secret: # -- name of secret to store generated secret (like clientI) name: "" # -- label of secret to store generated secret labels: {} blueprint: authentik: # -- domain to authentik, used in generated url (like issuer) domain: "https://auth.wrenix.eu" # -- label of generated secret with blueprint labels: goauthentik_blueprint: "1" provider: # -- creat an provider for authentification (otherwise just a like in menu is created) enabled: true name: "" authorizationFlow: "default-provider-authorization-implicit-consent" # -- type of application connection, current support: oidc, saml and proxy type: "oidc" oidc: clientType: "confidential" # -- client id - generated if secret enabled clientID: # -- client secret - generated if secret enabled clientSecret: redirectURL: "" # -- Need for non-curve / RSA signingKey: "" # -- Scope scopes: saml: proxy: externalHost: skipPathRegex: "" cookieDomain: "" ingress: # -- deploy ingress on application domain for e.g. logout (WIP) enabled: false # -- domain of application (where outpost should be deployed) domain: # -- service backend to authentik backend: authentik application: # -- application name in menu name: "" # -- application slug slug: "app-name" # -- put this application in authentik in group group: "" # url to application launchURL: "" # -- open application in new tab openInNewTab: false # -- icon of application (url) icon: "" # -- description of application description: "" # -- publisher of application publisher: "" # -- uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled) bindPolicyID: policyEngineMode: "any" # -- authentik groups created / give access to this application # disable any groups by set groups: [] (to a slice) # example: # - slug: "app: grafana-admin" # parent: "app: infra" # bindID: uuid # groups: