4d7dab92bc
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
55 lines
2.4 KiB
Markdown
55 lines
2.4 KiB
Markdown
---
|
|
title: Release 2021.6
|
|
slug: "2021.6"
|
|
---
|
|
|
|
## Headline Changes
|
|
|
|
- Duo two-factor support
|
|
|
|
You can now add the new `authenticator_duo` stage to configure Duo authenticators. Duo has also been added as device class to the `authenticator_validation` stage.
|
|
|
|
Currently, only Duo push notifications are supported. Because no additional input is required, Duo also works with the LDAP Outpost.
|
|
|
|
- Multi-tenancy
|
|
|
|
This version adds soft multi-tenancy. This means you can configure different branding settings and different default flows per domain.
|
|
|
|
This also changes how a default flow is determined. Previously, for defaults flow, authentik would pick the first flow that
|
|
|
|
- matches the required designation
|
|
- comes first sorted by slug
|
|
- is allowed by policies
|
|
|
|
Now, authentik first checks if the current tenant has a default flow configured for the selected designation. If not, it behaves the same as before, meaning that if you want to select a default flow based on policy, you can just leave the tenant default empty.
|
|
|
|
- Domain-level authorization with proxy providers
|
|
|
|
Instead of simply being able to toggle between forward auth and proxy mode, you can now enable forward auth for an entire domain. This has the downside that you can't do per-application authorization, but also simplifies configuration as you don't have to create each application in authentik.
|
|
|
|
- API Schema now uses OpenAPI v3
|
|
|
|
The API endpoints are mostly the same, however all the clients are now built from an OpenAPI v3 schema. You can retrieve the schema from `authentik.company.tld/api/v2beta/schema/`
|
|
|
|
- On Kubernetes installs without a /media PVC, you can now set URLs instead of uploading files.
|
|
- Expanded prometheus metrics for PolicyEngine and FlowPlanner
|
|
|
|
## Minor changes
|
|
|
|
- You can now specify which sources should be shown on an Identification stage.
|
|
- Add UI for the reputation of IPs and usernames for reputation policies.
|
|
- Fix proxy outpost not being able to redeem tokens when using with an un-trusted SSL Certificate
|
|
- Add UI to check access of any application for any user
|
|
|
|
## Upgrading
|
|
|
|
This release does not introduce any new requirements.
|
|
|
|
### docker-compose
|
|
|
|
Download the docker-compose file for 2021.6 from [here](https://raw.githubusercontent.com/goauthentik/authentik/version-2021.6/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
|
|
|
### Kubernetes
|
|
|
|
Upgrade to the latest chart version to get the new images.
|