website/integations/services: Slack integration docs #9933
Conversation
✅ Deploy Preview for authentik-storybook canceled.
|
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #9933 +/- ##
==========================================
- Coverage 92.63% 92.62% -0.02%
==========================================
Files 710 711 +1
Lines 34767 34915 +148
==========================================
+ Hits 32206 32339 +133
- Misses 2561 2576 +15
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
authentik PR Installation instructions Instructions for docker-composeAdd the following block to your AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-bc6e7942ea51d18495c4e881884bda01a0539eae
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)sFor arm64, use these values: AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-bc6e7942ea51d18495c4e881884bda01a0539eae-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)sAfterwards, run the upgrade commands from the latest release notes. Instructions for KubernetesAdd the following block to your authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-ghcr.io/goauthentik/dev-server:gh-bc6e7942ea51d18495c4e881884bda01a0539eaeFor arm64, use these values: authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-ghcr.io/goauthentik/dev-server:gh-bc6e7942ea51d18495c4e881884bda01a0539eae-arm64Afterwards, run the upgrade commands from the latest release notes. |
| > | ||
| > -- https://slack.com | ||
|
|
||
| ## Preparation |
There was a problem hiding this comment.
I know the "the following placeholders will be used" is a formality and is in all pages but there is no real reson to add it here if the placeholders are never used.
There was a problem hiding this comment.
Ah, @4d62 so are they truly never used when integrated Slack? Then I agree, absolutely, let's remove that whole section.
Is there a simple formula for knowing which integrations will require those placeholders?
There was a problem hiding this comment.
they truly never used when integrated Slack?
The way you wrote the documentation, authentik.company is never used. For slack.company, it's possible to use a custom domain or a .slack.com domain if i remember correctly. You could probably do something like "slack.company or my-workspace.slack.com is the FQDN of your Slack instance".
Is there a simple formula for knowing which integrations will require those placeholders?
A good rule of thumb is to add the install placeholder if the application needs to be self-hosted by the users and the authentik placeholder everywhere (e.g., my GitLab instance's URL is different from Jens'). For applications that are not self-hosted by the user (e.g., Amazon AWS, where everyone uses the same https://signin.aws.amazon.com/saml URL), only the authentik.company line should be added.
There was a problem hiding this comment.
Great, thanks so much for this info. I'll create an internal task for me to go through the integrations and edit as needed... I should also add this info to our template... might be a while before I get to it but good to have a better understanding. Thanks!
|
|
||
| ### Step 1. Create custom property mappings | ||
|
|
||
| Your Slack integration requires property mappings for `User.Email` and `User.Username` so that authetnik can retrieve and map these values from Slack. |
There was a problem hiding this comment.
We have one additional one for our slack workspace. The SAML attribute name is first_name and the expression is:
parts = request.user.name.split(" ")
if len(parts) < 1:
return request.user.name
return parts[0]Not sure if it's required though.
There was a problem hiding this comment.
@BeryJu can you please confirm (or deny lol) if this property mapping is required? Thanks!
There was a problem hiding this comment.
It's not required (see https://slack.com/help/articles/205168057-Custom-SAML-single-sign-on, and we should probably link that page in this doc too)
| > | ||
| > -- https://slack.com | ||
|
|
||
| ## Preparation |
There was a problem hiding this comment.
they truly never used when integrated Slack?
The way you wrote the documentation, authentik.company is never used. For slack.company, it's possible to use a custom domain or a .slack.com domain if i remember correctly. You could probably do something like "slack.company or my-workspace.slack.com is the FQDN of your Slack instance".
Is there a simple formula for knowing which integrations will require those placeholders?
A good rule of thumb is to add the install placeholder if the application needs to be self-hosted by the users and the authentik placeholder everywhere (e.g., my GitLab instance's URL is different from Jens'). For applications that are not self-hosted by the user (e.g., Amazon AWS, where everyone uses the same https://signin.aws.amazon.com/saml URL), only the authentik.company line should be added.
|
also added a few comments on the style guide |
| 5. Click **Create**. | ||
|
|
||
| :::info | ||
| After you have created the provider and application, and the application is connected to the provider (Step 3 above) the **Overview** tab on the provider's detail page in the Admin UI will display additional information that you will need to configure Slack, using the following steps. |
There was a problem hiding this comment.
True... but it is intended to ease the cognitive load of reading a bit... :-)
There was a problem hiding this comment.
In that case this pr seems fine by me!
| 1. Log in to the Slack Admin Dashboard. | ||
| 2. Navigate to the **Configure SAML Authentication** page. | ||
| 3. Enter the following values: | ||
| - **SAML 2.0 Endpoint (HTTP)**: copy/paste in the **SSO URL (Redirect)** URL from the provider that you created in authentik. |
There was a problem hiding this comment.
This is where I'd usually use the placeholder authentik.company to give an example URL, but I suppose we don't have to do that
There was a problem hiding this comment.
Ohhhh, let's do include an example, please @BeryJu. So would this work (but with proper formatting for the italics):
https://_authentik.company_/applications/saml/slack/sso/binding/redirect/
If we use it in an example here, I think I should add it back to the top of this page, under Preparation.
* main: (1457 commits) root: use custom model serializer that saves m2m without bulk (#10139) core: bump urllib3 from 2.2.1 to 2.2.2 (#10143) ci: bump docker/build-push-action from 5 to 6 (#10144) web: bump the storybook group in /web with 7 updates (#10147) web: bump ws from 8.16.0 to 8.17.1 in /web (#10149) web: fix needed because recent upgrade to task breaks spinner button (#10142) core: include version in built JS files (#9558) website/integations/services: Slack integration docs (#9933) web: fix early modal stack depletion (#10068) website: bump react-tooltip from 5.26.4 to 5.27.0 in /website (#10129) web: bump @patternfly/elements from 3.0.1 to 3.0.2 in /web (#10132) core: bump github.com/gorilla/sessions from 1.2.2 to 1.3.0 (#10135) web: bump chromedriver from 126.0.0 to 126.0.1 in /tests/wdio (#10136) core: bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#10133) core, web: update translations (#10127) core: bump ruff from 0.4.8 to 0.4.9 (#10128) core: bump goauthentik.io/api/v3 from 3.2024042.11 to 3.2024042.13 (#10134) core, web: update translations (#10118) translate: Updates for file web/xliff/en.xlf in zh-Hans (#10121) translate: Updates for file web/xliff/en.xlf in zh_CN (#10120) ...
* main: (29 commits) web: fix docker build for non-release versions (#10154) root: makefile: add codespell to make-website (#10116) root: use custom model serializer that saves m2m without bulk (#10139) core: bump urllib3 from 2.2.1 to 2.2.2 (#10143) ci: bump docker/build-push-action from 5 to 6 (#10144) web: bump the storybook group in /web with 7 updates (#10147) web: bump ws from 8.16.0 to 8.17.1 in /web (#10149) web: fix needed because recent upgrade to task breaks spinner button (#10142) core: include version in built JS files (#9558) website/integations/services: Slack integration docs (#9933) web: fix early modal stack depletion (#10068) website: bump react-tooltip from 5.26.4 to 5.27.0 in /website (#10129) web: bump @patternfly/elements from 3.0.1 to 3.0.2 in /web (#10132) core: bump github.com/gorilla/sessions from 1.2.2 to 1.3.0 (#10135) web: bump chromedriver from 126.0.0 to 126.0.1 in /tests/wdio (#10136) core: bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#10133) core, web: update translations (#10127) core: bump ruff from 0.4.8 to 0.4.9 (#10128) core: bump goauthentik.io/api/v3 from 3.2024042.11 to 3.2024042.13 (#10134) core, web: update translations (#10118) ...
* web/automated-testing: (280 commits) Merge missed something. web: fix docker build for non-release versions (#10154) root: makefile: add codespell to make-website (#10116) root: use custom model serializer that saves m2m without bulk (#10139) core: bump urllib3 from 2.2.1 to 2.2.2 (#10143) ci: bump docker/build-push-action from 5 to 6 (#10144) web: bump the storybook group in /web with 7 updates (#10147) web: bump ws from 8.16.0 to 8.17.1 in /web (#10149) web: fix needed because recent upgrade to task breaks spinner button (#10142) core: include version in built JS files (#9558) website/integations/services: Slack integration docs (#9933) Somehow missed these in the merge. web: fix early modal stack depletion (#10068) website: bump react-tooltip from 5.26.4 to 5.27.0 in /website (#10129) web: bump @patternfly/elements from 3.0.1 to 3.0.2 in /web (#10132) core: bump github.com/gorilla/sessions from 1.2.2 to 1.3.0 (#10135) web: bump chromedriver from 126.0.0 to 126.0.1 in /tests/wdio (#10136) core: bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#10133) core, web: update translations (#10127) core: bump ruff from 0.4.8 to 0.4.9 (#10128) ...
* main: (27 commits) root: use custom model serializer that saves m2m without bulk (#10139) core: bump urllib3 from 2.2.1 to 2.2.2 (#10143) ci: bump docker/build-push-action from 5 to 6 (#10144) web: bump the storybook group in /web with 7 updates (#10147) web: bump ws from 8.16.0 to 8.17.1 in /web (#10149) web: fix needed because recent upgrade to task breaks spinner button (#10142) core: include version in built JS files (#9558) website/integations/services: Slack integration docs (#9933) web: fix early modal stack depletion (#10068) website: bump react-tooltip from 5.26.4 to 5.27.0 in /website (#10129) web: bump @patternfly/elements from 3.0.1 to 3.0.2 in /web (#10132) core: bump github.com/gorilla/sessions from 1.2.2 to 1.3.0 (#10135) web: bump chromedriver from 126.0.0 to 126.0.1 in /tests/wdio (#10136) core: bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#10133) core, web: update translations (#10127) core: bump ruff from 0.4.8 to 0.4.9 (#10128) core: bump goauthentik.io/api/v3 from 3.2024042.11 to 3.2024042.13 (#10134) core, web: update translations (#10118) translate: Updates for file web/xliff/en.xlf in zh-Hans (#10121) translate: Updates for file web/xliff/en.xlf in zh_CN (#10120) ...
First draft, needs a thorough tech review by @BeryJu and anyone else who has Slack admin knowledge/access. The last section on setting up Slack feels a bit hand-wavy... and I am not sure that I caught of all the steps around setting up/implementing the property mappings.
make website)