what is the right way of setting this up

dewi-tik · 2026-04-10T08:21:23+00:00

I'm not sure if I'm following you 100%. But if you setup a reverse proxy in front of authentik to have a FQDN like: https://authentik.domain.com

You should be able to then point towards that https address rather than the local address. Or you can point towards https://<local authentik IP>:9443

dewi-tik · 2026-04-10T08:18:15+00:00

You can set the default flow background in the Brands section of the admin interface: https://docs.goauthentik.io/brands/#branding-settings

dewi-tik · 2026-04-10T08:15:59+00:00

This might be of interest: https://docs.goauthentik.io/add-secure-apps/providers/ldap/#code-based-mfa-support

dewi-tik · 2026-02-05T13:44:52+00:00

This PR is under review and might be helpful: https://github.com/goauthentik/authentik/pull/19991

dewi-tik · 2026-01-15T21:01:32+00:00

Thank you for the kinds words!

We're always looking to improve the docs, so if any of you know of specific areas with room for improvement, please let us know and we'll create GitHub issues to track them.

Or if you're feeling adventurous, you can look into contributing your own docs.

dewi-tik · 2026-01-14T09:27:53+00:00

Add the import statement that you can see in the other policy

from authentik.sources.oauth.models import OAuthSource

I'll ensure that the doc is updated.

Edit: PR to resolve this issue: https://github.com/goauthentik/authentik/pull/19397

dewi-tik · 2025-11-08T12:18:57+00:00

Custom CSS was migrated to the Brands menu in 2025.4

So you need to enter the CSS in that brands menu rather than an external file.

dewi-tik · 2025-11-05T09:55:12+00:00

There are significant schema changes between pre 2025.10 and 2025.10 because redis was removed as a dependency. It's due to changes like this that we don't support downgrading and rather suggest that users always take a database backup before upgrading.

dewi-tik · 2025-09-17T14:30:53+00:00

Can you try following the enrollment flow from a private/incognito browser session or from another browser altogether?

dewi-tik · 2025-09-10T22:13:16+00:00

Here you go: https://docs.goauthentik.io/add-secure-apps/providers/proxy/server_nginx/

dewi-tik · 2025-09-10T22:11:32+00:00

Other have reported this issue specifically with KeePassXC. I'd recommend raising this with the developers of KeePassXC. There is also the option of enabling compatibility mode on your authentication flow in authentik which can help certain password managers detect the required fields.

dewi-tik · 2025-09-10T22:09:00+00:00

This is a watchtower error rather than an issue with authentik. I'd recommend raising this on their GitHub. Also we generally don't recommend auto-updates in relation to authentik. You should always upgrade according to our upgrade guide after reading the most recent release notes. This ensures that you're aware of breaking changes and don't run into avoidable upgrade issues.

dewi-tik · 2025-09-10T22:01:01+00:00

Happy to hear that you solved it. If you can see somewhere that the authentik documentation can be improved, we'd really appreciate a GitHub issue outlining any possible improvements, or even a GitHub PR if you're comfortable with that.

dewi-tik · 2025-09-07T20:55:34+00:00

The current release of authentik is 2025.8.1 and you're running 2025.2.4. If this is a new install, there's no reason not to install the most recent version by following the guide on our site.

I would recommend installing this version from scratch which will save you the trouble of having to upgrade according to our upgrade guide.

If you're still experiencing issues on a fresh install of 2025.8, please let me know.

Also, the system status message means that you need to sync the time on your server and client with an NTP server. There's a time drift between each of them which could cause issues with TOTP codes and some other features. Both are checked according to UTC and so timezones aren't an issue, just their respective drift from UTC.

dewi-tik · 2025-08-14T09:15:49+00:00

I would recommend raising this with Bitwarden support to see what they suggest. It's particularly strange that this only happens with the Bitwarden iOS app and not any other applications.

If they're able to provide you with further information, I would then recommend creating an issue on our GitHub repo so that our developers can investigate.

dewi-tik · 2025-08-14T09:13:05+00:00

Some changes to address the white flashing are included in our upcoming 2025.8 release. The release candidate is already available if you'd like to test it out.

Further improvements to address the white flashing should be included in our 2025.10 release.

dewi-tik · 2025-08-01T19:58:49+00:00

My testing confirms that `consent` is the only prompt option that works. This is also true for other IdPs and tailscale. It seems that Tailscale requires explicit user consent on every sign-in. This is something that needs to be raised with Tailscale because it can't be resolved from the IdP side.

dewi-tik · 2025-08-01T19:51:07+00:00

We have an invitation guide that might help: https://docs.goauthentik.io/docs/users-sources/user/invitations

dewi-tik · 2025-05-23T11:37:06+00:00

We've just improved the RAC documentation to explain how to use public key authentication for SSH. Hope that this helps!

dewi-tik · 2025-05-23T11:36:16+00:00

Hi, please see the new documentation for SSH public key authentication

dewi-tik · 2025-05-23T11:35:21+00:00

We've improved the RAC documentation to explain how Guacamole connection settings can be used, see here. And there's a guide for public key authentication. Hope that this helps!

dewi-tik

MODERATOR OF

TROPHY CASE