`authentik` module options

authentik.applications
type: attribute set of (submodule)
default:

{ }

example:

authentik.applications = {
  grafana = {
    group = "Monitoring";
    description = "Grafana monitoring dashboard";
    icon = "https://example.com/grafana.png";
    accessGroups = ["admins" "monitoring-users"];
# OAuth2 provider configuration
oauth2 = {
  clientId = &#34;grafana&#34;;
  clientSecret = &#34;supersecret&#34;;
  redirectUris = [
    { url = &#34;https://grafana.example.com/login/generic_oauth&#34;; }
  ];
  launchUrl = &#34;https://grafana.example.com&#34;;
};

# Entitlements for in-app permissions
entitlements = [
  {
    name = &#34;Grafana Admin&#34;;
    groups = [&#34;grafana-admins&#34;];
  }
  {
    name = &#34;Grafana Editor&#34;;
    groups = [&#34;grafana-editors&#34;];
  }
];

};
wiki = {
name = "Internal Wiki";
group = "Documentation";
description = "Company documentation";
icon = "https://example.com/wiki.png&#34;;
accessGroups = ["employees"];
# Proxy provider configuration
proxy = {
  externalHost = &#34;https://wiki.example.com&#34;;
  basicAuth = {
    enable = true;
    username = &#34;email&#34;;
    password = &#34;uid&#34;;
  };
};

};
};

defined: module/applications.nix
description: Configuration for Authentik applications to be managed by Terranix.

authentik.applications.<name>.accessGroups
type: list of string
default:
```
[ ]
```
example:
```
<nil>
```
defined: module/applications.nix
description: Groups that can access this application
authentik.applications.<name>.description
type: string
default:
```
""
```
example:
```
<nil>
```
defined: module/applications.nix
description: A description of the application
authentik.applications.<name>.enable
type: boolean
default:
```
true
```
example:
```
<nil>
```
defined: module/applications.nix
description: Whether to enable this Authentik application definition.
authentik.applications.<name>.entitlements
type: list of (submodule)
default:
```
[ ]
```
example:
```
<nil>
```
defined: module/applications.nix
description: Entitlements for in-application permissions
authentik.applications.<name>.entitlements.*.groups
type: list of string
default:
```
[ ]
```
example:
```
<nil>
```
defined: module/applications.nix
description: Groups that have this entitlement
authentik.applications.<name>.entitlements.*.name
type: string
default:
```
<nil>
```
example:
```
<nil>
```
defined: module/applications.nix
description: The name of the entitlement
authentik.applications.<name>.extraConfig
type: JSON value
default:
```
{ }
```
example:
```
<nil>
```
defined: module/applications.nix
description: Extra attributes to pass directly to the authentik_application resource.
authentik.applications.<name>.group
type: string
default:
```
<nil>
```
example:
```
<nil>
```
defined: module/applications.nix
description: The group this application belongs to in the UI
authentik.applications.<name>.icon
type: null or string
default:
```
null
```
example:
```
<nil>
```
defined: module/applications.nix
description: URL or path to the application icon
authentik.applications.<name>.ldap
type: null or (submodule)
default:
```
null
```
example:
```
<nil>
```
defined: module/applications.nix
description: LDAP provider configuration
authentik.applications.<name>.ldap.baseDn
type: string
default:
```
<nil>
```
example:
```
<nil>
```
defined: module/applications.nix
description: Base DN for LDAP searches
authentik.applications.<name>.ldap.bindMode
type: one of "direct", "cached"
default:
```
"cached"
```
example:
```
<nil>
```
defined: module/applications.nix
description: LDAP bind mode
authentik.applications.<name>.ldap.searchMode
type: one of "direct", "cached"
default:
```
"cached"
```
example:
```
<nil>
```
defined: module/applications.nix
description: LDAP search mode
authentik.applications.<name>.ldap.tlsServerName
type: string
default:
```
<nil>
```
example:
```
<nil>
```
defined: module/applications.nix
description: TLS server name for LDAP
authentik.applications.<name>.name
type: string
default:
```
"‹name›"
```
example:
```
<nil>
```
defined: module/applications.nix
description: Display name of the application in Authentik.
authentik.applications.<name>.oauth2
type: null or (submodule)
default:
```
null
```
example:
```
<nil>
```
defined: module/applications.nix
description: OAuth2 provider configuration
authentik.applications.<name>.oauth2.backchannelLdap
type: null or (submodule)
default:
```
null
```
example:
```
<nil>
```
defined: module/applications.nix
description: LDAP configuration for backchannel authentication
authentik.applications.<name>.oauth2.backchannelLdap.baseDn
type: string
default:
```
<nil>
```
example:
```
<nil>
```
defined: module/applications.nix
description: Base DN for LDAP searches
authentik.applications.<name>.oauth2.backchannelLdap.bindMode
type: one of "direct", "cached"
default:
```
"cached"
```
example:
```
<nil>
```
defined: module/applications.nix
description: LDAP bind mode
authentik.applications.<name>.oauth2.backchannelLdap.searchMode
type: one of "direct", "cached"
default:
```
"cached"
```
example:
```
<nil>
```
defined: module/applications.nix
description: LDAP search mode
authentik.applications.<name>.oauth2.backchannelLdap.tlsServerName
type: string
default:
```
<nil>
```
example:
```
<nil>
```
defined: module/applications.nix
description: TLS server name for LDAP
authentik.applications.<name>.oauth2.clientId
type: string
default:
```
<nil>
```
example:
```
<nil>
```
defined: module/applications.nix
description: OAuth2 client ID
authentik.applications.<name>.oauth2.clientSecret
type: string
default:
```
<nil>
```
example:
```
<nil>
```
defined: module/applications.nix
description: OAuth2 client secret
authentik.applications.<name>.oauth2.launchUrl
type: string
default:
```
""
```
example:
```
<nil>
```
defined: module/applications.nix
description: URL to launch the application
authentik.applications.<name>.oauth2.redirectUris
type: list of (submodule)
default:
```
<nil>
```
example:
```
<nil>
```
defined: module/applications.nix
description: List of allowed redirect URIs
authentik.applications.<name>.oauth2.redirectUris.*.matchingMode
type: one of "strict", "startsWith"
default:
```
"strict"
```
example:
```
<nil>
```
defined: module/applications.nix
description: URI matching mode
authentik.applications.<name>.oauth2.redirectUris.*.url
type: string
default:
```
<nil>
```
example:
```
<nil>
```
defined: module/applications.nix
description: Redirect URI
authentik.applications.<name>.openInNewTab
type: boolean
default:
```
true
```
example:
```
<nil>
```
defined: module/applications.nix
description: Specifies if the application should be opened in a new tab.
authentik.applications.<name>.policyEngineMode
type: one of "any", "all"
default:
```
"any"
```
example:
```
<nil>
```
defined: module/applications.nix
description: Policy engine mode. - "any": Pass if any policy passes. - "all": Pass if all policies pass.
authentik.applications.<name>.protocolProvider
type: null or string
default:
```
null
```
example:
```
<nil>
```
defined: module/applications.nix
description: Reference to an existing provider. Use this only if you're not using the built-in provider options.
authentik.applications.<name>.proxy
type: null or (submodule)
default:
```
null
```
example:
```
<nil>
```
defined: module/applications.nix
description: Proxy provider configuration
authentik.applications.<name>.proxy.basicAuth.enable
type: boolean
default:
```
false
```
example:
```
<nil>
```
defined: module/applications.nix
description: Enable passing basic authentication to the proxied application
authentik.applications.<name>.proxy.basicAuth.password
type: string
default:
```
"password"
```
example:
```
<nil>
```
defined: module/applications.nix
description: User/group attribute to use for password
authentik.applications.<name>.proxy.basicAuth.username
type: string
default:
```
"username"
```
example:
```
<nil>
```
defined: module/applications.nix
description: User/group attribute to use for username
authentik.applications.<name>.proxy.externalHost
type: string
default:
```
<nil>
```
example:
```
<nil>
```
defined: module/applications.nix
description: External host URL for the proxy
authentik.applications.<name>.slug
type: string
default:
```
"‹name›"
```
example:
```
<nil>
```
defined: module/applications.nix
description: Internal slug for the application (e.g., for URLs). Defaults to the application's attribute name.
authentik.applications.<name>.tfResourceName
type: string
default:
```
"‹name›"
```
example:
```
<nil>
```
defined: module/applications.nix
description: Explicitly set the Terraform resource name. Defaults to the application's attribute name.
authentik.headers
type: attribute set of string
default:
```
{ }
```
example:
```
<nil>
```
defined: module
description: Additional headers to send with requests to Authentik.
authentik.host
type: string
default:
```
<nil>
```
example:
```
"https://auth.example.com/"
```
defined: module
description: The URL of your Authentik instance
authentik.insecure
type: boolean
default:
```
false
```
example:
```
<nil>
```
defined: module
description: Whether to allow insecure connections to Authentik.
authentik.outpostSettings
type: JSON value
default:
```
{ }
```
example:
```
<nil>
```
defined: module/outposts.nix
description: Global configuration to apply to all outposts
authentik.outposts.ldap.config
type: attribute set
default:
```
{ }
```
example:
```
<nil>
```
defined: module/outposts.nix
description: Additional configuration for the LDAP outpost
authentik.outposts.ldap.enable
type: boolean
default:
```
false
```
example:
```
<nil>
```
defined: module/outposts.nix
description: Whether to enable the LDAP outpost
authentik.outposts.ldap.name
type: string
default:
```
"LDAP Outpost"
```
example:
```
<nil>
```
defined: module/outposts.nix
description: The name of the LDAP outpost
authentik.outposts.ldap.providers
type: list of string
default:
```
[ ]
```
example:
```
<nil>
```
defined: module/outposts.nix
description: List of LDAP provider IDs
authentik.outposts.ldap.tfResourceName
type: string
default:
```
"ldap"
```
example:
```
<nil>
```
defined: module/outposts.nix
description: The Terraform resource name for the LDAP outpost
authentik.outposts.proxy.name
type: string
default:
```
"authentik Embedded Outpost"
```
example:
```
<nil>
```
defined: module/outposts.nix
description: The name of the Proxy outpost
authentik.outposts.proxy.providers
type: list of string
default:
```
[ ]
```
example:
```
<nil>
```
defined: module/outposts.nix
description: List of proxy provider IDs for the embedded outpost
authentik.outposts.proxy.tfResourceName
type: string
default:
```
"embedded-outpost"
```
example:
```
<nil>
```
defined: module/outposts.nix
description: The Terraform resource name for the embedded outpost
authentik.outposts.radius.config
type: attribute set
default:
```
{ }
```
example:
```
<nil>
```
defined: module/outposts.nix
description: Additional configuration for the RADIUS outpost
authentik.outposts.radius.enable
type: boolean
default:
```
false
```
example:
```
<nil>
```
defined: module/outposts.nix
description: Whether to enable the RADIUS outpost
authentik.outposts.radius.name
type: string
default:
```
"RADIUS Outpost"
```
example:
```
<nil>
```
defined: module/outposts.nix
description: The name of the RADIUS outpost
authentik.outposts.radius.providers
type: list of string
default:
```
[ ]
```
example:
```
<nil>
```
defined: module/outposts.nix
description: List of RADIUS provider IDs
authentik.outposts.radius.tfResourceName
type: string
default:
```
"radius"
```
example:
```
<nil>
```
defined: module/outposts.nix
description: The Terraform resource name for the RADIUS outpost
authentik.token
type: null or string
default:
```
null
```
example:
```
"your_token_here"
```
defined: module
description: The token for your Authentik instance, or null to use the AUTHENTIK_TOKEN variable.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`authentik` module options

FilesExpand file tree

options.md

Latest commit

History

options.md

File metadata and controls

authentik module options

`authentik` module options