Providers
A Provider is an authentication method, a service that is used by authentik to authenticate the user for the associated application. Common Providers are OpenID Connect (OIDC)/OAuth2, LDAP, SAML, and generic proxy provider, and others.
Providers are the "other half" of applications. They typically exist in a 1-to-1 relationship; each application needs a provider and every provider can be used with one application.
Applications can use additional providers to augment the functionality of the main provider. For more information, see Backchannel providers.
You can create a new provider in the Admin interface, or you can use the Application wizard to create a new application and its provider at the same time.
Refer to the documentation for each provider:
🗃️ OAuth2 Provider
2 items
📄️ SAML Provider
This provider allows you to integrate enterprise software using the SAML2 protocol. It supports signed requests and uses property mappings to determine which fields are exposed and what values they return. This makes it possible to expose vendor-specific fields.
🗃️ Google Workspace Provider
2 items
🗃️ LDAP Provider
1 item
🗃️ Microsoft Entra ID Provider
2 items
📄️ RADIUS Provider
You can configure a Radius provider for applications that don't support any other protocols or that require Radius.
🗃️ Proxy Provider
3 items
📄️ SCIM Provider
SCIM (System for Cross-domain Identity Management) is a set of APIs to provision users and groups. The SCIM provider in authentik supports SCIM 2.0 and can be used to provision and sync users from authentik into other applications.
🗃️ RAC (Remote Access Control) Provider
1 item
🗃️ Property Mappings
1 item
You can also create a SAML provider by uploading an SP metadata XML file that contains the service provider's configuration data. SAML metadata is used to share configuration information between the Identity Provider (IdP) and the Service Provider (SP). An SP metadata XML file typically contains the SP certificate, the entity ID, the Assertion Consumer Service URL (ACS URL), and a log out URL (SingleLogoutService).