{ "$schema": "http://json-schema.org/draft-07/schema", "$id": "https://goauthentik.io/blueprints/schema.json", "type": "object", "title": "authentik Blueprint schema", "required": [ "version", "entries" ], "properties": { "version": { "$id": "#/properties/version", "type": "integer", "title": "Blueprint version", "default": 1 }, "metadata": { "$id": "#/properties/metadata", "type": "object", "required": [ "name" ], "properties": { "name": { "type": "string" }, "labels": { "type": "object", "additionalProperties": { "type": "string" } } } }, "context": { "$id": "#/properties/context", "type": "object", "additionalProperties": true }, "entries": { "type": "array", "items": { "oneOf": [ { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_crypto.certificatekeypair" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_crypto.certificatekeypair" }, "identifiers": { "$ref": "#/$defs/model_authentik_crypto.certificatekeypair" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_events.event" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_events.event" }, "identifiers": { "$ref": "#/$defs/model_authentik_events.event" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_events.notificationtransport" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_events.notificationtransport" }, "identifiers": { "$ref": "#/$defs/model_authentik_events.notificationtransport" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_events.notification" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_events.notification" }, "identifiers": { "$ref": "#/$defs/model_authentik_events.notification" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_events.notificationrule" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_events.notificationrule" }, "identifiers": { "$ref": "#/$defs/model_authentik_events.notificationrule" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_events.notificationwebhookmapping" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_events.notificationwebhookmapping" }, "identifiers": { "$ref": "#/$defs/model_authentik_events.notificationwebhookmapping" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_flows.flow" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_flows.flow" }, "identifiers": { "$ref": "#/$defs/model_authentik_flows.flow" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_flows.flowstagebinding" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_flows.flowstagebinding" }, "identifiers": { "$ref": "#/$defs/model_authentik_flows.flowstagebinding" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_outposts.dockerserviceconnection" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_outposts.dockerserviceconnection" }, "identifiers": { "$ref": "#/$defs/model_authentik_outposts.dockerserviceconnection" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_outposts.kubernetesserviceconnection" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_outposts.kubernetesserviceconnection" }, "identifiers": { "$ref": "#/$defs/model_authentik_outposts.kubernetesserviceconnection" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_outposts.outpost" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_outposts.outpost" }, "identifiers": { "$ref": "#/$defs/model_authentik_outposts.outpost" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_policies_dummy.dummypolicy" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_policies_dummy.dummypolicy" }, "identifiers": { "$ref": "#/$defs/model_authentik_policies_dummy.dummypolicy" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_policies_event_matcher.eventmatcherpolicy" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_policies_event_matcher.eventmatcherpolicy" }, "identifiers": { "$ref": "#/$defs/model_authentik_policies_event_matcher.eventmatcherpolicy" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_policies_expiry.passwordexpirypolicy" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_policies_expiry.passwordexpirypolicy" }, "identifiers": { "$ref": "#/$defs/model_authentik_policies_expiry.passwordexpirypolicy" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_policies_expression.expressionpolicy" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_policies_expression.expressionpolicy" }, "identifiers": { "$ref": "#/$defs/model_authentik_policies_expression.expressionpolicy" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_policies_password.passwordpolicy" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_policies_password.passwordpolicy" }, "identifiers": { "$ref": "#/$defs/model_authentik_policies_password.passwordpolicy" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_policies_reputation.reputationpolicy" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_policies_reputation.reputationpolicy" }, "identifiers": { "$ref": "#/$defs/model_authentik_policies_reputation.reputationpolicy" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_policies_reputation.reputation" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_policies_reputation.reputation" }, "identifiers": { "$ref": "#/$defs/model_authentik_policies_reputation.reputation" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_policies.policybinding" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_policies.policybinding" }, "identifiers": { "$ref": "#/$defs/model_authentik_policies.policybinding" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_providers_ldap.ldapprovider" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_providers_ldap.ldapprovider" }, "identifiers": { "$ref": "#/$defs/model_authentik_providers_ldap.ldapprovider" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_providers_oauth2.scopemapping" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_providers_oauth2.scopemapping" }, "identifiers": { "$ref": "#/$defs/model_authentik_providers_oauth2.scopemapping" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_providers_oauth2.oauth2provider" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_providers_oauth2.oauth2provider" }, "identifiers": { "$ref": "#/$defs/model_authentik_providers_oauth2.oauth2provider" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_providers_oauth2.authorizationcode" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_providers_oauth2.authorizationcode" }, "identifiers": { "$ref": "#/$defs/model_authentik_providers_oauth2.authorizationcode" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_providers_oauth2.accesstoken" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_providers_oauth2.accesstoken" }, "identifiers": { "$ref": "#/$defs/model_authentik_providers_oauth2.accesstoken" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_providers_oauth2.refreshtoken" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_providers_oauth2.refreshtoken" }, "identifiers": { "$ref": "#/$defs/model_authentik_providers_oauth2.refreshtoken" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_providers_proxy.proxyprovider" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_providers_proxy.proxyprovider" }, "identifiers": { "$ref": "#/$defs/model_authentik_providers_proxy.proxyprovider" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_providers_radius.radiusprovider" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_providers_radius.radiusprovider" }, "identifiers": { "$ref": "#/$defs/model_authentik_providers_radius.radiusprovider" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_providers_saml.samlprovider" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_providers_saml.samlprovider" }, "identifiers": { "$ref": "#/$defs/model_authentik_providers_saml.samlprovider" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_providers_saml.samlpropertymapping" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_providers_saml.samlpropertymapping" }, "identifiers": { "$ref": "#/$defs/model_authentik_providers_saml.samlpropertymapping" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_providers_scim.scimprovider" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_providers_scim.scimprovider" }, "identifiers": { "$ref": "#/$defs/model_authentik_providers_scim.scimprovider" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_providers_scim.scimmapping" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_providers_scim.scimmapping" }, "identifiers": { "$ref": "#/$defs/model_authentik_providers_scim.scimmapping" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_sources_ldap.ldapsource" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_sources_ldap.ldapsource" }, "identifiers": { "$ref": "#/$defs/model_authentik_sources_ldap.ldapsource" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_sources_ldap.ldappropertymapping" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_sources_ldap.ldappropertymapping" }, "identifiers": { "$ref": "#/$defs/model_authentik_sources_ldap.ldappropertymapping" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_sources_oauth.oauthsource" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_sources_oauth.oauthsource" }, "identifiers": { "$ref": "#/$defs/model_authentik_sources_oauth.oauthsource" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_sources_oauth.useroauthsourceconnection" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_sources_oauth.useroauthsourceconnection" }, "identifiers": { "$ref": "#/$defs/model_authentik_sources_oauth.useroauthsourceconnection" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_sources_plex.plexsource" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_sources_plex.plexsource" }, "identifiers": { "$ref": "#/$defs/model_authentik_sources_plex.plexsource" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_sources_plex.plexsourceconnection" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_sources_plex.plexsourceconnection" }, "identifiers": { "$ref": "#/$defs/model_authentik_sources_plex.plexsourceconnection" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_sources_saml.samlsource" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_sources_saml.samlsource" }, "identifiers": { "$ref": "#/$defs/model_authentik_sources_saml.samlsource" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_sources_saml.usersamlsourceconnection" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_sources_saml.usersamlsourceconnection" }, "identifiers": { "$ref": "#/$defs/model_authentik_sources_saml.usersamlsourceconnection" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_authenticator_duo.authenticatorduostage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_authenticator_duo.authenticatorduostage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_authenticator_duo.authenticatorduostage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_authenticator_duo.duodevice" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_authenticator_duo.duodevice" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_authenticator_duo.duodevice" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_authenticator_sms.authenticatorsmsstage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_authenticator_sms.authenticatorsmsstage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_authenticator_sms.authenticatorsmsstage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_authenticator_sms.smsdevice" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_authenticator_sms.smsdevice" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_authenticator_sms.smsdevice" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_authenticator_static.authenticatorstaticstage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_authenticator_static.authenticatorstaticstage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_authenticator_static.authenticatorstaticstage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_authenticator_totp.authenticatortotpstage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_authenticator_totp.authenticatortotpstage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_authenticator_totp.authenticatortotpstage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_authenticator_validate.authenticatorvalidatestage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_authenticator_validate.authenticatorvalidatestage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_authenticator_validate.authenticatorvalidatestage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_authenticator_webauthn.authenticatewebauthnstage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.authenticatewebauthnstage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.authenticatewebauthnstage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_authenticator_webauthn.webauthndevice" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.webauthndevice" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.webauthndevice" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_captcha.captchastage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_captcha.captchastage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_captcha.captchastage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_consent.consentstage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_consent.consentstage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_consent.consentstage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_consent.userconsent" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_consent.userconsent" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_consent.userconsent" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_deny.denystage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_deny.denystage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_deny.denystage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_dummy.dummystage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_dummy.dummystage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_dummy.dummystage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_email.emailstage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_email.emailstage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_email.emailstage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_identification.identificationstage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_identification.identificationstage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_identification.identificationstage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_invitation.invitationstage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_invitation.invitationstage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_invitation.invitationstage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_invitation.invitation" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_invitation.invitation" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_invitation.invitation" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_password.passwordstage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_password.passwordstage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_password.passwordstage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_prompt.prompt" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_prompt.prompt" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_prompt.prompt" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_prompt.promptstage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_prompt.promptstage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_prompt.promptstage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_user_delete.userdeletestage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_user_delete.userdeletestage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_user_delete.userdeletestage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_user_login.userloginstage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_user_login.userloginstage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_user_login.userloginstage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_user_logout.userlogoutstage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_user_logout.userlogoutstage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_user_logout.userlogoutstage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_stages_user_write.userwritestage" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_stages_user_write.userwritestage" }, "identifiers": { "$ref": "#/$defs/model_authentik_stages_user_write.userwritestage" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_tenants.tenant" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_tenants.tenant" }, "identifiers": { "$ref": "#/$defs/model_authentik_tenants.tenant" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_blueprints.blueprintinstance" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_blueprints.blueprintinstance" }, "identifiers": { "$ref": "#/$defs/model_authentik_blueprints.blueprintinstance" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_core.group" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_core.group" }, "identifiers": { "$ref": "#/$defs/model_authentik_core.group" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_core.user" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_core.user" }, "identifiers": { "$ref": "#/$defs/model_authentik_core.user" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_core.application" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_core.application" }, "identifiers": { "$ref": "#/$defs/model_authentik_core.application" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_core.token" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_core.token" }, "identifiers": { "$ref": "#/$defs/model_authentik_core.token" } } }, { "type": "object", "required": [ "model", "identifiers" ], "properties": { "model": { "const": "authentik_blueprints.metaapplyblueprint" }, "id": { "type": "string" }, "state": { "type": "string", "enum": [ "absent", "present", "created" ], "default": "present" }, "conditions": { "type": "array", "items": { "type": "boolean" } }, "attrs": { "$ref": "#/$defs/model_authentik_blueprints.metaapplyblueprint" }, "identifiers": { "$ref": "#/$defs/model_authentik_blueprints.metaapplyblueprint" } } } ] } } }, "$defs": { "model_authentik_crypto.certificatekeypair": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "certificate_data": { "type": "string", "minLength": 1, "title": "Certificate data", "description": "PEM-encoded Certificate data" }, "key_data": { "type": "string", "title": "Key data", "description": "Optional Private Key. If this is set, you can use this keypair for encryption." } }, "required": [] }, "model_authentik_events.event": { "type": "object", "properties": { "user": { "type": "object", "additionalProperties": true, "title": "User" }, "action": { "type": "string", "enum": [ "login", "login_failed", "logout", "user_write", "suspicious_request", "password_set", "secret_view", "secret_rotate", "invitation_used", "authorize_application", "source_linked", "impersonation_started", "impersonation_ended", "flow_execution", "policy_execution", "policy_exception", "property_mapping_exception", "system_task_execution", "system_task_exception", "system_exception", "configuration_error", "model_created", "model_updated", "model_deleted", "email_sent", "update_available", "custom_" ], "title": "Action" }, "app": { "type": "string", "minLength": 1, "title": "App" }, "context": { "type": "object", "additionalProperties": true, "title": "Context" }, "client_ip": { "type": [ "string", "null" ], "minLength": 1, "title": "Client ip" }, "expires": { "type": "string", "format": "date-time", "title": "Expires" }, "tenant": { "type": "object", "additionalProperties": true, "title": "Tenant" } }, "required": [] }, "model_authentik_events.notificationtransport": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "mode": { "type": "string", "enum": [ "local", "webhook", "webhook_slack", "email" ], "title": "Mode" }, "webhook_url": { "type": "string", "title": "Webhook url" }, "webhook_mapping": { "type": "integer", "title": "Webhook mapping" }, "send_once": { "type": "boolean", "title": "Send once", "description": "Only send notification once, for example when sending a webhook into a chat channel." } }, "required": [] }, "model_authentik_events.notification": { "type": "object", "properties": { "event": { "type": "object", "properties": { "user": { "type": "object", "additionalProperties": true, "title": "User" }, "action": { "type": "string", "enum": [ "login", "login_failed", "logout", "user_write", "suspicious_request", "password_set", "secret_view", "secret_rotate", "invitation_used", "authorize_application", "source_linked", "impersonation_started", "impersonation_ended", "flow_execution", "policy_execution", "policy_exception", "property_mapping_exception", "system_task_execution", "system_task_exception", "system_exception", "configuration_error", "model_created", "model_updated", "model_deleted", "email_sent", "update_available", "custom_" ], "title": "Action" }, "app": { "type": "string", "minLength": 1, "title": "App" }, "context": { "type": "object", "additionalProperties": true, "title": "Context" }, "client_ip": { "type": [ "string", "null" ], "minLength": 1, "title": "Client ip" }, "expires": { "type": "string", "format": "date-time", "title": "Expires" }, "tenant": { "type": "object", "additionalProperties": true, "title": "Tenant" } }, "required": [ "action", "app" ], "title": "Event" }, "seen": { "type": "boolean", "title": "Seen" } }, "required": [] }, "model_authentik_events.notificationrule": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "transports": { "type": "array", "items": { "type": "integer", "description": "Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI." }, "title": "Transports", "description": "Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI." }, "severity": { "type": "string", "enum": [ "notice", "warning", "alert" ], "title": "Severity", "description": "Controls which severity level the created notifications will have." }, "group": { "type": "integer", "title": "Group", "description": "Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent." } }, "required": [] }, "model_authentik_events.notificationwebhookmapping": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "expression": { "type": "string", "minLength": 1, "title": "Expression" } }, "required": [] }, "model_authentik_flows.flow": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "background": { "type": "string", "minLength": 1, "title": "Background" }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." }, "authentication": { "type": "string", "enum": [ "none", "require_authenticated", "require_unauthenticated", "require_superuser" ], "title": "Authentication", "description": "Required level of authentication and authorization to access a flow." } }, "required": [] }, "model_authentik_flows.flowstagebinding": { "type": "object", "properties": { "target": { "type": "integer", "title": "Target" }, "stage": { "type": "integer", "title": "Stage" }, "evaluate_on_plan": { "type": "boolean", "title": "Evaluate on plan", "description": "Evaluate policies during the Flow planning process." }, "re_evaluate_policies": { "type": "boolean", "title": "Re evaluate policies", "description": "Evaluate policies when the Stage is present to the user." }, "order": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Order" }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "invalid_response_action": { "type": "string", "enum": [ "retry", "restart", "restart_with_context" ], "title": "Invalid response action", "description": "Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context." } }, "required": [] }, "model_authentik_outposts.dockerserviceconnection": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "local": { "type": "boolean", "title": "Local", "description": "If enabled, use the local connection. Required Docker socket/Kubernetes Integration" }, "url": { "type": "string", "minLength": 1, "title": "Url", "description": "Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system." }, "tls_verification": { "type": "integer", "title": "Tls verification", "description": "CA which the endpoint's Certificate is verified against. Can be left empty for no validation." }, "tls_authentication": { "type": "integer", "title": "Tls authentication", "description": "Certificate/Key used for authentication. Can be left empty for no authentication." } }, "required": [] }, "model_authentik_outposts.kubernetesserviceconnection": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "local": { "type": "boolean", "title": "Local", "description": "If enabled, use the local connection. Required Docker socket/Kubernetes Integration" }, "kubeconfig": { "type": "object", "additionalProperties": true, "title": "Kubeconfig", "description": "Paste your kubeconfig here. authentik will automatically use the currently selected context." }, "verify_ssl": { "type": "boolean", "title": "Verify ssl", "description": "Verify SSL Certificates of the Kubernetes API endpoint" } }, "required": [] }, "model_authentik_outposts.outpost": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "type": { "type": "string", "enum": [ "proxy", "ldap", "radius" ], "title": "Type" }, "providers": { "type": "array", "items": { "type": "integer" }, "title": "Providers" }, "service_connection": { "type": "integer", "title": "Service connection", "description": "Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment." }, "config": { "type": "object", "additionalProperties": true, "title": "Config" }, "managed": { "type": [ "string", "null" ], "minLength": 1, "title": "Managed by authentik", "description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." } }, "required": [] }, "model_authentik_policies_dummy.dummypolicy": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "execution_logging": { "type": "boolean", "title": "Execution logging", "description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." }, "result": { "type": "boolean", "title": "Result" }, "wait_min": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Wait min" }, "wait_max": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Wait max" } }, "required": [] }, "model_authentik_policies_event_matcher.eventmatcherpolicy": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "execution_logging": { "type": "boolean", "title": "Execution logging", "description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." }, "action": { "type": "string", "enum": [ "", "login", "login_failed", "logout", "user_write", "suspicious_request", "password_set", "secret_view", "secret_rotate", "invitation_used", "authorize_application", "source_linked", "impersonation_started", "impersonation_ended", "flow_execution", "policy_execution", "policy_exception", "property_mapping_exception", "system_task_execution", "system_task_exception", "system_exception", "configuration_error", "model_created", "model_updated", "model_deleted", "email_sent", "update_available", "custom_" ], "title": "Action", "description": "Match created events with this action type. When left empty, all action types will be matched." }, "client_ip": { "type": "string", "title": "Client ip", "description": "Matches Event's Client IP (strict matching, for network matching use an Expression Policy)" }, "app": { "type": "string", "enum": [ "", "authentik.admin", "authentik.api", "authentik.crypto", "authentik.events", "authentik.flows", "authentik.lib", "authentik.outposts", "authentik.policies.dummy", "authentik.policies.event_matcher", "authentik.policies.expiry", "authentik.policies.expression", "authentik.policies.password", "authentik.policies.reputation", "authentik.policies", "authentik.providers.ldap", "authentik.providers.oauth2", "authentik.providers.proxy", "authentik.providers.radius", "authentik.providers.saml", "authentik.providers.scim", "authentik.recovery", "authentik.sources.ldap", "authentik.sources.oauth", "authentik.sources.plex", "authentik.sources.saml", "authentik.stages.authenticator_duo", "authentik.stages.authenticator_sms", "authentik.stages.authenticator_static", "authentik.stages.authenticator_totp", "authentik.stages.authenticator_validate", "authentik.stages.authenticator_webauthn", "authentik.stages.captcha", "authentik.stages.consent", "authentik.stages.deny", "authentik.stages.dummy", "authentik.stages.email", "authentik.stages.identification", "authentik.stages.invitation", "authentik.stages.password", "authentik.stages.prompt", "authentik.stages.user_delete", "authentik.stages.user_login", "authentik.stages.user_logout", "authentik.stages.user_write", "authentik.tenants", "authentik.blueprints", "authentik.core", "authentik.enterprise" ], "title": "App", "description": "Match events created by selected application. When left empty, all applications are matched." } }, "required": [] }, "model_authentik_policies_expiry.passwordexpirypolicy": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "execution_logging": { "type": "boolean", "title": "Execution logging", "description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." }, "days": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Days" }, "deny_only": { "type": "boolean", "title": "Deny only" } }, "required": [] }, "model_authentik_policies_expression.expressionpolicy": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "execution_logging": { "type": "boolean", "title": "Execution logging", "description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." }, "expression": { "type": "string", "minLength": 1, "title": "Expression" } }, "required": [] }, "model_authentik_policies_password.passwordpolicy": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "execution_logging": { "type": "boolean", "title": "Execution logging", "description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." }, "password_field": { "type": "string", "minLength": 1, "title": "Password field", "description": "Field key to check, field keys defined in Prompt stages are available." }, "amount_digits": { "type": "integer", "minimum": 0, "maximum": 2147483647, "title": "Amount digits" }, "amount_uppercase": { "type": "integer", "minimum": 0, "maximum": 2147483647, "title": "Amount uppercase" }, "amount_lowercase": { "type": "integer", "minimum": 0, "maximum": 2147483647, "title": "Amount lowercase" }, "amount_symbols": { "type": "integer", "minimum": 0, "maximum": 2147483647, "title": "Amount symbols" }, "length_min": { "type": "integer", "minimum": 0, "maximum": 2147483647, "title": "Length min" }, "symbol_charset": { "type": "string", "minLength": 1, "title": "Symbol charset" }, "error_message": { "type": "string", "title": "Error message" }, "check_static_rules": { "type": "boolean", "title": "Check static rules" }, "check_have_i_been_pwned": { "type": "boolean", "title": "Check have i been pwned" }, "check_zxcvbn": { "type": "boolean", "title": "Check zxcvbn" }, "hibp_allowed_count": { "type": "integer", "minimum": 0, "maximum": 2147483647, "title": "Hibp allowed count", "description": "How many times the password hash is allowed to be on haveibeenpwned" }, "zxcvbn_score_threshold": { "type": "integer", "minimum": 0, "maximum": 2147483647, "title": "Zxcvbn score threshold", "description": "If the zxcvbn score is equal or less than this value, the policy will fail." } }, "required": [] }, "model_authentik_policies_reputation.reputationpolicy": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "execution_logging": { "type": "boolean", "title": "Execution logging", "description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." }, "check_ip": { "type": "boolean", "title": "Check ip" }, "check_username": { "type": "boolean", "title": "Check username" }, "threshold": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Threshold" } }, "required": [] }, "model_authentik_policies_reputation.reputation": { "type": "object", "properties": { "pk": { "type": "string", "format": "uuid", "title": "Reputation uuid" }, "identifier": { "type": "string", "minLength": 1, "title": "Identifier" }, "ip": { "type": "string", "minLength": 1, "title": "Ip" }, "ip_geo_data": { "type": "object", "additionalProperties": true, "title": "Ip geo data" }, "score": { "type": "integer", "minimum": -9223372036854775808, "maximum": 9223372036854775807, "title": "Score" } }, "required": [] }, "model_authentik_policies.policybinding": { "type": "object", "properties": { "policy": { "type": "integer", "title": "Policy" }, "group": { "type": "integer", "title": "Group" }, "user": { "type": "integer", "title": "User" }, "target": { "type": "integer", "title": "Target" }, "negate": { "type": "boolean", "title": "Negate", "description": "Negates the outcome of the policy. Messages are unaffected." }, "enabled": { "type": "boolean", "title": "Enabled" }, "order": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Order" }, "timeout": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Timeout", "description": "Timeout after which Policy execution is terminated." } }, "required": [] }, "model_authentik_providers_ldap.ldapprovider": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "authentication_flow": { "type": "integer", "title": "Authentication flow", "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." }, "authorization_flow": { "type": "integer", "title": "Authorization flow", "description": "Flow used when authorizing this provider." }, "property_mappings": { "type": "array", "items": { "type": "integer" }, "title": "Property mappings" }, "base_dn": { "type": "string", "minLength": 1, "title": "Base dn", "description": "DN under which objects are accessible." }, "search_group": { "type": "integer", "title": "Search group", "description": "Users in this group can do search queries. If not set, every user can execute search queries." }, "certificate": { "type": "integer", "title": "Certificate" }, "tls_server_name": { "type": "string", "title": "Tls server name" }, "uid_start_number": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Uid start number", "description": "The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber" }, "gid_start_number": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Gid start number", "description": "The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber" }, "search_mode": { "type": "string", "enum": [ "direct", "cached" ], "title": "Search mode" }, "bind_mode": { "type": "string", "enum": [ "direct", "cached" ], "title": "Bind mode" } }, "required": [] }, "model_authentik_providers_oauth2.scopemapping": { "type": "object", "properties": { "managed": { "type": [ "string", "null" ], "minLength": 1, "title": "Managed by authentik", "description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." }, "name": { "type": "string", "minLength": 1, "title": "Name" }, "expression": { "type": "string", "minLength": 1, "title": "Expression" }, "scope_name": { "type": "string", "minLength": 1, "title": "Scope name", "description": "Scope name requested by the client" }, "description": { "type": "string", "title": "Description", "description": "Description shown to the user when consenting. If left empty, the user won't be informed." } }, "required": [] }, "model_authentik_providers_oauth2.oauth2provider": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "authentication_flow": { "type": "integer", "title": "Authentication flow", "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." }, "authorization_flow": { "type": "integer", "title": "Authorization flow", "description": "Flow used when authorizing this provider." }, "property_mappings": { "type": "array", "items": { "type": "integer" }, "title": "Property mappings" }, "client_type": { "type": "string", "enum": [ "confidential", "public" ], "title": "Client Type", "description": "Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable" }, "client_id": { "type": "string", "maxLength": 255, "minLength": 1, "title": "Client ID" }, "client_secret": { "type": "string", "maxLength": 255, "title": "Client Secret" }, "access_code_validity": { "type": "string", "minLength": 1, "title": "Access code validity", "description": "Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "access_token_validity": { "type": "string", "minLength": 1, "title": "Access token validity", "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "refresh_token_validity": { "type": "string", "minLength": 1, "title": "Refresh token validity", "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "include_claims_in_id_token": { "type": "boolean", "title": "Include claims in id_token", "description": "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint." }, "signing_key": { "type": "integer", "title": "Signing Key", "description": "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256." }, "redirect_uris": { "type": "string", "title": "Redirect URIs", "description": "Enter each URI on a new line." }, "sub_mode": { "type": "string", "enum": [ "hashed_user_id", "user_id", "user_uuid", "user_username", "user_email", "user_upn" ], "title": "Sub mode", "description": "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." }, "issuer_mode": { "type": "string", "enum": [ "global", "per_provider" ], "title": "Issuer mode", "description": "Configure how the issuer field of the ID Token should be filled." }, "jwks_sources": { "type": "array", "items": { "type": "integer", "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." }, "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." } }, "required": [] }, "model_authentik_providers_oauth2.authorizationcode": { "type": "object", "properties": { "provider": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "authentication_flow": { "type": "integer", "title": "Authentication flow", "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." }, "authorization_flow": { "type": "integer", "title": "Authorization flow", "description": "Flow used when authorizing this provider." }, "property_mappings": { "type": "array", "items": { "type": "integer" }, "title": "Property mappings" }, "client_type": { "type": "string", "enum": [ "confidential", "public" ], "title": "Client Type", "description": "Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable" }, "client_id": { "type": "string", "maxLength": 255, "minLength": 1, "title": "Client ID" }, "client_secret": { "type": "string", "maxLength": 255, "title": "Client Secret" }, "access_code_validity": { "type": "string", "minLength": 1, "title": "Access code validity", "description": "Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "access_token_validity": { "type": "string", "minLength": 1, "title": "Access token validity", "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "refresh_token_validity": { "type": "string", "minLength": 1, "title": "Refresh token validity", "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "include_claims_in_id_token": { "type": "boolean", "title": "Include claims in id_token", "description": "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint." }, "signing_key": { "type": "integer", "title": "Signing Key", "description": "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256." }, "redirect_uris": { "type": "string", "title": "Redirect URIs", "description": "Enter each URI on a new line." }, "sub_mode": { "type": "string", "enum": [ "hashed_user_id", "user_id", "user_uuid", "user_username", "user_email", "user_upn" ], "title": "Sub mode", "description": "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." }, "issuer_mode": { "type": "string", "enum": [ "global", "per_provider" ], "title": "Issuer mode", "description": "Configure how the issuer field of the ID Token should be filled." }, "jwks_sources": { "type": "array", "items": { "type": "integer", "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." }, "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." } }, "required": [ "name", "authorization_flow" ], "title": "Provider" }, "user": { "type": "object", "properties": { "username": { "type": "string", "maxLength": 150, "minLength": 1, "title": "Username" }, "name": { "type": "string", "title": "Name", "description": "User's display name." }, "is_active": { "type": "boolean", "title": "Active", "description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts." }, "last_login": { "type": [ "string", "null" ], "format": "date-time", "title": "Last login" }, "groups": { "type": "array", "items": { "type": "integer" }, "title": "Groups" }, "email": { "type": "string", "format": "email", "maxLength": 254, "title": "Email address" }, "attributes": { "type": "object", "additionalProperties": true, "title": "Attributes" }, "path": { "type": "string", "minLength": 1, "title": "Path" } }, "required": [ "username", "name", "groups" ], "title": "User" }, "expires": { "type": "string", "format": "date-time", "title": "Expires" }, "scope": { "type": "array", "items": { "type": "string", "minLength": 1 }, "title": "Scope" } }, "required": [] }, "model_authentik_providers_oauth2.accesstoken": { "type": "object", "properties": { "provider": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "authentication_flow": { "type": "integer", "title": "Authentication flow", "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." }, "authorization_flow": { "type": "integer", "title": "Authorization flow", "description": "Flow used when authorizing this provider." }, "property_mappings": { "type": "array", "items": { "type": "integer" }, "title": "Property mappings" }, "client_type": { "type": "string", "enum": [ "confidential", "public" ], "title": "Client Type", "description": "Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable" }, "client_id": { "type": "string", "maxLength": 255, "minLength": 1, "title": "Client ID" }, "client_secret": { "type": "string", "maxLength": 255, "title": "Client Secret" }, "access_code_validity": { "type": "string", "minLength": 1, "title": "Access code validity", "description": "Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "access_token_validity": { "type": "string", "minLength": 1, "title": "Access token validity", "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "refresh_token_validity": { "type": "string", "minLength": 1, "title": "Refresh token validity", "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "include_claims_in_id_token": { "type": "boolean", "title": "Include claims in id_token", "description": "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint." }, "signing_key": { "type": "integer", "title": "Signing Key", "description": "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256." }, "redirect_uris": { "type": "string", "title": "Redirect URIs", "description": "Enter each URI on a new line." }, "sub_mode": { "type": "string", "enum": [ "hashed_user_id", "user_id", "user_uuid", "user_username", "user_email", "user_upn" ], "title": "Sub mode", "description": "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." }, "issuer_mode": { "type": "string", "enum": [ "global", "per_provider" ], "title": "Issuer mode", "description": "Configure how the issuer field of the ID Token should be filled." }, "jwks_sources": { "type": "array", "items": { "type": "integer", "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." }, "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." } }, "required": [ "name", "authorization_flow" ], "title": "Provider" }, "user": { "type": "object", "properties": { "username": { "type": "string", "maxLength": 150, "minLength": 1, "title": "Username" }, "name": { "type": "string", "title": "Name", "description": "User's display name." }, "is_active": { "type": "boolean", "title": "Active", "description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts." }, "last_login": { "type": [ "string", "null" ], "format": "date-time", "title": "Last login" }, "groups": { "type": "array", "items": { "type": "integer" }, "title": "Groups" }, "email": { "type": "string", "format": "email", "maxLength": 254, "title": "Email address" }, "attributes": { "type": "object", "additionalProperties": true, "title": "Attributes" }, "path": { "type": "string", "minLength": 1, "title": "Path" } }, "required": [ "username", "name", "groups" ], "title": "User" }, "expires": { "type": "string", "format": "date-time", "title": "Expires" }, "scope": { "type": "array", "items": { "type": "string", "minLength": 1 }, "title": "Scope" }, "revoked": { "type": "boolean", "title": "Revoked" } }, "required": [] }, "model_authentik_providers_oauth2.refreshtoken": { "type": "object", "properties": { "provider": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "authentication_flow": { "type": "integer", "title": "Authentication flow", "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." }, "authorization_flow": { "type": "integer", "title": "Authorization flow", "description": "Flow used when authorizing this provider." }, "property_mappings": { "type": "array", "items": { "type": "integer" }, "title": "Property mappings" }, "client_type": { "type": "string", "enum": [ "confidential", "public" ], "title": "Client Type", "description": "Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable" }, "client_id": { "type": "string", "maxLength": 255, "minLength": 1, "title": "Client ID" }, "client_secret": { "type": "string", "maxLength": 255, "title": "Client Secret" }, "access_code_validity": { "type": "string", "minLength": 1, "title": "Access code validity", "description": "Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "access_token_validity": { "type": "string", "minLength": 1, "title": "Access token validity", "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "refresh_token_validity": { "type": "string", "minLength": 1, "title": "Refresh token validity", "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "include_claims_in_id_token": { "type": "boolean", "title": "Include claims in id_token", "description": "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint." }, "signing_key": { "type": "integer", "title": "Signing Key", "description": "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256." }, "redirect_uris": { "type": "string", "title": "Redirect URIs", "description": "Enter each URI on a new line." }, "sub_mode": { "type": "string", "enum": [ "hashed_user_id", "user_id", "user_uuid", "user_username", "user_email", "user_upn" ], "title": "Sub mode", "description": "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." }, "issuer_mode": { "type": "string", "enum": [ "global", "per_provider" ], "title": "Issuer mode", "description": "Configure how the issuer field of the ID Token should be filled." }, "jwks_sources": { "type": "array", "items": { "type": "integer", "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." }, "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." } }, "required": [ "name", "authorization_flow" ], "title": "Provider" }, "user": { "type": "object", "properties": { "username": { "type": "string", "maxLength": 150, "minLength": 1, "title": "Username" }, "name": { "type": "string", "title": "Name", "description": "User's display name." }, "is_active": { "type": "boolean", "title": "Active", "description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts." }, "last_login": { "type": [ "string", "null" ], "format": "date-time", "title": "Last login" }, "groups": { "type": "array", "items": { "type": "integer" }, "title": "Groups" }, "email": { "type": "string", "format": "email", "maxLength": 254, "title": "Email address" }, "attributes": { "type": "object", "additionalProperties": true, "title": "Attributes" }, "path": { "type": "string", "minLength": 1, "title": "Path" } }, "required": [ "username", "name", "groups" ], "title": "User" }, "expires": { "type": "string", "format": "date-time", "title": "Expires" }, "scope": { "type": "array", "items": { "type": "string", "minLength": 1 }, "title": "Scope" }, "revoked": { "type": "boolean", "title": "Revoked" } }, "required": [] }, "model_authentik_providers_proxy.proxyprovider": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "authentication_flow": { "type": "integer", "title": "Authentication flow", "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." }, "authorization_flow": { "type": "integer", "title": "Authorization flow", "description": "Flow used when authorizing this provider." }, "property_mappings": { "type": "array", "items": { "type": "integer" }, "title": "Property mappings" }, "internal_host": { "type": "string", "title": "Internal host" }, "external_host": { "type": "string", "minLength": 1, "title": "External host" }, "internal_host_ssl_validation": { "type": "boolean", "title": "Internal host SSL Validation", "description": "Validate SSL Certificates of upstream servers" }, "certificate": { "type": "integer", "title": "Certificate" }, "skip_path_regex": { "type": "string", "title": "Skip path regex", "description": "Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression." }, "basic_auth_enabled": { "type": "boolean", "title": "Set HTTP-Basic Authentication", "description": "Set a custom HTTP-Basic Authentication header based on values from authentik." }, "basic_auth_password_attribute": { "type": "string", "title": "HTTP-Basic Password Key", "description": "User/Group Attribute used for the password part of the HTTP-Basic Header." }, "basic_auth_user_attribute": { "type": "string", "title": "HTTP-Basic Username Key", "description": "User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used." }, "mode": { "type": "string", "enum": [ "proxy", "forward_single", "forward_domain" ], "title": "Mode", "description": "Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host." }, "intercept_header_auth": { "type": "boolean", "title": "Intercept header auth", "description": "When enabled, this provider will intercept the authorization header and authenticate requests based on its value." }, "cookie_domain": { "type": "string", "title": "Cookie domain" }, "jwks_sources": { "type": "array", "items": { "type": "integer", "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." }, "title": "Any JWT signed by the JWK of the selected source can be used to authenticate." }, "access_token_validity": { "type": "string", "minLength": 1, "title": "Access token validity", "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "refresh_token_validity": { "type": "string", "minLength": 1, "title": "Refresh token validity", "description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." } }, "required": [] }, "model_authentik_providers_radius.radiusprovider": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "authentication_flow": { "type": "integer", "title": "Authentication flow", "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." }, "authorization_flow": { "type": "integer", "title": "Authorization flow", "description": "Flow used when authorizing this provider." }, "property_mappings": { "type": "array", "items": { "type": "integer" }, "title": "Property mappings" }, "client_networks": { "type": "string", "minLength": 1, "title": "Client networks", "description": "List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped." }, "shared_secret": { "type": "string", "minLength": 1, "title": "Shared secret", "description": "Shared secret between clients and server to hash packets." } }, "required": [] }, "model_authentik_providers_saml.samlprovider": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "authentication_flow": { "type": "integer", "title": "Authentication flow", "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." }, "authorization_flow": { "type": "integer", "title": "Authorization flow", "description": "Flow used when authorizing this provider." }, "property_mappings": { "type": "array", "items": { "type": "integer" }, "title": "Property mappings" }, "acs_url": { "type": "string", "format": "uri", "maxLength": 200, "minLength": 1, "title": "ACS URL" }, "audience": { "type": "string", "title": "Audience", "description": "Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added." }, "issuer": { "type": "string", "minLength": 1, "title": "Issuer", "description": "Also known as EntityID" }, "assertion_valid_not_before": { "type": "string", "minLength": 1, "title": "Assertion valid not before", "description": "Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3)." }, "assertion_valid_not_on_or_after": { "type": "string", "minLength": 1, "title": "Assertion valid not on or after", "description": "Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "session_valid_not_on_or_after": { "type": "string", "minLength": 1, "title": "Session valid not on or after", "description": "Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)." }, "name_id_mapping": { "type": "integer", "title": "NameID Property Mapping", "description": "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered" }, "digest_algorithm": { "type": "string", "enum": [ "http://www.w3.org/2000/09/xmldsig#sha1", "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#sha384", "http://www.w3.org/2001/04/xmlenc#sha512" ], "title": "Digest algorithm" }, "signature_algorithm": { "type": "string", "enum": [ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", "http://www.w3.org/2000/09/xmldsig#dsa-sha1" ], "title": "Signature algorithm" }, "signing_kp": { "type": "integer", "title": "Signing Keypair", "description": "Keypair used to sign outgoing Responses going to the Service Provider." }, "verification_kp": { "type": "integer", "title": "Verification Certificate", "description": "When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default." }, "sp_binding": { "type": "string", "enum": [ "redirect", "post" ], "title": "Service Provider Binding", "description": "This determines how authentik sends the response back to the Service Provider." } }, "required": [] }, "model_authentik_providers_saml.samlpropertymapping": { "type": "object", "properties": { "managed": { "type": [ "string", "null" ], "minLength": 1, "title": "Managed by authentik", "description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." }, "name": { "type": "string", "minLength": 1, "title": "Name" }, "expression": { "type": "string", "minLength": 1, "title": "Expression" }, "saml_name": { "type": "string", "minLength": 1, "title": "SAML Name" }, "friendly_name": { "type": [ "string", "null" ], "title": "Friendly name" } }, "required": [] }, "model_authentik_providers_scim.scimprovider": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "property_mappings": { "type": "array", "items": { "type": "integer" }, "title": "Property mappings" }, "property_mappings_group": { "type": "array", "items": { "type": "integer", "description": "Property mappings used for group creation/updating." }, "title": "Property mappings group", "description": "Property mappings used for group creation/updating." }, "url": { "type": "string", "minLength": 1, "title": "Url", "description": "Base URL to SCIM requests, usually ends in /v2" }, "token": { "type": "string", "minLength": 1, "title": "Token", "description": "Authentication token" }, "exclude_users_service_account": { "type": "boolean", "title": "Exclude users service account" }, "filter_group": { "type": "integer", "title": "Filter group" } }, "required": [] }, "model_authentik_providers_scim.scimmapping": { "type": "object", "properties": { "managed": { "type": [ "string", "null" ], "minLength": 1, "title": "Managed by authentik", "description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." }, "name": { "type": "string", "minLength": 1, "title": "Name" }, "expression": { "type": "string", "minLength": 1, "title": "Expression" } }, "required": [] }, "model_authentik_sources_ldap.ldapsource": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name", "description": "Source's display Name." }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Internal source name, used in URLs." }, "enabled": { "type": "boolean", "title": "Enabled" }, "authentication_flow": { "type": "integer", "title": "Authentication flow", "description": "Flow to use when authenticating existing users." }, "enrollment_flow": { "type": "integer", "title": "Enrollment flow", "description": "Flow to use when enrolling new users." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "user_matching_mode": { "type": "string", "enum": [ "identifier", "email_link", "email_deny", "username_link", "username_deny" ], "title": "User matching mode", "description": "How the source determines if an existing user should be authenticated or a new user enrolled." }, "user_path_template": { "type": "string", "minLength": 1, "title": "User path template" }, "icon": { "type": "string", "minLength": 1, "title": "Icon" }, "server_uri": { "type": "string", "minLength": 1, "title": "Server URI" }, "peer_certificate": { "type": "integer", "title": "Peer certificate", "description": "Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair." }, "bind_cn": { "type": "string", "title": "Bind CN" }, "bind_password": { "type": "string", "title": "Bind password" }, "start_tls": { "type": "boolean", "title": "Enable Start TLS" }, "base_dn": { "type": "string", "minLength": 1, "title": "Base DN" }, "additional_user_dn": { "type": "string", "title": "Addition User DN", "description": "Prepended to Base DN for User-queries." }, "additional_group_dn": { "type": "string", "title": "Addition Group DN", "description": "Prepended to Base DN for Group-queries." }, "user_object_filter": { "type": "string", "minLength": 1, "title": "User object filter", "description": "Consider Objects matching this filter to be Users." }, "group_object_filter": { "type": "string", "minLength": 1, "title": "Group object filter", "description": "Consider Objects matching this filter to be Groups." }, "group_membership_field": { "type": "string", "minLength": 1, "title": "Group membership field", "description": "Field which contains members of a group." }, "object_uniqueness_field": { "type": "string", "minLength": 1, "title": "Object uniqueness field", "description": "Field which contains a unique Identifier." }, "sync_users": { "type": "boolean", "title": "Sync users" }, "sync_users_password": { "type": "boolean", "title": "Sync users password", "description": "When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source." }, "sync_groups": { "type": "boolean", "title": "Sync groups" }, "sync_parent_group": { "type": "integer", "title": "Sync parent group" }, "property_mappings": { "type": "array", "items": { "type": "integer" }, "title": "Property mappings" }, "property_mappings_group": { "type": "array", "items": { "type": "integer", "description": "Property mappings used for group creation/updating." }, "title": "Property mappings group", "description": "Property mappings used for group creation/updating." } }, "required": [] }, "model_authentik_sources_ldap.ldappropertymapping": { "type": "object", "properties": { "managed": { "type": [ "string", "null" ], "minLength": 1, "title": "Managed by authentik", "description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." }, "name": { "type": "string", "minLength": 1, "title": "Name" }, "expression": { "type": "string", "minLength": 1, "title": "Expression" }, "object_field": { "type": "string", "minLength": 1, "title": "Object field" } }, "required": [] }, "model_authentik_sources_oauth.oauthsource": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name", "description": "Source's display Name." }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Internal source name, used in URLs." }, "enabled": { "type": "boolean", "title": "Enabled" }, "authentication_flow": { "type": "integer", "title": "Authentication flow", "description": "Flow to use when authenticating existing users." }, "enrollment_flow": { "type": "integer", "title": "Enrollment flow", "description": "Flow to use when enrolling new users." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "user_matching_mode": { "type": "string", "enum": [ "identifier", "email_link", "email_deny", "username_link", "username_deny" ], "title": "User matching mode", "description": "How the source determines if an existing user should be authenticated or a new user enrolled." }, "user_path_template": { "type": "string", "minLength": 1, "title": "User path template" }, "icon": { "type": "string", "minLength": 1, "title": "Icon" }, "provider_type": { "type": "string", "enum": [ "apple", "azuread", "discord", "facebook", "github", "google", "mailcow", "openidconnect", "okta", "patreon", "reddit", "twitch", "twitter" ], "title": "Provider type" }, "request_token_url": { "type": [ "string", "null" ], "maxLength": 255, "minLength": 1, "title": "Request Token URL", "description": "URL used to request the initial token. This URL is only required for OAuth 1." }, "authorization_url": { "type": [ "string", "null" ], "maxLength": 255, "minLength": 1, "title": "Authorization URL", "description": "URL the user is redirect to to conest the flow." }, "access_token_url": { "type": [ "string", "null" ], "maxLength": 255, "minLength": 1, "title": "Access Token URL", "description": "URL used by authentik to retrieve tokens." }, "profile_url": { "type": [ "string", "null" ], "maxLength": 255, "minLength": 1, "title": "Profile URL", "description": "URL used by authentik to get user information." }, "consumer_key": { "type": "string", "minLength": 1, "title": "Consumer key" }, "consumer_secret": { "type": "string", "minLength": 1, "title": "Consumer secret" }, "additional_scopes": { "type": "string", "title": "Additional Scopes" }, "oidc_well_known_url": { "type": "string", "title": "Oidc well known url" }, "oidc_jwks_url": { "type": "string", "title": "Oidc jwks url" }, "oidc_jwks": { "type": "object", "additionalProperties": true, "title": "Oidc jwks" } }, "required": [] }, "model_authentik_sources_oauth.useroauthsourceconnection": { "type": "object", "properties": { "user": { "type": "integer", "title": "User" }, "identifier": { "type": "string", "maxLength": 255, "minLength": 1, "title": "Identifier" }, "access_token": { "type": [ "string", "null" ], "title": "Access token" }, "icon": { "type": "string", "minLength": 1, "title": "Icon" } }, "required": [] }, "model_authentik_sources_plex.plexsource": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name", "description": "Source's display Name." }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Internal source name, used in URLs." }, "enabled": { "type": "boolean", "title": "Enabled" }, "authentication_flow": { "type": "integer", "title": "Authentication flow", "description": "Flow to use when authenticating existing users." }, "enrollment_flow": { "type": "integer", "title": "Enrollment flow", "description": "Flow to use when enrolling new users." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "user_matching_mode": { "type": "string", "enum": [ "identifier", "email_link", "email_deny", "username_link", "username_deny" ], "title": "User matching mode", "description": "How the source determines if an existing user should be authenticated or a new user enrolled." }, "user_path_template": { "type": "string", "minLength": 1, "title": "User path template" }, "icon": { "type": "string", "minLength": 1, "title": "Icon" }, "client_id": { "type": "string", "minLength": 1, "title": "Client id", "description": "Client identifier used to talk to Plex." }, "allowed_servers": { "type": "array", "items": { "type": "string", "minLength": 1, "title": "Allowed servers" }, "title": "Allowed servers", "description": "Which servers a user has to be a member of to be granted access. Empty list allows every server." }, "allow_friends": { "type": "boolean", "title": "Allow friends", "description": "Allow friends to authenticate, even if you don't share a server." }, "plex_token": { "type": "string", "minLength": 1, "title": "Plex token", "description": "Plex token used to check friends" } }, "required": [] }, "model_authentik_sources_plex.plexsourceconnection": { "type": "object", "properties": { "identifier": { "type": "string", "minLength": 1, "title": "Identifier" }, "plex_token": { "type": "string", "minLength": 1, "title": "Plex token" }, "icon": { "type": "string", "minLength": 1, "title": "Icon" } }, "required": [] }, "model_authentik_sources_saml.samlsource": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name", "description": "Source's display Name." }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Internal source name, used in URLs." }, "enabled": { "type": "boolean", "title": "Enabled" }, "authentication_flow": { "type": "integer", "title": "Authentication flow", "description": "Flow to use when authenticating existing users." }, "enrollment_flow": { "type": "integer", "title": "Enrollment flow", "description": "Flow to use when enrolling new users." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "user_matching_mode": { "type": "string", "enum": [ "identifier", "email_link", "email_deny", "username_link", "username_deny" ], "title": "User matching mode", "description": "How the source determines if an existing user should be authenticated or a new user enrolled." }, "user_path_template": { "type": "string", "minLength": 1, "title": "User path template" }, "icon": { "type": "string", "minLength": 1, "title": "Icon" }, "pre_authentication_flow": { "type": "integer", "title": "Pre authentication flow", "description": "Flow used before authentication." }, "issuer": { "type": "string", "title": "Issuer", "description": "Also known as Entity ID. Defaults the Metadata URL." }, "sso_url": { "type": "string", "format": "uri", "maxLength": 200, "minLength": 1, "title": "SSO URL", "description": "URL that the initial Login request is sent to." }, "slo_url": { "type": [ "string", "null" ], "format": "uri", "maxLength": 200, "title": "SLO URL", "description": "Optional URL if your IDP supports Single-Logout." }, "allow_idp_initiated": { "type": "boolean", "title": "Allow idp initiated", "description": "Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done." }, "name_id_policy": { "type": "string", "enum": [ "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" ], "title": "Name id policy", "description": "NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent." }, "binding_type": { "type": "string", "enum": [ "REDIRECT", "POST", "POST_AUTO" ], "title": "Binding type" }, "verification_kp": { "type": "integer", "title": "Verification Certificate", "description": "When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default." }, "signing_kp": { "type": "integer", "title": "Signing Keypair", "description": "Keypair used to sign outgoing Responses going to the Identity Provider." }, "digest_algorithm": { "type": "string", "enum": [ "http://www.w3.org/2000/09/xmldsig#sha1", "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#sha384", "http://www.w3.org/2001/04/xmlenc#sha512" ], "title": "Digest algorithm" }, "signature_algorithm": { "type": "string", "enum": [ "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", "http://www.w3.org/2000/09/xmldsig#dsa-sha1" ], "title": "Signature algorithm" }, "temporary_user_delete_after": { "type": "string", "minLength": 1, "title": "Delete temporary users after", "description": "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)." } }, "required": [] }, "model_authentik_sources_saml.usersamlsourceconnection": { "type": "object", "properties": { "user": { "type": "integer", "title": "User" }, "identifier": { "type": "string", "minLength": 1, "title": "Identifier" }, "icon": { "type": "string", "minLength": 1, "title": "Icon" } }, "required": [] }, "model_authentik_stages_authenticator_duo.authenticatorduostage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "configure_flow": { "type": "integer", "title": "Configure flow", "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage." }, "friendly_name": { "type": [ "string", "null" ], "minLength": 1, "title": "Friendly name" }, "client_id": { "type": "string", "minLength": 1, "title": "Client id" }, "client_secret": { "type": "string", "minLength": 1, "title": "Client secret" }, "api_hostname": { "type": "string", "minLength": 1, "title": "Api hostname" }, "admin_integration_key": { "type": "string", "title": "Admin integration key" }, "admin_secret_key": { "type": "string", "title": "Admin secret key" } }, "required": [] }, "model_authentik_stages_authenticator_duo.duodevice": { "type": "object", "properties": { "name": { "type": "string", "maxLength": 64, "minLength": 1, "title": "Name", "description": "The human-readable name of this device." } }, "required": [] }, "model_authentik_stages_authenticator_sms.authenticatorsmsstage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "configure_flow": { "type": "integer", "title": "Configure flow", "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage." }, "friendly_name": { "type": [ "string", "null" ], "minLength": 1, "title": "Friendly name" }, "provider": { "type": "string", "enum": [ "twilio", "generic" ], "title": "Provider" }, "from_number": { "type": "string", "minLength": 1, "title": "From number" }, "account_sid": { "type": "string", "minLength": 1, "title": "Account sid" }, "auth": { "type": "string", "minLength": 1, "title": "Auth" }, "auth_password": { "type": "string", "title": "Auth password" }, "auth_type": { "type": "string", "enum": [ "basic", "bearer" ], "title": "Auth type" }, "verify_only": { "type": "boolean", "title": "Verify only", "description": "When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not re-used in the future." }, "mapping": { "type": "integer", "title": "Mapping", "description": "Optionally modify the payload being sent to custom providers." } }, "required": [] }, "model_authentik_stages_authenticator_sms.smsdevice": { "type": "object", "properties": { "name": { "type": "string", "maxLength": 64, "minLength": 1, "title": "Name", "description": "The human-readable name of this device." } }, "required": [] }, "model_authentik_stages_authenticator_static.authenticatorstaticstage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "configure_flow": { "type": "integer", "title": "Configure flow", "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage." }, "friendly_name": { "type": [ "string", "null" ], "minLength": 1, "title": "Friendly name" }, "token_count": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Token count" } }, "required": [] }, "model_authentik_stages_authenticator_totp.authenticatortotpstage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "configure_flow": { "type": "integer", "title": "Configure flow", "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage." }, "friendly_name": { "type": [ "string", "null" ], "minLength": 1, "title": "Friendly name" }, "digits": { "type": "integer", "enum": [ 6, 8 ], "title": "Digits" } }, "required": [] }, "model_authentik_stages_authenticator_validate.authenticatorvalidatestage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "not_configured_action": { "type": "string", "enum": [ "skip", "deny", "configure" ], "title": "Not configured action" }, "device_classes": { "type": "array", "items": { "type": "string", "enum": [ "static", "totp", "webauthn", "duo", "sms" ], "title": "Device classes" }, "title": "Device classes", "description": "Device classes which can be used to authenticate" }, "configuration_stages": { "type": "array", "items": { "type": "integer", "description": "Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again." }, "title": "Configuration stages", "description": "Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again." }, "last_auth_threshold": { "type": "string", "minLength": 1, "title": "Last auth threshold", "description": "If any of the user's device has been used within this threshold, this stage will be skipped" }, "webauthn_user_verification": { "type": "string", "enum": [ "required", "preferred", "discouraged" ], "title": "Webauthn user verification", "description": "Enforce user verification for WebAuthn devices." } }, "required": [] }, "model_authentik_stages_authenticator_webauthn.authenticatewebauthnstage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "configure_flow": { "type": "integer", "title": "Configure flow", "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage." }, "friendly_name": { "type": [ "string", "null" ], "minLength": 1, "title": "Friendly name" }, "user_verification": { "type": "string", "enum": [ "required", "preferred", "discouraged" ], "title": "User verification" }, "authenticator_attachment": { "type": [ "null", "string" ], "enum": [ null, "platform", "cross-platform" ], "title": "Authenticator attachment" }, "resident_key_requirement": { "type": "string", "enum": [ "discouraged", "preferred", "required" ], "title": "Resident key requirement" } }, "required": [] }, "model_authentik_stages_authenticator_webauthn.webauthndevice": { "type": "object", "properties": { "name": { "type": "string", "maxLength": 200, "minLength": 1, "title": "Name" } }, "required": [] }, "model_authentik_stages_captcha.captchastage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "public_key": { "type": "string", "minLength": 1, "title": "Public key", "description": "Public key, acquired your captcha Provider." }, "private_key": { "type": "string", "minLength": 1, "title": "Private key", "description": "Private key, acquired your captcha Provider." }, "js_url": { "type": "string", "minLength": 1, "title": "Js url" }, "api_url": { "type": "string", "minLength": 1, "title": "Api url" } }, "required": [] }, "model_authentik_stages_consent.consentstage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "mode": { "type": "string", "enum": [ "always_require", "permanent", "expiring" ], "title": "Mode" }, "consent_expire_in": { "type": "string", "minLength": 1, "title": "Consent expires in", "description": "Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)." } }, "required": [] }, "model_authentik_stages_consent.userconsent": { "type": "object", "properties": { "expires": { "type": "string", "format": "date-time", "title": "Expires" }, "user": { "type": "object", "properties": { "username": { "type": "string", "maxLength": 150, "minLength": 1, "title": "Username" }, "name": { "type": "string", "title": "Name", "description": "User's display name." }, "is_active": { "type": "boolean", "title": "Active", "description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts." }, "last_login": { "type": [ "string", "null" ], "format": "date-time", "title": "Last login" }, "groups": { "type": "array", "items": { "type": "integer" }, "title": "Groups" }, "email": { "type": "string", "format": "email", "maxLength": 254, "title": "Email address" }, "attributes": { "type": "object", "additionalProperties": true, "title": "Attributes" }, "path": { "type": "string", "minLength": 1, "title": "Path" } }, "required": [ "username", "name", "groups" ], "title": "User" }, "application": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name", "description": "Application's display Name." }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Internal application name, used in URLs." }, "provider": { "type": "integer", "title": "Provider" }, "backchannel_providers": { "type": "array", "items": { "type": "integer" }, "title": "Backchannel providers" }, "open_in_new_tab": { "type": "boolean", "title": "Open in new tab", "description": "Open launch URL in a new browser tab or window." }, "meta_launch_url": { "type": "string", "title": "Meta launch url" }, "meta_description": { "type": "string", "title": "Meta description" }, "meta_publisher": { "type": "string", "title": "Meta publisher" }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "group": { "type": "string", "title": "Group" } }, "required": [ "name", "slug" ], "title": "Application" }, "permissions": { "type": "string", "minLength": 1, "title": "Permissions" } }, "required": [] }, "model_authentik_stages_deny.denystage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" } }, "required": [] }, "model_authentik_stages_dummy.dummystage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "throw_error": { "type": "boolean", "title": "Throw error" } }, "required": [] }, "model_authentik_stages_email.emailstage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "use_global_settings": { "type": "boolean", "title": "Use global settings", "description": "When enabled, global Email connection settings will be used and connection settings below will be ignored." }, "host": { "type": "string", "minLength": 1, "title": "Host" }, "port": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Port" }, "username": { "type": "string", "title": "Username" }, "password": { "type": "string", "title": "Password" }, "use_tls": { "type": "boolean", "title": "Use tls" }, "use_ssl": { "type": "boolean", "title": "Use ssl" }, "timeout": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Timeout" }, "from_address": { "type": "string", "format": "email", "maxLength": 254, "minLength": 1, "title": "From address" }, "token_expiry": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Token expiry", "description": "Time in minutes the token sent is valid." }, "subject": { "type": "string", "minLength": 1, "title": "Subject" }, "template": { "type": "string", "minLength": 1, "title": "Template" }, "activate_user_on_success": { "type": "boolean", "title": "Activate user on success", "description": "Activate users upon completion of stage." } }, "required": [] }, "model_authentik_stages_identification.identificationstage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "user_fields": { "type": "array", "items": { "type": "string", "enum": [ "email", "username", "upn" ], "title": "User fields" }, "title": "User fields", "description": "Fields of the user object to match against. (Hold shift to select multiple options)" }, "password_stage": { "type": "integer", "title": "Password stage", "description": "When set, shows a password field, instead of showing the password field as seaprate step." }, "case_insensitive_matching": { "type": "boolean", "title": "Case insensitive matching", "description": "When enabled, user fields are matched regardless of their casing." }, "show_matched_user": { "type": "boolean", "title": "Show matched user", "description": "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown" }, "enrollment_flow": { "type": "integer", "title": "Enrollment flow", "description": "Optional enrollment flow, which is linked at the bottom of the page." }, "recovery_flow": { "type": "integer", "title": "Recovery flow", "description": "Optional recovery flow, which is linked at the bottom of the page." }, "passwordless_flow": { "type": "integer", "title": "Passwordless flow", "description": "Optional passwordless flow, which is linked at the bottom of the page." }, "sources": { "type": "array", "items": { "type": "integer", "description": "Specify which sources should be shown." }, "title": "Sources", "description": "Specify which sources should be shown." }, "show_source_labels": { "type": "boolean", "title": "Show source labels" } }, "required": [] }, "model_authentik_stages_invitation.invitationstage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "continue_flow_without_invitation": { "type": "boolean", "title": "Continue flow without invitation", "description": "If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given." } }, "required": [] }, "model_authentik_stages_invitation.invitation": { "type": "object", "properties": { "expires": { "type": "string", "format": "date-time", "title": "Expires" }, "user": { "type": "object", "properties": { "username": { "type": "string", "maxLength": 150, "minLength": 1, "title": "Username" }, "name": { "type": "string", "title": "Name", "description": "User's display name." }, "is_active": { "type": "boolean", "title": "Active", "description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts." }, "last_login": { "type": [ "string", "null" ], "format": "date-time", "title": "Last login" }, "groups": { "type": "array", "items": { "type": "integer" }, "title": "Groups" }, "email": { "type": "string", "format": "email", "maxLength": 254, "title": "Email address" }, "attributes": { "type": "object", "additionalProperties": true, "title": "Attributes" }, "path": { "type": "string", "minLength": 1, "title": "Path" } }, "required": [ "username", "name", "groups" ], "title": "User" }, "application": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name", "description": "Application's display Name." }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Internal application name, used in URLs." }, "provider": { "type": "integer", "title": "Provider" }, "backchannel_providers": { "type": "array", "items": { "type": "integer" }, "title": "Backchannel providers" }, "open_in_new_tab": { "type": "boolean", "title": "Open in new tab", "description": "Open launch URL in a new browser tab or window." }, "meta_launch_url": { "type": "string", "title": "Meta launch url" }, "meta_description": { "type": "string", "title": "Meta description" }, "meta_publisher": { "type": "string", "title": "Meta publisher" }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "group": { "type": "string", "title": "Group" } }, "required": [ "name", "slug" ], "title": "Application" }, "permissions": { "type": "string", "minLength": 1, "title": "Permissions" } }, "required": [] }, "model_authentik_stages_password.passwordstage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "backends": { "type": "array", "items": { "type": "string", "enum": [ "authentik.core.auth.InbuiltBackend", "authentik.core.auth.TokenBackend", "authentik.sources.ldap.auth.LDAPBackend" ], "title": "Backends" }, "title": "Backends", "description": "Selection of backends to test the password against." }, "configure_flow": { "type": "integer", "title": "Configure flow", "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage." }, "failed_attempts_before_cancel": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Failed attempts before cancel", "description": "How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage." } }, "required": [] }, "model_authentik_stages_prompt.prompt": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "field_key": { "type": "string", "minLength": 1, "title": "Field key", "description": "Name of the form field, also used to store the value" }, "label": { "type": "string", "minLength": 1, "title": "Label" }, "type": { "type": "string", "enum": [ "text", "text_area", "text_read_only", "text_area_read_only", "username", "email", "password", "number", "checkbox", "radio-button-group", "dropdown", "date", "date-time", "file", "separator", "hidden", "static", "ak-locale" ], "title": "Type" }, "required": { "type": "boolean", "title": "Required" }, "placeholder": { "type": "string", "title": "Placeholder", "description": "Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices." }, "initial_value": { "type": "string", "title": "Initial value", "description": "Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices." }, "order": { "type": "integer", "minimum": -2147483648, "maximum": 2147483647, "title": "Order" }, "promptstage_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" } }, "required": [ "name" ] }, "title": "Promptstage set" }, "sub_text": { "type": "string", "title": "Sub text" }, "placeholder_expression": { "type": "boolean", "title": "Placeholder expression" }, "initial_value_expression": { "type": "boolean", "title": "Initial value expression" } }, "required": [] }, "model_authentik_stages_prompt.promptstage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "fields": { "type": "array", "items": { "type": "integer" }, "title": "Fields" }, "validation_policies": { "type": "array", "items": { "type": "integer" }, "title": "Validation policies" } }, "required": [] }, "model_authentik_stages_user_delete.userdeletestage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" } }, "required": [] }, "model_authentik_stages_user_login.userloginstage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "session_duration": { "type": "string", "minLength": 1, "title": "Session duration", "description": "Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)" }, "terminate_other_sessions": { "type": "boolean", "title": "Terminate other sessions", "description": "Terminate all other sessions of the user logging in." }, "remember_me_offset": { "type": "string", "minLength": 1, "title": "Remember me offset", "description": "Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)" } }, "required": [] }, "model_authentik_stages_user_logout.userlogoutstage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" } }, "required": [] }, "model_authentik_stages_user_write.userwritestage": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "flow_set": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Visible in the URL." }, "title": { "type": "string", "minLength": 1, "title": "Title", "description": "Shown as the Title in Flow pages." }, "designation": { "type": "string", "enum": [ "authentication", "authorization", "invalidation", "enrollment", "unenrollment", "recovery", "stage_configuration" ], "title": "Designation", "description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik." }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "compatibility_mode": { "type": "boolean", "title": "Compatibility mode", "description": "Enable compatibility mode, increases compatibility with password managers on mobile devices." }, "layout": { "type": "string", "enum": [ "stacked", "content_left", "content_right", "sidebar_left", "sidebar_right" ], "title": "Layout" }, "denied_action": { "type": "string", "enum": [ "message_continue", "message", "continue" ], "title": "Denied action", "description": "Configure what should happen when a flow denies access to a user." } }, "required": [ "name", "slug", "title", "designation" ] }, "title": "Flow set" }, "user_creation_mode": { "type": "string", "enum": [ "never_create", "create_when_required", "always_create" ], "title": "User creation mode" }, "create_users_as_inactive": { "type": "boolean", "title": "Create users as inactive", "description": "When set, newly created users are inactive and cannot login." }, "create_users_group": { "type": "integer", "title": "Create users group", "description": "Optionally add newly created users to this group." }, "user_path_template": { "type": "string", "title": "User path template" } }, "required": [] }, "model_authentik_tenants.tenant": { "type": "object", "properties": { "domain": { "type": "string", "minLength": 1, "title": "Domain", "description": "Domain that activates this tenant. Can be a superset, i.e. `a.b` for `aa.b` and `ba.b`" }, "default": { "type": "boolean", "title": "Default" }, "branding_title": { "type": "string", "minLength": 1, "title": "Branding title" }, "branding_logo": { "type": "string", "minLength": 1, "title": "Branding logo" }, "branding_favicon": { "type": "string", "minLength": 1, "title": "Branding favicon" }, "flow_authentication": { "type": "integer", "title": "Flow authentication" }, "flow_invalidation": { "type": "integer", "title": "Flow invalidation" }, "flow_recovery": { "type": "integer", "title": "Flow recovery" }, "flow_unenrollment": { "type": "integer", "title": "Flow unenrollment" }, "flow_user_settings": { "type": "integer", "title": "Flow user settings" }, "flow_device_code": { "type": "integer", "title": "Flow device code" }, "event_retention": { "type": "string", "minLength": 1, "title": "Event retention", "description": "Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2)." }, "web_certificate": { "type": "integer", "title": "Web certificate", "description": "Web Certificate used by the authentik Core webserver." }, "attributes": { "type": "object", "additionalProperties": true, "title": "Attributes" } }, "required": [] }, "model_authentik_blueprints.blueprintinstance": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name" }, "path": { "type": "string", "title": "Path" }, "context": { "type": "object", "additionalProperties": true, "title": "Context" }, "enabled": { "type": "boolean", "title": "Enabled" }, "content": { "type": "string", "title": "Content" } }, "required": [] }, "model_authentik_core.group": { "type": "object", "properties": { "name": { "type": "string", "maxLength": 80, "minLength": 1, "title": "Name" }, "is_superuser": { "type": "boolean", "title": "Is superuser", "description": "Users added to this group will be superusers." }, "parent": { "type": "integer", "title": "Parent" }, "users": { "type": "array", "items": { "type": "integer" }, "title": "Users" }, "attributes": { "type": "object", "additionalProperties": true, "title": "Attributes" } }, "required": [] }, "model_authentik_core.user": { "type": "object", "properties": { "username": { "type": "string", "maxLength": 150, "minLength": 1, "title": "Username" }, "name": { "type": "string", "title": "Name", "description": "User's display name." }, "is_active": { "type": "boolean", "title": "Active", "description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts." }, "last_login": { "type": [ "string", "null" ], "format": "date-time", "title": "Last login" }, "groups": { "type": "array", "items": { "type": "integer" }, "title": "Groups" }, "email": { "type": "string", "format": "email", "maxLength": 254, "title": "Email address" }, "attributes": { "type": "object", "additionalProperties": true, "title": "Attributes" }, "path": { "type": "string", "minLength": 1, "title": "Path" } }, "required": [] }, "model_authentik_core.application": { "type": "object", "properties": { "name": { "type": "string", "minLength": 1, "title": "Name", "description": "Application's display Name." }, "slug": { "type": "string", "maxLength": 50, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Slug", "description": "Internal application name, used in URLs." }, "provider": { "type": "integer", "title": "Provider" }, "backchannel_providers": { "type": "array", "items": { "type": "integer" }, "title": "Backchannel providers" }, "open_in_new_tab": { "type": "boolean", "title": "Open in new tab", "description": "Open launch URL in a new browser tab or window." }, "meta_launch_url": { "type": "string", "title": "Meta launch url" }, "meta_description": { "type": "string", "title": "Meta description" }, "meta_publisher": { "type": "string", "title": "Meta publisher" }, "policy_engine_mode": { "type": "string", "enum": [ "all", "any" ], "title": "Policy engine mode" }, "group": { "type": "string", "title": "Group" }, "icon": { "type": "string", "minLength": 1, "title": "Icon" } }, "required": [] }, "model_authentik_core.token": { "type": "object", "properties": { "managed": { "type": [ "string", "null" ], "minLength": 1, "title": "Managed by authentik", "description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." }, "identifier": { "type": "string", "maxLength": 255, "minLength": 1, "pattern": "^[-a-zA-Z0-9_]+$", "title": "Identifier" }, "intent": { "type": "string", "enum": [ "verification", "api", "recovery", "app_password" ], "title": "Intent" }, "user": { "type": "integer", "title": "User" }, "description": { "type": "string", "title": "Description" }, "expires": { "type": "string", "format": "date-time", "title": "Expires" }, "expiring": { "type": "boolean", "title": "Expiring" }, "key": { "type": "string", "minLength": 1, "title": "Key" } }, "required": [] }, "model_authentik_blueprints.metaapplyblueprint": { "type": "object", "properties": { "identifiers": { "type": "object", "additionalProperties": true, "title": "Identifiers" }, "required": { "type": "boolean", "title": "Required" } }, "required": [] } } }