-
-
Notifications
You must be signed in to change notification settings - Fork 933
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
website/integations/services: Slack integration docs #9933
Conversation
✅ Deploy Preview for authentik-storybook canceled.
|
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #9933 +/- ##
==========================================
- Coverage 92.63% 92.62% -0.02%
==========================================
Files 710 711 +1
Lines 34767 34915 +148
==========================================
+ Hits 32206 32339 +133
- Misses 2561 2576 +15
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
authentik PR Installation instructions Instructions for docker-composeAdd the following block to your AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-bc6e7942ea51d18495c4e881884bda01a0539eae
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s For arm64, use these values: AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-bc6e7942ea51d18495c4e881884bda01a0539eae-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s Afterwards, run the upgrade commands from the latest release notes. Instructions for KubernetesAdd the following block to your authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-ghcr.io/goauthentik/dev-server:gh-bc6e7942ea51d18495c4e881884bda01a0539eae For arm64, use these values: authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-ghcr.io/goauthentik/dev-server:gh-bc6e7942ea51d18495c4e881884bda01a0539eae-arm64 Afterwards, run the upgrade commands from the latest release notes. |
> | ||
> -- https://slack.com | ||
|
||
## Preparation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know the "the following placeholders will be used" is a formality and is in all pages but there is no real reson to add it here if the placeholders are never used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, @4d62 so are they truly never used when integrated Slack? Then I agree, absolutely, let's remove that whole section.
Is there a simple formula for knowing which integrations will require those placeholders?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
they truly never used when integrated Slack?
The way you wrote the documentation, authentik.company is never used. For slack.company, it's possible to use a custom domain or a .slack.com domain if i remember correctly. You could probably do something like "slack.company or my-workspace.slack.com is the FQDN of your Slack instance".
Is there a simple formula for knowing which integrations will require those placeholders?
A good rule of thumb is to add the install placeholder if the application needs to be self-hosted by the users and the authentik placeholder everywhere (e.g., my GitLab instance's URL is different from Jens'). For applications that are not self-hosted by the user (e.g., Amazon AWS, where everyone uses the same https://signin.aws.amazon.com/saml URL), only the authentik.company line should be added.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great, thanks so much for this info. I'll create an internal task for me to go through the integrations and edit as needed... I should also add this info to our template... might be a while before I get to it but good to have a better understanding. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I cannot review the slack part as I don't have permissions to see what we currently have set.
|
||
### Step 1. Create custom property mappings | ||
|
||
Your Slack integration requires property mappings for `User.Email` and `User.Username` so that authetnik can retrieve and map these values from Slack. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have one additional one for our slack workspace. The SAML attribute name is first_name
and the expression is:
parts = request.user.name.split(" ")
if len(parts) < 1:
return request.user.name
return parts[0]
Not sure if it's required though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@BeryJu can you please confirm (or deny lol) if this property mapping is required? Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not required (see https://slack.com/help/articles/205168057-Custom-SAML-single-sign-on, and we should probably link that page in this doc too)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
forgot to click submit sorry for delay
> | ||
> -- https://slack.com | ||
|
||
## Preparation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
they truly never used when integrated Slack?
The way you wrote the documentation, authentik.company is never used. For slack.company, it's possible to use a custom domain or a .slack.com domain if i remember correctly. You could probably do something like "slack.company or my-workspace.slack.com is the FQDN of your Slack instance".
Is there a simple formula for knowing which integrations will require those placeholders?
A good rule of thumb is to add the install placeholder if the application needs to be self-hosted by the users and the authentik placeholder everywhere (e.g., my GitLab instance's URL is different from Jens'). For applications that are not self-hosted by the user (e.g., Amazon AWS, where everyone uses the same https://signin.aws.amazon.com/saml URL), only the authentik.company line should be added.
also added a few comments on the style guide |
5. Click **Create**. | ||
|
||
:::info | ||
After you have created the provider and application, and the application is connected to the provider (Step 3 above) the **Overview** tab on the provider's detail page in the Admin UI will display additional information that you will need to configure Slack, using the following steps. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure "above" is needed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True... but it is intended to ease the cognitive load of reading a bit... :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In that case this pr seems fine by me!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀
1. Log in to the Slack Admin Dashboard. | ||
2. Navigate to the **Configure SAML Authentication** page. | ||
3. Enter the following values: | ||
- **SAML 2.0 Endpoint (HTTP)**: copy/paste in the **SSO URL (Redirect)** URL from the provider that you created in authentik. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is where I'd usually use the placeholder authentik.company
to give an example URL, but I suppose we don't have to do that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ohhhh, let's do include an example, please @BeryJu. So would this work (but with proper formatting for the italics):
https://_authentik.company_/applications/saml/slack/sso/binding/redirect/
If we use it in an example here, I think I should add it back to the top of this page, under Preparation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No complaints.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still looks fine.
* main: (1457 commits) root: use custom model serializer that saves m2m without bulk (#10139) core: bump urllib3 from 2.2.1 to 2.2.2 (#10143) ci: bump docker/build-push-action from 5 to 6 (#10144) web: bump the storybook group in /web with 7 updates (#10147) web: bump ws from 8.16.0 to 8.17.1 in /web (#10149) web: fix needed because recent upgrade to task breaks spinner button (#10142) core: include version in built JS files (#9558) website/integations/services: Slack integration docs (#9933) web: fix early modal stack depletion (#10068) website: bump react-tooltip from 5.26.4 to 5.27.0 in /website (#10129) web: bump @patternfly/elements from 3.0.1 to 3.0.2 in /web (#10132) core: bump github.com/gorilla/sessions from 1.2.2 to 1.3.0 (#10135) web: bump chromedriver from 126.0.0 to 126.0.1 in /tests/wdio (#10136) core: bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#10133) core, web: update translations (#10127) core: bump ruff from 0.4.8 to 0.4.9 (#10128) core: bump goauthentik.io/api/v3 from 3.2024042.11 to 3.2024042.13 (#10134) core, web: update translations (#10118) translate: Updates for file web/xliff/en.xlf in zh-Hans (#10121) translate: Updates for file web/xliff/en.xlf in zh_CN (#10120) ...
* main: (29 commits) web: fix docker build for non-release versions (#10154) root: makefile: add codespell to make-website (#10116) root: use custom model serializer that saves m2m without bulk (#10139) core: bump urllib3 from 2.2.1 to 2.2.2 (#10143) ci: bump docker/build-push-action from 5 to 6 (#10144) web: bump the storybook group in /web with 7 updates (#10147) web: bump ws from 8.16.0 to 8.17.1 in /web (#10149) web: fix needed because recent upgrade to task breaks spinner button (#10142) core: include version in built JS files (#9558) website/integations/services: Slack integration docs (#9933) web: fix early modal stack depletion (#10068) website: bump react-tooltip from 5.26.4 to 5.27.0 in /website (#10129) web: bump @patternfly/elements from 3.0.1 to 3.0.2 in /web (#10132) core: bump github.com/gorilla/sessions from 1.2.2 to 1.3.0 (#10135) web: bump chromedriver from 126.0.0 to 126.0.1 in /tests/wdio (#10136) core: bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#10133) core, web: update translations (#10127) core: bump ruff from 0.4.8 to 0.4.9 (#10128) core: bump goauthentik.io/api/v3 from 3.2024042.11 to 3.2024042.13 (#10134) core, web: update translations (#10118) ...
* web/automated-testing: (280 commits) Merge missed something. web: fix docker build for non-release versions (#10154) root: makefile: add codespell to make-website (#10116) root: use custom model serializer that saves m2m without bulk (#10139) core: bump urllib3 from 2.2.1 to 2.2.2 (#10143) ci: bump docker/build-push-action from 5 to 6 (#10144) web: bump the storybook group in /web with 7 updates (#10147) web: bump ws from 8.16.0 to 8.17.1 in /web (#10149) web: fix needed because recent upgrade to task breaks spinner button (#10142) core: include version in built JS files (#9558) website/integations/services: Slack integration docs (#9933) Somehow missed these in the merge. web: fix early modal stack depletion (#10068) website: bump react-tooltip from 5.26.4 to 5.27.0 in /website (#10129) web: bump @patternfly/elements from 3.0.1 to 3.0.2 in /web (#10132) core: bump github.com/gorilla/sessions from 1.2.2 to 1.3.0 (#10135) web: bump chromedriver from 126.0.0 to 126.0.1 in /tests/wdio (#10136) core: bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#10133) core, web: update translations (#10127) core: bump ruff from 0.4.8 to 0.4.9 (#10128) ...
* main: (27 commits) root: use custom model serializer that saves m2m without bulk (#10139) core: bump urllib3 from 2.2.1 to 2.2.2 (#10143) ci: bump docker/build-push-action from 5 to 6 (#10144) web: bump the storybook group in /web with 7 updates (#10147) web: bump ws from 8.16.0 to 8.17.1 in /web (#10149) web: fix needed because recent upgrade to task breaks spinner button (#10142) core: include version in built JS files (#9558) website/integations/services: Slack integration docs (#9933) web: fix early modal stack depletion (#10068) website: bump react-tooltip from 5.26.4 to 5.27.0 in /website (#10129) web: bump @patternfly/elements from 3.0.1 to 3.0.2 in /web (#10132) core: bump github.com/gorilla/sessions from 1.2.2 to 1.3.0 (#10135) web: bump chromedriver from 126.0.0 to 126.0.1 in /tests/wdio (#10136) core: bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#10133) core, web: update translations (#10127) core: bump ruff from 0.4.8 to 0.4.9 (#10128) core: bump goauthentik.io/api/v3 from 3.2024042.11 to 3.2024042.13 (#10134) core, web: update translations (#10118) translate: Updates for file web/xliff/en.xlf in zh-Hans (#10121) translate: Updates for file web/xliff/en.xlf in zh_CN (#10120) ...
First draft, needs a thorough tech review by @BeryJu and anyone else who has Slack admin knowledge/access. The last section on setting up Slack feels a bit hand-wavy... and I am not sure that I caught of all the steps around setting up/implementing the property mappings.
make website
)