    > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+    > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+    > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+    > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+    > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+    > -   `authentik_tenants.tenant` - Tenant
+    > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+    > -   `authentik_core.group` - Group
+    > -   `authentik_core.user` - User
+    > -   `authentik_core.application` - Application
+    > -   `authentik_core.token` - Token
+    > -   `authentik_enterprise.license` - License
+
+    Added enum values:
+
+    -   `authentik_rbac.role`
+    -   `authentik_stages_authenticator_static.staticdevice`
+    -   `authentik_stages_authenticator_totp.totpdevice`
+    -   `authentik_enterprise.license`
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `app` (string)
+
+        > -   `authentik.admin` - authentik Admin
+        > -   `authentik.api` - authentik API
+        > -   `authentik.crypto` - authentik Crypto
+        > -   `authentik.events` - authentik Events
+        > -   `authentik.flows` - authentik Flows
+        > -   `authentik.outposts` - authentik Outpost
+        > -   `authentik.policies.dummy` - authentik Policies.Dummy
+        > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+        > -   `authentik.policies.expiry` - authentik Policies.Expiry
+        > -   `authentik.policies.expression` - authentik Policies.Expression
+        > -   `authentik.policies.password` - authentik Policies.Password
+        > -   `authentik.policies.reputation` - authentik Policies.Reputation
+        > -   `authentik.policies` - authentik Policies
+        > -   `authentik.providers.ldap` - authentik Providers.LDAP
+        > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+        > -   `authentik.providers.proxy` - authentik Providers.Proxy
+        > -   `authentik.providers.radius` - authentik Providers.Radius
+        > -   `authentik.providers.saml` - authentik Providers.SAML
+        > -   `authentik.providers.scim` - authentik Providers.SCIM
+        > -   `authentik.rbac` - authentik RBAC
+        > -   `authentik.recovery` - authentik Recovery
+        > -   `authentik.sources.ldap` - authentik Sources.LDAP
+        > -   `authentik.sources.oauth` - authentik Sources.OAuth
+        > -   `authentik.sources.plex` - authentik Sources.Plex
+        > -   `authentik.sources.saml` - authentik Sources.SAML
+        > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+        > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+        > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+        > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+        > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+        > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+        > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+        > -   `authentik.stages.captcha` - authentik Stages.Captcha
+        > -   `authentik.stages.consent` - authentik Stages.Consent
+        > -   `authentik.stages.deny` - authentik Stages.Deny
+        > -   `authentik.stages.dummy` - authentik Stages.Dummy
+        > -   `authentik.stages.email` - authentik Stages.Email
+        > -   `authentik.stages.identification` - authentik Stages.Identification
+        > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+        > -   `authentik.stages.password` - authentik Stages.Password
+        > -   `authentik.stages.prompt` - authentik Stages.Prompt
+        > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+        > -   `authentik.stages.user_login` - authentik Stages.User Login
+        > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+        > -   `authentik.stages.user_write` - authentik Stages.User Write
+        > -   `authentik.tenants` - authentik Tenants
+        > -   `authentik.blueprints` - authentik Blueprints
+        > -   `authentik.core` - authentik Core
+        > -   `authentik.enterprise` - authentik Enterprise
+
+        Added enum values:
+
+        -   `authentik.rbac`
+        -   `authentik.stages.authenticator`
+
+    -   Changed property `model` (string)
+
+        > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+        > -   `authentik_events.event` - Event
+        > -   `authentik_events.notificationtransport` - Notification Transport
+        > -   `authentik_events.notification` - Notification
+        > -   `authentik_events.notificationrule` - Notification Rule
+        > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+        > -   `authentik_flows.flow` - Flow
+        > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+        > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+        > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+        > -   `authentik_outposts.outpost` - Outpost
+        > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+        > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+        > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+        > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+        > -   `authentik_policies_password.passwordpolicy` - Password Policy
+        > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+        > -   `authentik_policies_reputation.reputation` - Reputation Score
+        > -   `authentik_policies.policybinding` - Policy Binding
+        > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+        > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+        > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+        > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+        > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+        > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+        > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+        > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+        > -   `authentik_providers_saml.samlprovider` - SAML Provider
+        > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+        > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+        > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+        > -   `authentik_rbac.role` - Role
+        > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+        > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+        > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+        > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+        > -   `authentik_sources_plex.plexsource` - Plex Source
+        > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+        > -   `authentik_sources_saml.samlsource` - SAML Source
+        > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+        > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+        > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+        > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+        > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+        > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+        > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+        > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+        > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+        > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+        > -   `authentik_stages_consent.consentstage` - Consent Stage
+        > -   `authentik_stages_consent.userconsent` - User Consent
+        > -   `authentik_stages_deny.denystage` - Deny Stage
+        > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+        > -   `authentik_stages_email.emailstage` - Email Stage
+        > -   `authentik_stages_identification.identificationstage` - Identification Stage
+        > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+        > -   `authentik_stages_invitation.invitation` - Invitation
+        > -   `authentik_stages_password.passwordstage` - Password Stage
+        > -   `authentik_stages_prompt.prompt` - Prompt
+        > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+        > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+        > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+        > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+        > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+        > -   `authentik_tenants.tenant` - Tenant
+        > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+        > -   `authentik_core.group` - Group
+        > -   `authentik_core.user` - User
+        > -   `authentik_core.application` - Application
+        > -   `authentik_core.token` - Token
+        > -   `authentik_enterprise.license` - License
+
+        Added enum values:
+
+        -   `authentik_rbac.role`
+        -   `authentik_stages_authenticator_static.staticdevice`
+        -   `authentik_stages_authenticator_totp.totpdevice`
+        -   `authentik_enterprise.license`
+
+##### `GET` /policies/event_matcher/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > Event Matcher Policy Serializer
+
+        -   Changed property `app` (string)
+
+            > -   `authentik.admin` - authentik Admin
+            > -   `authentik.api` - authentik API
+            > -   `authentik.crypto` - authentik Crypto
+            > -   `authentik.events` - authentik Events
+            > -   `authentik.flows` - authentik Flows
+            > -   `authentik.outposts` - authentik Outpost
+            > -   `authentik.policies.dummy` - authentik Policies.Dummy
+            > -   `authentik.policies.event_matcher` - authentik Policies.Event Matcher
+            > -   `authentik.policies.expiry` - authentik Policies.Expiry
+            > -   `authentik.policies.expression` - authentik Policies.Expression
+            > -   `authentik.policies.password` - authentik Policies.Password
+            > -   `authentik.policies.reputation` - authentik Policies.Reputation
+            > -   `authentik.policies` - authentik Policies
+            > -   `authentik.providers.ldap` - authentik Providers.LDAP
+            > -   `authentik.providers.oauth2` - authentik Providers.OAuth2
+            > -   `authentik.providers.proxy` - authentik Providers.Proxy
+            > -   `authentik.providers.radius` - authentik Providers.Radius
+            > -   `authentik.providers.saml` - authentik Providers.SAML
+            > -   `authentik.providers.scim` - authentik Providers.SCIM
+            > -   `authentik.rbac` - authentik RBAC
+            > -   `authentik.recovery` - authentik Recovery
+            > -   `authentik.sources.ldap` - authentik Sources.LDAP
+            > -   `authentik.sources.oauth` - authentik Sources.OAuth
+            > -   `authentik.sources.plex` - authentik Sources.Plex
+            > -   `authentik.sources.saml` - authentik Sources.SAML
+            > -   `authentik.stages.authenticator` - authentik Stages.Authenticator
+            > -   `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
+            > -   `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
+            > -   `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
+            > -   `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
+            > -   `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
+            > -   `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
+            > -   `authentik.stages.captcha` - authentik Stages.Captcha
+            > -   `authentik.stages.consent` - authentik Stages.Consent
+            > -   `authentik.stages.deny` - authentik Stages.Deny
+            > -   `authentik.stages.dummy` - authentik Stages.Dummy
+            > -   `authentik.stages.email` - authentik Stages.Email
+            > -   `authentik.stages.identification` - authentik Stages.Identification
+            > -   `authentik.stages.invitation` - authentik Stages.User Invitation
+            > -   `authentik.stages.password` - authentik Stages.Password
+            > -   `authentik.stages.prompt` - authentik Stages.Prompt
+            > -   `authentik.stages.user_delete` - authentik Stages.User Delete
+            > -   `authentik.stages.user_login` - authentik Stages.User Login
+            > -   `authentik.stages.user_logout` - authentik Stages.User Logout
+            > -   `authentik.stages.user_write` - authentik Stages.User Write
+            > -   `authentik.tenants` - authentik Tenants
+            > -   `authentik.blueprints` - authentik Blueprints
+            > -   `authentik.core` - authentik Core
+            > -   `authentik.enterprise` - authentik Enterprise
+
+            Added enum values:
+
+            -   `authentik.rbac`
+            -   `authentik.stages.authenticator`
+
+        -   Changed property `model` (string)
+
+            > -   `authentik_crypto.certificatekeypair` - Certificate-Key Pair
+            > -   `authentik_events.event` - Event
+            > -   `authentik_events.notificationtransport` - Notification Transport
+            > -   `authentik_events.notification` - Notification
+            > -   `authentik_events.notificationrule` - Notification Rule
+            > -   `authentik_events.notificationwebhookmapping` - Webhook Mapping
+            > -   `authentik_flows.flow` - Flow
+            > -   `authentik_flows.flowstagebinding` - Flow Stage Binding
+            > -   `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
+            > -   `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
+            > -   `authentik_outposts.outpost` - Outpost
+            > -   `authentik_policies_dummy.dummypolicy` - Dummy Policy
+            > -   `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
+            > -   `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
+            > -   `authentik_policies_expression.expressionpolicy` - Expression Policy
+            > -   `authentik_policies_password.passwordpolicy` - Password Policy
+            > -   `authentik_policies_reputation.reputationpolicy` - Reputation Policy
+            > -   `authentik_policies_reputation.reputation` - Reputation Score
+            > -   `authentik_policies.policybinding` - Policy Binding
+            > -   `authentik_providers_ldap.ldapprovider` - LDAP Provider
+            > -   `authentik_providers_oauth2.scopemapping` - Scope Mapping
+            > -   `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
+            > -   `authentik_providers_oauth2.authorizationcode` - Authorization Code
+            > -   `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
+            > -   `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
+            > -   `authentik_providers_proxy.proxyprovider` - Proxy Provider
+            > -   `authentik_providers_radius.radiusprovider` - Radius Provider
+            > -   `authentik_providers_saml.samlprovider` - SAML Provider
+            > -   `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
+            > -   `authentik_providers_scim.scimprovider` - SCIM Provider
+            > -   `authentik_providers_scim.scimmapping` - SCIM Mapping
+            > -   `authentik_rbac.role` - Role
+            > -   `authentik_sources_ldap.ldapsource` - LDAP Source
+            > -   `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
+            > -   `authentik_sources_oauth.oauthsource` - OAuth Source
+            > -   `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
+            > -   `authentik_sources_plex.plexsource` - Plex Source
+            > -   `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
+            > -   `authentik_sources_saml.samlsource` - SAML Source
+            > -   `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
+            > -   `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
+            > -   `authentik_stages_authenticator_duo.duodevice` - Duo Device
+            > -   `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
+            > -   `authentik_stages_authenticator_sms.smsdevice` - SMS Device
+            > -   `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
+            > -   `authentik_stages_authenticator_static.staticdevice` - Static Device
+            > -   `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
+            > -   `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
+            > -   `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
+            > -   `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
+            > -   `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
+            > -   `authentik_stages_captcha.captchastage` - Captcha Stage
+            > -   `authentik_stages_consent.consentstage` - Consent Stage
+            > -   `authentik_stages_consent.userconsent` - User Consent
+            > -   `authentik_stages_deny.denystage` - Deny Stage
+            > -   `authentik_stages_dummy.dummystage` - Dummy Stage
+            > -   `authentik_stages_email.emailstage` - Email Stage
+            > -   `authentik_stages_identification.identificationstage` - Identification Stage
+            > -   `authentik_stages_invitation.invitationstage` - Invitation Stage
+            > -   `authentik_stages_invitation.invitation` - Invitation
+            > -   `authentik_stages_password.passwordstage` - Password Stage
+            > -   `authentik_stages_prompt.prompt` - Prompt
+            > -   `authentik_stages_prompt.promptstage` - Prompt Stage
+            > -   `authentik_stages_user_delete.userdeletestage` - User Delete Stage
+            > -   `authentik_stages_user_login.userloginstage` - User Login Stage
+            > -   `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
+            > -   `authentik_stages_user_write.userwritestage` - User Write Stage
+            > -   `authentik_tenants.tenant` - Tenant
+            > -   `authentik_blueprints.blueprintinstance` - Blueprint Instance
+            > -   `authentik_core.group` - Group
+            > -   `authentik_core.user` - User
+            > -   `authentik_core.application` - Application
+            > -   `authentik_core.token` - Token
+            > -   `authentik_enterprise.license` - License
+
+            Added enum values:
+
+            -   `authentik_rbac.role`
+            -   `authentik_stages_authenticator_static.staticdevice`
+            -   `authentik_stages_authenticator_totp.totpdevice`
+            -   `authentik_enterprise.license`
+
+##### `POST` /providers/radius/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `mfa_support` (boolean)
+    > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Added property `mfa_support` (boolean)
+        > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `GET` /providers/radius/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > RadiusProvider Serializer
+
+        -   Added property `mfa_support` (boolean)
+            > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
+
+##### `GET` /providers/saml/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `default_relay_state` (string)
+        > Default relay_state value for IDP-initiated logins
+
+##### `PUT` /providers/saml/{id}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `default_relay_state` (string)
+    > Default relay_state value for IDP-initiated logins
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `default_relay_state` (string)
+        > Default relay_state value for IDP-initiated logins
+
+##### `PATCH` /providers/saml/{id}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `default_relay_state` (string)
+    > Default relay_state value for IDP-initiated logins
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `default_relay_state` (string)
+        > Default relay_state value for IDP-initiated logins
+
+##### `GET` /sources/oauth/{slug}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `type` (object)
+
+        > Serializer for SourceType
+
+        New required properties:
+
+        -   `oidc_jwks_url`
+        -   `oidc_well_known_url`
+
+        *   Added property `oidc_well_known_url` (string)
+
+        *   Added property `oidc_jwks_url` (string)
+
+##### `PUT` /sources/oauth/{slug}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `type` (object)
+
+        > Serializer for SourceType
+
+        New required properties:
+
+        -   `oidc_jwks_url`
+        -   `oidc_well_known_url`
+
+        *   Added property `oidc_well_known_url` (string)
+
+        *   Added property `oidc_jwks_url` (string)
+
+##### `PATCH` /sources/oauth/{slug}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `type` (object)
+
+        > Serializer for SourceType
+
+        New required properties:
+
+        -   `oidc_jwks_url`
+        -   `oidc_well_known_url`
+
+        *   Added property `oidc_well_known_url` (string)
+
+        *   Added property `oidc_jwks_url` (string)
+
+##### `POST` /core/groups/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `roles` (array)
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `roles_obj`
+
+    *   Added property `roles` (array)
+
+    *   Added property `roles_obj` (array)
+
+##### `GET` /core/groups/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+##### `POST` /core/tokens/
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `GET` /core/tokens/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > Token Serializer
+
+        -   Changed property `user_obj` (object)
+
+            > User Serializer
+
+            New required properties:
+
+            -   `uuid`
+
+            *   Added property `uuid` (string)
+
+##### `GET` /core/user_consent/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `POST` /core/users/
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    New required properties:
+
+    -   `uuid`
+
+    *   Added property `uuid` (string)
+
+##### `GET` /core/users/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `GET` /core/users/me/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user` (object)
+
+        > User Serializer for information a user can retrieve about themselves
+
+        New required properties:
+
+        -   `system_permissions`
+
+        *   Added property `system_permissions` (array)
+
+            > Get all system permissions assigned to the user
+
+            Items (string):
+
+##### `POST` /events/rules/
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+##### `GET` /events/rules/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > NotificationRule Serializer
+
+        -   Changed property `group_obj` (object)
+
+            > Group Serializer
+
+            New required properties:
+
+            -   `roles_obj`
+
+            *   Added property `roles` (array)
+
+            *   Added property `roles_obj` (array)
+
+##### `GET` /oauth2/access_tokens/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `GET` /oauth2/authorization_codes/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `GET` /oauth2/refresh_tokens/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `user` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `POST` /policies/bindings/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `failure_result` (boolean)
+
+    > Result if the Policy execution fails.
+
+-   Changed property `timeout` (integer)
+    > Timeout after which Policy execution is terminated.
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Added property `failure_result` (boolean)
+
+        > Result if the Policy execution fails.
+
+    -   Changed property `timeout` (integer)
+
+        > Timeout after which Policy execution is terminated.
+
+    -   Changed property `group_obj` (object)
+
+        > Group Serializer
+
+        New required properties:
+
+        -   `roles_obj`
+
+        *   Added property `roles` (array)
+
+        *   Added property `roles_obj` (array)
+
+    -   Changed property `user_obj` (object)
+
+        > User Serializer
+
+        New required properties:
+
+        -   `uuid`
+
+        *   Added property `uuid` (string)
+
+##### `GET` /policies/bindings/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > PolicyBinding Serializer
+
+        -   Added property `failure_result` (boolean)
+
+            > Result if the Policy execution fails.
+
+        -   Changed property `timeout` (integer)
+
+            > Timeout after which Policy execution is terminated.
+
+        -   Changed property `group_obj` (object)
+
+            > Group Serializer
+
+            New required properties:
+
+            -   `roles_obj`
+
+            *   Added property `roles` (array)
+
+            *   Added property `roles_obj` (array)
+
+        -   Changed property `user_obj` (object)
+
+            > User Serializer
+
+            New required properties:
+
+            -   `uuid`
+
+            *   Added property `uuid` (string)
+
+##### `POST` /providers/saml/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `default_relay_state` (string)
+    > Default relay_state value for IDP-initiated logins
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Added property `default_relay_state` (string)
+        > Default relay_state value for IDP-initiated logins
+
+##### `GET` /providers/saml/
+
+###### Parameters:
+
+Added: `default_relay_state` in `query`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > SAMLProvider Serializer
+
+        -   Added property `default_relay_state` (string)
+            > Default relay_state value for IDP-initiated logins
+
+##### `POST` /sources/oauth/
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `type` (object)
+
+        > Serializer for SourceType
+
+        New required properties:
+
+        -   `oidc_jwks_url`
+        -   `oidc_well_known_url`
+
+        *   Added property `oidc_well_known_url` (string)
+
+        *   Added property `oidc_jwks_url` (string)
+
+##### `GET` /sources/oauth/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > OAuth Source Serializer
+
+        -   Changed property `type` (object)
+
+            > Serializer for SourceType
+
+            New required properties:
+
+            -   `oidc_jwks_url`
+            -   `oidc_well_known_url`
+
+            *   Added property `oidc_well_known_url` (string)
+
+            *   Added property `oidc_jwks_url` (string)
+
+##### `GET` /stages/authenticator/sms/{stage_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `verify_only` (boolean)
+        > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+##### `PUT` /stages/authenticator/sms/{stage_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Changed property `verify_only` (boolean)
+    > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `verify_only` (boolean)
+        > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+##### `PATCH` /stages/authenticator/sms/{stage_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Changed property `verify_only` (boolean)
+    > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `verify_only` (boolean)
+        > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+##### `GET` /stages/deny/{stage_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `deny_message` (string)
+
+##### `PUT` /stages/deny/{stage_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `deny_message` (string)
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `deny_message` (string)
+
+##### `PATCH` /stages/deny/{stage_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `deny_message` (string)
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Added property `deny_message` (string)
+
+##### `GET` /core/user_consent/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > UserConsent Serializer
+
+        -   Changed property `user` (object)
+
+            > User Serializer
+
+            New required properties:
+
+            -   `uuid`
+
+            *   Added property `uuid` (string)
+
+##### `GET` /oauth2/access_tokens/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
+
+        -   Changed property `user` (object)
+
+            > User Serializer
+
+            New required properties:
+
+            -   `uuid`
+
+            *   Added property `uuid` (string)
+
+##### `GET` /oauth2/authorization_codes/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
+
+        -   Changed property `user` (object)
+
+            > User Serializer
+
+            New required properties:
+
+            -   `uuid`
+
+            *   Added property `uuid` (string)
+
+##### `GET` /oauth2/refresh_tokens/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > Serializer for BaseGrantModel and RefreshToken
+
+        -   Changed property `user` (object)
+
+            > User Serializer
+
+            New required properties:
+
+            -   `uuid`
+
+            *   Added property `uuid` (string)
+
+##### `POST` /stages/authenticator/sms/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Changed property `verify_only` (boolean)
+    > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `verify_only` (boolean)
+        > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+##### `GET` /stages/authenticator/sms/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > AuthenticatorSMSStage Serializer
+
+        -   Changed property `verify_only` (boolean)
+            > When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
+
+##### `POST` /stages/deny/
+
+###### Request:
+
+Changed content type : `application/json`
+
+-   Added property `deny_message` (string)
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+-   Changed content type : `application/json`
+
+    -   Added property `deny_message` (string)
+
+##### `GET` /stages/deny/
+
+###### Parameters:
+
+Added: `deny_message` in `query`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+-   Changed content type : `application/json`
+
+    -   Changed property `results` (array)
+
+        Changed items (object): > DenyStage Serializer
+
+        -   Added property `deny_message` (string)
diff --git a/website/sidebars.js b/website/sidebars.js
index ac76683fd..e03cd39d9 100644
--- a/website/sidebars.js
+++ b/website/sidebars.js
@@ -316,13 +316,14 @@ const docsSidebar = {
                 description: "Release notes for recent authentik versions",
             },
             items: [
+                "releases/2023/v2023.10",
                 "releases/2023/v2023.8",
                 "releases/2023/v2023.6",
-                "releases/2023/v2023.5",
                 {
                     type: "category",
                     label: "Previous versions",
                     items: [
+                        "releases/2023/v2023.5",
                         "releases/2023/v2023.4",
                         "releases/2023/v2023.3",
                         "releases/2023/v2023.2",