English 英语 French 法语 Turkish 土耳其语 Spanish 西班牙的 Polish 波兰语 Taiwanese Mandarin Taiwanese Mandarin Chinese (simplified) 简体中文 Chinese (traditional) 繁体中文 German 德语 Loading... 载入中…… Application 应用程序 Logins 登入 Show less 显示更少 Show more 显示更多 UID UID Name 姓名 App App Model Name 型号名称 Message 信息 Subject Subject From 来自 To To Context 上下文 User 用户 Affected model: 受影响的模型: Authorized application: 授权应用程序: Using flow 使用 Flow Email info: 电子邮件信息: Secret: Secret: Open issue on GitHub... 在 GitHub 上打开问题... Exception 例外 Expression 表情 Binding 绑定 Request 请求 Object 对象 Result 结果 Passing 通过 Messages 信息 Using source 使用源 Attempted to log in as 已尝试以 身份登入 No additional data available. 没有其他可用数据。 Click to change value 单击以更改值 Select an object. 选择一个对象。 Loading options... Connection error, reconnecting... 连接错误,正在重新连接... Login 登入 Failed login 登入失败 Logout 退出 User was written to 用户被写入 Suspicious request 可疑请求 Password set 密码已设置 Secret was viewed 已查看 Secret Secret was rotated 秘密被轮换了 Invitation used 已使用邀请 Application authorized 应用程序已授权 Source linked 源链接 Impersonation started 模拟已开始 Impersonation ended 模拟已结束 Flow execution 流程执行 Policy execution 策略执行 Policy exception 策略例外 Property Mapping exception 属性映射异常 System task execution 系统任务执行 System task exception 系统任务异常 General system exception 一般系统异常 Configuration error 配置错误 Model created 模型已创建 Model updated 模型已更新 Model deleted 模型已删除 Email sent 电子邮件已发送 Update available 更新可用 Unknown severity Alert 注意 Notice 注意 Warning 警告 no tabs defined 未定义选项卡 - of - of Go to previous page 转到上一页 Go to next page 转到下一页 Search... 搜索... Loading 正在加载 No objects found. 未找到任何对象。 Failed to fetch objects. Refresh 刷新 Select all rows 选择所有行 Action 操作 Creation Date 创建日期 Client IP 客户端 IP Tenant 租户 Recent events On behalf of 代表 - - No Events found. 未找到任何事件。 No matching events could be found. 找不到匹配的事件。 Embedded outpost is not configured correctly. 嵌入式 outpost 配置不正确。 Check outposts. 检查 outposts. HTTPS is not detected correctly 未正确检测到 HTTPS Server and client are further than 5 seconds apart. 服务器和客户端之间的距离超过5秒。 OK OK Everything is ok. 一切正常。 System status 系统状态 Based on is available! 可用! Up-to-date! 最新! Version 版本 Workers Workers No workers connected. Background tasks will not run. 没有 workers 连接。后台任务将无法运行。 hour(s) ago day(s) ago Authorizations 授权 Failed Logins 登入失败 Successful Logins 成功登入 : : Cancel 取消 LDAP Source LDAP 源 SCIM Provider Healthy Healthy outposts 健康的 Outposts Admin 管理员 Not found 未找到 The URL "" was not found. 找不到网址 “ ”。 Return home 返回主页 General system status 常规系统状态 Welcome, . 欢迎, Quick actions 快速行动 Create a new application 创建新应用程序 Check the logs 检查日志 Explore integrations 探索集成 Manage users Outpost status Outpost 状态 Sync status 同步状态 Logins and authorizations over the last week (per 8 hours) Apps with most usage 使用率最高的应用 days ago 天前 Objects created 已创建对象 Users created per day in the last month 上个月每天创建的用户 Logins per day in the last month 上个月每天的登入次数 Failed Logins per day in the last month 上个月每天的失败登入次数 Clear search System Tasks 系统任务 Long-running operations which authentik executes in the background. authentik 在后台执行的长时间运行的操作。 Identifier 标识符 Description 描述 Last run 上次运行 Status 状态 Actions 操作 Successful 成功 Error 错误 Unknown 未知 Duration seconds Authentication 身份验证 Authorization 授权 Enrollment 注册 Invalidation 失效 Recovery 恢复 Stage Configuration 阶段配置 Unenrollment 取消注册 Unknown designation Stacked Content left Content right Sidebar left Sidebar right Unknown layout Successfully updated provider. 已成功更新提供程序。 Successfully created provider. 已成功创建提供商。 Bind flow Bind 流程 Flow used for users to authenticate. Search group 搜索组 Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. 所选组中的用户可以执行搜索查询。如果未选择任何组,则不允许 LDAP 搜索。 Bind mode Cached binding Flow is executed and session is cached in memory. Flow is executed when session expires Direct binding Always execute the configured bind flow to authenticate the user Configure how the outpost authenticates requests. Search mode 搜索模式 Cached querying The outpost holds all users and groups in-memory and will refresh every 5 Minutes Direct querying Always returns the latest data, but slower than cached querying Configure how the outpost queries the core authentik server's users. 配置前哨如何查询核心 authentik 服务器的用户。 Protocol settings 协议设置 Base DN Base DN LDAP DN under which bind requests and search requests can be made. 可以发出绑定请求和搜索请求的 LDAP DN。 Certificate 证书 UID start number UID 起始编号 The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber 对于UIDNumbers来说,这个数字被添加到User.pk中,以确保对于POSIX用户来说,这个数字不会太低。默认值为 2000,以确保我们不会与本地用户 uidNumber 发生冲突 GID start number GID 起始编号 The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber 对于 GIDNumbers 来说,这个数字被添加到从 group.pk 生成的数字中,以确保对于 POSIX 组来说,这个数字不会太低。默认值为 4000,以确保我们不会与本地组或用户主组 GIDNumber 发生冲突 (Format: hours=-1;minutes=-2;seconds=-3). (格式: hours=-1;minutes=-2;seconds=-3). (Format: hours=1;minutes=2;seconds=3). (格式: hours=1;minutes=2;seconds=3). The following keywords are supported: Authentication flow 身份验证流程 Flow used when a user access this provider and is not authenticated. Authorization flow 授权流程 Flow used when authorizing this provider. 授权此请求发起端时使用的Flow。 Client type 客户机类型 Confidential 机密 Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets Public 公开 Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. Client ID 客户端 ID Client Secret 客户端密钥 Redirect URIs/Origins (RegEx) Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. 授权流成功后有效的重定向 URL。还可以在此处为隐式流指定任何来源。 If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. 如果未指定显式重定向 URI,则将保存第一个成功使用的重定向 URI。 To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. Signing Key 签名密钥 Key used to sign the tokens. 用于对令牌进行签名的密钥。 Advanced protocol settings 高级协议设置 Access code validity 访问代码有效性 Configure how long access codes are valid for. 配置访问代码的有效期限。 Access Token validity Configure how long access tokens are valid for. 配置访问令牌的有效时间。 Refresh Token validity Configure how long refresh tokens are valid for. Scopes 范围 Select which scopes can be used by the client. The client still has to specify the scope to access the data. 选择客户端可以使用哪些作用域。客户端仍然需要指定访问数据的范围。 Hold control/command to select multiple items. 按住 ctrl/command 键可选择多个项目。 Subject mode Subject 模式 Based on the User's hashed ID Based on the User's ID Based on the User's UUID Based on the User's username Based on the User's Email This is recommended over the UPN mode. Based on the User's UPN Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. Configure what data should be used as unique User Identifier. For most cases, the default should be fine. 配置应将哪些数据用作唯一用户标识符。在大多数情况下,默认值应该没问题。 Include claims in id_token 在 id_token 中包含声明 Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. 对于不访问userinfo端点的应用程序,将来自作用域的用户声明包含在id_token中。 Issuer mode Issuer mode Each provider has a different issuer, based on the application slug Same identifier is used for all providers 所有提供商都使用相同的标识符 Configure how the issuer field of the ID Token should be filled. 配置如何填写 ID 令牌的颁发者字段。 Machine-to-Machine authentication settings Trusted OIDC Sources JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. HTTP-Basic Username Key HTTP-Basic 用户名密钥 User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. 用于 HTTP-Basic 标头用户部分的用户/组属性。如果未设置,则使用用户的电子邮件地址。 HTTP-Basic Password Key HTTP-Basic 密码密钥 User/Group Attribute used for the password part of the HTTP-Basic Header. 用于 HTTP-Basic 标头的密码部分的用户/组属性。 Proxy 代理 Forward auth (single application) 转发身份验证(单个应用程序) Forward auth (domain level) 转发身份验证(域级别) This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. 除了请求必须经过身份验证外,此提供程序的行为类似于透明的反向代理。如果您的上游应用程序使用 HTTPS,请确保也使用 HTTPS 连接到 Outpost。 External host 外部主机 The external URL you'll access the application at. Include any non-standard port. 您将通过其访问应用程序的外部 URL。包括任何非标准端口。 Internal host 内部主机 Upstream host that the requests are forwarded to. 请求被转发到的上游主机。 Internal host SSL Validation 内部主机 SSL 验证 Validate SSL Certificates of upstream servers. 验证上游服务器的 SSL 证书。 Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. 将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用。每个根域只需要一个提供程序。您无法执行每个应用程序的授权,但不必为每个应用程序创建提供程序。 An example setup can look like this: 设置示例如下所示: authentik running on auth.example.com auth.example.com 上运行的 authentik app1 running on app1.example.com app1 在 app1.example.com 上运行 In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. 在这种情况下,您需要将身份验证网址设置为 auth.example.com,将 Cookie 域设置为 example.com。 Authentication URL 身份验证 URL The external URL you'll authenticate at. The authentik core server should be reachable under this URL. 您将在其中进行身份验证的外部 URL。在此 URL 下应该可以访问身份验证核心服务器。 Cookie domain Cookie 域名 Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. 将此设置为您希望身份验证有效的域。必须是上述 URL 的父域名。如果你以 app1.domain.tld、app2.domain.tld 的身份运行应用程序,请将其设置为 “domain.tld”。 Unknown proxy mode Token validity 令牌有效性 Configure how long tokens are valid for. 配置令牌的有效期限。 Additional scopes Additional scope mappings, which are passed to the proxy. 传递给代理的其他作用域映射。 Unauthenticated URLs 未经身份验证的 URL Unauthenticated Paths 未经身份验证的路径 Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. 不需要身份验证的正则表达式。每个新行都被解释为一个新表达式。 When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. 使用代理或转发身份验证(单个应用程序)模式时,将根据正则表达式检查请求的 URL 路径。使用前向身份验证(域模式)时,请求的完整 URL(包括 scheme 和 host)将与正则表达式进行匹配。 Authentication settings Intercept header authentication When enabled, authentik will intercept the Authorization header to authenticate the request. Send HTTP-Basic Authentication Send a custom HTTP-Basic Authentication header based on values from authentik. ACS URL ACS URL Issuer Issuer Also known as EntityID. Service Provider Binding 服务提供商绑定 Redirect 重定向 Post Post Determines how authentik sends the response back to the Service Provider. 确定 authentik 如何将响应发送回服务提供商。 Audience Audience Signing Certificate 签名证书 Certificate used to sign outgoing Responses going to the Service Provider. 用于签署发送给服务提供商的外发响应的证书。 Verification Certificate 验证证书 When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. 选中后,传入声明的签名将根据此证书进行验证。要允许未签名的请求,请保留默认值。 Property mappings 属性映射 NameID Property Mapping nameID 属性映射 Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. 配置如何创建 NameID 值。如果留空,将遵守传入请求的 NameIdPolicy。 Assertion valid not before 断言之前无效 Configure the maximum allowed time drift for an assertion. 为断言配置允许的最大时间漂移。 Assertion valid not on or after 断言不在当天或之后有效 Assertion not valid on or after current time + this value. Session valid not on or after 会话不在当天或之后有效 Session not valid on or after current time + this value. Digest algorithm 摘要算法 Signature algorithm 签名算法 Successfully imported provider. 已成功导入提供程序。 Metadata 元数据 Apply changes Close 关闭 Finish 完成 Back 返回 No form found 找不到表格 Form didn't return a promise for submitting 表单未返回提交承诺 Select type 选择类型 Try the new application wizard The new application wizard greatly simplifies the steps required to create applications and providers. Try it now Create 创建 New provider 新建提供程序 Create a new provider. 创建一个新提供程序 Create 创建 Shared secret Client Networks List of CIDRs (comma-seperated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped. URL SCIM base url, usually ends in /v2. Token 令牌 Token to authenticate with. Currently only bearer authentication is supported. User filtering Exclude service accounts Group Only sync users within the selected group. Attribute mapping User Property Mappings 用户属性映射 Property mappings used to user mapping. Group Property Mappings 组属性映射 Property mappings used to group creation. 用于组创建的属性映射。 Not used by any other object. 不被任何其他对象使用。 object will be DELETED 对象将被删除 connection will be deleted 连接将被删除 reference will be reset to default value 引用将被重置为默认值 reference will be set to an empty value 引用将被设置为空值 () ( ) ID ID Successfully deleted Failed to delete : 无法删除 : Delete 删除 Are you sure you want to delete ? Delete 删除 Providers 提供商 Provide support for protocols like SAML and OAuth to assigned applications. 为分配的应用程序提供对 SAML 和 OAuth 等协议的支持。 Type 类型 Provider(s) 提供商 Assigned to application 分配给应用程序 Assigned to application (backchannel) Warning: Provider not assigned to any application. 警告:提供程序未分配给任何应用程序。 Update 更新 Update 更新 Select providers to add to application Add 添加 Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". 输入完整的网址、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 “fa-test”。 Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. Successfully updated application. 已成功更新应用程序。 Successfully created application. 已成功创建应用程序。 Application's display Name. 应用的显示名称。 Slug Slug Optionally enter a group name. Applications with identical groups are shown grouped together. 输入可选的分组名称。分组相同的应用程序会显示在一起。 Provider 提供商 Select a provider that this application should use. Select backchannel providers which augment the functionality of the main provider. Policy engine mode 策略引擎模式 Any policy must match to grant access All policies must match to grant access UI settings 用户界面设置 Launch URL 启动 URL If left empty, authentik will try to extract the launch URL based on the selected provider. 如果留空,authentik 将尝试根据选定的提供商提取启动网址。 Open in new tab If checked, the launch URL will open in a new browser tab or window from the user's application library. Icon 图标 Currently set to: 当前设置为: Clear icon 清除图标 Publisher 发行人 Create Application 创建应用程序 Overview 概述 Changelog 更新日志 Warning: Provider is not used by any Outpost. 警告:提供者未被任何 Outpos 使用。 Assigned to application 分配给应用程序 Update LDAP Provider 更新 LDAP 提供程序 Edit 编辑 How to connect 如何连接 Connect to the LDAP Server on port 389: 通过端口 389 连接到 LDAP 服务器: Check the IP of the Kubernetes service, or 检查 Kubernetes 服务的 IP,或者 The Host IP of the docker host docker 主机的主机 IP Bind DN Bind DN Bind Password Bind 密码 Search base 搜索基础 Preview Warning: Provider is not used by an Application. 警告:应用程序不使用提供程序。 Redirect URIs 重定向 URI Update OAuth2 Provider 更新 OAuth2 提供程序 OpenID Configuration URL OpenID 配置网址 OpenID Configuration Issuer OpenID 配置发行者 Authorize URL 授权 URL Token URL 令牌网址 Userinfo URL 用户信息网址 Logout URL 退出 URL JWKS URL Example JWT payload (for currently authenticated user) Forward auth (domain-level) 转发身份验证(域级) Nginx (Ingress) Nginx (Ingress) Nginx (Proxy Manager) Nginx(代理管理器) Nginx (standalone) Nginx (standalone) Traefik (Ingress) Traefik (Ingress) Traefik (Compose) Traefik (Compose) Traefik (Standalone) Traefik (Standalone) Caddy (Standalone) Internal Host 内部主机 External Host 外部主机 Basic-Auth 基本身份验证 Yes Yes Mode 模式 Update Proxy Provider 更新代理提供程序 Protocol Settings 协议设置 Allowed Redirect URIs 允许的重定向 URI Setup 设置 No additional setup is required. 无需进行其他设置。 Update Radius Provider Download 下載 Copy download URL 复制下载 URL Download signing certificate 下载签名证书 Related objects 相关对象 Update SAML Provider 更新 SAML 提供程序 SAML Configuration EntityID/Issuer SSO URL (Post) SSO URL (Redirect) SSO URL (IdP-initiated Login) SLO URL (Post) SLO URL (Redirect) SAML Metadata SAML 元数据 Example SAML attributes NameID attribute Warning: Provider is not assigned to an application as backchannel provider. Update SCIM Provider Sync not run yet. Run sync again 再次运行同步 Modern applications, APIs and Single-page applications. LDAP LDAP Provide an LDAP interface for applications and users to authenticate against. New application Applications 应用程序 Provider Type 提供商类型 Application(s) 应用程序 Application Icon 应用程序图标 Update Application 更新应用程序 Successfully sent test-request. 已成功发送测试请求。 Log messages 日志消息 No log messages. 没有日志消息。 Active 激活 Last login 上次登录 Select users to add 选择要添加的用户 Successfully updated group. 已成功更新组。 Successfully created group. 已成功创建组。 Is superuser 是超级用户 Users added to this group will be superusers. 添加到该组的用户均为超级用户。 Parent 家长 Attributes 属性 Set custom attributes using YAML or JSON. 使用 YAML 或 JSON 设置自定义属性。 Successfully updated binding. 已成功更新绑定。 Successfully created binding. 成功创建绑定。 Policy 策略 Group mappings can only be checked if a user is already logged in when trying to access this source. 组绑定仅会在已登录用户访问此源时检查。 User mappings can only be checked if a user is already logged in when trying to access this source. 用户绑定仅会在已登录用户访问此源时检查。 Enabled 已启用 Negate result 否定结果 Negates the outcome of the binding. Messages are unaffected. 否定绑定的结果。消息不受影响。 Order 订购 Timeout 超时 Successfully updated policy. 已成功更新策略。 Successfully created policy. 已成功创建策略。 A policy used for testing. Always returns the same result as specified below after waiting a random duration. 用于测试的策略。等待随机持续时间后,始终返回与下面指定的结果相同的结果。 Execution logging 执行日志记录 When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. 启用此选项后,将记录此策略的所有执行。默认情况下,只记录执行错误。 Policy-specific settings 特定于策略的设置 Pass policy? 通行证政策? Wait (min) 等待 (最短) The policy takes a random time to execute. This controls the minimum time it will take. 策略需要一段随机时间才能执行。这将控制所需的最短时间。 Wait (max) 等待 (最多) Matches an event against a set of criteria. If any of the configured values match, the policy passes. 根据一组条件匹配事件。如果任何配置的值匹配,则策略将通过。 Match created events with this action type. When left empty, all action types will be matched. 将创建的事件与此操作类型匹配。留空时,所有操作类型都将匹配。 Matches Event's Client IP (strict matching, for network matching use an Expression Policy. 匹配事件的客户端 IP(严格匹配),对于网络匹配,请使用表达式策略。 Match events created by selected application. When left empty, all applications are matched. 匹配选定应用程序创建的事件。如果留空,则匹配所有应用程序。 Checks if the request's user's password has been changed in the last x days, and denys based on settings. 检查过去 x 天内请求的用户密码是否已更改,并根据设置拒绝。 Maximum age (in days) 最长使用期限(以天为单位) Only fail the policy, don't invalidate user's password Executes the python snippet to determine whether to allow or deny a request. 执行 python 代码段以确定是允许还是拒绝请求。 Expression using Python. 使用 Python 的表达式。 See documentation for a list of all variables. 有关所有变量的列表,请参阅文档。 Static rules Minimum length 最小长度 Minimum amount of Uppercase Characters 大写字符的最小数量 Minimum amount of Lowercase Characters 小写字符的最小数量 Minimum amount of Digits 最低位数 Minimum amount of Symbols Characters 符号字符的最小数量 Error message 错误消息 Symbol charset 符号字符集 Characters which are considered as symbols. 被视为符号的字符。 HaveIBeenPwned settings Allowed count 允许计数 Allow up to N occurrences in the HIBP database. HIBP 数据库中最多允许 N 次出现。 zxcvbn settings Score threshold If the password's score is less than or equal this value, the policy will fail. Checks the value from the policy request against several rules, mostly used to ensure password strength. 根据多条规则检查策略请求中的值,这些规则主要用于确保密码强度。 Password field “密码” 字段 Field key to check, field keys defined in Prompt stages are available. 要检查的字段键,提示阶段中定义的字段键可用。 Check static rules Check haveibeenpwned.com For more info see: Check zxcvbn Password strength estimator created by Dropbox, see: Allows/denys requests based on the users and/or the IPs reputation. 根据用户和/或 IP 信誉允许/拒绝请求。 Invalid login attempts will decrease the score for the client's IP, and the username they are attempting to login as, by one. The policy passes when the reputation score is below the threshold, and doesn't pass when either or both of the selected options are equal or above the threshold. Check IP 检查 IP Check Username 检查用户名 Threshold 阈值 New policy 新建策略 Create a new policy. 创建一个新策略。 Create Binding 创建绑定 Superuser 超级用户 Members 成员 Select groups to add user to 选择要向其添加用户的组 Warning: Adding the user to the selected group(s) will give them superuser permissions. Successfully updated user. 已成功更新用户。 Successfully created user. 已成功创建用户。 Username 用户名 User's primary identifier. 150 characters or fewer. User's display name. 用户的显示名称。 Email 电子邮箱 Is active 处于激活状态 Designates whether this user should be treated as active. Unselect this instead of deleting accounts. 指定是否应将此用户视为活动用户。取消选择此选项,而不是删除帐户。 Path Policy / User / Group 策略/用户/组 Policy 策略 Group User 用户 Edit Policy 编辑策略 Update Group 更新组 Edit Group 编辑组 Update User 更新用户 Edit User 编辑用户 Policy binding(s) 策略绑定 Update Binding 更新绑定 Edit Binding 编辑绑定 No Policies bound. 没有策略约束。 No policies are currently bound to this object. 当前没有策略绑定到此对象。 Bind existing policy Warning: Application is not used by any Outpost. 警告:应用程序未被任何 Outpost 使用。 Related 相关 Backchannel Providers Check access 检查访问权限 Check 查看 Check Application access 检查应用程序访问权限 Test 测试 Launch 启动 Logins over the last week (per 8 hours) Policy / Group / User Bindings 策略/组/用户绑定 These policies control which users can access this application. 这些策略控制哪些用户可以访问此应用程序。 Successfully updated source. 已成功更新源。 Successfully created source. 已成功创建源。 Sync users 同步用户 User password writeback 用户密码写回 Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. 登入密码会自动从 LDAP 同步到 authentik。启用此选项可将 authentik 中的密码更改回写至 LDAP。 Sync groups 同步组 Connection settings 连接设置 Server URI 服务器 URI Specify multiple server URIs by separating them with a comma. 通过用逗号分隔多个服务器 URI 来指定它们。 Enable StartTLS 启用 StartTLS To use SSL instead, use 'ldaps://' and disable this option. 要改用 SSL,请使用 'ldaps: //' 并禁用此选项。 TLS Verification Certificate TLS 验证证书 When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. 使用 TLS 连接到 LDAP 服务器时,默认情况下不检查证书。指定密钥对以验证远程证书。 Bind CN Bind CN LDAP Attribute mapping LDAP 属性映射 Property mappings used to user creation. 用于创建用户的属性映射。 Additional settings 其他设置 Parent group for all the groups imported from LDAP. 从 LDAP 导入的所有组的父组。 User path Addition User DN 额外的用户 DN Additional user DN, prepended to the Base DN. 额外的User DN,优先于Base DN。 Addition Group DN 额外的 Group DN Additional group DN, prepended to the Base DN. 额外的Group DN,优先于Base DN。 User object filter 用户对象筛选器 Consider Objects matching this filter to be Users. 将与此筛选器匹配的对象视为用户。 Group object filter 分组对象过滤器 Consider Objects matching this filter to be Groups. 将与此过滤器匹配的对象视为组。 Group membership field 组成员资格字段 Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' 包含组成员的字段。请注意,如果使用 “memberUID” 字段,则假定该值包含相对可分辨名称。例如,'memberUID=some-user' 而不是 'memberuid=cn=some-user、ou=groups、... ' Object uniqueness field 对象唯一性字段 Field which contains a unique Identifier. 包含唯一标识符的字段。 Link users on unique identifier 使用唯一标识符链接用户 Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses 链接到具有相同电子邮件地址的用户。当源不验证电子邮件地址时,可能会产生安全隐患 Use the user's email address, but deny enrollment when the email address already exists Link to a user with identical username. Can have security implications when a username is used with another source Use the user's username, but deny enrollment when the username already exists Unknown user matching mode URL settings URL 设置 Authorization URL 授权网址 URL the user is redirect to to consent the authorization. 用户被重定向到以同意授权的 URL。 Access token URL 访问令牌 URL URL used by authentik to retrieve tokens. authentik 用来检索令牌的 URL。 Profile URL 个人资料网址 URL used by authentik to get user information. authentik 用来获取用户信息的 URL。 Request token URL 请求令牌 URL URL used to request the initial token. This URL is only required for OAuth 1. 用于请求初始令牌的 URL。只有 OAuth 1 才需要此网址。 OIDC Well-known URL OIDC well-known configuration URL. Can be used to automatically configure the URLs above. OIDC JWKS URL JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. OIDC JWKS Raw JWKS data. User matching mode 用户匹配模式 Delete currently set icon. 删除当前设置的图标。 Consumer key 消费者密钥 Consumer secret 消费者机密 Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. Flow settings 流程设置 Flow to use when authenticating existing users. 认证已存在用户时所使用的流程。 Enrollment flow 注册流程 Flow to use when enrolling new users. 新用户注册时所使用的流程。 Load servers 加载服务器 Re-authenticate with plex 使用 plex 重新进行身份验证 Allow friends to authenticate via Plex, even if you don't share any servers 允许好友通过Plex进行身份验证,即使您不共享任何服务器 Allowed servers 允许的服务器 Select which server a user has to be a member of to be allowed to authenticate. 选择用户必须是哪个服务器的成员才能进行身份验证。 SSO URL SSO 网址 URL that the initial Login request is sent to. 初始登录请求发送到的URL。 SLO URL SLO URL Optional URL if the IDP supports Single-Logout. 如果 IDP 支持单点注销,则为可选 URL。 Also known as Entity ID. Defaults the Metadata URL. 也称为实体 ID。 默认为 Metadata URL。 Binding Type 绑定类型 Redirect binding 重定向绑定 Post-auto binding Post binding but the request is automatically sent and the user doesn't have to confirm. Post binding Post binding Signing keypair 签名密钥对 Keypair which is used to sign outgoing requests. Leave empty to disable signing. 用于签署传出请求的密钥对。留空则禁用签名。 Allow IDP-initiated logins 允许 IDP 发起的登入 Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. 允许由 IdP 启动的身份验证流。这可能存在安全风险,因为未对请求 ID 进行验证。 NameID Policy NameID 政策 Persistent 持久 Email address 邮箱地址 Windows Windows X509 Subject X509 Subject Transient 暂时的 Delete temporary users after 之后删除临时用户 Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. Pre-authentication flow 身份验证前流程 Flow used before authentication. 身份验证之前使用的流程。 New source 新建身份来源 Create a new source. 创建一个新身份来源。 Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. 身份来源,既可以同步到authentik的数据库中,也可以被用户用来进行身份验证和注册。 Source(s) Disabled 已禁用 Built-in 内置 Update LDAP Source 更新 LDAP 源 Not synced yet. 尚未同步。 Task finished with warnings 任务已完成,但出现警告 Task finished with errors 任务已完成,但出现错误 Last sync: 上次同步: OAuth Source Generic OpenID Connect 通用 OpenID 连接 Unknown provider type Details Callback URL 回调 URL Access Key 访问密钥 Update OAuth Source 更新 OAuth 源 Diagram 示意图 Policy Bindings 策略绑定 These bindings control which users can access this source. You can only use policies here as access is checked before the user is authenticated. Update Plex Source 更新 Plex 源 Update SAML Source 更新 SAML 源 Successfully updated mapping. 已成功更新映射。 Successfully created mapping. 已成功创建映射。 Object field 对象字段 Field of the user object this value is written to. 写入此值的用户对象的字段。 SAML Attribute Name SAML 属性名称 Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. 用于 SAML 断言的属性名称。可以是 URN OID, 模式引用或任何其他字符串。如果此属性映射用于 NameID 属性,则会丢弃此字段。 Friendly Name 友好显示名称 Optionally set the 'FriendlyName' value of the Assertion attribute. (可选)设置 “断言” 属性的'友好名称'值。 Scope name 作用域名称 Scope which the client can specify to access these properties. 客户端可以指定的访问这些属性的范围。 Description shown to the user when consenting. If left empty, the user won't be informed. 同意时向用户显示的描述。如果留空,则不会通知用户。 Example context data Active Directory User Active Directory Group New property mapping 新建属性映射 Create a new property mapping. 创建一个新属性映射。 Property Mappings 属性映射 Control how authentik exposes and interprets information. 控制 authentik 如何公开和解释信息。 Property Mapping(s) 属性映射 Test Property Mapping 测试属性映射 Hide managed mappings 隐藏托管映射 Successfully updated token. 已成功更新令牌。 Successfully created token. 已成功创建令牌。 Unique identifier the token is referenced by. 引用令牌的唯一标识符。 Intent 意图 API Token Used to access the API programmatically App password. Used to login using a flow executor Expiring 即将到期 If this is selected, the token will expire. Upon expiration, the token will be rotated. 如果选择此选项,令牌将过期。到期后,令牌将被轮换。 Expires on 过期时间 API Access API 访问权限 App password 应用密码 Verification 验证 Unknown intent Tokens 令牌 Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. 令牌在整个authentik中用于电子邮件验证阶段、恢复密钥和API访问。 Expires? 过期? Expiry date 到期日 Token(s) 令牌 Create Token 创建令牌 Token is managed by authentik. 令牌由 authentik 管理。 Update Token 更新令牌 Successfully updated tenant. 已成功更新租户。 Successfully created tenant. 成功创建租户。 Domain Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. 匹配是根据域名后缀完成的,因此,如果您输入 domain.tld,foo.domain.tld 仍将匹配。 Default 默认 Use this tenant for each domain that doesn't have a dedicated tenant. 对于没有专用租户的每个域,请使用此租户。 Branding settings 品牌设置 Title 标题 Branding shown in page title and several other places. 品牌信息显示在页面标题和其他几个地方。 Logo Logo Icon shown in sidebar/header and flow executor. 在侧边栏/标题和流程执行器中显示的图标。 Favicon 网站图标 Icon shown in the browser tab. 浏览器选项卡中显示的图标。 Default flows 默认流程 Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. 用于对用户进行身份验证的流程。如果留空,则使用按辅助信息块排序的第一个适用流程。 Invalidation flow 失效流程 Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. 用于注销的流程。如果留空,则使用按辅助信息块排序的第一个适用流程。 Recovery flow 恢复流程 Recovery flow. If left empty, the first applicable flow sorted by the slug is used. 恢复流程。如果留空,则使用按辅助信息块排序的第一个适用流程。 Unenrollment flow 取消注册流程 If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. 如果已设置,则用户可以使用此流程自行取消注册。如果未设置流量,则不显示选项。 User settings flow 用户设置流程 If set, users are able to configure details of their profile. 设置后,用户可以配置他们个人资料的详细信息。 Device code flow If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. Other global settings 其他全局设置 Web Certificate 网络证书 Event retention 事件保留 Duration after which events will be deleted from the database. 事件将从数据库中删除的持续时间。 When using an external logging solution for archiving, this can be set to "minutes=5". 使用外部日志记录解决方案进行存档时,可以将其设置为 “minutes=5”。 This setting only affects new Events, as the expiration is saved per-event. 此设置仅影响新事件,因为过期时间是按事件保存的。 Format: "weeks=3;days=2;hours=3,seconds=2". 格式:"weeks=3;days=2;hours=3,seconds=2"。 Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this tenant. Tenants 租户 Configure visual settings and defaults for different domains. 配置不同域的可视化设置和默认值。 Default? 默认? Tenant(s) 租户 Update Tenant 更新租户 Create Tenant 创建租户 Policies 策略 Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. 允许用户根据属性使用应用程序、强制使用密码标准以及有选择地应用阶段。 Assigned to object(s). 已分配给 个对象。 Warning: Policy is not assigned. 警告:策略未分配。 Test Policy 测试策略 Policy / Policies 政策/策略 Successfully cleared policy cache 已成功清除策略缓存 Failed to delete policy cache 未能删除策略缓存 Clear cache 清除缓存 Clear Policy cache 清除策略缓存 Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. Reputation scores 声誉得分 Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. IP 和用户标识符的声誉。每次登入失败的分数都会降低,每次成功登入的分数都会增加。 IP IP Score 得分 Updated 已更新 Reputation 声誉 Groups Group users together and give them permissions based on the membership. 将用户分组在一起,并根据成员资格为他们授予权限。 Superuser privileges? 超级用户权限? Group(s) Create Group 创建组 Create group 创建组 Enabling this toggle will create a group named after the user, with the user as member. 启用此开关将创建一个以用户命名的组,用户为成员。 Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. 使用下面的用户名和密码进行身份验证。稍后可以在令牌页面上检索密码。 Password 密码 Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. 有效期为360天,之后密码将自动轮换。您可以从令牌列表中复制密码。 The following objects use 以下对象使用 connecting object will be deleted 连接对象将被删除 Successfully updated Failed to update : 更新失败 Are you sure you want to update ""? 你确定要更新 " " 吗? Successfully updated password. 已成功更新密码。 Successfully sent email. 已成功发送电子邮件。 Email stage 电子邮件阶段 Successfully added user(s). Users to add User(s) 用户 Remove Users(s) Are you sure you want to remove the selected users from the group ? Remove Impersonate 模仿 User status 用户状态 Change status 更改状态 Deactivate 停用 Update password 更新密码 Set password 设置密码 Successfully generated recovery link 成功生成恢复链接 No recovery flow is configured. 未配置任何恢复流程。 Copy recovery link 复制恢复链接 Send link 发送链接 Send recovery link to user 向用户发送恢复链接 Email recovery link 电子邮件恢复链接 Recovery link cannot be emailed, user has no email address saved. 无法通过电子邮件发送恢复链接,用户没有保存电子邮件地址。 To let a user directly reset a their password, configure a recovery flow on the currently active tenant. 要让用户直接重置密码,请在当前活动的租户上配置恢复流程。 Add User Warning: This group is configured with superuser access. Added users will have superuser access. Add existing user Create user Create User 创建用户 Create Service account 创建服务账户 Hide service-accounts 隐藏服务账户 Group Info 组信息 Notes Edit the notes attribute of this group to add notes here. Users 用户 Root Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. 警告:你即将删除登录的用户 ( )。继续,风险自负。 Hide deactivated user User folders Successfully added user to group(s). Groups to add Remove from Group(s) Are you sure you want to remove user from the following groups? Add Group Add to existing group Add new group Application authorizations 应用程序授权 Revoked? 已吊销? Expires 过期 ID Token ID 令牌 Refresh Tokens(s) Last IP 最后的 IP Session(s) 会话 Expiry 到期 (Current session) Permissions Consent(s) 同意 Successfully updated device. 已成功更新设备。 Static tokens 静态令牌 TOTP Device TOTP 设备 Enroll 注册 Device(s) 设备 Update Device 更新设备 Confirmed User Info 用户信息 Actions over the last week (per 8 hours) Edit the notes attribute of this user to add notes here. Sessions 会话 User events 用户事件 Explicit Consent 明确同意 OAuth Refresh Tokens MFA Authenticators Successfully updated invitation. 已成功更新邀请。 Successfully created invitation. 已成功创建邀请。 Flow 流程 When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. 加载到流程的 “prompt_data” 上下文变量中的可选数据。YAML 或 JSON。 Single use 一次性使用 When enabled, the invitation will be deleted after usage. 启用后,邀请将在使用后被删除。 Select an enrollment flow 选择注册流程 Link to use the invitation. 使用邀请的链接。 Invitations 邀请 Create Invitation Links to enroll Users, and optionally force specific attributes of their account. 创建邀请链接以注册用户,并可选择强制使用其帐户的特定属性。 Created by 由... 创建 Invitation(s) 邀请 Invitation not limited to any flow, and can be used with any enrollment flow. Update Invitation 更新邀请 Create Invitation 创建邀请 Warning: No invitation stage is bound to any flow. Invitations will not work as expected. 警告:没有邀请阶段绑定到任何流程。邀请将无法按预期工作。 Auto-detect (based on your browser) 自动检测(基于您的浏览器) Required. 必需。 Continue 继续 Successfully updated prompt. 已成功更新提示。 Successfully created prompt. 已成功创建提示。 Text: Simple Text input 文本:简单文本输入 Text Area: Multiline text input Text (read-only): Simple Text input, but cannot be edited. 文本(只读):简单文本输入,但无法编辑。 Text Area (read-only): Multiline text input, but cannot be edited. Username: Same as Text input, but checks for and prevents duplicate usernames. 用户名:与文本输入相同,但检查并防止用户名重复。 Email: Text field with Email type. 电子邮件:具有电子邮件类型的文本字段。 Password: Masked input, multiple inputs of this type on the same prompt need to be identical. Number 编号 Checkbox 复选框 Radio Button Group (fixed choice) Dropdown (fixed choice) Date 日期 Date Time 日期时间 File Separator: Static Separator Line 分隔符:静态分隔线 Hidden: Hidden field, can be used to insert data into form. 隐藏:隐藏字段,可用于将数据插入表单。 Static: Static value, displayed as-is. 静态:静态值,按原样显示。 authentik: Locale: Displays a list of locales authentik supports. authentik:语言:显示 authentik 支持的语言设置。 Preview errors Data preview Unique name of this field, used for selecting fields in prompt stages. Field Key 字段键 Name of the form field, also used to store the value. 表单域的名称,也用于存储值。 When used in conjunction with a User Write stage, use attributes.foo to write attributes. 当与用户写入阶段结合使用时,请使用 attributes.foo 来编写属性。 Label 标签 Label shown next to/above the prompt. 标签显示在提示符旁边/上方。 Required 必需 Interpret placeholder as expression 将占位符解释为表达式 When checked, the placeholder will be evaluated in the same way a property mapping is. If the evaluation fails, the placeholder itself is returned. Placeholder 占位符 Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices. Interpret initial value as expression When checked, the initial value will be evaluated in the same way a property mapping is. If the evaluation fails, the initial value itself is returned. Initial value Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices. Help text 帮助文本 Any HTML can be used. 任何HTML都可以使用。 Prompts 提示 Single Prompts that can be used for Prompt Stages. 可用于提示阶段的单个提示符。 Field 字段 Stages 阶段 Prompt(s) 提示 Update Prompt 更新提示 Create Prompt 创建提示 Target 目标 Stage 阶段 Evaluate when flow is planned Evaluate policies during the Flow planning process. Evaluate when stage is run Evaluate policies before the Stage is present to the user. 在阶段呈现给用户之前评估策略。 Invalid response behavior Returns the error message and a similar challenge to the executor Restarts the flow from the beginning Restarts the flow from the beginning, while keeping the flow context Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. Successfully updated stage. 已成功更新阶段。 Successfully created stage. 已成功创建阶段。 Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. Stage 用于配置基于二重奏的身份验证器。此阶段应该用于配置流程。 Authenticator type name Display name of this authenticator, used by users when they enroll an authenticator. API Hostname API 主机名 Duo Auth API Integration key 集成密钥 Secret key 密钥 Duo Admin API (optional) When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. This will allow authentik to import devices automatically. Stage-specific settings 阶段特定的设置 Configuration flow 配置流程 Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. 经过身份验证的用户用来配置此阶段的流程。如果为空,用户将无法配置此阶段。 Twilio Account SID Twilio 账户 SID Get this value from https://console.twilio.com 从 https://console.twilio.com 获取此值 Twilio Auth Token Twilio 身份验证令牌 Authentication Type 身份验证类型 Basic Auth 基本身份验证 Bearer Token 不记名令牌 External API URL 外部 API 网址 This is the full endpoint to send POST requests to. 这是向其发送 POST 请求的完整终端节点。 API Auth Username API 身份验证用户名 This is the username to be used with basic auth or the token when used with bearer token 这是用于基本身份验证的用户名,或者与不记名令牌一起使用时的令牌 API Auth password API 身份验证密码 This is the password to be used with basic auth 这是用于基本身份验证的密码 Mapping Modify the payload sent to the custom provider. Stage used to configure an SMS-based TOTP authenticator. 用于配置基于短信的 TOTP 身份验证器的阶段。 Twilio Twilio Generic 通用的 From number 发件人号码 Number the SMS will be sent from. 发送短信的来源号码。 Hash phone number If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. Stage 用于配置静态身份验证器(即静态令牌)。此阶段应该用于配置流程。 Token count Token count Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). 用于配置 TOTP 身份验证器(即 Auth/Google 身份验证器)的阶段。 Digits 数字 6 digits, widely compatible 6位数字,广泛兼容 8 digits, not compatible with apps like Google Authenticator 8位数字,与谷歌身份验证器等应用不兼容 Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. Stage 用于验证任何身份验证器。此阶段应在身份验证或授权流程中使用。 Device classes 设备类别 Static Tokens 静态令牌 TOTP Authenticators TOTP 身份验证器 WebAuthn Authenticators WebAuthn 身份验证器 Duo Authenticators Duo 身份验证器 SMS-based Authenticators 基于短信的身份验证器 Device classes which can be used to authenticate. 可用于进行身份验证的设备类别。 Last validation threshold If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. Not configured action 未配置操作 Force the user to configure an authenticator 强制用户配置身份验证器 Deny the user access 拒绝用户访问 WebAuthn User verification User verification must occur. 必须进行用户验证。 User verification is preferred if available, but not required. 如果可用,则首选用户验证,但不是必需的。 User verification should not occur. 不应进行用户验证。 Configuration stages 配置阶段 Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. 当用户没有任何兼容的设备时,用来配置身份验证器的阶段。此阶段通过后,将不再请求此用户。 When multiple stages are selected, the user can choose which one they want to enroll. 选中多个阶段时,用户可以选择要注册哪个。 User verification 用户验证 Resident key requirement 常驻钥匙要求 Authenticator Attachment 身份验证器附件 No preference is sent 不发送首选项 A non-removable authenticator, like TouchID or Windows Hello 不可移除的身份验证器,例如 TouchID 或 Windows Hello A "roaming" authenticator, like a YubiKey 像 YubiKey 这样的 “漫游” 身份验证器 This stage checks the user's current session against the Google reCaptcha (or compatible) service. Public Key 公钥 Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. 公钥,从 https://www.google.com/recaptcha/intro/v3.html 获取。 Private Key 私钥 Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. 私钥,从 https://www.google.com/recaptcha/intro/v3.html 获取。 Advanced settings 高级设置 JS URL URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. API URL URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. 提示用户同意。同意可以是永久性的,也可以在规定的时间内过期。 Always require consent 始终需要征得同意 Consent given last indefinitely 无限期地给予同意 Consent expires. 同意过期。 Consent expires in 同意到期时间 Offset after which consent expires. Dummy stage used for testing. Shows a simple continue button and always passes. 用于测试的虚拟阶段。显示一个简单的 “继续” 按钮,并且始终通过。 Throw error? SMTP Host SMTP 主机 SMTP Port SMTP 端口 SMTP Username SMTP 用户名 SMTP Password SMTP 密码 Use TLS 使用 TLS Use SSL 使用 SSL From address 发件人地址 Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. 通过向用户发送一次性链接来验证用户的电子邮件地址。也可用于恢复,以验证用户的真实性。 Activate pending user on success 成功时启用待处理用户 When a user returns from the email successfully, their account will be activated. 当用户成功从电子邮件中返回时,其帐户将被激活。 Use global settings 使用全局设置 When enabled, global Email connection settings will be used and connection settings below will be ignored. 启用后,将使用全局电子邮件连接设置,而下面的连接设置将被忽略。 Token expiry 令牌到期 Time in minutes the token sent is valid. 发送的令牌的有效时间(以分钟为单位)。 Template “模板” Let the user identify themselves with their username or Email address. 让用户使用其用户名或电子邮件地址来标识自己。 User fields 用户字段 UPN UPN Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. 用户可以用来标识自己的字段。如果未选择任何字段,则用户将只能使用源。 Password stage 密码阶段 When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. 选中后,密码字段将显示在同一页面上,而不是单独的页面上。这样可以防止用户名枚举攻击。 Case insensitive matching 不区分大小写的匹配 When enabled, user fields are matched regardless of their casing. 启用后,无论用户字段大小写如何,都将匹配用户字段。 Show matched user 显示匹配的用户 When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. 如果输入了有效的用户名/电子邮件,并且启用了此选项,则会显示用户的用户名和头像。否则,将显示用户输入的文本。 Source settings Sources Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. 应显示选择的源以供用户进行身份验证。这只会影响基于 Web 的源,而不影响 LDAP。 Show sources' labels 显示源的标签 By default, only icons are shown for sources. Enable this to show their full names. 默认情况下,只为源显示图标。启用此选项可显示他们的全名。 Passwordless flow 无密码流 Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. 可选的无密码流程,链接在页面底部。配置后,用户可以使用此流程向 WebAuthn 身份验证器进行身份验证,而无需输入任何详细信息。 Optional enrollment flow, which is linked at the bottom of the page. 可选注册流程,链接在页面底部。 Optional recovery flow, which is linked at the bottom of the page. 可选的恢复流程,链接在页面底部。 This stage can be included in enrollment flows to accept invitations. 此阶段可以包含在注册流程中以接受邀请。 Continue flow without invitation 在没有邀请的情况下继续流动 If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. 如果设置了此标志,则当没有发出邀请时,此舞台将跳转到下一个阶段。默认情况下,当没有发出邀请时,此阶段将取消流程。 Validate the user's password against the selected backend(s). 根据选定的后端验证用户的密码。 Backends 后端 User database + standard password 用户数据库+标准密码 User database + app passwords 用户数据库+应用程序密码 User database + LDAP password 用户数据库 + LDAP 密码 Selection of backends to test the password against. 选择用于测试密码的后端。 Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. 经过身份验证的用户用来配置其密码的流程。如果为空,用户将无法配置更改其密码。 Failed attempts before cancel 取消前尝试失败 How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. 在取消流程之前,用户有多少次尝试。要锁定用户,请使用信誉策略和 user_write 阶段。 Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. 向用户显示任意输入字段,例如在注册期间。数据保存在流程上下文中的 “prompt_data” 变量下。 Fields 字段 ("", of type ) (“ ”, 类型为 ) Validation Policies 验证策略 Selected policies are executed when the stage is submitted to validate the data. 在提交阶段以验证数据时,将执行选定的策略。 Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. Log the currently pending user in. 将当前待处理的用户登录。 Session duration 会话持续时间 Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. 确定会话持续多长时间。默认为 0 秒意味着会话持续到浏览器关闭为止。 Different browsers handle session cookies differently, and might not remove them even when the browser is closed. See here. Stay signed in offset If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. Terminate other sessions When enabled, all previous sessions of the user will be terminated. Remove the user from the current session. 从当前会话中移除用户。 Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user is pending, a new user is created, and data is written to them. Never create users When no user is present in the flow context, the stage will fail. Create users when required When no user is present in the the flow context, a new user is created. Always create new users Create a new user even if a user is in the flow context. Create users as inactive 将用户创建为非活动用户 Mark newly created users as inactive. 将新创建的用户标记为非活动用户。 User path template Path new users will be created under. If left blank, the default path will be used. Newly created users are added to this group, if a group is selected. 如果选择了组,则会将新创建的用户添加到该组。 New stage 新建阶段 Create a new stage. 创建一个新阶段。 Successfully imported device. The user in authentik this device will be assigned to. Duo User ID The user ID in Duo, can be found in the URL after clicking on a user. Automatic import Successfully imported devices. Start automatic import Or manually import Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. 阶段是引导用户完成的流程的单个步骤。阶段只能在流程内部执行。 Flows 流程 Stage(s) 阶段 Import 导入 Import Duo device Successfully updated flow. 已成功更新流程。 Successfully created flow. 已成功创建流程。 Shown as the Title in Flow pages. 显示为 “Flow” 页面中的标题。 Visible in the URL. 在 URL 中可见。 Designation 指定 Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. 决定此 Flow 的用途。例如,当未经身份验证的用户访问 authentik 时,身份验证流程将重定向到。 No requirement Require authentication Require no authentication. Require superuser. Required authentication level for this flow. Behavior settings Compatibility mode 兼容模式 Increases compatibility with password managers and mobile devices. Denied action Will follow the ?next parameter if set, otherwise show a message Will either follow the ?next parameter or redirect to the default interface Will notify the user the flow isn't applicable Decides the response when a policy denies access to this flow for a user. Appearance settings Layout Background 背景 Background shown during execution. 执行过程中显示背景。 Clear background Delete currently set background image. 删除当前设置的背景图片。 Successfully imported flow. 已成功导入流程。 .yaml files, which can be found on goauthentik.io and can be exported by authentik. .yaml 文件,这些文件可以在 goauthentik.io 上找到,也可以通过 authentik 导出。 Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. 流程描述了一系列用于对用户进行身份验证、注册或恢复的阶段。阶段是根据应用于它们的策略来选择的。 Flow(s) 流程 Update Flow 更新流程 Create Flow 创建流程 Import Flow 导入流程 Successfully cleared flow cache 已成功清除流程缓存 Failed to delete flow cache 无法删除流程缓存 Clear Flow cache 清除流程缓存 Are you sure you want to clear the flow cache? This will cause all flows to be re-evaluated on their next usage. Stage binding(s) 阶段绑定 Stage type 阶段类型 Edit Stage 编辑 Stage Update Stage binding 更新阶段绑定 These bindings control if this stage will be applied to the flow. 这些绑定控制是否将此阶段应用于流程。 No Stages bound 没有阶段绑定 No stages are currently bound to this flow. 目前没有阶段绑定到此流程。 Create Stage binding 创建 Stage 绑定 Bind stage Bind 阶段 Bind existing stage Flow Overview 流程概述 Related actions Execute flow 执行流程 Normal 正常 with current user 以当前用户 with inspector 和检查员一起 Export flow 出口流程 Export 出口 Stage Bindings 阶段绑定 These bindings control which users can access this flow. 这些绑定控制哪些用户可以访问此流程。 Event Log 事件日志 Event 事件 Event info 事件信息 Created Successfully updated transport. 已成功更新传输。 Successfully created transport. 已成功创建传输。 Local (notifications will be created within authentik) Webhook (generic) Webhook (generic) Webhook (Slack/Discord) Webhook(Slack/Discord) Webhook URL Webhook URL Webhook Mapping Webhook 映射 Send once 发送一次 Only send notification once, for example when sending a webhook into a chat channel. 仅发送一次通知,例如在向聊天频道发送 Webhook 时。 Notification Transports 通知传输 Define how notifications are sent to users, like Email or Webhook. 定义如何向用户发送通知,例如电子邮件或 Webhook。 Notification transport(s) 通知传输 Update Notification Transport 更新通知传输 Create Notification Transport 创建通知传输 Successfully updated rule. 已成功更新规则。 Successfully created rule. 已成功创建规则。 Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. Transports 传输 Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. 选择应使用哪些传输来通知用户。如果未选择任何内容,则通知将仅显示在 authentik UI 中。 Severity 严重程度 Notification Rules 通知规则 Send notifications whenever a specific Event is created and matched by policies. 每当策略创建并匹配特定事件时,都会发送通知。 Sent to group 已发送到组 Notification rule(s) 通知规则 None (rule disabled) 无(规则已禁用) Update Notification Rule 更新通知规则 Create Notification Rule 创建通知规则 These bindings control upon which events this rule triggers. Bindings to groups/users are checked against the user of the event. Outpost Deployment Info Outpost 部署信息 View deployment documentation 查看部署文档 Click to copy token 点击复制令牌 If your authentik Instance is using a self-signed certificate, set this value. 如果您的 authentik 实例正在使用自签名证书,请设置此值。 If your authentik_host setting does not match the URL you want to login with, add this setting. 如果您的 authentik_host 设置与您要登录时使用的网址不匹配,请添加此设置。 Successfully updated outpost. 已成功更新 Outpost。 Successfully created outpost. 已成功创建 Outpost。 Radius Integration 整合 Selecting an integration enables the management of the outpost by authentik. 选择集成可以使authentik对 Outpost 进行管理。 You can only select providers that match the type of the outpost. 您只能选择与 Outpost 类型匹配的提供商。 Configuration 配置 See more here: Documentation Last seen , should be ,应该是 Hostname Not available 不可用 Last seen: 最后显示: Unknown type Outposts Outposts Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. Outpost 是对 authentik 组件的部署,以支持不同的环境和协议,例如反向代理。 Health and Version 运行状况和版本 Warning: authentik Domain is not configured, authentication will not work. 警告:未配置 authentik 域,身份验证将不起作用。 Logging in via . 通过 登录。 No integration active 没有激活的集成 Update Outpost 更新 Outpost View Deployment Info 查看部署信息 Detailed health (one instance per column, data is cached so may be out of date) Outpost(s) Outpost(s) Create Outpost 创建 Outpost Successfully updated integration. 已成功更新集成。 Successfully created integration. 已成功创建集成。 Local 本地 If enabled, use the local connection. Required Docker socket/Kubernetes Integration. 如果启用,请使用本地连接。需要的 Docker Socket/Kubernetes 集成。 Docker URL Docker URL Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. 连接到本地 docker 守护进程时可以采用 'unix: //' 的格式,通过 SSH 连接时使用 'ssh: //',或者在连接到远程系统时使用 'https://:2376' 的格式。 CA which the endpoint's Certificate is verified against. Can be left empty for no validation. 验证终端节点证书所依据的 CA。可以留空以表示不进行验证。 TLS Authentication Certificate/SSH Keypair TLS 身份验证证书/SSH 密钥对 Certificate/Key used for authentication. Can be left empty for no authentication. 用于身份验证的证书/密钥。可以留空,留空表示不进行身份验证。 When connecting via SSH, this keypair is used for authentication. 通过 SSH 连接时,此密钥对用于身份验证。 Kubeconfig Kubeconfig Verify Kubernetes API SSL Certificate New outpost integration 新前哨集成 Create a new outpost integration. 创建一个新前哨集成。 State Unhealthy 不健康 Outpost integration(s) Outpost 集成 Successfully generated certificate-key pair. 成功生成证书密钥对。 Common Name 常用名 Subject-alt name 替代名称 Optional, comma-separated SubjectAlt Names. 可选,逗号分隔的 subjectAlt 名称。 Validity days 有效天数 Successfully updated certificate-key pair. 已成功更新证书密钥对。 Successfully created certificate-key pair. 已成功创建证书密钥对。 PEM-encoded Certificate data. PEM 编码的证书数据。 Optional Private Key. If this is set, you can use this keypair for encryption. 可选私钥。如果设置了此设置,则可以使用此密钥对进行加密。 Certificate-Key Pairs 证书密钥对 Import certificates of external providers or create certificates to sign requests with. 导入外部提供商的证书或创建用于签署请求的证书。 Private key available? 私钥可用吗? Certificate-Key Pair(s) 证书密钥对 Managed by authentik 由 authentik 管理 Managed by authentik (Discovered) 由 authentik 管理(已发现) Yes () Yes ( ) No No Update Certificate-Key Pair 更新证书密钥对 Certificate Fingerprint (SHA1) 证书指纹 (SHA1) Certificate Fingerprint (SHA256) 证书指纹 (SHA256) Certificate Subject 证书主题 Download Certificate 下载证书 Download Private key 下载私钥 Create Certificate-Key Pair 创建证书密钥对 Generate 生成 Generate Certificate-Key Pair 生成证书密钥对 Successfully updated instance. Successfully created instance. Disabled blueprints are never applied. Local path OCI Registry Internal OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. See more about OCI support here: Blueprint Configure the blueprint context, used for templating. Orphaned Blueprints Automate and template configuration within authentik. Last applied Blueprint(s) Update Blueprint Create Blueprint Instance API Requests API 请求 Open API Browser 打开 API 浏览器 Notifications 通知 unread 未读 Successfully cleared notifications 已成功清除通知 Clear all 全部清除 A newer version of the frontend is available. 有较新版本的前端可用。 You're currently impersonating . Click to stop. 你目前正在模拟 。单击停止。 User interface 用户界面 Dashboards 仪表板 Events 事件 Logs 日志 Customisation 定制 Directory 目录 System 系统 Certificates 证书 Outpost Integrations Outpost 集成 API request failed API 请求失败 User's avatar 用户的头像 Something went wrong! Please try again later. 发生错误,请稍后重试。 Request ID You may close this page now. You're about to be redirect to the following URL. 您将被重定向到以下 URL。 Follow redirect 跟随重定向 Request has been denied. 请求被拒绝。 Not you? 不是你? Need an account? 需要一个账户? Sign up. 注册。 Forgot username or password? 忘记用户名或密码? Select one of the sources below to login. 选择以下源之一进行登入。 Or Use a security key 使用安全密钥 Login to continue to . 登入以继续 Please enter your password 请输入你的密码 Forgot password? 忘记密码了吗? Application requires following permissions: 应用程序需要以下权限: Application already has access to the following permissions: Application requires following new permissions: Check your Inbox for a verification email. 检查您的收件箱是否有验证电子邮件。 Send Email again. 再次发送电子邮件。 Successfully copied TOTP Config. 成功复制 TOTP 配置。 Copy 复制 Code 代码 Please enter your TOTP Code 请输入您的 TOTP 代码 Duo activation QR code Alternatively, if your current device has Duo installed, click on this link: 或者,如果您当前的设备已安装 Duo,请单击此链接: Duo activation Duo 激活 Check status 检查状态 Make sure to keep these tokens in a safe place. 确保将这些令牌保存在安全的地方。 Phone number 电话号码 Please enter your Phone number. 请输入您的电话号码。 Please enter the code you received via SMS A code has been sent to you via SMS. 验证码已通过短信发送给您。 Open your two-factor authenticator app to view your authentication code. Static token 静态令牌 Authentication code Please enter your code Return to device picker 返回设备选择器 Sending Duo push notification Assertions is empty 断言为空 Error when creating credential: 创建凭证时出错: Error when validating assertion on server: 在服务器上验证断言时出错: Retry authentication 重试身份验证 Duo push-notifications 二重奏推送通知 Receive a push notification on your device. 在您的设备上接收推送通知。 Authenticator 身份验证器 Use a security key to prove your identity. 使用安全密钥证明您的身份。 Traditional authenticator 传统身份验证器 Use a code-based authenticator. 使用基于代码的身份验证器。 Recovery keys 恢复密钥 In case you can't access any other method. 万一你无法访问任何其他方法。 SMS 短信 Tokens sent via SMS. 通过短信发送的令牌。 Select an authentication method. 选择一种身份验证方法。 Stay signed in? Select Yes to reduce the number of times you're asked to sign in. Authenticating with Plex... 正在使用 Plex 进行身份验证... Waiting for authentication... If no Plex popup opens, click the button below. Open login Authenticating with Apple... 正在使用Apple进行身份验证... Retry 重试 Enter the code shown on your device. Please enter your Code 请输入您的验证码 You've successfully authenticated your device. Flow inspector 流程检查器 Next stage 下一阶段 Stage name 阶段名 Stage kind 阶段种类 Stage object 阶段对象 This flow is completed. 此流程已完成。 Plan history 计划历史记录 Current plan context 当前计划上下文 Session ID 会话 ID Powered by authentik 由 authentik 强力驱动 Background image 背景图片 Error creating credential: 创建凭证时出错: Server validation of credential failed: 服务器验证凭据失败: Register device 注册设备 Refer to documentation No Applications available. 没有可用的应用程序。 Either no applications are defined, or you don’t have access to any. My Applications 我的应用 My applications 我的应用 Change your password 更改你的密码 Change password 修改密码 Save 保存 Delete account 删除账户 Successfully updated details 已成功更新详情 Open settings 打开设置 No settings flow configured. 未配置设置流程 Update details 更新详情 Successfully disconnected source Failed to disconnected source: Disconnect 断开连接 Connect 连接 Error: unsupported source settings: 错误:不支持的源设置: Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. 将您的用户帐户连接到下面列出的服务,以允许您使用该服务而不是传统凭据登录。 No services available. 没有可用的服务。 Create App password 创建应用程序密码 User details 用户详细信息 Consent 同意 MFA Devices MFA 设备 Connected services 连接服务 Tokens and App passwords 令牌和应用程序密码 Unread notifications 未读通知 Admin interface 管理员界面 Stop impersonation 停止模拟 Avatar image Avatar image Failed Unsynced / N/A Outdated outposts 过时的 Outposts Unhealthy outposts 不健康的 Outposts Next 下一步 Inactive 不活跃 Regular user 普通用户 Activate 启用 Use Server URI for SNI verification Required for servers using TLS 1.3+ Client certificate keypair to authenticate against the LDAP Server's Certificate. The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. TLS Server name DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. TLS Client authentication certificate Model Match events created by selected model. When left empty, all models are matched. Code-based MFA Support When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. User type Successfully updated license. Successfully created license. Install ID License key Licenses License(s) Enterprise is in preview. Cumulative license expiry Update License Warning: The current user count has exceeded the configured licenses. Click here for more info. Enterprise Manage enterprise licenses No licenses found. Send us feedback! Get a license Go to Customer Portal Forecast internal users Estimated user count one year from now based on current internal users and forecasted internal users. Forecast external users Estimated user count one year from now based on current external users and forecasted external users. Install Install License Internal users might be users such as company employees, which will get access to the full Enterprise feature set. External users might be external consultants or B2C customers. These users don't get access to enterprise features. Service accounts should be used for machine-to-machine authentication or other automations. Less details More details Remove item Open API drawer Open Notification drawer Restart task Add provider Open Copy token Add users Add group Import devices Execute Show details Apply Settings Sign out The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. Token length The length of the individual generated tokens. Can be increased to improve security. Internal: External: Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. Create and bind Policy Federation and Social login Create and bind Stage Flows and Stages New version available Failure result Pass Don't pass Result used when policy execution fails. Required: User verification must occur. Preferred: User verification is preferred if available, but not required. Discouraged: User verification should not occur. Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too Discouraged: The authenticator should not create a dedicated credential Lock the user out of this system Allow the user to log in and use this system Temporarily assume the identity of this user Enter a new password for this user Create a link for this user to reset their password WebAuthn requires this page to be accessed via HTTPS. WebAuthn not supported by browser. Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). Default relay state When using IDP-initiated logins, the relay state will be set to this value. Flow Info Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). <<<<<<< HEAD Internal application name used in URLs. Submit UI Settings Transparent Reverse Proxy For transparent reverse proxies with required authentication Configure SAML provider manually Configure RADIUS provider manually Configure SCIM provider manually Saving Application... Authentik was unable to save this application: Your application has been saved In the Application: In the Provider: Method's display Name. Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). Custom attributes Don't show this message again. Failed to fetch Failed to fetch data. Successfully assigned permission. Role Assign Assign permission to role Assign to new role Directly assigned Assign permission to user Assign to new user User Object Permissions Role Object Permissions Roles Select roles to grant this groups' users' permissions from the selected roles. Update Permissions Editing is disabled for managed tokens Select permissions to grant Permissions to add Select permissions Assign permission Permission(s) Permission User doesn't have view permission so description cannot be retrieved. Assigned permissions Assigned global permissions Assigned object permissions Successfully updated role. Successfully created role. Manage roles which grant permissions to objects within authentik. Role(s) Update Role Create Role Role doesn't have view permission so description cannot be retrieved. Role Role Info Pseudolocale (for testing) Create With Wizard One hint, 'New Application Wizard', is currently hidden External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Deny message Message shown when this stage is run. Open Wizard Demo Wizard Run the demo wizard OAuth2/OIDC (Open Authorization/OpenID Connect) LDAP (Lightweight Directory Access Protocol) Forward Auth (Single Application) Forward Auth (Domain Level) SAML (Security Assertion Markup Language) RADIUS (Remote Authentication Dial-In User Service) SCIM (System for Cross-domain Identity Management) The token has been copied to your clipboard The token was displayed because authentik does not have permission to write to the clipboard A copy of this recovery link has been placed in your clipboard The current tenant must have a recovery flow configured to use a recovery link Create recovery link Create Recovery Link External Service account Service account (internal) Check the release notes User Statistics <No name set> For nginx's auth_request or traefik's forwardAuth For nginx's auth_request or traefik's forwardAuth per root domain RBAC is in preview. User type used for newly created users. Users created Failed logins Also known as Client ID. Also known as Client Secret. Global status Vendor No sync status. Sync currently running. Connectivity 0: Too guessable: risky password. (guesses &lt; 10^3) 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) Successfully created user and added to group