Release 2024.6

Highlights

• PostgreSQL read replicas: Optimize database query routing by using read replicas to balance the load
• New Enterprise providers: Enterprise Preview Google Workspace and Microsoft Entra ID providers allow for user synchronization with authentik
• Improved CAPTCHA stage: Allows configurable dynamic use of CAPTCHAs

Breaking changes

PostgreSQL minimum supported version upgrade

With this release, authentik now requires PostgreSQL version 14 or later. We recommend upgrading to the latest version if you are running an older version.

The provided Helm chart defaults to PostgreSQL 15. If you are using the Helm chart with the default values, no action is required.

The provided Compose file was updated with PostgreSQL 16. You can follow the procedure here to upgrade.

Group names unicity

With this release, authentik now enforces unique group names. Existing groups with name collisions that were created in earlier versions can still exist, but any new groups you create will need a unique name. If changing attributes, permission-level, or parent on an existing group with a name collision, you need to also change its name to be unique. Note that changing members or roles associated with the group does not require a rename.

GeoIP and ASN context object

The context["geoip"] and context["asn"] objects available in expression policies are now dictionaries. Attributes must now be accessed via dictionary accessors. See our policy examples for the updated syntax.

New features

• Google Workspace Provider Enterprise Preview

  With the Google Workspace provider, authentik serves as the single source of truth for all users and groups, when using Google products like Gmail.

  For details refer to the Google Workspace Provider documentation

• Microsoft Entra ID Provider Enterprise Preview

  With the Microsoft Entra ID provider, authentik serves as the single source of truth for all users and groups. Configuring Entra ID as a provider allows for auto-discovery of user and group accounts, on-going synchronization of user data such as email address, name, and status, and integrated data mapping of field names and values.

  For details refer to the Microsoft Entra ID documentation

• Read-replica DB support

  Multiple read-only databases can be configured to route read-only requests to the non-primary database instance so that the main database can be reserved to write requests.

  For details refer to the PostgreSQL configuration

• Improved CAPTCHA stage

  Thresholds can now be configured on the CAPTCHA stage to customize its result. Additionally, the stage can be configured to continue the flow if the CAPTCHA score is outside of those thresholds for further decision making via expression policies.

  For details refer to the CAPTCHA stage

• Optimize sync and property mapping execution

  The synchronization process from sources has been optimized to avoid unnecessary operations. Additionally, the Python compilation of property mappings is now cached so that it only happens once per sync.

• Wizards now use a grid layout

  The provider and source creation wizards now use a grid layout showing logos and descriptions of available protocols and services.

Fixes

• Reworked proxy provider redirect

  Following-up on a highly requested issue, we've reworked our Proxy provider to avoid invalid user-facing redirects.

Upgrading

With this release, authentik now requires PostgreSQL version 14 or later. We recommend upgrading to the latest version if needed. Follow the instructions here if you need to upgrade PostgreSQL with docker-compose.

Docker Compose

To upgrade, download the new docker-compose.yml file and update the Docker stack with the new version, using these commands:

wget -O docker-compose.yml https://goauthentik.io/version/2024.6/docker-compose.yml
docker compose up -d

The -O flag retains the downloaded file's name, overwriting any existing local file with the same name.

Kubernetes

Upgrade the Helm Chart to the new version, using the following commands:

helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.6

Minor changes/fixes

• admin: system api: do not show FIPS status if no valid license (#10091)
• admin: system api: fix FIPS status schema (#10110)
• core: FIPS (#9683)
• core: add include_users flag to single group retrieval (#9721)
• core: add option to select group for property mapping testing (#9834)
• core: fix auth_method and auth_method_args being overwritten by password stage (#9782)
• core: fix condition in task clean_expiring_models (#9603)
• core: fix error when raising SkipObject in mapping (cherry-pick #10153)
• core: fix logic for token expiration (#9426)
• core: fix source flow_manager not always appending save stage (#9659)
• core: fix source_flow_manager saving user-source connection too early (#9559)
• core: fix task clean_expiring_models removing valid sessions with using database storage (#9598)
• core: groups api: always prefetch users (#9974)
• core: groups: optimize recursive children query (#9931)
• core: include version in built JS files (cherry-pick #9558) (#10148)
• core: only prefetch related objects when required (#9476)
• core: rework base for SkipObject exception to better support control flow exceptions (cherry-pick #10186) (#10187)
• crypto: update fingerprint at same time as certificate (#10036)
• enterprise/audit: fix audit logging with m2m relations (#9571)
• enterprise/providers/google: initial account sync to google workspace (#9384)
• enterprise/providers/google_workspace: ensure no group is created when no property mappings are set (#9783)
• enterprise/providers/microsoft_entra: fix error when updating connection attributes (#10039)
• enterprise/providers/microsoft_entra: initial account sync to microsoft entra (#9632)
• enterprise/providers: import user/group data when manually linking objects (#10089)
• enterprise/stages/source: fix error when creating source stage from blueprint (#9810)
• events: ensure all models' str can be called without any further lookups (#9480)
• events: fix geoip enrich context not converting to json-seriazable data (#9885)
• flows: fix execute API endpoint (#9478)
• lib/providers/sync: improve outgoing sync (#9835)
• lib/providers/sync: multiple minor fixes (#9667)
• lib/sync/outgoing, sources/ldap: fix sync status endpoint (#9855)
• lib/sync: fix json error (#9827)
• lifecycle/migrate: only acquire lock once (#9856)
• lifecycle: always try custom redis URL (#9441)
• lifecycle: close database connection after migrating (#9516)
• lifecycle: fix ak test-all command
• policies/reputation: fix existing reputation update (cherry-pick #10124) (#10125)
• policies/reputation: save to database directly (#10059)
• policies: fix ak_call_policy failing when used in testing (#9853)
• providers/oauth2: don't handle api scope as special scope (#9910)
• providers/proxy: rework redirect mechanism (#8594)
• providers/rac: bump guacd to 1.5.5 (#9514)
• providers/saml: fix ecdsa support (#9537)
• providers/scim, sources/ldap: switch to using postgres advisory locks instead of redis locks (#9511)
• providers/scim: fix SCIM ID incorrectly used as primary key (#9557)
• providers/scim: fix time_limit not set correctly (#9546)
• providers/scim: optimize PropertyMapping fetching and execution (#9689)
• providers/sync: improve v3 (#9966)
• providers/sync: update attributes on update (#10012)
• rbac: filters: fix missing attribute for unauthenticated requests (#10061)
• rbac: fix some rough edges and inconsistencies (#9771)
• root: add configuration option to enable fips (#10088)
• root: add primary-replica db router (#9479)
• root: bump blueprint schema version
• root: docker-compose: remove version top level element (#9631)
• root: handle asgi exception (#10085)
• root: include task_id in events and logs (#9749)
• root: use custom model serializer that saves m2m without bulk (cherry-pick #10139) (#10151)
• security: fix CVE-2024-37905, reported by @m2a2 (cherry-pick #10230) (#10237)
• security: fix CVE-2024-38371, reported by Stefan Zwanenburg (cherry-pick #10229) (#10234)
• sources/oauth: ensure all UI sources return a valid source (#9401)
• sources/oauth: fix OAuth Client sending token request incorrectly (#9474)
• sources/oauth: modernizes discord icon (#9817)
• sources/saml: fix FlowPlanner error due to pickle (#9708)
• sources/scim: fix duplicate groups and invalid schema (#9466)
• sources/scim: fix service account user path (#9463)
• stages/authenticator_validate: fix priority of auth_method being set to auth_webauthn_pwl (#9909)
• stages/authenticator_webauthn: migrate device type import to systemtask and schedule (#9958)
• stages/authenticator_webauthn: optimize device types creation (#9932)
• stages/captcha: rework (#9959)
• stages/email: fix sanitization of email addresses (#9999)
• stages/identification: don't check source component (#9410)
• stages/user_login: fix non-json-serializable being used (#9886)
• tenants: fix scheduled tasks not running on default tenant (#9583)
• web/admin: add link to enterprise docs on license page (#9811)
• web/admin: fix disabled button color with dark theme (#9465)
• web/admin: fix document title for admin interface (#9362)
• web/admin: fix entra provider mapping form (#9767)
• web/admin: fix scim provider user list (#10028)
• web/admin: only show non-backchannel providers in application provider select (#9658)
• web/admin: rework initial wizard pages and add grid layout (#9668)
• web/admin: show user internal service account as disabled (#9464)
• web/admin: use chips to display permissions/scopes (#9912)
• web/common: fix locale detection for user-set locale (#9436)
• web/flows: fix error when enrolling multiple WebAuthn devices consecutively (#9545)
• web/flows: fix error when using consecutive webauthn validator stages (#9629)
• web/flows: fix missing fallback for flow logo (#9487)
• web: Add enterprise / FIPS notification to the AdminOverviewPage (#10090)
• web: Add missing integrity hashes to package-lock.json (#9527)
• web: Add resolved and integrity fields back to package-lock.json (#9419)
• web: clean up some repetitive types (#9241)
• web: clean up the options rendering in PromptForm (#9564)
• web: fix docker build for non-release versions (cherry-pick #10154) (#10155)
• web: fix needed because recent upgrade to task breaks spinner button (cherry-pick #10142) (#10150)
• web: fix value handling inside controlled components (#9648)
• web: markdown: display markdown even when frontmatter is missing (#9404)

Fixed in 2024.6.1

• core: fix migrations missing using db_alias (cherry-pick #10409) (#10410)
• core: fix source flow_manager not resuming flow when linking (cherry-pick #10436) (#10438)
• core: remove transitionary old JS urls (cherry-pick #10317) (#10321)
• core: revert backchannel only filtering (cherry-pick #10455) (#10457)
• providers/saml: fix metadata import error handling (cherry-pick #10349) (#10350)
• providers/scim: Fix exception handling for missing ServiceProviderConfig (cherry-pick #10322) (#10335)
• sources/oauth: fix link not being saved (cherry-pick #10374) (#10376)
• sources/saml: fix pickle error, add saml auth tests (cherry-pick #10348) (#10352)
• stages/authenticator_validate: fix friendly_name being required (cherry-pick #10382) (#10385)
• stages/user_login: fix ?next parameter not carried through broken session binding (cherry-pick #10301) (#10302)
• web: set noopener and noreferrer on all external links (#10304)
• web/admin: fix access token list calling wrong API (cherry-pick #10434) (#10435)
• web/flows: remove background image link (cherry-pick #10318) (#10320)
• web/flows: Simplified flow executor (#10296)

Fixed in 2024.6.2

• core: improve error handling on ASGI level (cherry-pick #10547) (#10552)
• core: remove html language tag for pages that are translated (cherry-pick #10611) (#10613)
• events: associate login_failed events to a user if possible (cherry-pick #10270) (#10676)
• events: fix race condition (cherry-pick #10602) (#10609)
• lib/sync: handle SkipObject in direct triggered tasks (cherry-pick #10590) (#10591)
• lifecycle: only create tenant media root if needed (cherry-pick #10616) (#10617)
• outposts: ensure minimum refresh interval (cherry-pick #10701) (#10702)
• outposts: make refresh interval configurable (cherry-pick #10138) (#10700)
• stages/prompt: fix prompt not editable with invalid expression (cherry-pick #10603) (#10604)
• web: fix dark theme and theme switch (#10667)
• web/admin: fix missing SAML Provider ECDSA options (cherry-pick #10612) (#10618)
• web/admin: show matching user reputation scores in user details (cherry-pick #10276) (#10699)
• web/flows: remove continue button from AutoSubmit stage (cherry-pick #10253) (#10677)

Fixed in 2024.6.3

• enterprise/rac: fix error when listing connection tokens as non-superuser (cherry-pick #10771) (#10773)
• root: remove warnings (#10774)
• sources/scim: fix duplicate service account users and changing token (cherry-pick #10735) (#10737)
• web: fix theme not applying to document correctly (cherry-pick #10721) (#10722)
• web: replace all occurrences of the theme placeholder (cherry-pick #10749) (#10750)

Fixed in 2024.6.4

• security: fix CVE-2024-42490, reported by @m2a2 (cherry-pick #11022) #11025

API Changes

What's New

---

GET /propertymappings/provider/google_workspace/

POST /propertymappings/provider/google_workspace/

GET /propertymappings/provider/google_workspace/{#123;pm_uuid}#125;/

PUT /propertymappings/provider/google_workspace/{#123;pm_uuid}#125;/

DELETE /propertymappings/provider/google_workspace/{#123;pm_uuid}#125;/

PATCH /propertymappings/provider/google_workspace/{#123;pm_uuid}#125;/

GET /propertymappings/provider/google_workspace/{#123;pm_uuid}#125;/used_by/

GET /propertymappings/provider/microsoft_entra/

POST /propertymappings/provider/microsoft_entra/

GET /propertymappings/provider/microsoft_entra/{#123;pm_uuid}#125;/

PUT /propertymappings/provider/microsoft_entra/{#123;pm_uuid}#125;/

DELETE /propertymappings/provider/microsoft_entra/{#123;pm_uuid}#125;/

PATCH /propertymappings/provider/microsoft_entra/{#123;pm_uuid}#125;/

GET /propertymappings/provider/microsoft_entra/{#123;pm_uuid}#125;/used_by/

GET /providers/google_workspace/

POST /providers/google_workspace/

GET /providers/google_workspace/{#123;id}#125;/

PUT /providers/google_workspace/{#123;id}#125;/

DELETE /providers/google_workspace/{#123;id}#125;/

PATCH /providers/google_workspace/{#123;id}#125;/

GET /providers/google_workspace/{#123;id}#125;/sync/status/

GET /providers/google_workspace/{#123;id}#125;/used_by/

GET /providers/google_workspace_groups/

POST /providers/google_workspace_groups/

GET /providers/google_workspace_groups/{#123;id}#125;/

DELETE /providers/google_workspace_groups/{#123;id}#125;/

GET /providers/google_workspace_groups/{#123;id}#125;/used_by/

GET /providers/google_workspace_users/

POST /providers/google_workspace_users/

GET /providers/google_workspace_users/{#123;id}#125;/

DELETE /providers/google_workspace_users/{#123;id}#125;/

GET /providers/google_workspace_users/{#123;id}#125;/used_by/

GET /providers/microsoft_entra/

POST /providers/microsoft_entra/

GET /providers/microsoft_entra/{#123;id}#125;/

PUT /providers/microsoft_entra/{#123;id}#125;/

DELETE /providers/microsoft_entra/{#123;id}#125;/

PATCH /providers/microsoft_entra/{#123;id}#125;/

GET /providers/microsoft_entra/{#123;id}#125;/sync/status/

GET /providers/microsoft_entra/{#123;id}#125;/used_by/

GET /providers/microsoft_entra_groups/

POST /providers/microsoft_entra_groups/

GET /providers/microsoft_entra_groups/{#123;id}#125;/

DELETE /providers/microsoft_entra_groups/{#123;id}#125;/

GET /providers/microsoft_entra_groups/{#123;id}#125;/used_by/

GET /providers/microsoft_entra_users/

POST /providers/microsoft_entra_users/

GET /providers/microsoft_entra_users/{#123;id}#125;/

DELETE /providers/microsoft_entra_users/{#123;id}#125;/

GET /providers/microsoft_entra_users/{#123;id}#125;/used_by/

GET /providers/scim/{#123;id}#125;/sync/status/

GET /providers/scim_groups/

POST /providers/scim_groups/

GET /providers/scim_groups/{#123;id}#125;/

DELETE /providers/scim_groups/{#123;id}#125;/

GET /providers/scim_groups/{#123;id}#125;/used_by/

GET /providers/scim_users/

POST /providers/scim_users/

GET /providers/scim_users/{#123;id}#125;/

DELETE /providers/scim_users/{#123;id}#125;/

GET /providers/scim_users/{#123;id}#125;/used_by/

GET /sources/ldap/{#123;slug}#125;/sync/status/

What's Deleted

---

GET /providers/scim/{#123;id}#125;/sync_status/

GET /sources/ldap/{#123;slug}#125;/sync_status/

What's Changed

---

GET /admin/system/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property runtime (object)

    Get versions

    New required properties:

    • authentik_version
    • openssl_fips_mode
    • openssl_version

    New optional properties:

    • gunicorn_version

    • Added property openssl_version (string)

    • Added property openssl_fips_mode (boolean)

    • Added property authentik_version (string)

    • Deleted property gunicorn_version (string)

POST /admin/system/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property runtime (object)

    Get versions

    New required properties:

    • authentik_version
    • openssl_fips_mode
    • openssl_version

    New optional properties:

    • gunicorn_version

    • Added property openssl_version (string)

    • Added property openssl_fips_mode (boolean)

    • Added property authentik_version (string)

    • Deleted property gunicorn_version (string)

GET /events/events/actions/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Changed items (object): > Types of an object that can be created

  • Added property icon_url (string)

GET /outposts/instances/{#123;uuid}#125;/health/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Changed items (object): > Outpost health status

  New required properties:

  • fips_enabled

  • golang_version

  • openssl_enabled

  • openssl_version

  • Added property golang_version (string)

  • Added property openssl_enabled (boolean)

  • Added property openssl_version (string)

  • Added property fips_enabled (boolean)

    Get FIPS enabled

GET /outposts/service_connections/all/types/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Changed items (object): > Types of an object that can be created

  • Added property icon_url (string)

GET /policies/all/types/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Changed items (object): > Types of an object that can be created

  • Added property icon_url (string)

GET /policies/event_matcher/{#123;policy_uuid}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property app (string)

    Match events created by selected application. When left empty, all applications are matched.

    Added enum values:

    • authentik.enterprise.providers.google_workspace
    • authentik.enterprise.providers.microsoft_entra

  • Changed property model (string)

    Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

    Added enum values:

    • authentik_providers_google_workspace.googleworkspaceprovider
    • authentik_providers_google_workspace.googleworkspaceprovidermapping
    • authentik_providers_microsoft_entra.microsoftentraprovider
    • authentik_providers_microsoft_entra.microsoftentraprovidermapping

PUT /policies/event_matcher/{#123;policy_uuid}#125;/

Request:

Changed content type : application/json

• Changed property app (string)

  Match events created by selected application. When left empty, all applications are matched.

  Added enum values:

  • authentik.enterprise.providers.google_workspace
  • authentik.enterprise.providers.microsoft_entra

• Changed property model (string)

  Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

  Added enum values:

  • authentik_providers_google_workspace.googleworkspaceprovider
  • authentik_providers_google_workspace.googleworkspaceprovidermapping
  • authentik_providers_microsoft_entra.microsoftentraprovider
  • authentik_providers_microsoft_entra.microsoftentraprovidermapping

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property app (string)

    Match events created by selected application. When left empty, all applications are matched.

    Added enum values:

    • authentik.enterprise.providers.google_workspace
    • authentik.enterprise.providers.microsoft_entra

  • Changed property model (string)

    Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

    Added enum values:

    • authentik_providers_google_workspace.googleworkspaceprovider
    • authentik_providers_google_workspace.googleworkspaceprovidermapping
    • authentik_providers_microsoft_entra.microsoftentraprovider
    • authentik_providers_microsoft_entra.microsoftentraprovidermapping

PATCH /policies/event_matcher/{#123;policy_uuid}#125;/

Request:

Changed content type : application/json

• Changed property app (string)

  Match events created by selected application. When left empty, all applications are matched.

  Added enum values:

  • authentik.enterprise.providers.google_workspace
  • authentik.enterprise.providers.microsoft_entra

• Changed property model (string)

  Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

  Added enum values:

  • authentik_providers_google_workspace.googleworkspaceprovider
  • authentik_providers_google_workspace.googleworkspaceprovidermapping
  • authentik_providers_microsoft_entra.microsoftentraprovider
  • authentik_providers_microsoft_entra.microsoftentraprovidermapping

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property app (string)

    Match events created by selected application. When left empty, all applications are matched.

    Added enum values:

    • authentik.enterprise.providers.google_workspace
    • authentik.enterprise.providers.microsoft_entra

  • Changed property model (string)

    Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

    Added enum values:

    • authentik_providers_google_workspace.googleworkspaceprovider
    • authentik_providers_google_workspace.googleworkspaceprovidermapping
    • authentik_providers_microsoft_entra.microsoftentraprovider
    • authentik_providers_microsoft_entra.microsoftentraprovidermapping

POST /propertymappings/all/{#123;pm_uuid}#125;/test/

Request:

Changed content type : application/json

New optional properties:

• user

• Added property group (string)

GET /propertymappings/all/types/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Changed items (object): > Types of an object that can be created

  • Added property icon_url (string)

GET /providers/all/types/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Changed items (object): > Types of an object that can be created

  • Added property icon_url (string)

GET /sources/all/types/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Changed items (object): > Types of an object that can be created

  • Added property icon_url (string)

GET /stages/all/types/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Changed items (object): > Types of an object that can be created

  • Added property icon_url (string)

GET /stages/email/templates/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  Changed items (object): > Types of an object that can be created

  • Added property icon_url (string)

GET /core/groups/{#123;group_uuid}#125;/

Parameters:

Added: include_users in query

POST /policies/event_matcher/

Request:

Changed content type : application/json

• Changed property app (string)

  Match events created by selected application. When left empty, all applications are matched.

  Added enum values:

  • authentik.enterprise.providers.google_workspace
  • authentik.enterprise.providers.microsoft_entra

• Changed property model (string)

  Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

  Added enum values:

  • authentik_providers_google_workspace.googleworkspaceprovider
  • authentik_providers_google_workspace.googleworkspaceprovidermapping
  • authentik_providers_microsoft_entra.microsoftentraprovider
  • authentik_providers_microsoft_entra.microsoftentraprovidermapping

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  • Changed property app (string)

    Match events created by selected application. When left empty, all applications are matched.

    Added enum values:

    • authentik.enterprise.providers.google_workspace
    • authentik.enterprise.providers.microsoft_entra

  • Changed property model (string)

    Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

    Added enum values:

    • authentik_providers_google_workspace.googleworkspaceprovider
    • authentik_providers_google_workspace.googleworkspaceprovidermapping
    • authentik_providers_microsoft_entra.microsoftentraprovider
    • authentik_providers_microsoft_entra.microsoftentraprovidermapping

GET /policies/event_matcher/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > Event Matcher Policy Serializer

    • Changed property app (string)

      Match events created by selected application. When left empty, all applications are matched.

      Added enum values:

      • authentik.enterprise.providers.google_workspace
      • authentik.enterprise.providers.microsoft_entra

    • Changed property model (string)

      Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

      Added enum values:

      • authentik_providers_google_workspace.googleworkspaceprovider
      • authentik_providers_google_workspace.googleworkspaceprovidermapping
      • authentik_providers_microsoft_entra.microsoftentraprovider
      • authentik_providers_microsoft_entra.microsoftentraprovidermapping

GET /providers/all/

Parameters:

Added: backchannel in query

When not set all providers are returned. When set to true, only backchannel providers are returned. When set to false, backchannel providers are excluded

Deleted: backchannel_only in query

POST /rbac/permissions/assigned_by_roles/{#123;uuid}#125;/assign/

Request:

Changed content type : application/json

• Changed property model (string)

  Added enum values:

  • authentik_providers_google_workspace.googleworkspaceprovider
  • authentik_providers_google_workspace.googleworkspaceprovidermapping
  • authentik_providers_microsoft_entra.microsoftentraprovider
  • authentik_providers_microsoft_entra.microsoftentraprovidermapping

PATCH /rbac/permissions/assigned_by_roles/{#123;uuid}#125;/unassign/

Request:

Changed content type : application/json

• Changed property model (string)

  Added enum values:

  • authentik_providers_google_workspace.googleworkspaceprovider
  • authentik_providers_google_workspace.googleworkspaceprovidermapping
  • authentik_providers_microsoft_entra.microsoftentraprovider
  • authentik_providers_microsoft_entra.microsoftentraprovidermapping

POST /rbac/permissions/assigned_by_users/{#123;id}#125;/assign/

Request:

Changed content type : application/json

• Changed property model (string)

  Added enum values:

  • authentik_providers_google_workspace.googleworkspaceprovider
  • authentik_providers_google_workspace.googleworkspaceprovidermapping
  • authentik_providers_microsoft_entra.microsoftentraprovider
  • authentik_providers_microsoft_entra.microsoftentraprovidermapping

PATCH /rbac/permissions/assigned_by_users/{#123;id}#125;/unassign/

Request:

Changed content type : application/json

• Changed property model (string)

  Added enum values:

  • authentik_providers_google_workspace.googleworkspaceprovider
  • authentik_providers_google_workspace.googleworkspaceprovidermapping
  • authentik_providers_microsoft_entra.microsoftentraprovider
  • authentik_providers_microsoft_entra.microsoftentraprovidermapping

GET /sources/ldap/{#123;slug}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property icon (string)

PUT /sources/ldap/{#123;slug}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property icon (string)

PATCH /sources/ldap/{#123;slug}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property icon (string)

GET /sources/oauth/{#123;slug}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property icon (string)

PUT /sources/oauth/{#123;slug}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property icon (string)

PATCH /sources/oauth/{#123;slug}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property icon (string)

GET /sources/plex/{#123;slug}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property icon (string)

PUT /sources/plex/{#123;slug}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property icon (string)

PATCH /sources/plex/{#123;slug}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property icon (string)

GET /sources/saml/{#123;slug}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property icon (string)

PUT /sources/saml/{#123;slug}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property icon (string)

PATCH /sources/saml/{#123;slug}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property icon (string)

GET /events/system_tasks/{#123;uuid}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Added property expires (string)

  • Added property expiring (boolean)

GET /rbac/permissions/assigned_by_roles/

Parameters:

Changed: model in query

GET /rbac/permissions/assigned_by_users/

Parameters:

Changed: model in query

POST /sources/ldap/

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  • Changed property icon (string)

GET /sources/ldap/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > LDAP Source Serializer

    • Changed property icon (string)

POST /sources/oauth/

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  • Changed property icon (string)

GET /sources/oauth/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > OAuth Source Serializer

    • Changed property icon (string)

POST /sources/plex/

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  • Changed property icon (string)

GET /sources/plex/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > Plex Source Serializer

    • Changed property icon (string)

POST /sources/saml/

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  • Changed property icon (string)

GET /sources/saml/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > SAMLSource Serializer

    • Changed property icon (string)

GET /stages/captcha/{#123;stage_uuid}#125;/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Added property score_min_threshold (number)

  • Added property score_max_threshold (number)

  • Added property error_on_invalid_score (boolean)

    When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions

PUT /stages/captcha/{#123;stage_uuid}#125;/

Request:

Changed content type : application/json

• Added property score_min_threshold (number)

• Added property score_max_threshold (number)

• Added property error_on_invalid_score (boolean)

  When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Added property score_min_threshold (number)

  • Added property score_max_threshold (number)

  • Added property error_on_invalid_score (boolean)

    When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions

PATCH /stages/captcha/{#123;stage_uuid}#125;/

Request:

Changed content type : application/json

• Added property score_min_threshold (number)

• Added property score_max_threshold (number)

• Added property error_on_invalid_score (boolean)

  When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Added property score_min_threshold (number)

  • Added property score_max_threshold (number)

  • Added property error_on_invalid_score (boolean)

    When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions

PUT /core/transactional/applications/

Request:

Changed content type : application/json

• Changed property provider_model (string)

  Added enum values:

  • authentik_providers_google_workspace.googleworkspaceprovider
  • authentik_providers_microsoft_entra.microsoftentraprovider

• Changed property provider (object)

  Added 'authentik_providers_google_workspace.googleworkspaceprovider' provider_model:

  • Property name (string)

  • Property property_mappings (array)

    Items (string):

  • Property property_mappings_group (array)

    Property mappings used for group creation/updating.

    Items (string):

  • Property delegated_subject (string)

  • Property credentials (object)

  • Property scopes (string)

  • Property exclude_users_service_account (boolean)

  • Property filter_group (string)

  • Property user_delete_action (string)

    Enum values:

    • do_nothing
    • delete
    • suspend

  • Property group_delete_action (string)

  • Property default_group_email_domain (string)

  Added 'authentik_providers_microsoft_entra.microsoftentraprovider' provider_model:

  • Property name (string)

  • Property property_mappings (array)

  • Property property_mappings_group (array)

    Property mappings used for group creation/updating.

  • Property client_id (string)

  • Property client_secret (string)

  • Property tenant_id (string)

  • Property exclude_users_service_account (boolean)

  • Property filter_group (string)

  • Property user_delete_action (string)

  • Property group_delete_action (string)

GET /events/system_tasks/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > Serialize TaskInfo and TaskResult

    • Added property expires (string)

    • Added property expiring (boolean)

POST /stages/captcha/

Request:

Changed content type : application/json

• Added property score_min_threshold (number)

• Added property score_max_threshold (number)

• Added property error_on_invalid_score (boolean)

  When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions

Return Type:

Changed response : 201 Created

• Changed content type : application/json

  • Added property score_min_threshold (number)

  • Added property score_max_threshold (number)

  • Added property error_on_invalid_score (boolean)

    When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions

GET /stages/captcha/

Return Type:

Changed response : 200 OK

• Changed content type : application/json

  • Changed property results (array)

    Changed items (object): > CaptchaStage Serializer

    • Added property score_min_threshold (number)

    • Added property score_max_threshold (number)

    • Added property error_on_invalid_score (boolean)

      When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions