Release 2025.2
Highlights
- SSF Provider Enterprise Preview Add support for Shared Signals Framework.
- RAC moved open source Remote access is now available to everyone!
- GeoIP distance and impossible travel checks Add the ability to check for the distance a user has moved compared to a previous login, and if the user could have travelled the distance.
- Email OTP Stage Allow users to use their email accounts as a one-time-password during authentication.
- Fine-grained permission for superuser toggle on groups Setting the Is superuser toggle on a group now requires a separate permission.
Breaking changes
-
Fixed behaviour in Source stage Enterprise
In previous versions, the Source stage would incorrectly continue with the initial flow after returning from the source, which didn't match the documented behaviour.
With this release this behaviour has been corrected and the source stage will now correctly run the selected enrollment/authentication flow before returning to the flow from which the source stage was executed.
-
Deprecated and frozen
:latestcontainer image tag after 2025.2Using the
:latesttag with container images is not recommended as it can lead to unintentional updates and potentially broken setups.The tag will not be removed, however it will also not be updated past 2025.2.
We strongly recommended the use of a specific version tag for authentik instances' container images like
:2025.2.
New features
-
SSF Provider Enterprise Preview
Shared Signals Framework allows applications to register a stream with authentik within which they can received events from authentik such as when a session was revoked or a credential was add/changed/deleted and execute actions based on these events.
Using a SSF provider as a backchannel provider allows admins to integrate authentik with Apple Business School Manager for federated Apple IDs.
-
RAC moved to open source
Remote access (RDP, VNC and SSH) has moved from enterprise to our free, open source code. We try our best to limit enterprise-specific functionality to features that would be non-essential to homelab users and far more valuable to enterprise use cases. We've had a variety of homelab users reach out with excellent use cases for RAC functionality, so while this will mean giving up some potential revenue, we think that opening up RAC to the community is the right thing to do!
-
GeoIP distance and impossible travel checks
Add the ability to check for the distance a user has moved compared to a previous login, and add the option to check impossible travel distances based on client IP.
These options can be used to detect and prevent access from potentially stolen authentik sessions or stolen devices. Refer to our documentation.
-
Email OTP Authenticator Setup Stage
Admins now have the ability to configure the option for users to use their email address as an authenticator. Users that already have an email address set on their account will be able to use that address to receive one-time-passwords. It is also possible to configure authentik to allow users to add additional email addresses as authenticators.
-
Application Wizard is the default way to create applications
The default way of creating an application now allows admins to configure the application and provider at the same time, and also add any kind of bindings without having to navigate through different sections of the UI. The previous way of creating a standalone application is and will stay available alongside the new and streamlined method.
-
Fine-grained permission for superuser toggle on groups
Setting the Is superuser toggle on a group now requires a separate permission, making it much easier to allow for delegated management of groups without risking the ability for users to self-elevate permissions. For details, refer to our documentation.
-
Improved debugging experience
For people developing authentik or building very complex, custom integrations, how to configure debugging in authentik is documented here.
Upgrading
This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our Upgrade documentation.
When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance.
Docker Compose
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
wget -O docker-compose.yml https://goauthentik.io/version/2025.2/docker-compose.yml
docker compose up -d
The -O flag retains the downloaded file's name, overwriting any existing local file with the same name.
Kubernetes
Upgrade the Helm Chart to the new version, using the following commands:
helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.2
Minor changes/fixes
- admin: monitor worker version (#12463)
- api: cleanup owner permissions (#12598)
- blueprints: add REPL for blueprint YAML tags (#9223)
- blueprints: fix schema for meta models (#12421)
- core: add indexes on ExpiringModel (#12658)
- core: fix application entitlements not creatable with blueprints (#12673)
- core: fix error when creating new user with default path (#12609)
- core: fix generic sources not being fetchable by pk (#12896)
- core: fix permissions for admin device listing (#12787)
- core: search users' attributes (#12740)
- core: show last password change date (#12958)
- enterprise/providers: SSF (#12327)
- enterprise/providers/SSF: fix a couple of bugs after real world testing (#12987)
- enterprise/rac: Improve client connection status & bugfixes (#12684)
- events: make sure password set event has the correct IP (#12585)
- events: notification_cleanup: avoid unnecessary loop (#12417)
- flows: clear flow state before redirecting to final URL (#12788)
- flows: fix history containing other plans (#12655)
- flows: fix inspector permission check (#12907)
- flows: more tests (#11587)
- flows: show policy messages in reevaluate marker (#12855)
- flows/inspector: add button to open flow inspector (#12656)
- internal: fix missing trailing slash in outpost websocket (#12470)
- internal: fix URL generation for websocket connection (#12439)
- lifecycle: update python to 3.12.8 (#12783)
- lifecycle/migrate: don't migrate tenants if not enabled (#12850)
- outposts: fix version label (#12486)
- providers/oauth2: include scope in token response (#12921)
- providers/oauth2: support token revocation for public clients (#12704)
- providers/saml: fix handle Accept: application/xml for SAML Metadata endpoint (#12483) (#12518)
- providers/saml: fix invalid SAML Response when assertion and response are signed (#12611)
- providers/saml: provide generic metadata url when possible (#12413)
- rbac: exclude permissions for internal models (#12803)
- rbac: permissions endpoint: allow authenticated users (#12608)
- root: backport version bump (#12426)
- root: docker: ensure apt packages are up-to-date (#12683)
- root: expose CONN_MAX_AGE, CONN_HEALTH_CHECKS and DISABLE_SERVER_SIDE_CURSORS for PostgreSQL config (#10159)
- root: fix dev build version being invalid semver (#12472)
- root: redis, make sure tlscacert isn't an empty string (#12407)
- sources: allow uuid or slug to be used for retrieving a source (#12780)
- sources: allow uuid or slug to be used for retrieving a source (2024.12 fix) (#12772)
- sources/kerberos: authenticate with the user's username instead of the first username in authentik (#12497)
- sources/kerberos: handle principal expire time (#12748)
- sources/oauth: fix authentication only being sent in form body (#12713)
- sources/scim: fix user creation (duplicate userName) (#12547)
- stages/authenticator: add user field to devices (#12636)
- stages/prompt: always show policy messages (#12765)
- stages/redirect: fix query parameter when redirecting to flow (#12750)
- web, core: fix grammatical issue in stage bindings (#10799)
- web: fix build dev build (#12473)
- web: fix error handling bug in ApplicationWizard.RACProviderForm (#12640)
- web: Fix issue where Codemirror partially applies OneDark theme. (#12811)
- web: fix mobile scrolling bug (#12601)
- web: fix source selection and outpost integration health (#12530)
- web: fix source selection and outpost integration health (#12530)
- web: fixes broken docLinks - url missing s (#12789)
- web: housekeeping, optimizations and small fixes (#12450)
- web: improve notification and API drawers (#12659)
- web: misc fixes for admin and flow inspector (#12461)
- web: only load version context when authenticated (#12482)
- web: update gen-client-ts to OpenAPI 7.11.0 (#12756)
- web/admin: fix role changelog missing primary key filter (#12671)
- web/admin: improve user display view (#12988)
- web/admin: more cleanup and consistency (#12657)
- web/admin: Refine navigation (#12441)
- web/components: ak-number-input: add support for min (#12703)
- web/flows: fix
login/log ininconsistency (#12526)
Fixed in 2025.2.1
- core: add pre-hydrated relative URL (cherry-pick #13243) (#13246)
- stages/authenticator_email: Email Authenticator Stage Documentation (cherry-pick #12853) (#13218)
- stages/authenticator_email: fix session cleanup test b (cherry-pick #13264) (#13276)
- stages/email: Fix email stage serialization (cherry-pick #13256) (#13273)
API Changes
What's New
GET /authenticators/admin/email/
POST /authenticators/admin/email/
GET /authenticators/admin/email/{id}/
PUT /authenticators/admin/email/{id}/
DELETE /authenticators/admin/email/{id}/
PATCH /authenticators/admin/email/{id}/
GET /authenticators/email/
GET /authenticators/email/{id}/
PUT /authenticators/email/{id}/
DELETE /authenticators/email/{id}/
PATCH /authenticators/email/{id}/
GET /authenticators/email/{id}/used_by/
GET /providers/ssf/
POST /providers/ssf/
GET /providers/ssf/{id}/
PUT /providers/ssf/{id}/
DELETE /providers/ssf/{id}/
PATCH /providers/ssf/{id}/
GET /providers/ssf/{id}/used_by/
GET /ssf/streams/
GET /ssf/streams/{uuid}/
GET /stages/authenticator/email/
POST /stages/authenticator/email/
GET /stages/authenticator/email/{stage_uuid}/
PUT /stages/authenticator/email/{stage_uuid}/
DELETE /stages/authenticator/email/{stage_uuid}/
PATCH /stages/authenticator/email/{stage_uuid}/
GET /stages/authenticator/email/{stage_uuid}/used_by/
What's Changed
GET /admin/workers/
Return Type:
Changed response : 200 OK
- Changed content type :
application/json
GET /authenticators/admin/duo/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
-
Added property
user(object)-
Property
pk(integer) -
Property
username(string)Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.
-
Property
name(string)User's display name.
-
Property
is_active(boolean)Designates whether this user should be treated as active. Unselect this instead of deleting accounts.
-
Property
last_login(string) -
Property
email(string) -
Property
attributes(object) -
Property
uid(string)
-
-
PUT /authenticators/admin/duo/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PATCH /authenticators/admin/duo/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /authenticators/admin/sms/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PUT /authenticators/admin/sms/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PATCH /authenticators/admin/sms/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /authenticators/admin/totp/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PUT /authenticators/admin/totp/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PATCH /authenticators/admin/totp/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /authenticators/admin/webauthn/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PUT /authenticators/admin/webauthn/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PATCH /authenticators/admin/webauthn/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /authenticators/duo/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PUT /authenticators/duo/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PATCH /authenticators/duo/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /authenticators/sms/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PUT /authenticators/sms/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PATCH /authenticators/sms/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /authenticators/totp/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PUT /authenticators/totp/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PATCH /authenticators/totp/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /authenticators/webauthn/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PUT /authenticators/webauthn/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PATCH /authenticators/webauthn/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /policies/event_matcher/{policy_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
-
authentik.providers.rac -
authentik.stages.authenticator_email -
authentik.enterprise.providers.ssfRemoved enum value: -
authentik.enterprise.providers.rac
-
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_authenticator_email.authenticatoremailstageauthentik_stages_authenticator_email.emaildeviceauthentik_providers_ssf.ssfprovider
-
PUT /policies/event_matcher/{policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
-
authentik.providers.rac -
authentik.stages.authenticator_email -
authentik.enterprise.providers.ssfRemoved enum value: -
authentik.enterprise.providers.rac
-
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_authenticator_email.authenticatoremailstageauthentik_stages_authenticator_email.emaildeviceauthentik_providers_ssf.ssfprovider
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
-
authentik.providers.rac -
authentik.stages.authenticator_email -
authentik.enterprise.providers.ssfRemoved enum value: -
authentik.enterprise.providers.rac
-
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_authenticator_email.authenticatoremailstageauthentik_stages_authenticator_email.emaildeviceauthentik_providers_ssf.ssfprovider
-
PATCH /policies/event_matcher/{policy_uuid}/
Request:
Changed content type : application/json
-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
-
authentik.providers.rac -
authentik.stages.authenticator_email -
authentik.enterprise.providers.ssfRemoved enum value: -
authentik.enterprise.providers.rac
-
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_authenticator_email.authenticatoremailstageauthentik_stages_authenticator_email.emaildeviceauthentik_providers_ssf.ssfprovider
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
-
authentik.providers.rac -
authentik.stages.authenticator_email -
authentik.enterprise.providers.ssfRemoved enum value: -
authentik.enterprise.providers.rac
-
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_authenticator_email.authenticatoremailstageauthentik_stages_authenticator_email.emaildeviceauthentik_providers_ssf.ssfprovider
-
GET /providers/saml/{id}/metadata/
Return Type:
Changed response : 200 OK
- New content type :
application/xml
POST /authenticators/admin/duo/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /authenticators/admin/duo/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for Duo authenticator devices
New required properties:
-
user
- Added property
user(object)
-
-
POST /authenticators/admin/sms/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /authenticators/admin/sms/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for sms authenticator devices
New required properties:
-
user
- Added property
user(object)
-
-
GET /authenticators/admin/static/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PUT /authenticators/admin/static/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PATCH /authenticators/admin/static/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
POST /authenticators/admin/totp/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /authenticators/admin/totp/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for totp authenticator devices
New required properties:
-
user
- Added property
user(object)
-
-
POST /authenticators/admin/webauthn/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /authenticators/admin/webauthn/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for WebAuthn authenticator devices
New required properties:
-
user
- Added property
user(object)
-
-
GET /authenticators/duo/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for Duo authenticator devices
New required properties:
-
user
- Added property
user(object)
-
-
GET /authenticators/sms/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for sms authenticator devices
New required properties:
-
user
- Added property
user(object)
-
-
GET /authenticators/static/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PUT /authenticators/static/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
PATCH /authenticators/static/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /authenticators/totp/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for totp authenticator devices
New required properties:
-
user
- Added property
user(object)
-
-
GET /authenticators/webauthn/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for WebAuthn authenticator devices
New required properties:
-
user
- Added property
user(object)
-
-
GET /core/tokens/{identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
PUT /core/tokens/{identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
PATCH /core/tokens/{identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
GET /core/users/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
password_change_date
- Added property
password_change_date(string)
-
PUT /core/users/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
password_change_date
- Added property
password_change_date(string)
-
PATCH /core/users/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonNew required properties:
-
password_change_date
- Added property
password_change_date(string)
-
GET /policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
PUT /policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
PATCH /policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
POST /policies/event_matcher/
Request:
Changed content type : application/json
-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
-
authentik.providers.rac -
authentik.stages.authenticator_email -
authentik.enterprise.providers.ssfRemoved enum value: -
authentik.enterprise.providers.rac
-
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_authenticator_email.authenticatoremailstageauthentik_stages_authenticator_email.emaildeviceauthentik_providers_ssf.ssfprovider
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
-
authentik.providers.rac -
authentik.stages.authenticator_email -
authentik.enterprise.providers.ssfRemoved enum value: -
authentik.enterprise.providers.rac
-
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_authenticator_email.authenticatoremailstageauthentik_stages_authenticator_email.emaildeviceauthentik_providers_ssf.ssfprovider
-
GET /policies/event_matcher/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Event Matcher Policy Serializer
-
Changed property
app(string)Match events created by selected application. When left empty, all applications are matched.
Added enum values:
-
authentik.providers.rac -
authentik.stages.authenticator_email -
authentik.enterprise.providers.ssfRemoved enum value: -
authentik.enterprise.providers.rac
-
-
Changed property
model(string)Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
Added enum values:
authentik_stages_authenticator_email.authenticatoremailstageauthentik_stages_authenticator_email.emaildeviceauthentik_providers_ssf.ssfprovider
-
-
GET /policies/geoip/{policy_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
check_history_distance(boolean) -
Added property
history_max_distance_km(integer) -
Added property
distance_tolerance_km(integer) -
Added property
history_login_count(integer) -
Added property
check_impossible_travel(boolean) -
Added property
impossible_tolerance_km(integer)
-
PUT /policies/geoip/{policy_uuid}/
Request:
Changed content type : application/json
-
Added property
check_history_distance(boolean) -
Added property
history_max_distance_km(integer) -
Added property
distance_tolerance_km(integer) -
Added property
history_login_count(integer) -
Added property
check_impossible_travel(boolean) -
Added property
impossible_tolerance_km(integer)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
check_history_distance(boolean) -
Added property
history_max_distance_km(integer) -
Added property
distance_tolerance_km(integer) -
Added property
history_login_count(integer) -
Added property
check_impossible_travel(boolean) -
Added property
impossible_tolerance_km(integer)
-
PATCH /policies/geoip/{policy_uuid}/
Request:
Changed content type : application/json
-
Added property
check_history_distance(boolean) -
Added property
history_max_distance_km(integer) -
Added property
distance_tolerance_km(integer) -
Added property
history_login_count(integer) -
Added property
check_impossible_travel(boolean) -
Added property
impossible_tolerance_km(integer)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Added property
check_history_distance(boolean) -
Added property
history_max_distance_km(integer) -
Added property
distance_tolerance_km(integer) -
Added property
history_login_count(integer) -
Added property
check_impossible_travel(boolean) -
Added property
impossible_tolerance_km(integer)
-
POST /rbac/permissions/assigned_by_roles/{uuid}/assign/
Request:
Changed content type : application/json
-
Changed property
model(string)Added enum values:
authentik_stages_authenticator_email.authenticatoremailstageauthentik_stages_authenticator_email.emaildeviceauthentik_providers_ssf.ssfprovider
PATCH /rbac/permissions/assigned_by_roles/{uuid}/unassign/
Request:
Changed content type : application/json
-
Changed property
model(string)Added enum values:
authentik_stages_authenticator_email.authenticatoremailstageauthentik_stages_authenticator_email.emaildeviceauthentik_providers_ssf.ssfprovider
POST /rbac/permissions/assigned_by_users/{id}/assign/
Request:
Changed content type : application/json
-
Changed property
model(string)Added enum values:
authentik_stages_authenticator_email.authenticatoremailstageauthentik_stages_authenticator_email.emaildeviceauthentik_providers_ssf.ssfprovider
PATCH /rbac/permissions/assigned_by_users/{id}/unassign/
Request:
Changed content type : application/json
-
Changed property
model(string)Added enum values:
authentik_stages_authenticator_email.authenticatoremailstageauthentik_stages_authenticator_email.emaildeviceauthentik_providers_ssf.ssfprovider
GET /sources/scim/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
-
PUT /sources/scim/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
-
PATCH /sources/scim/{slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
-
POST /authenticators/admin/static/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
user
- Added property
user(object)
-
GET /authenticators/admin/static/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for static authenticator devices
New required properties:
-
user
- Added property
user(object)
-
-
GET /authenticators/static/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for static authenticator devices
New required properties:
-
user
- Added property
user(object)
-
-
POST /core/tokens/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
GET /core/tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
-
GET /core/user_consent/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
POST /core/users/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/jsonNew required properties:
-
password_change_date
- Added property
password_change_date(string)
-
GET /core/users/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
GET /flows/bindings/{fsb_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Changed property
re_evaluate_policies(boolean)Evaluate policies when the Stage is presented to the user.
- Changed property
PUT /flows/bindings/{fsb_uuid}/
Request:
Changed content type : application/json
- Changed property
re_evaluate_policies(boolean)Evaluate policies when the Stage is presented to the user.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Changed property
re_evaluate_policies(boolean)Evaluate policies when the Stage is presented to the user.
- Changed property
PATCH /flows/bindings/{fsb_uuid}/
Request:
Changed content type : application/json
- Changed property
re_evaluate_policies(boolean)Evaluate policies when the Stage is presented to the user.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json- Changed property
re_evaluate_policies(boolean)Evaluate policies when the Stage is presented to the user.
- Changed property
POST /policies/bindings/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
GET /policies/bindings/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > PolicyBinding Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
-
POST /policies/geoip/
Request:
Changed content type : application/json
-
Added property
check_history_distance(boolean) -
Added property
history_max_distance_km(integer) -
Added property
distance_tolerance_km(integer) -
Added property
history_login_count(integer) -
Added property
check_impossible_travel(boolean) -
Added property
impossible_tolerance_km(integer)
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Added property
check_history_distance(boolean) -
Added property
history_max_distance_km(integer) -
Added property
distance_tolerance_km(integer) -
Added property
history_login_count(integer) -
Added property
check_impossible_travel(boolean) -
Added property
impossible_tolerance_km(integer)
-
GET /policies/geoip/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > GeoIP Policy Serializer
-
Added property
check_history_distance(boolean) -
Added property
history_max_distance_km(integer) -
Added property
distance_tolerance_km(integer) -
Added property
history_login_count(integer) -
Added property
check_impossible_travel(boolean) -
Added property
impossible_tolerance_km(integer)
-
-
GET /rbac/permissions/assigned_by_roles/
Parameters:
Changed: model in query
GET /rbac/permissions/assigned_by_users/
Parameters:
Changed: model in query
GET /sources/all/
Parameters:
Added: pbm_uuid in query
GET /sources/kerberos/
Parameters:
Added: pbm_uuid in query
GET /sources/ldap/
Parameters:
Added: pbm_uuid in query
GET /sources/oauth/
Parameters:
Added: pbm_uuid in query
GET /sources/plex/
Parameters:
Added: pbm_uuid in query
GET /sources/saml/
Parameters:
Added: pbm_uuid in query
POST /sources/scim/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
-
GET /sources/scim/
Parameters:
Added: pbm_uuid in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > SCIMSource Serializer
-
Changed property
token_obj(object)Token Serializer
-
Changed property
user_obj(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
-
-
GET /stages/authenticator/validate/{stage_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
device_classes(array)Device classes which can be used to authenticate
Changed items (string):
Added enum value:
email
-
PUT /stages/authenticator/validate/{stage_uuid}/
Request:
Changed content type : application/json
-
Changed property
device_classes(array)Device classes which can be used to authenticate
Changed items (string):
Added enum value:
email
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
device_classes(array)Device classes which can be used to authenticate
Changed items (string):
Added enum value:
email
-
PATCH /stages/authenticator/validate/{stage_uuid}/
Request:
Changed content type : application/json
-
Changed property
device_classes(array)Device classes which can be used to authenticate
Changed items (string):
Added enum value:
email
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
device_classes(array)Device classes which can be used to authenticate
Changed items (string):
Added enum value:
email
-
GET /core/user_consent/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > UserConsent Serializer
-
Changed property
user(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
-
POST /flows/bindings/
Request:
Changed content type : application/json
- Changed property
re_evaluate_policies(boolean)Evaluate policies when the Stage is presented to the user.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json- Changed property
re_evaluate_policies(boolean)Evaluate policies when the Stage is presented to the user.
- Changed property
GET /flows/bindings/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > FlowStageBinding Serializer
- Changed property
re_evaluate_policies(boolean)Evaluate policies when the Stage is presented to the user.
- Changed property
-
GET /flows/executor/{flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonAdded 'ak-stage-authenticator-email' component:
-
Property
flow_info(object)Contextual flow information for a challenge
-
Property
title(string) -
Property
background(string) -
Property
cancel_url(string) -
Property
layout(string)Enum values:
stackedcontent_leftcontent_rightsidebar_leftsidebar_right
-
-
Property
component(string) -
Property
response_errors(object) -
Property
pending_user(string) -
Property
pending_user_avatar(string) -
Property
email(string) -
Property
email_required(boolean)
-
POST /flows/executor/{flow_slug}/
Request:
Changed content type : application/json
Added 'ak-stage-authenticator-email' component:
-
Property
component(string) -
Property
code(integer) -
Property
email(string)
Return Type:
Changed response : 200 OK
-
Changed content type :
application/jsonAdded 'ak-stage-authenticator-email' component:
GET /flows/inspector/{flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
plans(array)Changed items (object): > Serializer for an active FlowPlan
-
Changed property
next_planned_stage(object)FlowStageBinding Serializer
- Changed property
re_evaluate_policies(boolean)Evaluate policies when the Stage is presented to the user.
- Changed property
-
Changed property
current_stage(object)FlowStageBinding Serializer
- Changed property
re_evaluate_policies(boolean)Evaluate policies when the Stage is presented to the user.
- Changed property
-
-
GET /oauth2/access_tokens/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
GET /oauth2/authorization_codes/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
GET /oauth2/refresh_tokens/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
user(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
POST /stages/authenticator/validate/
Request:
Changed content type : application/json
-
Changed property
device_classes(array)Device classes which can be used to authenticate
Changed items (string):
Added enum value:
email
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json-
Changed property
device_classes(array)Device classes which can be used to authenticate
Changed items (string):
Added enum value:
email
-
GET /stages/authenticator/validate/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > AuthenticatorValidateStage Serializer
-
Changed property
device_classes(array)Device classes which can be used to authenticate
Changed items (string):
Added enum value:
email
-
-
PUT /core/transactional/applications/
Request:
Changed content type : application/json
-
Changed property
provider_model(string)Added enum value:
authentik_providers_ssf.ssfprovider
-
Changed property
provider(object)Added 'authentik_providers_ssf.ssfprovider' provider_model:
-
Property
name(string) -
Property
signing_key(string)Key used to sign the SSF Events.
-
Property
oidc_auth_providers(array)Items (integer):
-
Property
event_retention(string)
-
GET /oauth2/access_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
user(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
-
GET /oauth2/authorization_codes/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
-
Changed property
user(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
-
GET /oauth2/refresh_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json-
Changed property
results(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
user(object)User Serializer
New required properties:
-
password_change_date
- Added property
password_change_date(string)
-
-
-