Skip to content

opalsecurity/opal-authentik-connector

BranchesTags

Repository files navigation

opal-authentik-connector

Setup

Setup the custom connector source code

Clone the custom connector repository

git clone https://github.com/opalsecurity/opal-authentik-connector.git

The following environment variables are required to run the Authentik custom connector. You can see them in .env.sample.

AUTHENTIK_TOKEN=<populate-in-next-step>
AUTHENTIK_HOST=<authentik-host>
AUTHENTIK_SCHEME=<http or https>

OPAL_SIGNING_SECRET=<populate-later>

You can deploy the Authentik custom connector to your own infrastructure, as long as it is accessible over the internet.

Setting up a service account in Authentik

Now we need to get an API token from Authentik. Note that we cannot use a user’s API token, we have to create a service account and create an API token for that.

Open up the admin panel for Authentik

Open Directory → Users

assets/authentik_service_account_0.png

Click “Create Service Account”

Screenshot 2024-10-10 at 11.20.42 AM.png

Set whatever username you’d like, disable “Create Group” and “Expiring” as we do not want the service account to expire. Then hit Create

Screenshot 2024-10-10 at 11.21.45 AM.png

Go to Directory → Users and open the service account

Screenshot 2024-10-10 at 5.39.02 PM.png

Select “Permissions” and assign the following permissions:

  • Add user to group
  • Can view Group
  • Can view User
  • Remove user from group

Screenshot 2024-10-10 at 5.40.09 PM.png

Go to Directory → Tokens and App Passwords

Screenshot 2024-10-10 at 11.22.41 AM.png

Click “Create”

Screenshot 2024-10-10 at 11.24.53 AM.png

Use any identifier you’d like, make sure “User” is set to the service account created above, “Intent” is “API Token” and “Expiring” is set to off

Screenshot 2024-10-10 at 11.26.28 AM.png

Now click the copy icon to copy your newly created token, and paste it into your .env file or other secret store

Screenshot 2024-10-10 at 11.28.22 AM.png

Setup Custom Connector in Opal

Go to Catalog → Add

Screenshot 2024-10-10 at 12.00.19 PM.png

Go to Custom → Custom App

Screenshot 2024-10-10 at 12.01.41 PM.png

Configure the app name, app admin and description. Upload the Authentik icon as the app icon, you can find the icon under assets/authentik.png.

Screenshot 2024-10-10 at 12.06.02 PM.png

Select “Use custom app connector”, set the identifier to whatever you’d like, and set “Base URL” to the host name (with protocol) where your custom connector is hosted, e.g https://examplehostname.com

Screenshot 2024-10-10 at 12.02.54 PM.png

Click Signing Secret → Generate, copy the signing secret and set it as the OPAL_SIGNING_SECRET in the environment where your custom connector is hosted.

Enable “Connector Groups” and make sure “Nested Resources” is disabled

Screenshot 2024-10-10 at 12.06.02 PM.png

Now click “Create”

Your custom connector should be ready now! Sync the app and your groups should show up.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages