-
-
Notifications
You must be signed in to change notification settings - Fork 559
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
website/docs: add docs about entra provider #9687
Conversation
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for authentik-storybook ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #9687 +/- ##
==========================================
- Coverage 92.39% 92.38% -0.01%
==========================================
Files 704 704
Lines 34401 34401
==========================================
- Hits 31785 31783 -2
- Misses 2616 2618 +2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lots of nitpicks, notes, a few typos, the usual. Can't tell if I'm more crabby than usual, or if you're just exhausted.
|
||
There are two types of sync: a direct sync and a full sync. | ||
|
||
The full sync happens when the provider is initially created and when it is saved. The full sync goes through all users and groups matching the **User filtering** options set and will create/update them in Entra ID. In addition to that, the full sync is also run on a schedule every 4 hours. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion for the last sentence: "After the initial sync, authentik will run a full sync every four hours to ensure the consistency [integrity?] of users and groups." (Also: Can this schedule be changed? Where are the dials and knobs for changing it? Can it be disabled? Would it be costly to do this sync across a cloud barrier, since cloud providers charge you for egress?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All great questions, and as I learn the answers, they will be added to the docs!
|
||
When a property mapping has an invalid expression, it will cause the sync to stop to prevent errors from being spammed. | ||
|
||
To handle any kind of network interruptions, authentik will detect transient request failures and retry any sync tasks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion: "interruption" (singular).
"In the event of a network interruption, authentik will record request failures and reschedule any sync tasks." (What's the schedule? Can be it changed? Does it have a back-off? What kind? Linear? Exponential? Fibonnaci?)
authentik PR Installation instructions Instructions for docker-composeAdd the following block to your AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-b0fcabae1ae285aa6ec813d9d743546491b55980
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s For arm64, use these values: AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-b0fcabae1ae285aa6ec813d9d743546491b55980-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s Afterwards, run the upgrade commands from the latest release notes. Instructions for KubernetesAdd the following block to your authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-ghcr.io/goauthentik/dev-server:gh-b0fcabae1ae285aa6ec813d9d743546491b55980 For arm64, use these values: authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-ghcr.io/goauthentik/dev-server:gh-b0fcabae1ae285aa6ec813d9d743546491b55980-arm64 Afterwards, run the upgrade commands from the latest release notes. |
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* web: fix esbuild issue with style sheets Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious pain. This fix better identifies the value types (instances) being passed from various sources in the repo to the three *different* kinds of style processors we're using (the native one, the polyfill one, and whatever the heck Storybook does internally). Falling back to using older CSS instantiating techniques one era at a time seems to do the trick. It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content (FLoUC), it's the logic with which we're left. In standard mode, the following warning appears on the console when running a Flow: ``` Autofocus processing was blocked because a document already has a focused element. ``` In compatibility mode, the following **error** appears on the console when running a Flow: ``` crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'. at initDomMutationObservers (crawler-inject.js:1106:18) at crawler-inject.js:1114:24 at Array.forEach (<anonymous>) at initDomMutationObservers (crawler-inject.js:1114:10) at crawler-inject.js:1549:1 initDomMutationObservers @ crawler-inject.js:1106 (anonymous) @ crawler-inject.js:1114 initDomMutationObservers @ crawler-inject.js:1114 (anonymous) @ crawler-inject.js:1549 ``` Despite this error, nothing seems to be broken and flows work as anticipated. * web: fix value handling inside controlled components This is one of those stupid bugs that drive web developers crazy. The basics are straightforward: when you cause a higher-level component to have a "big enough re-render," for some unknown definition of "big enough," it will re-render the sub-components. In traditional web interaction, those components should never be re-rendered while the user is interacting with the form, but in frameworks where there's dynamic re-arrangement, part or all of the form could get re-rendered at any mmoment. Since neither the form nor any of its intermediaries is tracking the values as they're changed, it's up to the components themselves to keep the user's input-- and to be hardened against property changes coming from the outside world. So static memoization of the initial value passed in, and aggressively walling off the values the customer generates from that field, are needed to protect the user's work from any framework's dynamic DOM management. I remember struggling with this in React; I had hoped Lit was better, but in this case, not better enough. The protocol for "is it an ak-data-control" is "it has a `json()` method that returns the data ready to be sent to the authentik server." I missed that in one place, so that's on me. * Eslint had opinions. * Added comments to explain something.
Bumps [freezegun](https://github.com/spulec/freezegun) from 1.5.0 to 1.5.1. - [Release notes](https://github.com/spulec/freezegun/releases) - [Changelog](https://github.com/spulec/freezegun/blob/master/CHANGELOG) - [Commits](spulec/freezegun@1.5.0...1.5.1) --- updated-dependencies: - dependency-name: freezegun dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [glob](https://github.com/isaacs/node-glob) from 10.3.14 to 10.3.15. - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v10.3.14...v10.3.15) --- updated-dependencies: - dependency-name: glob dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the esbuild group in /web with 2 updates: [@esbuild/darwin-arm64](https://github.com/evanw/esbuild) and [@esbuild/linux-arm64](https://github.com/evanw/esbuild). Updates `@esbuild/darwin-arm64` from 0.21.1 to 0.21.2 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.21.1...v0.21.2) Updates `@esbuild/linux-arm64` from 0.21.1 to 0.21.2 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.21.1...v0.21.2) --- updated-dependencies: - dependency-name: "@esbuild/darwin-arm64" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: esbuild - dependency-name: "@esbuild/linux-arm64" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: esbuild ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.128.0 to 2.129.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.128.0...v2.129.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [psycopg](https://github.com/psycopg/psycopg) from 3.1.18 to 3.1.19. - [Changelog](https://github.com/psycopg/psycopg/blob/master/docs/news.rst) - [Commits](psycopg/psycopg@3.1.18...3.1.19) --- updated-dependencies: - dependency-name: psycopg dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) from 18.3.1 to 18.3.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) --- updated-dependencies: - dependency-name: "@types/react" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [chromedriver](https://github.com/giggio/node-chromedriver) from 124.0.2 to 124.0.3. - [Commits](giggio/node-chromedriver@124.0.2...124.0.3) --- updated-dependencies: - dependency-name: chromedriver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
#9706) Translate django.po in zh-Hans 100% translated source file: 'django.po' on 'zh-Hans'. Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Translate web/xliff/en.xlf in zh-Hans 100% translated source file: 'web/xliff/en.xlf' on 'zh-Hans'. Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
* Translate web/xliff/en.xlf in zh_CN 100% translated source file: 'web/xliff/en.xlf' on 'zh_CN'. * Translate web/xliff/en.xlf in zh_CN 100% translated source file: 'web/xliff/en.xlf' on 'zh_CN'. --------- Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
…9702) Translate locale/en/LC_MESSAGES/django.po in zh_CN 100% translated source file: 'locale/en/LC_MESSAGES/django.po' on 'zh_CN'. Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Draft of docs about how to set up Entra ID and then add it is an provider in authentik. Needs a careful technical review.
make website
)